Fighting financial crime: The progress and the challenges ahead

FSA Library
- Communication documents
  - Speeches

Speech by Philip Robinson, Financial Crime Sector leader, FSA
BBA Financial Crime Conference
6 December 2005

Introduction

The theme of my speech today is fighting financial crime: the progress and the challenges ahead:

The progress that we have all been making in learning how best to fight financial crime
The challenges that we all face: ensuring that our actions do indeed make a difference.

I will consider these in relation to all parts of the FSA's financial crime objective: fraud, market abuse and money laundering.

2006 should be a key stage in the evolution of the UK's financial crime regime, as a number of developments come together: the establishment of SOCA, Sir Stephen Lander's review of the SARs regime, and last – but by no means least - the JMLSG's new Guidance. As a result, I believe we are approaching the point we can all press ahead to deliver a significant impact on crime with a proportionate investment of time and effort.

And I cannot let today pass without a very special thank you to Jeremy Thorp, whose retirement is imminent, and whose tireless work, especially on the new Guidance, deserves all our gratitude. He has been a worthy ambassador for the JMLSG – and the BBA.

Risk and using intelligence to mitigate it

Let me begin by reminding you of the scale of the problem we face. The government's best estimate of the amount of money laundered in the UK each year is £25 billion – approximately the same as the turnover of, say, a major UK supermarket

So what does this vast sum tell us? Three things, I would suggest:

First, there is a huge amount of money being laundered in the UK. It’s big business, and inevitably this means that dirty money is flowing through your firms.
Second, it’s not going to be easy to spot that money where there is so much legitimate business flowing through the UK. After all we have the world's largest international financial centre
Third, this means that the challenge we all face is targeting our resources so that we get maximum marginal benefit

How then can we best target our efforts? This must start with good systems and controls. Firms need to have in place what I call the ‘good basics’, the sort of procedures that will help spot criminals who haven’t succeeded in behaving like honest customers: because they have unusual activity on their accounts; or take out products that don’t fit with what they have told you about their means.

But what about the cannier criminals, the more organised ones perhaps? How do we find those needles in our £25 billion haystack? And here intelligence-led targeting has to be the way ahead. For without it, how can we know where to look?

I'm not, of course, talking about turning your front-line staff into part of law enforcement. I'm talking about firms being prepared to share information with each other, and here there have been some encouraging developments over the last year. And I'm talking about law enforcement finding creative ways of passing intelligence to you. I'm not pretending that either of these is easy. But we have to recognise that without them, we will continue to leave the criminals with the advantage: they have no difficulty in sharing information, and they have very effective means of enforcement if they are let down.

There has been a good deal of progress. The Third EU Money Laundering Directive will lead to legal obligations over feedback. And we have the Serious Organised Crime Agency coming along, with a much wider remit for passing information to the private sector, and an explicit mandate, and the legal ability, to do just that.

Law enforcement are best placed to understand how criminals operate their businesses, and what criminals do with their money. And here the FSA has a crucial role to play in encouraging a flow of information to the industry. I am personally committed to the FSA being as active as possible in the intelligence arena. So, in our current business plan, we are committed to working with law enforcement to develop intelligence on the criminal money flows presenting the greatest risk to the UK.

The FSA has been investing resource in developing our relationships with our colleagues in law enforcement, making clear to them what intelligence is helpful to us, and, just as importantly, what intelligence we possess that might be helpful to them. We have encapsulated this in the first FSA Intelligence Requirements document which will be made available to law enforcement agencies in the New Year.

Law enforcement understand the criminals best. But the industry have the best understanding of the financial crime risks they face. That is why we have been working hard to ensure that our relationships, particularly with trade bodies, are as fruitful as possible. By tapping into their wealth of knowledge and understanding, we can marry information gained with intelligence gathered from other sources to create a clearer overview of the threats we need to tackle together.

Much progress then, within the FSA and law enforcement, over helping industry target its efforts. What are the key challenges that we face?

For us, to produce high quality material, or facilitate acces to others' material that can be used by firms as they make their risk assessments, tweak their monitoring systems, train their staff and so on. And for us to use this material ourselves to see how we can be more intelligence-led in our regulation;
For law enforcement in general, and NCIS and SOCA in particular, to spot what material they have that can help firms in their fight against financial crime and to get it into their hands. For NCIS, this means continuing to drive forward their programme of getting sanitised intelligence products out to the industry;

Formal intelligence products are by no means the only way in which the industry can target its efforts. I see anindustry becoming increasingly adept at deriving intelligence of its own – from material in the public domain, from interaction with law enforcement, from linking up the fraud and AML agendas, and so on.

Developments of this sort are much to be welcomed. I look forward to the day when they are much more widespread throughout the industry – and when firms are prepared to share the results with each other.

