Keynote address: Financial crime in the FCA world

Speech by Tracey McDermott, Director of Enforcement & Financial Crime, the FCA, at the FCA Financial Crime Conference, London. This is the text of the speech as drafted, which may differ from the delivered version.

tracey mcdermott speeches migration.jpg

Introduction

Good morning and welcome to the FCA's first financial crime conference.

Thanks to Ron Baxter our chair for today and to Martin for his opening remarks.

Martin's speech, the rest of today's line up of speakers and - perhaps most of all - the presence of all of you here today underscores the continuing threat that financial crime poses to the UK and the critical importance of the role that the financial services industry plays in helping regulators, government and law enforcement to tackle that threat.

Tackling financial crime is a key part of the FCA’s remit.   Access to legitimate financial services is a key mechanism by which criminals can reap the benefits of their crimes.  And if we, and the industry, get things right we can do a great deal to help make the UK a hostile place for criminals.

But this is not easy.  Most of those who use your services do so for entirely proper, law abiding purposes.  But not all - criminals - money launderers, fraudsters, terrorists and the like also need access to financial services. And the challenge for you, and for us, is how we can detect and prevent that abuse.

This is a battle where we are unlikely ever to be able to claim final victory.  Crime will not go away and the pursuit of riches (legitimate or illegitimate) is a great driver of innovation!  But the battle is one that we must continue to fight and one where we are, undoubtedly, stronger if the forces of good – the regulators, law enforcement and the industry – work together.

I hope today's conference will help us push forward that shared agenda by giving you an insight into our focus and the wider policy initiatives in this area.

And to set the scene – it is worth noting that while the battle may be constant – the news is not all bad.  The long-run statistical trends show that acquisitive crime in this country has been on a steady downward path for some years, in spite of a painful recession many predicted would cause such crime to rise.  The Office of National Statistics suggests crime has halved since 1995.

There are lots of theories as to why this might be.  Smarter policing and improved security technology have undoubtedly played a role in this.  But the financial industry’s efforts to identify suspicious activity and aiding law enforcement in their investigations has also played a role in making life harder for the career criminal, and contributed to the positive trends shown in the figures.

But you know as well as I do that criminal enterprises continue to look for new ways to exploit your businesses and your customers.  Industry statistics show that card fraud trends are moving in the right direction after peaking about five years ago. Technological innovations have allowed the card issuers to regain the upper hand against the crooks. But the numbers are still huge and for many of your customers, lingering uncertainty about the safety of payment technologies causes them to question the safety of the system as a whole. This illustrates why it is important that we, collectively, get this right.

The FCA’s role

So what is the FCA’s role? And how will we go about fulfilling it?

One of our objectives is to ensure the integrity of the markets.  A key part of that is ensuring that our markets operate honestly and that the firms we regulate understand, and manage, the financial crime risks that they face.  As regulator our job is to monitor how well you do that, to help you to do it better - and to take action where you fail to do it well.

As well as this overarching responsibility many of the firms we regulate are also subject to the Money Laundering Regulations 2007.  We have the job of overseeing the steps they take to meet the requirements of those regulations.

We look at financial crime risks in all financial services firms whether solo or dual regulated.  Our new sister organisation, the Prudential Regulation Authority, will be interested if, say, weak anti-money laundering controls or a large fraud poses a threat to the prudential health of an institution. But the day-to-day job of overseeing these risks sits squarely with us in the FCA.

So we look at financial crime risks and controls in some 26,000 firms. But that is not all.

From next April, we will be supervising tens of thousands of other businesses: consumer credit firms - the lenders, credit brokers, debt collectors, debt counsellors and so on - that are currently overseen by the Office of Fair Trading.  In our Consultation Paper published in March this year we proposed imposing the same general requirement on these firms to tackle financial crime as currently applies to the firms we regulate today.  This will be a substantial step up from what is required of some of them now.

It is clear there will be big challenges for us here. The financial crime risks in this sector are substantial. At the fringes of the consumer credit market there is much illegal and fraudulent behaviour.

