From Detection to Prevention: The Evolution of Financial Crime Controls in the Evolving World of Consumer Duty

In the ever-evolving landscape of financial regulations, the Financial Conduct Authority (FCA) has continually sought to adapt its guidelines to meet the dynamic needs of the industry. As part of its ongoing commitment to upholding market integrity and consumer protection, in April 2024, the FCA published Consultation Paper CP24/9—Financial Crime Guide Updates. It aimed to revamp outdated financial crime guidance by adding more focus on sanctions, proliferation financing, transaction monitoring and crypto assets.

After much anticipation, and for the first time, the FCA also establishes a direct link between consumer protection and effective financial crime controls, making it clear that firms should consider whether their systems and controls are proportionate and consistent with their obligations under the Consumer Duty.

Kroll’s UK Financial Crime and Consumer Duty experts, Maria Evstropova and Matt Austen, will discuss the significance for the industry and the relationship between linking financial crime controls with expectations under the FCA’s Consumer Duty. You can find more information about their services here.

Clearer Guidance on Regulatory Expectations

As a recap, the Duty came into effect for some firms (those manufacturing or distributing new/existing products and services) in July 2023, and up until recently, the FCA has been reasonably quiet on the intersection of the Consumer Duty with other regulatory frameworks. While the regulator’s silence may have left some firms disregarding their Consumer Duty obligations when thinking about the customer’s end-to-end journey, more proactive firms have already recognized the link and have been taking a forward-thinking approach to mitigating risks and upholding consumer trust in an increasingly complex regulatory environment.

For instance, in a “Dear CEO-Implementing the Consumer Duty in Payment Firms” letter dated February 21, 2024, designed to help payment service firms understand the FCA’s expectations when implementing the Duty, the FCA touched on the matter of “Account Freezing and Fraud Reports.” They noted that they had continued to see poor financial crime controls where the freezing of individual customer accounts, typically done because of financial crime suspicions, had resulted in a disproportionate number of accounts being frozen for too long and without adequate explanation to the customer (to the extent possible under the constraints of “tipping off”).

Further, under the Duty, firms should consider how they handle alleged cases of fraud and complaints about such. When customers who feel themselves to be victims of fraud reach out to the firm, the response should be appropriately supportive, avoid unduly harsh judgments and recognize the potential for vulnerability. The FCA sees this as aligning with the customer support outcome and the need for the firm, under the new cross-cutting rules, to consider how their actions (or inactions) could result in harm that might have been otherwise foreseeable.

It becomes apparent then that the FCA has always considered the Duty applies to financial crime matters. Where they impact a retail customer, the firm must consider broader responsibilities under the Duty.

This recent consultation offers clarity that can better facilitate compliance efforts, enabling firms to implement effective controls that meet regulatory standards. However, in doing so, we think there will be operational and cultural hurdles for firms to jump. For instance, the “outcomes-focused” world of Consumer Duty is, for some, a far cry from the “check box” approach adopted by some firms when approaching financial crime prevention. The Duty, therefore, requires a change in mindset and attitude.

Practical Considerations for Change

One of the notable aspects of the Consumer Duty is a requirement for firms to deliver good outcomes for the retail consumers of its products¹. This shift toward outcome orientation signifies a regulatory stance less fixated on procedural adherence and more attuned to the tangible results experienced by consumers. While this shift presents an inherent challenge, it also unveils a realm of opportunities for firms to recalibrate their strategies, placing consumer welfare at the forefront of their endeavors, which ultimately could improve the operational effectiveness of controls and result in cost savings.

We believe that firms embracing the perspective of customer outcomes when evaluating or designing their financial crime prevention controls will be better positioned to respond to any FCA scrutiny, presently and in the future, and reduce the cost of compliance to an extent. Here, we highlight some areas where firms are already integrating customer outcomes into their financial crime framework development.

