Fighting fraud and cybercrime more effectively: new FCA guidance

Out-Law Analysis | 18 May 2015 | 3:48 pm | 4 min. read

FOCUS: Firms may need to adjust the ways they tackle financial crime after the UK Financial Conduct Authority (FCA) issued fresh guidance to help them more effectively prevent offences such as bribery, corruption, money laundering and the funding of terrorism. 

Tackling financial crime is rising up the list of priorities for regulators, with the FCA using its 2015-16 business plan in March to highlight it as one of its areas of focus. The FCA has since updated its guidance (89-page / 479KB PDF) for firms on how to avoid financial crime, which means firms may have to adjust the ways in which they tackle a range of issues from bribery and corruption through to money laundering and financing terrorism.

The FCA’s updated guidance follows on from two reviews that looked at how 21 smaller banks managed their anti-money laundering (AML) systems and at the anti-bribery and corruption (ABC) systems used by 10 wholesale insurance intermediaries. While the two reviews focused on specific sectors, the regulator said its guidance would help firms across the financial services spectrum to strengthen their financial crime systems and controls.

In particular, the FCA wants firms to take a more proportionate and risk-based approach so that certain types of customer or whole sectors are not excluded from financial services. As an example, the regulator pointed to problems that innovative businesses have had in opening bank accounts, with some start-ups blaming banks’ AML regimes as a contributing factor. As well as financial technology companies, the regulator said that money transfer services and some charities had also faced difficulties.

The guidance covers management information; risk assessments; enhanced due diligence, and the identification of both sources of funds and sources of wealth. The broad spread of the recommendations highlights the need for teams covering different disciplines – from legal to compliance – to work together to address these challenges.

Under the revised guidelines, senior managers need to be given enough information so that they can understand the risks faced by their organisations, including an overview of the effectiveness of existing systems and controls, along with how emerging threats could have an impact. They also need to be told about the number and nature of new business relationships, particularly with potentially high-risk clients, as well as details of any business relationships that have been terminated over concerns surrounding financial crime.

Risk assessments also need to be carried out based on the products and services offered by the firm, the jurisdictions in which it operates, the types of customer it attracts, the distribution channels it uses, and the complexity and volume of its transactions. The FCA emphasise the need for such risk assessments to be proportionate and effective, highlighting the importance of drawing on more than one source of information and considering multiple risk factors together rather than in isolation.

When it comes to higher-risk situations such as those involving money laundering or terrorist financing, the regulator has laid out examples of the steps that need to be taken for enhanced due diligence (EDD). Finding out more information about the customer’s business, about who is giving or receiving the money, and about the customer’s reputation and standing in public life are all among the suggestions listed by the FCA, although the watchdog highlights the need for such measures to be proportionate and appropriate in each firm’s individual circumstances.

Analysing the source of a customer’s wealth and the source of the specific funds that they are using for a specific transaction are also identified as steps that should be taken as part of EDD. Establishing that the funds have not come from illegal activities and are not going to be used to finance terrorism are key concerns outlined in the revised guidance. Taking such steps is required when the customer is classified as a politically-exposed person (PEP).

Ten of the 20 respondents to the FCA’s consultation on its revised guidance raised concerns about the regulator’s definition of “source of funds”. At present, if there is a low risk of money laundering or terrorist financing then firms may assume that a payment from an account in the customer’s name with a regulated bank satisfies customer due diligence (CDD), which is sometimes called “source of funds as evidence of identity” and which complies with guidance issued by the Joint Money Laundering Steering Group (JMLSG), a body composed of trade associations from the financial services industry.

Respondents feared that such usage may not be possible under the new guidelines, but the FCA clarified that its comments on source of wealth and source of funds applied to high-risk situations, and that the JMLSG guidance is still applicable to low-risk customers.

Other respondents were concerned that the examples given in the FCA’s guidelines would be interpreted as being binding. But the watchdog explained that its examples had always been understood to be illustrative. To make this clear, the regulator spells out in the guide what firms “must” do to comply with regulations, what they “should” do to meet the expectations of the FCA and what they “may” do in order to follow examples of good practice.

One respondent expressed further worries over the administrative burden of the revised guidelines, which it said could drive businesses away from London to markets with less robust financial crime systems; the regulator dismissed this concern, pointing out that it expected firms to be proportionate in the way they assessed risk.

Concerns were also raised about the timing of the revised guidance, with two respondents asking for the changes to be delayed until the European Commission’s Fourth Money Laundering Directive (4MLD) is incorporated into UK law. The FCA said that the 4MLD was not expected to be transposed into law until the middle of 2017 and that it felt there was significant weakness within the system at present, leading it to act now rather than waiting. The regulator added that its revised advice would be consistent with the 4MLD and with the accompanying guidelines from the European Supervising Authorities.

David Heffron is a financial regulation expert at Pinsent Masons, the law firm behind