Ray: Hello and welcome to this special episode kicking off season four of The Dark Money Files in which we shine a light into a murky world. I'm Ray Blake and with me is my co host, friend and business partner, Graham Barrow. Hello, Graham
Graham: Hello, Ray
Ray: So what's all this about then, Graham?
Graham: Well, Ray, I've been thinking
Ray: Oh Graham, I wish you wouldn't. You know, it always causes trouble when you think.
Graham: Well, I know, But this time I think I've had the germ of a good idea.
Ray: Really? Yes. Well, I think I'm going to regret this, but go on.
Graham: Well, I was thinking, wouldn't it be handy if firms who were subject to regulatory supervision could have access to a document which specifically told them the FCA’s expectations of them with respect to money laundering, terrorist financing and other financial crime matters.
Ray: Okay, so a bit like the Joint Money Laundering Steering Group Guidance then?
Graham: Well, a bit. But I think a bit less dense and more focused on regulatory inspections rather than, say, policy development.
Ray: Okay, so not the Regs themselves? Are you suggesting we should write this guide then?
Graham: No need to Ray.
Ray: Somebody's beaten us to it.
Graham: They have.
Ray: But is it any good Graham
Graham: Ray, it's fantastic.
Ray: OK, so it's gonna be expensive then. Graham, how much is it?
Graham: Ray, it is priceless.
Ray: Well, I'm sure it is, but how much is that in pounds and pence?
Graham: No Ray. I was speaking absolutely literally. It is priceless. By which I mean it doesn't have a price. It is free for everybody.
Ray: Now, Graham, who on earth would put together a free and useful detailed guide on how to deal with a regulatory visit? It would need to explain what to prepare, what questions you could expect to be asked, what good looks like, what some of the common mistakes are that firms make and a host of other useful information. Who's going to go to all the effort and then give that away for nothing?
Graham: The FCA.
Ray: Ah ha. Now I get you You're talking about Financial Crime, A Guide For Firms
Graham: I am. And did you know it's just been republished in a 2020 version?
Ray: I did know that Graham and I think at this point is probably worth making clear that this isn't a sponsored edition of the podcast
Graham: No, I don't think the FCA does that sort of sponsorship
Ray: No, indeed. But I mean, it's a publication that we're happy to give a plug to. Everyone needs to see this, don’t they
Graham: If they want 2020 vision of the financial crime regulatory landscape. Oh, yes.
Ray: Oh, dear. You just can't help it sometimes can you? But I do agree. It's a fantastically useful document. Maybe we should spend a bit of time talking about it?
Graham: Exactly. Hence the special episode.
Ray: Well, let's get cracking then.
Graham: Where do you want to start?
Ray: Let's start at the beginning, shall we?
Graham: It's a very good place….
Ray: Yeah, Okay. The first thing you notice about the new version is that it's now only one document incorporating the expectations, the self-assessment questions and the examples of good and bad practise all in the one document.
Graham: I think that's a really good idea.
Ray: Yeah, it is. Absolutely. It starts by explaining how firm should use the guide, what it is and what it isn't,
Graham: Which is?
Ray: Well, it says that it's relevant guidance, but that it hasn't been approved by H M. Treasury.
Graham: Yeah, that's unlike the JMLSG, which is both relevant guidance and HMT approved
Ray: Probably worth making clear what those terms mean, Graham. Relevant Guidance means it's effectively got the FCA seal of approval, right?
Graham: It does. And other bit, the HMT approved for the JMLSG actually means that firms have to demonstrate, if they are held to regulatory account, that what they've done is equivalent to or better than the JMLSG.
Ray: Gotcha. Okay, so the guide also makes clear it's not part of the handbook itself, but it is there to provide assistance to firms. However, they should be conscious of the use of certain words in the guide when they're related to regulatory expectations.
Graham: They are. So do you want explain which one's.
Ray: Yeah, three short words. “Must” “should” and “may” because, when the FCA uses the word “must”, it means this is a mandatory requirement, either through legislation or regulation, “should” means there's scope for interpretation, and the firm might be able to meet its obligation in ways other than those described in the guide. Now, when it says “may” that describes good practise that goes beyond the basic mandatory requirements,
Graham: Which is interesting. So as a start, it wouldn't be the worst idea in the world for anyone using this guy to go through it and highlights a in three different colours the “musts” the “shoulds” and the “mays”.
