Financial Conduct Authority’s ‘Dear CEO’ letter – what actions do Annex 1 firms need to take?

read time: 4 mins

The UK’s Financial Conduct Authority (FCA) issued a 'Dear CEO' letter last week, addressing common shortcomings identified in anti-money laundering (AML) and financial crime controls of Annex 1 firms. 

The letter follows the FCA’s ongoing work to reviewing certain Annex 1 firms registered with it for AML supervision. This article highlights the key points of the letter and the actions that these firms will need to take.

What is an Annex 1 firm?

Annex 1 firms, or financial institutions are required to register with the FCA for AML supervision under the UK Money Laundering Regulations. These institutions encompass various entities such as lenders, money brokers, financial leasing companies, safe custody providers and others, with a list of specified activities within these regulations.

What are the key points highlighted in the ‘Dear CEO’ letter?

Business models

The FCA highlighted discrepancies between firms' registered and actual activities, indicating a potential gap in transparency and compliance. It was observed that some firms failed to update their registered activities with the FCA when their business models evolved, leading to a mismatch between regulatory requirements and operational realities. Additionally, as firms expanded their operations, their AML controls did not always keep pace with the increased complexity and risk, posing vulnerabilities to financial crime.

Risk assessments

A critical area of concern identified by the FCA was the lack of comprehensive business-wide risk assessments and, in some cases, tailored customer risk assessments. Some firms either neglected to conduct a business wide risk assessment altogether or failed to document their risk assessment methodologies adequately. Moreover, where customer risk assessments were performed, they often lacked customisation and failed to consider specific risk factors unique to individual clients, industries or geographic locations.

Diligence, monitoring and procedures

The FCA emphasised the importance of having meaningful policies and procedures governing due diligence, ongoing monitoring, and compliance with the UK Money Laundering Regulations. However, it was noted that many firms lacked detailed and clearly articulated policies, leading to ambiguity among staff operatives regarding their UK Money Laundering Regulations obligations. Inadequate documentation of customer due diligence processes and ongoing monitoring further compounded the problem, making it challenging to demonstrate compliance with regulatory requirements. 

Governance, management information and training

The letter underscored the significance of strong governance, effective management information gathering and comprehensive staff training in combating financial crime. Some firms were found to have insufficient resources allocated to their teams, resulting in inadequate oversight and training. Furthermore, the absence of a clear audit trail for financial crime-related decision-making raised concerns about governance and accountability within these firms.

What actions do firms need to take?

The FCA doesn’t expect Annex 1 firms to respond to the letter, but it is a helpful reminder that Annex 1 firms, and any other firm subject to the UK Money Laundering Regulations, should assess their financial crime controls against the common weaknesses. The letter suggests this is completed within 6 months and does highlight risk of regulatory action, including possible enforcement action in more serious cases. 

It’s a stark reminder for all firms, that financial crime risk and mitigation remains high on the FCA’s agenda and the requisite need for firms to prioritise AML risk management and regulatory compliance. “Reducing and preventing financial crime” remains Commitment 1 within the FCA’s 2024/25 Business Plan.

Given the shortcomings, firms should take proactive measures to review and enhance AML systems, controls and processes where required. This may include conducting gap analysis to identify areas of improvement, updating policies and procedures to align with regulatory requirements and providing targeted training to staff members.

For firms intending to engage in Annex 1 activities, it’s important the FCA AML registration process is followed at the outset. This includes submitting your application for registration to the FCA at the earliest stage and developing the systems, controls and procedures required under the UK Money Laundering Regulations. This helps to avoid and mitigate potential enforcement action, regulator engagement and reputational damage.

What can we take away from this?

The FCA's ‘Dear CEO’ letter underscores the critical importance of robust AML controls and compliance with regulatory requirements, to mitigate risk of businesses facilitating financial crime, it helps to safeguard the integrity of the UK’s financial markets. Annex 1 firms should remain vigilant and proactive in addressing identified shortcomings to mitigate financial crime risks effectively.

Please contact the commercial team if you have any questions or require further assistance in reviewing your AML frameworks.

Sign up for legal insights

We produce a range of insights and publications to help keep our clients up-to-date with legal and sector developments.  

Sign up