Matthew Russell reflects on Sarah Pritchard’s FCA speech on outcome based approach to financial crime
Do we have a targeted and outcomes-based approach to tackling financial crime?
In the first of what I hope to be regular blogs on all things financial crime-related here at Avyse, I wanted to reflect on Sarah Pritchard’s recent speech on the importance of a targeted and outcomes-based approach to tackling financial crime.
I don’t think anyone would argue too much with Sarah’s position on the regulator’s responsibilities (and achievements to date) in respect of this ambition: Pursuing more proactive measures that prevent financial crime (a robust authorisation process, early identification of red flags through the analysis of regulatory data, and collaboration with other agencies), while being assertive in its enforcement action where regulated parties do transgress (charging individuals, securing freezing orders, and fining firms), using technology wherever possible.
Where I hesitate though, is what do we mean by the phrase “a targeted and outcomes-based approach” in terms of those that are themselves regulated? Specifically, what are the actual outcomes that the regulated sector should be trying to achieve, and does it have the tools to target its efforts to this end?
Outcomes or inputs?
“As part of our outcomes-based mindset towards financial crime, we are sharing our approach, expectations and findings more publicly and more frequently than ever.”
Managing expectations is important, and Sarah quite rightly highlights the fact that the Financial Conduct Authority (FCA) has shared good and poor practice from five reviews of firms’ financial crime controls in the last 18 months alone. However, I would argue that the FCA’s focus is still on the inputs (what firms are doing and how they are doing it) as opposed to the outcomes (how effective these efforts are in reducing financial crime).
Given the focus of the regulatory requirements, the perennial challenge for the regulated sector is that the outcomes should be judged, in part, by the quality of the suspicious activity reports (SARs) that it sends. I would go further and suggest that the absence of this final feedback loop undermines the effectiveness of the risk-based approach to combatting money laundering and terrorist financing itself. Unfortunately, a combination of weaknesses in the SAR process and the time taken to prosecute (if at all), makes the provision of this critical data point unlikely, at least soon.
Furthermore, despite Sarah highlighting the importance of embracing technology, there is a risk that focusing too much on the inputs (and comparing practices across peer firms) may undermine efforts to be innovative. It is critical that regulated institutions can show to the FCA that they understand the financial crime risks that they may be vulnerable to and that they have designed and implemented controls that mitigate these risks. I am particularly looking forward to working with Sam Jarvis, using her experience of the Proactive Anti-Money Laundering Programme (PAMLP) at the FCA, to help clients with this critical storytelling, as well as giving them the confidence to do something different where it is right to do so. Look out for the webinar that we are hosting in October to hear more from Sam on this critical issue.
How can we better target our efforts when we have blunt instruments?
In the continued absence of prompt and quality feedback on the SARs submitted, perhaps we should look to the Wolfsberg Group’s criteria on effectiveness to reflect on the outcomes the regulator sector is delivering, as well as how its efforts are being targeted. To this end, is the FCA assessing the extent to which these efforts are aligned with the priorities set out in HM Treasury’s National Money Laundering and Terrorist Financing Risk Assessment?
Leaving aside for now the (in)frequency of the National Risk Assessment (this is a subject that I will come back to in a later post), there is also the question of whether the industry recognised method for conducting a business-wide risk assessment (BWRA) is fit for purpose, both in terms of digesting these insights and then calibrating the assessments for any subsequent changes. Too often, the preparation of the BWRA is a backward-looking exercise, like trying to drive a car by only looking through the rear-view mirror.
I have sympathy for organisations that are trying to navigate what can be extremely confusing terminology: What is the difference between a threat and a risk? Do I map my controls against risks or risk factors? And that is before we think about different risk weightings. As a regulated sector, we need to do better in this regard and those that know me will not be surprised that this will continue as one of my priorities in my new role at Avyse. Watch this space!
So going back to Sarah’s original proposition in relation to a targeted and outcomes-focused approach to financial crime. I agree that the regulator may have made some progress in this regard, but there is much more to be done by regulated firms to ensure that the considerable resources that they are investing in are being targeted in the right areas and that we are clearer on the outcomes that are being achieved.
We’d love to discuss how you define and measure the effectiveness of your financial crime framework. Get in touch.