Financial Crime Assurance Review

  • Posted on: 26 May 2020

Often touted as an ‘AML Compliance Audit’ or something similar, an external financial crime assurance review provides payment firms with an independent opinion on the adequacy of their policies and procedures, and how effectively they are being applied. In this short article we highlight six reasons why a financial crime assurance review is so important.

1. Because 'they' say so!

In this case, ‘they’ refers to the lawmakers behind the Fifth Money Laundering Directive, enacted in the UK in the Money Laundering Regulations 2019 and reinforced in the Joint Money Laundering Steering Group guidance. This requires firms to establish an ‘independent audit’ function. Often, the size of a firm precludes the establishment of such a function within the firm itself, so this needs to be outsourced to a competent third party.

2 Because your bank says so!

Most payment institutions and e-money institutions will confirm that getting and keeping a bank account is difficult.  However, despite anecdotal evidence to the contrary, not all banks want to steer away from payments firms. Banks may look to an external review or audit as a means of assurance that the payments firm is up to muster, and an acceptable risk as a customer. 

Respected compliance consultancies may identify issues as part of an audit, but the bank may still be interested in establishing a relationship. We would actually go as far as to suggest that banks might be highly suspicious if a payment firm 'got a clean sheet'. Any issues picked up as part of the audit should be accompanied with remedial action to achieve compliance with the relevant legislation. The banks are looking to reduce their exposure to risk as far as possible and will want to see that the firm has at least a plan to achieve compliance; a compliant firm is clearly a better risk that a non-compliant firm.

3. To gain FCA authorisation

To be clear, financial crime assurance reviews are not required to be submitted to the Financial Conduct Authority (FCA) as part of an application for authorisation. The FCA will look at the information provided by the firm itself, in respect of its policies and procedures, rather than the content of any review undertaken by the firm. However, a pre-application review may identify to the firm any risks or issues that might be picked up by the FCA as part of its assessment of the policies and procedures, allowing them to address these before submission of the application.

4. To maintain FCA authorisation

As we have seen over the last two years, the FCA has increased its scrutiny of payments firms. Here, however, that scrutiny does not come from within the Retail Banking Directorate, but from the Financial Crime Supervisory Team at the FCA. They have been dipping their toe into the sector, seeking to engage a number of firms through telephone ‘interviews’ - on a sample basis (whether random or not) - gauging how payment firms comply with the financial crime requirements.

One of the questions asked is in respect of an external assurance review and when this was last carried out, suggesting this is very much what the FCA is expecting to see from firms. But don’t be misled by my earlier assertion; whilst supervision of financial crime is undertaken away from the Payments Supervision Team, any infraction in the AML/CTF space will be shared with them and may result in disciplinary action against the firm. Or worse.

5. To keep/attract investment

Investors are always looking for the potential for a return on their investment but, at the very least, that they don’t lose money. Investment in a compliant firm is a less risky option that one with compliance issues. Part of a due diligence exercise may well be for the investor to ask to see the last financial crime audit or, indeed, seek to commission one themselves. If not, they may look to the state of the firm’s banking relationship or regulatory relationship which, as we have seen, may themselves be contingent on a recent assurance review having been undertaken.

6. Because you want to!

A sixth reason might also be because you want to! The FCA has been banging its drum about ‘culture’ and expecting firms to be seen to be doing the ‘right thing’. Sure, firms may not always get it right, but a willingness to be seen to try will go a long way. An independent external assurance review will, therefore, fulfil your regulatory obligations, keep your banking partners happy, and provide you with peace of mind that you are operating in a compliant manner.

We offer a Financial Crime Assurance Review and often provide these for a payment services firms' management, banking partners and key investors. Many firms actually benefit from this service as part of an annual retainer contract that allows them to spread the fee over 12 months and have access to a reliable, specialist payment services compliance partner to deal with unwanted issues such as incident reporting, should they happen. 

Make an enquiry