Financial Newsletters by He Is Legend


									Financial Crime Newsletter   An update from the
                             Financial Crime Sector Team

                             Issue No.11 – May 2008

                                               Introduction by               the regulators’ approach and the importance
                                                                             of public-private sector dialogue in the
                                               Philip Robinson
                                                                             AML/counter-terrorist finance (CTF) arena.
                                               Welcome to the 11th           This partnership approach, championed in
                                               edition of the FSA’s          the UK, has demonstrable resonance for
                                               financial crime newsletter.   other jurisdictions.
                                               We want it to keep you
                                                                             At last year’s Financial Crime Sector
                                               up to date with our
                                                                             conference, we announced the new
                             financial crime work, and other key issues
                                                                             Financial Crime and Intelligence Division.
                             related to financial crime.
                                                                             This year’s conference gave us a chance
                             We hosted our annual Financial Crime            to reflect on some of the division’s early
                             Sector conference at Old Billingsgate,          work. This included the thematic work
                             central London, last month. Thank you to        from the new Financial Crime Operations
                             everyone who attended and participated          team, we discuss in more detail below.
                             in what was a highly informative and
                                                                             Information security appeared regularly in
                             successful day. I am particularly grateful to
                                                                             the national press at the end of 2007, which
                             the many distinguished speakers who gave
                                                                             highlighted the importance to all types of
                             their time to support our ongoing work to
                                                                             organisation of keeping customers’ data
                             tackle financial crime. These included Rt
                                                                             secure. On 24 April, we released the results
                             Hon Jane Kennedy MP; Richard Thomas,
                                                                             of our major piece of thematic work on
                             the Information Commissioner;
                                                                             data security in financial services firms. Poor
                             Commissioner Mike Bowron, City of
                                                                             information security standards represent a
                             London Police; Paul Newham, National
                                                                             serious, widespread and high impact risk
                             Terrorist Financing Unit; and Sandra
                                                                             to our statutory objective of reducing the
                             Quinn, National Fraud Strategic Authority.
                                                                             extent to which it is possible for a business
                             The conference also had an international
                                                                             to be used for purposes connected with
                             dimension, with presentations from
                                                                             financial crime, and we will continue to
                             Jonathan Polk, Vice President of Bank
                                                                             work with firms to address these issues.
                             Supervision at the NY Fed, and Rick
                                                                             For more information on our findings
                             Small of the Financial Action Task Force.
                                                                             please see the articles on page 2 and 3.
                             Our CEO, Hector Sants, opened the
                                                                             On 14 March, we also published the
                             conference by reiterating the importance
                                                                             results of our thematic work on how firms
                             of keeping up our focus on financial
                                                                             have implemented a risk-based approach
                             crime despite the recent turbulent market
                                                                             to AML. We have seen many examples
                             conditions. This follows the commitment
                                                                             of good practice in both small and large
                             we made in our 2008/09 Business Plan to
                                                                             firms, especially in the way that larger
                             maintain our increased level of financial
                                                                             firms have embraced the risk-based
                             crime resources. His speech is available
                                                                             approach. We recognise that smaller
                             on our website (
                                                                             firms represent lower risk and have fewer
                             At our conference we heard from our two         resources; however, some showed clear
                             American speakers about the international       room for improvement, especially in staff
                             dimension in anti-money laundering (AML),       training and ongoing risk assessment. For
                             especially the importance of understanding      more details, see pages 3 and 4.

