Are you ready for the new FCA financial crime reporting rules?Print publication
Financial services firms will be required to file an annual financial crime return with the Financial Conduct Authority (FCA) from 31 December 2016. The data will be used to assess the nature of financial crime risks within the industry. Affected firms will need to ensure that suitable internal practices and procedures are in place to capture the required data, as Jeanette Burgess and Andrew Northage explain.
Tackling financial crime is a key priority for the FCA which has a statutory obligation to enhance the integrity of the UK’s financial system. Its supervisory work in this area currently relies on the use of ad hoc data requests to gather information about firms’ systems and controls, which the FCA says affects its ability to operate a truly risk-sensitive supervisory approach in line with global standards.
The introduction of an annual financial crime return (or ‘REP-CRIM’) is designed to help the FCA to identify risks, trends and emerging issues, accurately risk-rate firms and better target its resources.
Which firms are affected?
Firms subject to the Money Laundering Regulations 2007 (MLR) will be required to submit a REP-CRIM for the areas of their business subject to the MLR. This includes:
- building societies;
- designated investment firms;
- investment firms;
- mortgage lenders;
- electronic money institutions;
- full permission consumer credit firms;
- life insurers;
- retail investment intermediaries;
- mortgage intermediaries.
The number of affected firms is likely to increase with the UK’s implementation of the Fourth Money Laundering Directive by 26 June 2017.
General insurers, general insurance intermediaries and credit unions are excluded for now (but watch this space).
The following are not required to submit a REP-CRIM for proportionality reasons:
- retail investment and mortgage intermediaries with revenue of less than £5 million;
- investment firms with revenue of less than £5 million;
- consumer credit firms (limited permission firms are entirely excluded) with revenue of less than £5 million;
- electronic money institutions with revenue of less than £5 million.
The £5 million threshold is calculated as at the last accounting reference date from all regulated and unregulated income, whether or not it comes from MLR-relevant business. The FCA intends to review the threshold every three years.
What are the relevant dates?
Affected firms with an accounting reference date falling on or after 31 December 2016 will be required to submit a REP-CRIM within 60 business days of the financial year end. For firms with an accounting reference date of 31 December 2016, this means that the first REP-CRIM will be due in March 2017.
Data will be submitted on a ‘best endeavours’ basis for the first reporting period (i.e. where the accounting reference date falls between 31 December 2016 and 30 December 2017 inclusive). After this initial cycle, the FCA will begin to publish aggregated financial crime data, together with commentary and contextual information.
What information is required?
A firm will only be required to report in respect of the areas of its business subject to the MLR.
Firms may submit either one return per regulated entity or a group return for a set of firms (provided that all entities included on the return have the same financial year end).
The final form of the rules will be added as Chapter 16.23 of the Supervision Manual in the FCA’s Handbook. A copy of the final rules is set out in the appendix to the FCA’s Policy Statement PS16/19. The REP-CRIM template and accompanying comprehensive guidance notes for each section of the form can be found at page 7 of the appendix onwards. Firms are required to provide a range of information in respect of operating jurisdictions, customers, compliance, sanctions and fraud.
How do firms submit a REP-CRIM?
The report must be submitted online through the Gabriel reporting system. The FCA has recently published a REP-CRIM template on its reporting data guide webpage.
Affected firms should consider:
- which areas of the business are caught by the reporting requirement;
- the relevant submission dates;
- who will oversee the reporting process;
- whether suitable internal practices and procedures for capturing the required data already exist;
- if not, how these will be implemented or existing mechanisms adapted/improved to meet the requirement, accurately and within the set timescale.
If you have any queries arising from this briefing, please do not hesitate to contact Jeanette Burgess, Andrew Northage or any member of Walker Morris’ Regulatory and Compliance team.