You are viewing the version of the document as on 2024-12-12.

FCG 4.1 Introduction

FCG 4.1.1

1 Who should read this chapter? This chapter applies to all firms subject to the financial crime rules in SYSC 3.2.6R or SYSC 6.1.1R and to e-money institutions and payment institutions within our supervisory scope, with the following exceptions:

  1. 1 • FCG 4.2.2 applies only to mortgage lenders within our supervisory scope;

  2. 2 • FCG 4.2.3 applies to mortgage intermediaries only; and

  3. 3 • FCG 4.2.5 applies to retail deposit takers only.

FCG 4.1.2

1All firms must take steps to defend themselves against financial crime, but a variety of approaches is possible. This chapter provides guidance on themes that should form the basis of managing financial crime risk. The general topics outlined here are also relevant in the context of the specific financial crime risks detailed in subsequent chapters.

FCG 4.1.3

1The contents of FCG’s fraud chapter reflect the FSA’s previous thematic work in this area. This means it does not specifically address such topics as plastic card, cheque or insurance fraud. This is not because the FCA regards fraud prevention as unimportant. Rather it reflects our view that our limited resources are better directed elsewhere, given the strong incentive firms should have to protect themselves from fraud; and the number of other bodies active in fraud prevention. Links to some of these other bodies are provided in FCG 4.4.

FCG 4.2 Themes

Preventing losses from fraud

FCG 4.2.1

1All firms will wish to protect themselves and their customers from fraud. Management oversight, risk assessment and fraud data will aid this, as will tailored controls on the ground. We expect a firm to consider the full implications of the breadth of fraud risks it faces, which may have wider effects on its reputation, its customers and the markets in which it operates.

The general guidance in FCG 2 also applies in relation to fraud.

Self-assessment questions:

  1. • What information do senior management receive about fraud trends? Are fraud losses accounted for clearly and separately to other losses?

  2. • Does the firm have a clear picture of what parts of the business are targeted by fraudsters? Which products, services and distribution channels are vulnerable?

  3. • How does the firm respond when reported fraud increases?

  4. • Does the firm’s investment in anti-fraud systems reflect fraud trends?

  5. Examples of good practice

    Examples of poor practice

    The firm takes a view on what areas of the firm are most vulnerable to fraudsters, and tailors defences accordingly.

    Senior management appear unaware of fraud incidents and trends. No management information is produced.

    Controls adapt to new fraud threats.

    Fraud losses are buried in bad debts or other losses.

    The firm engages with relevant cross-industry efforts to combat fraud (e.g. data-sharing initiatives like CIFAS and the Insurance Fraud Bureau, collaboration to strengthen payment systems, etc.) in relation to both internal and external fraud.

    There is no clear and consistent definition of fraud across the business, so reporting is haphazard.

    Fraud response plans and investigation procedures set out how the firm will respond to incidents of fraud.

    Fraud risks are not explored when new products and delivery channels are developed.

    Lessons are learnt from incidents of fraud.

    Staff lack awareness of what constitutes fraudulent behaviour (e.g. for a salesman to misreport a customer’s salary to secure a loan would be fraud).

    Anti-fraud good practice is shared widely within the firm.

    Sales incentives act to encourage staff or management to turn a blind eye to potential fraud.

    To guard against insider fraud, staff in high risk positions (e.g. finance department, trading floor) are subject to enhanced vetting and closer scrutiny. ‘Four eyes’ procedures (see FCG Annex 1 for common terms) are in place.

    Banks fail to implement the requirements of the Payment Services Regulations and Banking Conduct of Business rules, leaving customers out of pocket after fraudulent transactions are made.

    Enhanced due diligence is performed on higher risk customers (e.g. commercial customers with limited financial history. See ‘long firm fraud’ in FCG Annex 1).

    Remuneration structures may incentivise behaviour that increases the risk of mortgage fraud.

    2

    Cryptoasset businesses pre-screen outbound transactions for addresses linked to fraud.

Mortgage fraud – lenders

FCG 4.2.2

1This section applies to mortgage lenders within the supervisory scope of the appropriate regulator.

Self-assessment questions:

  1. • Are systems and controls to detect and prevent mortgage fraud coordinated across the firm, with resources allocated on the basis of an assessment of where they can be used to best effect?

  2. • How does your firm contain the fraud risks posed by corrupt conveyancers, brokers and valuers?

  3. • How and when does your firm engage with cross-industry information-sharing exercises?

  4. Examples of good practice

    Examples of poor practice

    A firm’s underwriting process can identify applications that may present a higher risk of mortgage fraud.

    A lender fails to report relevant information to the FCA’sInformation from Lenders (IFL) scheme as per FCA guidance on IFL referrals.

    Membership of a lender’s panels of brokers, conveyancers and valuers is subject to ongoing review. Dormant third parties are identified.

    A lender lacks a clear definition of mortgage fraud, undermining data collection and trend analysis.

    A lender reviews existing mortgage books to identify and assess mortgage fraud indicators.

    A lender’s panels of conveyancers, brokers and valuers are too large to be manageable.

    A lender verifies that funds are being dispersed in line with instructions before it releases them.

    The lender does no work to identify dormant parties.

    A lender promptly discharges mortgages that have been redeemed and checks whether conveyancers register charges with the Land Registry in good time.

    A lender relies solely on the Financial Services Register when vetting brokers.

    Underwriters’ demanding work targets undermine efforts to contain mortgage fraud.

Mortgage fraud – intermediaries

FCG 4.2.3

1This section applies to mortgage intermediaries.

Self-assessment questions:

  1. • does your firm satisfy itself that it is able to recognise mortgage fraud?

  2. • When processing applications, does your firm consider whether the information the applicant provides is consistent? (For example, is declared income believable compared with stated employment? Is the value of the requested mortgage comparable with what your firm knows about the location of the property to be purchased?)

  3. • What due diligence does your firm undertake on introducers?

  4. Examples of good practice

    Examples of poor practice

    Asking to see original documentation whether or not this is required by lenders.

    Failing to undertake due diligence on introducers.

    Using the FCA’sInformation from Brokers scheme to report intermediaries it suspects of involvement in mortgage fraud.

    Accepting all applicant information at face value.

    Treating due diligence as the lender’s responsibility.

Enforcement action against mortgage brokers

FCG 4.2.4

Breaches the FCA has identified as part of enforcements actions against mortgage brokers2 have included:

1
  1. • deliberately submitting to lenders applications containing false or misleading information; and

  2. • failing to have adequate systems and controls in place to deal with the risk of mortgage fraud.

The FCA has 2referred numerous cases to law enforcement, a number of which have resulted in criminal convictions.

Investment fraud

FCG 4.2.5

1UK consumers are targeted by share-sale frauds and other scams including land-banking frauds, unauthorised collective investment schemes and Ponzi schemes. Customers of UK deposit-takers may fall victim to these frauds, or be complicit in them. We expect these risks to be considered as part of deposit-takers’ risk assessments, and for this to inform management’s decisions about the allocation of resources to a) the detection of fraudsters among the customer base and b) the protection of potential victims.

Self-assessment questions:

  1. • Have the risks of investment fraud (and other frauds where customers and third parties suffer losses) been considered by the firm?

  2. • Are resources allocated to mitigating these risks as the result of purposive decisions by management?

  3. • Are the firm’s anti-money laundering controls able to identify customers who are complicit in investment fraud?

  4. Examples of good practice

    Examples of poor practice

    A bank regularly assesses the risk to itself and its customers of losses from fraud, including investment fraud, in accordance with their established risk management framework. The risk assessment does not only cover situations where the bank could cover losses, but also where customers could lose and not be reimbursed by the bank. Resource allocation and mitigation measures are informed by this assessment.

    A bank has performed no risk assessment that considers the risk to customers from investment fraud.

