Philip Robinson

Related information

Read further information on Financial Crime

 

The financial crime sector

 

Speech by Philip Robinson, Financial Crime Sector Leader, FSA
City & Financial 6th Money Laundering and Financial Crime Conference
6 June 2006

I am delighted to be speaking at the City and Financial Money Laundering and Financial Crime conference again this year.

Today I want to talk about the steps we have taken over the last year to help make the risk-based approach to financial crime a reality and I also want to talk about the future – what our vision is for the next few years and how we see firms’ senior management playing a vital role in that.

The AML regime

This is a very important time for the UK's anti-money laundering regime. The new JMLSG Guidance and the reform of the money laundering material in our Handbook have demonstrated our commitment to moving away from prescription towards a framework which allows firms and the regulator to refine their processes and focus their resources on areas of real money laundering risk. This will make life more difficult for the criminals who seek to infiltrate the financial services industry to commit crime and facilitate their activities and we hope it will also minimise inconvenience and cost, both for the firms we regulate and the consumers we are responsible for protecting.

With this risk-based framework now in place, we have a real opportunity to make a difference but this is not possible without the co-operation of the firms we regulate or, particularly, firms’ senior management. Today, I want to challenge senior managers to take advantage of the improved regime if they have not already done so. This means taking a step back, assessing the money laundering risk in your firm, looking at where your current policies and procedures don’t quite mitigate those risks and driving through any necessary changes.

I know that many firms have been operating a risk-based approach to money laundering and other types of financial crime for some time so there may not actually be that much for you to do. But we would expect that by the end of August, when our new Handbook provisions take effect, you would at least have taken account of the new JMLSG Guidance and ensured that the systems you have in place are risk-sensitive and effective to counter the risks you face.

Back to topBack to top

The recognition of social harm and its effect on the impact of risks

Like any organisation, the FSA has limited resources – we have around 2,800 staff and 26,000 firms to regulate – so we need to focus our resources on the areas where they can deliver the greatest value. In the same way, market forces encourage firms to invest resources to ensure the greatest possible return on the capital employed. But whereas a firm can generally measure benefits quite easily, at least in terms of their bottom line, the FSA as a regulator needs to think in terms of assessing the extent of the market failure and estimating whether intervention will promote the public good. Assessing the cost to society of market failure, when it is a question for example of quantifying social harm, is not always straightforward.

When the FSA looks at a financial crime risk, we want to know two things;

  • What is the probability of this risk crystallising? and
  • What is the impact on our objectives if this risk does crystallise?

The first of these questions is tricky enough, but the second can be a real mindbender. After all, how do we judge the impact of, say, just £1,000 of dirty money being laundered through our financial system?

Certainly, there is a direct impact on our financial crime objective to reduce the extent to which firms can be used for purposes connected with financial crime. But how much does £1,000 matter?

What if that £1,000 is used to buy illegal drugs and those drugs find their way on to the streets of the UK? What if a drug addict burgles a house to buy those drugs? What if the end user of the drugs takes an overdose and dies?

Let's look one step further. What if the dealer then channels his profits from selling drugs through our financial system again and this time uses them to buy weapons for a gang committing an armed robbery like the one in Tonbridge?

Worse still, we saw very clearly in London last July the extent of social harm that can be caused by a small amount of money in the hands of determined terrorists. So what if that £1,000 I mentioned is channelled into a terrorist cell and people are killed – what is the impact of that £1,000 then?

What we have to ask ourselves as the regulator is whether it is appropriate for the FSA to take these effects into account when assessing the risks to our financial crime objective. The answer to that question is most certainly ‘yes’. When considering the risks posed by money laundering and indeed all financial crime to our objectives, it is right for the FSA to consider the social harm where the market will not necessarily deliver the outcome that is best for society.

Back to topBack to top

What does this mean for firms?

So what does that mean for a firm following a risk-based approach and why do we insist that senior managers are risk-based in the way that they tackle money laundering?

