On 2nd February 2022, the House of Commons Treasury Committee (the “Treasury Committee”) published the findings of an inquiry into economic crime that opened on 23rd October 2020. The purpose of this report was to support the Government, regulators and law enforcement agencies in tackling economic crime.
Here, we break down the key issues noted in the Treasury Committee’s report and highlight what the implications are – specifically:
The worrying growth of fraud in the UK
The scale of the problem
The Treasury Committee report states in no uncertain terms that fraud is on the rise. In 2021, compared to 2019, fraud had increased by 32%, with it being the greater type of crime than all other crimes put together. Schemes to support individuals during the Covid pandemic were targeted by fraudsters, with the value of fraudulent loans under the Bounce Back Loan Scheme, as of 31st March 2021, was estimated to be £4.9 billion. Consequently, it was no surprise that the Director-General of the National Economic Crime Centre (“NECC”), National Crime Agency (“NCA”) stated “We have a serious problem with fraud in this country”. What may be a surprise to the public is one of the statistics which the report quotes – only 1% of police resources and personnel are devoted to fraud.
Lack of Fraud focus
Throughout the Report, the Treasury Committee highlight the underwhelming focus on fraud, even though it is the largest criminal activity in the UK. The Economic Crime Plan for example has only seven out of 52 actions which relate to fraud. Further to this, the recently introduced Economic Crime Levy, is primarily focused on helping the Government fight money laundering (“ML”), with the levy only applying to entities subject to the Money Laundering Regulations (“MLRs”).
Consequently, the Treasury Committee has recommended that the Government be transparent in its spending of the Levy, as well as additional funding it receives to combat economic crime, ensuring that the resources provided are spent where needed.
Why online fraud is an issue
Online fraud has continued to increase, particularly aggressively during the pandemic years. Figures by UK Finance have seen a recent increase in fraud, especially around impersonation, purchase, and investment scams which, in the majority of cases, have used an online platform. The Financial Conduct Authority (“FCA”), in its Perimeter Report 2020/21, also noted similar trends in growth around online scams, observing 30,000 potential scams reported between April 2020 – March 2021 (a 77% rise from the previous 12 months). According to evidence obtained by the Treasury Committee, “In 2019-20, social media featured in more than 39,000 crime reports to Action Fraud, with losses of over £120 million”.
The Draft Online Safety Bill
The Government is looking to address online fraud and in May 2021 published the Draft Online Safely Bill to tackle online harm and crime. Whilst the Bill will mainly deal with regulation of online content for the purpose of child safety and prevention of terrorism, it will also include measures to protect against user-generated financial fraud on social media and dating apps, including measures to protect people from romance scams and fake investment opportunities.
The Treasury Committee report illustrates that, there have been calls for the anti-fraud elements of the Bill to be enhanced and for the Government to call for online platforms to take legal responsibility to identify, remove and prevent fake and fraudulent content appearing on their sites. The report also notes that the FCA believes that there needs to be more flexibility in the Bill, to be able to deal with new and upcoming threats to allow Ofcom and regulators to act quickly and flexibly. The Joint Committee on the Draft Online Safety Bill recommend that the Bill should be amended to include fraud offences in the list of relevant offences, which would ultimately serve to place a duty on online firms to minimise the risk that fraudulent content appears on their platforms in the first place.
Currently there is no legal requirement for internet platforms and social media firms to do any Know Your Customer (“KYC”) on their advertisers, making it easy for fraudsters to purchase advertising for their fake services and products. Whereas firms regulated by the FCA must abide by the Financial Services and Markets Act (“FSMA”) 2000 where financial promotions can only be communicated by those approved by the FCA to do so. The Treasury Committee report clarifies that the FCA’s view is that there should be a legal obligation for online firms to conduct some level of due diligence before allowing a person to place an ad on their platform.
The report explains that in 2021 the FCA started working with online companies to ensure that they did not accept advertising for regulated financial products which were not in accordance with FSMA – for example, Google have agreed to only allow advertisements which have been approved by an authorised firm to appear in its optimised search services. Some of the other large online firms have also made similar commitments, though not all have said when they will roll this out and others are yet to make such commitments. Interestingly, the Treasury Committee highlight that, to tackle the issue, the FCA has paid around £1 million in advertising to online firms to warn consumers about online frauds and scams.
