FIN.

FCA finds poor practices in financial crime risk assessment controls

The FCA has published the findings from its multi-firm review of a range of firms’ business wide and customer risk assessment processes. Key findings included:

  • while most firms have a BWRA, not many were appropriately tailored – the FCA wants to see assessments that are quantitative and qualitative and which consider inherent risks, control effectiveness and residual risks and are formally assessed at least annually. It does not want to see assessments that fail to explain how each risk affects the firm, or which lack evidence or a clear process;
  • while firms do assess financial crime risk in their business strategy, growth and product development, it was often not clear how risk assessments link to the BWRA. Good practice includes planning for compliance and tracking actions to reduce risks, but often firms lack records and don’t deal with business expansion and change;
  • many firms understand that governance and senior management oversight is important, but many focus on fraud risk. Firms need continuity plans that are regularly reviewed and show clear, consistent and joined-up assessments.

The FCA wants firms to consider the findings and review their risk based approach to systems and controls. It is working with firms involved in the survey in whose practices the FCA identified weaknesses.

Emma Radmore