Anti-money laundering warning to firms

Regulators in the UK continue to put the fight against financial crime on the top of their agenda. The Financial Conduct Authority (“FCA”) recently published warnings to firms over common anti-money laundering (“AML”) framework failures. 

Firms and businesses which fall under the scope of the Money Laundering, Terrorist, Financing and Transfer of Funds Regulations 2017 (the MLRs) are required to:

• Have appropriate policies, controls and procedures in place to reduce and prevent money laundering, terrorist financing and proliferation financing;
• Conduct business wide risk assessments to identify weaknesses;
• Conduct customer risk assessments;
• Conduct customer due diligence; 
• Have adequate internal controls and ongoing monitoring of your business; 
• Ensure staff are adequately trained; and 
• Comply with record keeping requirements.

The FCA has recently undertaken assessments of Annex 1 Firms in relation to their Financial Crime policies, controls and procedures. The definition of ‘Annex 1 Firms’ under the MLRs covers a wide range of business types, including lending, financial leasing and payment services firms, but which are not authorised persons for the purposes of the Financial Services and Markets Act 2000 (for example, lenders that do not carry out consumer credit activities would be an Annex 1 Firm). Assessments by the FCA were done either via onsite firm visits or desk-based assessments. 

As a result of their findings, the FCA have enhanced the monitoring of Firms in that category and will also be increasing their proactive work in this area. 

Common weaknesses discovered by the FCA includes:

1. Business Model

The FCA found that there are discrepancies between the activities that firms have told the FCA they would undertake upon registration and the activities they have said they undertake when asked during the assessment.

Firms authorised by the FCA are required to report any relevant changes to their business, such as no longer carrying out activities they have previously informed the FCA they were conducting. The FCA have also noted that financial crime controls have not adequately kept pace with the size and complexity of the business, resulting in an inadequate Financial Crime framework. 

We often see businesses tied up with meeting the demands of growth leaving AML compliance an afterthought or ‘a job for another day’. We recommend firms take a more proactive approach in ensuring their business is adequately protected by reviewing and increasing their AML framework and compliance team accordingly. Sometimes a firm that started off as a three-person team rapidly grows to a 25-plus company but the problem is that they haven’t expanded their AML framework accordingly. 

• Business Wide Risk Assessments

Business Wide Risk Assessments (BWRA) is often the forgotten piece of the AML puzzle. The FCA noted that in some instances, BWRA were completely absent. In other instances, the FCA found where a BWRA was present, it was of poor quality as it lacked sufficient detail.

The lack of a BWRA demonstrates to Regulators that firms do not have a clear view of money laundering, terrorist financing and proliferation financing risks the business is exposed to, nor have they given thought to appropriate controls to mitigate those risks. It is important to note that a BWRA is not a ‘one and done’ job, it is a living document and requires continual review and update according to external and internal changes. We recommend firms pay closer attention to their BWRA and update it according to changes such as: new products or service lines introduced by the firm, changes to its customer profile, changes countries or geographical areas in which it operates in and its delivery channels. 

• Due Diligence, Ongoing Monitoring and Policies and Procedures

Policies outlining actions to be taken by staff should be clear and kept up to date. If policies and procedures results in ambiguity over the level of customer due diligence (“CDD”) measures that should be applied to different risk ratings, then the firm would not be able to conduct adequate CDD. Policies and procedures should be sufficiently clear to guide staff how to deal with higher risk matters and indeed to understand what constitutes a higher risk matter.

The initial onboarding of a customer is not the end of the firm’s AML responsibility as it should have ongoing monitoring processes to prevent it from being used as a conduit to laundering the proceeds of crime. The level of risk associated with the customer will normally indicate the ongoing monitoring required on that customer as it is not a ‘one size fits all’.

• Governance, Management Information and Training

The FCA identified lack of resource and inadequate training in some firms. Senior managers are required to have appropriate oversight of this and are responsible for managing the financial crime risks. Although senior managers typically have a full-time role outside of being a senior manager for AML purposes, they still need to be adequately trained in AML and be aware of their responsibilities. Training is an important piece to ensuring employees are aware of what they need to do. The FCA found that training had not been given the importance it demands, and that training needed to be tailored to the role of the employee. Off the shelf training is great as a refresher of common topics however training tailored to the business and role is important particularly for those in senior management roles, onboarding/ongoing monitoring roles, and client facing roles. 

Finally, record keeping requirements were found to be lacking. Firms going through the arduous work of ensuring policies and procedures are followed, CDD is appropriately collected, and necessary high-risk issues are escalated then they should really ensure all of it is documented. It is similar to a math’s test; full points are not awarded where you do not show how you have arrived at the answer. 

Key take-aways 

Firms should understand their obligations under the AML regulations and allocate resources to it according to the size of their business. There should be a culture of compliance instilled from the top down as it sets the tone for the rest of the business. AML compliance should not be seen as a hinderance to business development, or a burden on costs but rather seen as a way to conduct business safely. The investigation process by regulators can be stressful and where the business is found to be non-compliant, it could result in a hefty fine as well as damage to their reputation as the findings will be made public.

We can help all businesses from setting out their AML framework to testing their existing framework for weaknesses. Please get in touch for any AML related advice.