Data Pool or Paper Push? The FCA’s new REP-CRIM
How much information can you gather by asking 35 Questions?
By requiring most firms subject to the Money Laundering Regulations (‘MLR’) to fill out a new Financial Crime Return (REP-CRIM), the FCA is trying to find out about their perceptions of and procedures to prevent financial crime. The REP-CRIM form comprises 35 questions designed to inform the FCA about a firm’s exposure to financial crime, involvement with high risk customers and compliance procedures.
It is worth noting at the outset that the explicit aim of the REP-CRIM is to increase desk-based supervision by combining crime-risk data collection and notification. This is, of course, an admirable attempt to streamline the process for all concerned.
Not a good start
As with many official forms, it gives the impression that the information it will gather would be of great use to the FCA. The questions are simple, few and address the core issues surrounding financial crime. However, this image does not survive a close reading of the numerous queries submitted by respondents to the FCA’s consultation on the form. For example, it was not initially clear whether a firm had to provide information on all its customers or only those served by the MLR relevant parts of the business (the FCA has clarified it is indeed the latter). Similarly, the FCA’s original intention was to require firms to report on all jurisdictions they considered high risk. Again, this was not clear from the relevant questions as written and was later abandoned. The FCA’s willingness to clarify and amend these matters is welcome, but the fact that such basic issues were so unclear in its initial draft of the REP-CRIM is to be wondered at.
Big data
Another issue with this new requirement is that, however simply phrased, many of the questions contained in the REP-CRIM require a great deal of work to answer. Many of the firms covered by these measures will be large multi-national corporations with thousands of employees and potentially hundreds of thousands of customers. Processing the relevant data might well be onerous indeed. One silver lining is that groups will be able to submit a single return for several companies (again, this was a response to a suggestion from the industry). This is, of course, a sensible move and should make the process considerably less demanding.
Quality v. quantity
Beyond the mere logistical problems, the FCA seems to be falling between the two stools of quantitative and qualitative data collection.
The simplicity of most of the questions will only provide an overview of the sector. However, the original proposals also required firms to submit their opinions on which jurisdictions were high risk and what types of fraud most affected their sectors. Meaningful answers to such queries would surely be better obtained by focused two-way engagement between the FCA and individual firms rather than through a standardised form. Assessments such as these are probably not going to be produced by the kind of data crunching the REP-CRIM responses will be subjected to.
It is also of note that the FCA has made opinion-seeking questions on which types of fraud are the most prevalent voluntary. Given the burden on firms and the complexity of the information required by these questions, it is likely that most businesses will not answer questions if they are not compelled to do so, no matter how much the FCA may encourage them. As a result, the FCA will be denied the industry-wide perspective it is presumably seeking. Equally, given that the questions are contained in an online-form with little possibility for follow-up questioning, the opinions gained are unlikely to provide any depth of insight. Thus, whilst making these questions optional is to be welcomed in itself, it will not assist the FCA in its quest for “better quality and more consistent comparable data”[1].
Similarly, one element of the REP-CRIM which was clearly designed to assess complex and subtle issues was the requirement for each firm to state how many relationships (with clients and agents) had been exited due to ‘reputational risk’. Following consultation this requirement has been dropped. Whilst this will be welcomed, it again deprives the FCA of information that could be very valuable.
Perhaps the questions most likely to produce crude or misleading results are those that require the firm to state the number of staff with “financial crime roles” and what proportion of those are dedicated to fighting fraud. Answers to these questions will, of course, be simple numbers. No information will be gathered about the quality, training or approach of these employees. One firm might have a relatively small compliance team that is empowered and highly effective, whilst another has a much larger team which is poorly resourced and inhibited by internal procedures. Given that the FCA will not know such details, it is difficult to see how such data will not lead to misconceptions by the regulator.
Not quantum theory, but still an observer effect
Another threat to the effectiveness of the survey comes from the FCA’s failure to take into account its own impact on firms’ answers. Asking firms to provide opinions on the industry, or relevant trends within it, risks firms relying on the FCA’s own published information in drafting their replies. For example, if a firm seeks to assess which types of fraud are most prevalent in its sector, it may well rely on documents provided by the FCA itself. This issue was explicitly raised by one respondent to the consultation. In response, the FCA merely confirmed that a firm could rely on FCA publications in providing its answers. The absurd prospect of the FCA basing its assessment of the risks of financial crime on data produced by itself and merely echoed back to it by firms who fill out the REP-CRIM beggars belief. Apart from the obvious waste of public money this entails, it is quite conceivable that the FCA might base its actions or policies on the information thus received. This would obviously be inappropriate.
It is hard to avoid the impression that the FCA has fallen into the twenty-first century trap of believing that all wisdom and truth can be divined through a (relatively) cheap online survey. The FCA might argue that, apart from being inexpensive, such information is easily collated and converted into statistics. Those statistics, in turn, make good material for both press releases and consultations on further measures.
A roadtrip to future regulation
One other feature of the REP-CRIM which may raise eyebrows is that a number of its questions appear to be aimed at laying the groundwork for further compliance measures. It doesn’t take a wild imagination to see answers to questions 27 and 29 (“Does the firm use an automated system(s) to conduct screening against relevant sanctions lists?” and “Does the firm conduct repeat customer sanctions screening?”) forming the basis of future drives to shape how firms deal with sanctions internally. Data collected directly from firms on these issues could be a used as a powerful rhetorical tool by the FCA in advocating for further regulation.
Overall, the REP-CRIM is an overly simplistic approach to tackling financial crime. Quantitative data must have a place in FCA decision making, but the reality is that criminal threats facing the financial services industry are often highly complex and subtle.
The FCA is keen to stress the broad benefits it expects to reap from the new reporting requirements, stating:
“The benefits of this proposal cannot be calculated in financial terms. The benefits of improved supervision derive from preventing the harms that arise from financial services being used for financial crime, both in terms of the underlying crime and the impact this has on the UK financial services sector.”[2]
Admirable though these goals may be, it is highly unlikely that the REP-CRIM will achieve them. The relevant issues are not readily amenable to data-crunching, but rather to careful and considered dialogue with the industry. Fraudsters don’t purely “do things by numbers”, nor should the FCA.
[1] See para 1.11 of Financial Crime Reporting: feedback on Chapter 6 of CP15/42 and final rules (online at: https://www.fca.org.uk/publication/policy/ps16-19.pdf)
[2] See para 3.19 of Financial Crime Reporting: feedback on Chapter 6 of CP15/42 and final rules (online at: https://www.fca.org.uk/publication/policy/ps16-19.pdf)
This article was originally published in Money Laundering Bulletin and can be found here, behind a paywall.