Ray: So firms then have a clear idea about the things they absolutely need to show they're doing, the things they really ought to be doing, and the bits that then give the regulator confidence that the firm understands the difference between the law and its own risk appetite.
Graham: Just explain that in a bit more detail.
Ray: Okay, well, if you think about it Graham and taking those definitions into account, every bank has to be doing the “musts”. Almost certainly the “shoulds” as well. The “mays” the good practise elements, are where the firm has discretion. Now, of necessity, a bank's risk appetite, which we've spoken about before, goes beyond what the law says it must do and articulates the bank's own specific approach to the financial crime risks it faces. So in order to ensure it meets those banks specific controls, it will have practices that necessarily go beyond what's legally required.
Graham: Well, now that's a really good point, Ray? What else should firms try and get from the basic layout of the guide?
Ray: A number of things, I think. First of all, understand the use of bold font in the document. As in the use of vocabulary, words don't appear in bold for no reason. These words and phrases are clearly highlighted because the FCA regards them as particularly important.
Graham: Do you have an example?
Ray: I do. In Chapter two, there's a section on policies and procedures, and the first paragraph reads, “A firm must have in place up to date policies and procedures appropriate to its business. These should be readily accessible, effective and understood by all relevant staff. Now, within that paragraph, and you may have heard it in my narration, there are four words in bold, readily accessible, effective and understood. Now from that, I think it's reasonable to suggest that when the FCA comes to call the questions they want answered are going to be along the lines of “Where is your policy located?” “How do staff access it?” “Is it written in simple and unambiguous language?” “How do you ensure that all your policy statements are being implemented and achieving the right outcomes?
Graham: So by applying that logic to the entire document, you can as it were, create a road map to help in preparing, say, for a regulatory visit.
Ray: Yeah, or just ensuring that you're working to best practise. And there's another point here for our wider audience. Who aren’t in the UK, which is that there's nothing in this document that's especially UK centric.
Graham: Okay, so that anyone who works in anti-financial crime in any regulated jurisdiction could get significant benefit from it.
Ray: Yes, I believe so.
Graham: Excellent. Okay. Should we talk about the guide then in a bit more detail?
Ray: Yeah. Let's do that. What financial crime elements does it cover? Graham?
Graham: Well, Ray. There are chapters on financial crime systems and controls on money laundering and terrorist financing, on fraud, on data, security on bribery and corruption on sanctions and asset freezes on dawn, insider dealing and market manipulation.
Ray: Well, pretty much everything then.
Graham: Well, if we ignore the slightly thorny issue of tax evasion which sometimes is and sometimes isn't included in banks’ approaches to financial crime compliance, then yeah,
Ray: And each chapter I see is broken down into common elements. There's an introduction. Then it goes into themes, further guidance and then sources of further information.
Graham: Exactly. And that's helpful. To take each of those in turn and break it down a bit more, the introduction, for example, specifically states who should read the chapter, why they should read it and also to whom it may not necessarily relate.
Ray: Well, that's very sensible. When it moves on to themes, it then breaks down the main heading into its constituent parts. For example, the Money Laundering and Terrorist Financing chapter, which, not surprisingly, is one of the longest has subheadings, including governance. The MLRO, risk assessment, CDD, EDD, ongoing monitoring, etcetera.
Graham: So nothing too surprising then,
Ray: No, but a great aide memoir or cheat sheet both for internal use like conducting policy reviews, performing QAs or to help internal audit prepare a framework, as well as a really helpful document when facing an external review from the regulator themselves.
Graham: Now, of course, all of these things need to be done with clear sight, and that means divested of any potential confirmation bias,
Ray: Confirmation bias, Graham. The plague of compliance departments. Should we spend a minute or two talking about that?
Graham: Well, let's do that. Shall I kick off by giving a definition.
Ray: Yes
Graham: Okay. Confirmation bias is described as “the tendency to search for interpret favour and recall information in a way that confirms or strengthens one's prior personal beliefs or hypotheses. The effect is stronger for desired outcomes, for emotionally charged issues, and for deeply entrenched beliefs.”