Authorised Push Payment Fraud
Authorised Push Payment (“APP”) fraud is a type of fraud where the fraudster uses a number of sophisticated social engineering techniques to trick their victims into making real-time payments to transfer funds directly to the fraudsters bank account. This type of fraud is “authorised” because the customer has approved the payment but has not realised it is to a fraudster. There is no statutory protection for victims of authorised push payment fraud, in contrast to unauthorised payment fraud.
The Treasury Committee notes that APP fraud continues to be an increasingly growing problem in the UK. The report references figures released by UK Finance which state that, in the first half of (“H1”) 2021, the value of money lost due to APP scams saw an increase of 71% in comparison to losses seen in the same period in 2020 – the total value of losses in H1 2021 due to APP scams reached £355.3m.
The Contingent Reimbursement Model Code
The report notes that in 2016, Which? (the consumer campaigning group) made a ‘super-complaint’ to the Payment Systems Regulator (“PSR”) in relation to APP fraud. As a result, the PSR set up an industry steering group to create a voluntary industry code to provide reimbursement for victims of APP fraud. This led to the Contingent Reimbursement Model (“CRM”) code, which came into effect in May 2019. The code is however non-statutory and voluntary and thus far only nine payment service providers have signed up. Due to the CRM Code, UK Finance reported that of the cases that have been assessed and closed during H1 2021, 49% of losses was reimbursed to victims.
The Treasury Committee report notes that in February and November 2021, the PSR consulted on the need for improvements to the CRM Code given that the percentage of reimbursements is still below 50%, which indicates the CRM has not been a success. This notion is shared by Treasury Committee, who recommend that “the Government urgently legislates to give the PSR powers to make reimbursements mandatory, and that the PSR then take paid action to protect consumers.”
Confirmation of Payee
The report recognises the introduction of the Confirmation of Payee (“CoP”) has provided greater assurance to consumers that they are sending payments to the intended recipient by confirming the details of the recipient before the payment is made regardless of the platform used (phone, app, mobile and in branch).
As referenced in the report, in 2019 the PSR used its powers to require members of the UK’s six largest banking groups to implement CoP by the end of March 2020. A subsequent May 2021 consultation by the PSR noted that this initiative led to a reduction in APP scams amongst the CoP-enabled institutions. The Treasury Committee ultimately supports the CoP scheme and welcomes the work being done to broaden the scope of the scheme, thereby extending and enhancing the service.
Back to top
Reform, supervision, and enforcement of the UK’s Anti-Money Laundering framework
The effectiveness of the Suspicious Activity Reporting process
The Treasury Committee report highlights the steady increase of Suspicious Activity Reports (“SARs”) which the NCA receives – namely, that the total number of SARs was 573,085 between April 2019 and March 2020, a 19.78% increase on numbers of SARs submitted in the previous year. The report includes comments from the Director-General at the NECC, who unsurprisingly states that “the sheer volume coming through is really significant and very hard to deal with”, and that he believes it would be feasible that the NCA would receive up to 750,000 SARs during 2021. On the positive side, the Director-General does comment that the increasing numbers of SARs has led to an increase in NCA staff from 80 in 2018 to 140 at present (and further plans to increase this to 200). Interestingly, the report contains contrasting views from the FCA’s Director of Enforcement who believes that the increasing volumes of data flowing into the NCA are not unmanageable given the types of software and algorithms that exist. He provides a comparison with the UK’s Market Abuse Regime, which uses software to provide real time insights into potential insider trading using significantly larger datasets.
The Treasury Committee comments on the SARs reform programme, stating that although the programme was announced in 2017, “what the SARs reform programme has achieved so far, what is still to be done and when it will end, is unclear”. Whilst the report notes that the programme is likely to improve anti-money laundering (“AML”) systems and the ability of law enforcement agencies to handle large numbers of SARs quickly and effectively, the Treasury Committee recommends that a timeline and milestones are set and that an annual progress report on the programme is provided.
