- 7 minutes read
FCA’s Dear CEO Letter: A Message on AML Control Failings
On March 5, 2024, the Financial Conduct Authority (FCA) issued a significant communication to Annex 1 firms. This directive outlines necessary actions to address prevalent control deficiencies within Anti-Money Laundering (AML) frameworks. Annex 1 firms, numbering approximately 1,000, encompass various entities such as lenders, safe custody providers, money brokers, and financial leasing companies. These entities fall under the purview of the FCA and are subject to supervision in accordance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs).
In response to identified shortcomings, the FCA has mandated Annex 1 firms to evaluate their financial crime controls, focusing on four common control weaknesses, by September 2024. Below, we summarise the FCA’s observations and highlight examples of corresponding gaps identified through our collaboration with Annex I financial institutions.
Identified control weaknesses
Business Model:
The FCA identified the following weaknesses concerning firms’ business activities and the development of financial crime frameworks alongside business growth.
- Discrepancies between registered and actual activities: Firms are responsible for updating the FCA with any changes to their activities within 30 days of the change. Any discrepancies and/or delays in reporting changes to business activities may indicate a failure to align with regulatory requirements.
- Failure to develop Financial Crime frameworks in line with firms’ rapid business growth. The FCA concluded, for some Annex 1 firms, financial crime policies, procedures and controls have not kept pace with the size and complexity of the business, resulting in an inadequate financial crime framework. This shortfall poses a substantial risk, indicating a potential gap in understanding, preventing, and detecting illicit financial activities linked to money laundering (ML), terrorist financing (TF) and proliferation financing (PF).
Risk Assessment:
The FCA noted poor practices in Business Wide Risk Assessments and Customer Risk Assessments including:
- Business-Wide Risk Assessments (BWRA) are sometimes completely absent or insufficiently documented, preventing firms from having a clear and comprehensive view for evaluating the applicable ML, TF and PF risks and being able to develop appropriate mitigating controls. The FCA explained that firms should review and update their risk assessment methodologies and assessments to help ensure the appropriate risks are identified and assessed, and that the results are used to inform risk-based policies, procedures, and controls.
- Some Customer Risk Assessments (CRA) are not tailored toward individual customer characteristics, such as the nature of business relationships or the jurisdiction of business operations. The FCA explained that CRAs should help enable firms to take a holistic view of the risk associated with the customer and enable firms to apply the appropriate level of due diligence to manage the risks identified.
Due Diligence, Ongoing Monitoring, and Policies and Procedures:
The FCA found that customer due diligence (CDD) policies and procedures often lack sufficient detail and are outdated, resulting in ambiguity regarding the actions staff should undertake to adhere to their obligations under the Money Laundering Regulations (MLRs). The FCA’s letter explains that firms should review their policies and procedures to ensure clear guidance is provided to staff to ensure compliance with the MLRs.
Governance, Management Information, and Training:
The FCA identified weaknesses across financial crime team resourcing, training, and governance:
- Inadequately resourced financial crime teams, including a lack of appropriate senior management oversight, were identified, indicating a potential lack of commitment and priority in combating financial crime within the firm.
- Lack of emphasis on financial crime training was noted, with crucial topics not being covered and minimal role-specific training provided, raising concerns about the competence of staff in recognising and addressing potential financial crime risks. The FCA require firms to provide employees with regular appropriate training in how to recognize and deal with ML/TF-related situations and maintain a record of this.
,br> - Weaknesses in firms’ governance and management information (MI) were found, particularly concerning record keeping of financial crime decision-making, indicating potential gaps in accountability and oversight. Clear documentation of decisions made by senior management with a suitable rationale must be retained to demonstrate compliance and respond effectively to regulatory inquiries. In addition, financial crime compliance should be given sufficient importance and discussed as a standing agenda item during senior management meetings.
What Should Firms Do Now?
Based on the information provided, firms need to take several actions to address the common control failings highlighted by the FCA:
Conduct a Gap Analysis:
Firms should conduct a thorough gap analysis against the identified weaknesses within their anti-money laundering (AML) frameworks. This analysis should encompass areas such as business model discrepancies, risk assessment deficiencies, due diligence and policies, as well as governance and training issues.
Promptly Address Identified Gaps:
After conducting the gap analysis, firms must take prompt and reasonable steps to address any gaps identified. This may involve revising and enhancing existing AML policies, controls, and procedures to ensure compliance with regulatory requirements.
Senior Management Oversight:
Senior management plays a crucial role in overseeing the implementation of remedial actions. They should ensure that the gap analysis is carried out effectively and that the findings are shared internally and acted upon on time.
Future Engagement with the FCA:
Firms should be prepared to provide evidence of the actions taken to address the identified gaps during future engagements with the FCA. This may include demonstrating progress in remedial work and testing to show that AML frameworks are effective and working as intended.
Overall, firms need to proactively assess and strengthen their AML frameworks to mitigate the risk of financial crime and ensure compliance with regulatory requirements. The recent communication addressed to CEOs underscores the Financial Conduct Authority’s (FCA) intensified scrutiny of financial crime prevention. While Annex 1 firms are directly addressed, the insights provided are pertinent to all authorized firms.
In response, firms are urged to conduct a thorough gap analysis against the outlined common weaknesses within six months. Prioritising this analysis is key, ensuring it’s conducted comprehensively and robustly. Senior managers overseeing this process must possess the requisite seniority and expertise.
Documentation is paramount. All activities, findings, and remedial actions must be meticulously documented, shared internally, and promptly acted upon. The FCA emphasizes the need for Annex 1 firms to assess their financial crime controls within the stipulated timeframe, signalling continued monitoring from the regulator’s end.
- #FCA
- #AML Control Failings
- #Due_Diligence
- #Compliance