Since the COVID-19 pandemic, the UK financial services industry has seen unprecedented growth in the popularity of challenger and online-only banks. Rapid digital acceleration, alongside a sharp focus on convenience and online experience necessitated by lockdowns, mean that our financial habits have changed. In fact, a fifth of consumers expect to apply for a current account with an online-only bank or app in 2022, which is twice as many as in 20191.
However, the growing demand for the digital-first services challenger banks provide does not mean that this sector is without its own challenges. In fact, the Financial Conduct Authority (FCA) conducted a review of challenger banks in 2021 publishing the results in April 2022. The findings found that many need to improve how they assess financial crime risk in the UK, with some failing to implement adequate financial crime risk assessments for their customers.
In this article, we’ll explore the FCA’s Findings of the review, how it came about, and its key recommendations.
There is currently no universally agreed definition of the term ‘challenger bank’. However, the National Risk Assessment of Money Laundering & Terrorist Funding (NRA) defines a challenger bank as:
"a sub-sector of retail banks that aim to reduce the market concentration of traditional high street banks through the use of technology and more up-to-date IT systems."
While some organisations may be more established, many challenger banks are often smaller, more recent entrants to the retail banking market that aim to challenge the dominance of large, long-established national banks.
Challenger banks may include or be known as neobanks, online banks, internet-only banks, virtual banks, digital banks or direct banks. They often operate exclusively online, without traditional physical branch networks.
In a separate whitepaper, National risk assessment of money laundering and terrorist financing 2020 (NRA) , HM Treasury highlighted the potential risks that challenger banks presented as a result of their faster onboarding processes.
Though all banks are required to carry out customer due diligence (CDD) checks, the NRA report found that criminals may be more attracted to the fast onboarding processes that challenger banks offer, particularly when setting up mule networks, as they look to exploit looser controls for the benefit of money laundering activity.
In light of the risks highlighted by the NRA report, the FCA conducted a review into the financial crime controls at challenger banks based on a sample of six retail challenger banks, which represented approximately 8 million customers.
The FCA’s review focused on several key areas, including:
The FCA’s review, conducted throughout 2021, found some evidence of good practice, but also highlighted some key areas for review:
Examples of good practice within challenger banks
Use of Technology
The report acknowledged that challenger banks have been effective in using technology to identify and verify consumers at speed, allowing them to simplify and improve the onboarding process overall. Examples of the technology used include video selfies, geolocation and document images, and document verification
Some of the challenger banks reviewed were able to evidence stand-alone financial crime policies and/ procedures. The policies were regularly updated and focused on expected financial crime risks.
Some of the reviewed banks mitigated risks through fraud matching , this was carried out by many challenger banks as part of their onboarding and ongoing account monitoring processes.
The FCA also highlighted the use of device-based solutions as part of their report. This technology was used to help challenger banks identify when customers are using multiple devices to manage their accounts.
Customer Risk Assessment (CRA)
The FCA findings revealed that Customer risk assessments (CRA) frameworks were not well developed in some challenger banks and lacked sufficient detail. Some banks did not have any CRA frameworks in place at all.
CRA’s are crucial and a key part of complying with Money Laundering Regulation (MLR) as they ensure that the risks a customer relationship presents to a firm are captured. And without these businesses can’t measure and provide ongoing monitoring to ensure that their due diligence measures are effective and proportionate to the risks posed by its individual customers.
Customer Due Diligence (CDD) and Minimal Application Data
Although some challenger banks did comply with their CDD obligations to identify and verify customers, they often did not go beyond basic identification and verification requirements to create a robust picture of a customer’s risk profile. For example, the review found that most challenger banks did not collect income or occupation data from their customers. In many cases, this meant that the nature of the customer’s intended relationship with the bank could not be established.
Enhanced Due Diligence (EDD)
The review found inconsistencies in the application of enhanced due diligence processes. In many cases, formal processes were not documented, especially for higher risk circumstances, such as in the management of politically exposed persons (PEPs).
Ineffective Transaction Monitoring
Inadequate transaction monitoring alerts were a common theme, including:
Suspicious Activity Report (SAR) Increases
The UK Financial Intelligence Unit (UKFIU) noted a substantial increase in suspicious activity reports being submitted. Many of the SARs failed to properly identify the basis of the suspicion, and in some cases, customers were allowed to continue transacting before a response to a Defence Against Money Laundering report had been received from the NCA.
Financial crime change programs
Weaknesses were identified in some challenger banks’ abilities to manage, oversee, and control financial crime change programs. This resulted in some control frameworks misaligning to evolving business models. It was noted that clear project plans would be required to facilitate the enhancement of controls in a timely manner, with appropriate governance arrangements and oversight from senior management throughout the project.
Principle 11 Notification
The report found that some challenger banks failed to notify the FCA of known significant financial crime control failings in accordance with their obligations under Principle 11 of the FCA Handbook.
Overall, the review acknowledged that challenger banks are an important part of the UK’s retail banking offering, and, when compared to traditional retail banks, there are limited differences in the inherent financial crime risks faced by both types of banks. However, it was noted that there cannot be a trade-off between quick and easy account opening and robust financial crime controls, and that challenger banks should consider enhancing their financial crime systems to prevent harm.
What are the FCA’s recommendations for challenger banks’ financial crime controls?
Anti-Money Laundering (AML) and anti-financial crime systems and controls remain a key area of focus for the FCA and its enforcement teams. It is likely that these findings will bring increased scrutiny of challenger banks and set out the baseline of the FCA’s expectations for other financial service firms in this space.
The FCA made a number of clear recommendations on how challenger banks should further improve their financial crime controls, including:
Challenger banks were encouraged to adopt a risk-based approach to AML. TransUnion is an established provider of information, technology, and analytics. We understand the business need to balance growth and risk, and can help organisations:
Contact us via the form below or speak to your account manager to find out how we can help support you take a risk-based approach to customer onboarding and financial crime. We understand that every business is unique so at TransUnion we work with you to find the right solutions for you and your business.
1TransUnion Consumer Pulse Q1 2022