FinCrime End of Year Report

On Wednesday, FINTRAIL delivered a webinar on our “FinCrime End of Year Report: Lessons learned in 2021 and development points for 2022”. For those who weren’t able to make the session, here are our key takeaways:

2021 Key Learnings

The FCA sent a Dear CEO letter to retail banks in May 2021, highlighting actions needed in response to common control failings identified in anti-money laundering frameworks.  It noted common weaknesses in key financial crime areas, including: 

  • Governance and oversight including mature model with three lines of defence

  • Risk assessments covering all financial crime types beyond money laundering and fraud, and dynamic and effective customer risk assessment model

  • Due diligence including ongoing monitoring 

  • Transaction monitoring including tailored rules and thresholds

We noted that these control areas should be considered holistically, as failings in one area will affect the whole programme.  For instance, if you do not collect adequate due diligence information you cannot conduct effective ongoing monitoring.  

While this letter was addressed to retail banks, the findings are also relevant to the digital financial sector, and align with FINTRAIL’s findings from audits and health checks of FinTechs conducted in 2021.  The areas we most frequently identified as areas for improvement were:

  • Due diligence (including enhanced due diligence)

  • Screening

  • Audit, quality assurance and quality control

  • Governance and oversight 

Transparency International UK published a report in December 2021 on the money laundering risks of e-payment firms, which said that the payments industry could become a “major gateway” for illicit funds.  In FINTRAIL’s view, many of the risks highlighted are not unique to e-payment firms, and are faced by the whole financial sector.  However, the report did highlight specific risks around the regulatory oversight of e-payment firms, and lack of due diligence on their owners and senior managers.  We discussed the importance of the ‘tone from the top’ and the right compliance culture, and how a firm with compromised or criminal owners could be used to facilitate financial crime schemes.  There is a clear need for the regulator to conduct suitable due diligence on owners and senior managers of firms applying for e-payment licences.  


Technology and automation remained a hot topic in 2021, both in terms of the growth of digital banking and in the financial crime space.  We reflected on the growth of the regulatory technology (RegTech) space, including greater adoption by conventional financial institutions, and the consolidation of the market through acquisitions.  We also discussed how regulators and international bodies recognise the potential benefits of technological adoption but are also highlighting the risks.  Firms must adhere to regulatory guidance, and must understand how their technology works and how to identify any gaps or weaknesses.  Additionally, the FCA published a paper in 2021 on Implementing Technology Change which considered the need for good governance around the use of technology and outsourcing, and the potential impact of failures on customers.  Firms must consider not just if but how to deploy technology, and how to fuse it successfully with human expertise.

2022 Focus Areas:

  • Effectiveness: Industry bodies and regulators including the FCA and FinCEN have increasingly promoted the idea of focusing on the effectiveness of financial crime controls.  The Wolfsberg Group followed up its earlier Statement on Effectiveness with a paper on Demonstrating Effectiveness in June 2021.  This offered practical guidance on how firms should assess risk in defined priority areas and demonstrate the effectiveness of their AML programmes in tackling them.  While there is no regulatory obligation at this stage, measuring and demonstrating effectiveness is likely to be a focus area for regulators in 2022, and financial institutions should start considering how to articulate it.

    The European Banking Authority (EBA) has launched EuReCA, a central EU database containing information on material AML/CTF weaknesses identified in individual financial institutions.  This offers further encouragement for firms to ensure their controls are robust and effective, to avoid the ‘naughty list’.

  • Financial inclusion and the effects of de-risking: The Financial Action Task Force (FATF) issued a paper on Mitigating the Unintended Consequences of the FATF Standards in October 2021, which focused on financial exclusion, de-risking, the undue targeting of non-profit organisations (NPOs), and curtailment of human rights.  There is a clear tension between reducing financial crime risks and ensuring equal access to financial products, affecting both individuals (e.g. migrants, those without a fixed address) and entire sectors.  The EBA also issued an opinion last year on the consequences of de-risking, clarifying that EU AML.CTF laws do not require firms to refuse or terminate business relationships with entire categories of customers they deem high risk.  The UK Treasury Committee’s Economic Crime Report, published on 2 February 2022, recommends the FCA reports annually on numbers of de-risking decisions and on progress to ensure that banks are not unfairly freezing bank accounts and de-risking customers.  

    Firms are not obliged to offer services to those they deem outside risk appetite, but should be aware of the implications of risk appetite decisions and make conscious decisions regarding inclusion and fair treatment.  We recommend firms think through their risk appetite carefully, rather than automatically avoiding high-risk customers, as  regulators may start asking them to fully justify de-risking decisions.  FINTRAIL has partnered with Tech Nation as part of FinClusion 2021 to issue the FinCrime Principles of Inclusion which provides valuable guidance for designing inclusive FinCrime controls.

  • Humans versus machines: FATF published a paper on the ‘Opportunities and Challenges of New Technologies for AML/CTF’ in July 2021, which promoted the use of new technologies, but also urged firms to consider how to balance automation with human input and oversight.  It stressed that manual review and human input remain hugely important.  Regular audits and explainability is key, with firms able to explain how their technology works, and continuously confirming that it is operating as expected.



To stay up-to-date with regulatory developments, news and key reports, sign up to our newsletter and receive our monthly regulatory recap - the FINTRAIL RegCap (www.fintrail.com

To understand whether your FinCrime programme is developed and mature enough to meet the meets of your business and current regulatory expectations, please speak to us about our Maturity Matrix and audit/health check services.

And if you would like any other support, or to discuss any of the topics discussed, please do get in touch with us at contact@fintrail.com.  

Free resources

Access free resources designed to help strengthen your anti-financial crime controls.

Partner with us

We love to support projects that combat financial crime -
get in touch to find out more.