FCA warns challenger banks in thematic review

Written by Teodora Harrop, FICA on Monday August 22, 2022

Few could counter the claim that challenger banks have added demonstrable value to the financial services landscape over the last few years. Their provision of innovative, frictionless solutions to consumers and businesses alike has injected new life into the industry, revealing the depths of innovation and creativity that have always characterised financial services.  

Yet in the race to evolve and compete with their long-established cousins, challenger banks appear to have focused the bulk of their efforts on attracting a large consumer base – something which does not come without concerns.  

In April 2022, the UK’s FCA published a thematic review, highlighting a range of financial crime issues that required remediation. One of the central motifs of the FCA report was that key financial crime controls have either lagged behind and/or not kept pace with legislative and regulatory requirements. 

These issues, however, were not isolated to challenger banks, with some traditional financial service providers also identified as having problems evidencing financial crime compliance. Indeed, penalties issued by the FCA in 2021 ‘have increased nearly four-fold to £577 million this year, with high street banks being the largest contributors’.1 

New firms, traditional findings

Below, I provide an overview of the FCA’s most revealing findings. It is worth noting that most of these have been highlighted by the FCA in other contexts, for instance when issuing enforcement notices.2

• Due diligence 

The customer risk acceptance and the application of the risk-based approach to inform the level of due diligence required was highlighted as an area requiring improvement. This was a somewhat surprising finding, given the innovative approaches at onboarding adopted by many challenger banks. 

• SARs submissions 

The issues identified related, in part, to the quality of the suspicious activity reports, but also to the fact that significant number of reports were sent ‘when exiting customers that did not fit their documented risk appetite’. This seems to be linked closely to the fact that onboarding due diligence did not appear to correctly identify the risks posed by customers. 

• Transactions monitoring alert management 

The main concerns raised related to record-keeping and the timeliness of reviews, both of which affect the ability to file prompt suspicious activity reports.  

What is interesting is that large, well-established financial institutions also had trouble with their transactions monitoring systems. HSBC was fined nearly £64 million in 2021, despite significant financial and human investments committed to enhancing their transactions monitoring programme. A range of concerns, including scenario coverage, setting the correct parameters and checking the accuracy of the data, were all identified by the regulator as requiring substantial improvement. 

• Notifications to the regulator 

In line with the ‘Principle 11’ (‘open and honest relationship with the regulators’), significant financial control failures must be notified to the regulator. The FCA provided one example to highlight this problem, where internal audit identified that several areas of a firm’s financial control framework were not fully compliant with the UK Money Laundering Regulations, but that this was not reported. 

What can banks do?

The publication of the thematic review appeared to be something of a regulatory initial warning, an urging to banks to prioritise financial crime matters. The FCA has already provided practical suggested steps in an attempt to address this; some further thoughts on key measures from a practitioner’s perspective are summarised below. 

• Develop a financial crime programme that is tailored to the bank, its strategy and its risk appetite.  
• The executive team must sponsor this programme and be committed to support staff at all levels, with the MLRO having a key role in the success of the financial crime programme. 
• Enhance the customer risk assessment and due diligence processes. 
• Leverage the use of technology already in place to enhance the due diligence process. 
• Be committed to an open dialogue internally, and with the regulator. 
• Design and deliver an effective programme of integrated assurance, making sure that the three lines of defence model delivers demonstrable value. 
• Training remains the cornerstone of an effective financial crime programme.  

It is worth highlighting some of the deficiencies identified, to inform the approach required to build employee knowledge. 

For example, issues identified with regards to transactions monitoring can, in part, be addressed by providing robust training and having a strong process for knowledge sharing and communication: 

• inconsistent and inadequate rationale for discounting alerts by alert handlers   
• a lack of basic information recorded in the investigation notes 
• a lack of holistic reviews of the alerts 3 

Improving the quality of SARs can also be enhanced by ensuring that the team reviewing SARs is fully trained, prioritising issues highlighted by the regulator: 

• some challenger banks provide a lot of transactional data without clarifying why these transactions are suspicious   
• some SARs are not specific enough about the circumstances that gave rise to a suspicion of money laundering 
• some SARs are incorrectly used to report fraud and/or send information about predicate offences, rather than suspicious activity related to the specific activity that creates reasonable suspicion of funds being the proceeds of crime 4 

The Consumer Duty lens

As we know, the regulatory landscape is evolving quickly, and as a result, all programmes of work underway to remedy the issues identified in the review of challenger banks should also be considered through the Consumer Duty lens.  

This is by far the most far-reaching regulatory development that we have seen in recent years, with the FCA recognising that this will require a ‘significant shift’ in culture and behaviour.  

For example, the new Principle 12 requires firms ‘act to deliver good outcomes for retail customers’, with the ‘cross cutting-rules’ setting out the requirements that must apply throughout the consumer journey.  

Despite implementation of the Consumer Duty being nearly 12 months away, any firm designing a financial crime programme must develop an implementation plan, which includes enhancing their processes to evidence that they: 

• Act in good faith towards retail customers  
• Avoid foreseeable harm to retail customers  
• Enable and support retail customers to pursue their financial objectives 5 

Developing and implementing a financial crime programme is not a ‘one off’ exercise – it requires regular reviews and fine tuning, considering both internal controls and customer outcomes. 

You may also like to read:

• 5 tips for handling SoF/SoW
  
• SARs reporting in the service sector
  
• Compliance must be a force for good
  

References:

1. Sonia Rach, ‘FCA fines increase nearly four-fold’, Financial Times, 20 December 2021:  https://www.ftadviser.com/fca/2021/12/20/fca-fines-increase-nearly-four-fold/ – accessed August 2022 

2. FCA, ‘Financial crime controls at challenger banks’, April 2022: https://www.fca.org.uk/publications/multi-firm-reviews/financial-crime-controls-at-challenger-banks#lf-chapter-id-key-findings – accessed August 2022 

3. FCA, ‘Financial crime controls at challenger banks’ 

4. FCA, ‘Financial crime controls at challenger banks’ 

5. FCA, ‘CP21/13: A new Consumer Duty’, July 2022: https://www.fca.org.uk/publications/consultation-papers/cp21-13-new-consumer-duty – accessed August 2022