It's been quite some time since FCA updated its Financial Crime guide (FC). The guide, introduced in 2011, and last significantly updated a few years ago, provides useful context on FCA's expectations of how firms that fall under its regulatory remit should best protect themselves against financial crime risks. It sits (sometimes uneasily) alongside Government-approved guidance, specifically the Joint Money Laundering Steering Group's and the Ministry of Justice's. On the face of it, it seemed slightly surprising that FCA did not update FC when the fourth Money Laundering Directive (MLD4) was implemented in June 2017. But, on reflection, FC is more about overall governance and best practice than compliance with the detail of regulation, and, although all firms will have needed to review and update their AML policies and procedures in the light of MLD4, it brought nothing that made FC fundamentally incorrect.
However, FCA has now published a guidance consultation, proposing some amendments and updates to FC.
Why a change now?
The main reason for the changes is to introduce new content on insider dealing and market manipulation in response to requests for clarification on how firms should counter risks relating to these offences. In the foreward to the consultation, FCA stresses that the definition of "financial crime" extends to these offences, so firms subject to SYSC 6.1.1R should be aware that their obligation to counter financial crime covers arrangements they have in place to counter such activity. It also notes the inherent link with the AML regime as, again like any other financial crime, insider dealing and market manipulation are predicate offences to money laundering.
The proposals cover only the criminal offences. They do not cover the civil insider dealing, unlawful disclosure of inside information and market manipulation offences (which FCA refers to collectively as market abuse) covered by the Market Abuse Regulation (MAR).
FCA plans to update the structure and signposting within the current FC to make it more user friendly. This will involve separating the current parts 1 and 2 and introducing them as new elements called FCG (the Financial Crime Guide) and FCTR (the Financial Crime Thematic Reviews). So the entire guide will look very different, although much of the content will be unchanged. However, the overhaul provides FCA with the opportunity to update cross-references to relevant parts of the Handbook, many of which have changed recently, not least to accommodate MiFID 2.
FCA (as is currently the case) has prefaced each chapter with an explanation of the types of firm that should read it, and has taken care to clarify where firms "must" act in a certain way (because of a mandatory provision), "should" do so (because FCA would in principle expect them to) or "may" (where to act in this way would be good practice over and above basic compliance).
New content – insider dealing and market manipulation
A new chapter 8 sets out the provenance of the criminal insider dealing and market manipulation offences (s52 Criminal Justice Act 1993 and ss89-91 Financial Services Act 2012) and explains why they constitute "financial crimes" for the purposes of FSMA and, therefore why SYSC 6.1.1R applies to the offences. FCA notes the possibility that firms may prefer to apply the standards of FCG to market abuse also as in practice they will often not distinguish between the civil and criminal regimes for the purposes of their surveillance and monitoring.
The key, FCA says, is that firms that offer access to the relevant financial markets have in place adequate policies and procedures to counter the risk the firm may be used for financial crime. It notes the key distinction between the SYSC requirements and MAR, as the latter requires the detection and reporting of market abuse, but the former requires firms to counter the risk of financial crime. Generally, the messages in other chapters of the guide on the tone from the top, authority of MLRO, risk assessments, awareness of conflicts and so on, appear in the new chapter.
First, the guide addresses governance. The draft states appropriate measures are likely to comprise identifying and preventing attempted crime pre-trade and mitigating future risks caused by clients who have already traded suspiciously. FCA expects senior management to understand the risks to which the firm is exposed, through employee and client activity and to take responsibility for estabilishing adequate policies and procedures to counter them. As with other areas of financial crime, senior management should also be aware of and manage the potential conflict between revenue generation and financial crime prevention. The self-assessment questions include a question on how the firm's MLRO interacts with those responsible for monitoring and surveillance. One of the examples given of poor practice is if senior management consider a firm's obligations are fulfilled merely be submitting Suspicious Activity Reports and Suspicious Transaction or Order Reports.
The next section addresses risk assessment. FCA recommends firms assess their risks against every asset class and client type the firm operates with. Each firm should also consider how its risk framework for countering the risk of insider dealing and market manipulation interacts with its AML risk framework and assessments.
The guide next addresses policies and procedures. Front office employees should have particular training so they are aware they should refuse to execute any trade where there is clear evidence the trade is in breach of a legal or regulatory requirement. The guide cross-references the COBS requirement for a personal account dealing policy and says that policies and procedures relevant to each business area, including front office functions, should be communicated and embedded. The best policies and procedures will cover the life-cycle of a product.
Turning to monitoring, FCA recognises what MAR requires and suggests firms could use the results of this for monitoring financial crime exposure, while recognising that the markets and instruments covered by the criminal offences are not the same as those covered by MAR. It also asks firms to consider, again, how monitoring interacts with the AML and client on-boarding process, and whether monitoring programmes include assessing high risk clients and employee trading.
As mentioned above MLD4 and the corresponding Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) did bring changes to UK law and regulation, and many of the changes to existing FC content reflect this. One key change (which has largely crept in unnoticed) is that the new look FC will constitute "relevant guidance" under the MLR 2017 and, as a result, a court or other relevant decision. The guide also, where appropriate, makes reference to national risk assessments and the ESA guidelines. FCA gives examples of suggested good practice in monitoring, including regular, targeted monitoring of both voice and electronic communications and escalation of concerns to the compliance department.
Other changes consequent on MLD4 include:
- Changes to when enhanced due diligence will be applied
- Update to the document retention requirements and periods
- Updates to good and poor practice to track the requirements of the revised Funds Transfer Regulation, including duties on intermediary banks.
These apart, there have been some fairly significant changes to the chapter on financial sanctions to address the changing nature of certain sanctions – specifically to reflect the lifting of the additional Iranian sanctions. Changes also address the creation and role of OFSI.
The consultation closes on 28 June, and FCA plans to bring the new version into force from 1 October.
The draft does not impose any new obligations on firms. Firms should already have in place governance structures, risk assessments, policies and procedures and monitoring controls to address the risks they face from insider dealing and market manipulation, However, the guide provides an opportunity for a thorough review – and there is still time to comment if a firm fundamentally disagrees with any of the recommendations, or examples of good and poor practice.