FSA Financial Crime Conference
Speech by Philip Robinson, Financial Crime & Intelligence Division Director
FSA Annual Financial Crime Conference
22 January 2007
Before adding my own remarks to close today's conference, I would first like to thank our speakers and panellists for their excellent presentations today. The speeches and presentations were highly informative, and I only hope we can gather speakers of such quality for future FSA Financial Crime Conferences. I'll try to keep my closing remarks to a reasonable length since I am aware drinks are next on the agenda!
I said in my opening remarks that Financial Crime is on the increase, and as a consequence increasingly on the agendas of those trying to combat it. Other presenters today have highlighted the significant profile that the fight against financial crime has acquired in our society.
More precisely, we’ve heard today about the size of the Financial Crime problem, and the new financial crime risks FSA and other stakeholders have identified. And we’ve heard about how regulators, law enforcement and firms plan to tackle them. I’m going to build on John Tiner's comments and set out some of what we in FSA have achieved over the past year. And I'll conclude my remarks by mentioning some of the challenges that lie ahead of us.
AML
Let me start by re-stating how vital it is that we implement a successful risk-based approach. John Tiner has already set out his vision for a more principles and risk-based regulator. Let me set out what this means for the FSA in preventing and tackling financial crime.
A risk-based approach means that we chose to focus our resources for the fight against financial crime on the areas of greatest risks. Because resources available to fight money laundering and terrorist financing are limited, they should be used efficiently. Our aim is to maximise our investment return in fighting money laundering and ensure that we get the best possible outcome. I am not saying here that the risk based approach is the easiest option to implement, nor that it is necessarily the cheapest one. But we need to ensure that the money we spend delivers real benefits.
Our approach would fail if firms only invested in anti-financial crime systems to avoid regulatory sanction, following a tick-box approach that seeks only to protect the firm, rather than also to minimize the wider harm caused by financial crime. Our risk-based approach seeks to optimise beneficial outcomes to society as a whole.
While we consider that senior management should lead and take responsibility for their firms' systems and controls to combat financial crime, it is also crucial to provide them with some flexibility to implement systems and controls that are most appropriate for their firm and the financial crime risk they face. Only then will we achieve the outcome we all want – a significant and cost-effective contribution to the fight against acquisitive crime and terrorism.
As many of you will be aware, we replaced the old Money Laundering Sourcebook with just two pages of high-level rules last September. This significant reduction in rules highlights an important point: our new principles-based approach seeks to be proportionate and to rely on firms' sound judgment. We believe firms are best placed to understand and assess the money laundering risk they face in the light of the products they offer to their specific customer base, as well as the delivery channels and the jurisdictions within which they operate,.
This reduction in rules has been facilitated by the new high quality industry guidance produced by the JMLSG or Joint Money Laundering Steering Group. And I would like to thank the trade associations and their members for their dedicated involvement in revising the JMLSG guidance. The recent changes in the guidance have led to a more proportionate regime, notably with regard to customer identification.
One major piece of work we will be carrying out this year will involve an assessment of whether firms across the industry have implemented the revised JMLSG Guidance. As part of this review, we will look closely at whether firms and their senior management are identifying the money laundering risk to their business model and operating a genuine risk-based approach to mitigating it.
We will also examine the extent to which firms have reviewed their procedures since the changes in rules. In this context, one particular area we will look at is whether firms have chosen to make use of the opportunities set out in the JMLSG Guidance to simplify ID requirements, particularly for low risk products, or to rely on customer identification carried out by other regulated firms. These types of efficiencies are essential if the industry is to focus on high risk areas and apply resources to where they make the most difference. I will illustrate this point with a precise example in a short while.
Intelligence is integral to the FSA's risk-based approach to regulation. To assist with judgements as part of their Arrow II assessments supervisors are provided with intelligence-led financial crime guidance covering sector - specific issues that should be considered. Using thematic work we are currently reviewing the performance of private banks and small retail firms, and monitoring the industry’s handling of Chip and Pin.
Last July, our Executive Committee approved our Intelligence Strategy. The strategy is designed to deliver the intelligence the FSA requires to make proportionate and well informed decisions; to identify poor performing firms and sectors, and help us target our resources effectively. It will involve more proactive working between the intelligence function and other business areas.
Intelligence collection is a two way process, so the strategy also has an external aspect, with the FSA committing to work with our counterparts in the wider financial crime intelligence community, to assist with their detection and prosecution of crime. We are already working closely with SOCA and the SFO on cases of joint interest and we are ensuring that information shared in this way is covered by legal gateways. During the year intelligence has assisted with high profile listing, authorisation, change of control and supervisory decisions.
The risk-based approach is growing in stature, in Europe and internationally. For example, risk-sensitivity is now embedded in the FATF recommendations that form the bedrock of global anti-money laundering standards. We have been discussing with the FATF evaluation team how the risk-based approach is implemented in practice, and the key roles of the Treasury's Money Laundering Regulations, the FSA's rules, and the Treasury approved JMLSG Guidance in implementing the FATF standards in the UK.
