1Who should read this chapter? This paragraph indicates the types of firm to which the material applies. A reference to ‘all firms’ in the body of the chapter means all firms to which the chapter is applied at the start of the chapter.
• ‘must’ where provisions are mandatory because they are required by legislation or our rules
• ‘should’ to describe how we would normally expect a firm to meet its financial crime obligations while acknowledging that firms may be able to meet their obligations in other ways, and
• ‘may’ to describe examples of good practice that go beyond basic compliance.
1 Firms should apply the guidance in a risk-based, proportionate way taking into account such factors as the nature, size and complexity of the firm. For example:
• We say in FCG 2.2.1G (Governance) that senior management should actively engage in a firm’s approach to addressing financial crime risk. The level of seniority and degree of engagement that is appropriate will differ based on a variety of factors, including the management structure of the firm and the seriousness of the risk.
• We ask in FCG 3.2.5G (Ongoing monitoring) how a firm monitors transactions to spot potential money laundering. While we expect that a global retail bank that carries out a large number of customer transactions would need to include automated systems in its processes if it is to monitor effectively, a small firm with low transaction volumes could do so manually.
• We say in FCG 4.2.1G (General – preventing losses from fraud) that it is good practice for firms to engage with relevant cross-industry efforts to combat fraud. A national retail bank is likely to have a greater exposure to fraud, and therefore to have more information to contribute to such efforts, than a small local building society, and we would expect this to be reflected in their levels of engagement.