Feeling the Heat – Financial Crime in 2015 and Beyond
Financial Crime risk is a widespread issue that effects brand value and reputation, goodwill, and profits of many organisations. In addition to the value of what criminals actually take from the crime itself, companies also face extra costs in related areas. Compliance, crime detection efforts, internal investigations, external enforcement actions and any associated fines and penalties are among the factors driving up both the costs and risks associated with financial crime.
With EU Money Laundering Directive 4 around the corner it is bigger than ever. Approved Persons, CF11 chiefly (Money Laundering Officers), may feel a perfect storm of pressure. Bribery, fraud, and cybercrime keep getting more sophisticated, and the FCA demand more accountability.
It is imperative a company is able to evidence a financial crime risk management framework that encompasses:
- Anti-money laundering (AML)
- Customer Due Diligence (CDD) – throughout the whole life of the product
- PEPs screening
- Sanctions checking
- Constant vigilance
- Counter fraud
These must be embedded throughout the business, and must be integrated into specific risk management functions such as compliance, operational risk, credit risk, reputational risk and conduct risk.
Impact of Money Laundering Directive 4
Businesses need to be prepared to be scrutinized by the regulators. The most stringent compliance demands are occurring in the US, while the UK has been the second largest collector of fines. This shows the appetite to fine is rife.
The EU’s proposed Directive 4 was published in February 2013. The proposed Directive (Fourth Money Laundering Directive – MLD4), was adopted in May 2015.
Although implementation is unlikely to take effect before 2017, companies should have comprehensive compliance programmes in place now—particularly around third-party relationships. The FCA make no secret of the fact that they see this as a major issue going forwards.
The level of due diligence required by MLD4 extends to customers in some industries, like consumer credit, where they present an inherent risk of money laundering. A lot of those organisations struggle to manage their third party risk. A standard four-step process to manage third-party due diligence will always help:
- Identify/Prioritise: Identify your universe of relationships with third parties and customers, and prioritise by risk level.
- Assess: Conduct due diligence on a risk-adjusted basis. Uncover and assess possible risks.
- Mitigate: Take steps to mitigate risks that are uncovered.
- Monitor: Continuous monitoring and periodically re-screening to identify new risk events to keep information current and ensure policy compliance is in force.
Responsibilities of the Approved Persons:
Approved persons are ultimately responsible for establishing sound and prudent financial crime risk governance. In light of this, the approved persons should, among other things:
- Implement and approve strategies, policies and procedures that focus primarily on preventing and detecting financial crime.
- Promote a culture of integrity, exemplary business conduct and ethical behavior among all employees.
- Ensure that staff and officers have appropriate training to deal with financial crime risks and that the people assigned to risk management, compliance monitoring and the prevention, detection and review of suspicious activities are honest and competent.
- Ensure that the company complies with all laws, regulations and guidelines dealing with financial crime.
Financial Crime Risk Management:
Your integrated risk management framework should include:
- Organisational structure;
- Nature of activities and characteristics of products;
- Information systems and technology used;
- quality of internal controls, including the segregation of duties and the delegation of powers;
- Business dealings (including third-parties);
- Monitoring employees (especially in higher-risk functions).
- The methods used by perpetrators of financial crime activities and the potential of operational incidents and their potential impact;
- Economic and social context;
- New threats and opportunities.
Always be vigilant with respect to customers, considering the extent of risks associated primarily with monetary transactions. Knowing your customer is an essential component of financial crime risk management.
Review of suspicious activities:
React promptly to any situation where financial crime is suspected or detected. Reviews may require skill in several fields of expertise, such as legal, tax or IT. Document the results of reviews and ensure that the review is in accordance with the appropriate legislative framework.
Communication of information:
You have the legal obligation to communicate all information concerning activities associated with financial crime to every appropriate authority.
While there has been a responsibility on organisations to report on potential financial crimes and work to eliminate them, this is about to get much more serious. The potential sanctions on non-performing businesses and their staff are worrying, including fines and criminal punishments. Some banks have already implemented more stringent KYC checks which means it can now take up to two weeks to open a basic bank account. How this detailed KYC fits into a world of “loans in 20 minutes” remains to be seen.