Written by Alan Entwistle on Friday March 23, 2018
In the wake of the Criminal Finances Act 2017, what is the future of financial crime policy management?
Within the realm of financial crime policy management, there is an established and traditional approach to responding to legislative evolutions. As required by regulations, the first and fundamental step is the establishment and maintenance of policies, controls and procedures to mitigate and manage risk (UK Money Laundering Regulations 2017). In line with this, the vast majority of firms will have put policies in place covering the following financial crime disciplines:
Some firms may cast the financial crime net a little wider and include a policy discipline for market abuse. Whatever the scope of the department, the characteristics of the policies created in response to legislation will be similar across industry. Each policy will:
This approach of responding to legislative change through creating new policies works. However, this discipline-centric approach to policy management is not absent of challenges. Recently, such a challenge was presented by the Criminal Finances Act 2017 which introduced the new corporate criminal offence of ‘failure to prevent the facilitation of tax evasion’ (the CCO), and a requirement for firms to evidence ‘reasonable prevention procedures’.
The traditional approach in response to the CCO would necessitate the introduction of a new standalone policy discipline with an appropriately pithy acronym for the supporting policy document – perhaps the FTPFTE Policy. However, this continuous creation of new policies presents sustainability challenges through:
Adhering to the traditional model will inevitably create a perpetually swelling tome of internal compliance documents and requirements. However, perhaps unintentionally, the creation of the CCO points to a simpler model which moves away from discipline-centricity. A model which is rooted within the customer journey and has the potential to unite existing disciplines in common cause.
Responding to the CCO
Prior to creating a new standalone policy discipline for the CCO, one should consider the attributes of the offence and the defence of ‘reasonable prevention procedures’ in the context of a firm’s existing financial crime policy suite, and wider risk disciplines.
The offence of facilitating tax evasion is, at its core, a dishonest and fraudulent act perpetrated by an associated person of the firm. This relationship of facilitation to the established discipline fraud highlights one of many dependencies an ‘anti-facilitation’ control framework will have upon existing policies and their associated control and compliance requirements. Where a firm has a fraud prevention policy, with specific requirements regarding internal fraud risks, that firm has a piece of the ‘anti-facilitation’ jigsaw to hand.
Following this logic, firms can start to piece together further financial crime policy requirements which contribute to the anti-facilitation control environment, for example:
To ensure a full picture of anti-facilitation controls is attained, a firm will need to look beyond financial crime policies to understand and leverage wider controls, such as:
This is not to say these controls and compliance requirements will immediately align to an anti-facilitation agenda. Some, such as training materials, will need to be enhanced so that they better reflect the desired messaging. However, in following this process firms can begin to piece together a network of pre-existing controls which can be enhanced and aligned to evidence the reasonableness of its anti-facilitation control network.
Such a networked approach negates the requirement to document a singular ‘policy’ as per the traditional model outlined above. Rather than a policy, a firm needs a map which can be produced to document, evidence and monitor the dependencies in place. Therefore, one must ask how best to draw that map so that the firm, colleagues and the regulator can clearly follow it.
Journey-Based Policy Management
Combatting financial crime can be (overly) simplified into four categories of institutional activity.
The final three categories of activity comfortably align to a simple customer journey:
Applying this model to the CCO enables a firm to document how facilitation risks may materialise through colleague/customer interactions through each journey stage. For example:
Once such risks are captured, all of the controls across the network (including those which extend beyond the immediate financial crime environment) can be categorised into those which aide the firm’s prevention, detection and response to facilitation risks. Through this process a firm will create its map of controls for ongoing monitoring.
The principles of Journey-Based Policy Management provide a foundation for a re-evaluation of traditional financial crime policy frameworks. As noted, current frameworks within firms will likely contain various siloed and discipline-based policies. Certainly, regulatory and legislative language implies a pluralistic approach to policy creation and management. However, in applying the Journey-Based model, a firm could seek to rationalise multiple discipline-centric policies into one holistic economic crime policy (ECP) which outlines the fundamentals of governing, preventing, detecting, and responding to economic crime risks across the customer journey. Such a revised approach would benefit front line teams by removing duplicative control and compliance requirements and leveraging cross-firm controls where appropriate. An ECP would encourage consideration of how risk disciplines interrelate and affect the firm, but also the network of interdependent controls which are aligned to managing economic crime.
The CCO challenges the traditional policy response to legislative developments. These challenges highlight how firms can begin to transition away from a siloed discipline-centric policy model, to a more unified and customer conscious policy. Fundamentally, Journey-Based Policy Management could enable a firm to clearly evidence how policy requirements are distinctly aligned to protecting the integrity of the customer journey.
This piece was written for ICA by Alan Entwistle, guest contributor to the #BigCompConvo
Alan has worked in numerous financial crime policy roles through a 10 year career in the industry, covering the disciplines of Fraud Prevention, Sanctions and Anti-Money Laundering. More recently he was responsible for leading the design and implementation of Lloyd’s Banking Group’s response to the new Corporate Criminal Offence of Failure to Prevent the Facilitation of Tax Evasion. Having previously completed the ICA Diploma in Financial Crime Prevention, he is now studying for his second ICA Diploma in Anti-Money Laundering.
If you would like to take part in the ICA’s Big Compliance Conversation and contribute to a like-minded community, please get in touch at firstname.lastname@example.org
Thank you. Your comment is awaiting moderation and should appear on the site shortly.
Required fields are not completed, please ensure all required fields (*) have been filled in properly.
You can leave the name empty should you wish to remain Anonymous.
Help and support
Alternatively contact us on: +44(0)121 362 7534 / email@example.com (Course information)
or +44(0)121 362 7533 / firstname.lastname@example.org (Enrolled learners)
or +44(0)121 362 7747 / email@example.com (Membership)
or +44 (0) 121 362 7503 / firstname.lastname@example.org (End Point Assessment)