FINANCIAL CRIME POLICIES OF REGULATED FIRMS. COMPLIANCE FORUM OF THE SECURITIES and INVESTMENT INSTITUTE, SEPTEMBER, 2006.

PRESENTATION AGENDA THE HOLISTIC VIEW OF FINANCIAL CRIME THE REGULATOR’S PERSPECTIVE ESTABLISHING A FRAUD ADVERSE CULTURE DESIGNING THE PREVENTION & DETECTION STRATEGY THE FIRM’S POLICY & IMPLEMENTATION MANAGING A COORDINATED APPROACH ASSESSING RESULTS & MAKING A DIFFERENCE / BENEFITS & LINKAGES USEFUL REFERENCES

THE HOLISTIC VIEW FSA STATUTORY OBJECTIVE 4 “The reduction of financial crime; reducing the extent to which it is possible for a business to be used for a purpose connected with financial crime”. ( FSMA, 2000)

THE HOLISTIC VIEW SYSC 3.2.6R “A firm must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements under the regulatory system and for countering the risk it might be used to further financial crime”

REGULATORS’ PERSPECTIVE Philip Robinson speech – October 2004 “Fighting crime is therefore what we do. We have always required: a)Senior Management to take responsibility for managing fraud risks; and b) Firms to have effective systems & controls that are proportionate to the risks they face. This will continue to be our focus. But over the coming months we will be steadily paying more attention to firms’ arrangements for managing their fraud risks as part of our general supervising and other regulatory activities……….”

REGULATORS’ PERSPECTIVE Regarding fraud the FSA will look particularly at:  Does a firm have a strong anti-fraud culture?  Is the lead being given from the top?  Is there a clear allocation of responsibility for the day to day management of the risk?  Employee training?  A firm’s KYC procedures.  What M.I. on fraud is captured?  How is it used?

ESTABLISHING A FRAUD AVERSE CULTURE. Your firm should :  Have an insight into fraudsters’ motives  Identify your key stakeholders.  Recognise the “Fraud Manager cannot succeed alone.  Agree on your key policy issues. A fraud averse culture recognises & addresses such issues through business ethics & HR policies in addition to more commonly- accepted fraud prevention initiatives.

ESTABLISHING A FRAUD ADVERSE CULTURE. KEY POLICY ISSUES:  The firm’s code of business ethics  The HR security of employment & disciplinary processes  What constitutes “fraud” within the firm  Roles & responsibilities  Prosecution or disciplinary response  M.I. requirements & Board / SMT involvement

DESIGNING THE PREVENTION & DETECTION STRATEGY GOLDEN OPPORTUNITY TO TAKE AN HOLISTIC APPROACH BY:  DOING A FRAUD RISK ASSESSMENT ALONGSIDE THAT REQUIRED FOR AML-CFT UNDER JMLSG 2006 & FSA SYSC RULES.  KNOW YOUR VULNERABILITIES BY “THINKING CRIMINAL”!!  FRAUD & AML-CFT RISKS MAY NOT BE THE SAME!  GAP ANALYSIS TO REVEAL PRIORITIES  TRANSLATE TO A POLICY + MANUALS / HANDBOOKS

DESIGNING THE POLICY FORMAT:  WRITTEN + EXPLAIN RELATIONSHIP TP OTHER POLICIES, e.g. Operational Risk, T & C.  RISK ASSESSMENT + GAP ANALYSIS. ROLES:  SENIOR MANAGEMENT  OTHER CONTROL FUNCTIONS, e.g. INTERNAL AUDIT, RISK, COMPLIANCE, etc. SENIOR MANAGEMENT INFORMATION:  WHAT, WHEN, HOW?

DESIGNING THE POLICY - CONTENT EXTERNAL FRAUD: Account Opening Checks Robust firm/client instruction authentication Illegal transactions under law of counterparty Exceptions procedure to identify/flag suspicious activity

DESIGNING THE POLICY - CONTENT EXTERNAL FRAUD: Management sign-off on Third-Party payments Physical security of documents of title Fraudulent use of firm’s products/services by customers Key Risk Indicators for customer accounts

DESIGNING THE POLICY - CONTENT INTERNAL FRAUD:  Clearly define what constitutes “internal”  Separation of functions, e.g. front/back office  Access to & use of IT/Systems  Treasury Controls  Purchasing – sourcing/procurement  Recruitment of permanent & temporary staff  The Outsourcing issue.

