The FCA wants “purposeful” AML systems and controls

A key buzzword coming out of the FCA over the past couple of years has been “purposeful”.

First, we had a call for firms to develop “purposeful” cultures. This being a culture that has an underlying purpose to it that would encourage people to speak up and promote diversity. In turn, this would lead to better outcomes for consumers and markets.

Now, the FCA has recycled the word “purposeful” in a recent speech by Mark Steward that stresses the importance of “purposeful” anti-money laundering (AML) systems and controls.

FCA AML requirements

As a reminder, the FCA requires firms to take reasonable care to establish and maintain systems and controls that are “effective” for countering the risk that the firm may be used to further financial crime (FCA Handbook, SYSC 3.2.6R).

Key points from Mark Steward’s speech

• Same old, same old: One of the FCA’s enforcement priorities has been (and, no doubt, always will be) issues relating to AML risk. Last year, the FCA imposed fines in excess of GBP130 million on firms for AML-related systems and controls breaches. The FCA has 42 ongoing enforcement investigations into firms and individuals relating to AML issues, including a number into individual Senior Managers. The FCA also recently started its first criminal proceedings against a bank relating to its AML systems and controls. These cases show the FCA’s continued focus on AML systems and controls.
• You don’t need to see it to believe it: One of the challenges for firms managing AML risk is that the potential harm may occur remotely from the systems and controls that are based in London. Mark Steward was critical of systems and controls that are “overly complicated, bureaucratised, vulnerable to gaming by less scrupulous players, and expensive” because management’s focus may be on the existence and maintenance of the system itself, rather than the end goal of the system. In other words, management may take a blinkered view of the risks and don’t spend enough time challenging whether the systems and controls are meeting the underlying purpose of their existence: to mitigate AML risk, no matter how remote the consequences of any systems and controls failings may be. Mark Steward said that: “Systems and controls that are purposeful, efficient and courageous in identifying suspicious activity are vitally important.”
• What’s new: Mark Steward referred to a couple of AML risks that have been on the rise over the last year. The first is about online investment promotions that relate to offers from unauthorised issuers. The FCA has stepped up its surveillance of these promotions and has also issued alerts on its Warning List to help consumers navigate the markets and avoid scams. The second relates to cryptocurrency firms that are not registered with the FCA. A similar list to the Warning List has been set up, named the Unregistered Cryptocurrency Business List. The idea of this is to safeguard consumers (and firms) by identifying cryptocurrency firms operating outside the ordinary channels.

 “Purposeful” AML systems and controls – what does it mean?

A starting point could be to look at how the word “purposeful” is used in the culture context. Here, the FCA has suggested that the purpose behind the culture is “meaningful”. This suggests that some form of meaning behind AML systems and controls is required for them to be “purposeful”.

The desired consequence of AML systems and controls is to mitigate the risk that bad actors operate within the financial services industry and carry out criminal activities to the detriment of the market and/or consumers. You could argue that systems and controls would be “meaningful” and “purposeful” if they are designed to achieve this objective.

However, if this is true, it seems odd to say that firms’ existing AML systems and controls (including those in relation to which shortcomings have been identified by the FCA) do not all share the same underlying purpose to mitigate AML risk even if the methods deployed (and degrees of success) may differ.

It is understandable that the culture within the financial services industry may not have been “purposeful” previously. Issues that have blighted the financial services industry, such as misconduct borne out of improper incentivisation, or forms of non-financial misconduct rooted in poor examples of “tone from the top” or conduct by middle management, required a shift in the messaging from the FCA about how a desirable culture may be achieved.

In contrast, the argument that existing AML systems and controls are not “purposeful” is harder to sustain. The objective of these systems and controls has not changed over time: that is, to mitigate and counter AML risk. It is just that, over time, the landscape in which firms operate has changed, raising further challenges. This does not necessarily mean that systems and controls are less meaningful or purposeful than they should be. Instead, perhaps the better characterisation of what Mark Steward is saying is that firms should ensure their systems and controls are fit for purpose. Otherwise, as Mark Steward suggests, there is a risk that complex systems “lose a sense of what they exist for”.

Does Mark Steward’s speech change the status quo?

Mark Steward appears to reinforce what was already required and expected of regulated firms. However, either way you look on it, a firm needs to take reasonable care to establish “effective” AML systems and controls. If it is helpful to re-conceptualise what firms need to be thinking about in this area by stating the importance of “purposeful” AML systems and controls, then it should encourage firms (and those responsible for firms’ systems and controls) to approach the crux of the issue from a different angle. Firms should continue to challenge themselves with the real question here: is what we are doing effective to counter evolving AML risk in our business?

Adapting to evolving AML laws is one of the nine key challenges for in-house counsel identified in Allen & Overy's 2021 Cross-border White Collar Crime and Investigations Review. Click here to read more.