Financial crime: How to ensure a robust risk assessment

Jacqueline Planner examines how financial crime risk assessments can protect your firm and safeguard its reputation

Financial crime: How to ensure a robust risk assessment

The role of financial crime risk was a key priority for regulators and legislators in 2016. There’s no doubt that this will continue into 2017 and beyond.

In addition, in its Business Plan for 2016/17, the Financial Conduct Authority (FCA) highlighted the need to tackle financial crime as one of its priorities.

How can consumer credit firms ensure they manage financial crime risk effectively, to ensure the business and its customers are protected on an ongoing basis?

The answer is a robust, proportionate and documented financial crime risk assessment. But without guidance on what a good approach looks like, the sometimes subjective nature of financial crime regulation can lead to an approach that fails to mitigate the risks effectively.

There are three main elements underpinning a robust approach:

1 Cultural alignment

From the top of a firm to the frontline, the risk that financial crime poses should be clearly articulated and understood.

Recent Huntswood research has shown that, on average, 86 percent of firms were confident that their boards understood the risks. However, it also highlighted that one of the main issues for compliance teams was obtaining sufficient time with business heads and other first-line stakeholders.

Some culture-related questions to consider include:

Do money laundering reporting officers (MLROs)/risk experts have clear lines of communication with the board to raise any regulatory concerns?

Do you operate a clear ownership structure around your risk assessment?

Do you have a meaningful and clearly defined risk appetite statement?

Are financial crime responsibilities and accountabilities clearly defined? Are they SMR compliant?

2 Creating a robust risk assessment framework

Firms must understand and categorise the risks they face and address them appropriately, including strategic, operational, regulatory, credit and legal risks.

How your firm designs its financial crime risk assessment methodology will depend on the complexity of the organisation, the nature of your services and the markets in which you operate.

Our research has shown that some firms incorporated all areas of financial crime within one generic assessment. However, from a best practice point of view, a financial crime risk assessment should explicitly address the following:

  • Anti-money laundering and counter-terrorist financing;
  • Sanctions;
  • Fraud;
  • Anti-bribery and corruption;
  • Information/data security.

In our engagement with firms, we found only seven percent had undertaken a risk assessment specifically incorporating all five of these elements.

3 Building an effective operating model

Systems and controls not only need to be in place to counter the risk that your firm may be used as a vehicle for financial crime, but they should also be subject to challenge by senior management and internal audit to ensure they remain effective.

In assessing and further developing their control environment, firms should consider whether they have:

  • Established management information and data which gives the board the clearest possible view;
  • Ensured policies and procedures remain compliant;
  • An accessible whistleblowing policy;
  • Engaged staff to assess the organisation’s environment;
  • Considered the frequency and level of training to ensure staff continue to understand their responsibilities.

In addition to these considerations, a culture of record-keeping is absolutely imperative. Firms must document and evidence their justifications for how decisions have been reached.

Ensuring protection where it’s needed

In a world of ever-evolving criminal threat, where tackling financial crime is high on the agenda for both regulators and law enforcement agencies, effectively assessing risk is essential for consumer credit firms.

As every firm is unique, a one-size-fits-all risk assessment template does not exist. Instead, firms should pursue a tailored, risk-based approach, to which there are many benefits above and beyond limiting potential exposure to criminality and preventing penalties from the regulators.

Huntswood has released a report on financial crime risk assessments. Based on research with a cross-section of firms, the report offers guidance, outlines good practice and highlights practical steps that firms can take to embed a proportionate, pragmatic and dynamic approach. You can see it here.