Are you ready for the Annual Financial Crime Report?
July 2017 | SPECIAL REPORT: WHITE-COLLAR CRIME
Financier Worldwide Magazine
July 2017 Issue
In November 2016, the Financial Conduct Authority (FCA) finalised its guidance and form for its Annual Financial Crime Reports (REP-CRIMs), which came into effect on 31 December 2016. Most regulated firms that are subject to the Money Laundering Regulations 2007 will have to submit REP-CRIMs. The exceptions are listed in Chapter 16.23 of the FCA Handbook. The reports must be submitted 60 business days after firms’ annual reporting date. The first REP-CRIMs were submitted at the end of March 2017.
The introduction of REP-CRIMs is the FCA’s first routine collection of information on financial crime. The form has 35 questions, the majority of which are mandatory. The purpose of the report is so the FCA can collect data to facilitate its policing for financial crime and to enable the authority to direct its resources where they are most needed. The information provided in REP-CRIMs includes the firms’ internal risk procedures and specific information on areas of risk.
The questions in the REP-CRIM form appear fairly straightforward but nevertheless collating the information to provide the necessary answers could be time consuming, especially if the responding firm is a large multinational corporation with many employees, and many more customers. It is reassuring, therefore, that the responses require only information that relates to the parts of a firm’s business subject to the money laundering regulations. If a group includes more than one firm, a single report can be submitted to satisfy the requirements of all of the firms within the group.
Firms are required to provide numerical data and information on financial crime risks. A failure to answer the compulsory parts of the report could result in a firm being sanctioned for not filing complete and factual data, i.e., a criminal offence.
The five areas covered by REP-CRIMs, signposted within the form with subheadings are listed below.
Section one: operating jurisdictions. This section requires a firm to list all of the jurisdictions assessed and considered as high-risk in which the firm has operated during the last two years, along with a list of all jurisdictions, whether high-risk or not, that the firm operates within at the end of the reporting period.
It is interesting that the report asks firms to use their own assessment on which jurisdictions are considered to be high-risk. There may be an inherent flaw in the information collected because if the firm had not been operating in a jurisdiction at the end of the reporting period, if may not feature in the firm’s answers at all, even though the FCA may perceive it to be a high-risk jurisdiction.
Section two: customer information. Section two requires information on how many relationships the firm has with politically exposed persons (PEPs). The firm is asked how many customer relationships the firm has with individuals within jurisdictions identified by the firm as high-risk, as well as the number of refused or terminated relationships.
The information is requested numerically, without further explanatory information. The nature and risk of PEPs can vary substantially between individuals. Simply the number of relationships that the firms has with PEPs may not accurately reflect the true risk appetite of the firm for risk. This failure to seek background information may reduce the usefulness of the information gathering exercise but it has been balanced against the onerous burden of having to provide detailed answers, especially given that most of the questions in the form are compulsory. The limited nature of the answers required may be an inherent flaw in the information collected. This issue is not confined to PEPs, but also relevant to non-EEA banks and all other high-risk customers, who are also included in the form.
Section three: compliance information. This section asks how many suspicious activity reports (SARs) the firm has reported to the National Crime Agency (NCA) and internally, as at the end of the reporting period, and the number of investigative and restraint court orders received as at the end of the reporting period.
Again, there is no opportunity or invitation for further explanation or background information.
Section four: sanctions-specific information. The form requires firms to confirm whether they have automated systems to cross-reference relevant sanctions lists. The report asks firms how many ‘true’ customer sanctions matches there are and to report whether they conduct repeat screenings of existing customers.
Section five: fraud. It is not compulsory to provide information on the most prevalent fraudulent activities that the FCA should be aware of, but firms are encouraged to answer the questions in this section. Firms are also asked whether the frauds identified remain constant or have increased or decreased.
Some concern has been expressed about whether firms should provide this voluntary information on fraudulent activity and how their responses might compare with competitor firms. While there is no obligation to answer, it is unclear how a failure to do so will be perceived by the FCA.
Concerns about the introduction of REP-CRIMs
Since the consultation stage, a number of concerns have been raised about the introduction of REP-CRIMs; some of these concerns have been addressed by the FCA, others remain unresolved.
Impact on customers
Firms, including banks, may refuse to enter new arrangements or may exit existing client relationships to reduce the numbers they provide in the REP-CRIM answers, for example, on how many of their customers are PEPs, high-risk individuals or those that reside in high-risk jurisdictions. If so, it would be very unfair on those individuals because the importance of having access to banking facilities cannot be underestimated. It would be unfortunate if the introduction of REP-CRIMs restricted individuals’ access to banking facilities, perhaps to the point of it becoming impossible. Such a disproportionate result must surely be contrary to the intention of the FCA.
Enforcement versus data collection
While the intended purpose of the collection of data is to help the FCA generally prioritise its resources, there is some apprehension that the information could be used to support enforcement action by the FCA into those firms providing the data.
Without the detailed background information needed to give context to the simple numerical answers, the REP-CRIM responses will not give a real insight into the firm. It would be entirely unsatisfactory if the FCA were to perceive those with high numbers to the various questions as having weak internal risk procedures.
Whether the FCA uses the collected information to investigate firms whose internal risk procedures are perceived to be insufficient, the REP-CRIM will act as an incentive to ensure firms’ internal procedures are robust.
Despite some initial concerns being raised, financial crime disclosures made in the REP-CRIMs will not trigger the ‘tipping off’ offence in the Proceeds of Crime Act 2002, because the defence in section 333D (disclosure to the relevant supervisory authority) will apply.
The FCA recognised that some firms had concerns about the introduction of REP-CRIMs and what information should be included in the reports. Firms will be comforted that for the first year, they can submit the data on a “best endeavours basis”, while any teething problems are resolved.
Rachel Cook is an associate at Peters & Peters. She can be contacted on +44 (0)20 7822 7772 or by email: firstname.lastname@example.org.
© Financier Worldwide
Peters & Peters