Out-Law News 3 min. read
03 Aug 2016, 10:30 am
Banks, building societies, investment firms, e-money institutions, consumer credit firms and life insurers are among the firms that will be subject to the new requirement when it comes into effect on 31 December.
General insurers will initially be exempt from having to submit an annual financial crime report, but the FCA has said it will look into "bringing them into scope at a later date".
The FCA has developed a standard template form that firms subject to the 'REP-CRIM' rules will have to fill out within 60 business days of the end of their next reporting period where that reporting period falls on or after 31 December 2016.
In the first year of the new requirement firms will be able to submit the data on a "best endeavours basis".
Under the new reporting obligations (55-page / 851KB PDF), firms will need to submit details such as the number of "politically exposed persons" (PEP) and other "high-risk customers" they have dealings with, as well the geographic areas in which those individuals are located.
Firms must also provide data on the number of 'suspicious activity reports' they have submitted internally as well as those disclosed externally to the National Crime Agency (NCA) or under a consent order.
Data to be disclosed will also relate to firms' compliance with international sanctions and should further detail what they believe to be the top fraud risks the FCA should be aware of.
The FCA also said that firms operating within a broader group structure will be able to submit a single financial crime report for a set of regulated firms within the same group "as long as the firms included all share a common financial year end".
In confirming the new requirement the FCA rejected concerns raised by some firms that in meeting their new reporting duties the companies might commit an offence of 'tipping-off'. The data to be collected will be gathered through GABRIEL, the FCA's electronic reporting system, the regulator said.
The FCA said it will publish "aggregated and anonymised financial crime statistics" using the data it collects, beginning in 2017.
"At present, our financial crime supervisory work relies on the use of ad hoc data requests to gather information about firms’ systems and controls," the FCA said. "We do not currently routinely gather information from firms about financial crime, the risks they are exposed to, or how they manage those risks. This affects our ability to operate a truly risk-sensitive supervisory approach in line with global standards. Consequently, we propose to introduce a financial crime return for the first time."
"We will use the data collected by this return to support our financial crime supervision strategy. Analysing the data will enable us to conduct more desk-based supervisory work than is currently possible. In turn, this will help us identify financial crime risks and trends, as well as possible emerging issues. It will also ensure we have better quality and more consistent comparable data, allowing us to accurately risk-rate firms and better target our specialist resources on firms that pose the highest financial crime risk," it said.
The FCA said it expects the data to help it "identify emerging intra- and cross-sector risks" and that the introduction of the new reporting requirement is likely to "reduce the need for us to make ad hoc data requests from firms".
"The introduction of the financial crime annual data reports sees through one of the commitments set out in the FCA’s business plan for 2016/17," said regulatory law expert Anne-Marie Ottaway of Pinsent Masons, the law firm behind Out-Law.com. "This will put an increased burden on firms who will need to ensure that their internal reporting systems can accurately capture the required data."
"Unsurprisingly the reporting requirement covers the number of customers who are categorised as high risk, whether by virtue of being a PEP or based in a high risk jurisdiction or sector, and includes questions on third parties, such as introducers and appointed representatives. Firms will also be required to disclose the number of reports that the bank staff make internally to the money laundering reporting officer and how many of those ultimately result in a suspicious activity report being made to the NCA. It will also seek to ascertain whether the number of staff allocated to financial crime work is proportionate to the risks the firm has identified," she said.
"Firms that haven’t allocated sufficient resources to address their financial crime risks, or that make very few SARs, given their customer risk can expect more scrutiny from the FCA," Ottaway said.