Worldwide: Fit To Fight Financial Crime

Financial crime risk keeps evolving and firms must stay on their toes

With the plethora of sanctions triggered by recent conflicts, criminal cases associated with crypto collapses, the proliferation of fraud from scams involving unauthorised transactions and authorised push payments (APP) and the sophistication of global cyber-attacks, financial crime remains one of the most significant risks facing firms.

Globally, regulators are assessing whether frameworks remain fit for purpose, conducting an increasing number of thematic reviews, issuing guidance to (re)set their expectations and stepping in when there are concerns and failings. And there continues to be a significant amount of – often costly – financial crime enforcement activity.

In Singapore, the value of assets seized or frozen in one of the country's biggest money laundering cases has reached a staggering S$2.8 billion (US$2 billion), and MAS has also indicated that it will launch inspections of banks suspected to be involved in the case. In the UK, there has been a drop in the share of financial crime cases that formed of the FCA's total enforcement caseload in 2022/23; but the regulator still opened 613 financial crime cases this year – an increase of 65% from 2021/22. Several individually significant enforcement cases have also concluded, with associated 'lessons learned'.

Not only are firms keen to mitigate the risk of getting involved in costly enforcement, they are also called upon to meet more exacting regulatory demands and societal expectations that they provide the first line of defence against financial crime.

Within the gamut of financial crime, the following risk management themes stand out:

Governance, systems and controls

Increased and evolving threats require systems and controls that are both sufficiently flexible to respond quickly and appropriately and which are demonstrably subject to robust oversight and governance. Digital solutions present opportunities, but firms need to be aware that regulators expect these solutions to be fit for purpose. In the UK, this builds on the FCA's recent review of AML systems and controls in challenger banks and aligns with its 'data-driven' approach.

In relation to AML compliance more broadly, focus on automated transaction monitoring controls has grown. Traditionally there has been little specific guidance and limited enforcement action in relation to this area. But that seems to be changing – particularly in the UK – as regulators become alive to this as an area of potential weakness, and when specific crystalised risk incidents raise questions as to why weaknesses were not identified (or identified sooner).

Good quality management information remains key for informed governance of both sanctions and AML compliance. In Australia, ASIC has commenced first-of-its-kind proceedings against some of the directors of a casino for failings in directors' duties due to weak AML governance and oversight. This has created waves in the local market.

In the UK, enforcement actions highlighted the slow pace of financial crime remediation projects. Authorities' statements have focused on the quality of governance and oversight in relation to such projects, with a particular emphasis on the delineation between the three lines of defence.

Following due process – Too much or too little?

There has been a particular issue with being able to identify politically exposed persons (PEPs) and conduct sufficient due diligence both before onboarding and as part of ongoing enhanced due diligence (EDD). In the UK, a parallel concern has been that firms may be 'over-complying', creating unnecessary friction for PEP customers. The UK FCA has launched a thematic review, and new UK legislation will see the EDD standard in relation to domestic PEPs updated.

De-banking is a global concern. Reasons given (or sometimes suspected) are broad ranging from exposure to crypto, to operating in certain high-risk industries or even (allegedly) for political views or association with religious or charity organisations. Banks in New Zealand and Australia have been found to have wrongfully de-banked religious communities and human appeal associations, and similar incidents have occurred elsewhere. Meanwhile, a recent UK FCA review of bank account closures found no evidence of closures on political grounds, but the regulator reminded the UK Government that the time is right for a debate on how policymakers should balance access to bank accounts with the threat of financial crime – as well as firms' reasonable risk and commercial appetites.

Regulators globally have reminded firms that when customers are exited – even for good reason – due process must be followed. In the UK, the FCA has linked due process to its new Consumer Duty. In Australia, the AML regulator, AUSTRAC, has published guidance on de-banking which asks firms to strike a balance between risk management and financial inclusion.

Focus on data

Regulators increasingly focus on data collected in relation to AML compliance, how that data is analysed and how it is used in the fight against financial crime; we expect this to continue and to grow. For example, in Singapore, MAS is working with six major commercial banks to develop a digital platform – 'Collaborative Sharing of Money Laundering/Terrorism Financing Information & Cases' (COSMIC). The aim of COSMIC is to enable these banks to securely share information on customers or transactions, with a focus on abuse of shell companies, misuse of trade finance and financing that aids the proliferation of weapons of mass destruction.

The UK FCA has also publicised its data-driven approach, highlighting examples such as using turnover of money laundering reporting officers as one criterion for intensifying its supervisory focus on a firm, and deploying sample synthetic data sets to test firms' sanctions screening controls.

Focus sectors

Putting crypto to one side, sectors in the spotlight are those which typically rely on mostly manual controls around AML compliance – family offices, wealth managers, asset managers and fund managers. There is also an ever-present concern regarding the risks posed by money services businesses and cash intensive businesses.

In Singapore, MAS is consulting on a revised framework to strengthen surveillance and defence against money laundering risks in Singapore's Single Family Office sector. More generally, MAS has also highlighted that the wealth management sector will be an area of supervisory focus due to its inherently higher exposure to money laundering and terrorism financing risk.

Regulatory change

Regulatory change shows no sign of slowing. Where firms adopt a global approach to AML and financial crime compliance, they must remain mindful of changes arising in national regimes. For example, in Australia, non-financial services sectors are facing the greatest regulatory change with proposals being introduced to meet FATF standards.

There are also consultations underway in a number of jurisdictions to change the supervisor for, or regulation of, AML. In the EU, these include the progress on the AML 'single rulebook' and the introduction of the new super EU AML regulator, AMLA.

In the UK, the Economic Crime and Corporate Transparency Act 2023 has introduced the biggest change in the role of Companies House since it was created in 1844, turning it from a largely passive recipient of information to an active gatekeeper. This forms part of a varied package of economic crime measures, including significant reforms to corporate criminal liability such as a new 'failure to prevent fraud' offence. More changes are on the horizon, with a further consultation on the money laundering regulations expected shortly, and further reforms to corporate criminal liability currently before the UK Parliament.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.