                             This is not FSA guidance                                                               Page N 1
The Joint Money Laundering Steering Group
(JMLSG) is an excellent example of how a
partnership approach to tackling financial crime
can work. Its guidance is written by the industry
and approved by the Treasury to give firms             Philip Robinson – Director
practical help in meeting their AML/CTF                Financial Crime and Intelligence Division
obligations. I would like to congratulate Jonathan
Taylor on his appointment as the new Chairman of
the JMLSG, and wish him success in his new role.       Poor data security a widespread
Another example of where partnership can bring         and serious problem
benefits is by sharing information. APACS, the UK
                                                       One of the major projects the Financial Crime and
payment association, regularly produces statistics
                                                       Intelligence Division undertook in 2007 was a
on card fraud which can help firms assess their
                                                       review of how firms safeguard their customers’
fraud risks. An article on their most recent data
                                                       personal data.
can be found on page 4.
                                                       Data security is relevant to financial crime because
Developing statistical evidence of trends in
                                                       personal data (address, date of birth, national
financial crime is one of the greatest challenges
                                                       insurance number, earnings, account details and
that regulators, law enforcement and firms face in
                                                       so on) is a valuable black-market commodity.
trying to tackle the problem. There is no generally-
                                                       Criminals buy and sell it in bulk to commit
accepted methodology that would enable us to
                                                       identity theft and related crimes such as account
measure the scale of financial crime or the social
                                                       takeover and mortgage fraud.
harm caused as a result of financial crime, or to
compare the severity of different types of financial   We published our findings on our website on 24
crime. This makes it harder for us to allocate         April. The alarming conclusion is that poor data
our financial crime resources in a risk-based,         security is a serious and widespread problem in
proportionate way. Our scale and impact project        the financial services industry.
aims to address this issue. For an update on its
progress, see pages 4 and 5.                           Firms are generally aware of the need to safeguard
                                                       personal data. They are beginning to understand
We’ve also included a series of brief news updates     more about the risk of data loss and are making
on the Financial Action Task Force, our financial      efforts to address it. However, there is a wide
crime perceptions survey, recent enforcement           gulf between the good practice demonstrated by
action against mortgage fraud, some bogus FSA          some firms committed to data security, and the
communications, and new members of our                 weaknesses seen in firms that do not understand
Financial Crime Sector team on pages 5 and 6.          the extent of the risk, and have not considered
One of the team’s responsibilities is to coordinate    appropriate controls. Smaller firms in particular
how we communicate with our financial crime            are not meeting the standard we expect.
partners. We are always interested to hear your
feedback on how we are doing in this area, and we      There are three main reasons for these shortcomings.
have developed a survey to collect your comments.      First, some firms do not appreciate the gravity of
                                                       this risk. Second, they lack the expertise to make a
You can find all the articles as follows:              reasonable assessment of risk factors and devise
                                                       ways of mitigating them. Third, they fail to devote
• Data security, pages 2 and 3
                                                       adequate resources to address this risk.
• Risk-based approach to anti-money laundering,
                                                       The efforts firms make tend to focus heavily on
  pages 3 and 4
                                                       information-technology controls such as anti-
• APACS fraud data, page 4                             intrusion software. At the same time, firms
                                                       often overlook common-sense controls in office
• Scale and impact project, pages 4 and 5              procedures such as passwords, secure waste bins
• Other news in brief, pages 5 and 6                   for confidential paper, and filing-cabinet locks.

This is not FSA guidance                                                                            Page N 2
We recognise that many firms are just beginning         We hope and believe firms will use these findings
to set up appropriate controls and need direction       to assess any potential deficiencies in their own
in this area. To meet this need, our report and         systems and controls. We have warned of the high
accompanying factsheets aimed at small firms            risk posed by poor information security standards
include useful and detailed examples of good            in each of the last five editions of our Financial
practice. Some important practices are:                 Risk Outlook, and in future we will consider
                                                        enforcement action where firms continue to fail
• senior management taking responsibility for           to meet the required standards.
  data security;

• risk assessment which is acted on;
                                                        The risk-based approach to
• written policies and procedures that are
                                                        anti-money laundering
  proportionate, accurate and relevant;
                                                        We have recently completed a major review of
• detailed plans for reacting to data loss, and
                                                        firms’ implementation of a risk-based approach to
  communicating with customers about what
                                                        AML, and on 14 March 2008 we published our
                                                        findings. The published report, which was the first
• simple and memorable guidance for all staff;          piece of thematic work produced by our newly
                                                        expanded Financial Crime Operations team,
• regular vetting to ensure that staff are not highly   involved visits to 43 firms in total. These ranged
  vulnerable to the temptation of data theft;           from major high street banks, building societies,
                                                        insurers and asset managers to some very small
• individual user accounts for customer
                                                        firms in both the wholesale and retail sectors. In
                                                        addition, we gathered information from around
• robust passwords containing a mixture of              90 small firms using a high-level survey. The
  letters, numbers and keyboard symbols;                overall aim of the project was to establish the
                                                        extent to which a wide range of firms had adapted
• secure disposal of confidential waste, using          to replacing detailed AML regulatory rules with
  shredders or disposal services; and                   much more high-level AML systems and controls
• checks to ensure that third-party suppliers           obligations, fleshed out by industry-written
  (such as IT providers and cleaners) have              JMLSG guidance. Firms also have to abide by
  equally robust systems and trustworthy staff.         their legal obligations under the Money
                                                        Laundering Regulations 2007.
This good practice is not defined as formal
guidance from the FSA. But firms should use it          Our report covered the key aspects of a firm’s
to ensure they have a proportionate, risk-based         AML systems and controls and, to help with
approach to data security, taking into account          analysis and comparison, we categorised our
their customer base, business and risk profile.         findings by size of firm: large, medium and small.
                                                        These findings included observations of good
Firms have legal and regulatory responsibilities to     practice adopted by firms, as well as some
safeguard their customers’ data. Our Principles for     examples of poor practice.
Business require firms to conduct business with due
skill, care and diligence, to take reasonable care      Overall, we were pleased to find many examples of
to organise and control their affairs responsibly       good practice, particularly in the way that large
and effectively, with adequate risk management          firms had fully embraced both the risk-based
systems. We also require firms to ‘take reasonable      approach to AML and senior management’s
care to establish and maintain effective systems and    accountability for putting in place, and maintaining,
controls … for countering the risk that the firm        an effective AML control environment. While we
might be used to further financial crime’ (rule         recognise that smaller firms have fewer resources to
3.2.6R in our Senior Management Arrangements,           devote to money laundering risk assessment and
Systems and Controls Sourcebook).                       risk mitigation measures, we still found clear room
                                                        for improvement in some firms. In particular, firms

