Step 2: What we expect to see in your application for registration

We set out the main areas of your business model and control environment that we will review when assessing your application. This list in not exhaustive and should be read alongside the MLRs and other relevant information.

Preparing a good quality application

Your application must be complete when you submit it.

Characteristics of a good application

All key information and documents are included at submission. For example, you must provide all information requested in the application form and Money Laundering Reporting forms for all MLR individuals.

Documents are clear, with all key information included, and tailored to your business model.

Details of your Nominated Officer / Money Laundering Reporting Officer (MLRO) and the other MLR individuals are provided.

Documents are final, current, have been comprehensively reviewed and properly approved through the correct governance and sign-off.

What you need to include in your application

Your application must include:

A full description of the specific activities you plan to carry out to be classified as an Annex 1 financial institution.
An explanation of why your proposed business activities do not fall within the scope of the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001.
The types of customers your business deals with.
Your business turnover for the last completed financial year, or if you have not started operations, your estimated business turnover for the first year. If you are part of a group, provide the turnover for the part of the business carrying out the Annex 1 activity.
A clear and detailed description of your source of funds and where the funds have come from.
Specific details of any legal charges over the firm, and if none, whether there is an assignment of the original loan or a Special Purpose Vehicle with a debenture.
Details of your Nominated Officer / Money Laundering Reporting Officer (MLRO) and other MLR individuals, if applicable.
If the business is a member of a group, a structure chart which includes percentages of ownership and individuals with an interest of over 25% of shares or voting rights.

Please also refer to the guidance notes for further information on how to complete your application.

AML framework

When you submit your application, you must already have an anti-money laundering (AML), counter terrorist financing (CTF) and counter proliferation financing (CPF) framework that complies with the MLRs. We may request your AML/CTF/CPF policies and procedures as part of our assessment.

Your AML/CTF/CPF framework should include at least:

Business-Wide Risk Assessment (BWRA)

The risk assessment must identify and assess all the inherent ML/TF/PF risks within your business model. It should fully cover the risk factors (customers, products and services, geography, transactions and delivery channel) listed in Regulation 18(2)(b) of the MLRs. The BWRA should assess how serious these risks would be to the business if they occurred. Further information is in the relevant sections of the The Joint Money Laundering Steering Group (JMLSG) Guidance.

Your BWRA must also document the control framework in place to manage these risks and assess how effective they are. You can assess how effective your controls are either separately or all together.

Prepare your BWRA using a consistent and repeatable method. The methodology should record the steps you took to:

identify the inherent risks
assess the severity of the inherent risks should they materialise (including any weightings and factors used)
identify the applicable controls
assess how effective the controls are
calculate the residual risks

Once you have identified the residual risks, document the conclusions you have reached.

Customer Risk Assessment(s) (CRA) and its/their accompanying methodology

We expect CRAs to reflect your assessment of the level of ML/TF/PF risk that your customers pose. As a minimum, this should consider the risk factors documented in the BWRA and those under Regulation 28(13) and Regulation 33(6) of the MLRs.

The CRA should provide a risk rating outcome that determines the level of due diligence that you will apply. The risk factors within the CRA must align with the BWRA. For example, if the BWRA considers a product as higher risk, the CRA should do the same. The risk rating sets the amount of information you collect, in line with your policies and procedures. A detailed methodology should lie behind the risk assessment.

Policies and procedures

You should set up and maintain policies and procedures that mitigate and effectively manage the ML/TF/PF risks identified in your BWRA. The policies and procedures must document the systems and controls you designed and implemented.

The policies should show that you understand your regulatory obligations and explain how you comply with them. If you consider certain parts of the MLRs do not apply to your business (for example, because of your business model), you should clearly explain why in your documentation.

Operational procedures should clearly set out, with suitable detail, the steps you will take to apply your framework day-to-day. They must cover all your MLR obligations including (without limitation):

Customer Due Diligence (CDD)
Enhanced Due Diligence (EDD)
Politically Exposed Persons (PEPs) and Sanctions screening
Periodic reviews
Transaction monitoring
Training
Suspicious activity reporting (SARs)

Operational procedures should also explain what is expected of your staff when operating the control framework.

