FCA has set out the systems and controls it expects firms to have in place to continue to manage their financial crime risks during Covid-19. It appreciates firms will face operational challenges, but also notes that criminals are already taking advantage of the pandemic. As a result, firms must:
- stay vigilant to new threats and frauds and update their control environments accordingly;
- be sure to make timely SARs;
- be careful that any necessary reprioritising of operational issues do not mean they turn off any important triggers or thresholds, or stop sanctions screening, simply to get fewer alerts;
- when deciding to delay certain activities, ensure they do so having considered the risks and always having in mind a strategy to return to business as usual;
- not delay reviews for high risk customers and not weaken controls that detect terrorist financing;
- keep clear records of risk assessments that take place and the decision process behind changes; and
- tell FCA of any material issues that impact the effectiveness of their systems or significantly delay remediation plans.
That said, FCA recognises there should be some flexibility. In particular:
- when collecting information from existing customers make reasonable efforts to think of ways to get any missing information before closing the customer’s account;
- use the variety of methods already permitted for non-face to face verification, such as scanned documents, third party verification, use of due diligence carried out by others, and commercial providers.
FCA also reminds firms that their SMF 17s should only be furloughed as a last resort.