This is not FSA guidance                                                                             Page N 3
must ensure their staff are adequately trained, and       £73.0m in 2004. Online banking fraud losses are
they should not treat reviewing their AML policies        also down. They have decreased to £22.6m, a
and procedures as a one-off exercise.                     33% drop compared to 2006.

An example of good practice that we quoted in             According to APACS, overseas fraud now
 the report was senior management responsibility.         accounts for 39% of total card fraud losses.
One major bank decided to appoint the money               APACS urges countries who have not already
laundering reporting officer’s line manager as the        done so to upgrade to the chip and PIN system
designated director with overarching responsibility       that has worked so well in the UK.
for AML controls. This director was seen as the
obvious choice for the role, given that his portfolio     However, cheque fraud losses and card-not-present
of responsibilities included fraud, risk and money        fraud losses both increased, reminding us and the
laundering. The bank’s decision formally to               industry that fraud prevention is still vital in the
appoint a Board-level senior manager to this              fight against financial crime.
position was viewed as reinforcing the importance         We take fraud, and indeed all financial crime in
of having a robust AML control framework in               the UK, very seriously, since reducing the extent
place. The director then decided the management           to which businesses can be used for a purpose
information on AML issues he had previously               connected with financial crime is one of our four
received was too unplanned and fragmented. So             statutory objectives. We are currently undertaking
the rule changes proved to be a catalyst for the          several projects on fraud, including investigating
bank establishing more organised management               how common it is in the mortgage industry and
information and a group-level Financial Crime             looking at the risks surrounding customers’ data
Risk Committee to consider relevant issues.               in the hands of third-party suppliers.
In contrast, we found some small firms did not            We are also increasing the number of our
have a robust approach to classifying the money           supervisory visits for the coming year to ensure
laundering risk associated with their clients. In one     that FSA-regulated firms have adequate systems
case, a wholesale small firm classified all its clients   and controls in place to counter the risk that
as medium or low risk, despite most of them being         they might be used to further financial crime.
based in Eastern Europe, North Africa and the
Middle East.                                              For the full APACS press release please visit:
Our report (available on our website) contains
several examples of good and bad practice, and
firms might find it helpful when reviewing their          Scale and impact of financial crime
own processes.
                                                          As a risk-based regulator, we aim to target our
                                                          resources at the areas of greatest risk to our
APACS release 2007 fraud figures                          statutory objectives. For financial crime, our
                                                          ability to do so is limited as there is no generally
APACS, the UK payments association, have                  accepted way of measuring the scale of financial
released their card fraud figures for 2007.               crime or the social harm caused as a result; nor
The report shows that total card fraud losses rose        can we compare the severity of the different types
by 25% in the past year to £535.2m and APACS              of financial crime.
say this is mainly down to the 77% (£90.5m)               In light of this, we have established the Scale and
increase in fraud committed overseas by criminals         Impact Financial Crime Project to help us get a
using card details stolen from the UK. In contrast,       better measure of the impact of all types of
domestic fraud dropped, as a result of the stricter       financial crime in the UK, and know where to
controls in the chip and PIN system.                      focus our resources.
Fraud on lost and stolen cards is at its lowest rate      The project has been split into two phases, with the
for ten years and losses from face-to-face                start of Phase II depending on the results of Phase I.
transactions are down by 66% from £218.8m to