Well, for too long, the AML regime – by which I am talking about the international regime of law, regulation and the rest, not just the actions of the FSA and the firms we regulate - has been unduly focused on inputs rather than outputs. Certain basic processes – identification, monitoring, reporting, training, for example – had come to be seen as the be-all and end-all of a sound AML programme. However, these processes are not an end in themselves. We must not lose sight of the fact that the purpose of our AML regime is to help in the fight against crime; crimes that create real and serious social harm like drug-dealing, people trafficking, fraud - and terrorism.

It is therefore essential that the resources that we – and by ‘we’ I mean firms, law enforcement and regulators – invest in AML are invested as effectively as possible – to get the best possible bang for our anti-money laundering buck. This can be achieved only if everyone concentrates resources on the areas of greatest real risk, the places where our intelligence tells us that money launderers and those that finance terrorism lurk. That is what the Risk-Based Approach is all about and it lies at the heart of our anti-money laundering regime.

Let's think about this for a moment from an economist's point of view. If we can continue to improve the regime and target more and more effectively the weak points in the system, then we can ensure that each time the criminals launder their dirty money through the financial system, it costs them a little more to get it back clean. This should cause a reduction in profits from the underlying illegal activities and that, in turn, should shift supply curves in the fundamental criminal markets that produce the dirty money in the first place. These are markets for drugs, markets for people trafficking and forced prostitution, markets for robbery and fraud, and markets for terrorism.

When I spoke at this conference last year, I identified five key areas where we were looking to work further to strengthen our regime. These were the overall AML framework, the knowledge of our supervisory staff, the Third EU European Money Laundering Directive, our intelligence function, and senior management responsibility.

One year on, what progress have we made?

Back to topBack to top

AML Framework

As I mentioned at the beginning of my speech, we have done a great deal of work to ensure that we get the UK’s AML framework joined up and into shape to encourage firms to focus on the areas of the greatest risk, rather than worrying first and foremost about whether or not they are complying with the FSA’s rules and the possibility of regulatory action.

The Joint Money Laundering Steering Group’s new Guidance, endorsed by the Treasury earlier this year, is key to the evolution of our AML regime and I look forward to hearing Martin Hall talk about the important implementation stage that firms now face and which I encourage you to note carefully. The new Guidance gives firms a golden opportunity to revise their processes to shift the focus from inputs to outcomes.

To take advantage of this opportunity, we have already revised the FSA’s Handbook by deleting entirely our detailed money laundering rules and replacing them with high-level provisions.

These provisions – which, as you might expect, are contained in the module of our Handbook that sets out the key obligations for senior management – set out clearly that we expect a risk-based approach with strong senior management buy-in and responsibility. In particular, the new provisions require firms to:

  • ensure that their systems and controls enable them to identify, assess, monitor and manage their money laundering risk;
  • make one or more specific directors or senior managers responsible for meeting their objectives on money laundering systems and controls; and
  • appoint, as required previously, a Money Laundering Reporting Officer or ‘MLRO’ to oversee the firm’s AML activities. Firms will continue to need FSA approval for the person put forward to be MLRO.

This less prescriptive approach puts a clearer focus on senior management responsibility for AML systems and controls and on the need for firms to manage real money laundering risk. Firms and senior managers now have the flexibility to implement systems and controls in the most appropriate way for their firms, allowing for more efficient and effective risk-based defences against real money laundering risks. In addition, it creates a better fit with the relevant primary and secondary law and the industry guidance. The old sourcebook duplicated matters covered by the Proceeds of Crime Act 2002, the Money Laundering Regulations 2003 and the JMLSG Guidance.

As many of you will be aware, this shift is consistent with the overall move by the FSA to a more principles-based approach to regulation as part of our Better Regulation agenda. As John Tiner said in a recent speech on Better Regulation, ‘the focus shifts from the means to the end. And, by taking a more overtly risk-based approach to our assessment of whether firms are operating in line with these principles we should create incentives for firms to do the right thing in return for a regulatory dividend – that is less regulatory intervention.’

Now, as many of you will know, I wrote to the JMLSG’s Chairman in April setting out how we see the JMLSG Guidance fitting in with the FSA's supervisory approach. I made it clear once again that we do not expect a ‘zero failure’ outcome from firms: a genuine risk-based regime cannot deliver zero failure. What we do expect, though, is an outcome where regulated firms understand the real money laundering risks in their business, whether those risks arise from their products, their delivery channels, their customers or the jurisdictions in which they operate. Having identified their risks, firms need to have adequate and proportionate systems in place to manage them effectively rather than to treat money laundering as a purely compliance issue with long lists of boxes that need to be ticked.

