Anti-money laundering (AML) and counter-terrorism financing (CTF) compliance is an ongoing task that can be costly and time-consuming for financial services firms in the UK and EU. It can also be hard to measure its effectiveness. Financial institutions don’t tend to share information about their compliance procedures or challenges, making it difficult to benchmark your processes against similar organisations.
That is why we created the fscom Fincrime Compliance Report, to provide insight into the compliance challenges financial services firms like yours are facing. The aim of the report is to:
- identify and report on any new challenges;
- share how findings compare year-on-year;
- highlight areas where firms are still not meeting regulatory requirements; and
- offer practical guidance and recommendations on how to address key issues.
This article summarises the report’s findings and explains how fscom can help you address issues in the five key areas highlighted in the report.
In this article, we cover:
- Report methodology and definitions
- 4 key financial crime compliance statistics
- Financial crime compliance statistics year-on-year
- How to mitigate risk within the five most affected review and testing areas
- How fscom can help
Download the full report here. If you’d like to learn more about how fscom can support your AML and CTF compliance, get in touch and we’ll set up a call.
Report methodology and definitions
The statistics in the report are based on the high and low-impact findings identified across 71 audit reports completed between July 2023 and June 2024. We recorded 341 findings, 91 of which we identified as high impact, 250 as low impact.
Note: When we talk about ‘impact’, we are referring to two factors: the level of compliance and the impact the finding is likely to have on the firm. While the level of compliance is generally a static rating, the impact score will depend on factors such as an organisation’s size, business model, and customer profile.
4 key financial crime compliance statistics
- Every audit revealed areas that needed attention: We recorded an average of 4.80 findings per audit.
- Findings are on the rise in some areas but the overall impact is lower than last year: Findings related to whole firm risk assessments (WFRA), suspicious activity reporting (SAR), and AML increased by over 100%. But, across all categories, the increase is relatively low (less than 1% year-on-year) and the number of high-impact findings has reduced.
- Compliance monitoring has the highest concentration of high-impact findings: We identified 20 high-impact findings, which is nearly 50% higher than the second area with high-impact findings — periodic and event-driven reviews.
- Compliance monitoring programmes (CMPs) are often not fit for purpose: Many firms do not have an adequate level of assurance regarding the effectiveness of their AML and CTF controls.
Financial crime compliance statistics year-on-year
While we identified high and low-impact findings amongst all 14 of the primary areas for review and testing, the following five areas have seen the most significant changes year on year:
The below table shows you how all 14 areas have changed from 2023 to 2024, with key differences highlighted in yellow:
How to mitigate risk within the five most affected review and testing areas
The findings from the top five affected areas account for over 50% of the findings. So addressing discrepancies in your processes here will help ensure compliance overall. Below is a summary of the advice relating to each key area. For more detailed guidance, please see the full report.
1. Whole firm risk assessment
We uncovered issues around the lack of adequately detailed proliferation-financing risk assessments and granularity in firms’ WFRAs and their underlying methodologies. To ensure the success of your methodology, we recommend asking yourself questions, such as:
- Have you considered and documented your risk appetite for ML, TF, and proliferation financing risk exposure?
- Do you have a clear plan for remediating highly rated risks?
2. Compliance monitoring
The approach to compliance monitoring will depend on the size and nature of your business. However, certain elements should be consistent across all plans. For example, you should:
- scrutinise and test each area of your AML framework;
- consider how you will log and monitor the output of any tests; and
- revisit your WFRA when you have evidence, backed by data, regarding its mitigating controls and make changes accordingly.
3. Periodic and event-driven reviews
Periodic account reviews should include:
- the frequency of the review and whether it is risk-based;
- who is responsible for conducting reviews, and whether this is risk-based; and
- what a review should entail.
Further, to enhance transparency and clarity in event-driven reviews, you should explicitly outline the triggers that might initiate these reviews and provide guidance on whether an event-driven review is sufficient.
4. Customer due diligence (file testing)
Since the cornerstone of any successful AML framework relies on how well you know your customers, firms should ensure exemplary CDD files at all times. You can achieve this by:
- implementing robust CDD (and EDD) policies and procedures based on your target client base;
- training first-line-of-defence staff; and
- having a periodic and event-driven review process in place to ensure Know your Customer/Business (KYC/KYB) information is updated.
5. Politically exposed persons, sanctions, and adverse media screening
During each audit, we test a firm’s screening tools by running known politically exposed persons (PEPs) and sanctioned individuals and entities through their screening solutions. In nine cases, known PEP or sanctioned individuals/entities went unflagged.
Even if you use third-party screening tools, you still bear the responsibility for blocking sanctioned individuals to prevent financial and economic crime. So you must be proactive and conduct EDD to mitigate risks. We recommend writing periodic testing of screening tools into your CMPs and scrutinising the output for deficiencies.
The battle against financial crime is ongoing. Here’s how fscom can help
At fscom, we help regulated financial firms operating in the United Kingdom and Ireland ensure they have the systems and processes in place to combat financial crime at every possible touchpoint. Here’s how we can help you address issues in the five key areas identified above:
1. Writing, reviewing, and helping you implement your WFRA
Whether it is creating new or developing existing AML policies or procedures, we offer support in drafting and implementing this documentation. We can also review policies against regulations and provide guidance and best practices to reflect changes in your firm’s environment or offerings.
2. Developing policies and procedures for compliance monitoring
As regulatory compliance experts, we have extensive experience in facilitating the development and execution of a compliance monitoring framework for our clients. We can help you develop policies and procedures and offer guidance on how to set up and document transaction monitoring systems.
3. Conducting targeted client reviews
We offer targeted AML reviews and financial crime audits. This includes not only reviews of your AML, CTF and CPF but also your AML compliance and risk management as it relates to tax evasion, fraud, bribery and corruption.
4. Customer due diligence remediation
Our experts have successfully led large-scale CDD remediation projects for some of the largest organisations in the world. We will take steps to address any CDD shortfalls and assess your onboarding procedures to find root cause solutions, rather than temporary fixes.
5. Performing risk assessments and stress tests
We will analyse where you’re most vulnerable to risk and then help you test various scenarios, which we can either perform for you or provide an outline so you can test them in-house. We can even partner with specialised firms for more technical testing support, like an IT specialist firm to help with stress testing.
If you’d like to explore how fscom can help you with your compliance across any of the areas mentioned above, or any other regulatory requirements, please get in touch and we’ll set up a call.
