• FSA Library
  • Communication documents
    • Speeches

Speech by Philip Robinson
Cambridge Economic Symposium
6 September 2006

Good morning. I am delighted to speak to you again this year and to have the opportunity to talk about the risks posed to the financial sector by economically motivated crime. When my colleague David Kenmir addressed this symposium earlier in the week, he explained how and why the FSA seeks to implement a Risk-Based Approach when dealing with financial crime. Today, I want to focus on some of the specific threats that face the financial sector and to talk about some of the things that the FSA is doing to help combat them.

Economically motivated crime essentially poses two distinct risks to the financial sector:

• The risk that firms and consumers alike suffer financial loss as victims of crime, predominantly through fraud and market misconduct; and
• The risk of firms being used to launder money by criminals whose acquisitive crimes inflict harm on society.

A crystallisation of either or both of these risks may result in damage to a firm's good standing with its customers, its counterparts or its regulators. If this crystallisation is of significant impact then it can impair its ability to operate successfully.

Money Laundering

So let me talk first about money laundering. As those of you from the UK financial sector will know, the policy changes we made this year have now come into effect. We have removed our overly detailed money laundering sourcebook and replaced it with much less prescriptive provisions in our Systems and Controls sourcebook.

The underlying principles driving these changes are our adoption of a risk-based approach to AML, together with our decision to move to a more principles-based approach to supervision. This places emphasis on the responsibility of the firm's senior management to manage the firm's business risks.

In our view, this approach enables firms to concentrate on managing the real money laundering risks they face, arising from the sort of business they have decided to undertake, rather than simply trying to manage regulatory or compliance risk and worrying, as a result, only about the details of the regulator's rules.

Back to top

To assist firms operating in this risk based way, we have in place the new industry drafted JMLSG Guidance which was formally endorsed by the Chancellor in March. This is now freely available on the internet to all regulated firms (and anyone else who wants to make use of them) to help them implement an effective regime in their firms. These notes deliver the three key elements of the risk based approach: proportionality, flexibility and cost effectiveness.

So how should firms focus on the real money laundering risks they face? One key area is customer identification. The FSA has been working for over two years to ensure that ID requirements are cost effective and proportionate to the risk presented by a customer. The JMLSG Guidance states that;

"How much identity information or evidence to ask for, and what to verify, in order to be reasonably satisfied as to a customer’s identity, are matters for the judgement of the firm, which will be exercised on a risk-based approach "

Firms can therefore decide what level of customer identification, above a minimum level, is appropriate to their customer and product risk. So where the money laundering risk is low, firms may be able to use a single ID document or electronic verification of their customers' identity or, where those customers have been adequately identified by a regulated 'introducer,' may not need to carry out any further ID checks at all.

By contrast, another key area where firms will benefit from a more risk based approach is in the identification of politically exposed persons or PEPs. The new JMLSG Guidance contains practical suggestions for firms about the steps they can take to measure their exposure to PEP risk as well about how they can manage that exposure in a risk based way. For example, it suggests that low PEP risk firms may be able to mitigate their risks by being alert to unusual customer profiles or transactions, or conducting checks on specific individuals using internet search engines, while high risk firms might need to adopt more comprehensive measures such as signing up to an international PEP identification database.

Back to top

Our Wholesale Firms Division has been looking at this across a sample of their firms. We are pleased to see that generally firms are aware of and are addressing this issue. Nevertheless, in a risk based approach senior management must be involved in the design of the risk assessment process and involved in the higher risks cases. Our new rules make clear that senior management bear the responsibility in this area. Firms must also ensure that relevant staff are trained to deal with PEP risks, that they have adequate systems to identify PEPs, that PEP databases are used appropriately and that Internal Audit consider PEP risk as a possible area to review. We shall shortly be publishing more detailed findings and good practice identified from this work.

So the risk based approach can be cost effective, removing unnecessary burdens on firms and their customers or demanding increased due diligence where high risk situations demand it. Moving to a risk-based approach represents a significant challenge to firms, particularly in terms of ensuring that frontline staff and customers alike are aware of the changes and the new options that exist for ID. Firms are not obliged to change their approach provided they meet their legal obligations. But I hope that they will see that, if they do, there are considerable rewards to be reaped.

