FCA Dear CEO letter to Annex I firms (non-bank lenders) on financial crime controls

Written By Anna Nicolis

Today the FCA has addressed a "Dear CEO letter" to Annex 1 firms, outlining common weaknesses identified during recent assessments, including both on-site visits and desk-based evaluations. These findings are not exhaustive but provide critical insights for Annex 1 firms to review their controls and compliance with regulatory expectations and guidance, such as the Joint Money Laundering Steering Group (JMLSG) and the FCA's Financial Crime Guide.

Annex 1 businesses, which include some lenders, safe custody providers, money brokers and financial leasing companies, undertake specified activities which mean they must be registered and supervised by the FCA for their compliance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs).

Common issues identified by the FCA include:

1.     Business Model discrepancies

A key concern is the observed discrepancies between firms' registered activities and their actual operations. The FCA emphasises the importance of accurate registration details and the necessity for firms to promptly notify the FCA of any relevant business changes, including changes in business activities, core details, or changes in MLRO (Money Laundering Reporting Officer).

 2.     Financial Crime Controls

The FCA notes that some firms' financial crime controls have not kept pace with their growth, leading to inadequate financial crime frameworks. This includes insufficient resourcing of Financial Crime teams and a lack of engagement and training at the senior management level, compromising the effectiveness of their financial crime policies and procedures.

3.     Risk Assessment

There are significant gaps in firms' Business Wide Risk Assessments (BWRAs) and Customer Risk Assessments (CRAs). Some firms lack a BWRA altogether, while others have poorly detailed or undocumented risk assessments. This undermines firms' ability to have a clear view of their exposure to money laundering, terrorist financing, and proliferation financing risks and to implement appropriate controls. CRAs often fail to assess individual customer risks adequately, leading to insufficient customer due diligence measures.

4.     Due Diligence and Monitoring

The FCA found that the Customer Due Diligence (CDD) policies and procedures of many firms are inadequately detailed, leading to ambiguity in the application of CDD measures, especially at the onboarding stage. Ongoing monitoring policies and procedures also lack clarity, creating uncertainty about the implementation of ongoing monitoring and enhanced due diligence (EDD) for high-risk countries.

 5.     Governance, Management Information, Training

Some firms do not have adequately resourced Financial Crime teams and lack proper oversight from senior management. Training on financial crime prevention is often inadequate, not role-specific, or fails to cover essential topics such as Suspicious Activity Reporting (SAR) guidance. There is also a notable absence of clear audit trails for financial crime-related decision-making, indicating a need for firms to have financial crime as a standing agenda item in senior management meetings.

The FCA expects firms to take these findings seriously and review their policies, controls, and procedures to ensure compliance with the MLRs and to mitigate risks of financial crime effectively. This includes ensuring that the firm:

  • has financial crime policies and procedures are appropriately scaled to the size and complexity of the business;

  • conducts thorough and detailed risk assessments;

  • implements robust CDD and ongoing monitoring processes; and

  • enhances governance and management information systems to support effective decision-making and oversight in financial crime risk management.

At Braithwate, we have a proven track record of helping firms with their Annex 1 registrations as well as assisting in any remediation required to implement, adapt, and scale financial crime controls. We partner with Muinmos to automate and streamline Client Onboarding and ongoing Monitoring activities. We also offer Compliance-as-a-Service, which is ideally suited to fast-growing firms, who can benefit from expertise and resource on demand, delivered in conjunction with the Braithwate Compliance Cloud platform.

Please contact us to discuss if you need support to comply with Annex 1 firm requirements.

Anna Nicolis
Next

Singapore’s Generative AI Model Governance Framework: impacts on the Financial Services Industry