Mishcon de Reya page structure
Site header
Main menu
Main content section

The FCA's increasing focus on AML supervised firms

Posted on 15 March 2024

On 5 March 2024, the FCA issued a Dear CEO letter highlighting significant shortcomings in the anti-money laundering (AML) frameworks of Annex 1 firms. Annex 1 firms are those firms which are not authorised or regulated by the FCA but are nevertheless subject to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the MLRs) and are required to register with the FCA to enable the FCA to act as supervisor.These firms include commercial lenders, some types of financial traders, money brokers and providers of safe custody services.  Such firms are not subject to rules in the FCA handbook but must comply with requirements in the MLRs. 

Following a number of supervisory inspections, the FCA has reported that a number of these firms have "fallen short" of the MLRs, and expressed its readiness to employ a "range of tools" to tackle these failings ranging from "requiring third-party reviews to enforcement action".

Key issues from the March Letter

In the Dear CEO letter, the FCA identified four common weaknesses in Annex 1 firm's AML frameworks:

  1. Business models: The FCA noted discrepancies between the business activities firms reported at registration and those conducted during assessments. Rapidly expanding firms failed to scale their financial crime policies accordingly, exacerbated by insufficient resources allocated to financial crime teams.
  2. Risk assessments: The FCA found that Business Wide Risk Assessments (BWRA) were either of substandard quality or entirely missing, contravening the MLRs. Additionally, Customer Risk Assessments (CRAs) were not sufficiently tailored to individual clients, overlooking critical risk factors and due diligence levels.
  3. Due Diligence, ongoing monitoring, and policies and procedures: The Customer Due Diligence (CDD) policies and procedures were found to be vague, leading to uncertainty regarding the implementation of ongoing monitoring and the application of due diligence.
  4. Governance, management information, and training: There was a notable deficiency in resources for financial crime teams, coupled with inadequate oversight from senior management. The lack of role-specific and general training resulted in low levels of financial crime awareness among employees. Furthermore, there was minimal engagement from senior management in discussions about financial crime risks and policies.

Evaluation of the issues

In response to the Dear CEO letter, the FCA expects Annex 1 firms to conduct a thorough gap analysis addressing each identified weakness within six months of receiving the letter. Firms are urged to take prompt and decisive action to address these gaps. The FCA has made it clear that it is likely to inquire about the progress made in future interactions with the firms. 


The Dear CEO letter is a culmination of an increased FCA focus on AML controls in Annex 1 Firms.  In September 2022, following lobbying by the FCA, the MLRs were subject to an amendment regulation which provided the FCA with new powers against Annex 1 firms: to issue information requirement notices, appoint skilled persons and to impose directions (for example preventing the onboarding of high risk customers).

When the FCA is provided with a new power, it explores ways to use it. Accordingly, during 2023 the FCA embarked on a programme of inspections of Annex 1 firms and has used its new powers to impose requirements on some of those firms.

We expect this focus to continue, particularly in the latter part of 2024 when the FCA will be keen to test whether firms have undertaken the gap analysis expected of them.

Our recent experience is that the FCA is less likely to commence formal enforcement proceedings against non-compliant firms than perhaps in the past. However, the FCA is increasingly using intrusive supervisory powers. In many cases the effect can be similar to enforcement and have a significant financial impact on firms - particularly where the FCA places restrictions on accepting new business or requires firms to meet the costs of, and deal with the disruption, involved in skilled person reviews.

It is therefore imperative that firms follow FCA guidance in the Dear CEO letter by undertaking a gap review or by initiating an independent regulatory audit under regulation 21(1)(c) of the MLRs.  Our experience of undertaking a gap analysis with clients is that depending on the degree of compliance, implementing remediation can take a number of months. To be ready for when the FCA calls, firms should not delay before initiating their review.

How can we help you?

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

Crisis Hotline

I'm a client

I'm looking for advice

Something else