FSA Small Firms Financial Crime Review

This article first appeared on www.complinet.com

FSA to small firms: must try harder

The FSA's recent review of small firms and their responses to their financial crime regulatory of requirements was spurred by critical evaluations of the sector by the Financial Action Taskforce and National Audit Office, both in 2007. The FSA visited some 159 small firms, which it described as a "manageable sample size" of the total of around 16,500 small firms that it regulates. The report is emphatically not guidance, but it includes a number of "questions to ask yourself", which are recommended reading.

Reducing financial crime is of course one of the FSA's five statutory objectives. The statutory definition of financial crime includes any offence involving fraud or dishonesty, misconduct in or misuse of information relating to a financial market or handling the proceeds of crime. However, for the purposes of the review the FSA did not look at market abuse, preferring to focus on the financial crime risks it sees as most relevant to the small firm sector: anti money laundering, data security and fraud. Firms are identified as potentially at risk from:

directly suffering from a financial crime; being exploited as a vehicle for financial crime; or actually carrying out a financial crime. Awareness encouraging, implementation "generally weak"

The FSA appeared broadly satisfied with the level of awareness of fraud crime issues anti money laundering obligations and customer due diligence. This was not enough to mitigate the 'several weaknesses' it found across the sector, mainly in the area of implementation of AML and anti-fraud controls.

Anti Money Laundering

The FSA found a "good general awareness of AML systems and controls". However, where external consultants had produced policies and procedures, these had generally not been tailored by the senior management of the firms to suit their particular business. In particular, the FSA noted a lack of financial crime risk assessments of different products. More worryingly, only a minority of firms had enhanced due diligence procedures in place to deal with high risk customer situations. The most common reason for this was that the firm believed their customers were low risk: however, they were unable to demonstrate how they had made this assessment.

Additionally, only 26% of all firms visited had any sanctions procedures in place and that of those that did have procedures, none had identified a "hit" on the UK...