Supervision of professional bodies and OPBAS
The Treasury Committee observes that the September 2021 OPBAS report found that professional body supervisors (“PBSs”) were “generally compliant” but it also found evidence of inconsistency and “significant weaknesses”, including:
- Only 15% of PBSs were effective in using predictable and proportionate supervisory action
- 50% failed to ensure that members took timely action to correct identified gaps
- Only 33% were effective in developing and recording in writing adequate risk profiles for their sector and only 29% were effective in regularly reviewing and appraising risks.
Overall, the Treasury Committee recognised the good progress that OPBAS has made while also voicing disappointment in the poor performance of a large proportion of PBSs after nearly four years.
Her Majesty’s Revenue and Customers (“HMRC”) as a supervisor
The Treasury Committee report notes that the latest HMRC self-assessment was published in March 2021, and found “that HMRC’s performance overall is currently broadly in line with both the relevant Money Laundering Regulations and with OPBAS’ Sourcebook advice on best practice”. HMRC’s self-assessment also reports an increase in penalties for Money Service businesses – increasing from £384,000 in 2018/19 to £7.8 million in 2019/20. Interestingly, the Treasury Committee questions whether the HMRC self-assessment is the equivalent of the supervisor ‘marking its own homework’.
The Treasury Committee report also focusses on HMRC’s role as supervisor for Trust and Company Service Providers (“TCSPs”). The report references evidence provided by investigative journalists who were critical of HMRC’s role in respect of TCSPs, citing the Financial Crimes Enforcement Network (“FinCEN”) files which showed substantial abuse of UK companies for ML purposes, and noted difficulties with HMRC’s enforcement in this field.
The Treasury Committee ultimately concludes that HMRC’s self-assessment is not truly independent and recommends that a means of obtaining independent assurance is found. The report also notes that HMRC should seek to be more proactive in preventing TCSPs facilitating the use of UK companies for ML and should aim to drive up significantly the numbers of SARs from that sector.
The Financial Action Task Force (“FATF”)
The FATF assessment of 2018 and its positive findings were noted in the Treasury Committee report, which stated that the UK has the strongest overall AML and counter terrorist financing (“CTF”) regime of over 60 countries assessed to date. However, since that period the ML and terrorist financing (“TF”) threat has grown, not diminished, and as such the UK needs to continue to improve its AML/CTF framework with regards to its key position in the global financial system. The Treasury Committee observed that the UK’s response to this growing threat has been slow and inadequate.
The FCA’s enforcement of AML and the NatWest prosecution
In March 2021 the FCA announced that it had begun criminal proceedings against NatWest for breach of the MLRs. This was the first criminal prosecution by the FCA under the Regulations that have been in place since 2007. In October 2021 the FCA announced that NatWest had pleaded guilty and had been convicted of the offences. Sentencing took place in December 2021, and NatWest was fined £268.4 million. The Treasury Committee states that the new assertive approach by the FCA is welcome and serves as a major success. It notes that the level of the fine should be a deterrent to others, but nevertheless questions whether this was an isolated case or whether more prosecutions of banks and financial institutions for such failures will follow.
The Treasury Committee notes its predecessor’s concern that freezing accounts and de-risking is too widespread and has a detrimental effect on innocent businesses and consumers, and that financial institutions to be more transparent with regards to de-risking. The report recommends that the FCA reports annually on numbers of de-risking decisions and the progress made to ensure that banks are not freezing accounts unfairly and de-risking customers.
The rise of cryptoassets in economic crime
The Treasury Committee reports highlights that in recent years there has been a stepwise increase in cryptocurrency transactions and the number of new cryptocurrencies available continues to grow at a staggering rate.
It is noted that hand-in-hand with the rise in popularity of cryptoassets is their propensity to be used for economic crime and fraud. This is in part due to their market volatility and also their features and attributes which make them a popular choice for criminals seeking to launder illicit funds. This is further exacerbated through the prevalence of “private coins”, such as Monero, which provide for increased anonymity. As such, the report indicates that a number of larger household banking institutions prohibit facilitating cryptoassets activity amongst their customer bases.
In the UK, cryptoasset exchange providers and custodian wallet providers have been in scope for the MLRs as of January 2020. Firms which fell within the UK supervisory remit were required to register for the FCA’s Temporary Registration Regime (“TRR”) in order to be eligible for FCA assessment. In December 2021 the FCA commented that a number of registered firms had been rejected by the FCA upon assessment as their systems and controls were not deemed commensurate to the risks they faced. As at February 2022 there were:
- 31 firms which have passed the FCA’s assessment. These are expected to deploy the same level of economic crime controls as other regulated counterparts in sectors such as banking, legal services and payments, and can equally be subject to the FCA’s supervisory tools, such as Voluntary Requirements Notices (“VREQs”) and skilled person reviews.