To help firms achieve this, we have been working hard to dispel the so-called 'fear factor', where firms worry more about falling foul of some prescriptive regulatory requirement rather than working to mitigate real money laundering risk. When I wrote to the JMLSG, I stated that if a firm is not mitigating its risks effectively, the FSA will take appropriate action. But I stressed too that we will always aim to use the most appropriate regulatory tool, and this will often mean working through informal supervisory intervention or through our risk assessment process. Only in situations where there is a significant or persistent failure within the firm will we consider enforcement action.

Back to topBack to top

The role of senior management in implementing a risk-based approach

Our new provisions stress the importance of senior management responsibility. But in fact we have always made clear that it is senior managers who are ultimately responsible for their firm's risk management. Where a firm faces high money laundering risk but they fail to introduce mitigating controls, senior managers can expect to be held personally responsible. A recent example of this is the action that the FSA took last year against Investment Services UK Ltd, where we fined the firm £175,000 and its MD personally £30,000 for serious failings in anti-money laundering compliance.

It is absolutely essential that the risk-based approach to AML has senior management buy-in. Senior management must have overall responsibility for every part of the firm's AML systems and controls.

We expect senior managers to have a good understanding of the money laundering risks to which their firm is exposed and to have oversight of the risk assessment process. Some argue that money laundering risks are inherently opaque because criminal activity is, by definition, hidden and that making accurate assessments of those risks is a difficult and frequently flawed process. To them I say this: We accept that money laundering risks are difficult to assess. After all, money launderers and those who finance terrorism are not known for publicising the nature of their business. It is however, quite possible for firms to distribute customers, products and transactions along a spectrum of risk.

For example, most people would understand that a Child Trust Fund presents a lower ML risk than a private banking account, or that a customer from a country where corruption is rife is a higher risk than a customer from a country with a good anti-corruption reputation and first class AML regime. Using this type of risk assessment as a starting point, firms should be able to adjust the level of AML intensity whether it be in terms of the depth of identification, the level of know your customer, the frequency and depth of monitoring and so on.

This risk assessment process will become more accurate over time as a firm’s own understanding of its risks improves and as it gains intelligence from other sources such as FATF typologies, information from Government, law enforcement agencies and data sharing with other firms and trade associations. These resources should assist firms to refine their risk-based systems in an increasingly effective manner. We for our part will continue to encourage the types of information sharing that will promote better risk assessment.

We therefore very much welcome the arrival of the Serious Organised Crime Agency, with its concentration of intelligence and enforcement resources and the fresh approach set out not only in the Serious Organised Crime and Police Act, but also in much that we have heard from SOCA's leadership. In particular, I was very pleased to read that, in Sir Stephen Lander’s recent report on the SARs regime, one of the main recommendations was that SOCA, in its role as the UK’s Financial Intelligence Unit, should report regularly on the functioning of the SARs regime, improve dialogue with reporting institutions and provide an assistance programme for regime participants which would include guidance, training support.

All of these measures will be vital to firms in drawing up their own risk assessments. We will work with SOCA to ensure that as much intelligence as possible can be passed to firms, in a timely manner and in a form that is meaningful to them. Our knowledge of the markets and our understanding of the systems in firms should prove valuable in this effort and we will play our full part.

This is exactly how I believe a good AML regime should work. Firms should be empowered by good regulation to manage their AML risks in the most efficient and cost-effective way possible. When I spoke at the JMLSG conferences last month, I challenged firms to:

  • re-examine long-held views on address identification procedures for new customers;
  • ensure that frontline staff are aware of the full range of ID options available for identifying customers and that those options are employed effectively to reduce financial exclusion;
  • take advantage of the new 'reliance' arrangements to ensure that customers are not re-identified needlessly; and
  • improve the effectiveness with which AML tools are utilised.

It is senior management who need to respond to this challenge. If they succeed, they can expect their firms to reduce inconvenience to customers, save both time and money and better manage their ML risks. I hope they see this as a challenge worth rising to.

