Financial Crime Policy and Risk Unit

Kate Higginson

Financial Crime Policy and Risk Unit

Financial Services Authority

25 The North Colonnade

Canary Wharf

London E14 5HS

20 September 2011

Dear Kate

AFM Response toCP11/12, Financial Crime

1. I am writing in response to this consultation paper, on behalf of the Association of Financial Mutuals. The objectives we seek from our response are to:

• Support the helpful nature of the Financial Crime Guide; and
• Comment in detail on some of the content.

1. The Association of Financial Mutuals (AFM) was established on 1 January 2010, as a result of a merger between the Association of Mutual Insurers and the Association of Friendly Societies. Financial Mutuals are member-owned organisations, and the nature of their ownership, and the consequently lower prices, higher returns or better service that typically result, make mutuals accessible and attractive to consumers.

1. AFM currently has 55 members and represents mutual insurers and friendly societies in the UK. Between them, these organisations manage the savings, protection and healthcare needs of 20 million people, and have total funds under management of over £80 billion.

1. Our members take the risks of financial crime seriously; they seek to comply with the relevant legislation, and AFM is a subscriber to the Joint Money Laundering Steering Group, and retains a seat on the Steering Group. AFM seeks to communicate with its members on a regular basis the main developments in the broad field of financial crime.

1. We do not consider that financial crime has any different implications for the mutual business model, though the impact might be different: for example a fraud perpetrated against a mutual will produce a loss to customers (as members/ owners), not external shareholders, and any fine would be levied against the member’s common fund. Similarly financial crime in principle has the same relevance for firms of all sizes, though we would expect that firms, and regulators, would exercise discretion in the actions required to be taken by smaller firms. It is therefore welcome that section 10 of Part 2 of the Guide highlights FSA’s work with smaller firms and considers how good practice varies for smaller organisations.

1. We believe that the new guide reinforces, and improves the transparency and accessibility of, FSA’s approach to financial crime. We consider that the format of the Guide, and in particular the good practice content and self-assessment tools will make an important contribution to improving standards.

1. We have a few general comments on the specific content of the guide, and have made more specific comments on each section in the attached annex:

1. The introduction highlights that the Guide is not a complete checklist and will not be used as such by supervisors (page 5): it would be interesting and relevant to firms and other users to know whether and how supervisors will use the Guide, and what other criteria they are likely to take into account;
2. Bribery Act: this is expected to have a significant effect on many firms, and feed back from firms is that there are some areas that need more careful interpretation. The Guide content is based on FSA’s 2010 report rather than the Ministry of Justice guidance: whilst you indicate these are consistent, it is inevitable that firms will need to consult both sources for guidance, increasing the risk of different approaches emerging over time;
3. One-stop shop: the Guide will be a useful and ready source of reference for firms, though in order to best achieve this, it would be worthwhile ensure it covers every aspect of financial crime: a section on market conduct would be worthwhile. Similarly we consider the section on fraud prevention is too limited. Whilst FSA rightly states that regulated firms have a self-interest in the prevention of fraud, this is not simply because of the potential for direct financial loss. Mutual insurers are also concerned about the potential for customer detriment if fraud is allowed to occur, the damage to individual and industry reputation that can result, and the broader social consequences of fraud. The recent UBS case illustrates this;
4. Maintenance: it is vital that the guide is maintained regularly and that it is easy for users to verify the timing and nature of changes made; it is also extensive and would benefit from helpful interactive/ user-friendly interfaces. Has FSA given thought to maintaining the guide and how it makes changes readily visible?

1. Wewould be pleased to discuss further any of the issues raised by our response.

Yours sincerely,

Martin Shaw

Chief Executive

Association of Financial Mutuals

Annex: comments on the specific chapters of Part 1

1) Introduction

The statement that this guide is not a checklist of things to do and not to do should be expanded to highlight that the examples are only one way of doing things and are not the only way to comply with the legislative and regulatory requirements.

2) Financial crime systems and controls

It would be helpful if it was made clearer that the areas covered by this chapter should be considered as the general starting point for the management of the financial crime risks- the basic principles are not covered consistently in subsequent chapters on the specific financial crime risk that firms are exposed to.

3) Anti-money laundering

We are pleased to see that the introduction to this chapter highlights the role of JMLSG and their guidance. JMLSG guidance is likely to be the first port of call for firms, as it has received HMT approval, and we would expect supervisors to take this into account.

Box 3.4

It is the government’s stated objective for more firms to take a more risk-based approach to their money laundering prevention systems and controls.As such, firms may identify beneficial owners but chose not to verify them. Indeed where the risk of money laundering is particularly low- such as for protection policies- it is likely that only the customer is identified and verified.

We think it should be made clear that verification of beneficial owners is not mandatory.

Good practice - bullet point 3.

We feel that this bullet point is somewhat ambiguous as written. Most firms who undertake PEP checking will only make use of one commercial watchlist. However most of the commercial watchlists have multiple sources of information that they feed into their databases. Therefore it may be possible to positively identify a policyholder as a PEP from a commercial watchlist along with your own policyholder data without having to refer to any other source.

