The FCA’s recent Dear CEO letter reveals a regulator frustrated with the lack of compliance with some basic principles of money laundering regulations from retail banking firms. It’s a comprehensive list of areas where they see organisations failing to meet regulatory obligations or manage their anti-money laundering (AML) risks effectively.
With the increased focus on underlying offences such as human trafficking and the illicit wildlife trade, these weaknesses will only make it harder for organisations to meet regulatory expectations.
For those of us working in this space, I don’t think the FCA’s findings will come as a particular surprise. Similar themes have been repeated in enforcement notices and thematic reviews for years. Yet it seems many organisations are failing to implement effective controls and processes.
While this letter was addressed to the FCA’s retail banking portfolio, I’d recommend organisations in other sectors would be well advised to consider the following:
1. Without a clear understanding of the specific risks to your business, the application of a risk-based approach is almost impossible
In theory, a risk-based approach should allow you to focus your resources on areas of higher risk. But the risk-based approach is predicated on understanding and articulating where risks to your business exist and, therefore, how the controls you have in place help manage those risks. This is an area where organisations are struggling. As a result, demonstrating the effectiveness of your AML controls is very difficult.
2. There is a place for technology but it has to be fit for purpose and aligned to the risks it’s supposed to be mitigating
Technology is going to be a huge part of the way organisations manage their financial crime risks. But having technology for technology’s sake isn’t the answer. The FCA is critical of those organisations which adopt an ‘off the shelf’ transaction monitoring system without calibrating it to their specific products, services and customers. As firms look to enhance their existing systems with the adoption of new technology, it will be imperative to understand how that technology works and how it is aligned to the risks identified in the business-wide risk assessment.
Patience of the regulators is wearing thin
Global fines for AML failings topped $10bn in 2020 and this year has seen the FCA’s first criminal prosecution of a bank for alleged money laundering failures. We have seen an increasing number of licence restrictions applied by regulators too. More enforcement actions should be expected over the next 12-18 months and the Dear CEO letter gives a good idea what actions will be targeted.
If you want to discuss the approach to regulation and risk in your organisation, please get in touch.