Putting together a Firm’s Money Laundering and Terrorist Financing Risk Assessment and the Independent Compliance Assessment

Risk Assessment and the Independent Compliance Assessment

Lee Werrell, Chartered FCSI, CEO of Compliance Consultant, explores the changes to risk assessment and the basic principles of the independent compliance assessment benefits effected by the new Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

Money laundering Reporting Officers operating within the regulated sector will want to be aware of and appropriately integrate these two essential elements into their broader anti-money laundering and counter terrorist financing policies and procedures.

As regulators reinforce their focus on the ideal discharge of money laundering obligations involving customer due diligence (CDD) by the regulated sector, the changes introduced by the new Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, known as the Money Laundering Regulations 2017 or “MLR 2017” are of great seriousness. This is particularly true for money laundering reporting officers within the definition of Part 7 of the Proceeds of Crime Act 2002.

Risk assessment by the firm or business
Some of the key changes achieved by regulation 18 of the MLR 2017 relates to the obligation on firms and businesses working within the regulated sector to identify and assess the risks of money laundering and terrorist financing to which its organisation is vulnerable. This is easier said than done, since as being able to undertake this task, the risk assessor ought to have a sound grasp of the methods which criminals can use the firm’s services when handling the proceeds of their crimes. Criminals may range from organised criminals who are laundering the proceeds of drug trafficking and the like to white collar criminals who have paid or received bribes, committed fraud, breached economic sanctions, or trifled a spot of insider trading. It follows that a firm or business operating in the regulated sector may be vulnerable to money laundering or terrorist financing in a myriad of different ways. Regulation 18( 4) of the MLR 2017 requires a written record to be made from all steps carried out by a firm in the identification and assessment of its money laundering and terrorist financing risk.

Pursuant to regulation 19( 1 )(a) of the MLR 2017, the firm’s risk assessment of its susceptability must dictate the development of its policies, controls and procedures which have been designed to mitigate and manage effectively the risks of money laundering and terrorist financing. What’s more, under the regulation 21(c) of the MLR 2017, having regard to the size and nature of the firm’s business, a firm is now required to establish an independent audit function with responsibility to analyze and evaluate the effectiveness of the firm’s policies, controls, and procedures, to generate suggestions about them, and to check compliance with them.

The high quality of the firm’s risk assessment is therefore critical, because when it pertains to an individual who is obligated to apply CDD measures, regulation 28(12) of the MLR 2017 requires the analysis of the money laundering or terrorist financing risk posed by the clients or customer or the transaction in question to show, amongst other things, the level of risk which their firm has identified in the firm’s risk assessment. In short, the generality of the risk assessment completed by the firm in respect of its susceptability to money laundering or terrorist financing serves to inform the particularity of risk assessment undertaken by the individual in relation to the customer or client concerned. The improvement of a risk profile for a customer or client is typically put together by dedicated professionals in the risk/ compliance function. The risk profile helps the individual on-boarding the customer in their assessment of whether any grounds for suspecting money laundering or terrorist financing has emerged during the Know Your Customer (KYC) process. Medium sized and small sized firms may not be able to afford this luxury and in this instance, it is vital that the firm’s risk assessment is adequately comprehensive to provide a sound framework for the staff’s risk assessment of a customer or client to be informed and effective.

How is the firm’s risk assessment to be made?
In executing the risk assessment a firm must take into account risk factors relating to its clients, the countries, or geographic areas through which it functions, its products or services, its transactions, and its delivery channels. But how is the firm to know the nature and intensity of the risk posed by these risk factors? The MLR 2017 consider that the firm may be helped by taking into consideration information provided by the supervisory authorities. Regulation 17( 9) of the MLR 2017 offers that if information from a risk assessment completed by a supervisory authority would support a firm operating in the sector to accomplish its own money laundering or terrorist financing risk assessment, the supervisory authority has to, where suitable, make that information easily available unless to do so would be irreconcilable with restrictions on giving out relevant information under the data protection legislation.

Information from Government authorities is likely to be limited
Among the key troubles for government agencies is the significant deficiency in their levels of knowledge about how highly developed money laundering is committed when the financial markets are involved. In one of the main findings in the UK’s National Risk Assessment (“NRA”) of Money Laundering and Terrorist Financing published in October 2015, HM Treasury and the Home Office conceded that there were significant intelligence gaps relative to “high-end” money laundering. This type of laundering is specifically relevant to major frauds and serious corruption, where the profits are often kept in bank accounts, residential or commercial property, or other financial investments, in lieu of in cash. The NRA judges the danger in the banking sector to be significant, since around 60% of ongoing money laundering cases being investigated by HMRC have funds initially shifted through banks. The intelligence picture in other areas, such as high value dealers, gambling, and new payment methods, was judged as being mixed.

