Search
Choose a style
Dark
Light
Time to read: 4 min

FCA flags AML gaps at corporate finance firms, with downstream risks for payments

AML compliance tick box
Image: Shutterstock

A new FCA survey finds widespread weaknesses in corporate finance firms’ money laundering controls

The Financial Conduct Authority has warned that many UK corporate finance firms (CFFs) are falling short of basic anti-money laundering (AML) requirements, after a targeted survey indicated that around two-thirds of respondents may not be compliant with the Money Laundering Regulations in at least one area of their control frameworks.

The findings are based on firms’ own responses rather than a formal systems review, but the FCA said they reveal clear pockets of non-compliance that require prompt remediation.

Published on October 20, the press release sets out several areas of concern; 11% of responding firms reported having no documented business-wide risk assessment (BWRA), despite this being a legal requirement. Meanwhile 10% said they did not retain documented evidence of customer due diligence (CDD).

Among principal firms overseeing appointed representatives (ARs), 29% said they did not conduct financial crime risk assessments for their ARs, and 6% reported not monitoring ARs’ compliance with financial crime rules or conducting on-site visits or audits.

“Corporate finance firms play a vital role in the UK’s capital markets. Their exposure to money laundering risks means it is essential that they have strong, proactive controls in place. While some firms may be meeting expectations, many may be falling short of minimum regulatory requirements,” said Andrea Bowe, director of the specialist directorate at the FCA.

“We are sharing our findings so firms can address any gaps in their control frameworks. We are also writing to potentially non-compliant firms to set out improvements they need to make.”

What the FCA did — and who responded

The regulator’s CFF portfolio covers roughly 440 firms with varied business models. For this exercise, the FCA focused on those not required to file financial crime data returns, surveying 303 firms and receiving 270 responses, an 89% response rate.

Of these, 31 were principal firms with appointed representatives. The FCA emphasised that the results reflect what firms told the regulator, and do not constitute an FCA review of AML systems and controls.

While the survey targets corporate finance advisers and deal originators, the risks are not confined to the capital markets. Weak BWRAs, patchy CDD documentation and thin oversight of appointed representatives can allow higher-risk clients or investors to enter the financial system at origination, with risks subsequently transmitted across banks, e-money institutions and payment service providers who process fees, placement proceeds or related flows.

Failures in documented risk assessment or record-keeping upstream increase reliance risk downstream, particularly where payments firms depend on prior KYC and AML performed by introducers or counterparties.

The findings on appointed representatives will resonate with payments firms that use agent and ISO networks. Among principal firms, 29% said they did not assess AR financial-crime risks. A further 19% said they did not assess the effectiveness of AR oversight controls. Some disclosed they do not perform on-site visits or audits, lack AR-specific financial crime policies, or fail to independently investigate AR reports.

A small subset reported they do not conduct enhanced due diligence on high-risk clients, and some indicated ARs do not verify source of funds.

Where firms are falling short

The regulator singled out several concrete weaknesses:

  • Missing BWRAs: 31 firms, or 11% of respondents, had no documented business-wide risk assessment; five of these were principal firms, equivalent to 16% of principal respondents.
  • CDD record-keeping: 28 firms (10%) said they do not retain documented evidence of CDD, with the FCA cautioning that strong client relationships cannot substitute for written, up-to-date due diligence records and screening.
  • Customer risk assessment tooling: 27% reported not using a formal customer risk assessment form; among principal firms this rose to 35%.
  • AR oversight gaps: 29% of principal firms do not conduct AR financial-crime risk assessments; 19% do not assess oversight effectiveness; 6% reported no monitoring of AR compliance; and some conduct no on-site visits or audits. A number lacked AR-specific anti-financial crime policies, and some did not independently investigate AR reports.

The FCA also highlighted evidence of effective approaches including 97% of respondents who said they report financial crime matters regularly to senior management. A further 72% use a customer risk assessment form.

The FCA said it will use the survey responses in its supervision of the CFF portfolio and “intervene where firms fall short” of expectations. The regulator has already started writing to firms it sees as potentially non-compliant to set out the remedial actions required, and will follow up with some firms to understand what has been done.

Subscribe to our newsletter