FCA Warns of Financial Crime Control Weaknesses in UK Challenger Banks

Challenger banks need to improve how they assess financial crime risk, with some failing to adequately check their customers’ income and occupation. Others do not have adequate risk assessments in place for customers, the UK’s Financial Conduct Authority (FCA) has warned.

Its review of challenger banks has revealed that while many used technology innovatively to identify and verify customers at speed, there were concerns about the level of due diligence and reporting to law enforcement.

A rise in the number of Suspicious Activity Reports (SARs) by challenger banks raised particular concerns about the adequacy of checks when taking on new customers. Weaknesses were also noted in customer due diligence (CDD) and enhanced due diligence (EDD) procedures, the FCA said. 

The Rise of the Challenger Banks

Challenger banks are a significant part of the UK’s fast-growing fintech ecosystem – and quicker onboarding times have often been an important part of their competitive appeal. However, the UK’s National Risk Assessment (NRA) of money laundering and terrorist financing warned in 2020 that criminals could be attracted to the fast onboarding process that challenger banks advertise, particularly when setting up money mule networks.

Sarah Pritchard, Executive Director, Markets at the FCA said: “Challenger banks are an important part of the UK’s retail banking offering. However, there cannot be a trade-off between quick and easy account opening and robust financial crime controls. Challenger banks should consider the findings of this review and continue enhancing their own financial crime systems to prevent harm.”

Although this review was aimed at challenger banks, its advice should be considered by all firms dealing with anti-money laundering (AML), as the shortcomings and recommendations could be pertinent to all. Key areas for improvements include: 

• Customer risk assessment (CRA). The CRA frameworks in some challenger banks were not well developed and lacked sufficient detail, with customer risk assessments not always in place. Most challenger banks did not obtain details about customer income and occupation.
• CDD and EDD. Some challenger banks failed to have the required CDD procedures at the customer onboarding stage, showing an overreliance on their transaction monitoring systems to identify higher risk customers.“No matter how good a transaction monitoring system is, firms must still comply with the relevant CDD requirements. Moreover, inadequate CDD will mean a less effective transaction monitoring system” the report warned. There is a need to consistently apply EDD and document it as a formal procedure in higher-risk circumstances, for example when managing politically exposed persons (PEPs).
• Financial crime change programs.  Weaknesses in the management of financial crime change programs included inadequate oversight and a lack of pace in implementation, meaning that control frameworks were not able to keep up with changes to business models.
• Ineffective transaction monitoring alert management. Inadequate handling of transaction monitoring alerts included an inconsistent and inadequate rationale for discounting alerts by alert handlers, a lack of basic information recorded in the investigation notes, and a lack of holistic reviews of the alerts.

Transaction monitoring alerts were also not reviewed in a timely manner due to inadequate resources. The FCA noted that “This affected the challenger banks’ ability to make SARs as soon as is practicable, as required under the Proceeds of Crime Act 2002.”

• SAR and DAML submissions. There has been a large increase in the number of SARs and Defense Against Money Laundering (DAML) reports that challenger banks have submitted. However, these are often for very low amounts, which are less likely to result in law enforcement action. Firms have sent a significant number of DAML reports to the UK Financial Intelligence Unit (UKFIU) when exiting customers that do not fit their risk appetite. These customers shouldn’t have been onboarded and better controls and risk assessment may have identified them sooner. In some challenger banks, once a DAML is submitted appropriate blocks are not being applied, enabling a subject to continue transacting. The FCA also highlighted the need for more detail on contextual information in SAR filings – including an explanation of an analyst’s suspicions alongside transaction data – and a warning about the incorrect use of SARs to report fraud and/or send information about predicate offenses.
• Principle 11 Notification. There have been significant financial crime control failures, in which challenger banks failed to notify the FCA. Firms have an obligation under Principle 11 of the FCA’s Handbook to disclose anything relating to the firm that the FCA should reasonably expect.

The FCA’s next steps guidance provides more helpful information for firms:

1. Review the FCA’s observations and recommendations in detail and enhance financial crime frameworks 
2. Apply a risk-based approach to AML controls and ensure financial crime controls remain fit for purpose as businesses develop and grow
3. Ensure customer risk assessment and EDD adapt to the heightened risk of sanctions evasion, including identification of ultimate beneficial ownership in higher-risk corporate structures
4. Review the Treasury’s NRA to ensure firms have appropriately considered ML/TF risks as part of their risk assessments
5. Review the FCA’s Dear CEO letter to retail banks on common control failings identified in AML frameworks – these common themes equally apply to challenger banks 
6. Refer to the guidance produced by the Joint Money Laundering Steering Group
7. Firms should be prepared to update the FCA on their financial crime frameworks 

Find out more about AML for digital banks with our handy guide.