Two thirds of corporate finance firms have significant anti-money laundering (AML) compliance gaps, warns the UK’s Financial Conduct Authority (FCA) following a recent survey and review of financial crime controls. The FCA’s findings spotlight areas of weakness that could expose firms and markets to money laundering risks, underscoring the need for stronger frameworks in this vital sector. This detailed report offers a comprehensive overview of the FCA’s survey results, observations, and forthcoming supervisory actions targeting corporate finance firms (CFFs).
Overview of FCA Survey and Scope
The FCA’s assessment focused on about 303 corporate finance firms that are not required to submit financial crime data returns, of which 270 firms (89%) responded. Corporate finance firms are key intermediaries that connect businesses with investors or lenders, playing a crucial role in the UK economy. Ensuring robust financial crime controls in this sector is essential to safeguarding market integrity and reducing exposure to financial crime, particularly money laundering.
This survey aimed to gather firms’ self-assessments on financial crime risks and control frameworks and involved detailed interviews with senior staff at selected firms. The FCA clarified these findings reflect firm-reported data rather than results from the FCA’s independent audit of their AML systems.
Key Findings: Compliance Gaps in AML Frameworks
Widespread Non-Compliance
The FCA found that approximately two-thirds of the corporate finance firms surveyed may not fully comply with the Money Laundering Regulations in one or more critical areas:
- Business-Wide Risk Assessments: 11% of responding firms reported having no documented business-wide risk assessment, a legal requirement to identify and mitigate money laundering and terrorist financing risks. This omission leaves firms and the wider market vulnerable to financial crime.
- Customer Due Diligence (CDD) Documentation: 10% of firms did not retain documented evidence of customer due diligence. Despite many firms building long-term relationships with clients, the FCA emphasized that such relationships cannot replace up-to-date, documented due diligence processes, including customer screening.
- Customer Risk Assessments (CRA): 27% of all respondents did not use a formal customer risk assessment form, rising to 35% among principal firms. The FCA noted that firms must have documented assessments of client-related money laundering risks, as informal knowledge of clients is insufficient under regulatory standards.
- Oversight of Appointed Representatives (ARs): Among principal firms, 29% admitted to not conducting financial crime risk assessments on their ARs. Additionally, 6% did not monitor ARs’ compliance through on-site visits or audits, while 19% did not evaluate the effectiveness of controls overseeing AR financial crime risks.
- Enhanced Due Diligence (EDD) on High-Risk Clients: Some firms still fail to conduct EDD for high-risk clients or verify the source of investors’ funds, which is critical to preventing illicit money flows.
Areas of Positive Practice
Despite these concerns, the FCA observed several areas of good practice:
- Many firms regularly update their business-wide risk assessments to capture emerging threats.
- Detailed management information is used to bolster internal financial crime controls.
- An overwhelming majority (97%) of surveyed firms reported financial crime concerns up to senior management, indicating a positive culture of awareness and reporting.
FCA Statements and Strategic Context
Andrea Bowe, director of the specialist directorate at the FCA, highlighted the importance of strong financial crime controls in corporate finance:
“Corporate finance firms play a vital role in the UK’s capital markets. Their exposure to money laundering risks means it is essential that they have strong, proactive controls in place. While some firms may be meeting expectations, many may be falling short of minimum regulatory requirements. We are sharing our findings so firms can address any gaps in their control frameworks. We are also writing to potentially non-compliant firms to set out improvements they need to make.”
The FCA’s survey forms a part of its wider five-year strategy (2025-2030) to combat financial crime across all regulated sectors. The regulator is committed to strengthening supervision, raising standards, and taking enforcement action where firms fail to meet their AML obligations.
Regulatory Requirements and Expectations
Under the Money Laundering Regulations, firms must:
- Conduct a comprehensive, documented business-wide risk assessment and regularly update it.
- Perform documented customer risk assessments (CRA) on all clients.
- Retain records of customer due diligence (CDD) and enhanced due diligence (EDD) where applicable.
- Continuously monitor client activity to identify suspicious transactions or changes in behavior.
- Have policies and procedures to oversee appointed representatives’ compliance, including conducting risk assessments, audits, and on-site visits.
The FCA stressed that firms cannot rely solely on long-standing client relationships or informal practices to manage AML risks; proper documentation and ongoing due diligence are mandatory.
FCA Enforcement Outlook and Next Steps
To support improved compliance, the FCA is now writing to firms identified as potentially non-compliant, setting out the remedial actions required. The regulator will follow up with these firms to verify corrective measures and may escalate supervisory interventions or enforcement proceedings if firms fail to address their AML gaps.
The FCA continues to prioritize financial crime controls as a key regulatory objective, expecting robust, integrated, and continuously tested AML systems. The agency highlighted the importance of designated staff roles such as Money Laundering Reporting Officers (MLROs) who have sufficient focus and authority to oversee compliance.
Implications for Corporate Finance Firms and Market Integrity
The FCA’s findings serve as a stark reminder that corporate finance firms, despite their economic importance, are exposed to substantial money laundering risks if they neglect their AML duties. Without effective controls, these firms become weak links in the financial system, potentially allowing criminals to move illicit funds through legitimate business transactions.
Institutions must:
- Prioritize comprehensive risk assessments and documentation.
- Strengthen oversight of third-party appointed representatives.
- Train staff regularly on AML procedures.
- Maintain heightened vigilance against emerging threats.
The FCA’s transparency in publishing these findings encourages firms to review their AML frameworks proactively and align with best practice to safeguard the UK capital markets.