Back to topBack to top

Training

When I addressed this conference last year, I said that with the risk-based approach, it’s no good ‘talking the talk’ if we can't ‘walk the walk’. Firms needed to know that we meant what we said and that our supervisors knew that if a firm was identifying and managing its risks effectively, it would not automatically be subject to enforcement action for an individual money laundering incident. I said too that it was important that our supervisors recognise diversity and innovation in the way firms tackle financial crime risk and that what one firm does to mitigate money laundering risk might be very different from what another, similar firm does. To this end, I said that we would be investing in training to enhance our supervisors’ knowledge of financial crime issues and to work through the implications of the risk-based approach.

Well, I think we have lived up to my promise, investing extensively in the human capital of our supervisors to ensure that they have the knowledge and skills they need.

We have a new Computer-Based Training course which is aimed at all FSA staff to bring up the general level of financial crime understanding across the organisation. This course has been rolled out successfully organisation-wide with almost all FSA staff having now completed the training.

We have also put together intermediate level workshops, which we are rolling out in particular to our supervisors and also to other staff in firm-facing roles. Importantly, these workshops have come in five different versions, focussing on the risks in different industry sectors, to ensure that they are as helpful and relevant as possible to our supervisors. The workshops have been designed and are being delivered with expert external assistance. They will give supervisors a better understanding of financial crime issues, threats and emerging trends; the ability and the nous to probe further when questioning firms, and a clear understanding of how to operate effectively in a risk-based regime. These workshops have been in place since the beginning of February and by the end of October, we hope that around 600 of our firm-facing staff will have taken the course. We are about half-way there right now and on schedule to meet that target.

Finally, we have also put together a series of presentations by experienced financial crime stakeholders from both the industry and law enforcement, which have proved both very popular and extremely informative. I would like to thank those that have offered their time to come in and talk to our staff about developments in the world of financial crime.

Back to topBack to top

The Third EU Money Laundering Directive

I would now like to talk briefly about the progress made with regard to the Third EU Money Laundering Directive.

The FSA is keen to play its full part in the co-ordinated international fight against financial crime and it is very important that we do so. Of course, we are extremely fortunate to benefit from the work of the Financial Action Task Force (FATF) in coordinating the fight internationally against money laundering and terrorist finance. Their work aims to ensure that the members of the international community are able to stand side by side and present a united front against money laundering and terrorist financing.

Of course, creating this united front against money laundering and terrorist finance is not something that can be achieved with a rigid and prescriptive approach to AML or CTF work. The criminals are too dynamic for that – always looking for new techniques, new technologies and new locations to help them move dirty money around undetected. In order to counter this threat, lawmakers and regulators must be equally dynamic and able to adapt quickly to the ever-changing risks and threats that we face.

It is for precisely this reason that it is so beneficial that the standards of the Financial Action Task Force have been set out as recommendations, allowing countries around the world to achieve a consistent core of practice without imposing an impractical and inflexible ‘one size fits all’ global regime.

The updated FATF Recommendations on money laundering and terrorist financing have recently been translated into EU law via the Third EU Money Laundering Directive. This is one of the main areas in which we have worked hard with the Treasury and international colleagues to ensure that the risk-based approach to anti-money laundering is embedded at the international level as well as domestically.

The Directive covers new money laundering and terrorist financing risks and practices and replaces the first and second EU Money Laundering Directives. Member States will have to adopt the laws, regulations and provisions necessary to comply with the Directive by December 2007.

One of the key changes brought about by the third Directive is that it will introduce into EU law the concept of a risk-based approach. This is particularly relevant in the area of Customer Due Diligence, or CDD. The Directive defines CDD as including not only ID and verification, but also KYC and monitoring. It contains very detailed CDD provisions, for example enhanced CDD for certain high-risk customers and transactions, like international correspondent banking relationships and non-face-to-face business. It also contains provisions for so-called simplified CDD, which means that for certain low-risk situations, firms need not apply ID and verification measures. Importantly, the Directive allows for CDD to be done on a risk-sensitive basis; the onus is therefore, maybe more so than before, on firms to correctly identify their risks and to effectively mitigate against them.