For example, there is evidence that some businesses holding themselves out as being able to renegotiate people’s debts for them, or arrange new loans are actually able to do nothing of the sort: they are merely there to generate leads to sell on to others, or, in some cases, operate forms of advance fee fraud. Most of these rogue players are unlicensed: we face a big challenge in getting on top of this unauthorised activity.

And standards in legitimate operators in this sector may also often fall short of our expectations. The OFT’s recent enforcement actions suggest some firms offering unsecured loans have poor customer due diligence checks, and I am concerned data security standards in the consumer credit industry may fall short of what we’d expect to see in, say, banks or insurers.

So that is who we regulate. But what is it we look at? What does the phrase ‘financial crime’ encompass?

There is no exhaustive list or definition but here are some examples the kinds of danger we would expect you to be alive to:

  • First: money laundering.  Criminals’ efforts to distance their money from their crime is greatly aided by access to the financial system.  To guard against this, and to allow the authorities to trace suspicious funds, the law imposes a range of obligations on financial services institutions - to know who your clients are and where their money comes from.  It is our job to police how well you do this.  We also oversee your efforts to aid the authorities in tackling the funding of terrorism.

    Anti-money laundering standards are set at an international level by the Financial Action Task Force.  They typically enter British law via European Directives, and we are very grateful to Martin Frohn from the European Commission for travelling here to speak to us this afternoon: a new Money Laundering Directive is in the pipeline, and it will amend the existing arrangements to bring Europe’s requirements in line with international best practice.  We’ll hear more about this from Martin later.

  • Another key risk is, of course, fraud.  Businesses can be affected by fraud in many ways: they can be targeted themselves, by customers, staff, brokers, suppliers, opportunist crooks or professional criminals. Importantly, however, those who hold and control the money and assets of others can also unwittingly facilitate fraud against their customers or the wider public.

    Mishandling customers’ sensitive personal data can, for example, place customers at greater risk of being targeted or exploited by criminals.

    Or holding bank accounts for businesses that are, in reality, fronts for fraudulent conspiracies against the public: so called ‘boiler rooms’ and the like, can facilitate the rapid movement of money offshore while giving a cloak of legitimacy by association with your name and reputation.

    Where you may lose money yourself – because of a fraud on your business –you have a clear self-interest in combatting this.  And across the industry there is a long track record of firms cooperating to do so. Funding the banking and insurance industry has provided to specialist police units has been particularly effective.  But the incentive may not always be so clear cut when it comes to committing resources to protecting your customers or other third parties from being scammed. So we will focus our attention first on situations where people other than the firms themselves stand to lose money. For example, we will be likely to ask the question ‘What are banks doing to detect and prevent investment scams being committed against or by customers’ before we ask ‘what are banks doing to stop fraudulent borrowing’.

  • Sanctions breaches:  these have been much in the news in the last year -mainly as a result of enforcement action taken in the US for breaches of US sanctions.  But those cases are a timely reminder of the importance of ensuring that your organisation understand, and complies with, its obligations in this area.  The Government’s asset freezing regime prevents funds being made to specified individual people and organisations, including some located in the UK, without a licence.  In addition, there are wider sanctions relevant to some businesses: trade embargoes, for example, that firms financing international trade will be aware of, some of which prohibit UK financial firms from doing business with certain countries.

    Sanctions imposed after regime changes in North Africa and the Middle East over the past few years led to vast sums of money being frozen in the UK. But not all funds misappropriated by now-fallen regimes have been accounted for.  Financial firms must remain vigilant and continue to report any suspicions that they are in possession of the proceeds of crime to the Serious Organised Crime Agency, as well as informing the Treasury’s Asset Freezing Unit if they hold funds for a person or organisation on the government’s list.

  • And last for today - but certainly not least - I should mention bribery and corruption: we continue to look at the way in which firms manage the risk that staff or agents of firms may accept or offer bribes to secure new deals.

More details of our expectations of how firms should tackle these and other financial crime risks, can be found in our publication ‘Financial crime: a guide for firms’. This document is the main repository of information about financial crime and contains numerous examples of good and poor practice. It is a living document and is where we place the guidance material that, after consultation, flows from our thematic reviews such as the trade finance review you will hear about later today.

