Prevention of financial crime is high on the UK financial regulatory agenda. FSA has already focused on money laundering and market abuse, then on bribery. Now it has turned its attention to financial sanctions controls. So what does it expect from the regulated community?
What are FSA’s powers?
The UK financial sanctions regime is the responsibility of HM Treasury, and the regime applies to almost every person and business in the UK. It is not limited to businesses in the financial sector. However, one of FSA’s statutory objectives is reducing the extent to which it is possible for a business to be used for a purpose connected with financial crime. FSA can impose rules on authorised firms to help meet this objective.
FSA’s Principle 3 states:
“A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.”
SYSC 3.6.6R states:
“A firm must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime.”
FSA expects firms to have a good understanding of the UK financial sanctions regime. Otherwise, risk assessments may be inaccurate and systems and controls may not be effective.
What does FSA expect of regulated firms?
FSA recently published a review of firms’ procedures which highlights areas firms need to improve. Its main recommendations include the following.
Policies and procedures
- Senior management should be fully involved in developing and implementing effective and appropriate policies and procedures.
- Firms should review financial sanctions procedures during internal audits.
- Where firms operate in several countries, a consistent group-wide policy may be helpful.
Staff training and awareness
- Firms should give appropriate training to relevant staff.
Screening clients at take-on
- Firms should screen against the HMT list before providing services to clients.
- Firms should not assume other authorised firms have carried out adequate sanctions checks.
- Firms should monitor the continuing effectiveness of automated systems they use.
- If firms use fuzzy matching, they should ensure the matching criteria they use are relevant and appropriate.
- Firms’ systems and controls must take in updates to the regime.
- Flagging systems must clearly identify flags raised when a target match comes up.
Treatment of potential target matches
- Systems and controls must allow investigation of whether a potential target match is an actual target on the HMT list so firms can freeze or block accounts.
- Firms should have clear internal and external reporting processes for matches.
FSA found various misconceptions in surveyed firms including beliefs that:
- firms are exempt from the regime if they process only low value transactions. NO: there is no minimum limit;
- individuals and entities on the HMT list are all overseas. NO: there are some UK-based individuals and entities on the list;
- screening is not necessary where a firm does not hold client money or make payments or where it deals in low-risk products. NO: under the Terrorism Order1 the prohibition extends to financial services as well as funds;
- sanctions targets are the same as politically exposed persons (PEPs). NO: Most PEPs are not the subject of sanctions (although they may be);
- the regime either did not apply at all to insurance or at least that insurance is a no or low risk area. NO: the Terrorism Order bans providing financial services, including insurance, to a target on the HMT list;
- AML checks work for sanctions too. NO: checking client identity does not include checking the HMT list;
- freezing funds will be “tipping off” under AML legislation. NO: this is unlikely to be an issue because of the different way the regimes work;
- financial sanctions is a form of FSA enforcement action. NO: it is HMT that implements, administers and enforces the regime (FSA enforcement action if firms do not have proper systems and controls is separate).
FSA has already acted against firms for failings in systems and controls that exposed them to the risk of money laundering or bribery and corruption. Now all firms should review their sanctions controls to ensure they meet FSA’s expectations.