There is never a dull year in anti-financial crime, and 2023 was certainly no exception. From the introduction of the UK’s Economic Crime Bill, to new crypto laws including the EU’s regulation on markets in crypto-assets (MiCA), a global raft of sanctions against Russia, and legislative attempts to rein in the global fraud pandemic, there’s been plenty to keep on top of.
It’s early days, but there seems no reason to believe 2024 will be any different. We are already aware of several pieces of legislation due to come into effect this year, and various regulators have clearly signposted their current areas of focus via guidance notices and consultations with the industry. So let’s read the tea leaves and see what financial institutions can expect in 2024!
FINTRAIL held a webinar on financial crime trends for 2024, and asked the audience what their main areas of focus were for the year ahead. This is how they responded at the end of the session.
Poll: What are your priorities and main areas of focus for 2024? Please select all applicable answers.
Fraud
Fraud is big global news. In the UK, for example, criminals stole over half a billion pounds in the first six months of 2023 alone¹. Traditional methods of deception are as popular as ever, and are being complemented by increasingly sophisticated cyber-attacks and intricate social engineering schemes.
While regulators everywhere are acutely aware of the issue, the UK is leading the way in terms of a regulatory response. In 2023, the Payment Services Regulator (PSR) undertook a multi-pronged approach to reduce authorised push payment (APP) fraud within the Faster Payments System, which is due to continue into 2024. Here’s what to look out for:
New mandatory reimbursement requirements, announced in June 2023, are due to come into effect in October 2024. These will require both sending and receiving payment institutions to reimburse all victims of APP fraud in full based on a 50/50 split, with limited exceptions for fraud or gross negligence. Read more in our blog here.
In 2024 the PSR will be publishing “league tables” of performance on APP fraud in 2023. Last year’s report on 2022 data called out inconsistent outcomes for victims, and highlighted that certain receiving institutions took in a disproportionate volume of funds derived from APP fraud. Expect to see more scrutiny of these areas in the 2024 report. Read more in our blog here.
The coverage of the Confirmation of Payee scheme will be extended in October 2024, with all financial institutions that participate in Faster Payments or CHAPS required to implement the tool.
In other fraud news:
The UK government launched its national Fraud Strategy in May 2023, which aims to reduce fraud by 10% on 2019 levels by December 2024. The various measures announced under the strategy - such as a new national fraud squad, replacing Action Fraud with a new reporting system, cracking down on abuse of the telephone network, and engaging the tech industry - are ongoing. Separately, the Home Affairs Committee inquiry into fraud launched in September 2023 will publish its results sometime this year.
The FCA issued several guidance documents² on fraud in 2023, which implicitly set out what firms will be judged against in 2024. The guidance highlighted issues with detecting and preventing money mules due to poor onboarding controls, transaction monitoring, training and governance; poor complaint handling; and poor understanding and response to customer vulnerability.
A new corporate failure to prevent fraud was introduced in 2023 as part of the Economic Crime and Corporate Transparency Act. The offence is expected to come into force once the government has published guidelines in Spring 2024.
Anti-fraud measures are also being taken in other jurisdictions, albeit not at the same scale as in the UK.
In the EU, the introduction of PSD3 revisions forecast for late 2024 will extend IBAN/name matching verification to all credit transfers, introduce an obligation for payment service providers (PSPs) to increase awareness of payment fraud among customers and staff, and establish a legal basis for PSPs to share fraud-related information in full respect of GDPR via dedicated IT platforms.
In the US, federal requirements to report company ownership to FinCEN’s Beneficial Ownership Information Registry went live on 1 January 2024, pursuant to the 2021 Corporate Transparency Act. It is hoped this will increase corporate transparency and help reduce fraud.
While there is no proposal on the horizon in the US for an accountability model or a common reimbursement scheme, the biggest US banks decided to begin refunding Zelle scam victims last year, a trend towards collective action which we could see reflected elsewhere alongside a push for greater consumer protection.
Sanctions
The various geopolitical events of 2023 played themselves out in the sanctions world, with new legislation and designations issued in relation to Russia, Hamas, Sudan, Iran and others. Human rights violations, narcotrafficking and crypto scams were also all in the spotlight.
OFSI’s annual report for the financial year 2022 to 2023, published in December 2023, revealed that despite imposing “the most severe sanctions the UK has ever imposed on any major economy”³ on Russia, recording 473 suspected breaches and opening 172 investigations by April 2023, there has so far been zero enforcement for post-February 2022 sanctions breaches in relation to Russia. We predict 2024 will be a more active year for enforcement, as some of those investigations bear fruit.
We also predict continuing cooperation between OFSI and the FCA, with the former focusing on enforcement and the latter on ensuring effectiveness. The FCA conducted a targeted assessment of firms’ sanctions controls in 2023 and shared the good and bad practices observed⁴, which will likely form a benchmark for regulatory reviews in 2024.
In the EU, we predict a push towards standardised enforcement across member states in 2024. We understand states with a “less mature” track record of sanctions enforcement are being given firm instructions to up their game, as well as training and guidance to help them do so.
In the US, we predict more of the same from OFAC in terms of the nature of sanctions regulations and enforcement, with the upcoming presidential election likely to shape the strategic priorities.
In December 2023, OFAC issued an Executive Order expanding the US’s ability to target financial institutions outside of Russia that facilitate transactions involving Russia’s military-industrial base. We should see in 2024 how the US intends to use this new measure and whether it will be a significant weapon in its sanctions arsenal, and which Russia-tolerant countries are in the crosshairs.
PEPs
In 2023 the concept of Politically Exposed Persons (PEPs) entered the public consciousness in the UK like never before, with the scandal surrounding the closure of Nigel Farage’s bank account at Coutts and a subsequent review by the FCA into whether PEPs are being routinely denied access to financial services.
Meanwhile we saw corruption scandals involving PEPs continue to emerge around the world, including two former Latin American presidents censured by the US government over allegations of corruption, a procurement scandal in the Ukrainian Ministry of Defense, ongoing revelations about the UK government’s awarding of contracts during the Covid-19 pandemic, and many more!
Here’s what’s new for 2024:
In the UK, new legislation came into effect on 10 January 2024 amending the Money Laundering and Terrorist Financing Regulations and mandating that the starting point for assessing the risk posed by domestic PEP clients is lower than non-domestic PEPs. Read more in FINTRAIL’s blog here.
The FCA’s review of how financial institutions manage PEP clients, launched in September 2023, is due to be published in June 2024. It will cover how PEPs are defined, how their risk levels are assessed, whether firms are carrying out risk-based and proportionate enhanced due diligence, and how firms take decisions to reject or close PEP-related accounts.
In similar moves in the Netherlands, the Dutch Banking Association and the Dutch Central Bank have announced that Dutch banks are also now expected to focus on individual customers’ actual risk profile and to take less invasive due diligence measures for lower-risk PEP clients.
How we can help
At FINTRAIL we help banks, payments institutions, e-money institutions, virtual asset service providers (VASPs) and other regulated institutions around the world to reduce their exposure to financial crime and ensure regulatory compliance. We do this through the provision of the highest quality consultancy services, based on deep sectoral experience and pragmatism.
We offer support through:
If you would like to discuss any of the topics raised above, or need help enhancing your anti-financial crime programme or ensuring your team is ready for the year ahead, please do get in touch.