A financial crime framework outlines the regulatory compliance standards that are relevant to the firm, and the required internal controls needed to comply with these standards.
FC Framework, Uplifted SAR reporting, engaged with the FCA
Payment Services & Card/ Merchant Acquirers
Following a review from the Financial Conduct Authority (FCA) in 2021, and a subsequent letter from the regulator, the client had to address a number of gaps that were identified by the regulator.
An international payment company with offices in major European hubs outsourced KYC service provision was unsatisfactory. A significantly enhanced and more effective capability was developed by Lysis.
The Three Lines of Defence model supports the board and senior management in protecting the firm’s assets and the reputation of the firm. This model is indicative of how well firms position and govern their internal audits and compliance requirements since the FC framework is designed by the compliance department and implemented by the first line of defence in any firm.
Importantly though, a FC framework must be applied consistently across the firm, or group for which it has been developed to achieve a successful outcome. The underlying level of detail, which a FC framework requires, will be informed by the nature and complexity of the firm to which it relates, as well as being driven by the needs/expectations and commitments of senior management (e.g., their risk appetite, regulatory expectations etc).
This calls for exceptional expertise from Lysis Financial which can assist firms to develop bespoke FC frameworks with a consistent, yet sustainable approach when it comes to managing financial crime risks in the long-term for increased effectiveness and to drive efficiencies.
The Three Lines of Defence model supports the board and senior management in protecting the firm’s assets and the reputation of the firm. This model is indicative of how well firms position and govern their internal audits and compliance requirements since the FC framework is designed by the compliance department and implemented by the first line of defence in any firm.
Importantly though, a FC framework must be applied consistently across the firm, or group for which it has been developed to achieve a successful outcome. The underlying level of detail, which a FC framework requires, will be informed by the nature and complexity of the firm to which it relates, as well as being driven by the needs/expectations and commitments of senior management (e.g., their risk appetite, regulatory expectations etc).
This calls for exceptional expertise from Lysis Financial which can assist firms to develop bespoke FC frameworks with a consistent, yet sustainable approach when it comes to managing financial crime risks in the long-term for increased effectiveness and to drive efficiencies.
The Three Lines of Defence model supports the board and senior management in protecting the firm’s assets and the reputation of the firm. This model is indicative of how well firms position and govern their internal audits and compliance requirements since the FC framework is designed by the compliance department and implemented by the first line of defence in any firm.
Importantly though, a FC framework must be applied consistently across the firm, or group for which it has been developed to achieve a successful outcome. The underlying level of detail, which a FC framework requires, will be informed by the nature and complexity of the firm to which it relates, as well as being driven by the needs/expectations and commitments of senior management (e.g., their risk appetite, regulatory expectations etc).
This calls for exceptional expertise from Lysis Financial which can assist firms to develop bespoke FC frameworks with a consistent, yet sustainable approach when it comes to managing financial crime risks in the long-term for increased effectiveness and to drive efficiencies.
The difference between the two
A health check refers to a high-level review of the design of a framework and can identify major problem areas in a framework. A maturity assessment is more advanced and provides a detailed review of a firm’s framework which includes the testing of the effectiveness of the framework itself.
Health Check
Maturity Assessment
Review of policies relating to relevant regulations
Review of policies relating to relevant regulations
High Level mapping of policy to regulatory obligations
Detailed mapping of policy to regulatory obligations
Review all procedures relating to operational controls and map these back to the policies
Review all procedures relating to operational controls and map these back to the policies
High Level review of the regulatory framework covering relevant systems, processes and ensuring that governance is in place in order to meet current regulatory requirements
High Level review of the regulatory framework covering relevant systems, processes and ensuring that governance is in place in order to meet current regulatory requirements
High level review of all procedures and documents describing controls and processes (excludes control testing)
Review of all procedures, controls and processes including detailed controls testing.
Carrying out a sample review of the operational outputs (files, reports etc.) in line with current policy and procedures
Reviewing any risk methodologies applied in relation to the specific regulations
Reviewing and testing any monitoring programme - this will include system profiling and reviewing parameters, as well as sample checking the outcome.
Reviewing the firm’s reporting (regulatory reporting, SARs, STORs etc) and monitoring controls
Reviewing and testing the internal and external data inputs to the process and on-going review and escalation processes
Brief review of systems which the firm uses to benchmark to best practice
Brief review of systems which the firm uses to benchmark to best practice
Reviewing the training programmes
Reviewing the training programmes
Reviewing the data retention/record keeping arrangement in relation to its obligations
Reviewing the data retention/record keeping arrangement in relation to its obligations
Meeting with personnel in the 1st and 2nd line of defence to understand the processes they undertake and to ascertain the level of understanding of the regulatory requirements within
Presentation of detailed findings in report format
Presentation of detailed findings in report format including an assessment against the maturity of processes amongst similar firms in the market (market benchmarking) and its suitability for the firm's business mix and risks.
Increase effectiveness, focus on efficiency
To optimise firms’ FC controls, require an increase in effectiveness of processes along with a dedicated focus on high efficiency which will facilitate sustainable processes to demonstrate effective FC controls under scrutiny.
Firms must also view the improvement of their FC controls as a good commercial investment by focusing on the business advantages these could have for the firm.
The following directional indicators provide a high-level overview of the implementation and ongoing assessment of sustainable FC controls.
Key Directions
Risks / Actions / Benefits
Assessment of FC risk & controls effectiveness (“FCRA”)
Understand the FC risk and the effectiveness of existing controls.
Create and maintain a library of existing FC risks & controls (tested & untested)
Conduct the mandatory annual FCRA, to drive decisions on: Improvements /transformations; Resources; Management of gaps and de-risking activities; Prioritisations and budgets; MLRO report.
Cost / benefit analysis and assessment of FC controls
Provide clearer understanding of the real cost of compliance.
Continuous risk/benefit assessment to drive controls enhancement and optimisation across FC operations (KYC/KYCC, TM, Screening, escalation);
Effectiveness of FC risk and controls reporting (MI – complete, accurate and timely);
Costs and impact analysis on:
De-risking – cost/benefit, strategy, action;
Customer experience
FC specialist resources and activities (FC ops)
FC activities as part of BAU.
Optimisation of FC controls - Sustainability
Improve the effectiveness and efficiency of FC controls driving sustainability.
Prioritisation & decision – FC governance - supported by complete, accurate & timely MI;
Budgets – Senior executive and board approval
Supporting resources planning for 6 months/12 months/3 years to support:
Lean FC governance and robust 3LoD structure and capabilities;
Clear and realistic objectives taking into consideration the 10 universal outcomes of Principled Performance;
Adequate resources with the necessary skills and expertise to drive high performance.
Automation focus on optimisation across:
FC operational activities; and
Assessment and reporting.
Assurance and Testing
Assess, measure, and provide ongoing assurance.
Development of assurance plan and control testing – assess and measure;
Reporting into a functional FC Governance structure to support decisions:
Executive decisions;
Committees & forums.
Escalation and decision on tactical/planned improvements.
Other services you might be interested in
CLM Cost Reduction Modelling
Consulting & Advisory
Implementing the CLM Efficiency model could help you achieve total savings of 58% in their third years
