By Graham MacKenzie, Director of AML and Financial Crime Risk
Absolutely typical – I go on leave to an off-grid eco cabin in deepest, darkest rural Scotland to get away from it all, and it’s that very week that the decision that the FCA will assume responsibility for professional sector AML supervision was announced.
The absence of a decent mobile signal or Wi-Fi over the last week did, however, give me the space to reflect and think through some of the consequences of what is a seismic change in the UK’s AML landscape, and what this may look and feel like for professional service firms moving forward…
The consultation on supervisory reform has been a significant backstory to my professional life in recent years. I’m in a relatively unique position in that I’ve worked closely with the FCA and HM Treasury in various guises – as a Professional Services Supervisor, as chair of the UK AML Supervisors forum, in the context of the FCA’s initial approach to professional services regulation through OPBAS, and also in my previous life working in financial services and financial crimes compliance up until 2016.
The High-Level Rationale v. the Nitty Gritty Realities:
Although (after such a long wait) the precise timing of the announcement took me by surprise, there were significant high-level reasons why a single professional services supervisor was always going to be an attractive option to the UK government, and the FCA was the preferred home for it (bearing in mind this outcome was strongly supported at early stage by key, influential stakeholders such as the Wolfsberg Group). To name but a couple:
- It means a single, centralised point of supervisory control and accountability.
- The ongoing perception that professional bodies had a significant conflict of interest in being both regulators and representatives.
- The requirement to show change and a direction of travel ahead of the next FATF mutual evaluation.
Of course, there are equally many granular reasons why this outcome is fraught with challenge. There is a huge amount of governance, operational, and legislative arrangements to be made, and hurdles to be overcome. For example:
- The complexity of dual regulation and what becomes of the role of existing regulatory mechanisms and decision-making bodies such as the SDT/SSDT.
- Supervisory powers – many professional body AML powers are predicated upon individual regulation rather than entity regulation. Supervisory action for AML breaches can be taken against the individual professional under professional codes of conduct, rather than the entity they work for. How might this work under the FCA regime?
(N.B. It may be that, in time, an equivalent to the FCA’s current Senior Managers regime is implemented across Professional Services, to ensure individual along with collective accountability). - How data or sensitive intelligence records are transferred or accessed, along with historical compliance records.
- Plugging resource, knowledge, and expertise gaps at the FCA, given the scale, intricacies and nuances of the professional sector.
- Who bears the costs of the initial transition and how the costs of the future model may be fairly apportioned.
All significant unknowns to work through, with further consultation required.
The Consequences for Professional Bodies:
Where could it leave professional bodies, soon to be bereft of a significant part of their regulatory remit?
Many PBSs have invested significantly in recent years to upskill, bring in additional resources, and build structures to show improvements in the face of OPBAS findings. Might they, in time, look to refocus current AML resource to further educate, support, and represent members who may face FCA scrutiny at some point in the future? Or will they simply wind down AML operations, particularly if members are not prepared to pay for such services?
The Big Question: what might FCA AML Supervision look like for professional services firms?
Although (as many others have pointed out) none of this will happen overnight. Changes are likely to take a significant period of time, potentially years. But this is not the time to ease off or take the foot of the gas.
A new world (with a lot of new terminology and acronyms) awaits professional services firms. In time, there is likely to be a step change required in professional services to meet the FCA’s supervisory expectations.
While much of this remains conjecture; think:
- Principles-based and risk-based supervision – with a focus on outcomes. For those in the professional services sector, who have long yearned for more ‘black and white’ AML guidance from the supervisor, it may well be that the opposite holds true. It is very unlikely that the FCA will issue a ‘step-by-step playbook’ for professional services firms on how to achieve AML compliance.
Firms will be required to demonstrate to the FCA how their individual systems and controls have been effective in mitigating financial crime risk in the context of their clients, services, and business environment. - A focus on data and data collection. This is a key supervisory tool used by the FCA, to assess risk, gather intelligence, and identify and assess patterns of non-compliance.
If you haven’t got your data in order, put the processes in place to start collecting it now. The FCA will ask for it, probably early on its tenure. They’ll look unfavourably on those that can’t respond clearly and efficiently.
(N.B. while this will affect all firms, this will be particularly acute for those firms who are large enough that the FCA believe may pose a systemic risk or threat to underlying markets, regions or consumers). - Regulatory communication by way of high-level keynote speeches by senior FCA representatives – signalling supervisory focus, direction or intent. Here’s a recent example: Showing financial crime the red card | FCA.
- Given the length and breadth of the professional services sector, thematic reviews will also likely be used extensively by the FCA to deliver sector-wide supervisory messages.
- A bespoke approach to supervision based on firm size or potential for systemic risk. Larger firms may come under a relationship management model. Smaller firms are unlikely to get less frequent direct interaction on an ongoing basis.
- A structured, regimented approach to the use of a new raft of likely supervisory powers. This could include significant fining limits or potentially the power to appoint an independent skilled person (a s.166 review in financial services parlance) into an accountancy or legal firm.
- A focus on technology. The FCA is (rightly) heavily focused on harnessing innovation and technology in the prevention of economic crime. Another nail in the coffin for traditional hardcopy verification and manual AML processes across professional services.
Finally, there is a human story to all this. I know many who still work in professional services AML supervision. They’ve worked long and hard (and very successfully) to improve AML awareness and standards in recent years. Now, they face significant uncertainty. I hope HMT, the FCA and others recognise these efforts when the transition crystallises.
We hope this has provided some useful initial context and insight. So many questions remain unanswered, uncertainty and challenges to overcome. But, at least we now have a direction of travel to all work towards. I recommend you look over the FCA website to get an early sense of how the future of AML supervision may look and feel. There will be a lot to get the collective heads around (and get used to) in the years ahead.
For a confidential chat, or support with any of the above, contact us via [email protected], or Graham directly on [email protected].
