The UK FCA’s New AML / Financial Crime Guidance

Regulatory Sandbox photo

(Note: the below is a high level review of certain potential issues and is not to be relied upon in any definitive manner nor as legal and/or regulatory advice).

The UK FCA has issued new AML / Financial Crime consolidated guidance for firms to prevent financial crime. Importantly this expressly applies in certain areas to e-money issuers and payment services firms under the FCA’s supervision.

What is the status of the AML / Financial Crime guidance?

The guidance does not form part of the FCA Handbook but it does provide guidance on Handbook rules and principles as well as corresponding requirements in the Payment Services Regulations 2009 and the Electronic Money Regulations 2011. The FCA makes it clear that the guidance should not be used by firms, nor supervisors as a checklist of what firms should do to reduce AML/financial crime, but to enhance a firm’s understanding of the FCA’s expectations on how a firm should manage its AML/financial crime risk. The guidance is in addition to other rules and guidance – such as the JMLSG guidance.

What areas are covered by the AML / Financial Crime guidance?

The guidance is somewhat comprehensive and is broken up into the following key topics:

  • Financial Crime Systems and Controls
  • Money Laundering and Terrorist Financing 
  • Fraud
  • Data Security
  • Bribery and Corruption
  • Sanctions and Asset Freezes

How useful is the AML / Financial Crime guidance?

Many compliance team members and MLROs will be familiar with the issues set out in the guidance, but the FCA should be congratulated on presenting the guidance in an easy to read format and giving clear examples on what it considers to be good and bad practice under the various issues. There are also useful case studies of where action has been taken against firms as well as links to other rules and guidance which is helpful.

The section on data security also shows how these issues are taken much more seriously by financial regulators (and not just data protection authorities).

One challenge of the guidance is that it is yet another separate set of requirements to take into account in an already crowded and complicated area. It will also be likely needed to be revised once the new 4MLD comes into force into national law (expected to be sometime in 2017).

Leave a Reply

Your email address will not be published. Required fields are marked *