A more effective approach to combatting financial crime

Speech by Megan Butler, Executive Director of Supervision - Investment, Wholesale and Specialists at the FCA, delivered at the BBA Financial Crime and Sanctions Conference.

Megan Butler image

Speaker: Megan Butler, Executive Director of Supervision - Investment, Wholesale and Specialists
Location: BBA Financial Crime and Sanctions Conference
Delivered on: 20 September 2016

Key points:

  • The FCA takes a proportionate regulatory approach and wants to encourage innovation in this area.
  • Banks should focus on outcomes and change processes that aren’t effective.
  • The FCA is committed to better cross-agency working and a closer dialogue with industry.

Note: this is the text of the speech as delivered.

 

I’m delighted to see so many financial crime professionals here today to discuss how best to respond to the challenges posed to us all by those who try to abuse the financial system.

From the regulator’s perspective, every one of us here has a role to play in tackling financial crime. We see your role in supporting policy making, and intelligence sharing, as integral to our objectives here.

So I want to start by thanking the British Bankers’ Association (BBA), and all of its members, for their open and constructive engagement on these hugely important matters with the FCA over the last year.

Our intention is to continue improving those lines of communication. Working with you to make the financial system as hostile as possible to those that wish to use it to further financial crime.

Now the UK is home to a major global financial centre which attracts investment and activity from across the world. However, this can also attract criminals and terrorist organisations seeking to hide and move their criminal funds among the legitimate business flowing through our financial system. As such this is an area on which the FCA will always be focused. In the FCA’s most recent Business Plan we recognised ‘Financial Crime and Anti-Money Laundering’ as one of our priority themes.

The social and economic costs of serious and organised crime to the UK were assessed in the past at £24billion, whilst the cost of global money laundering has been previously estimated at US$1.6trillion. These are significant figures. And this is a complex area involving government, other regulators, law enforcement, international agencies and banks many of whom are represented here today.

It is vital that the UK financial system has the right safeguards to prevent financial crime, and it’s important that the FCA and other domestic and international agencies work with industry to ensure the UK financial system is a hostile sector for such criminal activity.

Financial crime is only one of a number of complex risks faced by banks in the UK and we know the City needs help to address these risks. My plan today is to outline where we see room for a more effective approach. Giving you a pretty open assessment, I hope, of the FCA’s responsibility to promote improvement in this sector. As well as your responsibilities.

It is vital that the UK financial system has the right safeguards to prevent financial crime

Some of the specific points I want to look at are practical and technical in nature.

I’m conscious these are not adjectives that necessarily capture the public mood. Quite rightly, people tend to see financial crime in much starker terms but while the changes I want to recommend today are inherently pragmatic, we see them as social and economic imperatives. Integral to many of today’s biggest, and starkest, societal concerns.

An effective approach to financial crime

So my main question today – ‘What makes for an effective approach to financial crime?’ – is not an esoteric one. But it poses a number of quite compliance-specific challenges.

For our part, we see a number of the challenges in this area as falling principally to banks in the UK to address. Others are held jointly.

However, we also know there’s always room for improvement by policy makers, so first, let me turn to the FCA’s responsibilities.

In particular, I want to stress we’ve listened to your input into the Better Regulation Executive review last year.

We know banks in the UK have concerns about whether FCA inspection visits and investigations are sufficiently risk-sensitive.

We also know there is sometimes a perception that you receive inconsistent advice from us.

Finally, we are aware some banks are worried about what they see as a lack of flexibility. Leading to a situation where resources are skewed to internal compliance procedures, over bread and butter essentials like transaction monitoring and investigations.

With this in mind, I want to address some of these perceptions head on. Providing you, I hope, with greater clarity and confidence.

A proportionate approach to regulation

The first point to emphasise is that the FCA is, and will remain committed to a proportionate approach to regulation.

As you know, all firms authorised under FSMA have to take steps to reduce the risk that they may be used for financial crime. In addition, the FCA is a supervisor under the Money Laundering Regulations 2007. In this context we are responsible for ensuring that around 15,000 authorised firms and all e-money institutions comply with the MLRs. We are also responsible under the MLRs for standalone anti-money laundering (AML) supervision of around 400 ‘Annex I Financial Institutions’ which carry on activities including financial leasing, safe custody services and money broking. All the firms we supervise under the MLRs are required to operate the same AML standards in their businesses outside the EEA as they do in the UK.  

But in all of this work we focus on the firms which pose the greatest risk as a priority, and our financial crime supervisors are extremely careful to work with banks in a measured fashion.