The Third Money Laundering Directive will, for the first time, clearly introduce the notion of a risk-based approach to anti-money laundering at the European level. The Third Money Laundering Directive, which must be implemented in all EU Member States by 15 December this year, translates into EU law the 2003 revision of the Financial Action Task Force's Recommendations.
The Directive and its implementing measures introduce a number of detailed requirements, in particular with regards to customer due diligence. One change will be that the 3MLD will provide technical criteria for situations in which the procedures for customer due diligence may be simplified. The article on Simplified Due Diligence (SDD) contains criteria for customers, products and transactions that could be designated by individual Member States as representing a low risk of money laundering and terrorist financing. This means that for certain situations, firms need not apply ID and verification measures.
The FSA has conducted some pieces of work to assess the implementation of firms' systems and controls in specific areas. For instance, during the summer of 2006, our Wholesale Firms Division visited 16 firms (banks, investment banks, investment firms and insurers) to assess their systems and controls in relation to Politically Exposed Persons (PEPs).
PEPs have come increasingly into the spotlight of international anti-money laundering efforts. This is reflected in the revised JMLSG Guidance and the Third Money Laundering Directive, which, as I have just mentioned, came into force last year and which the UK will have to implement by December 2007.
We found that the firms visited were, on the whole, aware of their obligations, were generally observing the Guidance and were compliant with the Directive’s PEPs provisions,. However, there are areas that firms can improve on. So we set out some good practice tips to help firms improve their implementation of guidance given and Directive they should follow.
Fraud
We welcome the new Fraud Act, as it will simplify the law and seek to reduce the length and complexity of trials.
More specifically, we are pleased that the Fraud Act includes new measures for modernising the law to equip investigators and prosecutors with the necessary tools to keep pace with the changing world of fraud, including new threats such as phishing and internet fraud. We believe this Act will help improves prosecutions by providing clear definitions of fraud and should reduce the risk of cases being lost through technical points.
We also welcome the Fraud Review and its recommendations published last July. We believe this project is a valuable piece of work, and we are keen to ensure that the impetus behind it is not lost. So we again call on the Government to provide a strong lead on this going forward, just as it has over done on Anti-Money Laundering.
A central theme of the report is the importance of adopting a partnership approach to tackling fraud, a view that we have strongly advocated. Joint effort between the public and private sector is essential to tacking fraud effectively. And I cannot stress enough how supportive I am of the development of a National Fraud Strategy – this is something I called for in October 2004, when I launched the FSA's fraud policy.
John Tiner talked about the importance of data sharing. But effective data-sharing needs to start with good data. So I cannot stress enough the importance of collecting good data on the scale of the fraud problem; and this is clearly an area that deserves to be placed as a higher priority for the future national fraud strategic authority and for law enforcement. If a measure of fraud and of the harm caused by it can be given, then it will be much easier to impose adequate sanctions on fraudsters.
It is also vital to raise consumer awareness of new problems and how they need to respond to them, as well as ensure that consumers are aware of more 'traditional' threats in the first place. I have spoken at length about the difficulty of raising consumer awareness in a speech I gave last December at the BBA Conference. So I will not cover it in depth here. But let me remind you of a few significant points:
The number of fraud victims shows us consumer awareness has not increased in line with optimistic predictions. Together with the distress caused to consumers, the danger of complacency contains a much broader peril: imagine the impact on the financial system of consumers were to lose the confidence in transacting online business.
Simple and clear advice, communicated effectively to consumers, could help us in preventing fraud. Our new FSA website dedicated to consumers aims to do just this. But consumers are not the only ones that can improve their behaviours and avoid falling foul of fraudsters. It is vital that firms apply rigorous fraud controls towards external partners as well as their own employees, to make a decisive step in the fight against fraud.
In our risk-assessment of firms, we will be evaluating firms’ anti-fraud culture, and the part played by senior management in ensuring that such culture is embedded within the firms' systems, controls as well as daily practices. We are determined to follow-up on specific frauds, especially those suggesting underlying control issues, and extend our work on fraud by getting intelligence about new types of fraud to industry.
What have we learned
The very recent results of our Financial Crime Survey provide some key points that I'd like to share with you today. This survey seeks to establish firms' perception of our work on Financial Crime. I am glad to say that the industry’s perception of our work on financial crime has improved over the past two years. Firms see their relationship with us as less adversarial. But some firms still see information sharing with the FSA as a problem, since they fear such exchange might result in supervisory or enforcement action. So we are looking at ways to resolve this quickly, since proper data sharing is vital to effectively combat financial crime.
None of the stakeholders we addressed was able to put a figure on the amount of fraud in the UK, but most feel that the market is much more aware of fraud issues and is devoting increased resources to combating it. And the key emerging risks firms see are identity theft and hi-tech crime.
