Annex 1 firms include lenders, safe custody providers, money brokers, and financial leasing companies. These firms are registered and supervised by the FCA for the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs).
The published letter continues on from regulatory journey themes that the FCA published in February where a key priority was Reducing and Preventing Financial Crime.
There is an expectation that firms will have assessed their financial crime controls within six months, followed by implementation of improvements. The initial assessment and gap analysis may set the tone for additional scrutiny, so firms affected should prioritise detailed and comprehensive documentation. The themes set out in the latest letter are consistent with those critical financial crime controls expected for all firms subject to AML legislation.
The key areas of concern and challenges raised are:
1. Governance and Oversight Business Model:
What is it?
Some firms exhibit weaknesses in their governance structures related to AML controls. There may be a lack of resources for financial crime, inappropriate training for staff and lack of audit trail of preventative or reactive controls (and independent audit functions).
What can firms do?
Senior management must take responsibility for financial crime risks, ensure staff are trained on their obligations and an independent audit function should be in place to assess effectiveness (policy/procedure/control). This requires robust use of management information and ensuring that financial crime remains a standing agenda item within committees and governance.
2. Business Activity:
What is it?
The FCA notes that there are discrepancies between activities that firms disclose they will do, and those they actually undertake.
What can firms do?
Details submitted as part of Annex 1 registration should be correct, and importantly kept up to date if core business activities change or are added to as part of business growth (within 30 days). Management should assess the nature of a firms’ business and it’s size when assessing and implementing processes.
3. Risk Assessments:
What is it?
Business Wide Risk Assessments (BWRAs) were found to be lacking for some firms, despite the requirement to assess Money Laundering, Terrorist Financing or Proliferation Financing risks. Similarly, the FCA notes that some firms were assigning risk to Customer groups without tailoring to that peer group specificity to mitigate risk. Fundamentally both these issues represent failure in adequately assessing and managing money laundering risk.
What can firms do?
Ensure that if BWRAs exist they are fully and effectively documented with risk mitigation measures identified and detailed. Similarly, Customer Risk Assessments (CRAs) should be reviewed and enable a holistic approach to risk with a client relationship considering all relevant risk factors (and commensurate due diligence to be completed).
4. Due Diligence and Ongoing Monitoring:
What is it?
There is a view that insufficient due diligence processes are in place for identifying and verifying customers, sometimes revealing lack of detail in policy, and hence in procedures. Specific observations including lack of clarity on where simplified due diligence (SDD) and enhanced due diligence (EDD) must be applied. Similarly, the FCA found that there is inadequate monitoring of transactions for suspicious activities which create lapses in prompt suspicious activity reporting.
What can firms do?
The root causes on both due diligence and ongoing monitoring findings seems to be ambiguous policy, driving unclear procedures and hence wasteful or ineffective processes and controls. In turn that’s likely because these risks have not been adequately focused upon. For more global firms since policies have regional nuances, having clear global minimum standards is an expected practice, with expertise to ensure risk appetite is appropriate and assessed iteratively.
These deficiencies have led to regulatory interventions, including appointing skilled reviewers, restriction of business, and even enforcement action. The consequences of weak controls are significant, as they can facilitate money laundering and harm the integrity of the financial market.
The FCA emphasises that senior management, especially those responsible for financial crime, must take action to address these failings. Firms are expected to conduct gap analyses against the identified weaknesses and promptly close those gaps.
What does this mean?
Firms must:
- Complete a detailed gap analysis against each of the common weaknesses
- Take prompt and reasonable steps to close gaps identified
- Share findings internally, and act on those findings
- Continue to regularly review Financial Crime risks and document findings
For Future engagements with the FCA:
- Provide findings from those gap analysis exercises
- Show evidence of actions taking to address gaps identified
- Demonstrate progress of any remedial work
- Show that there are regular reviews in place ongoing against financial crime risk
- Conduct testing to show that policies, controls and procedures are effective and working as intended
Delta Capita Financial Economic Crime (FEC) / Client Lifecycle Management (CLM) Services provide end-to-end KYC/AML services and client due diligence (CDD) capabilities to help organisations optimise the management of their client lifecycle. We support firms with their Financial Crime risk to understand gaps in Policy/Processing and the Data and Technology landscape.
Delta Capita has recently been publishing a 'Navigating Client Lifecycle Management (CLM) series,' where we consider improvements across the CLM customer journey. You can read more here.
Learn more on how Delta Capita can partner with you.
If you are interested in learning more about how Delta Capita can support assessment of AML risk, perform a detailed diagnostic review of approaches and implementation of best practice, please get in touch today.
.jpg)
.png)
.jpg)