The FCA has assessed and reported on the sanctions controls of over 90 financial service firms from a range of sectors including wealth management.
What are firms doing well?
- Horizon scanning and scenario planning, sample testing, tuning of screening tools and screening tools with built-in fuzzy logic were praised by the FCA.
What needs improvement?
- Management Information: Some firms were not providing senior managers with sufficient information on sanctions processes.
- Resources: Lack of internal resources and expertise in firms’ sanctions teams has led to unacceptable screening backlogs.
- Improperly calibrated tools which were either too sensitive or not sensitive enough.
- Screening tools taking too long to update their lists following a designation.
- Over-reliance on unchecked third-party screening tools.
- CDD and KYC: Low quality CDD and KYC leading firms to not screen all relevant parties because the full ownership structure of an entity was not identified.
- Breach Reporting: Taking weeks or months or entirely neglecting, to report sanctions breaches to the FCA.
What do firms need to do?
- Ensure appropriate KYC and CDD is completed for all potential parties, including their controllers, shareholders and Ultimate Beneficial Owners.
- Review current reporting procedures for potential sanctions breaches and ensure that all relevant staff are appropriately trained to meet their obligations under the relevant sanctions regimes.
- Continue to enhance their screening tools and regularly test their efficacy.
- Ensure information provided to senior managers on sanctions processes is sufficiently detailed.
- Check there is sufficient oversight to ascertain the efficacy of any third-party screening tools in use.
- Understand that the financial and reputational risks from sanctions breaches are growing as the OFSI increases its enforcement activity.