Skip to content

FCA's Recent Warning: AML Controls Under Scrutiny

Summary of Development

Go grab a coffee - we need to chat about this very recent alarm bell being sounded by the FCA!
Yesterday, 5th March 2024, the regulator dropped a very important 'Dear CEO' letter placing the AML setups of Annex 1 financial institutions (including payment services firms) firmly in the spotlight. Annex 1 firms are those supervised by the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLRs). The letter is far from sunshine and lollipops when it comes to how some firms are handling AML controls. There are some very serious weak spots, and it's perhaps time for a reality check. 

Now, no need for panic stations exactly, but it is a wake-up call for all financial services firms. The FCA wants you to take a closer look at your AML framework - something many firms would be wise to do.
The letter stresses the need for solid policies and controls to tackle money laundering, terrorist financing, and proliferation financing, collectively called "Financial Crime." The FCA did some checks and found common weak spots in things like business plans, risk assessments, and how firms do due diligence.

Common Hiccups:

•    Business Plans: Discrepancies between registered and actual activities, and falling behind on controls            as  firms grow.
•    Risk Assessments: Weak Business Wide Risk Assessments (BWRA), and not doing so hot on Customer        Risk Assessments (CRA) either. 
•    Due Diligence, Monitoring, and Policies: Policies being too vague, causing confusion for staff. No clear            roadmap for Simplified CDD and EDD measures. Missing paperwork relating to suspicious activity.
•    Governance, MI, and Training: Not enough resources for fighting Financial Crime. Staff not getting the            right Financial Crime training. Losing track of decisions made about Financial Crime.

What They Want You to Do:

The FCA want firms to take necessary steps to gain assurance that their AML controls, policies and procedures are in line with business risk. This includes: 

•    Completing a gap analysis within six months of the date of the 'Dear CEO' letter. 
•    Remediating any findings.
•    Ensuring a Senior Manager is responsible for keeping an eye on the gap check, and that it is completed        promptly. 

It is most likely that the FCA will ask for results and complete check-ins later, including requests to provide details of the gap analysis and the progress of any remediation. So it would be foolish to ignore this important call to action.