Although the Dear CEO Letter indicates that some Annex 1 firms are struggling to get the basics right, a consistent theme also emerges where Annex 1 firms that are subject to The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) try to comply, but fall short of regulatory expectations in a number of areas, which are set out in the Dear CEO letter.
The FCA expects all Annex 1 firms to undertake specific actions to address the commonly identified weakness within six months of the Dear CEO letter. We have below summarised the common AML failings found through the FCAs assessment, they are pertain to:
- Business Model
- Discrepancies between the firm's registered and actual activities, and;
- Proportionate financial crime system & controls, including resource levels which keep pace with the firm's growth.
- Risk Assessments
- Absent, inadequate or disproportionate Business Wide Risk Assessments (BWRAs) and poorly documented methodology underpinning the risk assessment relevant to the activities of the business;
- Failure to articulate mitigating measures put in place to address risks, and;
- Customer Risk Assessments (CRAs) not appropriately calibrated to determine the level of Customer Due Diligence required when certain risks are present.
- Customer Due Diligence, Ongoing Monitoring and Policy & Procedures
- Insufficient detail within CDD policies and procedures with regard to the level of diligence to be applied;
- Ambiguity around ongoing monitoring measures, and;
- Lack of appropriately documented policies and procedures regarding investigation and recording of Suspicious Activity Reports (SARs).
- Governance, Management Information and Training
- Poorly resourced Financial Crime teams and lack of appropriate senior management oversight;
- Team or role specific financial crime training not provided and general training also failed to cover crucial topics, for example SAR reporting guidance, and;
- Lack of record keeping / documented evidence of financial crime considerations and decision making within senior management forums.
Action Required
Through this Dear CEO letter, the FCA sends out a strong need for Annex 1 firms to place greater priority on financial crime prevention and "assess their financial crime controls against the common weaknesses found within the next 6 months". The FCA expected actions for Annex 1 firms to undertake should include:
- A gap analysis against each of the common weakness outlined;
- Detailed findings and subsequent remedial actions taken to address the gaps identified, and;
- Ensure sufficient seniority of Senior Manager(s) responsible for the gap analysis to carry it out effectively.
FCA state that firms should "take prompt and reasonable steps to close any gaps identified…" with "..its findings shared internally and acted upon".
They go on to state that "In future engagements with your firm we are likely to ask you to provide us with the findings from the gap analysis, evidence of the actions you have taken to address the gaps identified, and the progress of any remedial work and testing to show that the policies, controls and procedures are effective and working as intended."
Failure to conduct such gap analysis review and any subsequent remediation could result in FCA regulatory intervention, as we are seeing widely across the population of Annex 1 firms. External assurance around the gap analysis will also be a key defence when the FCA seeks to confirm the rigour of firms' responses to this call to action.
We recently published an article on Annex 1 firms and how they have come under the regulatory spotlight, which can be found here, where we cover: when registration may be required, where you stand as an SPV and the FCAs stance towards Annex 1 firms.