Our approach to AML supervision is risk-based. Fourteen major retail and investment banks from the UK, US and mainland Europe, which account for over 95% of UK retail banking and 75% of UK wholesale banking revenues, are subject to our Systematic AML Programme (SAMLP).

The SAMLP assessments comprise deep dive work on AML, sanctions and anti-bribery and corruption (ABC) controls and do so on a four-year cycle. Where appropriate the assessment will include visits to UK branches, important high risk overseas operations, and central service centres which carry out key functions such as transaction monitoring or sanctions alert-handling. Our visits include detailed testing of records and interviews with key staff from senior management to the front line, including key control functions.

Of course, money laundering risk does not occur only in large firms; some smaller firms pose risk disproportionate to their size. We therefore have a programme of visits aimed at a dynamic population of firms with high inherent levels of money laundering risk (mainly smaller banks with high risk business). In addition, we carry out thematic work on key financial crime risks each year and we take action in response to crystallised risk, where this meets our threshold to act.

In appropriate cases we will take targeted enforcement action. Since 2012, we have fined 7 banks and 1 Money Laundering Reporting Officer for AML failings. We also use other regulatory tools to achieve good outcomes, whether that be business restrictions or senior management attestations.

We are confident that this approach, as a package, is the best use of our resources − and your time.

However, we naturally want to keep asking ourselves if things can be done better? And in particular, we do not want a future where efforts to tackle financial crime are put back by disproportionate procedural compliance costs.

We are listening to concerns in industry around the effectiveness of Suspicious Activity Reports (SARs).

For the most part, we know law enforcement agencies greatly value the intelligence that SARs can yield – the names, phone numbers, addresses, vehicle details and so on. All data that are crucial to successful prosecution.

The concern though is that some SARs are ‘defensive’ in nature, and this poor quality intelligence will drown out the good work done by others.

One question put to us has been whether or not the criminal liability attached to MLROs is driving this conservatism.

These are all areas that we’re alive to and we would like to promote innovative methods being deployed by banks.

Room for innovation

So one important question for the FCA at the moment is, ‘can technology help make your compliance processes slicker, more efficient and more effective?’

We see room for innovation in a number of important areas. But it’s worth pointing out that AML arrangements are high on our agenda.

So I actively encourage you to approach the FCA with your concerns, and in particular to approach our innovation and reg-tech teams with ideas to move things forward.

Between them, these 2 teams enjoy a wide remit. Supporting firms who are entering the market, as well helping to assist established players break tradition, and promoting innovation in areas like reporting requirements.

The FCA’s Sandbox scheme, which we launched in May, is one practical way we are looking to support firms. Allowing you to test new business models in a controlled environment, where customers are suitably protected, but without incurring all the normal regulatory consequences of engaging in those activities. We are extremely supportive of technological solutions that make financial crime procedures more effective and efficient, particularly digital customer due diligence solutions.

The development of Distributed Ledger Technology (DLT) has the potential to offer innovative solutions to financial crime issues and financial services more widely. We remain closely engaged with those in the sector looking to develop DLT-based solutions.

This presents real opportunities to help firms meet Know your Customer or AML requirements more efficiently, but there are issues that need to be considered. For example, how do individuals gain access to a distributed network and who controls this process?

The FCA is participating in the ‘BBA FinTech Banking’ conference this Thursday and I was struck by the level of overlap between fintech, reg-tech and financial crime. My colleague Christopher Woolard will be talking at this conference about the companies that have been accepted into the Sandbox. If there are other methods, innovations, or technologies that help you streamline customer journeys and lower costs – without compromising market integrity – then do tell us about them and we will not stop you pursuing them.

Likewise, if your bank is mired in processes that aren’t effective, do not be afraid to change them.

Transaction monitoring is, quite rightly, part of our everyday professional lives.

But if a big, expensive transaction monitoring system ends up costing tens of thousands of pounds for every piece of reportable intelligence, it’s only right that you question its effectiveness and efficiency.

Please don’t assume you need to keep fantastically costly measures in place just to show willing to the regulator.

The BBA has already estimated financial crime compliance costs its members some £5bn a year.

We know credit institutions filed around 318,000 suspicious activity reports in 2014-15. So we can say with some confidence that the average cost of a SAR runs into the thousands.

Putting to one side our concerns about the impact of these numbers as barriers to entry, I can assure you we share your frustration that AML practices haven’t seen more change. In particular, basic customer due diligence checks taken by many firms remain paper based, much as they were 20 years ago. This presents an opportunity to make a step change in efficiency and effectiveness.