    A bank contacts customers if it suspects a payment is being made to an investment fraudster.

    A bank fails to use actionable, credible information it has about known or suspected perpetrators of investment fraud in its financial crime prevention systems.

    A bank has transaction monitoring rules designed to detect specific types of investment fraud. Investment fraud subject matter experts help set these rules.

    Ongoing monitoring of commercial accounts is allocated to customer-facing staff incentivised to bring in or retain business.

    A bank allocates excessive numbers of commercial accounts to a staff member to monitor.

FCG 4.3 Further guidance

FCG 4.3.1

1 FCTR contains the following additional material on fraud:

  1. FCTR 10 summarises the findings of the Small Firms Financial Crime Review. It contains guidance directed at small firms on:

    1. ◦ Monitoring activity (FCTR 10.3.3G)

    2. ◦ Responsibilities and risk assessments (FCTR 10.3.7G)

    3. ◦ General fraud (FCTR 10.3.13G)

    4. ◦ Insurance fraud (FCTR 10.3.14G)

    5. ◦ Investment fraud (FCTR 10.3.15G)

    6. ◦ Mortgage fraud (FCTR 10.3.16G)

    7. ◦ Staff/Internal fraud (FCTR 10.3.17G)

  2. FCTR 11 summarises the findings of the FSA’s thematic review Mortgage fraud against lenders. It contains guidance on:

    1. ◦ Governance, culture and information sharing (FCTR 11.3.1G)

    2. ◦ Applications processing and underwriting (FCTR 11.3.2G)

    3. ◦ Mortgage fraud prevention, investigations, and recoveries (FCTR 11.3.3G)

    4. ◦ Managing relationships with conveyancers, brokers and valuers (FCTR 11.3.4G)

    5. ◦ Compliance and internal audit (FCTR 11.3.5G)

    6. ◦ Staff recruitment and vetting (FCTR 11.3.6G)

    7. ◦ Remuneration structures (FCTR 11.3.7G)

    8. ◦ Staff training and awareness (FCTR 11.3.8G)

  3. FCTR 14 summarises the findings of the FSA’s thematic review Banks’ defences against investment fraud. It contains guidance directed at deposit-takers with retail customers on:

    1. ◦ Governance (FCTR 14.3.2G)

    2. ◦ Risk assessment (FCTR 14.3.3G)

    3. ◦ Detecting perpetrators (FCTR 14.3.4G)

    4. ◦ Automated monitoring (FCTR 14.3.5G)

    5. ◦ Protecting victims (FCTR 14.3.6G)

    6. ◦ Management reporting and escalation of suspicions (FCTR 14.3.7G)

    7. ◦ Staff awareness (FCTR 14.3.8G)

    8. ◦ Use of industry intelligence (FCTR 14.3.9G)

FCG 4.3.2

1 FCTR 2 summarises the FSA’s thematic review Firms’ high-level management of fraud risk.

FCG 4.4 Sources of further information

FCG 4.4.1

1 To find out more about what FCA is doing about fraud, see:

  1. • Details of the FCA’s Information from Lenders scheme: https://www.fca.org.uk/firms/fraud/report-mortgage-fraud-lenders

  2. • Details of the FCA’s Information from Brokers scheme: https://www.fca.org.uk/firms/fraud/report-mortgage-fraud-advisers

FCG 4.4.2

The list of other bodies engaged in counter-fraud activities is long, but more information is available from:

  1. • Action Fraud, which is the UK’s national fraud reporting centre: www.actionfraud.police.uk

  2. • Fighting Fraud Action (FFA-UK) is responsible for leading the collective fight against financial fraud on behalf of the UK payments industry.2

  3. • The City of London Police, which has ‘lead authority’ status in the UK for the investigation of economic crime, including fraud https://www.cityoflondon.police.uk/advice-and-support/fraud-and-economic-crime/Pages/default.aspx

  4. • The Fraud Advisory Panel, which acts as an independent voice and supporter of the counter fraud community: www.fraudadvisorypanel.org/