The FCA has issued a booklet – and launched a webcast – to assist consumer credit firms in assessing the adequacy of financial crime systems and controls.
It provides a high-level guide to financial crime for firms for which the FCA is responsible for supervising, and sets out examples of good and poor practice for businesses under the Money Laundering Regulations 2007 (MLRs), as relevant to consumer credit businesses. It also provides guidance to firms on steps to reduce financial crime risk. High-level guidance is provided on the following points along with some pertinent self-assessment questions:
Risk assessment: Requirements must be proportionate to the nature and scale of the firm’s activities and the way in which transactions are conducted. Have the main financial crime risks been identified and is the risk assessment up to date?
Policies and procedures must be up to date, appropriate to the business, readily accessible, effective and understood by all staff. What steps are in place to ensure that staff understand policies and procedures and how to report a suspicious transaction?
Governance: Senior management must be aware of the financial crime risks to the firm and actively engage in the approach taken to the risk. How are senior management kept up to date on financial crime issues?
Staff awareness: Staff must have the necessary knowledge to carry out their functions effectively. Is there access to training on an appropriate range of financial crime risks?
Data security: Policies and appropriate systems and controls must be in place to ensure customer data is kept safe. Importantly, how are suppliers of outsourced services monitored to ensure they treat customer data appropriately?
Customer due diligence must be undertaken so that the customer, and its beneficial owner where applicable, is identified and the identity verified. How are issues that are flagged up in the process followed up and resolved?
Enhanced due diligence must be carried out where there is a higher risk of money laundering. What involvement do senior management or committees have in approving high-risk customers?
Ongoing monitoring and suspicious activity reporting: Transactions must be scrutinised to ensure they are consistent with what a firm knows about the customer. How are transactions monitored to spot potential money laundering? How are unusual transactions reviewed and how does a firm decide whether behaviour really is suspicious?
Record keeping: Evidence of a client’s identity must be kept for five years after the business relationship ends. The same period applies for transactional documents. Can records be retrieved promptly in response to a regulatory or law enforcement request?
To be best placed to prove the adequacy of their financial crime system and controls firms should have: appropriate, continuous risk assessments; clear written policies and procedures which are applied consistently and effectively and are regularly reviewed and updated; clear allocation of responsibilities; senior management that demonstrates leadership in relation to the financial crime risks to the business; and staff that understand the issues and their roles.
Author Greg Standing is a partner at Gowling WLG