We need to ensure that all money spent on financial crime delivers an effective and efficient mechanism to combat financial crime. And I am very clear that the FCA needs to support considered steps to create a more effective and sustainable future.

So if you think there are regulatory barriers in place to these types of streamlining measures – in the wording of the guidance say, or messages picked up in conversations with supervisors – tell us.

We are committed to removing barriers and misperceptions. And this leads me to an important point about what is sometimes described to me as the FCA’s ‘zero failure’ approach.

I can only reiterate that we are primarily interested in outcomes in this area and that we operate in the real world.

Together we can impose significant costs on criminals who seek to use the services and facilities you provide by disrupting, discouraging and derailing them. And taking the profit out of their activity.

The role of banks

To my second theme which is the specific role of banks in tackling financial crime.

We do acknowledge that banks have made progress here. We recognise that industry is becoming increasingly aware of the need to get this right due to the damage this causes to their business and society.

And so we have seen steps firms have taken, for example in AML and suspicious trading, as well as to warn customers of scams and swindles.

Your work in this space complements ours.

We continue to warn consumers of the risk from scams. Our ScamSmart campaign is a crime prevention campaign aimed at retired consumers and those approaching retirement.

It stresses the importance of rejecting cold calls, checking our warning list before making an investment and getting impartial advice. Since we launched the ScamSmart campaign in 2014, over 350,000 people have visited our campaign hub and more than 26,000 have checked an investment on our warning list.

We need that progress you have made to continue. It is important banks don’t get lulled into thinking compliance is the FCA’s sole measure of effectiveness.

We do not want you to take, and I know from speaking with firms that you don’t want us to take, a ‘tick-box’, legalistic approach to financial crime compliance in the UK. This will not disrupt financial crime in the UK.

Your best barometer is, and always should be, your firm’s sense of social responsibility, seeing financial crime as a problem for society, as well as for your own business.

Senior leaders of your businesses as well as the Boards of your companies have a critical role here. I am not about to pretend there is any easy way for boards or executives to promote this. But I think there is a big difference between seeing financial crime as a regulatory objective, and seeing it instead as a matter of corporate integrity and a business imperative.

We see firms all along this spectrum. But broadly speaking, if you’re looking at our rules and asking your lawyers to confirm whether a particular approach is ‘doable’ or not, you are asking the wrong question. The right question is always ‘Is this the right approach to take’?

On the whole, I think industry is moving to balance this appropriately. But we do still find weaknesses and often find firms committed to questionable transactions even though they have gone through what on paper appear to be effective compliance procedures.

De-risking

One example of an issue that is often raised with me by industry in the context of financial crime compliance is de-risking.

We continue to hear charities, money transmissions services, pawnbrokers and fintech companies complain that they are being left without access to banking services. This is not merely a local or UK problem but an international one as even countries can find themselves without access to appropriate banking services.

Alongside this, we know a number of UK-based Politically Exposed Persons (PEPs) have had to contend, unreasonably as they see it, with intrusive due diligence questions directed at both them and their families.

I know this is not an easy landscape for banks to manage, particularly post-Panama. And we know it’s important to keep in mind the numbers affected.

Many in this room will have read the report “Drivers & Impacts of Derisking” written by John Howell & Co. earlier this year and which is available on the FCA’s website. It indicated individual banks are closing as few as 0.025% of personal accounts for what is identified as AML linked reasons.

Now, individual decisions on who to bank are clearly commercial matters for banks. And on the face of it, this is plainly not a huge percentage, but whether or not this is an underreported number, legitimate customers can suddenly find themselves cut off and it goes without saying that loss of banking services is profoundly difficult to manage, particularly when accounts are closed without warning or explanation.

We’re working closely with banks to encourage better communication with customers when firms are exiting, or rejecting banking relationships.

So we are committed to working with the Treasury and other partners to improve the way banks identify genuine money laundering risks.

We see reducing barriers to information sharing between banks as a particular imperative to reduce duplication of effort as well as focus attention on individuals who pose real risk in the system.

We are keen to make progress in this area. Hence we are, as I’ve talked about, extremely supportive of technological solutions to Customer Due Diligence.

As we see it, the fundamental challenge here is ‘how do we balance reducing money laundering on the one hand with protecting legitimate account holders on the other?’

It is easy when faced with complex compliance challenges to favour one priority over another. We understand this, but we believe that it is important for firms to find a sensible and correct balance. We are committed to helping you do this.

One live example of this is around how firms tackle bribery and corruption risks.

This is an area to which we know firms have paid more attention to in the past ten years, certainly since the introduction of the Bribery Act in 2010.