- 32 additional firms which remain on the TRR and unassessed. These firms are legally operating within the crypto sector but have not (yet) been assessed by the FCA as “fit and proper”. Also, outside of the TRR, there are reportedly circa 200 firms which are suspected to be trading in cryptoassets which are not registered in the UK for AML purposes. The economic crime controls of unassessed and/or out of scope crypto firms could be weak (or, worse, non-existent), thus creating a weak link in the UK’s defences.
The Treasury Committee calls for the UK’s Economic Crime Plan to set out that the UK legislative vision is for all cryptoasset firms to be registered for AML purposes to encompass the significant number of firms currently flying under the radar with seemingly minimal consequences. The Committee also urges the TRR process to be prioritised and expedited, and not (re)extended past the 31 March 2022 deadline, to bring the sector up to a common standard. It is not yet apparent what will happen to any of the 32 firms currently on the TRR which have not been assessed by the FCA by this deadline. However, the Treasury Committee clearly indicates that it expects quick and strict decisioning to be made to gain comfort with respect to the safety of the sector.
The Committee commends the Advertising Standards Authority and UK Treasury for its collaborative approach to introducing stricter advertising rules and standards with respect to crypto campaigns expected to come into force imminently. It is anticipated that such rules and standards will reduce consumer harm potential and level the playing field for investors.
Back to top
The use of companies in economic crime
Companies and criminal liability
The Treasury Committee Report reiterates that a key problem in the corporate criminal liability framework is the “identification principle”—a legal principle which provides that a company can only be made criminally liable by establishing that a person who was the “directing mind and will” of the company at the relevant time carried out the acts and had the necessary mental state. In practice this makes it difficult to prosecute a company of any size for some types of economic crime.
In relation to the reform of corporate criminal liability, the Treasury Committee, whilst acknowledging the legal complexity in this area, urges the Law Commission to proceed quickly with its review (the Law Commission published a discussion paper in June 2021 to decide whether the identification principle is fit for purpose and how to improve the criminal and civil law on corporate liability) and the government to respond promptly to the Commission’s recommendations.
The use of UK companies by economic criminals
The Treasury Committee Report notes that the UK is home to a large, highly regulated financial sector, which benefits from a low corruption environment. However, moving money through UK companies is likely to attract much less suspicion than directly using companies in secrecy havens. It is therefore attractive to sophisticated ML operations.
The report references the leaked FinCEN files, as an example in which UK incorporated companies featured prominently in complex/opaque schemes and suspicious transactions linked to criminal activity and ML. The Report notes some common typologies that were illustrated by the FinCEN files including, UK anonymous shell companies, nominee owners based in secrecy havens, and the use of ‘straw’ men and company formation agents.
The Treasury Committee also notes that the cost of company formation in the UK is very low compared to international standards –making it desirable for both criminals and genuine enterprises. The Treasury Committee recommend an increase in company registration fees since higher fees would not deter genuine entrepreneurs and would increase the revenue available to Companies House and the wider fight against economic crime.
The Treasury Committee Report acknowledges the importance of the Companies House reforms, and stresses that the reforms require not only changes to the law and powers relating to Companies House, but also transformation of its operations. The Treasury Committee ultimately welcomes the reform of Companies House as essential, but notes that the pace of change is too slow.
Beneficial Ownership of UK property and the Registration of Overseas Entities Bill
The Treasury Committee report notes that the Registration of Overseas Entities Bill was first drafted in 2018 but has not still been allocated any parliamentary time to allow it to pass into legislation. The Bill contains provisions to create a beneficial ownership register of overseas entities that own UK property. The ownership of some of the country’s most prestigious properties by overseas companies has generated significant publicity. Some have been connected to oligarchs and PEPs that have faced sustained and credible allegations of corruption.
