Monitoring and Oversight of FI relationships – what firms can take away from the Barclays fine

Written By David Brain

Earlier this week the FCA issued Barclays with a Final Notice and a fine of £783,800 in relation to “oversight failings in its relationship” with the now liquidated payments firm, Premier FX. Following the FCA action, Barclays has also agreed to pay just over £10m to Premier FX’s customers who lost their funds when the company was liquidated.

Why were Barclays fined?

The 53-page Final Notice lists a plethora of failings over a seven-year period up to 2018. The issues are attributed to poor processes, poorly executed processes and instances where red flags were not followed up with appropriate questions. In short, Barclays processes didn’t enable it to establish or maintain a proper handle on the relationship’s financial crime risks or identify wider regulatory issues relating to the management of the firm and safeguarding of relevant customer funds.

The FCA said the oversight and monitoring failings in Barclays’ business relationship with Premier FX, amounted to a Breach of Principle 2 and as such, Barclays failed to “conduct its business with due skill, care and diligence”.

What can firms take away from the fine?

As the findings date back in some instances to 2011 it’s important to appreciate that Compliance standards have largely improved. That said, from experience there is a tendency for some firms to be lured into a false sense of security with regulated financial institution customers and have minimal oversight and monitoring of those relationships. Whilst in some situations operating a light touch approach to maintaining oversight and monitoring relationships is the pragmatic and proportionate thing to do, the judgement needs to be based on a well-informed understanding of the customers risk profile.

A proper understanding of FI customer risk starts with a comprehensive onboarding process and continues with proportionate ongoing review processes. Firms should ask themselves the following self-assessment questions regarding their ability to monitor and maintain sufficient oversight over FI customers.

Self-assessment questions for firms

Onboarding FI’s

  • Do you sufficiently understand the nuances of the FIs business model and their inherent risks to establish whether the FI is within risk appetite?

  • Is the purpose of each account the FI has requested to open understood and plausible?

  • Are there any red flags which suggest a poor culture i.e., leadership appearing to be disengaged with Compliance processes?

  • Is the firm acting within their regulatory permission or does their activity suggest otherwise (as in the case of Premier FX)?

  • Have you properly assessed whether the FI’s senior management is capable and committed to achieving Compliance with the relevant legal and regulatory requirements?

  • How have you got comfort that the FI’s Compliance and financial crime frameworks are adequate and proportionate to the nature, size and complexity of their activities?

  • Does the FI’s risk assessment appear to be robust – does it give you confidence that the FI understands its own risk profile?

  • Do you understand the makeup of the FI’s customer book – is this within your risk appetite?

  • Does your customer risk assessment appropriately factor in an FI’s inherent risk factors i.e., the products and services it offers, and jurisdictions covered or is it disproportionately weighted towards the FI’s regulated status?

  • Has senior management sign off been obtained, where required, prior to onboarding?

During the relationship with FI’s

  • Do the scope of FI audits enable you to identify relevant regulatory and financial crime risks consistently?

  • Do your staff have sufficient time to properly conduct each FI audit and challenge the information presented to them?

  • Are there SLAs in place to ensure you receive a response in a timely manner to information requests and queries?

  • Does your periodic review process enable Relationship Managers (or equivalent) to make well-informed, risk-based decisions on whether the relationship remains within risk appetite, compared to what the FI told you at onboarding?

  • Do your staff carrying out trigger event and periodic reviews sufficiently understand the FI’s business model and risk profile to be able to conduct meaningful transactional reviews?

  • Where the FI is subject to regulatory attention are you keeping appraised of the situation at each juncture to make risk-based decisions on the future of the relationship?

  • Does the MI you generate internally on the relationship enable senior management to maintain sufficient oversight?

  • If an FI is exited, do you have processes in place to ensure all related entities are reviewed and possibly exited across your group?

Please get in touch if you would like to discuss how we can help you manage risk across your FI customer book.


David Brain
Previous

Avyse Partners appoint Shaneca D’Aguilar-Rock as Consultant

Next

Operational resilience 1 April deadline– Senior Management and Board sign off