This is not FSA guidance                                                                                Page N 4
Phase I, which is underway, is a critical analysis     Financial crime perceptions survey
of all published work and current projects on the
scale and impact of financial crime; the methods       During the last few months, we have been running
used to measure or assess the scale and/or impact      a survey of stakeholders and regulated firms to
or harm; and the quality of the results.               explore their perceptions of financial crime. The
                                                       survey looked at perceived increases and decreases
We will categorise financial crimes by their harm      in financial crime, and also the performance of the
and measurability. And we will try to identify         FSA and other bodies in tackling it. We conducted
what mechanisms we, given our legal powers,            a similar survey last year, which was designed to
can realistically use to bring about a reduction       act as a benchmark for future years.
in financial crime.
                                                       Early results show that most firms believe
The conclusions from Phase I, which we will            financial crime will increase over the next two
deliver by the end of the second quarter of 2008,      years. However, it’s encouraging that firms are
will give us a clearer idea of whether Phase II of     finding it easier to make a business case for
the project is feasible.                               allocating resources to tackle financial crime.
In Phase II, we hope to be able to develop concepts    We will publish an article on the detailed results in
and methodologies for measuring the scale and          our next financial crime newsletter. The results of
impact of financial crime. We plan to use these        last year’s survey can be found on our website at
tools to repeat the assessment regularly, enabling
us to identify trends in the scale, frequency and
impact of financial crimes over time and make
                                                       Mortgage fraud enforcement action
any necessary adjustments to our resources.
                                                       On 5 March, we published a final notice against
We realise this is an ambitious project. If Phase II
                                                       Andrew Talai Kiplimo, a mortgage introducer from
goes ahead, we expect to publish the results by
                                                       East London. This is the first time we have taken
the end of 2009.
                                                       action against a mortgage introducer. Mr Kiplimo
                                                       is no longer allowed to work in the financial
                                                       services industry. A lender gave us information that
News in brief                                          which led us to believe that he was responsible for
                                                       submitting mortgage applications containing false
News from the Financial Action Task Force              information, including substantially inflated
                                                       income and false employment details. Mr Kiplimo
The Financial Action Task Force (FATF), an AML
                                                       was then removed from a lender’s panel, but
and CFT standard-setting body, met in Paris last
                                                       continued to submit mortgage applications.
month. The FATF issued a warning of the higher
risks of money laundering and terrorist financing      These fraudulent applications, combined with
posed by deficiencies in six jurisdictions:            Mr Kiplimo’s conduct during the enforcement
Uzbekistan, Iran, Pakistan, Turkmenistan, São          investigation, have led us to the conclusion that
Tomé and Príncipe, and the northern part of            he is not a fit and proper person to perform any
Cyprus. In the case of Iran, this reiterates an        role in connection with regulated activities, and
earlier advisory notice issued in October 2007.        we advise brokers and lenders to exercise caution
Following this statement, the Treasury issued a        if he tries to send them business. For more details
press notice supporting the FATF’s work in this        of the case, please see the final notice, which is
area and providing advice to firms. This notice        available on our website at
is available on the Treasury’s website.      

This is not FSA guidance                                                                            Page N 5
Bogus communications
                                                       Contact details
We are aware of recent bogus communications
                                                       If you would like to be added to our distribution
claiming to be from the Financial Services Authority
                                                       list to receive this newsletter, or have any
(FSA) or the Financial Ombudsman Service (FOS),
                                                       questions about the content please email us at
asking the recipient for personal information.
These communications can be in the form of
phonecalls, emails or letters and they sometimes
use the name of a current or former employee and
provide a false contact number. We advise you to
remain vigilant to these hoaxes and to encourage
your colleagues to be alert.

If you are in any doubt about the authenticity of
a communication from the FSA or FOS, you can
contact one of the telephone numbers below:


• Authorised firms in the UK: 0845 606 9966
  (call rates may vary)

• General public in the UK: 0845 606 1234
  (call rates may vary)

• Overseas callers: +44 20 7066 1000

FOS – 0845 080 1800 (call rates may vary)

New members of the Financial Crime
Sector team
Arshad Rahman has joined as the new manager
of the Financial Crime Sector team, having
previously worked in enforcement, listing and
risk management. He recently returned from a
secondment to the City of London Police, where
he was responsible for planning the set up of the
National Fraud Reporting Centre and National
Fraud Intelligence Bureau.

We also welcome Martin Shaw , who will manage
financial crime communications. Martin comes
from Consumer Communications where he has
been working on our Moneymadeclear advertising
campaigns. We hope to improve communications
with our stakeholders and as a first step we would
welcome your thoughts on how we are doing.
Please fill in our short online survey at and have your say.

This is not FSA guidance                                                                            Page N 6

To top