Why Complete a Financial Crime Risk Assessment (FCRA) The FCA has revealed that

Why Complete a Financial Crime Risk Assessment (FCRA) The FCA has revealed that regulated entities are still not doing enough to identify, assess and tackle their financial crime risks within their business. The FCA have advised that a ‘Thorough understanding of a firm’s financial crime risk is key if a firm is to apply proportionate and effective systems and controls… []… A firm should identify and assess the financial crime risks to which it is exposed as a result of, for example, the products and services it offers, the jurisdictions it operates in, the types of customer it attracts, the complexity and volume of transactions, and the distribution channels it uses to service its customers. Firms can then target their financial crime resources on the areas of greatest risk’ [FCA – Financial crime: a guide for firm, April 2015] Due to the recent focus from the FCA upon businesses’ financial crime risks Aviva have developed this set of guidelines to assist our partners, brokers and suppliers in the completion of a FCRA for their business. These Aviva guidelines are neither advice nor a checklist to be used prescriptively to mitigate financial crime risks. We would recommend consultation with your legal and compliance department/contacts to conduct and implement a FCRA. What is a FCRA? A FCRA is the cornerstone to effective financial crime prevention. The process of completing a FCRA includes the identification, quantification and documentation of the financial crime risks for your business and thus the construction and provision of a sufficient framework for the management of these risks. It is important to remember that the completion of a FCRA is not an exercise to just identify and measure risk for the sake of it; it is to ensure a business is equipped to determine the appropriate response to their financial crime risks. How should a FCRA be completed? A FCRA should take into consideration all types of financial crime your business is vulnerable to; these include but are not limited to • Sanctions • Fraud • Bribery and Corruption • Terrorist financing • Money laundering • Market abuse Financial Crime Risk Assessment – Guidance for Partners, Brokers & Suppliers of Aviva Your internal and external financial crime risks should be identified based on various reliable and accurate sources of information. Sources you could utilise include the Financial Action Task Force or the National Crime Agency alerts. It is your own firm’s responsibility to ensure that all financial crimes represented within your business model are identified, articulated and documented within the FCRA. We would advise consideration to the FCA’s self assessment questions to assist in the completion of a FCRA. These are stated below; • What are the main financial crime risks to the business? • How does your firm seek to understand the financial crime risks it faces? • When did the firm last update its risk assessment? • How do you identify new or emerging financial crime risks? • Is there evidence that risk is considered and recorded systematically, assessments are updated and sign-off is appropriate? • Who challenges risk assessments and how? Is this process sufficiently rigorous and well documented? • How do procedures on the ground adapt to emerging risks? (For example, how quickly are policy manuals updated and procedures amended?) However these above questions are not exhaustive and should not be used as such, there are various other guidance documents available to assist with a FCRA. You should aim to take a holistic approach to all financial crimes risks. Controls implemented to mitigate a risk in one area e.g. verification of customers to mitigate money laundering can also act as a control to prevent fraud and ensure you have accurate information for sanction screening. You will also need to consider the impact of your financial crime risks, not only on the business, but how these impact your customers. The output of your FCRA should be documented and highlight • The financial crime risks which impact on your business • The controls you have in place • Any gaps in current controls Any recommended actions should be agreed and authorised by senior management. Financial Crime Risk Assessment – Guidance for Partners, Brokers & Suppliers of Aviva We have provided a template to assist in documenting and recording the outcomes of your FCRA. What factors should we take into account to complete a FCRA? The four main factors to take into consideration when completing a FCRA are • The jurisdiction you operate in • Type of product and services you provide • The type of Client • Distribution – the channels used to service your customers and the complexity and volume of transactions External sources which can assist with the assessment of these factors are Transparency International and their Corruption perception index (jurisdiction); the Egmont Group (product); the Wolfberg Group (customer and distribution). These are not an exhaustive list of all external sources which can be utilised. What Risks should be identified to complete a FCRA? There are 2 types of risks that need to be distinguished between to ensure an efficient FCRA. These should be applied to all financial crimes your business is susceptible to. They are; • Inherent risk: The risk before consideration of the mitigating effect of any controls. Consideration of inherent risk ignores the existence of controls and makes no assumptions about how effective such controls are. Consider what adverse events the business could be reasonably exposed to by its’ activities before mitigating controls are implemented. • Residual risk: The risk of an inherent risk after taking into account the mitigating controls that have been implemented. When should a FCRA be completed? The FCRA is not a one off process; this should be refreshed at regular intervals, at least annually, to meet the needs and requirements of your business model. New products, customer profiles, distribution channels or emerging risks within external environments may prompt you to refresh your financial crime risks more frequently. Any agreed upon actions from the FCRA need to be implemented. New systems, processes and policies should be appropriately communicated to staff ensuring they have an understanding of the purpose of their implementation and understand the role and/or responsibilities they have to make them effective. Financial Crime Risk Assessment – Guidance for Partners, Brokers & Suppliers of Aviva What tends to go wrong with businesses’ FCRA? There are a number of factors which are common pitfalls when completing a FCRA. These can include • Focus of the FCRA is too narrow, only a few risks are addressed. • The FCRA is completed as a one off process; this is not refreshed on a regular basis. • There is too much focus on internal sources of information – external sources of information are not utilised to take into account the changing climate of the wider world which could impact on the products they provide or the industries and jurisdictions they operate in. • Subsidiaries and branches can be too reliant on a FCRA which is completed at Group level, negating to take into account the local Market they operate within. If the FCRA is inadequately completed this can result in the implementation of severe and strict controls which are not proportionate to a business’s risk profile. This could mean resource and time are not used efficiently causing an adverse impact on the business, customers and staff. At the other end of the spectrum an inadequate FCRA could mean gaps in controls are not successfully identified leaving the business open to utilisation for financial crime, whether by data theft, money laundering, terrorist financing or fraud. Inadequate systems and controls to combat financial crime could also lead to regulatory censure from the FCA and businesses and staff to unwittingly breach regulations. Financial Crime Risk Assessment – Guidance for Partners, Brokers & Suppliers of Aviva RRDCG1174 01.16 uploads/Industriel/ risk-assessment-guide.pdf

  • 31
  • 0
  • 0
Afficher les détails des licences
Licence et utilisation
Gratuit pour un usage personnel Attribution requise
Partager