In a recent Dear CEO letter to retail banks, the FCA highlighted concerns over financial crime systems and controls. It noted that weaknesses in financial crime controls are sufficiently serious to have led to business restrictions, enforcement actions and skilled person appointments under a ‘section 166’.
Under section 166 of the Financial Services and Markets Act, the FCA has a power to require a firm and certain other persons to provide a report by a skilled person, or itself to appoint a skilled person to produce such a report.
In particular, the FCA has concerns about how firms conduct enterprise-wide risk assessments, which are a core component of any financial crime framework.
The FCA has identified some key areas of weakness:
- insufficient detail on the financial crime risks to which the business is exposed.
- where firms have considered and documented the inherent risks they have not adequately evidenced their assessment of the strength of the mitigating controls or recorded their rationale to support conclusions drawn on the level of residual risk exposure.
- UK branches and/or subsidiaries of overseas firms often had risk assessments completed at the group entity level which did not cover specific risks present in the UK.
This comes as no surprise to the retail banking sector, as we have continually seen weaknesses in financial crime risk assessments where controls have not been appropriately measured in respect of mitigating inherent risks. This comes from lack of understanding and a failure to rationalise the effectiveness of the controls against inherent risks.
Fincrime risk assessment
A financial crime risk assessment is the central pillar of a robust and effective financial crime framework. It brings to life the risks associated with a firm’s business model and, when approached correctly, enables an assessment of the controls and measures in place to mitigate the identified risks.
We are working with firms to develop robust approaches to enterprise-wide financial crime risk assessment. We have documented methodologies and toolsets that enable organisations to quickly and efficiently identify their financial crime exposure and crucially the controls that they have in place to mitigate risks.
In addition to our regulatory insight we have automated tools that can assist organisations to:
- Effectively capture and assess the inherent risks in their business whether by business unit, product or geography;
- Manage the process of conducting the risk assessment in a platform-based solution with a robust workflow; and
- Provide a single consistent methodology for assessing both inherent risk and also control effectiveness.
We have partnered with Arctic Intelligence and together we are able to offer automated solutions to organisations. They have also shared their views on the latest ‘Dear CEO’ letter.
We are open to discussing how we can help you in creating and maintaining effective financial crime risk assessments both at entity level and enterprise-wide level. Please feel free to reach out to Matthew Russell or Ben Luddington for more information.