CDD and ongoing monitoring policies should be appropriately applied to individual customers depending on the level and nature of risk they pose. You should clarify when simplified CDD or EDD measures should be applied, and outline when and how a customer’s source of funds and source of wealth will be effectively captured. It is also important to ensure CDD and ongoing monitoring documents are kept up to date.

Training

You must regularly train your staff to recognise and handle transactions or situations that may be related to ML, TF or PF. Training materials should be tailored to your business model and cover all of your ML/TF/PF risks, including any unique risks.

You need a clear plan to design, develop and deliver your staff training, with enough resources to support it. You must also keep written records of the steps taken and the training provided.

If you have used a third party to develop your AML framework, you must ensure your staff receive training that enables them to fully understand and operate the framework effectively.

Suspicious Activity Reporting

Your Suspicious Activity Reporting (SAR) policy must cover all your business. Staff should be trained to recognise and deal with suspicious activity. You must clearly explain their duty to report any suspicious activity they identify, and the possible consequences if they fail to do so. We would expect to see reference within your SAR policy to tipping off and the circumstances where you may need to consider a Defence Against Money Laundering (DAML) or Defence Against Terrorist Financing (DATF) SAR.

Sanctions

You must show that your control framework includes up-to-date and suitable sanctions controls that fit your business model.

Your framework should also include ‘red flag’ indicators for potential sanctions breaches and demonstrate that you apply checks consistently across all AML processes, including onboarding, periodic reviews, screening and transaction monitoring.

Your BWRA must also document the control framework in place to manage these risks and assess how effective they are. You can assess how effective your controls are either separately or all together.

Prepare your BWRA using a consistent and repeatable method. The methodology should record the steps you took to:

identify the inherent risks
assess the severity of the inherent risks should they materialise (including any weightings and factors used)
identify the applicable controls
assess how effective the controls are
calculate the residual risks

Once you have identified the residual risks, document the conclusions you have reached.

Customer Due Diligence (CDD)
Enhanced Due Diligence (EDD)
Politically Exposed Persons (PEPs) and Sanctions screening
Periodic reviews
Transaction monitoring
Training
Suspicious activity reporting (SARs)

Operational procedures should also explain what is expected of your staff when operating the control framework.

You need a clear plan to design, develop and deliver your staff training, with enough resources to support it. You must also keep written records of the steps taken and the training provided.

If you have used a third party to develop your AML framework, you must ensure your staff receive training that enables them to fully understand and operate the framework effectively.

You must show that your control framework includes up-to-date and suitable sanctions controls that fit your business model.

We have written to CEOs of Annex 1 firms to share our findings of how firms are complying with money laundering regulations, and found some common failings. You and your senior management should carefully consider the contents of the letter and ensure that your AML/CTF/CPF framework meets our expectations.

Key individuals

This section covers some of the obligations that are placed upon certain key individuals within your business under the MLRs.

Nominated officer/ Money Laundering Reporting Officer

Registering with us under the MLRs means you are not subject to the Senior Managers and Certification Regime (SM&CR). However, Regulation 21(3) of the MLRs requires you must appoint a Nominated Officer/MLRO to receive disclosures under Part III (Terrorist Property) of the Terrorism Act 2000 or Part 7 (Money Laundering) of the Proceeds of Crime Act 2002.

Regulation 21(1)(a) also requires you to appoint a board member or a senior manager to oversee your compliance with the MLRs.

These functions are usually carried out by the same person but this is not required.

We expect that the Nominated officer / MLRO will remain in post if the firm becomes registered.

There are no legal requirements for a Nominated Officer / MLRO to have specific formal qualifications, but we expect a Nominated officer / MLRO to understand the UK regulatory framework, have sufficient authority and independence and have adequate access to resources and information.

