We have summarised the most pertinent changes for firms to consider when assessing ongoing compliance with Financial Crime prevention, detection and reporting. A key point is that controls remain both proportionate, and fit for purpose, while taking into consideration the FCA FCG good practices.
Summary of key changes
Key changes are as below:
- Sanctions: Although feedback on sanctions updates were positive, there have been terminology refinements and clarifications about the scope of manual/automated sanctions screening, which has long since been an unanswered question. Additional guidance has also been provided on sanctioned counties and distinctions between UK Sanctions and Office of Financial Sanctions Implementation OFSI lists. The expectation to report sanctions breaches as they are identified has been made very clear in the new Guide and updates to Systems & Controls and Financial Crime Prevention training for staff should reflect this important update.
- Proliferation Financing (PF): The Guide now incorporates Money Laundering Regulation (MLR) changes from 2022 with the PF Risk Assessment being added to the Guide, however, clearer distinction has been introduced between the separation of PF and sanctions. The FCA intend to address examples of good and poor practices in future updates. Firms are duly reminded that PF Risk Assessments are a requirement under the Money Laundering Regulations and that firms should have control mechanisms in place in order to prevent the firm from being exploited for the proliferation of weapons of mass destruction.
- Transaction Monitoring (TM): Additional good practice examples added on tailoring/testing TM systems along with terminology clarifications to highlight impact of Artificial Intelligence (AI). The expectation is that firms have effective TM systems to detect and report suspicious activity on a risk-sensitive and prompt basis, to ensure effective ongoing monitoring, using innovative solutions where applicable. Firms should be continually evolving systems and ensuring they are calibrated effectively to identify any usual or suspicious activity in line with their business model, which collaborating closely with third party suppliers to ensure appropriate risk detection,
- Cryptoasset businesses: Included in the Guide following registration under MLR and subject to AML/CTF/PF supervision since January 2020. The guidance remains sector-agnostic, with self-assessment wording revised to address cryptoasset risks e.g. anonymity-enhanced or privacy coins and wallet solutions. Cryptoasset businesses must assess and address the risks specific to their business their assets and their wallets using the Guide.
- Consumer Duty: The FCA has added cross-references to Duty rules where applicable, emphasising that a firm's Systems & Controls must deliver good outcomes and remain consistent with Consumer protection. Moreover, this updated guidance will help firms in balancing their Consumer Duty obligations with financial crime obligations. Firms are encouraged to review whether their Financial Crime Systems & Controls align with their responsibilities under Consumer Duty and do not create contradictions or prevent firms from delivering good outcomes to a client in a compliant manner, as a result of financial crime prevention controls which create sludge in other processes.
- Data Security: Good practice examples have been added in the Guide to provide timelines for system restorations after incidents. Poor practices are also noted, such as a lack of controls around revoking access for departing staff. Firms are encouraged to carry out the self-assessment in order to identify any areas for enhancement to the firms Systems & Controls in respect of Data Security.
- Data and Information Sharing: in the updates to the FCG, the FCA have noted that the measures under the Economic Crime and Corporate Transparency Act 2023 ("ECCTA") are not intended to provide firms with additional powers to inappropriately exclude customers. Firms should use these measures to help with their risk-based decision-making process and whether it is appropriate to refrain from sharing information for commercial reasons, while considering their obligations under the UK General Data Protection Regulation ("GDPR").
- Consequential Changes: Throughout the FCG there have been consequential changes to the Guide, including replacing expired links, updating outdated references to European Union rules, refreshing case studies based on more recent FCA enforcement notices and the role of the MLRO. Firms should revisit their Policies and Procedures to ensure they are using correct and update to references so that they are aligned to the updated FCG references.
The FCA has stated that firms affected by these changes should make necessary amendments to their Financial Crime Systems & Controls, including;
- Policies and Procedures;
- Monitoring;
- Training; and;
- Governance.
Our Regulatory Consulting Team has extensive experience assisting firms with interpreting and applying updated regulatory requirements and industry guidance. We specialise in providing practical solutions and comprehensive support to ensure ongoing compliance with evolving standards.
We have successfully helped firms establish and maintain proportionate and effective Financial Crime Compliance frameworks. Our services include conducting independent reviews and providing assurance of AML Systems & Controls, such as (but not limited to): Business-Wide Risk Assessments (BWRA), Customer Risk Assessments (CRA), Customer Due Diligence (CDD), and governance frameworks. Additionally, we deliver bespoke Financial Crime Compliance (FCC) training tailored to your specific organisational needs.
Our expertise also extends to enhancing existing Systems & Controls or supporting remediation efforts. Our team comprises former regulators, seasoned consultants, and industry practitioners—former MLROs and Heads of Compliance/Risk—who bring first-hand practical experience in implementing and managing robust compliance frameworks.
We would be delighted to discuss your needs and explore how we can support you. Our approach focuses on understanding your business, its core drivers, and strategic direction, ensuring we deliver a personalised and tailored service that aligns with your objectives.
