My thoughts two weeks after returning from maternity leave
My thoughts on financial crime compliance, the economic crime plan, SARs and Companies House reform and what firms should be focusing on.
After a year on maternity leave I have been ‘catching up’ with all the changes in the anti-financial crime world. One of my big questions has been – what progress are ‘we’ making with the fight against financial crime? My conclusion, not a lot has changed! We’re still talking about SARs reform, better public-private partnerships, under investment of the NCA and other law enforcement agencies and quality (or lack of) data at Companies House. Perhaps naively I had been expecting more, given these conversations have been ongoing for over 10 years I should have known better.
Disappointingly, the Economic Crime Plan (2019 – 2022) has not achieved what it set out to (as detailed in the House of Commons Committee report on Economic Crime). Lord Agnew described the government’s inaction as “woeful” and “lamentable” in his recent resignation speech. Economic crime is increasing and there is a mismatch between the scale of the problem and the response from law enforcement, which is often fragmented. The pace of change is slow. For example, the Suspicious Activity Reports (SARs) reform programme is still ongoing and there is no timeline for completion.
The issues surrounding financial crime are complex and so we cannot attribute the ‘stalemate’ to any one factor. The COVID-19 pandemic has presented new opportunities for criminals to exploit changes in consumer behaviour and the vulnerable. New and emerging technologies are being exploited. Cryptocurrencies, for example, are increasingly being used for economic crime and fraud (more to come on this topic!). Law enforcement agencies and supervisors are under-resourced - I dare say there will be increasing expectations for regulated firms to do their job.
The key thing is for MLROs to focus on what they can control and put together a strong financial crime framework. The FCA’s “purposeful” AML speech from March last year and The Wolfsberg Group’s letter to FinCen should be used as a catalyst (if it hasn’t already) to focus on effectiveness and retire any old methods of financial crime prevention which are no longer fit for purpose.
Embed a robust anti-financial crime culture
In my view, this is the most crucial element of a robust financial crime framework but one of the hardest to change and measure
You should be clear on the firm’s values. They should demonstrate that you want to do the ‘right thing’
Your appetite for financial crime risk allows you to define your limits. Decision-making processes must pay attention to these. For example, risk acceptance (or not) of retaining a high-risk relationship if they cannot provide certain information. Decisions should not be driven by revenue alone
Tone from the top is vital - it should be communicated and reinforced across the firm. Senior management need to lead by example. Do the actions and language used by senior and middle management contribute positively to the culture?
Anti-financial crime indicators need to feed into performance management systems. For example, do you celebrate and reward the demonstration of the right behaviours and values?
Re-focus on real risks
This should be a continuous process leveraging internal and external information
Do you look at “real” risk or just “regulatory” risks? If you only frame things in terms of what you might get in trouble for, rather than how could criminal activity occur, you are probably missing a trick. Equally, are you doing things because “that’s the way it’s always been done” rather than focusing on the purpose it serves?
Senior management within the firm should be responsible for reviewing and challenging the outputs of the risk assessment - what is the risk assessment used for? If it isn’t driving anything it isn’t serving its purpose
Consider how the COVID-19 pandemic has impacted your risk profile and/or your control framework. How do you identify new or emerging financial crime risks? What consideration is given to the financial crime risks when designing new products and services?
Embrace technology
When combined with humans who have the right skills and capability, appropriate technology can transform the way firms manage financial crime risks
It is imperative you understand the technological infrastructure you have in place and the purpose it serves. This will enable you to assess if the risks you’ve identified can be adequately addressed. For example, is “point in time” screening adequate when compared with “continuous” screening?
Does the technology you deploy enable you to focus on your biggest risk areas? One measure to look at are your conversion rates – for example, what percentage of transaction monitoring alerts, become internal SARs? If the percentage is very low, the quality of the alerts is likely low and should prompt you to review your detection rules and scenarios.
Learn from the mistakes of others
Similar themes and issues get reported upon time and time again! The details of regulatory enforcement action, final notices and Dear CEO letters (even if the letter is aimed at firms outside your sector) need to be reviewed and considered. This may lead to a review of your financial crime framework and identify the need for control enhancements, including re-allocating resources to areas which need it most.
It’s great to be back from maternity and I’m really enjoying catching up with friends old and new. If you’d like a real or virtual coffee to talk about any of the above points do get in touch.
Rebecca
