Following a review by the Financial Conduct Authority (FCA) in the United Kingdom, challenger banks must improve how they assess financial crime risk. The FCA found that some challenger banks failed to carry out even basic customer checks.
The FCA discovered that some newcomers to the industry did not bother to check their customers' income and occupation. The regulator discovered that challenger banks did not have customer financial crime risk assessments in place in some cases.
The review, which took place over the course of 2021, followed a national risk assessment of money laundering and terrorist financing conducted in 2020, which found that criminals may be attracted to challenger banks' fast onboarding process, particularly when setting up "money mule" networks to facilitate money laundering.
Because of the sector's typical focus on using smarter technologies to facilitate transactions more quickly, easily, and cheaply while neglecting to put procedures in place to ensure compliance, challenger banks have already been on the FCA's radar for increased money laundering risks.
"Challenger banks are an important part of the U.K.'s retail banking offering," Sarah Pritchard, executive director of markets at the FCA, said in a statement. " ."
Challenger banks, which were relatively new to the market and offered a quick and easy application process, were the focus of the review of financial crime controls. The FCA noted that this included six challenger retail banks, the majority of which were digital banks with more than eight million customers.
Governance and management information, policies and procedures, risk assessments, identification of high-risk/sanctioned individuals or entities, due diligence and ongoing monitoring, and communication, training, and awareness were all covered in the audit.
While the regulator discovered some examples of good practice, such as the innovative use of technology to quickly identify and verify customers, the number (and scope) of failures was significant.
The FCA discovered that financial crime resources did not always grow in lockstep with business growth, and that some challenger banks did not consistently apply enhanced customer due diligence or document it as a formal procedure to use in higher-risk situations, such as when dealing with politically exposed persons.
According to the FCA, some banks' customer risk assessment frameworks were not well developed and lacked sufficient detail, and some did not even conduct a customer risk assessment.
Banks' internal control frameworks were also unable to keep up with changes in business models due to ineffective management of transaction monitoring alerts and weaknesses in the effective management of financial crime change programs, according to the regulator (as well as risks).
The FCA was also concerned about the rising number of suspicious activity reports (SARs) filed by challenger banks, as well as the quality of the reports. Some banks, for example, provided transactional data without explaining why the transactions were suspicious, and some SARs were misused to report fraud and/or send information about offenses unrelated to the proceeds of crime.
Following the FCA's review, challenger banks that had material issues established remedial programs to address the regulator's concerns. The FCA said it has used a variety of regulatory tools to mitigate the risks it has identified, including appointing skilled persons.
The FCA's findings did not surprise financial crime experts.
"There is a need to dig deeper rather than just tick boxes," said Neil Williams, deputy head of complex crime at Reeds Solicitors.
According to Matthew Corn, a serious crime specialist at criminal defense firm Olliers Solicitors, the FCA's announcement last week that it had used its powers under the Proceeds of Crime Act to force fintech firm QPay Europe to forfeit 2 million pounds (US $2.5 million) allegedly linked to a U.S.-based wire fraud conspiracy shows that "there is likely to be increased regulation of the fintech/challenger bank sector as it develops further."
The QPay case, as well as the FCA's review, "is a salutary lesson to fintech and challenger firms not to apply to be regulated if they do not have robust anti-money laundering (AML) controls," said Sara George, a white-collar crime partner at law firm Sidley Austin.
According to Sean Curran, a partner at Arnold & Porter, challenger banks must prioritize compliance. He went on to say that this could jeopardize their business models.
"The nature of [know your customer]/AML checks has evolved significantly over the past couple of years, especially with the increase in non-face-to-face verifications,” he said. “This has meant firms within the sector have had to tight-walk between ensuring the commercial viability of the business versus the need to have robust financial crime controls in place," he said.
By fLEXI tEAM