FCA’s REP-CRIM: more effort than use?
In the traditional game, asking twenty questions used to be enough to answer any question. So just imagine how much information you could gather if you asked 35 instead.
Most firms subject to the Money Laundering Regulations (‘MLR’) are now required by the FCA to fill out a new Financial Crime Return (REP-CRIM). This comprises 35 questions. Its purpose is for the FCA to learn about their perceptions of financial crime and their existing prevention procedures. The questions on the REP-CRIM form are designed to inform the FCA about each firm’s exposure to financial crime, their involvement with high risk customers and their compliance procedures.
The REP-CRIM is designed to increase desk-based supervision by combining crime-risk data collection and notification: an admirable attempt to streamline the process for everyone concerned.
Like many official forms, it gives the impression that the information gathered will be of great use to the FCA: simple questions addressing the core issues relating to financial crime. However, this impression does not survive closer examination of the myriad queries submitted by respondents on the form to the FCA’s consultation. Initially, it was unclear whether a firm needed to provide information on every customer or only on those served by the MLR relevant parts of the business: the FCA has since clarified it is the latter. Likewise, the FCA’s original intention was to require firms to report on every jurisdiction that they considered to be high risk. Again, this was not apparent from the relevant questions, and the requirement was subsequently abandoned. The FCA’s clarification and amendment of these matters is welcome, but for such fundamental issues to be so unclear in its initial draft REP-CRIM is of concern.
There is more. However simply they may be phrased, many of the REP-CRIM questions require considerable effort to answer. This is especially the case because many firms covered by these measures are large multi-national corporations with tens of thousands of employees and potentially hundreds of thousands of customers. Providing the relevant data may therefore be extremely onerous. One notable concession – that groups can submit a single return for several companies – was made in response to an industry suggestion. Hopefully, this pragmatic move will make the process much less demanding.
Beyond logistical challenges, the FCA seems torn between quantitative and qualitative data collection.
The simplicity of most questions will only provide a sectoral overview. However, the original proposals also required firms to provide their subjective opinions as to which jurisdictions are high risk and what categories of fraud most affected their sectors. To derive meaningful answers, it would undoubtedly be better obtained through direct two-way engagement between the FCA and individual firms rather than from answers on a standardised form. Such assessments are probably not going to be created by the kind of data crunching to which the REP-CRIM responses will be subjected.
In addition, opinion-seeking questions on which categories of fraud are most prevalent have been made optional. Given the burdensome complexity of the information required by these questions, it seems likely that if they are not compelled, most businesses will not answer them, no matter how much they are encouraged to do so. Consequently, the FCA will not gain the industry-wide perspective it is presumably seeking. Although making such questions optional rather than mandatory may be a welcome step, it will not serve to assist the FCA in its quest for “better quality and more consistent comparable data”[1].
Designed to assess complex and subtle issues, one original element of the REP-CRIM was the requirement to state how many relationships (with clients and agents) had been exited because of ‘reputational risk’. After consultation, this requirement has since been dropped. Again, a welcome step, even if it too deprives the FCA of potentially valuable information.
Arguably, the questions most likely to deliver crude or misleading results are those requiring the firm to state the number of staff with “financial crime roles” and the relevant proportion dedicated to combatting fraud. Answers provided will just be numbers without any information on employee quality, training or approach. Some firms may have a relatively small compliance team, empowered and highly effective, while others might have much larger teams, either inadequately resourced or inhibited by internal procedures. Because the FCA will not know this information, it is difficult to envisage how data alone will not lead to misconceptions arising at the regulator.
A further threat to the survey’s effectiveness stems from the FCA’s failure to account for its own impact on answers given. Asking firms to provide opinions, or to identify relevant trends within an industry, risks their reliance upon the FCA’s published information when drafting their replies. So, if a firm wants to assess which categories of fraud are most prevalent in its sector, it might well rely on documents which the FCA has provided. This specific issue was raised by a respondent to the consultation. The FCA reacted by confirming that a firm could indeed rely on FCA publications when providing its answers. This creates the absurd, but very real prospect of the FCA basing its assessment of the risks of financial crime on data produced by itself which is then simply echoed back to it by firms who fill out the REP-CRIM form. Apart from the manifest waste of public money, it is perfectly possible that the FCA might base its actions or policies on information so received. Clearly, this would be inappropriate.
Overall, it gives the unfortunate impression that the FCA has fallen into the contemporary trap of believing that all wisdom and truth can be obtained through a (relatively) cheap online survey. No doubt, the FCA might argue that, cost apart, such information is easily collated and converted into statistics. In turn, statistics provide good material, both for press releases and for consultations on further measures.
In summary, the REP-CRIM presents an over-simplistic approach to tackling financial crime. Quantitative data certainly deserves a place in FCA decision making, but the harsh reality is that current criminal threats facing the financial services industry are both highly complex and unusually subtle.
The FCA is keen to emphasise the broad benefits it expects to reap from the new reporting requirements, stating:
“The benefits of this proposal cannot be calculated in financial terms. The benefits of improved supervision derive from preventing the harms that arise from financial services being used for financial crime, both in terms of the underlying crime and the impact this has on the UK financial services sector.”[2]
Admirable though they may be, it seems very unlikely that the REP-CRIM will ever achieve these goals. The relevant issues do not automatically lend themselves to data-crunching, but rather to careful and considered dialogue with the industry. Fraudsters don’t simply “do things by numbers”; nor should the FCA.
[1] See para 1.11 of Financial Crime Reporting: feedback on Chapter 6 of CP15/42 and final rules (online at: https://www.fca.org.uk/publication/policy/ps16-19.pdf)
[2] See para 3.19 of Financial Crime Reporting: feedback on Chapter 6 of CP15/42 and final rules (online at: https://www.fca.org.uk/publication/policy/ps16-19.pdf)
This article was originally published in Compliance monitor and can be found here.