Another important change is a provision in the Directive which requires firms to apply the same CDD and record-keeping standards in their branches and majority-owned foreign subsidiaries as at home.

Back to topBack to top

Politically Exposed Persons

One particular area covered in the Directive in which a risk-based approach and sense of proportionality are vital is firm’s dealings with politically exposed persons or ‘PEPs’.

The Directive requires firms to take a risk sensitive approach to identifying PEPs. This means that you may not be required to screen all customers for PEP purposes, but where a customer is identified as ‘politically-exposed’, you will need to exercise an enhanced level due diligence.

Of course, identifying PEPs is not straightforward. After all, the term ‘politically exposed person’ has a wide definition. For example, it includes – but, I must stress, is not limited to – senior politicians, senior civil servants and senior military officers in every country in the world plus their close families, colleagues and advisors. A further challenge is that PEPs are a dynamic and continually-evolving group. New appointments, family relationships and business associations are constantly being established and, at the same time, existing PEPs discontinue the jobs or relationships that led to their inclusion.

While this all sounds very challenging, I don’t think there is any reason to panic. Since 2003, the JMLSG Guidance has contained material on dealing with PEPs so you'll find that most of the Directive’s requirements are already good practice. The Guidance also contains some good suggestions on how firms with different PEP risk profiles might mitigate the risk they face. For example, it suggests that low PEP risk firms may be able to mitigate their risks by being alert to unusual customer profiles or transactions or conducting checks on specific individuals using internet search engines, while high risk firms might need to adopt more comprehensive measures such as signing up to an international PEP identification database.

The Guidance also points out that just because a person has no political exposure at present, they could have in future. Tomorrow’s new PEPS are today’s non-PEPs, but they are already using the financial system. So it is vital that firms are alive to the possibility that the status of their customers can change and that they have appropriate systems in place to detect such changes and mitigate that risk.

Back to topBack to top

Vision 2010

Given that the Third Money Laundering Directive is a major development which needs to be implemented in the next year and a half, I think it’s an appropriate point to look to the future.

As I have said, we now have in place the AML regime we all wanted and the current task for firms is to ensure that they implement the risk-based approach. But what will the future look like – and what do we want to see achieved in the next phase of our AML strategy?

This is a subject that the FSA has been considering very carefully recently as we developed our Vision of 2010 and our strategy for getting there. And this is what we have come up with.

We have identified the following elements that we want to see in place:

  • a recognition of social harm in assessing the impact of financial crime;
  • improved data flows between law enforcement, FSA, Government and industry;
  • an effective risk-based approach;
  • industry and consumers understanding their role in reducing financial crime;
  • senior management responsibility and accountability; and this should, of course, lead to
  • reduced scope for financial crime in the financial sector.

In order to achieve these goals, we aim to harness the FSA’s new, improved risk assessment model to drive our supervisory focus on AML and use intelligence and feedback gathered from law enforcement and our supervisory contact with the industry used to inform risk analysis. In addition, we will communicate with the industry regularly, using reports, letters and platforms like this one, to set out our good and bad practice findings from our day-to-day and thematic work. And as I said earlier in my speech, we will take a particular interest in poorly performing firms and sectors and use a range of regulatory tools, including the sensible use of enforcement action to raise standards.

On the policy side, our work will focus mainly on promoting a proportionate and risk-based approach to AML both domestically and internationally. In particular, ensuring that we continue to have the support of our international partners in implementing and strengthening the UK’s risk-based regime is essential.

Conclusion

I hope I have been successful in conveying a sense of the breadth of the work that has been done by the FSA and all our partners to put in place an AML regime that is proportionate – both in terms of the cost of regulation and the harm that is inflicted on society through financial crime.

With this regime in place, the simple message that I have for senior managers is this: It’s over to you to take control of the AML efforts in your firm and ensure that a truly risk based AML regime is implemented in the UK. The FSA will be there to support you, feeding you as much intelligence as we can, communicating information on risks, promoting effective and proportionate legislation and if necessary using our regulatory tools to give you a steer if you lose your way. But, ultimately, the responsibility for delivering the risk-based approach is yours. So go for it.

Back to topBack to top

More Speeches: