The FCA conducted an assessment that examined five main areas: governance and oversight, skills and resources, screening capabilities, customer due-diligence and know-your-customer procedures, and reporting breaches.
During the assessment, the FCA found several instances of good practices in financial services firms. One notable practice was the proactive approach to identity sanctions exposure to Russia. Firms performed risk exposure assessments and scenario planning before the Russian invasion of Ukraine, demonstrating effective risk management procedures.
The assessment also revealed that many firms had appropriate screening tools in place to mitigate the risks they faced individually. They were also able to demonstrate the effectiveness of their sanctions systems thresholds and parameters.
However, based on the assessment findings, the FCA has made suggestions for areas where financial services firms need improvement. One key issue was that some global firms' sanctions policies were not aligned with the UK sanctions regime, resulting in a lack of awareness and an increased risk of non-compliance.
The assessment also highlighted an over-reliance on third-party sanctions screening tools and insufficient calibration of these tools. Additionally, the lack of adequate skills and resources to handle reporting was a concern, as many firms had significant backlogs in assessing, escalating, and reporting alerts from name and payment screening.
In terms of customer due-diligence and know-your-customer procedures, the FCA raised concerns regarding the low quality of assessments, which increased the risk of firms failing to identify sanctioned individuals.
In light of these findings, the FCA encourages firms to continually evaluate their approach to identifying and assessing sanctions risks, strengthen measures to prevent breaches, and adjust to evolving sanctions and shifting risk exposures.
If you require assistance in relation to the above and/or would like to discuss anything further, please do not hesitate to contact firstname.lastname@example.org or your usual A.C.T. contact.