The report highlighted that improving transparency of ownership of UK property is a key step that needs to be taken to improve the defences against the misuse of UK assets and companies by criminals and kleptocrats. The Committee urge the government to include a Registration of Overseas Entities Bill in the Queen’s Speech for the next parliamentary session.
Back to top
Consequences for the UK’s ‘first line of defence’
Financial institutions play a key role in the UK’s fight against financial crime, acting as the ‘first line of defence’. The Government’s focus on economic crime will only lead to more being asked of firms in developing a robust strategy which will help enhance the current approach to economic crime prevention. With an Economic Crime Bill likely to come into force in the near future, further requirements will be applied to firms, and following the report from the Treasury Committee, firms can expect more emphasis on how they can support the national fight against economic crime. Below we have illustrated some key actions which firms should consider on the basis of the Treasury Committee report. Although the report was not (for the most part) aimed at firms, in light of the constantly evolving economic crime environment, firms should seek to be proactive in order to allow them to successfully navigate the regulatory minefield.
- Horizon scanning – Firms should ensure that they pay keen attention to key regulatory and legislative developments on a continuous basis. Where the Treasury Committee report highlighted ongoing or proposed changes to the regulatory and/or legislative environment that are currently being discussed or consulted on, firms should ensure that they:
- keep appraised of the evolving discussions on such topics;
- understand what impact these would have on their own frameworks and risk profiles;
- what the timelines for any formal changes to regulation or legislation are; and
- what updates to their policies, procedures, systems, or controls need to be made.
- In light of the enhanced focus being placed on fraud prevention, firms should be prepared for greater regulatory scrutiny of their anti-fraud systems and controls. Firms should therefore be proactive in reviewing their fraud prevention frameworks to ensure they meet regulatory expectations and provide sufficient mitigation of the internal and external fraud risks (including those relating to online as well as traditional fraud methods) to which they are exposed.
- Given the difficulty facing the NCA in respect of SAR numbers, firms should ensure that pay close attention to the “Who, What, Where, When and Why” NCA guidance on submitting SARs, and provide additional training to staff (where required) to ensure that a higher quality of SAR is submitted and that they are not contributing to the continuing problem.
- Firms which deal with TCSPs should ensure their AML/CTF frameworks adequately consider the enhanced risks which such businesses pose.
- Firms should be prepared for the FCA to pursue criminal prosecutions for breaches of the MLRs. Firms should therefore ensure they pay close attention to the detail of relevant fines and court cases to enable them to monitor areas and controls that have been identified as being particularly weak across the industry. Firms should use the detail of the fines/cases to assess their own frameworks and ensure any similar risk areas are promptly mitigated.
- As more and more cryptoasset firms fall within the FCA’s supervisory remit, this may give rise to an elevation in AML standards in the sector and thus reduce the perceived risks associated with cryptoasset business relationships. However, other AML-regulated firms should remain cautious of which potential business relationships do or don’t fall into their risk appetite, especially given the abundance of legitimate and illegitimate cryptoasset firms operating outside of the AML-regulatory perimeter
- In light of the issues surrounding Companies House, firms should ensure that their AML/CTF frameworks:
- Include robust initial and ongoing due diligence on their customers, with a view to identifying and reporting any discrepancies between the information which they hold and the information held by Companies House
- Are sufficiently mature and comprehensive to consider that although a corporate customer may be registered/incorporated in the UK, the beneficial ownership chain may highlight enhanced risk factors which will need adequate consideration and risk mitigation measures.
How can BDO help?
BDO’s Economic Crime Advisory team work closely with firms across a wide range of sectors across both financial services and non-financial services. We have a deep understanding of our clients’ businesses and the specific environments in which they operate, enabling us to act as a strategic partner, providing clear advice which is both balanced and constructive.
We have experience in reviewing and helping firms across the end-to-end deal chain to enhance their economic crime frameworks, including risk assessments; due diligence measures; governance and training; and transaction monitoring controls. Our services range from providing consultancy services with respect to industry practices pertaining to control environment design and operation, developing and deploying training for all/any lines of defence as well as Senior Management; conducting financial crime framework remediation; and undertaking independent control framework reviews or gap analyses to provide tailored recommendations for increased alignment to regulatory requirements and expectations.
Therefore, please do not hesitate to contact a member of our Economic Crime Advisory team if you have any questions.
Get in touch
Back to top