The Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) have sent a letter to CEOs of firms it has identified as carrying out trade finance business. According to the regulators, recent assessments have highlighted "several significant issues relating to both credit risk analysis and financial crime controls" which exposed firms to "unnecessary risks that are material in both a conduct and prudential context."

Risk assessment

The first area the regulators focus on is firms' insufficient focus on conducting risk assessments to identify financial crime risk factors, including whether dual-use goods are involved or evaluating fraud risk. In general the regulators observed that where done, risk assessments were too generic, or inadequately documented rationale for conclusions on residual risk. In some cases firms failed to adequately identify risks or improperly discounted risks. Therefore firms should:

  • consider the risks presented by the specifics of the transaction itself including any apparent transaction specific “red flags”
  • undertake a holistic assessment of all associated financial crime risk including: sanctions evasion, money laundering, fraud and terrorist financing
  • ensure the MLRO undertakes appropriate governance, check and challenge of the risk assessment
  • clearly document the assessment within the business-wide financial crime risk assessment
  • identify the types of customers or transactions where enhanced due diligence is needed

Counterparty analysis

The regulators identified instances where firms had facilitated transactions without conducting adequate due diligence or demonstrating an understanding of the nature and purpose of transactions. Therefore firms should:

  • set out clearly in policies and procedures when it is appropriate to conduct due diligence on other parties, noting that such checks can help to identify related parties or adverse media, and to verify the rationale for the transaction.
  • consider whether the activity is in line with the expected activity of the firm’s client and previous interactions with the parties to the transaction.

It is unclear in this observation the extent to which the regulators expect firms to conduct CDD (customer due diligence) as it's defined in the Money Laundering Regulations to other "counterparties" to a transaction (not meeting the definition of “customer”), but some of the language used seems to indicate that similar checks may be warranted where there are indicators of fraudulent activity, collusion or money laundering. In particular, firms should be wary of facilitating transactions "with no sensible business rationale given the jurisdictions, or industry of other parties involved in the transaction."

In terms of credit risk, firms should carefully evaluate repayment terms and consider options in the event on non-repayment.

Next steps

The regulators have said that they may ask to see the risk assessment and any follow-up action undertaken as a result in future engagements with the firm.

Firms should also ensure there are adequate policies and procedures with requirements to:

  • identify instances of higher risk which require enhanced due diligence
  • consider the financial and non-financial risk on the end-buyers and the rationale for the transaction
  • ensure there is adequate oversight of implementation of policies and procedures (e.g. whether transactions are adequately reviewed, risks recorded or discounted, escalations and approvals)