Assurance

Adopting a risk-based approach means considering the likelihood of unwanted outcomes and focussing efforts where the risks are considered highest. A risk-based approach helps firms to identify situations where additional measures and controls may be appropriate.

Consequently, a risk-based approach requires that measures implemented to reduce financial crime risks, such as, fraud, money laundering and bribery, are commensurate to the level of risk identified. This influences how firms allocate resources, including risk and compliance resource, to ensure that the three lines of defence discharge their functions in a way that supports the application of a risk-based approach by a firm.

Framework integrity

Covering policy and procedure, the fabric of a financial crime framework requires a robust quality assurance, which includes:

1. Work to ensure that risk assessment, policies, procedures, systems and controls are effective in practice, via routine Internal Audit and Compliance testing of the firm’s defences for financial crime, including specific financial crime threats
2. Coordinated lines of defence assurance activity to provide effective challenge to a firm's risk-based framework
3. Testing relevant employee understanding of internal arrangements for responding to fraud, bribery, money-laundering, financial sanctions and other improper behaviour

Management information

Senior Management own risk-appetite and is responsible for challenging variance or deviation to approved policy. To inform awareness of when to apply challenge:

• Policy accountability and responsibility should be clear and transaparent
• Responsibility for assurance-based reporting on financial crime arrangements should be clear and unambiguous
• Committees' terms of reference for managing financial crime risk, must set out the forum's remit and responsibility, including actions expected of such forums
• Regular reporting should be in place for management approved Key Risk Indicators, together with timely escalation to an executive or Board member on new/emerging significant risk
• Assurance based reporting should reflect a firm's committment to conducting business fairly, honestly and openly

How we can help you

FCRM assists clients to plan and mobilise assurance-based reviews of (internal or out-sourced) financial crime arrrangements.

We provide independent challenge to control framework design and assurance-based oversight arrangements, assisting clients to assess financial crime controls and the adequacy of management information reporting arrangements, used to inform executive understanding of a firm's compliance with regulatory requirements for financial crime.