30/03/2023

Welcome to the Spring edition of Financial Crime in Focus. People who work in Financial Crime Compliance must be innovative, resilient and adaptive by nature. They deal with an ever-changing regulatory landscape, an evolving criminal threat and pressure to contain costs without sacrificing effectiveness.

The articles and news stories featured this quarter fully reflect these admirable qualities. We look beyond the media narrative that likes to paint a picture of the UK as soft on financial crime, at evidence from committed practitioners on the ground, who tell a very different story.

Regulatory update

Had Benjamin Franklin lived in the 21st century, his famous quip might have featured three certainties in life; death, taxes and regulation.

Amendments to the UK’s money laundering regulations are approaching which will require all AML regulated businesses to comply with checks on the new register of overseas entities at Companies House when dealing with onboarding or ongoing monitoring of relevant overseas businesses in the land and property sectors. The significance being that it changes customer due diligence processes in these situations and places an obligation on all regulated entities to report any discrepancies found on the register. Quality of business data sources will therefore be crucial in ensuring compliance with this new requirement.

New requirements will also apply for firms dealing with Trusts, namely the need to check the Trust client against the Trust Registration Service (TRS) maintained by HMRC. This has, in part, already been in place since 2022, but now extends to the conducting of CDD checks on all existing client relationships that involve trusts. The upshot is, this will bring many more trust customers into regulatory scope and, in addition to new government policy requiring many hitherto exempt trusts having to register with the TRS, will only serve to increase the burden of CDD compliance checks for firms. Bearing in mind CDD checks already represent more than 50% of all compliance costs, according to the recent True Cost of Compliance Report, and an average firm spends £194 million a year on compliance operations, technology, staff and training, further cost increases are unlikely to be welcome.

What about the much-vaunted Economic Crime and Corporate Transparency Bill 2023? It has made progress and currently resides in the House of Lords. There is no exact date for enactment but what will it mean for regulated firms? In a nutshell more compliance workload. The aims of the Act are laudable, especially in the area of giving greater powers to Companies House to implement identity verification checks on directors of new and existing companies. This will also extend to the Persons of Significant Control Register. Companies House will also be granted a range of new powers to check, remove or decline information whether newly submitted, or already on the register.

Over time we would expect the quality and accuracy of the information on the register to improve, of course. We should also expect improved information sharing with other bodies, such as law enforcement, making it far more difficult for financial criminals to abuse the use of corporate entities. Yet, questions remain about budgets and exactly how it will all work in practice. Our advice therefore is that all firms, especially professional service firms who offer company formation services, monitor the progress of the Bill closely.

Finally, the UK Government launched a new consultation in February: ‘Future financial services regulatory regime for crypto-assets¹.’ Despite the turbulence of the sector, no-one disputes that block-chain technology is here to stay and the crypto sector – despite many setbacks – will continue to expand. Regulation of the sector is in the Government’s line of sight, so have your say now; follow the link to the consultation in the footnotes (1).

Consumer Duty Regulations

At the top of every compliance officer’s list right now is the forthcoming Consumer Duty rules deadline in July. At time of writing, we believe many firms have yet to formally establish plans to comply with the new regulations². Data management is central to compliance with the regulations and the onus will be on firms to ensure that their customer records are accurate, complete and kept up to date.

However, what impact will the new regulations have on AML compliance? We asked Brian Swainston, Deputy MLRO and head of financial crime at Fidelity International, for his thoughts on this topic as an AML practitioner.

He said, “the short answer is it requires firms to be more thoughtful and considerate in the way they are complying with anti-money laundering regulations. This is because although the FCA already gives guidance on Treating Customer’s fairly, and sets core principles covering integrity, customer interests and clear communication, the new Consumer Duty requires firms to deliver ‘good outcomes’ and reinforces the need to help them understand why it is needed and give them support.”

So, although there is nothing specific to AML or KYC written in the new regulations, the inference is that it will require firms to review their due diligence processes to make sure they are designed to meet these aims, and make adjustments where required, as well as to ensure their data management processes are fit for purpose.