So those are some of the types of financial crime we are interested in.  But what, on a day-to-day level, are we actually doing on the ground to tackle financial crime?  It’s helpful to look at this in terms of the lifecycle of a regulated firm from when it first comes onto our radar when it applies to be regulated by us; through our on-going dialogue with that business, supervising it over time; and, for some firms, when we take action against wrongdoers - whether individuals or the firm itself.

First, the authorisations stage. An important way of keeping the financial industry clean is keeping people who lack integrity out of the sector. Indeed, many applications for authorisation from people wanting to buy or control or found financial firms fall by the wayside during the application process for exactly those reasons. This is often because of concerns about murky pasts turned up by our research and close intelligence-sharing relationships. These applications may not be formally turned-down – many applicants withdraw when they sense which way the wind is blowing. This is all part of our drive to keep undesirable characters out of finance.

This is a good moment to talk about the intelligence sharing arrangements we have in place: we are able to mine rich veins of information from a range of organisations and this is an invaluable resource. We are very lucky to have Stephanie Jeavons, Deputy Director of the Economic Crime Command at the National Crime Agency, speaking a little later: the NCA will be a key partner for us and I look forward to a close working relationship with them. Her presentation will give a fascinating insight into the work of this exciting new organisation. Links with agencies like the NCA, the Serious Fraud Office, other regulators, government departments, and police forces help us do our job and them to do theirs. And we do not just focus our efforts on the UK - we are focused on ensuring effective liaison with agencies worldwide – recognising that financial crime does not stop at borders.  A particular recent focus has been on further strengthening our links with regulatory and law enforcement bodies in the United States. Sharon Campbell, the head of the Financial Crime and Intelligence Department toured round a number of agencies in an exhausting trip a few months ago. Such liaison pays dividends and is a vital part of our work.

Moving on to our supervisory work, looking at, say, the measures firms take to detect and prevent fraud, money laundering, bribery, breaches of asset freezes. Our supervisors are supported by dedicated expert teams looking at these issues, and exploring practices in pockets of the industry seen as being potentially vulnerable.  Our thematic review into trade finance business is an example of this, as is our review, recently completed, into the asset management industry, that will publish its findings later this year. This should be a useful reminder if one is needed, that financial crime is not just about banks. Criminals are not fussy about the nature of the institutions that launder their money.

Trade finance thematic review

But let me talk about our other review into trade finance business. The business of issuing and reimbursing letters of credit, and other instruments that finance cross-border trade transactions, may be abused by criminals in many different ways. There will be a session immediately after lunch where Rob Gruppetta will explain our findings in detail. Our reviewers visited 17 commercial banks, large and small, as part of this project to look at the steps banks were taking to counter the risk that this business might be abused, and we will publish our findings shortly.

To some degree, an important purpose of letters of credit is to prevent financial crime - specifically fraud. When goods are shipped across the world, the exporter will quite reasonably be worried he won’t be paid, while the importer will be concerned her container will never arrive. These worries might mean the deal doesn’t happen. Trade finance instruments work to place the banks in the middle to make the transaction work. The importer’s bank vouches for his customer and, once the exporter provides documents to prove the goods were dispatched, makes the payment.

But this can be abused. The importer and exporter may be in cahoots to shift money across borders with an apparently-legitimate paper-trail when the reality is the shipping container contains fresh air rather than the expensive goods on the paperwork. It has been reported this is a common way for people to shift funds out of countries with controls on the export of currency, and some are concerned that criminal groups with more sinister goals could exploit these products in similar ways. Another risk that will concern a bank is that they will finance a trade that is in breach of an embargo, or is with a counterparty that is subject to international sanctions or asset freezes.

So what are banks doing in the face of these risks? What practical steps are being taken?

Some institutions do have strong defences; where we saw best practice, we were impressed with the thoroughness and depth of controls in place. A handful of banks, both large and small, appeared on top of this issue. What’s more, all the banks we visited seemed to take sanctions screening seriously; we did not have strong concerns about implementation of those defences.  But we were concerned at what we saw when we probed anti-money laundering controls.  Some banks have a lot of work to do to raise their game to the level of that of the best of their peers.  Our report will give some pointers to how this can be done.  We have listed some of the ‘red flag’ indicators that banks have said they found useful to identify riskier situations.  I found some of them intriguing.  Checking whether the cargo on the documents would fit in the container is deceptively simple check, but has apparently flushed out dodgy transactions in the past. That being said, every check that one bank said was invaluable, another dismissed as having not proved a good use of resource, so firms should, as ever, consider our examples of good and poor practice in the context of their own business model and experience.

