Posted: 9th October 2018
Background
On the 3rd October 2018, the FCA shared their findings through TR 18 / 3 on the potential risks of money laundering and terrorist financing in the e-money sector.
In summary, the FCA identified a positive culture and good awareness of financial crime obligations within Electronic Money Institutions (EMIs). Firms generally demonstrated a low risk appetite and evidenced relatively few high-risk customers. Out of the 13 EMIs visited as part of the review, only one firm had not revised their policies and procedures to comply with the 2017 Money Laundering Regulations.
Most firms were found to have effective transaction monitoring systems based on automated technological solutions.
KEY FINDINGS
The findings in the review are organised into nine key areas of organisational conduct and operation, providing a breakdown of good and bad practice in each.
Governance, culture and management information
Governance – Some of the larger EMIs regularly brought money laundering and terrorist financing risk to the agenda at management committees, while smaller EMIs had a more informal approach. Both approaches were found to be equally effective at bringing risk information to management, relative according to the size and scale of the business.
Culture and risk appetite – Most firms were found to have an established financial crime prevention culture with adequate controls to mitigate the risks of money laundering and terrorist financing.
Management information – The majority of EMIs produced monthly or quarterly management information reports on fraud, money laundering and terrorist financing. At smaller firms there was regular communication between senior management and the compliance team.
Generally, good practice in this area was found to involve documenting follow-up actions, including deadlines and individual responsibility, after meetings occurred.
Business wide risk assessment
Most firms were found to have a comprehensive and business-wide risk assessment that were found to be more effective when senior management had reviewed and approved the assessment. However, in some cases, even though risks were correctly identified, controls were not implemented to mitigate the risks.
Customer risk assessment
Politically Exposed Persons (PEPs) and sanctioned entities were found to have been appropriately screened and escalated to the Money Laundering Reporting Officer when the risk fell outside of the scope of the firm’s risk appetite. However, some tools were not always effective in triggering enhanced due diligence (EDD) and ongoing monitoring of high-risk customers. Factors such as geographical location and expected turnover were noted to be effective risk scoring methods.
Policies and procedures
Out of the 13 firms visited, most of them were noted to have adequate AML policies and procedures that had been approved by senior management.
Customer due diligence
Most customers were onboarded remotely with identification and verification carried out online. Some EMIs utilised tools such as geolocation software to clarify locations and prevent fraud, some able to detect cases of potential attempted fraud in which multiple applications were made using the same IP address. The frequency of customer screening varied across the firms for PEP and sanction screening purposes.
Enhanced due diligence
Less than half of the EMIs visited had onboarded PEPs after EDD, with generally low percentages of PEPs compared to total customers. The FCA found that EDD was mostly triggered when spending thresholds were exceeded. At one firm, however, the FCA saw unclear EDD processes and inadequate staff guidance, including a lack of understanding as to what information was acceptable as evidence of source of wealth / funds.
Ongoing / Transaction monitoring
In larger EMIs, ‘real time’ transaction monitoring systems using a rules-based application to detect unusual activity were found to be the most effective. However, the FCA highlighted that these rules need to be kept under ongoing review to mitigate risks.
Outsourcing
There were two outsourcing models adopted by EMIs, ‘full outsourcing’ of AML controls and a hybrid model in which only some functions were outsourced. In a few firms, on-site visits were not conducted regularly enough to assure that these processes were being undertaken compliantly and effectively. However, systems and controls were tested through file reviews and studying management information.
Training, communication and awareness
There were a number of differences with the delivery of training, with a least half of EMIs providing computer-based training. About a quarter of EMIs provided staff with face-to-face and computer-based training.
NEXT STEPS
The FCA provided individual feedback to the 13 firms visited. The regulator encourages other EMIs to review the report and compare the examples of good and bad practice to their own anti-money laundering systems and controls.
CONSIDERATIONS FOR FIRMS
The FCA assessment of the 13 firms visited highlighted reasonable systems and controls for combatting money laundering and terrorist financing. However, the FCA emphasises in the summary that there were still weaknesses found within the firms and measures should be taken to avoid complacency.
Huntswood has found that the backbone to effective financial crime compliance is ensuring that firms have an effective risk assessment tailored to your firm’s risk appetite. Financial crime risk should remain a board priority, with effective action being taken to minimise the risk of financial crime incidents crystallising.