The Financial Crime Guide is a key source of information and advice for regulated financial services firms under the Financial Conduct Authority’s supervision. The regulator has recently launched a consultation around a series of proposed changes to the guide, which would bring new requirements for financial services firms.
Partners in finCrime hosts, Evan McGookin and Richard Dunlop from fscom analysed the proposals and offered advice for firms in the podcast’s most recent episode. In this blog, we summarise some of the main takeaways from the consultation for UK companies.
What is the Financial Crime Guide?
The Financial Crime Guide provides practical assistance and information which applies to all regulated firms and those who are supervised by the Money Laundering Regulations (which includes cryptoasset businesses).
The guide is updated periodically but infrequently. Given the time that has elapsed since the last update, some of the newly proposed changes are simply catching up with regulatory developments brought in over the past few years. This includes:
- New references to cryptoassets and virtual asset service providers (VASPs), who now come under the FCA’s remit.
- References to the FCA’s Consumer Duty which requires companies to put consumers’ interests at the heart of all their activities. This has emerged as a priority for the regulator.
- References to the UK’s status in relation to the European Union, which has of course changed since the referendum in 2016.
None of these changes will be new information to firms. But elsewhere in the proposals are some more significant changes to three major areas:
1) Financial sanctions
Sanctions are very topical. A raft of them have been implemented by the UK following Russia’s invasion of Ukraine, and the FCA carried out an assessment of the sanctions’ controls and compliance of over 170 firms last year. The results of this assessment have led them to propose changes to chapter seven of the guide, including:
- More prescriptive guidance on a firm’s reporting requirements over sanction breaches by its third parties or customers (or in its own activities).
- New guidance on the governance arrangements required to oversee sanctions systems and controls, including senior management accountability.
- Public-private and private-private information sharing. This includes the requirement for effective management information to ensure firms effectively resource and monitor their sanctions screening and controls.
- Guidance on how to assess a firm’s sanctions’ risk exposure, including how to carry out sanctions risk assessments and what sources should be reviewed.
- Clarity on the expectations for firms using sanctions screening tools (often done by third-party vendors) and the role of customer due diligence in a sanctions risk mitigation framework.
- An expectation that firms oversee and understand any third-party sanctions screening tools they have brought in, including aligning them with the firm’s risk appetite and correctly calibrating them.
2) Proliferation financing
Firms have been obligated to identify and assess risks around proliferation financing since changes to the Money Laundering Regulations in 2022, and the FCA now proposes to align the Financial Crime Guide accordingly. Under the changes, firms should:
- Incorporate proliferation financing into their financial crime risk assessment. This comprises setting out the risks, understanding whether they have the controls to mitigate them, and assessing whether that aligns with their risk appetite.
- Consider the industries in which they operate, and the products and services firms are importing and exporting.
- Assess the jurisdictions in which they operate, and whether any are known for proliferation financing risk.
- Build proliferation financing into a firm’s customer risk assessment for a holistic rating of risk.
These controls should be proportionate. If a firm only does business with UK customers, it is far less likely to be exposed to proliferation financing risk. Whereas FX, international payments firms (or firms operating within or on behalf of industries more predisposed toward exposure to proliferation financing risk) may require a separate proliferation financing risk assessment.
3) Transaction Monitoring
The FCA proposes to add guidance to help firms with their adoption and maintenance of automated transaction monitoring systems. A firm may still have a manual-only process if it feels it can adequately capture its transaction risks. But for the many who have brought in a third-party monitoring system, the regulator has flagged examples of bad practices, such as:
- Poorly calibrated transaction monitoring systems.
- Inability to explain the rationale for rules and scenarios in a monitoring system.
- Failure to update the transaction monitoring system and its rules as the business grows in scale, clients and products change, and new jurisdictions are entered.
- Lack of verification that a counter-party firm is monitoring customer activity, for example in embedded finance or nesting relationships.
- Using an automated system without understanding what the system is detecting and why. This could be because of weak documentation, staff turnover, or poor communication with the vendor operating the system.
Ultimately, firms are required to consider the type of activities they carry out and decide the extent of their transaction risks, then calibrate the transaction monitoring tool and testing to identify and mitigate relevant risks.
Focus on automated third-party risk tools
One thing these proposed changes have in common is an expectation that firms do more to identify and mitigate financial crime risk, and to pay attention to the operation and oversight of third-party risk screening tools used to support this activity.
Off-the-shelf third-party risk management tools are widely used by financial services firms. Essentially, the FCA expects to see that firms using them think carefully and take ownership for them being operated effectively, and tailor them, to a firm’s business model and risks. Any financial services company should think carefully about onboarding these providers and manage the ongoing relationship.
What happens next?
The FCA has set out a series of questions in the consultation paper and firms have until 27 June to respond or to comment on the proposals. This can be done through an online form or in writing, and further information can be found here.
You can learn more about the proposals to update the Financial Crime Guide by listening to our Partners in finCrime podcast here.
How we can help?
fscom’s financial crime team can help you understand how these changes can impact your firm and assist you with reviewing and updating your financial crime framework to meet the requirements. In addition, whilst the proposed changes to the FCG are subject to consultation and not yet implemented, fscom is well placed to assist in providing you with assurance against current regulatory obligations, as part of our audit practice.
Please reach out to your fscom advisor today or contact us here directly.
