Dear Chief Executive | Release Date: 29th June 2021
To read a shorter summary of this Dear Chief Executive letter, click here.
To access the original FCA document, click here.
Long Summary
In response to recent evaluations, the Financial Conduct Authority (FCA) has identified significant gaps across some retail banks regarding their financial crime systems and controls. Despite seeing instances of robust frameworks, a troubling number of common weaknesses persist, leading to regulatory interventions. This communication aims to delineate these weaknesses and to mandate specific actions needed to bolster anti-money laundering (AML) protocols.
Context and Importance of Effective AML Controls
The integrity of financial markets and the prevention of criminal activities heavily depend on stringent AML frameworks within financial institutions, especially in high-risk sectors like retail banking. Effective AML controls not only prevent the misuse of financial systems for laundering ill-gotten gains but also support in curtailing activities that finance terrorism and other criminal enterprises, thereby maintaining the overall economic health and security of the UK financial system.
Detailed Overview of Common Weaknesses
Governance and Oversight
Effective governance is crucial for managing financial crime risks. However, assessments show that responsibilities between operational (first line) and compliance (second line) roles are often unclear. This confusion leads to significant gaps in risk ownership and understanding, which impairs the ability of staff to identify and respond to financial crimes effectively. A robust three lines of defence (3LOD) model should clearly define and separate responsibilities to enhance risk management processes.
Risk Assessments
Business-wide risk assessments (BWRAs) frequently fail to capture or accurately evaluate the inherent financial crime risks specific to the business. This failure is often due to poor documentation of inherent risks and inadequate evaluation of the control environment, which are crucial for determining the residual risk profile of the firm.
Due Diligence
Problems in executing Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) are prevalent, with many firms failing to properly ascertain the source of wealth (SOW) and source of funds (SOF). Proper due diligence requires not only collecting but also verifying information to ensure the legitimacy of customer wealth and the origins of their funds, particularly for high-risk customers, including Politically Exposed Persons (PEPs).
Transaction Monitoring
Transaction monitoring systems often do not align with the specific operational needs of the UK entities, particularly for subsidiaries of foreign corporations. These systems require calibration to accurately reflect the business activities and customer base of the specific entity, ensuring all transactions are monitored appropriately and effectively.
Suspicious Activity Reporting
The process for raising internal Suspicious Activity Reports (SARs) is often inadequately defined or understood. Training and procedural clarity are needed to ensure that potential financial crimes are effectively identified, investigated, and reported.
Required Actions for Compliance Enhancement
Comprehensive Review and Gap Analysis
Retail banks must undertake a detailed review of their AML controls by 17th September 2021, identifying any gaps relative to the weaknesses outlined in this letter. This analysis should inform robust corrective actions to ensure full regulatory compliance.
Enhancing Governance Structures
Banks are required to refine their governance structures to ensure clear demarcation and understanding of roles across different lines of defence. This clarity will empower employees to effectively manage and mitigate AML risks.
Strengthening Due Diligence Processes
CDD and EDD processes must be rigorously implemented with clear procedures for verifying SOW and SOF. These processes should be distinct and tailored to the risk profile of each customer, ensuring a comprehensive assessment of potential financial crime risks.
Optimising Transaction Monitoring Systems
Banks must ensure that their transaction monitoring systems are properly calibrated to the specific needs of their UK operations. This includes adjusting system thresholds and parameters based on detailed risk assessments and regular testing.
Improving Training and Reporting Processes for SARs
Institutions must enhance training programs to clarify the procedures for reporting suspicious activities internally. This includes ensuring that all personnel understand the mechanisms for reporting and the processes for investigating and escalating potential financial crimes.
Conclusion and Regulatory Oversight
The FCA will continue to monitor the actions taken by retail banks in response to this directive. Future regulatory engagements will assess the implementation of required actions, and banks should be prepared to demonstrate their compliance enhancements. Failure to address these issues may result in significant regulatory interventions, including enforcement actions. This initiative underscores the FCA’s commitment to upholding the integrity of the financial system through stringent oversight and regulation of AML practices within the UK banking sector.