Latest financial crime update highlights FCA focus on technology

Halfway through its three-year financial crime prevention strategy, the FCA has released an update on progress. The report is very positive in its reflections and, while it doesn’t bring much new to the table, it does give us some useful insights into the regulator’s priorities for the coming year, in particular when it comes to the use and oversight of technology.

The FCA’s update, Reducing and preventing financial crime was published on 8th February. It summarises the work delivered over the last 18 months that it believes is already having an impact: prioritising tackling fraud, money laundering and sanctions evasion.

There is a heavy emphasis on anti-fraud controls and some good news that increased controls and focus from the regulator and firms appears to have reduced losses substantially in some areas.

The regulator has also been more aggressively policing the authorisations gateway and intervening in high-risk sectors, in particular in the payments and crypto sectors where 88% of authorisation application have been refused.

Sanctions controls has become a recent focus, in particular the tuning of sanctions name screening systems. They have visited 90 firms and, as we discussed in our recent webinar, have been using a new toolkit that tests whether a screening system will pick up particular names and misspellings.

Looking to the next 18 months the priorities fall into four areas: data and technology, consumer awareness, collaboration and MI.

Data and technology

The focus on data and technology will continue and the FCA ask boards to ask themselves a number of questions:

  • Does my firm know how criminals are likely to be using new technology to target our customers and business? You need to stay abreast of evolving crime typologies and risks over time and making sure new risks are included into your risk assessment process.
  • Does my firm have a way of keeping updated on new techniques or typologies? This is likely to lead to a focus on risk assessment documents such as the BWRA and how the findings from that are used to design appropriate controls. These documents need to be updated over time, as new risks don’t just appear once a year.
  • How is my firm keeping updated with good practice? We can expect questions from the regulator relating to your participation in industry groups, the use of advisers to challenge potential group think and other strategies to support the development of the risk based control framework.
  • Is my firm targeting investment in technology and data to address our firm’s and customers’ key financial crime risks? A key challenge from the regulator will be whether money is being spent on data and technology in other areas, but not on financial crime controls. You must be able to explain any decisions you have taken on prioritising technology spend within the context of your risk-based approach.
  • How is my firm measuring the outcomes we are achieving here? This theme is picked up in several areas and apart from loss metrics, you’ll need to consider other leading and lagging indicators in the fraud, sanctions and money laundering risk universe that could help assess whether controls are effective.
  • If my firm is using third party technology to detect, is the technology calibrated to the risks my firm faces and its customer base? We have seen this crop up at many firm, whether the regulator is looking at electronic CDD and sanctions screening or transaction monitoring systems. Any system needs to be calibrated to the address the potential vulnerabilities identified your risk assessment. You also need to understand the system’s limitations and any residual risk that this leads to.

Consumer awareness

The FCA has also identified increased consumer awareness as a key driver to reduce the harms from financial crime and this update suggest firms consider:

  • Are you raising awareness among your customers of the fraud risks relevant to the business you do with them?
    Many firms are flagging fraud concerns and vulnerability at customer contact points, like payment instructions, emails and the like.
  • Are you using/being consistent with the language/approaches proposed by public bodies or your association?
  • Are you getting feedback? How do you know if it is working?
    As in other areas this is about developing measures of effectiveness to make sure that any messaging is leading to reduced risks or a change in consumer behaviour. For example you could consider measuring the number of customers who regularly change their password on your app or internet account service for trends in particular geographies or demographics and adjust your communication strategy where some areas are not showing the same diligence as others.

Measuring effectiveness

The FCA is encouraging firms to develop metrics to measure their own effectiveness at preventing financial crime. In particular, the FCA have recommended that you consider what metrics the board is getting on the firm’s outcomes on tackling financial crime and how those are tied to activities, work programmes metrics and budgets and how those compare with peers.

Collaboration

The FCA is encouraging firms across the value chain to share data to reduce the harms from fraud and other financial crimes. You should think about areas where you can safely share data such as some of the anti-fraud services.

Focus for 2024

The FCA will be continuing to concentrate on measures to reduce the harms caused by fraud. They will also be active in the review of the AML supervision regime. We can expect a continuation of the robust intervention in higher risk areas and where firms have not fully considered the protection of customers from fraud.

We can help

Our financial crime experts have extensive experience in all areas of financial crime prevention. In response to this latest publication we can:

  • carry out a sanctions screening system calibration test
  • test the calibration of your transaction monitoring systems
  • review your anti-fraud controls in the context of your data strategy and help you optimise and improve outcomes.

More broadly, we’re always here to help you develop robust systems and controls to prevent financial crime and make sure you’re meeting the regulators’ expectations.