By Angus Irvine, Principal Consultant
On 5 March 2024, the Financial Conduct Authority (FCA) sent a Dear CEO letter to firms which are categorised as Annex 1, requiring them to register with the FCA for anti-money laundering (AML) supervision purposes. Annex 1 firms are those which deliver certain services, including the following:
- Lending
- Providing payment services
- Issuing and administering other means of payment
- Trading for own account or for account customers in any of the following:
- Safe custody services
- Portfolio management advice
- Safekeeping and administration of securities
- Participation in securities issues and providing services related to these issues (this will include registrars)
This is the latest in a series of Dear CEO letters, following on from those sent to wealth managers and retail stockbrokers, insurance firms, electronic money and payment services firms and corporate finance firms in the second half of 2023. Furthermore, AML has been a common theme throughout all of the Dear CEO letters that the FCA have sent out in the last 18 months.
It’s worth noting that the FCA states within this latest letter: “we undertake assessments of financial crime policies, controls and procedures. We use a data-led approach to identify the firms that are selected for review. The firms we assess are informed of our findings and supervisory action is taken with those firms based on those findings”.
Last year’s Dear CEO letters were all followed by data requests, or s165 questionnaires. Further data requests were sent to retail CFD brokerage platform firms recently, with responses required by 6 March 2024.
There are common themes emerging time and again, and these are highlighted within the latest letter.
Compliance infrastructure weaknesses are detailed in the following critical areas:
- Business model – Discrepancies between firms’ registered and actual activities, and lack of financial crime controls to keep pace with business growth
- Risk assessment – Weaknesses in Business Wide Risk Assessments and Customer Risk Assessments
- Due diligence, ongoing monitoring and policies and procedures – Lack of detail in policies creating ambiguity around actions staff should take to comply with their obligations under the Money Laundering and Terrorist Financing Regulations (MLRs)
- Governance, management information and training – Lack of resources for financial crime, inadequate financial crime training and absence of a clear audit trail for financial crime related decision-making
The FCA expects all firms to have completed a gap analysis on the below identified weaknesses within six months of the receipt of the latest letter:
- Discrepancies between a firm’s registered activities and those undertaken
- Lack of financial crime controls to keep pace with business growth
- Business Wide Risk Assessments
- Customer Risk Assessments
- Due diligence, ongoing monitoring, and policies and procedures
- Lack of resources for financial crime
- Absence of a clear audit trail for financial crime related decision-making
What actions do firms need to take?
Following the letter, all firms should do the following:
- Ensure their policy framework is up to date
- Ensure senior management functions understand the AML framework, risk assessments and risk profile of the firm on AML
- Ensure that all staff are adequately trained on AML on a regular basis
All Annex 1 firms should conduct a GAP analysis of their systems and controls against the FCA’s expectations as outlined above.
Whilst this latest Dear CEO letter has been directed to Annex 1 firms which are registered rather than authorised by the FCA (irrespective of the regulatory regime), the essential tenets around the FCAs supervision with regards to AML are clear.
Furthermore, this latest dear CEO letter is further evidence of increased supervisory regulatory action in relation to those regulatory themes which the FCA has identified as being either posing a high risk of harm or relate to its statutory priorities. This has been done by notifying CEOs of their regulatory expectations in respect of these priority regulatory themes, and then following up that (usually within one calendar quarter) with information requests or s165 questionnaires. Depending on the responses to these requests for information, there is a risk of further supervisory action followed by a potentially painful and expensive remedial programme, both in terms of financial cost and management time.
How can IQ-EQ help?
IQ-EQ has the expertise to assist all firms subject to FCA supervision, whether registered or authorised, to ensure that their financial crime compliance infrastructure is up to date and fit for purpose to match the FCA’s expectations. We can also deliver tailored training to all staff, whether online or face-to-face.
Furthermore, we can offer broader based or thematic compliance health checks in order to identify areas of weakness in firms’ systems and controls and assist those firms to ensure they rebuild their compliance infrastructure to mirror the regulator’s expectations.
