The recent AML fines imposed on two financial firms in January 2023 demonstrate that financial crime compliance remains central to governments. FCAMoreenforcement agenda.
In this article, artificial intelligence providers don’t forget the elephant Analyze why organizations should begin reassessing their compliance programs after the FCA comes into force.
The fines are the result of additional enforcement actions against six more companies or individuals that have been regulated over the past 12 months for failures related to AML systems and controls, and have failed to put in place adequate governance. It adds weight to the FCA’s growing objective of targetingSystems and controls for effective countermeasures financial crime risk.
Poor staff training was identified as a central theme after being specifically mentioned as a recurring weakness in both cases in the summary of reasons for the regulator’s final notice action.
In one case, the FCA found that:
- Induction AML training was not specific to the company’s products or customers and did not provide tailored training based on individual roles and responsibilities.
- The company did not maintain AML training logs. Inadequate training was cited as a fundamental factor leading to other failures identified in relation to risk assessment, due diligence, and continuous monitoring.
In general, the FCA has expressed concern that staff with due diligence responsibilities are inadequately trained and therefore inadequately knowledgeable of the relevant regulatory requirements to carry out their role.
Is your company meeting the FCA’s expectations?
The FCA expects businesses to be actively involved in assessing and addressing competency-based risks related to financial crime. Poor practices, as defined in financial crime risk guidance issued by regulators, state that risks are directly manifested by employees’ inability to comply with, understand, or access relevant policies and procedures. Financial crime capacity is not regularly reviewed. No corrective action is taken and the risk identification process is passive and not proactive.
Over the past two years, the company’s inadequacies in training have also come to the attention of regulators. for example, final notice A report issued by the FCA in 2021 identified deficiencies in companies’ training programs, including reliance on inadequate or “one-size-fits-all” approaches to employee training, or employees completing mandatory training. The culture that does not is highlighted.
In addition to this, 100% of final notices issued contained criticism of company policies and procedures, specifically how employees of the company failed to comply with them; failed to monitor compliance with these and/or failed to take appropriate action. Address known instances of non-compliance.
Evaluate feedback from the field
In May 2022, Elephants Don’t Forget surveyed 299 compliance and risk professionals at a financial crime webinar co-hosted with financial services consultants. boville.
According to the poll, the top three areas where companies felt less confident that they were meeting the FCA’s expectations were:
- Enable senior management to articulate risks and controls (68%)
- Lack of real-time compliance data to manage financial crime risk (66%)
- Inability to design and provide training to identify and manage future threats (38%)
Is Compliance Measuring What Matters?
Research shows that a third of UK banks spend about 5% of their annual revenue on compliance. Combined, 28.7 billion is spent annually by businesses on his AML compliance costs alone. Spending by UK businesses is also expected to increase this year to over 30bn, reflecting heightened board-level concerns over financial crime risks, increased regulatory scrutiny and reputational impact.
As compliance pressures mount, businesses clearly need to assess whether doing more of the same is an effective strategy to counter the growing risks. Especially when regulators continue to highlight sources of obvious training failures within the industry.
The real cost of compliance
We know that the true cost of compliance is often completely underestimated. Especially when an employee’s thousands of valuable production hours are wasted on an ineffective compliance training regime. A set of unexciting one-size-fits-all routines often fuels compliance fatigue, fosters necessary regulatory learning engagement and, more importantly, provides key real-time competencies-based metrics I don’t. Risk for employers.
Rely on Staff Single Point-in-Time Pass Mark After taking a 10-question quiz at the end of a typical e-learning AML module (probably pass it with flying colors after many retakes) Employee It does not result in employees, especially new hires, having sufficient knowledge of the relevant regulatory requirements to perform their roles. The FCA’s summary of reasons for issuing a final notice action to these companies in January 2023 underscores this point.
Doubtful employee compliance assurance
Additionally, current methodologies for evaluating the quality and effectiveness of employee compliance training are questionable from an assurance perspective. Evidence suggests that the most common way companies determine training effectiveness is by measuring completion rates, and if 90-95% of his employees complete the training, the program is considered successful. considered.
In fact, this is a pivotal year in terms of UK regulatory reform, and compliance is also under attack from many geopolitical fronts. With today’s competing demands for corporate resources, it is understood that some pragmatism is required when evaluating strategies and approaches to staff training.
However, the underlying rationale underpinning the 2023 target and budget allocation may lie in ensuring access to key results-based metrics. In other words, measure compliance outcomes, not time spent or completion rate.
Compliance program reassessment
Financial crime, organizational culture, consumer obligations, and vulnerable customers are all important topics on the regulatory agenda, and businesses may find their compliance programs subject to closer scrutiny. If completion rate is now your primary measure of training program success, it may be a good time to re-evaluate your approach.
However, when viewed through a practical lens, most companies will likely continue to default to the single point-in-time assessment modality that has the lowest cost of service delivery. Instead of using the training box as a key enabler to strengthen your defensive line and improve your results, simply choose to tick the training box. Historically, principle-based regulation has not been a catalyst for rapid and dramatic change. It also appears that a greater level of individual scrutiny by the FCA will be needed to force certain companies to reassess their strategies.
Objectively, however, these recent enforcement actions demonstrate that regulators are willing to show their teeth and hold senior management accountable for their failure to implement and address weaknesses in their systems and controls. is shown.
Now, as regulators become more sophisticated in their use of technology and data to monitor businesses, how businesses combat the risk of financial crime and With increasing pressure to show whether they are improving their results, companies are considering options to provide a higher level of evidence and reassurance that they are focusing on the metrics that really matter I want to