As part of our responsibility to ensure the integrity of the UK financial markets we require all authorised firms to have systems and controls in place to mitigate the risk that they might be used to commit financial crime.
Firms must satisfy us that they have robust governance, effective risk procedures and adequate internal control mechanisms to manage their financial crime risk. Some firms will also have further obligations placed on them by law.
By using effective systems and controls, your firm can detect, prevent and deter financial crime.
You should build and maintain these systems as part of your obligations as a regulated firm. Some firms will also be required to comply with the Money Laundering Regulations.
The approaches you should take involve assessing the risks that your business may be used for the purposes of financial crime and then mitigating those risks effectively through:
- identifying your customers
- understanding your relationship with them
- monitoring the way they use your services to identity anything suspicious
Your systems need to be appropriate and proportionate to the nature and scale of your business. There is no 'one size fits all' approach that we expect firms to adopt. It will vary, for example, between large firms and small firms, firms operating in products or areas of high risk, and those offering products to customers where the firm assesses there is less financial crime risk.
Senior management should take clear responsibility for managing financial crime risks and be actively engaged in addressing these risks.
Your firm should:
- have a thorough understanding of its financial crime risks in order to apply proportionate systems and controls
- have an organisational structure that promotes coordination and information sharing across the business
- have appropriate up-to-date policies and procedures in place that can be easily accessed and understood by all staff
- employ staff who have the skills and expertise to do their jobs effectively
- review employees’ competence and take appropriate action to ensure they remain competent for their role
- manage the risk of staff being rewarded for taking unacceptable financial crime risks, and
- be able to provide evidence to demonstrate that it has adequate systems and controls to prevent the risk that it might be used to further financial crime
Your firm’s efforts to combat financial crime should also be subject to challenge. Senior management should ensure that policies and procedures are appropriate and are followed, eg having robust internal audit and compliance processes that routinely test the firm’s defences against specific financial crime threats.
Good and poor examples
Our Financial Crime Guide and Financial Crime Thematic Reviews guide (under Regulatory Guides) gives examples of good and poor practice of:
- governance
- structure
- risk assessment
- policies and procedures
- recruitment, vetting, training, awareness and remuneration (pay)
- quality of oversight
These are valid for all firms subject to the financial crime rules, as well as to e-money institutions and payment institutions that sit within our supervisory scope. The Joint Money Laundering Steering Group (JMLSG) have also produced industry led guidance to help you meet the obligations under the Money Laundering Regulations if those apply to you.
Guide for consumer credit firms
To help consumer credit firms subject to the Money Laundering Regulations to mitigate the risk they are used for financial crime, we have published a webcast and guide highlighting our expectations and the rules required to be followed, together with examples of good and poor practice.