At a glance

FCA warns firms over AML failings

  • Insight
  • 12 minute read
  • March 2024

The  FCA issued a Dear CEO letter to Annex 1 firms on 5 March 2024. The letter sets out the actions required to resolve common control failings found in AML frameworks. There are approximately 1,000 Annex 1 firms which include some lenders, safe custody providers, money brokers and financial leasing companies. The firms are registered and supervised by the FCA for the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs).

The FCA expects the firms to assess their financial crime controls against the common weaknesses within six months and resolve any failings as soon as reasonably possible.

What does this mean?

As part of its supervision work, the FCA has undertaken assessments of Annex 1 firms’ financial crime policies, controls and procedures. The letter outlines the key common weaknesses the FCA’s assessment identified and further requirements.

Business models

The FCA notes discrepancies between firms’ registered and actual activities, and the lack of financial crime controls to keep pace with business growth. Firms are required to notify the FCA of any changes within 30 days. Senior managers must consider the size and nature of firms’ businesses when assessing and implementing policies, controls and procedures to ensure they remain appropriate for the size of their business at all times.

Risk assessment

According to the FCA’s assessment, certain firms did not have a business-wide risk assessment (BWRA) in place or it was lacking sufficient detail. Some firms failed to tailor customer risk assessments (CRA) towards individual customer characteristics, and instead assigned a level of risk to a group of customers. Firms should review and update their BWRA and CRAs to identify, mitigate and control risks, as well as ensure regulatory compliance against MLRs.

Due diligence, ongoing monitoring, and policies and procedures

Based on the FCA’s assessment, some firms lacked sufficient detail in policies and procedures, creating ambiguity around actions staff should take to comply with their obligations. The FCA expects firms to ensure they have clear and up to date policies and procedures in place at all times.

Governance, management information and training 

The FCA noted a lack of resources for financial crime, inadequate financial crime training for staff, and the absence of a clear audit trail for financial crime-related decision making. In some cases, financial crime was considered on an exceptional basis in senior management meetings, rather than a standing agenda item.

The FCA expects senior management to take clear responsibility for managing financial crime risks, actively engage in firms’ responses and record those appropriately. Firms should also ensure that staff are aware of the related legislative and regulatory obligations. Depending on the size and nature of the business, firms must also establish an independent audit function with the responsibility to examine and evaluate the adequacy and effectiveness of financial crime policies, controls and procedures.

The FCA is likely to request firms to provide findings from their gap analysis, evidence of the actions taken to address the gaps identified. Firms must demonstrate progress with any remedial work and testing, to show that the policies, controls and procedures are effective and working as intended.

What do firms need to do?

Annex 1 firms should undertake a gap analysis of their financial crime controls by summer 2024.

Annex 1 firms should take all necessary steps to remedy any failings as soon as reasonably possible.

Annex 1 firms should be prepared to demonstrate their analysis and the actions taken to the FCA when requested.

The latest Dear CEO letter is yet another reminder from the FCA of its increasing focus on financial crime prevention. Annex 1 firms should expect the FCA’s enhanced monitoring to continue, but the themes and messages are relevant to all authorised firms.

The regulator expects firms to complete a gap analysis against each of the common weaknesses outlined, within six months. Firms should prioritise the work on gap analysis and ensure that it is completed in a comprehensive and robust manner. The senior managers responsible should have the adequate seniority and experience to effectively carry out the analysis. 

Firms should ensure that all activities, findings and remedy actions are clearly documented, shared internally and acted upon as soon as reasonably possible.

“This Dear CEO letter continues the FCA’s theme that firms need to do more to combat financial crime and that there remain consistent control weaknesses that firms must address.”

Ben Luddington
PwC Director

Next steps

The FCA expects all Annex 1 firms to assess their financial crime controls within the next six months, and will continue to monitor firms.

Contacts

Ben Luddington

Director, PwC United Kingdom

+44 (0)7764 958062

Email

Laura Talvitie

Digital Assets Regulatory Lead, London, PwC United Kingdom

+44 (0)7483 304630

Email

We unite expertise and tech so you can outthink, outpace and outperform
See how
Follow us