FCA Reviews Financial Crime Controls, Finalizes D&I Disclosure Rules

Review on Financial Crime Controls. The review focused on six challenger banks that were relatively new to the market, primarily consisting of digital banks, and offered a quick and easy application process covering over 8 million customers. The review was conducted in response to concerns raised by UK’s 2020 National Risk Assessment of money laundering and terrorist financing (the NRA), that the criminals may be attracted to the fast onboarding process that challenger banks advertise, particularly when setting up money mule networks. The FCA review found that the challenger banks need to improve how they assess financial crime risk, with some failing to adequately check the income and occupation of their customers. In some instances, challenger banks did not have financial crime risk assessment frameworks in place for their customers. FCA set out the following key requirements:

• Customer risk assessment—Banks must have in place systems and controls to identify, assess, monitor, and manage money laundering risk and must keep its customer risk assessment framework updated so it reflects any changes to its business model and products.
• Enhance due diligence—Banks must ensure they identify and collect the relevant information needed to have a complete picture of all the financial crime risks, including fraud, associated with the customer relationship. Banks must comply with customer due diligence and enhance due diligence requirements.
• Financial crime change programs—Banks must have clear project plans for control enhancements outlining key milestones, accountable executives and delivery dates. In addition to the accountable executive, the Risk Committee, the Audit Committee and CEO should be involved in overseeing material developments to these programs.
• Transaction monitoring alert management—Banks must have adequate resources in place to holistically consider customers’ activity as part of its review of transaction monitoring alerts.
• Suspicious Activity Reports (SARs) submissions—Banks must provide relevant information and improve the quality of SARs that need to be submitted to UK Financial Intelligence Unit (UKFIU).
• Principle 11 Notification—Banks must fulfill their obligations under Principle 11 of the FCA Handbook to disclose reasonable information relating to the firm.

Rules on diversity and inclusion in financial services. In response to the consultation on diversity and inclusion (CP 21/24), a number of respondents argued that the range of targets should be expanded in future to include other categories such as those with a disability and those from a lower socio-economic background and that the FCA should set more ambitious targets. FCA proposed changes to an existing requirement in disclosure and transparency rules (DTR 7.2.8AR) on companies with board diversity policies to disclose details relating to that policy. These included explicitly referencing additional diversity aspects companies could consider in the context of their policies, such as ethnicity, disability, sexual orientation, and socioeconomic background, as well as extending reporting to diversity policies of key committees of the board (remuneration, audit, and nominations). FCA recognized the balance of support for proposed changes and stated that it is not mandating disclosure of diversity data in connection with DTR 7.2.8AR (the guidance encourages disclosure, where the issuer considers it appropriate). In-scope companies are required to make these disclosures in their annual reports for financial years starting on or after April 01, 2022.

Related Links

• Press Release on Financial Crime Controls
• Financial Crime Controls at Challenger Banks
• Press Release on Diversity and Inclusion
• Policy on Diversity and Inclusion (PDF)

Keywords: Europe, UK, Banking, Securities, AML CFT, Diversity And Inclusion, Disclosures, FCA Handbook, Digital Banks, Internal Controls, Operational Risk, FCA