Supervisors should assist firms with meeting this challenge by being transparent in their supervision of firms that operate the Risk Based Approach; this will help firms to understand how the supervisors will assess their efforts and thus allow firms to be more proactive in their response to the risks that they face.

Market Misconduct

Focusing on real risks is also fundamental to the way that the FSA deals with market misconduct. We require senior management to be responsible for identifying the risks that their firms face and in so doing we expect them to have due regard to the healthy operation of markets as a whole as well as their own impact on those markets. We also expect them to ensure that the appropriate systems and controls are in place for mitigating the risks identified.

When a firm identifies a potential incident of market abuse, they should provide a suspicious transaction report to the FSA, looking hard at the reality of the risk identified and focusing on the quality rather than the quantity of reports. We have worked hard to discourage firms from making defensive reports which do nothing to improve the effectiveness of our regime.

Back to top

Fraud

I want to turn now to fraud, where loses seem to have been increasing, and to talk about the risks that we are particularly keen for firms mitigate. As David Kenmir pointed out earlier in the week, the goals of the FSA as a regulator and those of firms are very much aligned, so the FSA seeks to work in partnership with the industry and other stakeholders in order to add value to our joint efforts against fraud.

One persistent threat is insider fraud, particularly the corruption of employees by organised criminals who often place their associates within firms or use various forms of coercion such as bribery, blackmail or the threat of violence in order to influence employees.

As a result, firms have had to improve their staff vetting procedures and a number of bodies such as CIFAS and APACS have developed staff fraud databases so that firms can share information on employees who have been dismissed on suspicion of fraud. This should make it much harder for individuals with a history of dishonesty to find employment in the financial sector. I would strongly urge firms that do not currently participate in this sort of information sharing to consider the risks they face in this area, and the extent to which participating in a staff fraud database might be useful. A no blame whistleblowing mechanism can also be very helpful for a firm seeking to defend against this risk.

Another important facilitator of fraud is technology. Systems contain increasingly valuable information about businesses and customers. It would seem obvious that firms and customers alike must take steps to protect themselves. However, the DTI's IS Breaches Survey 2006 found that 25% of UK businesses are not protected against technological threats. In 2004 we examined firms Information Security practices and recently published information for supervisors to ensure that when they visit firms, they know the issues and trends in information security and are equipped with the knowledge necessary to identify risks and determine if firms are mitigating those risks effectively. We will be repeating this examination in early 2006, looking at the new threats identified and the quality of mitigation in place.

My recent caseload has shown me that an increasingly important issue is ensuring that firms report the frauds they experience as a crime, as well as seek recovery of missing funds. Unless criminals are caught and successfully prosecuted, they can and do repeat their frauds. Firms should remember that reporting fraud is something that is vital if we are to protect the financial system, even if when firms get their money back.

Back to top

Conclusion

There are two key messages I would like you to take away:

On fraud, criminals will focus their efforts on our weakest links. And new areas of relative weakness will open as we shut down current vulnerable areas. Card not Present fraud for example, is on the increase following the introduction of Chip and PIN. On the face of it, this might seem like a depressing view of criminality being displaced rather than eliminated but I don’t think this is the case. Every time the criminal has to redirect focus, it shows that it is in an increasingly hostile environment, an environment where it is getting harder and more costly than it otherwise would be to turn an illegal profit and where the odds of being caught and punished are on the increase. It is the job of our fraud partnership to chase the criminal relentlessly to drive up the costs of criminality both financially and in terms of the chance of being caught and prosecuted.

On money laundering, I would like to reiterate what David Kenmir said earlier in the week, that the UK has an excellent opportunity to operate a truly risk based AML regime that can remove unnecessary burden from financial firms and their customers through more efficient and convenient AML procedures while at the same time delivering benefits to society as a whole by creating a hostile environment for acquisitive criminality. Our aim is to ensure that the industry makes the most of this opportunity.