Gap Analysis in Response to 21 May 2021 FCA Dear CEO Letter (Retail Banks)
The FCA’s May 2021 “Dear CEO” letter to retail banks requires a gap analysis to be carried out against a number of Financial Crime areas where the FCA has noted common weaknesses.
Banks had until 17 September 2021 to complete the gap analysis. The areas covered should have included:
- Governance and Oversight
- Risk Assessments (Business Wide and Customer)
- Due Diligence
- Transaction Monitoring
- Suspicious Activity Reporting
We can assist banks still working to complete the required gap analysis either to complete the analysis (where internal resources are not available), or providing a framework to assist an internal team requiring guidance to get the work done efficiently.
Where the gap analysis reveals that remediation work is required, we can assist banks to prepare a robust remediation plan for presentation to the FCA. This proactive approach to addressing gaps will improve the regulator’s confidence in ability of the bank’s management to deal with any gaps without the need for further intervention (e.g. a Skilled Person Report).
If you would like to know more, please use our general enquiry form and mention “Dear CEO gap analysis”.
FCA Safeguarding Audits
Electronic money and payment services firms solo-regulated by the FCA, are subject to rules on safeguarding their customers’ money to provide protection for customers in the event of the firm’s failure. Safeguarding can be achieved through segregation of customer money from firm money in designated accounts, through insurance, or through a combination of the two.
On 4 July 2019 the FCA sent a “Dear CEO” letter to AEMIs and APIs, which contained:
- A summary of the findings of an FCA thematic review of safeguarding;
- A reminder of the safeguarding obligations;
- A requirement for every relevant firm to conduct an assessment of its safeguarding arrangements, and provide an attestation to the FCA (by 31 July 2019). The management review leading to the attestation was required to include:
- The rationale for the safeguarding decisions made, to make sure they fully meet the requirements;
- Mapping each of the firm’s products or services to determine when the funds held are relevant funds and whether the firm requires additional safeguarding arrangements;
- Wherever the firm identified inadequacies, to take prompt remedial action.
Subsequently the FCA has published a requirement for firms to obtain “safeguarding audits”. The FCA consultations and guidance state that the FCA expects the safeguarding audit to provide an opinion (addressed to the regulated firm) on:
- Whether the firm has maintained organisational arrangements adequate to enable it to meet FCA expectations of its compliance with the safeguarding provisions of the EMRs/PSRs throughout the audit period; and
- Whether the firm met those expectations as at the audit period end date.
What constitutes these FCA expectations is not further defined but the requirements relate to a firm’s compliance with the safeguarding provisions of the EMRs/PSRs as set out in chapter 10 of the FCA Approach Document. Any audits will need to consider how a firm is meeting the specific requirements set out in chapter 10.
If you would like to know more, please use our general enquiry form and mention “Safeguarding audit”.
Reviews of the Financial Crime Framework for MSBs and PSPs/EMIs
Increasingly banks providing services to MSB and PSP/EMI clients are requiring as part of their onboarding and periodic review due diligence processes an independent review of the client’s financial crime framework.
We can provide the required independent reviews based on a scope of work designed to meet the bank’s requirements cost effectively.
These reviews can take the form of agreed upon procedures (minimising cost) or review and recommend (providing additional advice and insight for the MSB or PSP/EMI).
If you would like to know more, please use our general enquiry form and mention “MSB / PSP FC review”.