Reporting on financial crime: the FCA introduces the new REP-CRIM

In December 2015, the FCA consulted on its proposed introduction of an annual financial crime return (REP-CRIM), intended to replace ad-hoc data collection of financial crime risks with risk-sensitive, targeted supervision. On 29 July 2016, the FCA published a Policy Statement that responds to the largely positive feedback received from the industry and publishes the final rules and guidance notes for reporting. In our view, the FCA has constructively revised its initial consultation draft: removing the reporting burden on smaller firms, lengthening the timeframe for submissions, and providing clarity on the scope and extent of reporting obligations.

Which firms are required to submit a REP-CRIM?

Firms that are subject to the Money Laundering Regulations (MLRs), including banks, building societies and investment firms, will be required annually to submit a REP-CRIM for the areas of their business subject to the MLRs. The format of the REP-CRIM will be specified in Annex 42AR, Chapter 16 of the FCA’s Supervision Manual (SUP), and the form must be submitted online using the FCA’s Gabriel system. The FCA has stressed that any disclosure will not trigger the “tipping off” offence in the Proceeds of Crime Act 2002, as the defence in section 333D (disclosure to the relevant supervisory authority) would apply.

General insurers, general insurance intermediaries and credit unions are not required to submit returns, at least initially, although general insurance firms are expected to fall within the scope of the rules at a later date. For proportionality reasons, retail investment intermediaries, mortgage intermediaries, investment firms, consumer credit firms and electronic money institutions with total revenue of less than £5m are also exempt from reporting.

When must a firm submit a REP-CRIM?

The reporting obligations take effect from 31 December 2016, and will require affected firms to submit a REP-CRIM within a submission period of 60 business days from year end. This deadline was extended from a proposed 30 day remittance period in response to industry concerns. For firms with a 31 December year end, the first REP-CRIM will now be due in March 2017, not mid February. The FCA requests that firms submit their REP-CRIM on a “best endeavours” basis for the first reporting period. As a result, the FCA will not provide an aggregated view of the data until the 2017 reporting cycle.

What changes has the FCA made to the REP-CRIM?

The FCA’s final reporting rules have responded to industry feedback by specifying the scope of reporting for groups and multi-jurisdictional entities, explaining key definitions, and providing flexibility in the reporting of fraud. In particular, reporting firms:

• have the option to submit on a group or single regulated entity basis
• need only provide information about the jurisdictions in which the firm operates, or has assessed and classified as high risk, within the last two years
• may apply their own definition of “Politically Exposed Persons” (PEPs) when reporting on PEP relationships
• must apply the definition of “customer” and “client” in the FCA’s Handbook when reporting on these types of relationships
• may report on consent SARs in a number, rather than a percentage, format
• must provide data only on staff with specific financial crime roles
• may confine sanctions reporting to customer screening information (not payment screening information), and
• may choose whether to answer questions regarding the prevalent types of fraud they have experienced.

The full guidance notes for firms completing the REP-CRIM will be located in Annex 42BG to Chapter 16 of SUP.

Conclusions

From 2017, approximately 1,400 firms will be required to prepare a REP-CRIM annually, providing the FCA with regular, accurate and consistent financial crime data. The FCA anticipates that implementation of the REP-CRIM will promote efficient and effective use of its resources, ensure firms are accurately categorised for risk, and enable proactive trend analysis and identification of risks.

Additional reporting requirements will place a substantial financial toll on the private sector, especially at the time of implementation. Nonetheless, the broadly supportive response to the REP-CRIM indicates that industry, too, on the whole welcomes regular data collection on financial crime and a targeted supervisory approach in consequence.