Both we and the government have prepared guidance about the steps firms can take to meet their legal and regulatory requirements about bribery and corruption.

The FCA’s supervisors recently looked into inducements made or received when firms sell retail investments, or undertake MiFID business. This raised concerns about certain practices, including corporate hospitality, that may create conflicts of interest and result in firms not acting in their customers’ best interests. For example, we found that MiFID firms were not providing an indication of the value of allowable benefits provided when this is required for the client to be aware of the possible level of inducement.

We published the findings of that work in April. And we’ve since received a number of questions asking if those findings apply to other areas of firms’ businesses.

In simple terms, people want to know:

a) If the FCA’s guidance on bribery and corruption has been superseded? and

b) If firms should no longer draw on guidance from the Ministry of Justice on Bribery Act compliance?

The short answer to both those questions is ‘no’. The findings from our inducements work were specific to those sectors that were probed, and the existing guidance remains current.

I hope this offers some clarity. And I hope, more generally, that I’ve been able to make it clear the FCA is committed to working alongside you.

And this brings me on to last of the three areas I want to look at today.

Working together

As I said at the start, much of the responsibility we see for improvement in tackling financial crime is owned jointly by regulators and firms.

We remain committed to better cross-agency working.

I know that this is a topic that’s been raked over many times before – with some underwhelming results. So I’d understand any scepticism. I was delighted to hear the lack of scepticism during the previous panel discussion and we do see genuine room for optimism. In particular, I think the Joint Money Laundering Intelligence Taskforce (JMLIT) is a step forward.

We do not want you to take, and I know from speaking with firms that you don't want us to take, a 'tick-box', legalistic approach 

And we’re pleased the pilot arrangement is now a fixed part of the UK’s efforts to tackle financial crime.

The joint industry efforts on Panama papers has also been very positive and helped bring together, in particular, the four taskforce agencies - the National Crime Agency (NCA), Her Majesty’s Revenue and Customs (HMRC), the Serious Fraud Office (SFO) and ourselves at the FCA.

Likewise, I welcome the work the Government has done to explore how information sharing between financial firms can be put on a sound legal footing.

For our part, we’re always aware that policy decisions taken elsewhere can have a significant impact on our work. And vice versa. So we keep our eyes on wider developments and expect firms to do the same.

One topical example is the Government’s proposed new tax evasion measures. First, the corporate criminal offence of ‘failure to prevent the criminal facilitation of tax evasion’ – due to be in the upcoming Criminal Finances Bill.

Second, the civil penalties for deliberate enablers of offshore tax evasion – in the Finance Bill.

Ultimately, this will mean that if an FCA authorised person were prosecuted or penalised under these measures then we would have an interest and we would be able to take action.

As you’d expect, we will pay close attention to both Bills as they go through the legislative process.

One last point on joint working. We still see significant room for better collaboration at the international level.

The FCA is very proactive about working with colleagues in other financial centres but the global nature of modern financial crime makes the need for co-operation even greater than ever.

So we intend to continue working closely with other regulators so that banks get more consistency around standards thereby delivering better outcomes in the difficult field.

My one caution to you, and a point that won’t be lost on anyone in this room, is that our experience of cross-border policy work is that it is not always easy.

It is not that there’s a lack of will around the world to co-operate. The desire to engage is manifest in the work of organisations like IOSCO, Interpol, Europol, the FSB, the G20, ESMA and so on.

But I think we all need to be realistic about the practical difficulties of reaching agreements across borders.

We know there is a tension between objectives for regulatory convergence on the one hand, and different countries’ national interests or priorities on the other.

I can assure you we will continue, despite this, to pursue international solutions to what is an international problem. Reducing opportunities for unfair arbitrage wherever, and whenever we can.

Let me finish on this by saying we welcome closer engagement with the BBA and its members. We are committed to closer engagement with the Government, enforcement agencies and other regulators.

So to conclude, our objectives at the FCA in this area are to ensure that:

  • the UK financial system is a hostile sector for money launderers
  • AML requirements are proportionate and operate efficiently
  • the unintended consequences of AML regulation are minimised, and
  • firms’ AML processes do not exclude people unfairly or unreasonably from using financial services

In seeking to achieve these, we are conscious that the improvements in effectiveness we need are more likely to be achieved by lots of small steps forward, rather than a few big leaps.

Your job now as an industry is to engage with us in an open and frank manner to build these processes in a way that will disrupt financial crime. You need to be vigilant and challenging and not just compliance process ‘form over substance’ focused.

If we do this together we will make a genuine difference to financial crime.

Thank you.