Banks and Financial Institutions are increasingly expected to be the first line of defence in the fight against financial crime and money laundering. One of the key controls for firms to identify financial crime is through the staff they employ. Still, they can only achieve this if they are adequately trained, understand what they should be looking for, and ultimately possess the skills, knowledge and expertise to carry out their functions effectively.
Historically, anti-financial crime training was perceived as a tick box exercise that needed to be completed annually with a unilateral approach taken. This approach only changed when firms were fined for failures in money laundering systems and controls. As a result, training became only a priority response for a short period of time to seek to demonstrate that there has been a culture change in the organisation.
The Money Laundering Regulations 2017 specify that relevant employees are made aware of the law relating to money laundering, terrorist financing and data protection and, secondly, able to recognise and deal with transactions and other activities or situations they may encounter during the course of their roles. In order to meet such requirements, firms need to adopt a bespoke and risk-based approach to how their training is structured for their staff.
Firms will need to be able to identify where financial crime may arise in their staff’s roles. Then, depending on the individual’s role and their exposure to financial crime, training must be appropriate to the risk they may encounter. For example, staff that are client-facing and seeking to attract new clients into the business face different financial crime risks than those that are reviewing transaction monitoring alerts.
Firms should be able to demonstrate that they have undertaken such an assessment and adjust the content and frequency of the training to reflect the risks that the individual faces. In order to make this assessment, firms must take into account the National Risk Assessment on Financial Crime, Information from the Regulator, which may originate in CEO letter or Final Notices following FCA fines and any industry guidance from such groups as Basel or Wolfsberg. A firm’s risk assessment should identify the money laundering and risks the organisation faces and where there are vulnerabilities in the products and services to financial crime. Staff need to be made aware of how to recognise and deal with such risks.
Training must be comprehensive, risk-based, and up-to-date, enabling staff to recognise a suspicious situation or transaction and know how and where they can report the suspicion in line with the firm’s internal reporting processes. Staff should also be made aware of their personal responsibilities and the consequences of failing to report and tipping off. They should also know who their MLRO is and how to contact or escalate concerns.
Training must also be adequately recorded and maintained with the ability to extract appropriate management information.
An often-forgotten requirement is that staff who are based overseas but undertake activities related to the UK, such as KYC or transaction monitoring alert processing, must be made aware of and trained to the same standards as those in the UK.
Finally, firms are asked to demonstrate that their staff understand the training. The expectation is more than completing a test at the end of computer-based training; but being able to evidence that rules and regulations are being applied through behaviour and actions within the organisation. This may be evidenced by increases in escalations to the MLRO where staff are identifying potential suspicious activity.
Many of the firms that have been fined for failures in systems and controls over the last few years have also exhibited a lack of cultural awareness of the risk that financial crime has upon society. It is clear that legislators and regulators expect banks and financial institutions to play a prominent role in the prevention and detection of crime and ensure that staff have undergone training that is relevant to the role that they undertake for the organisation.
Gracechurch has extensive experience in the design, creation and execution of some of the industry’s most sophisticated Financial Crime training programmes.
John Flynn
23 June 2022