Main Image Credit Courtesy of kloniwotski/Wikimedia Commons
This Policy Brief examines how the FCA should work with its regulated populations to be more data-driven, innovative and apply risk-based supervision.
In recent years, the UK Financial Conduct Authority (FCA) has committed to delivering enhanced anti-money laundering (AML) supervision ‘through greater use of intelligence and data’. This commitment has been made against the backdrop of a regulated environment that is rapidly transforming due to shifting market conditions and new regulations such as the EU’s 2018 Payment Services Directive II which promotes the development and adoption of new financial services and products. While innovation positively impacts the financial industry, it is making it easier for criminals to bypass the traditional financial system, transferring dirty money from legitimate-looking entities to criminals. Thus, financial technology firms (FinTechs) and ‘challenger’ banks have been a focus of the FCA, as evidenced by its review of the financial crime controls in challenger banks published in April 2022.
To better understand the challenges and concerns that more technologically advanced institutions face regarding supervision, this Policy Brief summarises findings from 20 virtual interviews conducted with risk practitioners and professionals. The research identifies four key issues:
- Misalignment between supervision strategy and wider adoption of regulatory technology (RegTech).
- Lack of communication and trust between the regulator and regulated entities with regards to risk and risk appetite.
- Inadequate segmentation of the supervised population.
- Weak AML/counterterrorist financing (CTF) data quality, lineage and governance.
This Policy Brief makes a series of recommendations to address these four key challenges.
FCA Supervision and RegTech
- The FCA needs to address skills gaps to enable its supervision team to assess, challenge, validate and supervise data, models and/or algorithms used to calibrate RegTech tools adopted by financial institutions.
- The FCA should develop a framework to assess and evaluate RegTech solutions adopted by financial institutions to prevent future risks from materialising.
Understanding and Communicating Risk and Risk Appetite
- The FCA should develop a mechanism that supports financial institutions in better communicating and articulating their money laundering/terrorist financing (ML/TF) risks, thus providing greater assurance that they do understand their risks.
- The FCA should develop guidance on how it assesses whether a risk-based approach (RBA) has been adopted by financial institutions.
- The FCA should develop a mechanism that supports financial institutions in better communicating and articulating risk appetites while minimising its own exposure to liability and credibility risk should a ML/TF event occur.
- Financial institutions should develop and articulate their RBA alongside their appetite for ML/TF risk. This needs to be communicated to the regulator.
FCA Segmentation of Its Supervised Population
- Research should be undertaken on innovative firms to assess whether their risk profile – and thus the classification of innovative entities within the FCA’s retail bank portfolio – is accurate, complete and up to date.
AML/CTF Data Quality, Lineage and Governance
- The financial crime report that institutions provide to the FCA, the REP-CRIM, should be reviewed and assessed to ensure that the data it collates provides the FCA with the information necessary for a better understanding of financial institutions’ residual ML/TF risks.
- The FCA should evaluate and assess innovative institutions’ financial crime data management to identify any weaknesses and gaps that may result in inaccurate and/or incomplete risk assessment and reporting.
Dr Noémi També
Associate Fellow; Independent Financial Crime Consultant and Researcher