This is so they can monitor and manage internal compliance with your policies and procedures and fulfil their responsibilities under the MLRs. As previously mentioned, the Nominated Officer / MLRO should receive disclosures under the Proceeds of Crime Act 2002 and the Terrorism Act 2000 and must act where there is knowledge or suspicion of an offense. We will also consider if the Nominated Officer / MLRO acts and is likely to continue to act, with integrity.

There is no requirement for Nominated Officers / MLROs to be based in the UK. But we will look carefully at individuals that are not based in the UK and will consider how much oversight they will have if they are based in a different jurisdiction to where most of the financial crime controls are being performed.

A Nominated Officer / MLRO that has unspent conviction(s) as listed in Schedule 3 (Relevant Offences) of the MLRs will automatically fail the fit and proper test.

See more on our expectations of Nominated Officers / MLROs.

Characteristics of a good application

The Nominated Officer / MLRO has enough capacity to perform their role to the necessary standard, even if they have other responsibilities at your firm, within Group firms or elsewhere.

The Nominated officer / MLRO has no conflicts of interest between their MLRO role and any other roles they expect to perform which cannot be mitigated. For example, the Nominated Officer / MLRO is not also the head of sales.

MLR individuals

The following individuals are subject to the fit and proper requirements under Regulation 58 of the MLRs:

the sole proprietor of the business
a partner in the business
a director of the business
the Board member or Nominated Officer responsible for compliance with the MLRs
the Nominated Officer for reporting suspicious activity reports to the National Crime Agency
a beneficial owner as defined in Regulation 5 and Regulation 6 of the MLRs
other person performing a role of similar influence or responsibility

Before registration, these individuals must pass the fit and proper test. We expect to receive Money Laundering Reporting forms for all the individuals above. You must tell us about any issues why the individuals for which you are submitting an MLR Individual Form for may not be fit and proper.

If you disclose any concerns, you may also, if appropriate, explain why you believe the individual should be treated as fit and proper. If, you are unsure whether to disclose a conviction, you should seek legal advice.

We will use the information you provide, along with other checks, to decide if you and the relevant individuals are fit and proper to carry on the regulated activities. We will verify the information you submit. We treat non-disclosure very seriously; your application may be refused if you deliberately withhold information or provide false or incomplete facts.

We will consider:

Convictions - An applicant or an officer, manager or beneficial owner that has an unspent conviction as listed in Schedule 3 (Relevant Offences) of the MLRs will automatically fail the fit and proper test.
Failure by an individual to pay any of the penalties or charges listed under Regulation 59 (1)(c) of the MLRs.
Reasonable grounds that suggest an individual will fail to comply with the MLRs, Part III (Terrorist Property) of the Terrorism Act 2000 or Part 7 (Money Laundering) of the Proceeds of Crime Act 2002.
Any other failure to comply with the MLRs.
The ML/TF/PF risks inherent in the firm’s business.
An applicant and any individual’s honesty and integrity, skills and experience, financial soundness within the context of the MLRs and the expectation to act with integrity. For example, this may include any matters that cast doubt on the honesty and integrity of the individual, such as disciplinary proceedings or dismissal, competence or capability or financial soundness.

Anyone in the roles listed above with an unspent conviction(s) as listed in Schedule 3 (Relevant Offences) of the MLRs will automatically fail the fit and proper test. A registered firm must make sure any individual who has not been approved by the FCA does not act as a manager, officer, or beneficial owner.

Contact us

What we do

How we regulate

How we operate

Who we are

Join us

Firms overview

Regulated firms

Primary markets

Markets policy

Regulated markets

Market abuse

Short selling

Transaction reporting

Our Consumer section

Your rights

Complaints

Scams

Report a firm

Sign up to receive daily alerts on the warnings we issue

Media centre

Step 2: What we expect to see in your application for registration

Preparing a good quality application

Characteristics of a good application

What you need to include in your application

AML framework

Key individuals

Nominated officer/ Money Laundering Reporting Officer

Characteristics of a good application

MLR individuals