Challenger banks must improve how they assess financial crime risk following a review by the U.K. Financial Conduct Authority (FCA) that found some fail to carry out even basic customer checks.

The FCA found some new entrants to the sector did not bother to review customers’ income and occupation. In some instances, the regulator found challenger banks did not even have customer financial crime risk assessments in place.

The review, conducted over 2021, followed a national risk assessment of money laundering and terrorist financing carried out in 2020 that suggested criminals might be attracted to the fast onboarding process challenger banks advertise, particularly when setting up “money mule” networks to facilitate money laundering.

Challenger banks have already been on the FCA’s radar over increased money laundering risks because of the sector’s typical focus on using smarter technologies to facilitate transactions more quickly, easily, and cheaply while neglecting to put procedures in place to ensure they are compliant.

In a statement, Sarah Pritchard, executive director of markets at the FCA, said, “Challenger banks are an important part of the U.K.’s retail banking offering. However, there cannot be a trade-off between quick and easy account opening and robust financial crime controls. Challenger banks should consider the findings of this review and continue enhancing their own financial crime systems to prevent harm.”

The review of financial crime controls focused on challenger banks that were relatively new to the market and offered a quick and easy application process. This included six challenger retail banks primarily consisting of digital banks and covering more than eight million customers, the FCA noted.

The review covered governance and management information; policies and procedures; risk assessments; identification of high risk/sanctioned individuals or entities; due diligence and ongoing monitoring; and communication, training, and awareness.

While the regulator found some evidence of good practice—for example, innovative use of technology to identify and verify customers at speed—the number (and scale) of failings was significant.

The FCA found the resources used to fight financial crime often did not increase in line with business growth, while some challenger banks were not consistently applying enhanced customer due diligence or documenting it as a formal procedure to apply in higher risk circumstances—for example, when managing politically exposed persons.

Some banks had customer risk assessment frameworks that were not well developed and lacked sufficient detail, and some did not even have a customer risk assessment in place, the FCA stated.

The regulator also found ineffective management of transaction monitoring alerts and weaknesses in the effective management of financial crime change programs, meaning banks’ internal control frameworks were unable to keep up with changes to business models (as well as risks).

The FCA also had concerns about the rise in the number of suspicious activity reports (SARs) reported by challenger banks and the quality of the reports themselves. For example, some banks provided transactional data without clarifying why the transactions were suspicious, while some SARs were incorrectly used to report fraud and/or send information about offenses other than those linked to the proceeds of crime.

The challenger banks where the FCA identified material issues have established remedial programs to address the regulator’s concerns following its review. The FCA said it has also used a range of regulatory tools, including appointing skilled persons, to mitigate the risks it identified.

Financial crime experts were not surprised at the FCA’s findings.

“There is a need to dig deeper rather than just tick boxes,” said Neil Williams, deputy head of complex crime at law firm Reeds Solicitors.

The FCA’s announcement last week it had used its powers under the Proceeds of Crime Act to force fintech firm QPay Europe to forfeit 2 million pounds (U.S. $2.5 million) alleged to be linked to a U.S.-based wire fraud conspiracy shows that “there is likely to be increased regulation of the fintech/challenger bank sector as it develops further,” according to Matthew Corn, serious crime specialist at criminal defense firm Olliers Solicitors.

Sara George, a white-collar crime partner at law firm Sidley Austin, added the QPay case, as well as the FCA’s review, “is a salutary lesson to fintech and challenger firms not to apply to be regulated if they do not have robust anti-money laundering (AML) controls.”

Sean Curran, partner at law firm Arnold & Porter, said challenger banks need to put compliance first. He added this could be at the expense of their business models.

“The nature of [know your customer]/AML checks has evolved significantly over the past couple of years, especially with the increase in non-face-to-face verifications,” he said. “This has meant firms within the sector have had to tight-walk between ensuring the commercial viability of the business versus the need to have robust financial crime controls in place.”