The review looked at six challenger banks in the UK, all which were relatively new to the market and offered a quick and easy application process to more than 8 million customers.
While the FCA identified several good practices, its conclusion was clear: “much more needs to be done overall to ensure that all firms in the challenger banks sector are identifying and appropriately managing financial crime risk.”
Here, we look at three key areas where challenger banks have fallen short of expectations and explain why the FCA said they need to do more:
“Much more needs to be done overall to ensure that all firms in the challenger banks sector are identifying and appropriately managing financial crime risk.”
1. Customer risk assessments and due diligence are not up to standard
At some challenger banks, the customer risk assessment framework was found to be either absent or not well developed. This paves the way to inadequate due diligence measures since, without a risk assessment, it’s not possible to effectively and proportionately mitigate the risks posed by each customer.
What’s more, while the banks fulfilled basic identification and verification requirements, most did not obtain full customer information to determine risk. Some failed to have the required customer due diligence procedures at customer onboarding, instead relying on transaction monitoring systems to flag higher risk customers at a later stage.
Notably, there were cases where the customer shouldn’t have been onboarded in the first place, where better controls and risk assessment may have avoided the need to eject these customers. Evidence was also found of inconsistent enhanced due diligence, with no formal documented procedure.
Ultimately, the shortcomings in customer risk assessments and due diligence reduced the effectiveness of transaction monitoring at these challenger banks.
What the FCA requires in practice: All firms subject to the Money Laundering Regulations (MLRs) must have systems and controls to identify, assess, monitor and manage money laundering risk. These must be comprehensive, kept up to date, and proportionate to the nature, scale, and complexity of a firm’s activities.
The FCA adds that firms must ensure they identify and collect the relevant information needed to have a complete picture of all the financial crime risks associated with the customer relationship. This is to manage potential risk indicators and to provide a meaningful basis for subsequent monitoring.
2. Transaction monitoring alert management is ineffective
The review uncovered several areas of inadequate transaction monitoring alert handling at challenger banks, including:
- Inconsistent and inadequate rationale for discounting alerts by alert handlers
- A lack of basic information recorded in the investigation notes
- A lack of holistic reviews of the alerts
- Transaction monitoring alerts not being reviewed in a timely manner due to inadequate resources
- Incomplete or inadequately documented investigations into identified fraudulent activity
What the FCA expects in practice: A firm must have adequate resources in place to holistically consider customers’ activity as part of its review of transaction monitoring alerts. This should include reviewing what the firm knows about the customer, including previous alerts and information it collected on the customer, including income, the nature and purpose of account and payment references.
3. Some SAR submissions are unhelpful
The FCA highlights that the quality of Suspicious Activity Reports (SARs) some challenger banks submit needs to improve. Examples of poor practice encountered include:
- Providing a lot of transactional data without clarifying why those transactions are suspicious
- Not being specific enough about the circumstances that gave rise to a suspicion of money laundering
- Reporting fraud and/or sending information about predicate offences, rather than suspicious activity related to the specific activity
- Untimely reporting following delayed reviews of transaction monitoring alerts, arising from inadequate resources in place
- Disconnect between compliance teams and the relevant function receiving court orders and processing SARS, allowing the subject to continue transacting
What the FCA expects in practice: Firms should refer to the appropriate UK Financial Intelligence Unit (UKFIU) publications when making a disclosure under the Proceeds of Crime Act (2002), in conjunction with the guidance issued by the Joint Money Laundering Steering Group (JMLSG) and the FCA’s Financial Crime Guide. It also reminded firms to consider their obligations for customer safeguarding through more appropriate channels, such as Action Fraud.
The FCA added that challenger banks should review its recent strategy, which sets out its expectations for financial services.
Discover how Napier complements challenger banks