In the letter, among other things the FCA criticised retail banks for failing to meet requirements set out in SYSC 6.3, the Money Laundering, Terrorist Financing and Transfer of Funds Regulations. They also listed actions needed in response to common control failings identified in anti-money laundering frameworks.
The deadline for banks to complete a gap analysis against each of the common weaknesses the FCA outlined was on 17th September 2021. smartKYC’s COO shares his extensive experience of how private banks use technology to automate stringent KYC checks and how it can be used to bridge the gaps the retail banking industry has.
Governance and Oversight
Referring to the blurring of lines between the first line business roles and second line compliance roles, the FCA noted:
“The implications of this are that first line employees often do not own or fully understand the financial crime risk faced by the firm, impacting their ability to identify and tackle potentially suspicious activity. It also restricts the ability of compliance personnel to independently monitor and test the control framework, which can lead to gaps in the understanding of risk exposure.”
We couldn’t agree more. The answer however is not to shift the KYC burden to the front office with current approaches, but to support them with the technology to do the heavy lifting. Why wait for compliance to perform the necessary due diligence checks when the front office can be alerted to any initial risk through using automated technologies like smartKYC? This is certainly a process performed within the wealth management sector where relationship managers run some initial checks on potential clients to determine if that prospect is indeed ‘onboardable’ at all.
With technology like smartKYC, you can also enforce a company wide policy where certain risks must be checked and not ignored, depending on what department is running the search. Nothing can be hidden or ignored without explanation.
Customer Risk Assessments
The FCA also noted that
“CRAs are often too generic to cover different types of risk exposure which are relevant to different types of relationships. For example, we don’t always see firms differentiate between money laundering and terrorist financing risks, or the differing risks presented by a correspondent banking relationship as compared to a customer undertaking trade finance activity …Finally, while firms tend to focus on the AML and sanctions risks posed by their customers, the assessment of other risks, for example tax evasion or bribery and corruption, is often overlooked..”
Given the breadth of regulatory and reputational risks that could be associated with a retail banking customer, technology today can identify and classify in forensic detail any risk it may discover, be it bribery & corruption, money laundering, fraud, civil offences or even ESG risk, as some clients are minded to include as screening criteria.
A big bugbear for us at smartKYC is the term adverse media even though one of smartKYC’s core functions is adverse media screening. What is adverse in the context of media? It is important to properly classify different categories of media and score them appropriately so the correct actions are performed by the bank depending on what is discovered. “Mr X has been linked to Al Queda” – mark as high risk and escalate to financial crime. “Mrs Y was fined for driving 10 miles per hour over the speeding limit” – mark as low risk and ignore. smartKYC can automatically make these classifications on the fly based on a bank’s own risk policy. Both snippets are adverse news but with vastly different severities and consequences.
The FCA also mentioned they;
“see instances where there are significant discrepancies in how the rationale for specific risk ratings are arrived at and recorded by firms. There is often a lack of documentation recording the key risks and the methodology in place to assess the aggregate inherent risk profile of individual customers.”
They added “while firms tend to focus on the AML and sanctions risks posed by their customers, the assessment of other risks, for example tax evasion or bribery and corruption, is often overlooked.”
Designing your adverse media screening requirements and properly defining what adverse means to your firm is an essential part of a firm’s financial crime controls and can be completely automated using AI solutions like smartKYC.
In the letter, the FCA noted that
“CDD measures are not adequately performed or recorded” and that “This includes seeking information on the purpose and intended nature of a customer relationship (where appropriate) and assessments of that information.”
They specifically highlighted that in some instances firms identified a Politically Exposed Person (PEP) relationship, but did not evidence an adequate assessment of source of wealth (SOW) and source of funds (SOF).
This can lead to circumstances where the origin and legitimacy of a customer’s wealth is not clearly understood or verified.
By using technology, a bank can now corroborate the client’s wealth by screening various open-source intelligence (OSINT) and other sources as a form of verification; extent of wealth, assets and crucial, the narrative that explains the accumulation of that wealth.
Banks today are making presumptions on who to do EDD on and who not to due to resource constraints. However, with technology, it is possible to perform EDD on all clients on a batch basis, regardless of their respective risk attributes, or systemise different levels of KYC based on their individual attributes such as nationality, career, amount of funds etc.
Although performing EDD on a tier one financial institution’s entire book of clients may have been impossible in the past, technology can remove most of the heavy lifting in performing such a colossal chore and the ultimate line of defence can now be achieved.
The added advantage is that a fuller understanding of the risk can inform the risk framework that banks adopt for ongoing KYC (i.e., in addition to other factors like high risk jurisdiction etc). This creates a more robust risk framework.
With technology, a bank can now program rules to dictate the frequency and depth of refresh cycles based on what is discovered at the onboarding due diligence phase of each client. In this case, it is the real risk that has been discovered that dictates monitoring cycles, rather than the bank making presumptions about risk.
Retail banks serve a wide variety of clients and KYC can and should look different to different types of clients. Although enhanced due diligence is more commonly conducted on clients within the private banking and wealth management industries, there are many cases when it is required in other banking sectors like retail and we believe technology should be used to automate these processes.
The regulator has made it clear that retail banks need to reassess all their processes and properly think about issues like the above.
Technology like smartKYC is here to help with any gaps retail banks may have in their financial crime controls. Technology can empower the front office without adding any extra workload. It can determine a client’s source of wealth effectively. It can enforce a true risk based approach and understand the full panoply of risk, be it fraud, bribery, tax evasion or reputational.
With money laundering taking many different forms these days and with the advent of artificial intelligence, we would argue that it is both prudent and entirely possible for retail banks to adopt a more enhanced form of due diligence on their clients, akin to the likes that private banks and wealth managers have been performing.