The Financial Conduct Authority’s Review into Challenger Banks’ Financial Crime Controls: The Key Takeaways

image showing The Financial Conduct Authority’s Review into Challenger Banks’ Financial Crime Controls

Since the COVID-19 pandemic, the UK financial services industry has seen unprecedented growth in the popularity of challenger and online-only banks. Rapid digital acceleration, alongside a sharp focus on convenience and online experience necessitated by lockdowns, mean that our financial habits have changed. In fact, a fifth of consumers expect to apply for a current account with an online-only bank or app in 2022, which is twice as many as in 20191.

However, the growing demand for the digital-first services challenger banks provide does not mean that this sector is without its own challenges. In fact, the Financial Conduct Authority (FCA) conducted a review of challenger banks in 2021 publishing the results in April 2022. The findings found that many need to improve how they assess financial crime risk in the UK, with some failing to implement adequate financial crime risk assessments for their customers.

In this article, we’ll explore the FCA’s Findings of the review, how it came about, and its key recommendations.

What is a challenger bank?

There is currently no universally agreed definition of the term ‘challenger bank’. However, the National Risk Assessment of Money Laundering & Terrorist Funding (NRA) defines a challenger bank as:

"a sub-sector of retail banks that aim to reduce the market concentration of traditional high street banks through the use of technology and more up-to-date IT systems."

While some organisations may be more established, many challenger banks are often smaller, more recent entrants to the retail banking market that aim to challenge the dominance of large, long-established national banks.

Challenger banks may include or be known as neobanks, online banks, internet-only banks, virtual banks, digital banks or direct banks. They often operate exclusively online, without traditional physical branch networks.

Why did the Financial Conduct Authority (FCA) conduct a review into challenger banks’ financial crime controls?

In a separate whitepaper, National risk assessment of money laundering and terrorist financing 2020 (NRA) , HM Treasury highlighted the potential risks that challenger banks presented as a result of their faster onboarding processes.

Though all banks are required to carry out customer due diligence (CDD) checks, the NRA report found that criminals may be more attracted to the fast onboarding processes that challenger banks offer, particularly when setting up mule networks, as they look to exploit looser controls for the benefit of money laundering activity.

In light of the risks highlighted by the NRA report, the FCA conducted a review into the financial crime controls at challenger banks  based on a sample of  six retail challenger banks, which represented approximately 8 million customers.

The FCA’s review focused on several key areas, including:

  • Governance and management information
  • Policies and procedures
  • Risk assessments
  • Identification of high risk and or sanctioned individuals or entities
  • Ongoing monitoring and due diligence
  • Internal training, communication, and awareness.

What did the FCA’s review into challenger banks find?

The FCA’s review, conducted throughout 2021, found some evidence of good practice, but also highlighted some key areas for review:

Examples of good practice within challenger banks

Use of Technology

The report acknowledged that challenger banks have been effective in using technology to identify and verify consumers at speed, allowing them to simplify and improve the onboarding process overall. Examples of the technology used include video selfies, geolocation and document images, and document verification

Stand-alone Policies

Some of the challenger banks reviewed were able to evidence stand-alone financial crime policies and/ procedures. The policies were regularly updated and focused on expected financial crime risks.

Fraud Matching

Some of the reviewed banks mitigated risks through fraud matching , this was carried out by many challenger banks as part of their onboarding and ongoing account monitoring processes.

Device Recognition

The FCA also highlighted the use of device-based solutions as part of their report. This technology was used to help challenger banks identify when customers are using multiple devices to manage their accounts.

What are the challenges facing challenger banks?

Customer Risk Assessment (CRA)

The FCA findings revealed that Customer risk assessments (CRA) frameworks were not well developed in some challenger banks and lacked sufficient detail. Some banks did not have any CRA frameworks in place at all.

CRA’s are crucial and a key part of complying with Money Laundering Regulation (MLR) as they ensure that the risks a customer relationship presents to a firm are captured. And without these businesses can’t measure and provide ongoing monitoring to ensure that their due diligence measures are effective and proportionate to the risks posed by its individual customers.

Customer Due Diligence (CDD) and Minimal Application Data

Although some challenger banks did comply with their CDD obligations to identify and verify customers, they often did not go beyond basic identification and verification requirements to create a robust picture of a customer’s risk profile. For example, the review found that most challenger banks did not collect income or occupation data from their customers. In many cases, this meant that the nature of the customer’s intended relationship with the bank could not be established.

