Transcript Document
FINANCIAL CRIME POLICIES OF REGULATED FIRMS. COMPLIANCE FORUM OF THE SECURITIES and INVESTMENT INSTITUTE, SEPTEMBER, 2006. PRESENTATION AGENDA • • • • • • • • THE HOLISTIC VIEW OF FINANCIAL CRIME THE REGULATOR’S PERSPECTIVE ESTABLISHING A FRAUD ADVERSE CULTURE DESIGNING THE PREVENTION & DETECTION STRATEGY THE FIRM’S POLICY & IMPLEMENTATION MANAGING A COORDINATED APPROACH ASSESSING RESULTS & MAKING A DIFFERENCE / BENEFITS & LINKAGES USEFUL REFERENCES THE HOLISTIC VIEW • FSA STATUTORY OBJECTIVE 4 “The reduction of financial crime; reducing the extent to which it is possible for a business to be used for a purpose connected with financial crime”. ( FSMA, 2000) THE HOLISTIC VIEW SYSC 3.2.6R “A firm must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements under the regulatory system and for countering the risk it might be used to further financial crime” REGULATORS’ PERSPECTIVE Philip Robinson speech – October 2004 “Fighting crime is therefore what we do. We have always required: a) Senior Management to take responsibility for managing fraud risks; and b) Firms to have effective systems & controls that are proportionate to the risks they face. This will continue to be our focus. But over the coming months we will be steadily paying more attention to firms’ arrangements for managing their fraud risks as part of our general supervising and other regulatory activities……….” REGULATORS’ PERSPECTIVE Regarding fraud the FSA will look particularly at: Does a firm have a strong anti-fraud culture? Is the lead being given from the top? Is there a clear allocation of responsibility for the day to day management of the risk? Employee training? A firm’s KYC procedures. What M.I. on fraud is captured? How is it used? ESTABLISHING A FRAUD AVERSE CULTURE. Your firm should : Have an insight into fraudsters’ motives Identify your key stakeholders. Recognise the “Fraud Manager cannot succeed alone. Agree on your key policy issues. A fraud averse culture recognises & addresses such issues through business ethics & HR policies in addition to more commonlyaccepted fraud prevention initiatives. ESTABLISHING A FRAUD ADVERSE CULTURE. KEY POLICY ISSUES: The firm’s code of business ethics The HR security of employment & disciplinary processes What constitutes “fraud” within the firm Roles & responsibilities Prosecution or disciplinary response M.I. requirements & Board / SMT involvement DESIGNING THE PREVENTION & DETECTION STRATEGY GOLDEN OPPORTUNITY TO TAKE AN HOLISTIC APPROACH BY: DOING A FRAUD RISK ASSESSMENT ALONGSIDE THAT REQUIRED FOR AML-CFT UNDER JMLSG 2006 & FSA SYSC RULES. KNOW YOUR VULNERABILITIES BY “THINKING CRIMINAL”!! FRAUD & AML-CFT RISKS MAY NOT BE THE SAME! GAP ANALYSIS TO REVEAL PRIORITIES TRANSLATE TO A POLICY + MANUALS / HANDBOOKS DESIGNING THE POLICY FORMAT: WRITTEN + EXPLAIN RELATIONSHIP TP OTHER POLICIES, e.g. Operational Risk, T & C. RISK ASSESSMENT + GAP ANALYSIS. ROLES: SENIOR MANAGEMENT OTHER CONTROL FUNCTIONS, e.g. INTERNAL AUDIT, RISK, COMPLIANCE, etc. SENIOR MANAGEMENT INFORMATION: WHAT, WHEN, HOW? DESIGNING THE POLICY - CONTENT EXTERNAL FRAUD: • Account Opening Checks • Robust firm/client instruction authentication • Illegal transactions under law of counterparty • Exceptions procedure to identify/flag suspicious activity DESIGNING THE POLICY - CONTENT EXTERNAL FRAUD: • Management sign-off on Third-Party payments • Physical security of documents of title • Fraudulent use of firm’s products/services by customers • Key Risk Indicators for customer accounts DESIGNING THE POLICY - CONTENT INTERNAL FRAUD: Clearly define what