Financial crime is an international scourge, damaging societies around the world. It is not a remote or “victimless” problem – it touches real people globally by funding terrorism, fuelling corruption and siphoning off money that is needed for frontline public services. It also does commercial damage, reducing investor and consumer confidence and undermining market integrity.
Technology is fuelling financial crime and, says, Alessandro Pelliccia, the course leader on a new Chartered IIA Auditing Financial Crime masterclass, the criminals have an advantage because they do not need to invest in testing or meet regulatory requirements before they adopt it. An effective and well-informed internal audit operation is therefore more vital than ever.
Pelliccia speaks of what he knows. He has extensive experience conducting internal audits in European and UK banks and, when he was asked to audit financial crime and review a bank’s financial crime framework, he struggled to find the support he needed.
“There is an abundance of financial crime training and certifications on the market, but they focus on the role of the compliance function rather than internal audit. This course aims to shift attention to the needs of the third line,” he says. “Compliance is not enough. Just because you are complying with all the regulations does not prove that any of your controls are working correctly.”
The aim of this new course, therefore, is to equip internal auditors so they can rigorously challenge the established frameworks and rules to identify how these actually work in practice. Do they do what they are designed to do and, if not, why not?
One sign that controls are not yet working optimally is that financial services firms are generating huge numbers of suspicious activity alerts, yet only 1-2% of these turn into actionable reports.
Technology is good at scanning data for anomalies, but there is still a huge problem connecting and sharing all the data, Pelliccia says. Criminal financial networks are complex and involve multiple accounts, investments and assets – often concealed behind shell companies. Rules designed to protect privacy or national security can create barriers to sharing information even within the same multinational banking group.
Global responses to the problem are being developed. The Financial Action Task Force (FATF) published revised recommendations in November to encourage jurisdictions to do more to target the proceeds of crime, and the EU has introduced AMLA – a new authority for countering money laundering and terrorist financing – so the rules will develop.
In the UK, the new offence of Failure to Prevent Fraud was added to existing Failure to Prevent Bribery and Failure to Prevent the Facilitation of Tax Evasion in September. It therefore creates a new risk of criminal prosecution for wrongdoing. Further UK changes to financial crime rules under the Economic Crime and Corporate Transparency Act include increased powers for Companies House to increase visibility into company directors and owners.
However, internal audit insights into the effectiveness of existing and evolving controls and policies will continue to be vital. Technology and data sharing mechanisms will help, but an understanding of good governance and corporate culture are also essential if these developments are to make a real difference.
“We need people who can see the big picture. It’s getting ever harder to identify rapidly changing risks, and the volumes of criminal transactions are accelerating aided by AI bots,” Pelliccia says. “All financial crimes are closely interconnected, but there are distinct categories and the framework to counter each type of crime is slightly different.”
This is why the course is divided into four modules:
“Once you know what framework you have in place and how it is working, you need to consider the ‘soft controls’, including what training you provide, whether staff know how they should behave and whether management are sending a strong message from the top that unethical behaviour will not be tolerated,” Pelliccia explains.
Global attitudes to corporate culture in financial services are changing, he adds. Many jurisdictions that did not previously focus on issues such as bribery and corruption are now realising that this weakens them in the global markets. They want to be seen as well governed, transparent and reliable businesses to attract investors. This is an opportunity, but also means that UK and EU firms cannot rest on their laurels.
New fintechs and other financial start-ups are also creating new choices for investors and customers. Loyalty cannot be taken for granted and reputation is a competitive issue.
At a practical level, it is essential for firms to get their frameworks right and ensure that the corporate culture supports these, because this will be a mitigating factor with regulators if things go wrong. “Fines are usually connected to your framework being inadequate or not working properly,” Pelliccia points out. “I want this course to equip internal auditors to ensure that their firms are not fined for basic problems that demonstrate a failure of culture and of the three lines of defence.”
No single framework is right or wrong, Pelliccia says. But people who attend this course – whether they are middle managers tasked with leading a financial crime audit or junior internal auditors keen to learn about the key topics quickly so they can hit the ground running – will leave with serious questions to challenge how well their organisation counters financial crime.
This masterclass is specifically designed for professionals within financial services, who want to deepen their knowledge of key financial crime typologies and regulatory requirements, and strengthen their expertise in auditing financial crime controls and reporting on their effectiveness.