Fraud

Let me turn now to the fight against fraud, the progress made since the launch of the FSA’s policy on fraud last October and the challenges we all face in fighting the fraudsters effectively.

The key emphasis of our fraud policy is to work with the grain of the market, and to encourage a partnership approach to the fight against financial crime. We see our primary partners as: trade bodies and firms; law enforcement; Government; and consumers

Trade bodies continue to play a key role in providing examples of good practice and thus setting standards of fraud prevention. In particular, they are well placed to alert their members, and consumers, to new trends in fraud. I have spoken previously about the very welcome publication of the updated "Fraud Manager's Reference Guide" developed and published by the BBA and MHA. It is of obvious relevance to all the BBA's members. But other parts of the industry can learn from it too.

As I said earlier, I am encouraged by the steps taken to share data on fraud. CIFAS is co-ordinating work on sharing data on staff dismissed for fraud, and we are involved in work led by APACS on staff fraud. At our own financial crime conference last month, the FSA’s chairman Callum McCarthy raised the issue of data sharing. I am happy to say that the response to this has been encouraging, and we are facilitating meetings of interested parties in the public and private sector.

I call on individual firms to play their part. We need a climate where data sharing is the norm, and where reputational risk is not used as an excuse to keep details of frauds out of the public domain.

The message to consumers remains the same: take the steps you can to improve your defences against fraud, both at home and outside, and do not be tempted to commit fraud. But the onus should not solely be on consumers. The challenge faced by firms is to help raise consumer awareness. One example of this is the Home Office–led Identity Fraud Consumer Awareness Group, of which the FSA is a member. This group has been distributing a poster and leaflet aimed at consumers, in addition to its excellent website. Several banks have co branded the leaflets. I would encourage others to consider following suit.

One major High Street bank has recently piloted the use of two factor authentication to improve the security of on-line banking. I call on others to look for new and creative ways of working with consumers to improve the defences against fraud. We must all look at a range of tools to meet the innovations of the criminal.

I am encouraged by steps taken to enhance the resources available to law enforcement. The Dedicated Cheque and Plastic Crime Unit is now wholly funded by the banking sector. This is another example of collaborative working, and one which is working well. I was pleased to hear in July that the DCPCU had surpassed the landmark figure of £100 million in savings from fraudsters since its formation in 2002.

I have previously called on the Government to take the lead on developing a national fraud strategy. I am, therefore, very pleased to support the work of the Fraud Review. I sit on the Review's Steering Committee, and we are providing assistance to the Review team, which is based in our offices in Canary Wharf.

But the Review needs input from the industry. I hear anecdotal evidence of perceived barriers to fighting fraud within the industry – now is your chance to express those concerns and to make a positive contribution to shaping the future. If you don't make your views known to the Review team, you cannot expect to be heard.

Another encouraging development at Government level is the proposed single fraud offence, due to be enacted in England and Wales next year. This is a welcome development and will tidy up the often complex mixture of statute and common law which currently exists. The message this sends to the fraudster is that fraud will no longer be the soft option: prosecution will become more likely, and more convictions will follow.

I also want to take this opportunity to thank the BBA, BSA and their members for their response to the fraud issues over cheques made payable just to banks and building societies. As many of you will be all too aware, a fraud prosecution last year demonstrated the risks associated with such cheques if they fall in to the wrong hands. In the case in question, a financial adviser took cheques for investments, and asked his clients to make the cheques payable simply to the banks or building societies. He himself had accounts at those institutions, into which he promptly paid the cheques.

I am pleased that the BBA, BSA and ourselves will be able to announce tomorrow, a package of measures to reduce the risk of such a fraud being committed again. We have reached an agreement to phase out the acceptance of cheques drafted in this fashion in most situations by October 2006, thus reducing the scope for such fraud in future. We have come up with a package of proportionate measures: as with all other aspects of our regulation we do not expect zero failure, but we do expect efforts concentrated on the biggest risks. The challenge we must now face is to get the message across to consumers that they need to change their cheque writing habits.

I'm also pleased to report that we at the FSA are also making good progress to meet the challenge of ensuring that our staff have the skills they need on financial crime. Our financial crime e-learning package on fraud and money laundering has now been rolled out to all our staff. More specific workshops will follow in the New Year – we do not see training as a one-off event, and we expect firms to follow this lead. I am pleased that our e learning package is available to external users for a charge of just £40. And for several months we have been running a series of presentations to FSA staff by senior figures from the industry and law enforcement.

I have recently spoken about the work I commissioned on fraud governance, which is due to report in the New Year. The initial lessons are that senior management are beginning to recognise the risk of fraud to their businesses. There are encouraging signs in the banking sector that lessons are being learned from the misfortunes of others. For instance, IT security vulnerabilities were exposed in a Japanese bank last year. This, coupled with our own work on Information Security, has led many firms to consider their own vulnerabilities, and, I hope, to take steps to mitigate them.