Ray: So lots of those in compliance. The definition also includes the fact that people tend to interpret ambiguous evidence as supporting their existing position.
Graham: See that as well, don't Ray? So it's not hard to see how this could be a problem for those working in risk, either as first line owners of the risk or, in second line oversight, where the desire to protect an established position can be really strong, even in the face of contradictory evidence?
Ray: Well, it would certainly explain why so many banks fall foul of the regulator. And only with hindsight can they look back and say, How did we let ourselves get in that position?
Graham: Yes. So what can firms do to overcome confirmation bias? Obviously getting the guide is clearly one step on the way.
Ray: Yeah, but the guide ultimately can only provide a route map for the review or preparation process. It still requires the neutral interpretation of ambiguous or qualitative evidence, which could be very difficult if it was your job to ensure the controls were effective in the first place.
Graham: Which is why some firms have external reviews performed prior to a regulatory review, or maybe as part of a firm initiated policy review.
Ray: They do, and it does ensure fresh eyes. Although confirmation bias is still potentially an issue if that outside firm also produces services to address potential issues discovered…
Graham: That's a very polite way of putting it Ray.
Ray: Thank you, Graham. I did think about my words.
Graham: Okay, so that's confirmation bias. Of course, you find it in all walks of life, not just in compliance. And it's a really useful ability to be able to check yourself occasionally, whether your falling foul of its rather alluring tendencies.
Ray: Quite so. But back to the guide. Within the themes the FCA uses both anonymous examples of good and poor practise gleaned from their own thematic reviews as well as named case studies, mostly that relates to fines and final notices, to highlight the essential requirements within each theme
Graham: And a fair number of those have been mentioned by us before.
Ray: Yes, for good reason. Final notices are a treasure trove of how not to do things and often how to actually do them. They should be collected and form a library for every regulated firm to read
Graham: They should. The themes also contained a range of self-assessment questions, which are an essential part of self-analysis and testing, especially if a regulatory visit or an internal audit is on the horizon. After the themes comes the further guidance section, which directs readers to further reading, mainly within another very useful document, the FCTR or the Financial Crime Thematic Reviews, which we've just mentioned.
Ray: Yeah, now this is another brilliant tool for practitioners containing a summary and consolidated examples of good and poor practise for all of the FCA’s financial crime related thematic reviews since 2006 and there have been 17 of those in all,
Graham: I think we’ll provide links Ray, to both of these documents on our website to accompany this special episode so people can find them really easily.
Ray: Exactly. After the further guidance section comes the source off further information section. Now again, that's a really useful resource for firms, whether it's in the development of policy, putting together training or just checking their understanding.
Graham: Yes, it is. It references outside agencies and other published material. So, for example, at the end of the section on sanctions and asset freezes, it has links to the Office of Financial Sanctions Implementation. The OFSI, which is the part of the Treasury which specifically deals with sanctions
Ray: Yes, and also to the relevant sections off the JMLSG Part Three as well as to the UK’s Export Control Organisation website, the NCA website as well as relevant parts off FATF’s website.
Graham: Yeah, they have taken all that time in trouble, so you don't have to
Ray: Although it should never be a complete substitute. Firms should do their own research and development, but it makes a whole heap of sense to start from the guide and then decide what other information you might need afterwards.
Graham: It goes almost without saying, but I will anyway, that when we in the past may have performed these external reviews of firms control frameworks. It's been an essential tool for us to frame that review.
Ray: And with this new reworked guide, it will make it easier for us in the future when doing these reviews, helping make them even more effective. Being able to provide a firm with feedback structured against the guides, themes, examples of good and poor practise, and most importantly, the self-assessment questions is incredibly effective in helping a firm understand where best to focus their efforts
Graham: And so often in these cases, it can be in quite unexpected areas,
Ray: It certainly can. So that's the FCA’s Financial Crime Guide. What's next?
Graham: Well, we were going to take a break until the end of January. Hasn't quite happened and I know we have one or two really interesting projects and collaborations on the horizon. We may well be in a position to announce one or two of those shortly and that could well form the basis of some of our upcoming episodes. But there's a particular news story out there that's crying out for coverage.
Ray: Now I believe I know the one you're talking about
Graham: I'm sure you do. Ray. So let's do it.
Ray: I’m looking forward to it.