Is It Time To Trade In Your Old Financial Crime Controls?
October 2021 Martin Woods
On September 9 the Prudential regulatory Authority (PRA) and the Financial Conduct Authority (FCA) sent a joint letter to the CEOs of regulated trade finance businesses and banks engaged in the provision of such services. The regulators call directly for action to be taken and for firms to carry out a financial crime risk assessment. The letter follows the collapse of Greensill Capital and other commodity, supply chain businesses in the UK and overseas.
Over recent years supply chain financing has expanded as a business and this can involve the provision of letters of credit and/or standby letters of credit. When credit dries up, this can present significant cash flow problems to business that have become reliant upon the same.
In addition to credit risks, there are often financial crime risks which need to be identified, assessed and managed. Trade finance is commonly international and can involve high risk jurisdictions, multiple currencies and a number of related parties. The ‘Dear CEO’ letter sent to firms references a number of ‘recent assessments’ of firms undertaken by the regulators, which identified ‘several significant issues relating to both credit risk analysis and financial crime controls’.
A wholistic business-wide financial crime risk assessment
These ‘significant issues’ present risks to firms, the regulators, customers and the economy, hence the call for risk assessments. The letter is very critical and specifically calls out failings of due diligence in relation to individual transactions and red flags presented by the same. Thus, the letter calls for due diligence to be applied on a transaction basis, as well as a customer and where necessary related third parties, including the beneficiary of any funds to be paid. This wholistic ‘business-wide financial crime risk assessment’ needs to be the foundation upon which a firm builds and implements financial crime controls. For sure, the tow must align and when the regulator next visits your firm it is likely they will ask to see this risk assessment.
All of which leads to the question, what does a wholistic business-wide financial crime risk assessment look like? What is assessed, when, how and how often? The why is clearly articulated with the letter to your CEO.
Where to start?
The answer is customers, all regulated firms must know their customers and this extends to the potential financial crime risk each customer/group of customers presents to a firm/bank. It is reasonable and logical to assume, FCA and PRA regulated firms/banks operating in the UK will primarily or solely be providing trade finance facilities for and on behalf of their UK based customers. In the event your firm is providing such services to overseas and offshore firms, a good rationale for such business should be articulated and documented within each customer’s file.
Therefore, assuming the majority or all of a bank’s/firm’s trade finance customers are UK located and registered companies, they should be risk categorised applying a number of assessments, as set out below:
- Is the customer regulated by the FCA/PRA?
- Is the customer a subsidiary of a firm regulated by the FCA/PRA?
- Is the customer publicly traded upon the London stock exchange or equivalent?
- Is the customer a subsidiary of a firm publicly traded upon the London stock exchange or equivalent?
- Is the customer a government owned entity?
- Is the customer a high profile, privately owned company1?
- Is the customer being administered by a major accountancy/insolvency business?
- Is the customer privately owned?
- Has the customer been in business for more than 12 months?
- Does the customer have an operating address?
- Is the customer registered at a high-risk address (Is there such a thing?)?
- Has the customer submitted accounts to Companies House?
I could go on and I will later when we look at individuals connected to these businesses, but from the above a number of risk factors can be identified. Some can be used/leveraged to mitigate some of the risks and the due diligence undertaken by other parties, such as regulators or listing authorities can be leveraged.
Bluntly, experienced financial crime and due diligence practitioners determine low profile privately owned companies/partnerships present a higher level of risk than those publicly traded upon the Londin stock exchange and/or regulated by the PRA/FCA. The risk increases when the customer has not been in business for 12 months and has not submitted any accounts to Companies House. Then there are other factors:
- Has the customer registered the Data Commissioner’s Office?
- Is there evidence the customer has registered for VAT?
- Nature of a customer’s business
What a customer does is critical to the identification, assessment and management of risk, this extends to where the customer operates, sources materials/goods from and how they are shipped. In 2021 firms should require more than terms such as general goods, import/export and commodities.
Value, volume and frequency
The value of a customer’s business and transactions is equally a critical risk factor, simply put, higher value/volume of transactions carry an increased level of both financial crime and credit risk. Then we move onto the ownership and control of a customer’s business, this is simpler to establish and manage when the customer is publicly traded upon the London stock exchange as all of the information is within the public domain and can be verified. It is different with smaller, privately owned customers and consequently additional due diligence is required.
Firms don’t commit financial crime, people do
People are the primary risk when identifying, assessing and managing financial crime risk, hence who owns and controls a company/partnership really does matter. This must drive new thinking and cause some senior managers at some firms/banks to trade in their old financial crime controls.
OK, we are 900 words into this article and we have not progressed beyond customers, which demonstrates just how involved and important these financial crime risk assessments are. Equally the data used when making risk determinations and decisions is important. Hence it does matter that your customer is owned by a man who is shown to be the owner of hundreds of other companies, because he/she is likely to be a nominee, behind whom the real owners choose to hide. Likewise, a man who is, or has been the director of several other companies that have become insolvent is relevant, commercially and to manage financial crime risks.
Essentially most data originates with customers, even data provided to registers, such as Companies House, but not all customers, owners and controllers are honest. It follows not all information provided is accurate, so who can be relied upon? Some companies go behind the data and cross reference the same to join dots together and draw a true picture of a customer and were appropriate a customer’s connected relationships.
When undertaking business with companies or partnerships registered at Companies House, Kompli-Global provides the very best data, data that is far better than that available at Companies House. Moreover, they can monitor your customer, the directors, owners and the address where the customer is registered. It may help to know if other companies owned by your customer become insolvent or your customer sets up and becomes the owner/director of other companies. Kompli-Global can provide all of this information and much more.
All of this data can be automatically screened for negative media and simultaneously against up to data sanctions as well as PEP lists. Kompli-Global drill down into the data, and apply algorithms to identify connections which are not always apparent or presented by Companies House.
Ongoing customer risk monitoring
Using Kompli-Global data, firms/banks can choose between credit risk and/or financial crime risk monitoring. Such monitoring will ensure each privately owned UK incorporated company/partnership is maintained up to date and accurate, which will do away with the need to apply a periodic review of the corporate information for each customer.
Kompli-Global was founded by entrepreneurs who are themselves engaged in supply chain and invoice funding, they have applied their business, credit and due diligence expertise to design a service which works for their own finance business and are confident it can also work for you and your CEO.
Building the foundations for a new financial crime programme starts with a risk assessment, but if you do not know what to assess or how, then the programme will be weaker and may fail. The regulators have expectations and the CEOs are under pressure to live up to the same.
- The countries connected to each transaction
- The goods/commodity shipped
- Sanction risks
- Dual purpose goods
- Consultants and other third parties engaged in a transactions
- Governments and PEP risk
- The logic, sense and rationale for each transaction
- Unusual transactions
- Staff training
- Transaction monitoring
- Enhanced due diligence or the absence of it
- Governance and transaction approval
Well, there isn’t one, this is a never ending, ongoing process. The risk assessment must be maintained up to date and accurately reflect the financial crime risks and management of the financial crime risks in the firm’s/bank’s trade finance business.BACK