Some areas our readers may wish to consider when carrying out a Consumer Duty review of their own processes could include, (this is not an exhaustive list):

• Is the language we use when communicating with clients on KYC matters, clear and understandable? Do we explain the reasons well enough?
• Do our processes provide reasonable time frames and mechanisms for all of our customers based on their different circumstances?
• Have we considered any other potential outcomes/difficulties they might face in meeting our needs and do we provide sufficient flexibility?
• What is our rate of data decay? Does our data need updating and appending to ensure we have an accurate enough view of our customers to be able to meet the new and any future requirements of the regulations?

Latest Cost of Compliance research shows average firm spends £22k per hour on FCC

Our latest research into the total cost of compliance for the UK’s financial services sector shows that overall costs continue to rise, reaching £34.2bn in 2022. A staggering amount when taken in the context of the apparent lack of value we’re getting in terms of eliminating dirty money from the financial system.

In a video interview with The Banker, LexisNexis® Risk Solutions senior director of market planning, Nina Kerkez discusses some of the deeper themes emerging from this latest research with Editor in Chief, Joy Macknight³. Regulatory pressures remain the number one external driver of costs, as firms compete both with the operational challenges of adapting to new regulations, and pressure from the regulators themselves to improve the effectiveness of controls. Customer due diligence processes were revealed to be the major internal cost pressure, rising sharply from 55% of total spend in 2020, to 67% in 2022. The research identifies investment in KYC processes and anti-fraud checks as significant areas of cost as the industry responds to the sharp rise in fraud and expects it to rise even further.

In response, firms are increasingly turning to technology and data solutions to reduce the operational burden, reduce costs and improve effectiveness in identifying financial crimes risks. However, what emerges from the research is a picture of an industry in a state of positive flux, investing heavily in technology and the people with the right skill sets to lead their digital transformation programmes, but not yet in a position to realise the cost and efficiency benefits.

Is there a glimmer of hope that costs will eventually decline? What opportunities are there for firms to improve efficiency? Where are firms looking to invest next? To find out, we highly recommend you download this complimentary and insightful report⁴.

SARs on the rise

The National Crime Agency (NCA) recently published its annual review of suspicious activity reporting by UK financial and professional institutions⁵, finding:

“Another record set in the last financial year with 901,255 SARs (Suspicious Activity Reports) received and processed – a 21% increase. More than £300 million was denied to suspected criminals as a result of Defence Against Money Laundering (DAML) requests – a 120% increase on the on 2020-21.”

A closer look reveals that the increase can in part, be attributed to new reporting entities in the Fintech and Crypto-asset sectors. That said, a huge increase in organised crime and fraud is almost certainly also a leading factor. The NCA also tells us that improvements to the SARs regime, including increasing the quality of DAML intelligence sharing and better use of Asset Freezing Orders – described as “the greatest success story for government in the last five years” by Nigel Kirby, head of the Financial Intelligence Unit at Lloyds Banking Group in our latest whitepaper, Economic Crime: Revisited⁶ – are making all the difference in tracking down the proceeds of crime in the system.

The FCA would dearly love to have greater powers to review SARs produced by regulated firms in an effort to drive up their overall quality, as this has long been identified as a weakness in the system. The absolute number of SARs generated per year can be misleading, as what counts is the quality of the information disclosed. Improving the quality of internal investigations before disclosure and enabling forms to share information about suspected entities would all ultimately lead to more success for the NCA. The ability for financial institutions to voluntarily share information with other regulated entities for the purposes of submitting a joint SAR – a so-called ‘Super SAR’ – has yet to be successfully used.

New sectors in the FCA’s crosshairs

Last year it was Challenger banks, now the online and e-payment sectors are the latest to receive a ‘Dear CEO’ letter⁷. The FCA wrote to all providers at length setting out its expectations for compliance with the Consumer Duty Regulations, citing “poor financial crime controls in some payments and e-money firms” that leaves firms and customers open to criminal attack. The FCA wants fraud cases handled better, particularly authorised push payment (APP) fraud, and wants to see companies take better steps to ensure that their treatment of victims is “not unduly harsh.”

