UK FCA reaffirms tackling financial crime as a top priority

On 19 March 2024, the Financial Conduct Authority (FCA) published its 2024/2025 Business Plan placing the reduction and prevention of financial crime as its number one commitment. 

This came hot on the heels of the FCA's assessment, last month, of its work to reduce and prevent financial crime as set out in its three-year strategy published in April 2022, in which it identified fraud as a growing issue to be tackled, with investment and authorised push payment (APP) fraud as special priorities. These updates come in the context of the wider government strategy set out in the Economic Crime Plan 2 and Fraud Strategy published last year, with details of its ambitions to reduce financial crime.

Progress so far

The FCA has reported a 40% drop in losses due to fraud in 2023, reversing a growth in losses in the previous year. This fall in overall losses comes despite recent criticism of the increased cost of expanding financial crime compliance, with a rise in incidence of firms expressly passing those costs on to consumers.

The FCA highlighted its work together with the Advertising Standards Authority, engaging with social media influencers, persuading Big Tech platforms to tackle illegal promotions and scam adverts, issuing warnings about particular scams, and running ScamSmart campaigns to raise public awareness.

Beyond fraud, the FCA has also developed a special tool to test firms' compliance with sanctions controls. It has also maintained a "robust" approach to money laundering from authorisation onwards, by rejecting candidate firms it considered unprepared (including 88% of crypto registrations). The financial regulator has also regularly liaised with industry, including targeted engagement with payments firms.

The FCA identifies four areas where effort from firms could help "shift the dial" on financial crime: data and technology, collaboration, consumer awareness, and metrics.

Data and technology

The FCA notes that fraud and cyber-attacks are increasing in scale and complexity as technology improves, including through the use of social engineering and artificial intelligence.

It says firms must ensure their systems and controls keep up. Firms should be using advances in technology themselves to help prevent financial crime, calibrating this to their own requirements and fine-tuning their systems as threats evolve.

As an example, the FCA cites a firm that used behavioural biometric tools to build up a picture of a "typical" customer for them, making it easier to spot anything unusual or suspicious.

The FCA says boards should be asking themselves how their firms can keep up with good practice and whether they are investing suitably in technology to address the risks facing them.

Collaboration

The FCA emphasises its own increasing co-operation with supervisors abroad to address cross-border risks and set effective international standards.

In this spirit, the FCA encourages firms to participate in data-sharing initiatives and explore the latest advances in the field to help build a better picture of the threats they are facing. 

The UK regulator notes that Pay.UK and UK Finance's work on an enhanced fraud-data system should facilitate data sharing between payment service providers. It is also working with the police to help design better intelligence sharing and supports the government's proposed reform of the anti-money laundering (AML) supervision regime, which should improve system coordination.

Consumer awareness

Raising consumer awareness is essential, the FCA says. Banks have invested in detection technology, with some success, so criminals are increasingly targeting consumers directly, such as through APP fraud.

The FCA has invested in public campaigns and warnings. Unfortunately, APP fraud remains prevalent. The FCA hopes the new reimbursement requirement coming into force in October this year will incentivise firms to find innovative solutions to the problem.

More generally, boards should be asking themselves if their firms are raising enough awareness of risk among their customers and how they can measure the impact of their efforts.

Metrics focus

The FCA, in keeping with its approach on other issues, expects firms to measure their effectiveness at tackling financial crime by setting outcomes and using metrics, with the FCA also continuing to focus on its own use of outcomes and metrics.

Boards should be asking themselves what metrics they are measuring, how these are tied to activities and budgets, and how their firms compare with their peers.

Osborne Clarke comment

While some progress has been made in tackling financial crime, the FCA believes bolder and more innovative solutions are needed. As the first line of defence, it is up to financial services firms to make use of new systems and approaches so they can face the evolving risks.

The FCA update is a reminder that AML compliance and financial crime controls cannot be treated as dry compliance exercises or simply outsourced to specialist software. They should be dynamic workstreams, repeatedly assessed as information comes in and updated when required; the risks may change but will not go away.

Firms will no doubt harbour concerns over the additional costs of the FCA's expectations. Incremental improvements in fraud detection and prevention methods come at an exponential cost, and the FCA has recently penalised some firms for seeking to pass these costs on to customers.

However, with the imposition of the mandatory APP fraud reimbursement scheme later this year, the cost may be a lesser evil. The stronger a firm's fraud controls, the lower the likelihood of complaints and the happier customers will be. This action is as much a commercial issue as a regulatory one.