Jonathan Herbst: We thought we would do this video today to reflect on the FCA Business Plan which has just come out. Of course, one of the key items in there was the emphasis on financial crime as one of the key themes for the coming year.
Not a new area; a big subject. And of course the thing that people are very conscious of at the moment is the extent to which they need to have their systems and controls in place before there’s been a crisis and also after there’s been a crisis. So, that is one thing to note. The second thing to note, of course, the changes in legislation. You have got the government now proposing certain tightening up of money laundering procedures; you have also got the Market Abuse Regulation coming in. So as a general theme, financial crime in its broadest sense is and always has been a hot topic, but we have seen yet again the re-emphasis on it.
So, the first thing for firms to do is to think about their ongoing systems and controls and exactly what structures they have got. And of course, the thing to note on this is that it is not just about the legality; it is also about reputational risk, and we have seen plenty of that in the recent events, and that is something to think about. So that is “stage 1”.
Stage 2 is what happens when it all goes wrong. How does one deal with that? Chris, maybe you want to talk about that.
Chris Warren-Smith: As you describe, Jonathan, in some respects people are grappling with the whole holistic concept of financial crime, both in terms of the infrastructure systems and controls that exist before risks crystallised, and then of course how one deals with the issues that arise when risks do crystallise. So what we are seeing a lot of people do is looking at financial crime and saying “well, how do we manage these risks when they crystallise in our business?”. And people are looking very carefully at: who is responsible for the internal investigation?; how do we do the internal investigation?; are our crisis management procedures accurate in a way we need to have them? So, in many respects, people are starting to review that more carefully. The key is looking at financial crime in a more holistic way, rather than in the more disparate way that might previously have been the case.
Jonathan Herbst: And it is fair to say, isn’t it, that if, when there is an investigation, you haven’t got an audit trail, of what you did previously in terms of your systems and controls, basically you are on the back foot before you have even started. And that’s, of course, one of the big things you see in the investigations you do. And it is always that balance between the amount of work you do upfront as a bank or other institution, versus what you need to be done when there is an investigation. But the hard thing is when there is an investigation, it is almost too late if it is caused by the regulator. That is the difficult balance. Is that fair comment?
Chris Warren-Smith: That is a very good point because as and when the risks crystallise, using that formulation, you need to have the audit trail for the systems and controls and the like in place at that time. Now, of course one can attempt to re-invent the wheel a little bit, but the authorities are fully aware of that. And indeed, we are seeing, typically, the US authorities, but elsewhere around the world, authorities are very supportive of institutions that do have a clear audit trail of how they have been trying to identify, manage and mitigate these risks. So, that is very much a focus on the front-end compliance side and the audit trailing of that.
Jonathan Herbst: If you have got the audit trail, it is not a complete protection, but at least you have got a starting point. And it is also true that many of the cases have actually been about failures in systems and controls and in a way it is easier for the regulators to come after people for that in some way than for a specific breach. So particularly given current concerns, it is yet again an amazingly hot topic.
Chris Warren-Smith: Absolutely. And this is where we are seeing organisations now trying to look at this risk holistically, as we said earlier, and very much looking at their systems and controls, both in the main jurisdictions in which they operate, but also in the more emerging jurisdictions where a lot of these risks do arise and then crystallise in the more mature jurisdictions.
Jonathan Herbst: Well, that is just really to flag the issues. And so, yet again, financial crime is a hot topic.
Thank you very much.