In this year's FCA Annual Public Meeting Ashley Alder (Chair) said that supervisory interventions and enforcement are both essential and that they complement one another - one preventative and the other a deterrent.
On enforcement, while the FCA got lots of audience questions (which FCA execs fielded pretty predictably) Alder himself said the board presently is focused on "how we develop an enforcement plan which targets the bad actors who cause the greatest damage".
In the meantime, FCA execs clearly most wanted to spend time talking about their supervisory interventions. So here are the highlights and how firms can respond.
Data is the answer
According to Chief Executive Nikhil Rathi, investment in tech and data is a key focus in order to "deal with the scale of harm ahead of us". Bleak. But Rathi struck an optimistic tone with a thought-provoking list of examples of its data analysis work:
- Using big data sets to tackle sanctions compliance.
- Web scraping to identify fraudulent adverts.
- Predictive analytics of complaints data to spot the biggest risks from firms.
- Interrogation of digital evidence at scale using new tech in order to progress its enforcement case pipeline. (For some time now we've wanted greater use of predictive coding in regulatory investigations. Has its time finally arrived?)
As the FCA makes greater use of big data, the patterns of harm it identifies and addresses may shift in unpredictable ways. And firms may want to do their own data analysis to identify potential issues for proactive investigation and remediation (before the FCA comes knocking).
This was one of the first opportunities that FCA enforcement co-head Steve Smart has taken to deliver public messaging (outside a written press release).
He used it to focus on the FCA's preventative work around investment fraud. His view: it's important to focus on “preventing investment fraud at source” - and the "vast majority" of that fraud originates online. So the FCA is working with Google and Bing to address problematic ads, and it's web scraping to identify scams following which the FCA asks hosts to take down content and the FCA adds relevant firms to its watch list for consumers to check.
Smart's main message for stakeholders: investment fraud prevention is a "team approach" working with regulated firms, government, other regulators including law enforcement, and especially tech companies. Smart says it's about sharing intel, identifying scams, and dealing with them quickly.
Let's see if Smart borrows more from the AML intel sharing approaches facilitated by the NCA (his last employer).
Pull up the drawbridge
On authorisations, Rathi again touted the FCA's efforts in "toughening up the gateway" with one in four applications now withdrawn or rejected (up from one in five last year and one in 14 two years ago).
According to Smart, this includes a robust focus on standards for financial crime systems and controls.
Speaking of which, Sarah Pritchard (Executive Director Markets and International) listed the most common AML non-compliance issues: governance/oversight, transaction monitoring, CDD, and failure to "maintain system and controls in a way that reflects [the firm's] evolving business model". Within the retail space, the payments and challenger bank sectors in particular are drawing the FCA's interest.
Let's sum up
- Do your own data analysis and proactive remediation.
- The FCA's preventative supervisory work will continue. Respond to it - and participate in it - collaboratively.
- Pay attention to your AML controls, especially if your business is rapidly growing or evolving.