Key considerations on how financial services firms can cut through theory to focus on what regulators actually test when assessing financial crime frameworks.
“Does your financial crime framework really work under pressure – and can you prove that to the regulator?”
It’s a tough question for firms to answer. In almost every instance of failure identified by the FCA, the underlying causation is often rooted in poor governance, a lack of senior management and leadership engagement, insufficient ownership of issues, cultural challenges, and a misunderstanding of how frameworks operate in practice.
In our recent webinar with Avyse Partners and ID-Pal, a poll of 493 senior financial services leaders highlighted the areas they consider the most difficult to evidence. The results indicated that the belief that ‘controls genuinely prevent financial crime’ was the leading concern. In second place was ‘identifying controls that stop bad actors, not good customers’, followed by ‘MI that drives real action’.
As an outcomes-based regulator, the FCA is primarily interested in whether your framework works – and how it delivers genuine risk mitigation. While policies and procedures must be in place, it is this focus on efficacy that is critically important.
In this paper, we discuss the similarities, overlaps, and lessons to be learned from recent fines and enforcement actions, alongside:
- Why firms need an engaged and highly competent workforce to escalate and challenge when something is amiss.
- Why governance is only as strong as the information it receives.
- The FCA’s desire to see Management Information (MI) that measures genuine effectiveness, rather than just volume of activity.
- How gradually normalising risk masks weak controls and can lead to catastrophic failures.
- Addressing the common misconception that possessing documentation is the same as having a framework that stops crime.
