On 13 November 2018 the UK Financial Conduct Authority (FCA) published its inaugural report analysing data gathered from over 2,000 firms - including all UK-based banks and building societies - in response to the FCA’s first financial crime survey. For the first time, the report presents a collective snapshot of the financial crime risks facing the UK’s financial services sector. Some of the more notable findings from the report are set-out below:
- Out of a total of approximately 549 million customer relationships held by firms submitting data, firms identified relationships with only 120,000 PEPs (politically exposed persons – individuals who are entrusted with prominent public functions, other than as a middle-ranking or more junior officials1) and 1.6 million other ‘high-risk customers’ (customers categorised as high-risk for reasons other than the customer being a PEP or a non-EEA correspondent bank, who are subject to enhanced customer due diligence measures). Overall, these customers represent a tiny proportion of the total customer base: only 0.02% of all customer relationships were identified as PEPs and 0.23% as other high-risk customers.
- Staff at all levels, and automated systems, escalated 923,000 cases relating to suspicion or knowledge of money laundering internally during the period for which firms submitted data.2 After investigation, 363,000 of these cases were reported to the UK National Crime Agency as SARs (suspicious activity reports) by firms’ Money Laundering Reporting Officers. In addition, 2,100 terrorism-related SARs were made by the firms surveyed.
- During the same period, firms refused to provide services for a total of 1.15 million prospective customers and exited 375,000 existing firm customers for financial crime-related reasons.
- Iran, Panama and Russia were ranked first, second and third respectively on a list of the jurisdictions most frequently considered to present a high financial crime risk (whether for financial sanctions breaches, fraud, bribery or money laundering risk) by firms jointly supervised by the FCA and the Prudential Regulation Authority (i.e. banks, building societies, investment bank and life insurers). Though the FCA was eager to emphasise that this jurisdictional ranking does not represent its opinion (and should be read for what it is; an aggregation of industry views), the ranking should complement other existing publicly available rankings of jurisdictional risk, such as Transparency International’s Corruption Perceptions Index, that are focused more narrowly on corruption in the public sector.
- Firms were asked to cite the most prevalent frauds that the FCA should be aware of. Cyber-enabled crime was a significant concern, with four of the top five most frequently mentioned frauds (identify fraud and theft, phishing, computer hacking and malware-enabled fraud) facilitated by computer technology. This fraud risk dovetails with the FCA’s current areas of focus. Megan Butler, the FCA’s Executive Director of Supervision – Investment, Wholesale and Specialists, delivered a speech only last week that emphasized the critical importance of cyber-resilience within the UK’s financial services sector, and in particular the need for firms to implement appropriately tailored systems and controls. The adverse consequences of failing to do so were recently laid bare by the £16,400,000 fine imposed by the FCA on Tesco Personal Finance plc for failing to exercise due skill, care and diligence in protecting its personal current account holders against a cyber-attack that took place in November 2016.
Though only in its first year, the report’s consolidated overview of the financial crime risks faced by the UK financial services industry will be of use to all firms in the industry, policy makers and other UK government agencies, aside from the FCA, that are tasked with monitoring and/ or combating financial crime. Its usefulness is also likely to increase materially next year and each year thereafter, as the data set grows, and year-on-year trends and patterns can be discerned.
2 Firms submitted their returns covering 2017 on their accounting reference date, providing data for the previous 12-month period. Not all figures submitted will therefore cover the same 12-month period.