The issue of staff fraud continues to provoke interest. The comments made by Callum McCarthy in his speech at our financial crime conference last month were widely quoted. His message about the dangers of insider fraud drew strong support from the industry and law enforcement about the vulnerability of the financial services sector.

The overall message for firms is that we will look to senior management to factor fraud risk identification and mitigation into their everyday thinking. Financial crime risk is one part of overall business risk. The challenge for senior management therefore is to take the lead in identifying and mitigating the risks they face, to ensure that they have systems and controls to deal with them properly, and that those responsible for managing the firm's financial crime risks have direct access to the top of the organisation, where appropriate. Our staff are now receiving the training which will enable them to test the thinking behind your approach to financial crime risk, and you can expect to be challenged if your financial crime risk strategy does not appear to be fit for purpose.

Market Abuse

I now turn to market abuse. On 1 July, the Market Abuse Directive was implemented across the EU. A major new feature of the regime is a requirement to report transactions suspected of constituting market abuse – The Suspicious Transaction Reporting Requirement. We have made clear that we are interested in the quality not quantity of suspicious transaction reporting and that defensive reporting is not acceptable. All very familiar from the SARs regime for money laundering. Our experience of the new regime is good so far – firms appear to be implementing it in a measured way without over reporting. A number of STRs have enabled FSA to take very quick action in response to possible insider dealing. This new, more risk based regime is a vital part of our campaign against financial crime.

As I said earlier, senior management responsibility is central to the FSA strategy for fighting financial crime. So I should draw your attention briefly to the recent high profile prosecution of two directors of AIT PLC for releasing misleading financial statements. This was the first time the FSA has prosecuted for market abuse and the two directors received a combined prison sentence of five and a half years. The FSA sees identifying and punishing significant market abusers as having a vital deterrent effect in maintaining acceptable market standards. We are therefore focusing greater attention on pursuing market abuse committed by institutions, whether involving market distortion or inappropriate use or disclosure of insider information by individuals within firms.

Money Laundering

Turning now to money laundering, I wish particularly to focus on two issues:

our commitment to the risk-based approach;
our "defusing the ID issue" initiative as an example of that.

Over both of these the challenge facing us all is to shift the emphasis to delivery on the ground. 2006 should be a year of significant change in industry practice. The challenge for us all is to make sure it is.

The risk-based approach

The risk-based approach has always been part of our financial crime strategy, and has increasingly become the driver of all we do. It underpinned the proposals about money laundering in our July Consultation Paper paper on reviewing the Handbook. Our Board has yet to take decisions. But it is clear from your responses that an overwhelming majority want us to focus on principle not prescription, stressing the importance of senior management and risk assessment and mitigation. And this we will do, whether this be within the framework of our ML Sourcebook or under new Handbook provisions.

The Handbook review relates to the standards that we expect of firms. As to our engagement with firms on the ground, our priority is to ensure that our supervision and enforcement practices are fully risk-based. I have already spoken about our commitment to training to deliver on this. A second element is seeking to dispel the sort of fear of the FSA that can get in the way of effective risk-based practice. As a regulator, we do need enforcement tools, and we need to be prepared to use them when appropriate. But we don’t want to use them unnecessarily. As I hope you will all be aware, I wrote last October to Ian Mullen as Chairman of the JMLSG to try to dispel the unhealthy aspects of the 'fear factor'.

I know that the JMLSG are thinking of including material about our position on the ‘fear factor’ in their new Guidance Notes, and I hope very much that they will. For I want the message to reach the whole industry: we don't expect you to run a mechanistic, zero failure regime. We expect firms to manage their financial crime risk as they manage other business risks. That means resourcing that activity adequately and putting resources where there is most marginal benefit, against the backdrop of their legal obligations. We are looking for: consistently engaged senior management; high quality systems and controls appropriate to each firm's risk profile; properly trained and equipped MLROs; measures to assure the quality of firms’ systems and controls; and effective delivery Together, these should produce an effective system.

Our enforcement action last month shows I hope that we are practising what we preach. And I hope also that if anyone hadn't realised the FSA was as concerned as ever about money laundering, they will realise now that they are wrong. In my letter to Ian Mullen that I mentioned just now I reiterated that it was our policy to use our enforcement powers in relation to money laundering compliance only when we found evidence of significant failures. This case involved just such a failure. The firm involved was introducing customers to a bank without providing the bank with appropriate information on who the customers were or where their funds came from. As a result, over £8 million entered the UK financial system through a bank which unwittingly did not have the information it needed to manage its risks. We fined the introducer £175,000 and its MD personally £30,000 for serious failings in anti-money laundering compliance. We have always made it clear that it is senior managers who are ultimately responsible for their firm's risk management. Where a firm faces high money laundering risk but they fail to introduce mitigating controls, senior managers can expect to be held personally responsible.