IMPLEMENTING THE STRATEGY & POLICY IMPLEMENT BY:  LINKING KYC COLLECTION WITH MONITORING  ENSURING YOUR CONTROL FUNCTIONS TALK TO EACH OTHER!  REVIEW RELATIONSHIP MANAGEMENT REGULARLY  EMBED CONTROL FUNCTIONS IN NEW PRODUCT / SERVICE PROCESSES  ENHANCE YOUR TRAINING TO REFLECT ROLES & RISKS

IMPLEMENTING THE STRATEGY & POLICY INTERNALLY BY: COMMUNICATION, EDUCATION & TRAINING  ADVISING ALL OF REQUIRED STANDARDS & CONSEQUENCES OF FAILURE.  INCLUDE ON AGENDAS OF STAFF MEETINGS reports back / reward staff / info. sharing  OVERT & COVERT PREVENTION checks & balances advised to staff inevitability of discovery a deterrent  WHISTLE-BLOWING

MANAGING A COORDINATED APPROACH In line with JMLSG 2006 & FSA SYSC RULES:  Document what is done & why.  Top-level endorsement, support & commitment  May need to forge / force a new relationship with H.R.? Use D.P.A. 1998, S.29 Gateway to sharing actively!  Enlist I.T. to allow AML & Fraud activity monitoring  Install a review process – alongside MLRO Annual Report?

MANAGING A COORDINATED APPROACH The Risk-based Approach demands:  COORDINATION – see JMLSG 2006,ch  INTEGRATION, NOT SILOS!  GUIDANCE 2006 & SYSC RULES POSE SIGNIFICANT MANAGEMENT CHALLENGE

THE MANAGEMENT CHALLENGE  ALLOCATE CLEAR RESPONSIBILITIES  DEMONSTRATE CONTROLS APPROPRIATE TO FINANCIAL CRIME RISKS  ENSURE VISIBLE SMT / BOARD COMMITMENT  ENSURE FIRM’S SOCA REPORTING & REPORTING & FEEDBACK IS SHARED  MAKE PARTNERSHIP WITH LAW ENFORCEMENT & FSA A REALITY.

BENEFITS & LINKAGES  PILLAR 1, BASEL / CRD – OPERATIONAL RISK FACTORS  PILLAR 2, BASEL / CRD – ICAAP & SREP  ARROW 2 RISK MODEL – BUSINESS CONTROLS SECTION.

ASSESSING RESULTS & MAKING A DIFFERENCE  Extend content & frequency of MLRO / Fraud Manager / Internal Audit / Risk Manager reporting?  Is the MLRO Report a model for others?  Review training & competency regime  Use M.I. to collate fraud/financial crime statistics to pinpoint weaknesses  Note revised FSA fraud-reporting rules!  Use feedback from ARROW 2 reviews, law enforcement & Govt. departments

CONCLUSION – FSA EXPECTATIONS 1. “ Senior managers are the key to AML, and it is they who must take responsibility for their firm’s systems and controls……….A firm that assesses, manages and monitors its risks systematically, with suitable documentation, thereby puts itself in a position to comply with the legal and regulatory requirements over AML and to fight crime effectively (see for example, SYSC 3.2.6A R and SYSC 3.2.6G(3)G).” Source: Philip Robinson, FSA Financial Crime Sector Leader, letter to the JMLSG Chairman, 10 th April, 2006.

CONCLUSION – FSA EXPECTATIONS 2.. “ The partnership between us will be more important than ever as we seek to make a real difference in the fight against crime”. Source: Philip Robinson, FSA Financial Crime Sector Leader, letter to the JMLSG Chairman, 10 th April, 2006.

FINANCIAL CRIME POLICIES OF REGULATED FIRMS USEFUL REFERENCES: 1)“Firms’ High Level Management of Fraud Risks” ( FSA Paper, February 2006). 2)“The FSA’s risk- assessment framework”, Paper, August )FSA SYSC Handbook. 4)FSA letter to firms, March 2006 “Changes to our Supervisory Approach”. 5)BBA/MHA “Fraud Manager’s Reference Guide”, 2005/6. 6)The Fraud Act, )The Fraud Review – Office of The Attorney General, July )JMLSG Guidance, 2006.

FINANCIAL CRIME POLICIES OF REGULATED FIRMS COMPLIANCE FORUM, S.I.I th SEPTEMBER, 2006.