Following a consultation in December 2015 and the publication of its policy statement in July 2016, the FCA published its new financial crime return (REP-CRIM) on 11 November 2016. The publication supports one of the key priorities set out in the FCA’s 2016/2017 business plan, which aims to tackle financial crime and ensure anti-money laundering compliance.
Background: the coming into force of the IFR
In December 2015, the FCA published a quarterly consultation paper (CP15/42) which explained that the FCA did not gather financial crime information from firms regularly, instead relying on the use of ad hoc data requests. As a result, CP15/42 proposed the introduction of a new financial crime report which would require firms to provide information including:
- the location of their customers;
- the jurisdictions that the firm has business in that it considers pose a high risk;
- the resources the firm allocates to tackling financial crime;
- the number of suspicious activity reports (SARs) the firm files with the authorities;
- sanctions and asset freezes; and
- the firm’s general views on which are the most prevalent types of fraud.
The FCA published a policy statement on the reporting of financial crime (PS16/19) on 29 July 2016, which would not usually be the case following a quarterly consultation. However, the FCA decided to do so in this case for “maximum transparency” as a result of the 32 responses received from firms and trade associations. The responses were largely supportive, but most asked for further clarification of definitions and the guidance notes. As a result, the FCA made some changes to its original proposals, including the following:
- an option for group-based reporting, rather than on a single entity basis
- clarifying that in relation to operating jurisdictions, firms need only report information on the jurisdictions in which the firm operates, or has assessed as ‘high risk’, within the last two years
- clarifying that firms may apply their own definition of PEPs when reporting on PEP relationships
- aligning the definition of ‘customer’ to match the definitions of ‘client’ and ‘customer’ in the FCA’s Handbook when reporting on these types of relationships
- requesting details of the number of consent SARs submitted, rather than as a percentage of the total number of SARs
- confirming that sanctions reporting is confined to customer screening information (rather than payment screening information)
- making optional the questions regarding the ‘top 3’ prevalent types of fraud firms have experienced.
Scope of application
PS16/19 states that the new regime will apply to firms subject to the Money Laundering Regulations (MLRs). The rules include an exemption for certain firms whose revenue (as at the last accounting reference date) is below a stated threshold – for example, electronic money institutions with revenue of less than £5m.
Firms that are subject to the reporting requirement will only be required to submit a REP-CRIM for areas of their business that are subjects to the MLRs.
In order to automate the process, the FCA will collect data through its electronic reporting system with the aim of ensuring it is in a standardised format, allowing for improved consolidation and cataloguing. Firms are required to submit the data annually in respect of their financial year ending on the latest accounting reference date.
As noted above, the requirement to complete the REP-CRIM will take effect from 31 December 2016 with the FCA’s new rules coming into force on that date. Following feedback on the length of the remittance period, the FCA has doubled the submission period from 30 business days to 60, with firms that have a 31 December year end required to submit in March 2017.
In PS16/19, the FCA confirmed that the first submission will be on a best endeavours basis due to the fact that the final rules will only be finalised during that period.
The FCA’s objective of standardising the format of the data in conjunction with automating the process will allow the regulator to not only detect firms that stand out from their peers but also highlight any failing in systems and controls.
Ahead of the first submission, firms should be considering each field set out in the REP-CRIM, and ensuring that there are processes in place to enable the collation of the information required. Compliance policies should be updated to ensure firms adopt procedures that analyse that data rigorously so as to justify the answer submitted to the FCA.