The Handbook review. Our work on the ‘fear factor’. The training of FSA staff. All ways in which the FSA have moved forward the risk-based agenda. So what about the industry? What I see is this. The risk-based approach over financial crime is still fairly new. Experience of other risks shows that mitigation techniques evolve significantly over time, as we learn what works and what does not. But the responses to our Handbook review suggest that the will is there in the industry to move forward. And there is plenty of risk-based practice already out there. Your Current Customer Reviews are a prime example. You’ve not verified the ID of all your customers, you’ve concentrated on those where the risks are higher. The challenge now? Empowering you so that you can deliver, and then your actually delivering. I’ve already outlined how we are empowering you. And the JMLSG too are of course doing their bit. Let me quote:

"In developing its policies, procedures, and controls, a financial sector firm should be aware of the different vulnerabilities of financial products and services and the associated risks of money laundering. Firms should tailor their policies and procedures according to the perceived risks"

And that is in the current version of the GNs, not the 2006 version.

The new Guidance will be a blueprint for a more focused and more efficient regime, in which firms' internal processes and controls are more appropriately aligned and proportionate to the risks involved.

‘Defusing’ the ID issue

Let me look at one key aspect of the ‘risk-based approach’, and the one that has had the highest profile in recent years – ID. Last April I announced that we would lead a major initiative to ‘defuse’ the ID issue. We wanted to achieve:

more situations where a single document would suffice as proof of identity:
a recognition that in certain circumstances confirming identity electronically is just as effective as using documents, if not better;
a reduction in unnecessary duplication of ID checks in relation to the same business;
a better range of ID check options for use in relation to those ‘financially excluded’ people who don’t have documents like passports or driving licences;
better data capture and record-keeping, so that law enforcement get what they need out of the ID process; and
better communications to customers about the reasons for ID checks.

Where have we got to? We have done our part, with the defusing the ID initiative; the JMLSG are doing theirs, with flexible new Guidance. Now it is up to firms to deliver their part: first by taking advantage of the new Guidance to have an ID system that is effective in helping deter and detect crime, but causes the minimum of inconvenience to honest customers; secondly by ensuring that their staff on the front-line are fully aware of this new approach and are equipped to deliver on it; and thirdly by paying particular attention to the procedures for handling the types of customer who have the most difficulty in opening accounts – those without passports, driving licences, credit records, proofs of address.

So the challenge for firms is this:

to review their ID practices to ensure that they are consistent with the new Guidance or if not are appropriate given the risks to which they are exposed.
to communicate effectively to customers the reasons for ID and what it involves.
on financial inclusion, to ensure that ID checks should not be a stumbling block for law-abiding people seeking access to the financial system, as it has been in the past for a small minority of customers.

We see the Guidance as a key element in the UK fight against money laundering, and as a resource on which all firms can draw in terms of designing their defences and checking that they work. The JMLSG have announced that from now on the Guidance will be available free of charge on their website, so much of the cost constraint in making use of it falls away. I have to say that I find it difficult to see now how firms will be able to maximise their contribution to the fight against money laundering and terrorist financing without at least making reference to the Guidance.

But of course knowing the theory takes you only halfway there. The challenge now is to move the emphasis to practice. The new Guidance is a golden opportunity for firms to review and where appropriate revise their procedures and internal controls: to make life easier for their honest customers and harder for the criminal. I very much hope firms will rise to the challenge. Firms should already be thinking through what a more risk-based approach will mean for them. And I know some of you are already gearing up to change your ID practices, and will be quick off the blocks when the new Guidance is published. Once the Guidance comes into effect our supervisors are sure to be interested in whether firms are equipped to do this well.

Conclusions

The UK has some of the most successful financial markets in the world. We have a reputation for doing clean business. Your firms provide first-class financial services. Ironically all these things attract criminals to London.

Given our financial crime objective, the FSA will always take a close interest in the financial crime risks firms face, where they come from and how they can best be managed. As financial crime sector leader, I have been appointed to make sure we do just that.

Firms, too, need to play their part ever more effectively if we are to get more crime prevention and reduction from their investments to target their efforts, confident that the FSA don’t expect zero failure. That is what the risk based approach is all about. As I said earlier, we all need to make 2006 a major milestone in our risk-based journey.

Everyone I have mentioned today, firms, consumers, the regulator, law enforcement and Government, has a part to play in meeting the challenges of delivery in 2006. We all have to rise to the challenges the criminals have set us, and will continue to set us. If we do not work together to defeat them, then they will defeat us. So let us rise to that challenge, and work to fight financial crime together.

More Speeches: