Following a review of 159 small firms (out of a population of 16,500) across the wholesale and retail sectors the FSA published ‘The Small Firms Financial Crime Review’. As firms will be aware, financial crime remains a hot topic for the FSA – and is an area highlighted in the Financial Risk Outlook published earlier this year (see Regulatory Roundup #10).
The Small Firms Financial Crime Review covered three main areas: AML & financial sanctions; data security; and fraud controls.
Although the report does not constitute formal FSA guidance we are told that the FSA expects “… firms to make use of our findings …”. Given this, firms may wish to use the report as a basis of a self review to see if any gaps in procedure exist.
If pushed for time then firms can look to Annex 2 for examples of both good practice (e.g. dual signatures required for all payments made over £5000) and bad practice (e.g. the MLRO that was unfamiliar with the JMLSG guidance) found. Other examples quoted include the monitoring of staff emails; disabling USB ports on hardware; and the importance of a clear desk policy.
Although IFAs and Brokers get a frequent mention, examples from other firms, such as discretionary portfolio managers and venture capital firms, also appear – but in any event the principles behind the examples are of more importance than the type of firm in question.