The Financial Conduct Authority (FCA) has released a comprehensive assessment of sanctions systems and controls in financial services firms. The report underscores the critical role of these systems in preventing financial crime, particularly in light of the unprecedented sanctions imposed following Russia’s invasion of Ukraine in February 2022. The FCA’s assessment identified both areas of good practice and aspects needing improvement across five key themes.
Key findings and recommendations include:
- Governance and Oversight: Firms that had proactively planned for potential sanctions before February 2022 were better prepared to implement UK sanctions swiftly. Effective monitoring and review of sanctions implementation through management information (MI) were highlighted as crucial. However, the report identified instances where senior management did not receive sufficient MI to discharge their responsibilities adequately. The FCA noted a lack of quantitative and qualitative MI to enable effective oversight, risk identification, and trend analysis. This deficiency raised concerns that senior management couldn’t fully grasp the risks at their firms, hindering effective decision-making and performance evaluation. Additionally, some global firms’ policies were not aligned with the UK sanctions regime, leading to inadequate communication between global and regional sanctions teams. A lack of awareness regarding UK sanctions law, regulations, and guidance was also identified as a potential risk factor. The FCA expects improvements in these areas.
- Skills and Resources: Properly resourced sanctions teams are essential to avoid backlogs in dealing with sanctions alerts and enable quick reactions to sanctions risks. The report noted that some firms lacked the necessary resources, resulting in significant backlogs and increased risks of non-compliance.
- Screening Capabilities: Sanctions screening tools must be properly calibrated and aligned with the UK sanctions regime. While some firms demonstrated well-calibrated screening tools, others relied on third-party providers without effective oversight. The effectiveness of screening tools depends on their appropriateness for the UK sanctions regime and alignment with a firm’s risk profile.
- Customer Due Diligence (CDD) and Know Your Customer (KYC) Procedures: Effective CDD and KYC are essential for sanctions compliance. The report highlighted instances of low-quality CDD and KYC assessments and backlogs, which increased the risk of firms failing to identify sanctioned individuals. Firms should ensure they have robust procedures in place to prevent such failures.
- Breach Reporting: Timely and accurate reporting of potential sanctions breaches to the FCA, as well as to the Office of Financial Sanctions Implementation (OFSI), is expected from firms. The report noted inconsistencies in the timeliness of reporting across firms, with some taking weeks or even months to report breaches. Delays in reporting hinders the FCA’s ability to understand systems and controls issues as they occur and their work with firms to ensure those issues identified are being remediated correctly.
The report emphasises the critical importance of effective sanctions systems and controls in the financial industry, especially given the heightened sanctions environment following the Ukraine crisis. Ensuring compliance with sanctions is crucial not only for regulatory reasons but also to prevent financial crime and protect the integrity of the financial system.
The FCA calls on firms to consider the findings and recommendations outlined in the report. Firms are encouraged to evaluate their approaches to identifying and assessing sanctions risks, strengthen their measures to prevent breaches, and adapt to evolving sanctions landscapes. Staying informed about regulatory guidance, and actively engaging with the FCA in testing sanctions systems and controls are essential steps moving forward.
Here at Beyond MI, we specialise in building tailored suites of management information and reporting frameworks to help senior management identify areas of heightened financial crime risk, giving them the ability to put in place timely remedial actions. Our tailored suite of management information gives firms insights into their inherent risk exposure and oversight into the effectiveness of their financial crime control environment. Risk appetite thresholds should be applied to appropriate risk measures allowing firms to be alerted to measures reaching or breaching risk appetite triggers and limits.
Contact us today to see how Beyond MI can help enhance your suite of management information and risk reporting to senior management.