constitutes “internal” Separation of functions, e.g. front/back office Access to & use of IT/Systems Treasury Controls Purchasing – sourcing/procurement Recruitment of permanent & temporary staff The Outsourcing issue. IMPLEMENTING THE STRATEGY & POLICY IMPLEMENT BY: LINKING KYC COLLECTION WITH MONITORING ENSURING YOUR CONTROL FUNCTIONS TALK TO EACH OTHER! REVIEW RELATIONSHIP MANAGEMENT REGULARLY EMBED CONTROL FUNCTIONS IN NEW PRODUCT / SERVICE PROCESSES ENHANCE YOUR TRAINING TO REFLECT ROLES & RISKS IMPLEMENTING THE STRATEGY & POLICY INTERNALLY BY: COMMUNICATION, EDUCATION & TRAINING ADVISING ALL OF REQUIRED STANDARDS & CONSEQUENCES OF FAILURE. INCLUDE ON AGENDAS OF STAFF MEETINGS • reports back / reward staff / info. sharing OVERT & COVERT PREVENTION • checks & balances advised to staff • inevitability of discovery a deterrent WHISTLE-BLOWING MANAGING A COORDINATED APPROACH In line with JMLSG 2006 & FSA SYSC RULES: Document what is done & why. Top-level endorsement, support & commitment May need to forge / force a new relationship with H.R.? Use D.P.A. 1998, S.29 Gateway to sharing actively! Enlist I.T. to allow AML & Fraud activity monitoring Install a review process – alongside MLRO Annual Report? MANAGING A COORDINATED APPROACH The Risk-based Approach demands: COORDINATION – see JMLSG 2006,ch.1.35. INTEGRATION, NOT SILOS! GUIDANCE 2006 & SYSC RULES POSE SIGNIFICANT MANAGEMENT CHALLENGE THE MANAGEMENT CHALLENGE ALLOCATE CLEAR RESPONSIBILITIES DEMONSTRATE CONTROLS APPROPRIATE TO FINANCIAL CRIME RISKS ENSURE VISIBLE SMT / BOARD COMMITMENT ENSURE FIRM’S SOCA REPORTING & REPORTING & FEEDBACK IS SHARED MAKE PARTNERSHIP WITH LAW ENFORCEMENT & FSA A REALITY. BENEFITS & LINKAGES PILLAR 1, BASEL / CRD – OPERATIONAL RISK FACTORS PILLAR 2, BASEL / CRD – ICAAP & SREP ARROW 2 RISK MODEL – BUSINESS CONTROLS SECTION. ASSESSING RESULTS & MAKING A DIFFERENCE Extend content & frequency of MLRO / Fraud Manager / Internal Audit / Risk Manager reporting? Is the MLRO Report a model for others? Review training & competency regime Use M.I. to collate fraud/financial crime statistics to pinpoint weaknesses Note revised FSA fraud-reporting rules! Use feedback from ARROW 2 reviews, law enforcement & Govt. departments CONCLUSION – FSA EXPECTATIONS 1. “ Senior managers are the key to AML, and it is they who must take responsibility for their firm’s systems and controls……….A firm that assesses, manages and monitors its risks systematically, with suitable documentation, thereby puts itself in a position to comply with the legal and regulatory requirements over AML and to fight crime effectively (see for example, SYSC 3.2.6A R and SYSC 3.2.6G(3)G).” Source: Philip Robinson, FSA Financial Crime Sector Leader, letter to the JMLSG Chairman, 10th April, 2006. CONCLUSION – FSA EXPECTATIONS 2.. “ The partnership between us will be more important than ever as we seek to make a real difference in the fight against crime”. Source: Philip Robinson, FSA Financial Crime Sector Leader, letter to the JMLSG Chairman, 10th April, 2006. FINANCIAL CRIME POLICIES OF REGULATED FIRMS USEFUL REFERENCES: 1) 2) 3) 4) 5) 6) 7) 8) “Firms’ High Level Management of Fraud Risks” ( FSA Paper, February 2006). “The FSA’s risk- assessment framework”, Paper, August 2006. FSA SYSC Handbook. FSA letter to firms, March 2006 “Changes to our Supervisory Approach”. BBA/MHA “Fraud Manager’s Reference Guide”, 2005/6. The Fraud Act, 2006. The Fraud Review – Office of The Attorney General, July 2006. JMLSG Guidance, 2006. FINANCIAL CRIME POLICIES OF REGULATED FIRMS COMPLIANCE FORUM, S.I.I. -- 20th SEPTEMBER, 2006.