Explore the findings from our survey on financial crime controls in corporate finance firms (CFFs), including areas for improvement and good practice.
1. What we did and why
CFFs play an important role in maintaining the integrity and competitiveness of UK capital markets. They connect business and enterprise to sources of capital and are vital to the growth and success of the UK economy.
The CFFs portfolio currently includes around 440 firms with a wide range of business models.
We recently reviewed the CFFs portfolio, focusing on the over 300 firms that are not required to submit financial crime data regulatory returns. We wanted to:
- Gather firms’ own assessment of the financial crime risks they face.
- Interview senior staff at a selected sample of firms to take a closer look at the anti-financial crime frameworks they operate.
- Publish areas for improvement and good practice.
We surveyed 303 CFFs not currently required to submit financial crime data returns to the FCA, of which 270 (89%) responded. Of these 270, 31 respondents (11%) were principal firms with appointed representatives (ARs).
We then interviewed senior staff at a small subset of firms who were selected to cover a wide range of survey responses.
These findings reflect what firms told us. They are not the results of a review by us of the firms’ anti-money laundering systems and controls.
2. Who this applies to
Corporate finance firms.
3. What we found
Results from the survey indicated that approximately two-thirds of the responding firms may not be compliant with the Money Laundering Regulations in 1 or more elements of their anti-financial crime control frameworks. However, we also found evidence of some widespread good practice.
Here are some high-level findings.
Key areas for improvement
These areas requiring improvement suggest that many firms may not be complying with their obligations under the Money Laundering Regulations.
4. Our observations
Business-wide risk assessment
We found that 31 firms (11%) who responded to our survey, including principal firms, did not have a documented business-wide risk assessment.
Reminder for firms
You must take appropriate steps to identify and assess the risks of money laundering and terrorist financing to which your firm is exposed.
You must have a documented business-wide risk assessment, under the Money Laundering Regulations.
Customer risk assessment (CRA)
Most firms we spoke to during interviews reported that they build enduring and close business relationships with their clients. This enables them to develop a good understanding of the nature and requirements of those clients. However, survey responses show that 73 firms (27% of all respondents) reported that they did not use a customer risk assessment (CRA) form. This practice was even more common among responding principal firms, with 11 (35%) of them reporting that they did not use a CRA form.
Reminder for firms
You must have documented assessments of the risks posed by your clients, under the Money Laundering Regulations.
Firms cannot just rely on close relationships with clients to develop an understanding of client risk.
Customer due diligence and enhanced due diligence
Most firms we spoke to said they had a good understanding of their clients due to extensive and sustained engagement. However, 28 firms (10%) reported that they do not retain documented information for customer due diligence (CDD).
Strong and long-standing client relationships are central to many CFFs’ business models. However, these relationships cannot replace up-to-date written records of due diligence, including customer screening.
Reminder for firms
You must maintain records of CDD and, where appropriate, enhanced due diligence (EDD), under the Money Laundering Regulations.
Ongoing monitoring
You must conduct ongoing monitoring of your customers, both in terms of scrutinising transactions and keeping records relating to due diligence up to date. This is a requirement under the Money Laundering Regulations.
Many firms reported that they do not deal with client funds, so transaction monitoring may be less applicable to their business relationships. However, firms should consider the sources of all funds they receive, for example engagement fees and other administrative payments.
Firms must also conduct periodic reviews of their business relationships with clients, ensuring that their due diligence remains up to date.
Oversight of appointed representatives (ARs)
Nine principal firms (29%) stated that they do not conduct financial crime risk assessments of their ARs, and 6 principal firms (19%) do not assess the effectiveness of their oversight and control mechanisms for AR financial crime risks.
Some of these firms disclosed that they do not carry out on-site visits or other audits of their ARs.
Others revealed that they lack anti-financial crime policies that specifically cover their ARs. Among this group, many firms also admitted that they do not independently investigate the reports they receive from ARs concerning financial crime controls or incidents.
Two principal firms (6%) reported that they do not have processes to monitor their ARs’ compliance with financial crime regulations.
Three principal firms (10%) reported that they do not conduct EDD on high-risk clients.
Additionally, some firms indicated that their ARs do not verify the source of investors’ funds.
Reminder for firms
Our rules require firms to adequately oversee the regulated activities carried out by ARs, to prevent harm to consumers and the market.
Firms should set up and implement specific policies and procedures to manage the financial crime risks associated with their ARs, including:
- financial crime risk assessments
- on-site visits or audits (where appropriate)
5. Next steps
Our survey findings provide valuable insight into how CFFs mitigate the risks of financial crime they face.
We will use the survey data as we supervise the CFFs portfolio and intervene where firms fall short, in line with our objective to fight financial crime.
We expect all responding firms to consider these findings and address any gaps in their financial crime control frameworks.
We are writing to many firms falling short of regulatory expectations to set out the prompt remedial action we expect. We will follow up with some of these firms in due course to understand what remedial actions they have taken.