Is your firm potentially at risk of being a vehicle for financial crime?
16th November 2021 by Brielle Hewitt
Addressing the actual cost of operational negligence in the financial industry.
This week in the financial sector, Brokers are under scrutiny again. The Financial Conduct Authority has served a final notice and fine for negligence due to deficient anti-money laundering systems and controls. This has resulted in substantial fines for the firm in question to the tune of £642,000 and has caused apparent reputational damage to a business that prides itself on being an award-winning, risk-focused organisation.
The FCA is putting pressure on firms to get their financial crime surveillance right. This is not just in the initial Know your Client (KYC) onboarding process but in the process of continued oversight once clients are established, especially in brokerage firms as they see so much of the market. Another broking firm was fined £178,000 in May 2021 as part of the same investigation, and a large European bank was fined £168 million in 2017 for similar failings. Most alarmingly, these fines relate to instances of misconduct in 2012 through 2018, well before the majority of the industry was working remotely. The FCA has been vocal about expecting firms to have adequate controls and systems in place that ensure effective monitoring and oversight, especially with the increased risk presented by remote and hybrid working. What is brewing is a perfect storm of operational ineffectiveness, with little steer from the principal-based regulator on how to solve many of the substantial operational compliance and risk mitigation problems that firms are now facing.
Excerpts from the FCA’s final notice detail the full extent of negligence as follows:
“[The firm’s] staff had in place inadequate systems and controls to identify and mitigate the risk of being used to facilitate fraudulent trading and money laundering concerning business introduced by four authorised entities. In addition, [the firm’s] staff did not exercise due skill, care, and diligence in applying AML policies and procedures and failing to properly assess, monitor, and mitigate the risk of financial crime related to the [Group] business.”
The notice highlights the relevant Money Laundering Regulations (8) and regulatory provisions that were not adhered to:
The Money Laundering Regulations 2007 Regulation 8 provides:
Ongoing monitoring
- “(1) “A relevant person must conduct ongoing monitoring of a business relationship.
- (2) Ongoing monitoring” of a business relationship means—
- (e)scrutiny of transactions undertaken throughout the course of the relationship (including, where necessary, the source of funds) to ensure that the transactions are consistent with the relevant person’s knowledge of the customer, his business and risk profile; and
- (f) keeping the documents, data or information obtained for the purpose of applying customer due diligence measures up-to-date.
- (3) Regulation 7(3) applies to the duty to conduct ongoing monitoring under paragraph (1) as it applies to customer due diligence measures. “
RELEVANT REGULATORY PROVISIONS
In exercising its powers to impose a financial penalty, the Authority has had regard to the relevant regulatory provisions published in the Authority’s Handbook. The main provisions that the Authority considers relevant are set out below:
- 2.6 SYSC 3.2.6R provides:
- “A firm must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime.”
- 2.7 SYSC 6.1.1R provides:
- “A firm must establish, implement and maintain adequate policies and procedures sufficient to ensure compliance of the firm including its managers, employees and appointed representatives (or where applicable, tied agents) with its obligations under the regulatory system and for countering the risk that the firm might be used to further financial crime.”
- 2.8 SYSC 6.3.1R provides:
- “A firm must ensure the policies and procedures established under SYSC 6.1.1 R include systems and controls that:
- (1) enable it to identify, assess, monitor and manage money laundering risk; and (2) are comprehensive and proportionate to the nature, scale and complexity of its activities.”
- “A firm must ensure the policies and procedures established under SYSC 6.1.1 R include systems and controls that:
- 2.11 SYSC 9.1.1 R provides:
- “A firm must arrange for orderly records to be kept of its business and internal organisation, including all services and transactions undertaken by it, which must be sufficient to enable the appropriate regulator or any other relevant competent authority under MiFID or the UCITS Directive to monitor the firm’s compliance with the requirements under the regulatory system, and in particular to ascertain that the firm has complied with all obligations with respect to clients.”
Katharine Leaman, Director and Regulatory Specialist at Leaman Crellin shares her thoughts on the matter:
“On the back of the Gloster report the FCA has retrained its people on fraud and how to identify potential fraud so will now be keen to demonstrate that training has been effective by pursuing more fraud cases. FCA expects brokers to be using their market monitoring to identify not just potential market abuse, but also potential fraud and financial crime. This is difficult to get right as there are different skill sets involved in identifying market abuse, fraud and financial crime. Even the larger firms find this a challenge, just look at the Deutsche fine for financial crime where their Moscow office was unable to introduce an effective automated trade surveillance system because of a lack of resources.”
The more significant issue raised is how far the net has to be cast when it comes to oversight and monitoring and how it can be facilitated compliantly, respectfully, efficiently and cost-effectively? There is an uphill battle to be had for many firms trying to understand who, what, and how much oversight and monitoring needs to take place, let alone how this can be afforded and delivered in a way that makes business sense. However, this does not stop the FCA from subsequentially throwing the rule book at firms. This has and continues to place many firms between a rock and a hard place.
Sean Morgan, Commercial Director and Regulatory Lead at Fingerprint states:
“This ‘Negligence’ Final Notice is seeming subtle, yet big shift from the FCA who are now enforcing the SYSC Monitoring and Supervision causes but focusing on the ‘HOW are you managing your business?’ instead of the ‘what has your business been doing? approach”.
What is evident from these prosecutions, is how much importance the FCA is placing on for Firms to know all and to continue to know all across their entire operation. From the entirety of their staff’s activities and interactions to their client’s business dealings and backgrounds, through to their service provider’s risk profiles and more. Any individual or business that a firm is connected with must be effectively risk profiled, compliantly onboarded, and continuously overseen and monitored to ensure that there is no potential risk of wrongdoing, misconduct or even financial crime – otherwise, you may find your firm being made an example of. Unfortunately, this is what has happened for those firms that have been prosecuted, and their continued business growth and their staff members will most probably pay the price for years to come, far past the initial fines.
The answer to mitigating these risks and supporting regulatory compliance is in technology. Multiple technologies in the UK’s thriving RegTech market can support compliance functions to run effective and efficient monitoring programmes. Of course, we will plug our own technology platform, Fingerprint Supervision, but we are one of many out there.
When it comes to weighing up the cost of implementation and continued maintenance of these technologies, the price for these established platforms are minuscule in comparison to the potential cost to business and reputation if the FCA does find that your firm’s oversight and monitoring is inadequate. Many technology firms are working together to provide joined-up, holistic monitoring solutions – it seems a no brainer to invest time and energy to implement a technology solution to ensure your business is protected and compliant.
Speak to our expert team today about how our communications monitoring and compliance workflow platform, Fingerprint Supervision, can revolutionise your communications monitoring programmes and connect seamlessly with your existing or planned trade and transaction monitoring and reconstruction systems – hello@fingerprint-supervision.com