FCA sets out expectations on firms' financial crime systems and controls during the crisis

Viewpoints
May 7, 2020
1 minutes

The Financial Conduct Authority (FCA) released a statement on 6 May 2020 setting out its expectations for firms to combat and prevent financial crime during the COVID-19 pandemic. 

Operational Challeges

The FCA "recognize[s] that the current climate may give rise to operational challenges" but that firms should not seek to address these by changing their risk appetite. For example, firms should not "change or switch-off" any screening or monitoring controls to reduce operational burdens. The FCA states it will consider some delays in monitoring or review work such as ongoing customer due diligence reviews, or reviews of transaction monitoring alerts, as reasonable, if:

1) done on a risk basis, and

2) there is a clear plan to return to business as usual as soon as possible.

Customer Due Diligence

The FCA expects firms to continue to comply with their obligations on client identity verification, but states that there is "flexibility within existing requirements".

Rather than closing an existing customer account, for example, where information is not provided, firms may consider other ways of being reasonably satisfied with the customer's identity and make reasonable efforts to collect the information.

The FCA also sets out a list of potential alternative means of verification, but states that these "do not represent a relaxation of requirements" and that they do not necessarily "suggest that taking one of the means in isolation would be appropriate or sufficient verification". 

Methods include: 

  • accept scanned documentation sent by e-mail, preferably as a PDF 
  • seek third-party verification of identity to corroborate that provided by the client, e.g. from their lawyer or accountant 
  • ask clients to submit digital photos or videos for comparison with other forms of identification gathered as part of the on-boarding process 
  • place reliance on due diligence carried out by others, such as the client’s primary bank account provider, where appropriate agreements are in place to provide access to data 
  • use commercial providers who triangulate data sources to verify documentation provided 
  • use digital identity solutions to identify customers where a firm considers that the solution provides an appropriate level of assurance as to a person’s identity
  • gather and analyse additional data to triangulate the evidence provided by the client, such as geolocation, IP addresses, verifiable phone numbers 
  • verify phone numbers, emails and/or physical addresses by sending codes to the client’s address to validate access to accounts, and
  • seek additional verification once restrictions on movement are lifted for the relevant client group