Poor practice - bullet point 6.

This does not breach regulations.

Box 3.5

The opening sentence in this box states that a firm must ‘scrutinise transactions’ to ensure that they are consistent with what was revealed by customer due diligence checks. This feels like a ‘one size fits all’ requirement which can’t be justified across all of the financial services market when employing a risk-based approach to money laundering prevention.

We believe some of the examples of poor practice are disproportionate for insurance based products. For example, in respect of bullet point 1, insurance firms are unlikely to have any meaningful qualitative information about the customer, particularly when dealing with low-risk transactions.

Also, in respect of bullet point 4, some low risk contracts have low premiums and have been running for many years without any changes to the policy or the details of the policyholder which would warrant additional CDD being undertaken. AFM members will generally only re-verify a customer if they apply for a new contract, which is in accordance with the JMLSG guidance.

Box 3.6

Bullet point 3

This bullet point does not differentiate between domestic and overseas PEPs. Currently, domestic PEPs are not included in the definition of a PEP, although they are likely to be classified as higher risk customers by most firms.

Where an individual takes out an insurance contract and subsequently becomes a PEP, the Guide implies that a senior manager should agree to the continuation of the relationship. This would be an unnecessary requirement because as long as the new PEP continues to maintain the premium payments it is unlikely that the insurance firm would be able to cancel the policy and exit the relationship even if it wanted to.

Box 3.8

Good practice - bullet point 4

As above, it is not always possible in the insurance industry to end the relationship.

Box 3.9

Poor practice - Bullet point 5

The important issue is that the SAR is reported internally and on to SOCA where necessary, not whether the SAR is reported through the third party administrator’s SAR reporting process or is reported to the MLRO of the principal. We would suggest that there should be flexibility for third party administrators and the principal to agree between themselves who is able to report SARs.

Box 3.10

It is only the verification of identity evidence that needs to be retained for five years after the end of the business relationship. Transaction records should only need to be retained for five years from the date of the transaction.

Good practice – Bullet point 2

Product providers generally make use of the reliance provisions of the UK Money Laundering Regulations for verification of the identity of the applicants where the application has been submitted by an IFA.

It would be impractical for all product providers to sample check all of the IFA firms that provide confirmation that they have completed the verification of identity requirements. The fact that IFAs must be authorised and regulated by the FSA should mean that product providers should be permitted to rely on their regulated status as an adequate check of their continued reliability. The cost and administrative burden on insurers and brokers in conducting CDD document audits would be disproportionate to the risk of money laundering in the case of a significant proportion of products sold by insurers.

4) Countering terrorist financing

Box 4.1

The nature of the criminal activity that generates a production order will not necessarily be obvious,so we think that it is disproportionate to expect firms to take pre-emptive actions on the arrest of a customer, before any charges havebeenmade. Insurance firms do not have the resources to be able to obtain this information.

Good practice - Bullet point 1

It is unlikely that a firm will know that a customer has been arrested for a terrorist-related offence unless they are contacted by law enforcement. We think that it would be good practice for a firm to have a process when they are contacted by law enforcement.

Good practice - Bullet point2

It should be made clear that the list of ‘sources of information’ included in this bullet point are only examples.

5) Fighting fraud

Box 5.1

We believe that ELIXIR should be mentioned here, as regards its role in discouraging and preventing fraud by intermediaries in the Life market. Intermediary fraud is not captured by CIFAS or the IFB specifically at this stage.

Boxes 5.2 and 5.3

At theFinancial Crime conference earlier this year, FSA was clear that the findings from the Mortgage Fraud thematic review were equally relevant to other sectors dealing with intermediaries. In this light we would expect the Guide to advocate the same level of controls in the management of IFAs and GI brokers as those recommended within the mortgage market.

6) Data security

We support the content of this section and have no specific comment to make.

7) Combating bribery and corruption

We accept and support the need to provide good practice guidance in this area. However, the extent of this section seems disproportionately large when set against the other serious financial crimes covered in the Guidance document.

Box 7.5

The examples of good practice in relation to the recruitment and vetting of staff is helpful, but seems inappropriately buried in the bribery and corruption section and would perhaps fit better in the more general controls and governance section. The majority of recommendations are equally relevant to the prevention of fraud, market abuse and terrorist financing.

8) Financial sanctions and asset freezes

There is a specific reference to the general licences in Box 8.2. However, we feel that the opening paragraphs of this chapter should also include details of the general licences and their availability on the HM Treasury website, and refer to Part III of the JMLSG's guidance which contains a chapter on the UK financial sanctions regime.

Box 8.3

Self-Assessment Question

The first question asserts that screening should take place at customer take-on, and that good reasons are needed to justify retrospective screening. We feel that this statement should be toned down, as insurers are able to issue contracts to designated persons under a general licence as long as they notify HMT without delay.

Poor Practice - Bullet Point 1

As stated above, insurers are able to issue contracts of insurance to designated persons and the requirement is to notify HMT without delay.

9) Countering weapons proliferation financing

This is notlikely to be an issue for AFM members.

AFM response to consultation on blueprint for reform, September 2011 / 1