Dear CEO | Release Date: 5th March 2024
To read a shorter summary of this Dear CEO letter, click here.
To access the original FCA document, click here.
Long Summary
The Financial Conduct Authority (FCA) has issued a detailed “Dear CEO Letter” to Annex 1 firms, highlighting significant concerns and expectations regarding their anti-money laundering (AML) frameworks. This communication is integral to the ongoing battle against financial crimes, including money laundering, terrorist financing, and proliferation financing, collectively referred to as “Financial Crime.
Overview of Annex 1 Firms and the FCA’s Supervision Role
Annex 1 firms, as categorised under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLRs), encompass a variety of financial institutions with different business models operating within the UK. These firms are not authorised under the Financial Services and Markets Act 2000, nor are they classified as money service businesses. The FCA’s supervision includes assessing these firms’ compliance with AML regulations, conducting reviews, and enforcing corrective measures as necessary.
Recent Findings from FCA Assessments
The FCA’s recent assessments of Annex 1 firms have uncovered several common weaknesses in critical areas:
Business Model Issues
Discrepancies were found between the activities registered with the FCA and the actual activities conducted by the firms.
A lack of Financial Crime controls keeping pace with business growth was evident, particularly in cases where firms expanded rapidly.
Inadequate Risk Assessments
Weaknesses were observed in both Business Wide Risk Assessments (BWRA) and Customer Risk Assessments (CRA).
Some firms lacked a comprehensive BWRA, resulting in a failure to accurately assess and mitigate risks.
CRAs often lacked individualisation, failing to assess the unique Financial Crime risk posed by each customer.
Flaws in Due Diligence and Ongoing Monitoring
- Policies and procedures for Customer Due Diligence (CDD) and ongoing monitoring were often vague or outdated.
- There was ambiguity in applying CDD measures, especially during customer onboarding.
- Firms were not effectively employing Enhanced Due Diligence (EDD) in high-risk situations.
Governance and Management Information Gaps
- Financial Crime teams in some firms were inadequately resourced.
- Training on Financial Crime was insufficient or lacking in coverage of key areas.
- A clear audit trail for Financial Crime-related decision-making was often absent, reflecting weaknesses in governance and record-keeping.
Impact of Poor Financial Crime Controls
The FCA underscores the significant impact of inadequate Financial Crime controls, which can facilitate criminal activities, undermine the integrity of the UK financial market, and lead to severe regulatory actions against the firms, including fines and removal of Annex 1 firm registration.
Actions Required by Firms
Firms are not required to respond to this letter directly, but they must undertake several critical actions:
Conduct a Gap Analysis
A thorough gap analysis against the outlined weaknesses is expected within six months.
This analysis should be conducted by a senior manager with adequate authority and knowledge.
Findings from the gap analysis must be internally shared and acted upon.
Implement Remedial Steps
Firms should promptly address identified gaps, ensuring that their Financial Crime policies, controls, and procedures are in line with the MLRs and proportionate to their risk profile.
Future FCA Engagements
In future engagements, the FCA may request details of the gap analysis, actions taken, and evidence of the effectiveness of the updated policies and procedures.
Regulatory Intervention
Inadequate actions in response to this letter may lead to regulatory intervention from the FCA to manage Financial Crime risks.
Clear Take-Aways and Actions for Affected Readers
1. Urgent Review and Update of AML Frameworks – Annex 1 firms must immediately review and update their AML policies and procedures. This includes ensuring compliance with MLRs and adjusting to the firm’s evolving risk profile.
2. Conducting a Comprehensive Gap Analysis – A detailed gap analysis must be carried out, focusing on the highlighted areas of weakness. This analysis should lead to clear, actionable insights.
3. Prioritising Remedial Actions – Swift and effective actions to rectify the identified gaps are critical. This involves revising policies, enhancing training, and improving governance and oversight.
4. Ensuring Senior Management Involvement – Senior management must actively engage in this process, ensuring accountability and adequate resources for Financial Crime controls.
5. Preparing for Future FCA Engagements – Firms should be prepared to demonstrate the steps taken in response to this letter in any future interactions with the FCA.
6. Avoiding Regulatory Sanctions – To avoid potential regulatory actions, including fines and operational restrictions, firms must take this letter seriously and act accordingly.
Conclusion
This comprehensive overview of the FCA’s “Dear CEO Letter” underscores the urgency and importance of strengthening AML frameworks within Annex 1 firms. The FCA’s findings indicate a need for significant improvements across various areas of Financial Crime prevention. Firms are expected to undertake immediate and thorough actions to align their operations with regulatory expectations and safeguard the integrity of the UK financial system.