Know Your Customer (KYC)/Customer Onboarding

The Consumer Duty asks firms to consider the end-to-end journey of customer experiences and identify where that journey could be made better (and quicker), for instance, by removing any negative experiences (known as negative frictions) that could affect individual customers. By its nature, the KYC process is an early step in the customer’s journey and is, therefore, an area on which some firms have focused.

One example of a positive step in relation to KYC involves a firm looking at customers' experience when requesting identification documentation as part of the KYC process. For instance, seeking to understand why customers frequently return the wrong type/incomplete documentation or are not able to respond at all will help the firm to better understand how it can improve customer outcomes and reduce time spent on “back and forth” while ensuring compliance obligations are fulfilled and customers are protected. 

The same firm has reviewed customer feedback and complaints and identified several areas for improvement in communicating its expectations to its customers. This improvement included its dedicated customer support phoneline, where better clarity should be provided to customers. This clarity, in turn, can reduce declined customer applications and the time resources spent on individual onboarding cases

In another example, one UK Bank has identified that customers who are vulnerable due to suffering domestic abuse may find it hard to provide certain documentation, particularly identification and proof of address. As an area of good practice, the bank allowed customers in this group to open an account with a letter from their GP or a recognized refuge while continuing to carry out their KYC background checks. 

Ongoing Monitoring

Some firms are reviewing their monitoring processes to minimize false positives. For instance, they identify where the existing automated monitoring rules may continually result in unnecessary payment processing delays. By recalibrating against risk appetite and regularly reviewing and re-tuning systems, the firm can show that outcomes have improved for some customer groups.

Similarly, firms need to incorporate customer behavior and transaction patterns into their monitoring processes to prioritize consumer outcomes. A notable example is when a customer suddenly incurs substantial medical expenses, which could indicate serious health issues. Such a scenario suggests that the individual may be vulnerable and may face challenges in meeting the evidentiary requirements set by banks. By recognizing these red flags, firms can proactively adjust their approach, ensuring they offer appropriate support and leniency to customers in distress, thereby fostering a more empathetic and responsible banking environment.

Another area reviewed as part of Consumer Duty implementation is the time it takes to investigate an internal suspicious activity report (SAR) and decide whether to make a protected disclosure². By looking closely at the individual components of this process, inefficiencies have been identified and rectified, thereby improving how the firm handles such investigations and ensuring that funds are not held for any longer than necessary.

Monitoring, as a tool, provides a useful feedback loop, and firms should take steps to ensure that such processes are risk-based and have a strong customer element. Operationally, financial crime teams can integrate the requirements of the Consumer Duty into existing frameworks by ensuring a customer lens is applied. However, any output must provide useful actions the firm can take to minimize customer harm and improve the overall customer experience. In addition, customer complaints are also a useful source of “sore spots” where outcomes could be improved.

Conclusion

In conclusion, we note that the updated Financial Crime Guide for Firms does not introduce only new guidance. Instead, it reaffirms the FCA’s expectation that firms should have considered how their financial crime prevention framework supports good customer outcomes as part of the Consumer Duty implementation planning. Despite this fact, we recognize that firms must still ensure that implementation takes place proportionately and appropriately based on risk profile, market segments and customer base.

On this basis, we recommend firms:

• Conduct a gap analysis against the FCA’s expectations as they review its compliance with financial crime and Consumer Duty best practices, particularly focusing on the onboarding and ongoing monitoring processes across the customer lifecycle.
• Take action to address any deficiencies where gaps are identified, particularly for deficiencies where good customer outcomes may be at more immediate risk.
• Provide training to staff involved in day-to-day customer service, focusing on how financial crime prevention can impact consumer outcomes.
• Include Consumer Duty considerations in the compliance monitoring plan to ensure you foster a culture of continuous improvements.
• Engage with the consultation process before its closure date of June 27, 2024, and share opinions and challenges with the FCA while remaining mindful that there is an existing expectation for some firms for whom the Duty is already “live.”

Sources
¹ FCA Principle for Business 12 (The Consumer Duty)
² FCA - Dear CEO-Implementing the Consumer Duty in Payment Firms