FCA Review of AML failings at challenger banks
Throughout 2021, the FCA conducted a detailed review into the financial crime controls of challenger banks as they continued to enter the UK financial industry at a rapid pace. Their surge in popularity is partially linked to the Covid-19 pandemic, which has prompted significant changes in the habits of service providers worldwide. Whilst the FCA's review indicated some evidence of good practice, it is clear that challenger banks must do more to reduce the significant risks of financial crime occurring both at the time of customer onboarding and throughout the subsequent customer journey.
The FCA's review aligns closely with their business plan for 2022/23 which aims at reducing financial crime by lowering the incidence of money laundering through the firms it supervises. Its focus on challenger banks stemmed from the UK's 2020 "National Risk Assessment of Money Laundering and Terrorist Financing" (the NRA) which raised concerns that criminals may utilise these services to set up money mule networks. Whilst challenger banks have not universally been defined, these innovative modern financial practices are generally associated with the ability to open accounts quickly in a bid to attract customers and reduce the market concentration of traditional high street banks.
The FCA chose to focus their analysis on a sample selection of six retail challenger banks, of which 50% constituted a sub-set of digital banks. Digital banks normally: (i) offer personal current accounts, (ii) operate without a branch network and (iii) provide financial services through smartphone apps. The sample selection was chosen to reflect those challenger banks that provide similar offerings to more traditional retail banks, and therefore excluded both e-money issuers and payment services providers. Of those sampled, analysis was focused on but not limited to:
- Governance and management information;
- Policies and procedures;
- Risk assessments;
- Identification of high risk / sanctioned individuals or entities;
- Due diligence and ongoing monitoring; and
- Communication, training and awareness.
Whilst this review pre-dated the significant expansion of sanctions against Russia in recent months, the main controls assessed by the FCA apply equally to firms' management of sanctions, specifically in instances where firms are utilised for sanctions evasion.
The use of innovative technology and non-traditional methods of identity verification (such as passport photo images and video selfies) have enabled customers to be onboarded quickly. This supports the NRA's finding that challenger banks depend on rapid growth for survival. However, in a recent statement the executive director of markets at the FCA Sarah Pritchard made clear that "there cannot be a trade-off between quick and easy account opening and robust financial controls".
The FCA's review has consequently identified the following key areas of development for challenger banks to review and act upon where necessary:
- Controls to be commensurate with the bank's expansion: challenger banks should apply a risk-based approach to Anti-Money Laundering controls and ensure their financial crime control resources, process and technology remains fit for purpose as their business expands.
- Improve upon Customer Due Diligence: Most challenger banks did not obtain details about customer income and occupation, making assessment of the customer's relationship with the bank difficult to determine.
- Improve application of Enhanced Due Diligence: Some challenger banks did not apply Enhanced Due Diligence and did not document it was a formal procedure in higher risk circumstances.
- Improve customer risk assessment frameworks: Some challenger banks had under-developed frameworks which lacked sufficient detail and others had no framework at all.
- Improve transaction monitoring alerts: There was ineffective management of transaction monitoring alerts, including inadequate or inconsistent rationale for discounting alerts.
- Increased volume of Suspicious Activity Reports (SARs): The increase in SARs reported by challenger banks as they exit customer relationships for financial reasons raised concerns as to the adequacy of due diligence checks when onboarding.
- The financial crime change programme: There is ineffective management of these programmes, including inadequate oversight and a lack of pace in implementation, meaning control frameworks are unable to keep up with changes to their business models.
- Principle 11 notifications: There were instances of significant crime control failures where no Principle 11 notifications had been made, despite firms being expected to notify regulators of anything relating to a firm which the FCA would reasonably expect notice of.
This review has provided challenger banks with an opportunity to reflect on whether their firm's financial crime frameworks are fit for purpose at present and/or require urgent or future amendments. By completing a "gap analysis" of these common weaknesses, challenger banks will be able to enhance their services and better manage their exposure to associated financial crime risks, enabling the FCA to respond more swiftly to shifting economic and geopolitical climates.
This review is of particular importance to FI/D&O insurers. Where challenger banks fail to ensure their financial control practices keep pace with market growth, money mule networks may seek to capitalise on this "gap". Any significant liabilities incurred by the banks in this respect may well be passed on to insurers, who will be expected to cover the legal defence costs incurred and any damages or settlement arising from these financial claims. Given the FCA's focus on this emerging sector, challenger banks (and their FI/D&O insurers) will also be exposed to greater risk of potential FCA enforcement action should the banks not take heed of the concerns arising from the FCA's review and ensure their processes are fit for purpose. FI/D&O insurers will want comfort on these issues when underwriting these risks going forward.