FCC ESSENTIALS

Discover our first FCC Essential article, where Christopher Stringham, Global Account Manager at Neterium, shares his passion for Financial Crime Compliance (FCC).

Today, we deep dive into a report from the UK's Financial Conduct Authority (FCA) on their assessment of regulated firm's sanctions compliance processes.

The UK's Financial Conduct Authority says firms are over-reliant on third party sanctions screening tools! The FCA has recently conducted assessments of firms’ sanction systems and controls based on the guidance in the FCG and other sources. The report of the key findings was released on 6th September.

The FCA based their assessment on previously issued guidance such as their Financial Crime Guide. For example, section 7.2.3 of the FCG states that, "A firm should have effective, up-to-date screening systems." The FCG offers numerous examples of good practice and also provides very informative examples of poor practice. Such as: "Where a firm uses automated systems, it does not understand how to calibrate them and does not check whether the number of hits is unexpectedly high or low."

Despite the guidance, the FCA still found, "poorly calibrated or tailored screening tools, with some firms also too reliant on third party providers with ineffective oversight over them." Additionally, "there were instances where calibration had not been adequately tailored. This resulted in it either being too sensitive, causing a high number of false positive names (…), or not sensitive enough, meaning that even minor variations in names led to sanctioned individuals not being detected. This delicate balancing act shows the importance of firms understanding how their systems work and how they are calibrated." 

De Nederlandsche Bank issued a similar report a few months ago and had similar findings. They also found that:"(M)any institutions trust that their (external) screening systems function adequately, and that they do not carry out their own periodic assessments, such as spot checks."

Interestingly, while the FCA raises the risks associated with third-party solutions, the most recent fine in the UK relating to sanctions screening involved the use of an in-house screening system. In this case, the firm’s third-party data provider quickly delivered the updates to the sanctions lists and the in-house screening system correctly generated a possible match. Unfortunately, the system generated so many false hits that analysts were not able to process the alerts in a timely manner. This led to a company policy where accounts were ‘suspended’, transfers were prohibited, but debit cards associated with the account were not blocked. And in this particular case, the debit card of a designated national was only blocked five days after listing and a withdrawal was made.

Legacy screening systems have typically functioned as black boxes. It is difficult to know what the system is doing and why. This limits the ability to conduct testing and tuning. Also legacy systems are often very inflexible. Even with significant testing, tuning is often just not possible or very limited.

Development of 'name matching algorithms' and ‘sanctions screening systems’ is not the primary business of financial service firms. The use of third-party solutions is therefore very natural. These are normally better than in-house systems due to the ability of the providers to specialise and receive feedback from a number of customers. Still, not all solutions are equal. Regulators justifiably require transparency, so it is critical to look for a provider that offers a glass box to understand in detail the results that you are getting and also provides the flexibility to actually tune the results effectively.