Systematic anti-money laundering programme

Our thematic reviews are only one way in which our supervisory work considers financial crime.  Any number of conversations our supervisors have with financial firms will touch on financial crime related issues.  You won't always hear about all of those.  Where we identify weaknesses – weak anti-money laundering controls for example or sloppy data security standards – the levying of fines and public disciplinary notices is just one of the options available to us. It won’t always be the most appropriate tool – and it is rarely used in isolation.

So, on a day to day basis, we will be requiring firms to undertake remedial work and, in line with our emphasis on senior management responsibility, increasingly we will be asking for an identified and suitably senior individual to be responsible for the satisfactory completion of the work.  We will expect them to attest to its completion or more generally to the adequacy of relevant controls.

We will also continue to require firms to appoint skilled persons to look at any aspect of a firm’s activities that cause us concern or where we require further analysis. The 2012 Financial Services Act now allows us to appoint skilled persons directly. We can, and have, stopped big institutions from taking on new business while weaknesses remain.

We also have launched targeted pieces of work such as a recent effort to probe industry’s efforts to contain the financial crime risks in commodities trading. Clive Adamson, the FCA’s director of supervision, will add a lot of colour to this picture this afternoon.

An important strand of our work continues to be our in-depth periodic probes of anti-money laundering defences in the UK’s biggest banks – our systematic anti-money laundering programme.  This programme really pulls up the floorboards on a banks’ anti-money laundering and financial sanctions controls.  It is a detailed survey, of every stage of the process, from a new customer coming through the door, to where the bank shares information with the authorities about suspicious activity. Each review takes perhaps several months, including weeks or months on-site in banks.  It includes detailed documentary reviews, but goes wider to look at the entire organisational and management structure around anti-money laundering in an institution: finding those jobs that everyone assumed someone else was doing, but in reality was being done by nobody.  Several banks have gone through this process now, and we have found it to be a powerful and penetrating technique.  We may widen its scope in future, to cover other types of financial crime and classes of firm to ensure we are as effective as possible in our approach in tackling financial crime.

So what is the story so far?  What has this ‘systematic’ approach found?  Unfortunately, there are some consistent themes: we continue to be concerned by some banks’ treatment of high-risk customers and the steps taken to understand, for example, where well-connected senior public officials get their wealth from.  The damage that corruption poses to political systems around the world has led to requirements on banks to take extra measures when dealing with customers who may be able to abuse public office for private gain.  It is our job to police compliance with these requirements, and we are still, too often, left disappointed.

For the first time, this year, we will publish a report on our approach to supervising the industry’s efforts to tackle money laundering.  This will include statistical information about what we are doing and messages about what we tend to be finding.  This is a new initiative, but reflects our desire to be as transparent a regulator as possible and to look constantly at how effective we are, and how we can be more effective, in tackling our financial crime agenda.

This is consistent with a renewed emphasis at the Financial Action Task Force, on looking at the effectiveness of countries’ efforts: asking not just whether laws and policies are in place, but whether their application on the ground leads to the right results.

I know this is a subject close to the heart of Mikael Down from the Treasury, who will be our next speaker after the coffee break.  I’d like to thank Mikael for sparing time to be here this morning and talk through the many international initiatives underway to increase transparency in company ownership: initiatives that the UK is rightly pushing very hard on.  Forming a limited company gives its owners special, and actually quite remarkable privileges, such as protection from creditors in the event of bankruptcy. As a legal structure, it was invented to allow the risk-taking that is part and parcel of capitalism, but, this has, over time, been corrupted and abused: I find it very hard to see why the privileges afforded to a company’s owners should be extended to include anonymity, for example, which is now all too often a possibility.  Mikael’s session will be a very interesting introduction to developments in this area.

