The UK Financial Conduct Authority has written to company chief executives outlining weaknesses in the policies and procedures that firms have in place to prevent financial crime and instructing that they must take necessary steps to address these shortcomings.
The “Dear CEO” letter highlights key areas where it concludes that financial services firms have fallen short in their policies to prevent money laundering, terrorist financing and proliferation financing.
These weaknesses lie particularly in firms' business models, risk assessment frameworks, due diligence procedures, and their governance and training methods.
The firms falling into scope of the FCA’s regulatory surveillance in this area are known collectively as Annex 1 firms, as detailed in The Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (the MLRs).
The UK financial conduct regulator indicates that it applies a data-led approach to identify Annex 1 firms that will be selected for supervisory review. It will then take further action, as necessary, based on the findings of this assessment.
In recent reviews, the FCA has identified discrepancies between firms’ registered financial services activities and those that they are delivering in practice. It is concerned by the failure of some firms to update their financial crime controls in line with their business expansion.
The FCA found shortcomings in firms’ customer risk assessments and their business-wide risk assessments, and indicated that some companies provide inadequate detail in their staff guidelines regarding their obligations under the MLR.
More broadly, it found that firms are failing to provide adequate financial crime training or, in some cases, they are failing to allocate adequate resources to prevent financial crime. Others, it notes, do not provide an effective audit trail for their financial crime-related decision making.
“The issues summarised in this letter reflect the key areas where the firms assessed have fallen short of the requirements set out in the MLRs,” says the FCA.
In the letter, the FCA instructs senior managers to conduct a gap analysis to identify underperformance against each of the common weaknesses that the regulator has identified.
The firm is required to report any weaknesses identified by the gap analysis to the FCA and to provide evidence of the actions that it has taken to close these gaps.
The senior manager responsible for this exercise must have necessary seniority to ensure that this remedial action is discharged effectively.
“Where we assess a firm’s actions in response to this letter to be inadequate, we will consider appropriate regulatory intervention to manage the financial crime risk that this presents,” the letter concludes.
