Financial crime - Q1 2024

In our latest financial crime regulatory update, we focus on the commitments outlined by the FCA in their latest business plan and upcoming regulatory changes concerning authorised push payment (APP) fraud, as well as a roundup of other regulatory developments.

FCA Business Plan 2024/25 – Financial Crime #1 Recommendation

The Financial Conduct Authority (FCA) unveiled its Business Plan for 2024/25 in March, outlining their focus for the next 12 months as they hit the mid-point of the 3-year strategy announced in 2022.

The plan is pivotal in achieving the operational objectives of the FCA strategy, which focuses on:

  • Reducing and preventing serious harm.
  • Setting and testing higher standards.
  • Promoting competition and positive change.

Reducing and preventing financial crime is noted as one of three core priorities in the Business Plan - also referred to as its public commitments, of which there are 13.

The FCA outline three key outcomes, the first relating to slowing growth in Authorised Push Payment (APP) fraud cases and losses. No surprise here given this is thought to impact more than 200,000 consumers a year. Slowing losses from investment fraud is also a focus and ties in with the FCAs enhancing its capabilities to identify and remove websites and social media accounts associated.

This is in addition to a continued focus on lowering the incidence of money laundering through supervision and enforcement. Proactive assessment of AML systems and controls for higher risk firms is noted as a particular focus as is supervision and enforcement of Sanctions systems and controls.

As a result, the FCA are increasingly using the data at their disposal to identify and target firms that may present a financial crime risk, be that from deficient systems and controls, to an unacceptable risk appetite or unauthorised financial promotions.  As stated in the business plan, the FCA will make “increased investment in our systems to use intelligence and data more effectively within our financial crime work, so we can target higher risk firms and activities.”

Moreover, the FCA note a number of continued activities, which include the use of enforcement powers for breaches of financial crime systems and controls, as well as proactive assessments of for those firms deemed higher risk.

Closer cooperation with partners such as the National Economic Crime Centre (NECC) and proactive supervision through the Office for Professional Body Anti-Money Laundering Supervision (OPBAS) is also noted, which is likely to result in greater sharing of information and alignment of intelligence gathering and supervision methodologies.

An increase in fraud awareness campaigns can also be expected to continue, in line with the focus on APP fraud and investment scams.

What management should consider

The Business Plan aligns with what we are seeing in the market and whilst it contains no significant surprises, it should serve as a reminder of key issues to focus on.

Firstly, ensuring that you are comfortable with your plans to deal with the increase in workload and ability to deal swiftly and competently with APP fraud.

Secondly, are you comfortable that the deployment of your AML/KYC and Sanctions screening solutions is efficient and operating effectively? Do they flag breaches?

Finally, are you comfortable that your financial crime framework is operating effectively, addressing the risks you face as a business and would stand up to regulatory scrutiny?

Customer Reimbursement Requirement – Payment Service Regulator (PSR)

The PSR’s 19 December 2023 Policy Statement (PS23/4) on mandatory reimbursement of authorised push payment (APP) fraud is leading to a ramp up in activity as firms get ready for the forthcoming requirements. Set out to aid victims of APP scams, a prevalent form of fraud targeting consumers into authorising illegitimate payments, the programme comes into force on 7 October 2024 and sets out requirements for PSPs to reimburse most victims.

Mandatory Reimbursement will initially include Faster Payments only, with CHAPS payments to follow. The PSR is overseeing the implementation through Pay.UK, the Faster Payments operator, with the Bank of England developing parallel regulations for CHAPS payments in the UK retail sector.

Outlined in the new scheme are key features including:

  • Mandatory reimbursement within five working days.
  • Costs divided equally between sending and receiving payment services providers (PSPs).
  • Maximum reimbursement cap of £415,000, and an optional £100 excess.
  • Both Faster Payments and retail CHAPS transactions fall under the program's scope, with special provisions in place for vulnerable consumers.
  • protection for vulnerable consumers for whom the claim excess will not apply.

The backdrop to the new requirements has seen an alarming surge in APP fraud cases, with a reported 200,000 incidents in 2022, resulting in losses exceeding £485 million. Past efforts to tackle this issue include stringent customer authentication requirements and the Contingent Reimbursement Code by the Lending Standards Board. Despite the implementation of Confirmation of Payee to 400 new PSPs in 2022, the UK Government remains concerned about the efficacy of existing measures, leading to the enactment of legislation allowing for mandatory reimbursement through the Financial Services and Markets Act 2023.

Underpinned by various policies, the reimbursement requirement entails sending PSPs reimbursing victims of APP fraud, with receiving PSPs obligated to pay 50% of the reimbursement. Exceptions apply in cases of customer fraudulence or gross negligence, with a time limit of five business days for reimbursements. Noteworthy provisions include a claim excess of £100, no minimum threshold for claims, and a maximum reimbursement level of £415,000. Vulnerable consumers are safeguarded from certain standards, emphasizing fair treatment for this demographic.

The reimbursement program encompasses consumers, microenterprises, and charities, with both Faster Payments and CHAPS participants mandated to adhere to the guidelines. Notably, while the PSR lacks authority to enforce reimbursement for payments within the same PSP, it expects responsible behaviour from PSPs in these instances.

What management should consider

PSPs in particular need to assess their strategy around protecting customers and the ways in which they can reduce the likelihood of them falling victim to instances of APP fraud.

