In 2020, the UK’s National Risk Assessment of money laundering and terrorist financing suggested that criminals would likely be attracted to the fast onboarding processes offered by challenger banks. Where once individuals would have gone in-branch with a number of personal documents and identifications to set up a bank account, challenger banks now offer a streamlined process.
While this is appealing to customers, it also runs the risk of becoming appealing to criminals and fraudsters. In fact, the SEC recently noted in its 2022 examination priorities that it would be focussing on firms that are offering new products (or employing new practices) to assess whether their operations and controls meet regulatory expectations. Against the backdrop of potential loopholes within the compliance programmes of challenger banks, the UK’s FCA has conducted a review of the financial crime controls implemented by challenger banks, to establish whether they are effectively managing the risks.
What did the review find? While the FCA did find elements of good practice from challenger banks – especially in their use of emerging technology to manage customer onboarding – the regulator found more bad practice than good. In particular, it found:
1. The risks are the same
In terms of the risks faced by challenger banks – the FCA does not believe they differ significantly from those faced by well-established banks and incumbents. Indeed, it is not the risks that differ but the frameworks that are being implemented to manage and curtail such risks.
2. Speedy onboarding is leading to compliance gaps
The business model of the challenger bank is one of high-growth. The FCA acknowledges that they “may depend on rapid customer growth for survival” and, as such, speedy onboarding is in their best business interests. Or so one might think. However, the FCA’s review found that most challenger banks were not collecting enough information to comply with customer due diligence requirements. Moreover, some banks were failing to implement enhanced due diligence and were not documenting where formal procedures would apply in higher-risk circumstances. In turn, this is leading to loopholes, which mean that while speedy onboarding may initially be in the best interests of the business, it may soon take a negative turn where money launderers are allowed to take advantage of the gaps in the process. The FCA found that – even more concerning that gaps in financial crime risk assessments – some challenger banks had no risk assessments in place whatsoever.
3. Suspicious activity reports are on the rise for challenger banks
Perhaps owing to the fragmented approach to the onboarding process, the FCA’s review found a substantial increase in the volume of Suspicious Activity Reports (SARs) that have been reported by challenger banks across 2021. This suggests that the adequacy (or inadequacy) of challenger banks controls is already leading to malpractice and fraudulent activity.challen
4. Existing frameworks are not able to cope with the pace of change
While many challenger banks are founded in technology and innovation, their compliance systems are falling behind. In particular, the FCA said that it found weaknesses in the “effective management of financial crime change programmes” – meaning that there was a lack of pace of implementation for compliance. This means that, as challenger banks grow rapidly, their compliance controls and frameworks are proving unable to keep up with the pace of change.
The FCA added that it would expect “financial crime control resources, processes and technology to be commensurate with a bank’s expansion.”
How can challenger banks improve their financial crime controls?
Challenger banks are known as such because they seek to challenge the traditional model for financial services. Broadly speaking, they use advanced technology and online only App-based offerings to provide financial services to customers through smartphones – rather than offering in-branch or telephone banking. While their technology is advanced, the FCA’s review appears to show that elements of their compliance systems are still in development – or that they’re dedicating resource to innovation in their product, but not for compliance.
So how can challenger banks improve their financial crime controls?
1. Know your regulations
Sounds simple enough, but as challenger banks grow, they will need to know every regulation that applies to their business – in every jurisdiction that they operate in. Given the pace of regulatory change, this is no mean feat. As regulations change and business change, challenger banks will face a heady mix of regulatory change from all angles. The first challenge – which lays the foundation for compliance – is to know your regulations.
2. Implement processes, procedures and controls that address financial crime concerns and meet regulatory obligations
Once you know your regulations, you’ll need to implement them across your existing policies, procedures, and controls. Looking at the FCA’s review, this is where many challenger banks are going wrong. They know how to act in the event of malpractice, but they’re not taking steps to prevent it from happening in the first place. Again, technology is your friend here. Using sophisticated AI, CUBE automatically maps your relevant regulatory obligations to your procedures, policies, and controls. So you know what changes need to happen and where. Once these processes are in place, you’ll be alerted when they need to change. This alleviates the need for hours of manual, administrative work – so you can focus on getting a watertight KYC or due diligence process in place.
3. Invest in technology that grows and adapts with your business
It’s all very well pumping investment into a sophisticated product with an incredible UI if your customer base is then made up of emergent bad actors. As boring as it may seem, some of this resource is best spent on your compliance frameworks. Not only will this enable you to gain customer trust and reputation (with less bad press about fraud and market manipulation), it also means you’ll have a watertight, compliant framework on which your business can grow. All technology is not made equal, and you’ll likely need a compliance product that is adaptable, flexible and able to grow with your business. What if you want to expand into a new jurisdiction a year from now, or tackle a new business area? You should ensure your compliance technology is comprehensive enough to cover your back, but nimble enough to adapt with your changing business needs.