What’s the connection between good governance and the Investment Firms Prudential Regime? IFPR looks to streamline prudential requirements for investment firms, shifting the focus away from the risks a firm faces and towards the potential harm it poses to consumers and markets. It covers a wide range of obligations, including capital requirements, liquidity requirements, governance, remuneration, reporting, and the Internal Capital Adequacy and Risk Assessment (ICARA). The rule changes require all investment firms to have robust governance arrangements, including: • clear organisational structure and lines of responsibility; • effective risk identification and management processes; and • adequate internal controls, including administration and accounting procedures. Risk mitigation is at the core of IFPR for which a firm’s management body is ultimately responsible. The management body, and any risk committee that has been established (now mandatory for larger firms), must determine the nature, the amount, the format, and the frequency of the information on risk that they are to receive. Ignorance is not a defence for senior executives overseeing prudential obligations. If senior managers are not receiving sufficient information to discharge their oversight responsibilities then they must demand change. The good governance models we see employed start with ensuring that everyone in the process understands their role in the identification, management and mitigation of risk. This includes the non-executive directors sitting on the Risk Committee. It is highly unlikely that this would be achieved with off-the-shelf e-learning courses. Every business is different and effective training programmes are tailored to each firm’s business model and the inherent risks that it faces. What are some of the most common financial crime trends you’re currently noticing? Phishing scams are on the increase and becoming more sophisticated over time. Phishing is a cybercrime in which a target is contacted by email, telephone or text message by someone posing as a legitimate institution to lure them into providing sensitive data or payment. It can often be difficult to distinguish a phishing email from a legitimate one. However, there are some established red flags that firms can share with employees to mitigate the risk of falling victim to this crime. Sanctions screening has historically been a relatively consistent aspect of a firm’s anti-money laundering controls. Yet, in recent months there has been a significant uptick in global sanctions targeting Russia and other countries involved in the invasion of Ukraine. This has stretched the resources of financial crime teams as they scramble to identify and respond to frequent sanctions updates. Many firms will have gone years without having a client sanctioned and the internal and external escalation processes would have been untested in those cases. Events like this show the importance of well-documented and up-todate policies and procedures. The good governance models we see employed start with ensuring that everyone in the process understands their role in the identification, management and mitigation of risk. This includes the non-executive directors sitting on the Risk Committee. Bank i ng & F i nanc i a l Se r v i ce s 30 Finance Monthly.