Regulation spotlight: FCA kicks off 2023 by penalising banks for inadequate AML risk management systems
If you thought the FCA would back off following a raft of heavy fines imposed for breaches relating to anti-money laundering (AML) systems and controls in 2022 - think again.
Doubling down on efforts to reduce and prevent financial crime, the regulator has started 2023 the way it means to go on by issuing several multi-million pound enforcement actions in the first few weeks of the new year.
FCA principle 3 – Management & Control
The enforcements taken so far this year centre on failures under Principle 3 of its handbook – Management & Control. This requires that banks and financial service providers take reasonable care to organise and control their affairs responsibly and effectively, with adequate risk management systems.
It’s worth noting the FCA doesn’t require an incident of money laundering to have actually occurred in order to take enforcement action under Principle 3. The requirement is simply that management and control failures have the potential for money laundering risk.
Let’s take a look at four common failings, and examples of best practice responses from the financial service industry…
Best Practice AML Risk Management Systems
- Insufficient Onboarding intelligence
The FCA requires firms to apply appropriate Know Your Customer (KYC), customer due diligence (CDD) and enhanced due diligence (EDD) measures when establishing new commercial relationships. KYC is the backbone of a robust AML control framework. Shortcomings in KYC, CDD and EDD at onboarding stage negatively impact the robustness of risk management controls throughout the customer lifecycle.
Santander is shining example of a bank that has fully committed to plugging the highly publicised gaps in its AML controls at onboarding stage, to ensure they meet the FCAs high standards for compliance and risk management. Santander created a fully digital onboarding process that streamlines the customer experience, whilst ensuring all necessary KYC, CDD and EDD checks are performed by surfacing connected intelligence from billions of validated and verified third party data sources.
Not only does this mean Santander complies with Principle 3, but they also meet demanding CX expectations. Santander has successfully reduced time to onboard 75% of complex customers from the previous 14-21 days, to just five days.
- Inadequate continuous monitoring
Unfortunately, there is still a strong reliance on periodic reviews and manual approaches across the financial services industry, leaving banks and financial institutions at risk of failing to meet FCA expectations regarding ongoing monitoring – whether that be of customers or the supply chain.
If an FSI lacks complete real-time transparency and visibility over its entire supply chain ecosystem, then unidentified material changes can breach regulatory and legal compliance.
SPW harnesses a multitude of official and third-party sources to provide a real-time, accurate and contextualised view about any supply chain organisation, large or small. SPW monitors 366 3rd, 4th, and 5th party suppliers daily, 160 of which support its critical business process. Layered over this rich real-time business intelligence SPW harnesses a rules engine customised to the unique visibility needs of its supply chain. Using 28 bespoke rules it automatically spots specific risk triggers - including non-compliance with regulations, increased debtor days, directorship changes, UBOs, insolvencies, changes in credit score, Delphi score reductions, and potentially high-risk countries and/or industries – to always achieve a mission control view over its entire supply chain ecosystem.
- Lack of prompt action
A common failure is the inability to spot and act on red flags immediately. To ensure compliance with Principle 3, banks and FSIs need their compliance teams to be automatically notified of changes to clients’ credit scores, adverse media, CCJs, Gazette notices, adverse director history, PEPs and sanctions lists and more. This ensures they are not only protected from exposure to unnecessary AML risks, but that they can remediate risks quickly and efficiently.
Metro Bank has taken a revolutionary tech-driven approach to bringing compliance and KYC into the forefront of its business and commercial banking activities. Abandoning analogue processes in favour of a data-driven approach, Metro Bank knows more, knows sooner, and saves valuable time in the process - finding 14% more critical risk issues and reducing the average case time from 200 minutes to 8 minutes (a 94% improvement).
- Failure to align process to policies
To be fully compliant with FCA rules and money laundering regulations, a bank's or FSI’s processes also need to match their policies.
In response, many banks and FSI’s have integrated a rules-based decision engine to automate KYC and AML checks and achieve complete customised control of their compliance with Principle 3. One such institution is Metro Bank, who have implemented policies with a decision engine for faster, automated KYC, AML, and credit checks.
Metro Bank combines everything it knows about its customers, business, and market, and leverages an advanced decision engine that ingests millions of structured and unstructured data points to layer on top of that know-how. This approach quickly delivers the impactful insights and risk intelligence needed for next-generation prospecting, customer monitoring and engagement, advanced onboarding, and ongoing assessment of portfolio risks and opportunities.
By aggregating data from a multitude of different sources and mapping that intelligence to its risk appetite-based rules framework it can flag issues immediately and deliver an onboarding process that is 94% faster than previously achieved.
Don’t risk finding yourself in the glare of the FCA’s spotlight
The FCA has made it clear - there is simply no excuse for a failure to comply with money laundering rules and regulations. If you’re interested in learning how FullCircl can deliver complete confidence in your KYB and AML risk management systems, please get in touch.