The FCA’s recent review of insurers’ financial crime controls highlights important findings for retail, wholesale, and life insurance firms. A selection of the largest firms were asked to submit documents in response to 38 questions across ten groups of financial crime controls.
Overall, the regulator found that financial crime frameworks are generally in place but not always sufficiently embedded in practice. For insurers, the challenge is therefore to demonstrate that their financial crime controls work across real-world risks, spanning business units, products and third-party relationships.
What sits behind the financial crime controls review findings
The regulator’s findings reflect a familiar theme which has appeared across recent communications. While many firms have controls in place, they are not always tailored, evidenced or embedded in ways that show how financial crime risk is being mitigated. This means a shift in tone to not whether frameworks exist, but whether they work in practice. For insurers, that means recognising how risk varies across products, distribution models and third-party arrangements.
Five important next steps for insurance firms to consider moving forward include:
1. Grounding risk assessments in business reality
Where risk assessments are overly high-level, it can become difficult to show how specific risks are identified, assessed and mitigated.
It’s important for insurers to be able to demonstrate why particular risks are relevant, how they vary across the business and how conclusions are supported by a clear rationale aligned to operations. Linking risk to the controls designed to address it is a crucial step.
2. Making due diligence decisions clear and defensible
Due diligence is central to financial crime controls, but it often relies on judgment in practice. Where that judgment is not supported by a clearly defined and consistently applied framework, it can lead to variation across the business.
This is particularly evident in lower-risk areas where firms may take a proportionate approach. Stronger frameworks in this instance will typically set out how customer risk has been assessed, what level of scrutiny is required depending on the scenario and when further escalation is required.
3. Translating policy into operational controls
Financial crime risk in insurance typically spans multiple functions. Without clear, content-specific guidance, even well-designed controls can be applied inconsistently across different operational areas – and this is often where gaps emerge.
For instance, policies may exist at a high level, but without practical direction it can become harder for teams to apply them consistently. It’s therefore important for insurers to be able to demonstrate how policies translate into day-to-day processes – including what actions are expected, what evidence should be retained and how issues are identified when they happen.
4. Strengthening governance and oversight
Effective financial crime controls rely on governance that provides clarity on both accountability and oversight. This can become more complex where multiple business units, legal entities or third parties are involved. In such cases, clarity of ownership is critical to demonstrate that controls are both applied and challenged appropriately.
A successful approach to take is to link financial crime obligations to specific controls and accountable owners, supported by management information (MI) that provides a clear view of how effectively these controls are operating.
5. Treating third party oversight as part of controls
Third parties are often integral to an insurance firm’s operating model – but outsourcing does not reduce a firm’s regulatory responsibility for managing financial crime risk. In such instances, the effectiveness of controls depends on how well those relationships are defined and overseen in reality. This includes clarity on responsibilities, information sharing and performance expectations. Recognising that not all third parties carry the same level of risk is key – oversight should be proportionate, with more structured monitoring and escalation where exposure is higher.
A broader shift in expectations
Taken together, the FCA’s findings point to a consistent issue. Financial crime controls are generally established but they are not always demonstrated in a way that reflects how firms actually operate. Therefore, the focus is now on how different elements of the framework connect and whether firms can evidence that they are working effectively together. That means linking risk assessments, due diligence, governance and third-party oversight into a cohesive framework, rather than treating them as standalone components.
For many insurers, the priority is not introducing new controls but instead, testing and evidencing those already in place. That includes demonstrating how decisions are made, how approaches are applied and how issues are identified and reacted to.
Access the right expertise when it matters
Effective delivery depends on having the right expertise and capacity in place across your organisation and teams.
Whether it’s strengthening oversight or embedding more consistent approaches, financial crime capability gaps can slow progress and make it harder for firms to evidence outcomes.
Momenta provides experienced financial crime professionals who can integrate into existing teams at pace, strengthening delivery and helping firms demonstrate how controls operate.
Get in touch today to understand how our on-demand expertise can strengthen your financial crime framework.
