Develop and implement risk-based controls to counter financial crime

This standard is about developing and implementing risk-based controls to counter financial crime within your organisation You must take into consideration the resources required to implement appropriate controls. When developing controls you will also need to establish a system for monitoring and evaluating their effectiveness. This standard is relevant to roles in countering financial crime.

1. determine key risk indicators relating to internal and external financial crime
2. establish key performance indicators relating to countering financial crime with senior management and appropriate stakeholders
3. check you have an accurate and up-to-date financial crime risk assessment
4. identify the areas of potential financial crime and where controls are required
5. identify the different controls available to your organisation and the resources required to implement
6. assess the controls to determine those most suited to your organisation
7. estimate the timescales involved in developing and implementing controls to counter financial crime and whether temporary controls are necessary
8. implement the controls and ensure they are appropriate and effective
9. document key risk indicators to identify when the controls have been breached
10. identify crystallised and near miss events which indicate a failing/potential failing in existing controls
11. develop a mitigation strategy
12. collate appropriate management information to monitor the effectiveness of the controls
13. apply good practice when developing a response plan for handling the effects of a control failure
14. develop independent mechanisms for monitoring and reporting upon the effectiveness of controls in place and their relevance to your organisation’s financial crime risk strategy

1. your organisation’s strategy and approach towards countering financial crime
2. purpose of the financial crime risk assessment and its importance in identifying relevant financial crime risk and mitigation
3. nature, scale and complexity and operating environment of your organisation
4. key risks to your organisation from financial crime
5. how to identify where controls are required and why
6. types of controls that can be used to mitigate against financial crime risks, their advantages and disadvantages and suitability to your organisation
7. resources required to implement controls and future controls
8. the Three Lines of Defence model and how this can be applied to your organisation
9. nature of your organisation’s controls to mitigate financial crime risks
10. how to implement controls and methods for monitoring and reporting on their effectiveness
11. requirements of a response plan and a response team
12. legislation, regulations and codes of practice, relevant to you and your organisation and any specific obligations

"Financial Crime
This includes any office involving money laundering, terrorist financing, fraud
or dishonest or market abuse. (Definition based on the FCA definition of
financial crime). This includes financial crime both internal and external to a
financial services organisation.
Legal and regulatory requirements
This refers to a range of obligations incumbent upon financial organisations
and is commonly referred to as ‘compliance requirements. The legal and
regulatory requirements of an organisations or individual/s within it (such as
‘approved persons) may differ slightly according to the type of financial
organisation and the services it offers. The regulator of all providers of
financial services in the UK oversees a number of regulated activities under
powers derived from the Financial Services and Markets Act 2000.
A number of other pieces of UK legislation are relevant to the countering of
financial crime, such as the Proceeds of Crime Act (POCA), the Serious
Organised Crime and Police Act (SOCPA, the Fraud Act 2006, for example.
UK financial institutions are also subject to European Commission legislation
enacted by the British Government such as the Market Abuse Directive and
the Basel 2 Accord (for capital adequacy).
Financial organisations, like any other employer, are also subject to a range of
legal requirements covering areas such as discrimination, equality and
diversity, Health and safety and Data protection.
Organisation
This refers to an organisation that offers financial services this could be
insurance, investment, lending and credit, pensions, securities and
derivatives. It includes organisations in both the public and private sector.
Systems and controls
The practices and procedures put in place to protect an organisation from
financial crime. In some cases it is accepted that certain (or indeed all) types
of financial crime cannot be wholly prevented, but controls can limit its extend
and impact.
Crystalised events
the risk has materialised and the controls that were in place to deal with the
risk were found to be ineffective. Th is would prompt a review of the controls
and re-testing to ensure the risk cannot happen again"