The FCA has recently conducted a review of financial crime controls at a sample of six challenger banks in order to identify the key financial crime risks to which such banks are exposed. The review was prompted by a substantial increase in the volume of Suspicious Activity Reports (SARs) filed by challenger banks.
Whilst the FCA considers that the financial crime risks faced by challenger banks are similar to those faced by traditional retail banks, it identified several areas of improvement specific to challenger banks (see our summary table below). The FCA noted that all firms subject to the Money Laundering Regulations should have comprehensive controls in place to identify and assess money laundering risk, proportionate to the nature of the firm’s activities.
In particular, the FCA found that:
- challenger banks’ desire to open accounts very quickly runs the risk of gathering insufficient information to identify customers that present a higher financial crime risk.;
- challenger banks must take steps to improve their CDD, risk assessment frameworks and financial crime controls, especially as they grow to take on more customers and expand into new areas; and that
- improvements were often required in relation to transaction monitoring, SAR reporting, and notifications made to the FCA.
| Positive findings | Potential weaknesses identified by the FCA |
| Customer Due Diligence (CDD) | |
|
The FCA found evidence of good practice through the use of innovative technology to identify and verify customers at speed (e.g. video selfies and mobile phone geolocation data).
|
Weaknesses were identified in some banks’ CDD processes e.g. not obtaining customer income and occupation. This prevents the banks from sufficiently assessing the purpose and intended nature of the customer relationship, thereby providing an incomplete picture of the risk. |
| Some challenger banks were not consistently applying enhanced CDD and documenting it as a formal procedure to apply in higher risk circumstances (e.g. in relation to politically exposed persons) | |
| Policies and Procedures | |
| Most banks had stand-alone financial crime policies and procedures which were regularly updated and tailored to their financial crime risks. | Some banks were found to have no customer risk assessment frameworks, with certain other banks’ frameworks lacking sufficient detail. |
| Some banks’ control frameworks did not keep pace with changes to their business models due to inadequate oversight and slow implementation of changes to control frameworks. | |
| Transaction Monitoring | |
| Some of the challenger banks mitigated fraud risk by incorporating additional monitoring for known fraud typologies at the onboarding stage – and as part of account monitoring. | The FCA identified examples of inadequate handling of transaction monitoring alerts, including inconsistent and inadequate rationale for discounting alerts by alert handles and a lack of holistic review of the alerts. |
| Reporting | |
| There has been a substantial increase in the volume of SARs filed by challenger banks. |
The FCA found that the quality of SARs submitted needs improvement, for instance: · clarifying why activity/information appears suspicious; · specifying the circumstances giving rise to suspicions of money laundering; and · avoiding using SARs for the wrong purpose, e.g. to report fraud or provide information about other predicate offences. The FCA also identified instances of banks failing to notify it of significant financial crime control failures. |