Enhanced Due Diligence (EDD)

The review found inconsistencies in the application of enhanced due diligence processes. In many cases, formal processes were not documented, especially for higher risk circumstances, such as in the management of politically exposed persons (PEPs).

Ineffective Transaction Monitoring

Inadequate transaction monitoring alerts were a common theme, including:

  • Incomplete and undocumented investigations;
  • Rationale lacking detail to justify discounting an alert as false a positive; and
  • Inadequate resources to review alerts and submit Suspicious Activity Reports as soon as practicably possible in line with the requirements set out under the Proceeds of Crime Act 2002.

Suspicious Activity Report (SAR) Increases

The UK Financial Intelligence Unit (UKFIU) noted a substantial increase in suspicious activity reports being submitted. Many of the SARs failed to properly identify the basis of the suspicion, and in some cases, customers were allowed to continue transacting before a response to a Defence Against Money Laundering report had been received from the NCA.

Financial crime change programs

Weaknesses were identified in some challenger banks’ abilities to manage, oversee, and control financial crime change programs. This resulted in some control frameworks misaligning to evolving business models. It was noted that clear project plans would be required to facilitate the enhancement of controls in a timely manner, with appropriate governance arrangements and oversight from senior management throughout the project.

Principle 11 Notification

The report found that some challenger banks failed to notify the FCA of known significant financial crime control failings in accordance with their obligations under Principle 11 of the FCA Handbook.

Key takeaways from the FCA’s review

Overall, the review acknowledged that challenger banks are an important part of the UK’s retail banking offering, and, when compared to traditional retail banks, there are limited differences in the inherent financial crime risks faced by both types of banks. However, it was noted that there cannot be a trade-off between quick and easy account opening and robust financial crime controls, and that challenger banks should consider enhancing their financial crime systems to prevent harm.

What are the FCA’s recommendations for challenger banks’ financial crime controls?

Anti-Money Laundering (AML) and anti-financial crime systems and controls remain a key area of focus for the FCA and its enforcement teams. It is likely that these findings will bring increased scrutiny of challenger banks and set out the baseline of the FCA’s expectations for other financial service firms in this space.

The FCA made a number of clear recommendations on how challenger banks should further improve their financial crime controls, including:

  • Adopting a risk-based approach – Challenger banks should adopt a risk-based approach to AML which adapts with the organisation as it continues to grow. To ensure this, it is recommended that challenger banks regularly review controls to help ensure that they remain fit for purpose on an ongoing basis.
  • Establish remedial programs -  Where the FCA identified issues, challenger banks need to establish remedial programs. In some cases, this may result in rejecting new customers at the onboarding stage or exiting banking relationships with some existing customers.

How can challenger banks adopt a risk-based approach without adding unnecessary friction to customer journeys?

Challenger banks were encouraged to adopt a risk-based approach to AML. TransUnion is an established provider of information, technology, and analytics. We understand the business need to balance growth and risk, and can help organisations:

  • Establish trust:  by accurately identifying , verifying and screening  customers to determine if EDD is required, whilst enabling low risk customers the quickest friction-right journey.
  • Build confidence: by running non-intrusive device email and mobile  intelligence checks on risker customers to reduce false positives, without adding unnecessary friction.
  • Enhance Verificationby enabling customers who need further review to authenticate themselves using their own device to capture and verify a government issued photo ID. For event even greater security facial recognition can be added to bolster verification and create anti-impersonation controls
  • Identify suspicious behaviour: by bringing together expertise and machine learning technology to explore complex challenges from customer vulnerability to mule activity and compromised identity delivered through our consultancy

Contact us via the form below or speak to your account manager to find out how we can help support you take a risk-based approach to customer onboarding and financial crime. We understand that every business is unique so at TransUnion we work with you to find the right solutions for you and your business.

1TransUnion Consumer Pulse Q1 2022

Sign up to receive our monthly newsletter

Email Address *

Yes please, I’d like to hear about the above by email

An error occured. Please try again.

If you’re a consumer with questions or issues related to your personal credit report, drivers history report, disputes, fraud, identity theft, credit report freeze or credit monitoring services, please visit our Customer Enquiries page for assistance.

Contact Us

TransUnion would like to send you original insight, commentary and research on data, software and analytics, early notifications of exclusive events and information about our products and services. If you would like to receive that information, please let us know using the following options:

Business enquiries: If you have a non-sales related query please call us on (+44) 0113 388 4300

Please read our privacy notice , which explains who we are, how we collect and use your personal information and how you can exercise your privacy rights.

We're sorry, your request failed. Please try again in a little while.