Key steps they should consider include:

  • Assessing whether customer due diligence measures enable the identification of fraud indicators that can be used to assess customer fraud risk.
  • Assessing transaction monitoring systems, to spot known and expected APP fraud typologies.
  • Intelligence gathering measures, to ensure the organisation is factoring in up to date, live insights and trends related to fraud into its fraud risk assessment and related control environment.
  • Mapping existing and updated customer contractual arrangements, mandatory reimbursement requirements and system controls, to ensure there is alignment and an ability to carry through the necessary actions such as suspending transactions.

Recent and Upcoming Regulatory Developments

 An updated summary of some of the recent and upcoming regulatory developments we anticipate will impact financial crime compliance include:

  • In January 2024, a Sanctions Red Alert was issued by the National Economic Crime Centre (NECC), HM Treasury’s Office of Financial Sanctions Implementation (OFSI) and the Foreign, Commonwealth & Development Office (FCDO), working in conjunction with law  enforcement and financial sector partners as part of the Joint Money Laundering Intelligence  Taskforce (JMLIT). This Alert was created to provide information to UK businesses on common techniques suspected to be in use to evade sanctions on the export of high-risk goods, which Russia is using on the battlefield in Ukraine.
  • Guidance provided on 10 January 2024 set out the government position on money laundering reporting obligations in the Proceeds of Crime Act 2002 (POCA) as amended by the Economic Crime and Corporate Transparency (ECCT) Act 2023 following Royal Assent.
  • FCA Market Watch 77 shared observations on trade by organised crime groups (OCGs) and how firms can mitigate the risks of being used to facilitate their trade.
  • The FCA issued an update to its strategy on reducing and preventing financial crime on 8 February 2024, focusing on fraud, money laundering and sanctions risks, in particular. 
  • The UK released its new sanctions strategy on 22 February 2024. This included undermining Russian funds, addressing threats and malign activity, building international coalitions, and reinforcing sanctions implementation and enforcement.
  • On 22 February 2024, it was announced that the European Council has agreed that Frankfurt will be the location for the future European agency responsible for combating money laundering and terrorist financing, known as AMLA.
  • On 23 February 2024, FATF announced the removal of the United Arab Emirates (UAE) from its ‘grey’ list. Simultaneously, Kenya and Namibia have been added to the list, subjecting them to heightened scrutiny due to concerns over inadequate measures against money laundering and terrorism financing.
  • On 26 February 2024, the Wolfsberg Group (the “Group”) provided comments on the Consultation Paper “Travel Rule Guidelines”, highlighting the need for greater clarity with respect to the obligations for institutions emanating from the underlying “Funds Transfer Regulation” (FTR) .
  • The FCA announced their new approach to publicising enforcement investigations as well as changes to the Enforcement Guide on 27 February 2024, opening a consultation on the approach, which closes on 30 April 2024.
  • The Payment Systems Regulator provided an update on its work to prevent APP fraud in March 2024.
  • Companies House gains new powers on 4 March 2024, which include those that allow it to query information and share information with other government departments and law enforcement agencies.
  • The Wolfsberg Group released an updated Frequently Asked Questions (FAQs) on Country Risk on 4 March 2024.
  • The latest Dear CEO letter from the FCA on 5 March 2024 addressed to Annex 1 firms (supervised by the FCA for AML purposes but not authorised) outlined a number of deficiencies in their compliance with the Money Laundering Regulations and requested a gap analysis to be completed within 6 months of the receipt of the letter.
  • On 11 March 2024, the Wolfsberg Group updated its Statement on the Suppression of the Financing of Terrorism. The document has been revised and updated to reflect changes in Counter-Terrorist Financing (CTF) measures and the evolving nature of public-private cooperation. This includes guidance on role of FIs, key controls, risk mitigations and CDD.
  • Acknowledging the need to update the Money Laundering Regulations as a result of the evolution in financial crime typologies, unclear/ambiguous guidance and weaknesses in its effectiveness, HMT launched a consultation on improving the effectiveness of the regulations on 11 March 2024.
  • The UK hosted the first Global Fraud Summit on 11 March 2024, led by the home secretary and attended by G7, Australia, Canada, New Zealand, the United Kingdom, the United States, South Korea and Singapore, to discuss the threats posed by organised crime groups and how global law enforcement can tackle it.
  • HMT released a policy note on delaying payment processing when there are reasonable grounds to suspect fraud or dishonesty on 12 March 2024.
  • Following the February 2023 revisions to FATF Recommendation 25 on Beneficial ownership and transparency of legal arrangements, on 12 March 2024 FATF updated its risk-based guidance for this Recommendation. The new guidance complements the existing one on Recommendation 24 on legal persons and aims to help stakeholders from the public and private sectors to implement the new requirements more effectively.
  • The FCA released its business plan for 2024/25 on 19 March 2024, outlining its strategic priorities for the coming year. Commitment 1 regards 'reducing and preventing financial crime', and includes the outcomes they want to achieve, and key activities they will start and continue.
  • The Wolfsberg Group published updated principles for auditing a Financial Crime Risk Management Programme on 27 March 2024. Essential reading for regulated firms considering how to assess the effectiveness of their financial crime framework using Internal Audit type assignments.
  • The National Crime Agency (NCA) released on 30 March 2024, a statistical report on SARs files between April 2022 – March 2023, highlighting trends in financial crime detection and prevention. This adds extra insight into themes covered in the November 2023 booklet which outlined guidance around reporting Suspicious Activity Reports (SARs), with a focus on effective reporting practices.

Get in touch

If you would like to speak with a member of our team, please click the button below.

Contact us today

Want to know more?