The Financial Conduct Authority (FCA), in May 2021, issued a Dear CEO letter entitled “Action needed in response to common control failings identified in anti-money laundering frameworks”. While this letter was issued to banks only, many of the key takeaways of the letter have wider application, notably within the financial advice sector. A copy of the Dear CEO letter can be found here.
Although the Dear CEO letter was specifically issued to banking firms, the FCA’s review serves as a timely reminder for firms of the regulator’s expectations when considering Anti-Money Laundering (AML).
Governance and oversight
A key principle under SYSC 6.3 is that firms are expected to have “adequate policies and procedures” in place in order to:
(1) enable it to identify, assess, monitor and manage money laundering risk; and
(2) are comprehensive and proportionate to the nature, scale and complexity of its activities.
Firms are therefore expected to make an assessment of what they deem to be “adequate” given the risk posed to their business, but are also expected to review these regularly (SYSC 6.3.3).
Amongst other things, firms are also required to have in place a Money Laundering Reporting Officer (SYSC 6.3.9) who would ultimately be the focal point for the firms AML activity, i.e. would have ultimate responsibility.
The Dear CEO letter raises issues in relation to a number of areas in which banking firms have fallen short around Governance and Oversight and where there were instances in which Senior Manager oversight was not evidenced. As a warning note, the FCA outlined that “We have previously taken enforcement action where firms’ governance arrangements were not adequately designed or effective”.
These issues in banking firms could well have read across to advisory firms and we believe it would be prudent for firms to consider the policies and procedures, governance and oversight currently in place to assess whether they can be considered “adequate”.
Consumer Due Diligence (CDD) and Enhanced Due Diligence (EDD)
One of the FCA’s concerns was that they have often seen instances in which CDD measures have not adequately been performed or recorded especially since they have provided previous guidance to help firms with establishing a risk-based approach to AML. Reference is also made in the letter to some firms having a “weak” approach to EDD, citing examples including not identifying a client’s source of wealth (SoW) and source of funds (SoF).
For many of our firms the most common higher risk clients from an AML perspective are likely to be either Politically Exposed Persons (PEPs) or close associates of a PEP. As such, it is important that firms not only have processes in place to identify PEPs and other high risk customers as part of their CDD, but also that these are followed in the event that the firm identifies a higher risk client. Many firms have chosen to adopt electronic verification tools such as SmartSearch but simply identifying a PEP is not sufficient, acting on this information is equally important.
Furthermore, we would typically expect firms to have in place an approach which identifies a client’s SoF, particularly in the instance where the transaction being conducted is not consistent with their wider financial circumstances.