Enforcement

I’ll finish by talking about some of our efforts to tackle some of the worst types of conduct we see.

First, the outright frauds.  We have teams tackling the scammers operating at the fringes of the financial industry: share sale fraudsters, for example, who hoodwink investors into buying worthless securities, often passing themselves off as legitimate well-known firms to piggy-back on their reputations.  The FCA has very experienced teams of people able to combat these ‘boiler room’ frauds: our teams have close relationships with police forces across the globe: they have had people extradited; they have joined local law enforcers on dawn raids abroad, helping carry boxes and boxes of paperwork and computer equipment out of fraudster’s rented offices ready for forensic examination. We have frozen assets in the UK, and a member of staff recently travelled to Florida ready to give evidence in the trial of Paul Gunter and Simon Odoni, a major share fraud case brought by the US Department of Justice. This was the concluding part of several years of cooperation between the FCA, the Department of Justice and the City of London Police. Gunter and Odoni, who targeted and victimised UK consumers, were found guilty of multiple counts of fraud and now face lengthy sentences.   

We are committed to protect the public from this menace and we are making progress.  The statistics show that increasingly those who call us - having been targeted by a boiler room - have not invested.  Of course, there are still some who realise too late the nature of the call and who have all too often waved goodbye to substantial sums.  Overall however the trend is steadily downwards - which we attribute, in part, to the efforts we, and law enforcement partners here and overseas, have put into making life more difficult for the fraudsters and to educating potential victims about the risks. 

We recently filmed an interview with someone who narrowly avoided becoming a boiler room victim - this will be shown as part of the session this afternoon hosted by Felicity Johnston from our Financial Crime and Intelligence Department and Oliver Shaw from the City of London Police. This gives a human face to this crime: we all must know people, older relatives perhaps, concerned to preserve their savings in a world of negative real interest rates, whose trusting nature could let them fall victim to these cynical frauds.

But boiler rooms are not the only scams in town - there are constantly new innovations.  A significant area of focus at the moment is on pensions liberation - fraudulent schemes to ‘unlock’ pension pots.  If someone is offering to ‘unlock’ the pension of someone under 55 it is almost certainly a scam which will cost them dearly.  Our campaign in this area involves us working with the Pensions Regulator, HM Revenue and Customs, the police and others to raise awareness and look at practical ways these scams can be stopped.  The involvement of authorised firms and individuals in a pensions transfer can cloak a scheme with an unwarranted air of legitimacy.  We are therefore very concerned to ensure those advising or involved in this market really understand what they are getting into and are ensuring they give proper advice to their customers.  And firms should have no doubt about how seriously we will look at failures in this area.  We are however encouraged by the number of firms who are refusing to get involved and reporting issues in this area to us.

We are also targeting other types of frauds. These include land banking frauds and old-fashioned pyramid schemes.  A list of court actions as long as your arm shows that we mean business.  This is not the only use we put our investigators to: experienced staff in the FCA do the detective work necessary to skewer insider traders, for example.

I am also pleased with the sterling work of our whistleblowing service: anyone concerned about conduct they are aware of in the firms we regulate can call our dedicated line and expect to be treated with sensitivity and in confidence.  Great efforts are made to protect whistle blowers’ identities, and many investigations that lead to fines and other enforcement action have been prompted by such tip-offs over the years.

This is not the only way that enforcement cases are born: enforcement action has continued following our review two years ago of how banks handle high risk customers. In April 2013 we fined EFG Private Bank £4.2m for failures in its anti-money laundering controls.  We found the bank had not fully put its anti-money laundering policies into practice; due diligence checks they had performed on many customers revealed significant money laundering risks, including customers having been charged with criminal offences including corruption and money laundering, but the bank had insufficient records of steps senior management had taken to mitigate those risks. Other cases are on the go.  Much as we’d prefer to work in partnership with industry to tackle financial crime, we will not be shy of using our enforcement tools when this is warranted.

Close

I hope you enjoy today’s sessions. There is a packed programme and I’d strongly encourage you to engage with the speakers: questions are most welcome, and, when you are speaking to my staff, the trickier the better. It is important you keep them on their toes, and you might regret it if you pass up this golden opportunity to do so!