.svg)
Innovation and the capability to do things differently is coming up against a struggle to get on top of compliance matters, a senior official at the UK Financial Conduct Authority (FCA) said while speaking at a webinar organised by the regulator about financial crime and payments.
During the webinar, the FCA’s head of financial crime, Andrew Wigston, acknowledged that payments is an “incredibly important part of the financial services sector”.
However, there was a sense of frustration with the regulator still finding the sector vulnerable to financial crime, and that regulatory compliance requirements are, as Wigston’s presentation said, “a difficult growth journey”.
Throughout the webinar, Wigston touched on the same points again and again: firms lacking an understanding of their compliance obligations and relying too heavily on outsourcing to consultants and lawyers.
He said that the regulator continues to find that many payment firms are increasingly subject to financial crime intelligence reporting.
“Many of those involve consumer harm and some of that is very significant,” he said.
“That greatest strength, the different mindset of people in the firm bring, not being shackled by those established ways of doing things is also the greatest weakness,” he lamented.
According to Wigston, this regularly results in payments and e-money firms making the mistakes that established firms have learnt from better experience over time.
Wigston indicated that the FCA is set on investing more into its financial crime team, and cautioned “you will be seeing more of us”.
Weak compliance continues
As with the Dear CEO letter that was published earlier this year, the FCA laid out compliance weaknesses that have become apparent in the payments sector.
"We've seen key financial crime controls such as transaction monitoring being outsourced to third parties," Wigston said, noting that this lacks clear oversight, and is resulting in ineffective systems and controls.
Sanction screening is another area where Wigston warned that there is “overreliance on third parties”.
“In particular, there is a failure to tailor tools sufficiently to business requirements,” he said. “This has caused firms very serious issues.”
In addition, Wigston said that the FCA has seen global policies on sanctions that fail to align with the UK’s individual regime, and has also come across teams where they lack an understanding of the work that is being done with regard to sanctions.
He called out firms for taking a reactive approach to UK sanctions, noting that they do not appear to be on top of rule changes and highlighted reporting issues.
For example, firms can often be slow to update the regulator on control failures.
Some payments firms also had to work through "significant backlogs" of screening well into the latter part of 2022 after the sanctions were implemented, he said.
This means that compliance teams are "stretched and become unable to cope".
In addition, management information (MI) is lacking clarity and detail, the FCA official complained.
For example, he pointed out that the FCA has seen money laundering reporting officer (MLRO) reports that include risk assessments but do not have an explanatory rationale for the conclusions reached.
Wigston further noted that the FCA has found members of financial crime management are not based in the UK, and situations where senior managers are lacking “sufficient understanding” of compliance standards.
“Sometimes, we’ve seen senior managers of the board failing to address the need to grow financial crime resources in proportion to the business as it expands,” he added.
For the FCA, the company board is an “absolutely key part” of financial crime management.
“We’ve also seen poor recordkeeping, especially around decision-making,” he said, adding that there has sometimes been minimal evidence of challenge on financial crime matters.
These issues can lead to firms failing to be robust enough in their financial crime compliance controls.
During the webinar, the FCA insisted that financial crime “remains a top priority”.
This includes implementing the UK’s second Economic Crime Plan.
The regulator itself is involved in 20 of the overall 43 actions, including the recommendation to develop a culture of "prevent, protect, prepare, pursue" to target the criminal use of fintech and so-called enablers in the e-money space.
Further, the FCA said that it wants to strengthen its authorisation process, reduce fraud and increase tools to suss out scam websites.