Hot off the press: FATF grey list update

The big news from the last FATF plenary session on 24th Feb was confirmation that both Nigeria and South Africa are to go on the ‘grey list’. This has huge implications for any firm with customer exposure or correspondent banking relationships in these areas. The decision stems from deficiencies identified in the FATF mutual evaluation reports, following audit of the effectiveness of each country’s AML control framework. The practical reality of this decision is that whilst the countries address their deficiencies, regulated firms from places such as UK or EU are required to apply enhanced due diligence measures. Some firms will also need to revalidate their existing KYC for customers already onboarded in these countries. One way or another, compliance workloads are going to increase for any firm affected by this change.

The other announcement of note was that FATF has agreed beefed-up Beneficial Ownership requirements after a lengthy consultation process. We will look at this in more detail and what it all means in the next edition of Financial Crime in Focus. Beneficial Ownership and Corporate Transparency are hot topics, yet remain in a state of global flux.

All the outcomes from the plenary are available via the link below⁸.

Sanction-busting and hunting down the Oligarchs

It’s been a year since the Russian Invasion of Ukraine in February 2022, following which a plethora of sanctions were imposed on Russia by most western countries to disrupt its $1.78 trillion economy.

Russia being the world’s 11th largest economy inevitably causes complications and challenges for the countries imposing the sanctions. Their sheer scale and complexity also put firms’ client screening systems, processes and analysts under high pressure.

Outwitting the oligarchs’ attempts to put assets out of reach of the authorities has stretched compliance teams analytical and research skills to the limit. The days of checking a name against a list are long gone and investigations now require analysis of both corporate and social networks to track down assets. The sanctions risk may well be hidden deep in the entity, requiring analysts to carefully ensure they have identified all beneficial owners. It can be slow and painstaking work and sanctions compliance teams continue to deal with backlogs.

If you haven’t already done so, ask your sanctions data provider a few key questions to ensure their data is sufficiently enriched to help you understand the narrative and sectoral sanctions risk, in particular. And don’t forget, whilst most of the focus has been on Russia, geo-political tensions elsewhere including China, Taiwan, Syria and Iran, may lead to further sanctions in the months to come.

This recent article from the Economist: Russian sanctions-dodging is getting ever more sophisticated helpfully underlines the complexity of the challenge⁹.

Close up on... Orchestration Software in AML

Let’s start by defining what orchestration software is. In a nutshell, orchestration tools are a type of software that can help you automate, configure, integrate, and manage multiple data processes for any given application that involves data and workflow.

An established concept in some sectors, its relatively new in financial crime management. Adoption in the financial services sector is rapidly accelerating, however as firms realise the efficiency and flexibility benefits it brings to help tackle the rising costs of compliance.

One of the big benefits of risk orchestration tools is the ease with which users can design and implement systems to initiate workflows at ‘triggering’ events, such as at account opening. This makes it an ideal tool to automate repetitive process workflows in KYC/AML onboarding, fraud prevention and screening processes. From a user perspective, ease of integration is a huge benefit as a single API integration can connect the entire orchestration eco-system into the customer’s existing system. API technology enables integration of both global and local data solutions that can be drawn upon when needed, much as a conductor brings in the brass, strings and percussion at different times during a music recital.

Its flexibility also means financial crime management processes don’t require huge technical programme rewrites when risk policies change. Compliance teams themselves can change workflows quickly and easily themselves, using natural language. This newfound agility is doing its bit to transform financial crime risk in money laundering, fraud and terrorist financing and is certainly attracting the attention of the industry.

LexisNexis® ‘RiskNarrative™ orchestration and customer lifecycle management platform is a leading product in this area.

That’s about all for now folks. If you have any comments or feedback on this edition, why not get in touch. We’d love to hear from readers on what you find useful and what you’d like to see more or less of. We look forward to bringing more of the latest news in the summer edition.