This article was first published by Compliance Monitor on 5 March 2023.
“Stopping financial crime requires a collective effort...we will be more proactive in our supervision. Where we detect harm or UK-wide financial crime vulnerabilities, we will continue to share intelligence with our partners to enable a system-wide response”1; so stated the Financial Conduct Authority (FCA) when it published its three-year strategy in 2022. Last month, the FCA published a progress update and identified four key areas of focus for the agency in reducing and preventing financial crime going forwards (“the Report”).2
The Report poses various compliance questions for firms to consider in tackling money laundering and financial crime, notably relating to the threats and opportunities posed by new technology, the benefits of cross-firm collaboration and the importance of firms building and maintaining robust compliance systems and controls. Although the Report outlines the FCA’s areas of focus in reducing and preventing financial crime, it is clear that it expects regulated firms to do the heavy lifting.
Four areas of focus going forwards
The FCA’s four areas of focus are:
- Data and technology;
- Collaboration not just within the financial sector, but amongst all sectors, both public and private, and across borders;
- Consumer awareness; and
- Measuring effectiveness.
One of the key themes that emerges from its discussion of these topics is the use of technology by the FCA and regulated firms. The Report also warns that although technological progress is helping to improve financial crime detection, it is also leading to an increase in the scale and sophistication of cyber fraud and identity fraud, particularly as a result of criminals’ use of artificial intelligence. Regulated firms can get ahead of these developments by identifying and remediating weaknesses in their IT infrastructure and improving employee training.
The Report highlights the FCA’s use of synthetic datasets, which help model consumer behaviour whilst sidestepping some of the data privacy issues associated with using real customers’ data. Synthetic datasets are used by the FCA to identify potential sanctions breaches and increasingly by firms to help identify potentially fraudulent activity.
A second key theme is how firms utilise and leverage external expertise by working with peers and external service providers. The Report notes that privacy issues are cited by firms as key barriers to progressing innovative data projects and participating in data sharing initiatives – these concerns can be largely mitigated by the use of synthetic datasets. Firms should also ensure that their use of technology to combat fraud is consistent with industry best practice. If a firm is using third-party technology, it should be tailored to the firm’s specific risks. Further, risk assessments should be periodically reviewed and updated to capture new and emerging risks.
A final key theme is the importance of ensuring that firms’ anti-fraud and, anti-financial crime systems and controls more broadly, are reviewed and updated on a regular basis. The Report warns that firms need to “keep fine tuning their response” to attacks launched by increasingly sophisticated criminal groups, and warns against simply calibrating once and then to “‘plug and play’ forever”. Firms need to ensure that their anti-financial crime systems and controls are being constantly re-calibrated to identify the ever-evolving risks posed by criminals.
The FCA also advises firms to seek “outcome-based, measurable solutions” to fraud and money laundering, which will enable those firms to monitor and demonstrate that their anti-fraud efforts are having an impact. Firms should, therefore, ensure that information captured from their systems and, in particular, management information being provided to boards, is sufficiently granular and records trends in the risks being identified and how they are dealt with. These metrics could cover, for instance, number of incidents recorded, geographical location, the amount of money involved, the action taken and end result.
Takeaways for regulated firms
The Report provides a good opportunity for regulated firms to reassess their anti-fraud and anti-financial crime systems and controls more broadly. Firms should:
- Consider collaborating with peers in data sharing initiatives to help inform their understanding of economic crime threats. This is particularly important in behavioural biometrics, where the size of the data sample has a significant impact on the accuracy of the analysis. Firms that have been reticent to participate in these schemes in the past due to concerns about customer data privacy and security should consider using synthetic data sets.
- Ensure that their anti-fraud and anti-financial crime measures are updated regularly, and take account of emerging risks and technologies used by fraudsters, such as AI.
- Implement criteria to measure the effectiveness of their anti-fraud and anti-financial crime measures, including the impact of any new initiatives.
Horizon scanning
The Report also touches on the government’s proposed reform of the UK’s anti-money laundering regime, which is currently policed by no fewer than 25 bodies (three statutory and 22 professional supervisors). The Report indicates that the FCA will be pushing for the creation of a Single Professional Service Supervisor, one of four potential models being considered by HM Treasury. In terms of financial regulation, this reform will be one of the most significant developments of 2024.
1 Financial Conduct Authority: Our Strategy 2022 to2025
2 https://www.fca.org.uk/publications/corporate-documents/reducing-and-preventing-financial-crime