The very recent findings of the quantitative side of this survey show that regardless of their size, financial crime is seen as an important issue for firms. There has been an increase in priority given to financial crime prevention by senior staff across firms. This finding is very important for us. However, some other conclusions also suggest that the financial crime picture may not be so rosy after all:
There appears to be a relationship between the size of firms and the level of resources they will devote to financial crime. This is probably no great surprise. But what is more interesting is that this relationship has an effect on the way financial crime policy is viewed and handled, in at least two ways:
- Larger firms believe they have enough guidance from us in terms of how to apply principles-based regulation
- Smaller firms find principles-based regulation easier to apply, but would appreciate more tailored guidance.
We will find the survey findings helpful: they will help us shape policy rules and guidance that will hopefully be more responsive to firms' needs and expectations. If guidance does not work for firms, it will not work for us. We need to be practical in our approach if our work is to be successful, and so the fight against financial crime will be more effective. We are determined to work closely with the whole range of firms to shape the best possible guidance for their various needs. We understand the importance of responding to small firms' needs and we'll ensure the right channels are created to address their concerns in the area of financial crime.
Inside FSA: what has been achieved?
We have now completed a substantial training programme at foundation and intermediate levels. All our staff have to take a foundation level computer-based training course so that they get a basic understanding of the financial crimes issues. And to bolster more specifically the knowledge of our supervisors, we have also put in place intermediate level workshops to ensure that they have a good understanding of financial crime risks in their respective sectors.
This has all been supplemented by an ongoing programme of briefings from industry experts, law enforcement and government agencies to raise awareness of our stakeholders' roles. We have notably put in place a series of briefings on the new JMLSG Guidance. While David Swanney has presented to our staff on the general material in Part 1 of the Guidance, the relevant trade associations have delivered some excellent sessions on the sectoral material in Part 2. This training will undoubtedly ensure a much improved understanding among our supervisors of the risks and issues in the different industry sectors. So I would like to convey formally our gratitude to the trade associations for putting together these sessions. I believe that it is extremely important that firms understand how we supervise AML in practice. Hence, our commitment to be as transparent as possible about our expectations of firms.
Last February we published an important report on fraud governance. We found that the larger financial firms, driven by mounting fraud losses, have taken steps to strengthen their fraud management capabilities. But these improvements are relatively recent and firms can go further to protect themselves and their customers from fraud. We also found that CEOs and other senior figures generally recognise that the increasing threat of fraud needs to be managed in a more effective and integrated way.
However, firms need to work harder in several areas. We have encouraged firms to collect more detailed and accurate data and invest in systems and controls to detect mounting fraud threats at an early stage. Without this, some firms, and especially smaller firms, are currently not in a position to adequately assess where and why they are at risk from fraud. So I am keen to reiterate that investment in systems and a focus on robust anti-fraud operational processes, which are embedded in business units, are key to improvements in fighting fraud. Fraud mitigation cannot be assessed against the fear of putting customers off by implementing protective measures that risk causing inconvenience to them over and above what their competitors do. If responsibility in tackling fraud is de-prioritised to favour other business needs, then the fight against fraud is bound to be incomplete, and we can expect failures to increase.
The key findings of the fraud governance report were communicated to supervisors via a presentation and our intranet site, supplementing the extensive financial crime training that we had already put in place.
We also launched a new FSA Financial Crime website last December. The new pages bring together in one place information on fraud, money laundering and market abuse that were previously in different sections of the FSA website. They also hold material on the new Anti-money Laundering regime, including the risk-based approach to AML and a financial crime library. We anticipate that the new Financial Crime webpages will be an invaluable resource for FSA staff, firms and consumers alike.
What's next?
The presentations we’ve heard today clearly lay out the challenges we all face in tackling financial crime. Our new Financial Crime and Intelligence Division is will help us to rise to such challenges: we will tackle priority areas where we believe we can make a real difference, working with colleagues inside and outside the FSA to provide expertise to meet our common objective.
We've heard from Bill Hughes about what SOCA has achieved so far. We all wish him success in his efforts. John Tiner spoke this morning about fraud risks stemming from compromises to personal data security. The FSA is implementing a major work programme to tackle this issue. We've also heard from the Economic Secretary to the Treasury as well as from our speaker from the Security Service about continuing risks from terrorists. Counter-terrorist financing has to be at the top of all our agendas.
And these risks are not mutually exclusive – we know that terrorists often use criminal contacts and methods to finance their activities. So we all have to take account of the harm that Financial Crime can cause to society when we decide how to manage financial crime risks. Looking just at how much cash is involved is not enough.
Conclusions
There have been real achievements this year in the fight against financial crime. But, as it has been repeatedly stated throughout this conference, the Financial Crime problem is growing, not declining. So we all have to raise the bar. The FSA expects to do more over the coming year with the new Financial Crime and Intelligence division brigading financial crime expertise. And we will share what we learn going forward.
And let's not forget that crime is as international as the rest of the economy. So we have to find ways of sharing intelligence and relevant information across borders. Our general approach to tackle financial crime is inspired by the following four-fold vision: firstly, our approach needs to be proportionate and risk-based; second, it needs to be intelligence-led; thirdly, it needs to be dynamic; fourthly and finally, the judgement of all of us to achieve common ends is likely to dictate the success of our work in the thorny area of financial crime.
Thank you for your attention.