City with building

Financial crime control gaps


Following the receipt of a ‘Dear CEO’ letter the UK regulator, FCA, had sent out to all financial institutions voicing concerns about financial crime controls, our client, a medium sized challenger bank conducted an internal audit review in conjunction with a big four consultancy. It unearthed concerns about controls and the fact they needed enhancement to ensure they were fit for purpose to protect the bank and its clients from financial crime.

The main areas of concern were around business wide financial crime risk assessment (BWFCRA) and customer risk assessment (CRA). The client was looking for a short, focused piece of work, without compromising quality to meet the deadlines imposed by the FCA’s letter.


Valcon was brought in due to its extensive financial crime experience, track record and ability to design, document and conduct both BWFCRA and CRA in line with regulatory requirements and internal standards and policy frameworks. The risk assessments Valcon conducted were bespoke and met the needs and complexity of the client’s customers, products and services.

Valcon evaluated the existing approach and then developed a strategy to cover the two areas. With the BWFCRA, they evaluated the current model, agreed the future model and designed and built an approach in line with the risk frameworks. Valcon worked with client controls and the IT teams to get ready for go live. The Valcon team also prepared all documentation for review and ensured internal standards were met.

Valcon conducted a similar process for the CRA – evaluated the model that was in place, agreed the future model and then designed and built the CRA approach, which included data sample and modelling results.

Valcon provided a breakdown of requirements, defined the roles, responsibilities and outputs. Valcon also documented a step-by-step process document to allow the client to conduct these risk assessments as business as usual (BAU), along with pointers on how they could be developed over the coming years to further enhance the output.


Confidence in regulatory adherence: with the compliance risk assessments, the methodology was reconciled back to the regulatory requirements giving the bank the confidence they are being met.

Ongoing improvement: Valcon’s view and plan on takes in how to evolve the risk assessment over the coming years to deliver ongoing efficiency in the process and approach.

Case Studies