What information is available to a MLRO?
Most likely, if a firm’s policies, controls, and procedures are to come through with flying colours, the firm’s money laundering reporting officer will have to supplement the guidance as to risk factors contained in the MLR 2017 and provided by the supervisory authorities with some comprehensive investigation of their own. The typology and sector-specific reports released by the Financial Action Task Force (FATF) are a good starting place. In addition, a money laundering reporting officer can consult the evaluations of money laundering and terrorist financing regimes run by its member countries which the FATF publishes regularly. Having said that, to meet the regulatory requirement a lot more will should be done. Money laundering reporting officers will have to digest reports prepared by, amongst other organisations, FATF-Style Regional Bodies (” FSRB’s”) and annual reports prepared by the Council of Europe’s Moneyval, mining them for information about how particular types of business might be used for money laundering and terrorist financing purposes, and which jurisdictions are considered more prone than others, concerning the integrity of the client and the nature of the business in question. The United States Central Intelligence Agency publishes a Global Factbook, and some beneficial information is available on the Anti-Money Laundering Forum operated by the International Bar Association. Furthermore, there is a significant amount of information readily obtainable on the web which money laundering reporting officers can access. For example, there are publicly available indices from HM Treasury’s Office of Financial Sanctions Implementation, Transparency International’s Corruption Perception Index, the Foreign and Commonwealth Office’s Human Rights Reports, and UK Trade and Investment’s pages on overseas country risk and quality of regulation. The MLRO or appropriate compliance team member, can review this information, digging for it for relevant material which will advise the firm’s things to consider as to whether the risk of money laundering and terrorist financing inherent in the form of work undertaken and the country with which it is associated, is low, medium, or high.

One apparent resource for a MLRO sits within the firm itself. As firms progressively more focus the delivery of their services in specialist areas, the first line of defence should be well placed to support the firm’s risk assessment.

Just as a solicitor specialising in the financing of energy transactions will understand the extent of corruption and bribery within this sector, an estate agent with a practice based in Kensington will be strongly cognisant of the risks of money laundering which purchases by Eastern European oligarchs and politically exposed persons pose. As a starting point for assessing the risks of money laundering and terrorist financing in an enterprise operating in the regulated sector, the MLRO could begin the method of risk assessment by commencing the process of self-assessment. As a practical suggestion, you could always purchase an Anti-Money Laundering & Counter Terrorist Financing Manual as provided by Compliance Consultant at http://bit.ly/IYCAML.

Assessing risk on rationally defensible criteria
Where a firm grows its risk assessment in this manner, and includes in its policies, controls and procedures provisions which detail how the risk is to become managed, the requirement in regulation 19(3)(a) of the MLR 2017 to include risk management practices will be satisfied. Interestingly, this requirement falls short of the requirement laid out in Article 8(4) of the EC Fourth Directive on Money Laundering which specifically pertains to “the development of internal policies, controls, and procedures, including model risk management practices …” Although the reference to “model” risk management practices is not something which appears in the Financial Action Task Force Revised Recommendations, larger companies operating in the regulated sector will ignore this requirement at their peril.

Reliance on qualitative proficient judgment when creating risk assessments continues to hold, but there is an inherent subjectivity within this approach and there is a danger that perhaps its thought to be self-serving if challenged by a regulator in a case where a less obvious risk of money laundering or terrorist financing was not identified. The EC Fourth Directive on Money Laundering is seeking to support firms and businesses operating in the regulated sector to apply a more sophisticated course of action, by leveraging quantitively derived models which allocate risk scores calculated by algorithms which have been developed from analysis of AML scenarios and typologies.

Management consultancies have developed a variety of model risk management practices for application in anti-money laundering and counter-terrorist financing incidents. The application of model risk management in the assessment of money laundering and terrorist financing vulnerability will also aid a firm or business in the regulated sector when seeking to display that its risk assessment policies are effective pursuant to the independent audit requirement introduced in regulation 21(c) of the MLR 2017. There is, however, an important caveat which must be borne in mind. As the Joint Money Laundering Steering Group (“JMLSG”) has cautioned, “where a firm uses automated systems purchased from an external provider to allocate overall risk scores to categories business relationships or occasional transactions, it should understand how such systems work and how it combines risk factors to achieve an overall risk score.” The JMLSG adds that “a firm must always be able to satisfy itself that the scores allocated reflect the firm’s understanding of the [money laundering and terrorist financing] risk, and it should be able to demonstrate this to the [regulator] if necessary.”
As a cheaper solution to acquiring a scoring system from an external provider, it is open to MLROs to develop their own scoring system. This would involve allocating scores to a wide range of risk factors based upon information available internally and externally such as the nature of the client, the type of transaction involved, and the geographical location in which it is taking place. As an example of the flexibility inherent in the allocation of scores, the JMLSG notes that “firms may decide that a customer’s personal links to a jurisdiction associated with higher [money laundering and terrorist financing risk] is less relevant in the light of the features of the product they seek.” [1]

Independent Compliance Assessment
It is uncertain exactly what is required of a firm or enterprise operating in the regulated sector to establish an Independent Compliance Assessment. By introducing a requirement for the Compliance Assessment to be independent, the person performing this responsibility should be unconnected with the implementation or operation of the firm’s anti-money laundering and counter-terrorist financing compliance programme. The JMLSG suggests that the task can be undertaken “by, as an example, an internal audit function (where one is established), external auditors, specialist consultants or other qualified parties”.

For all your regulatory compliance needs, including AML specialist services, go to Compliance Consultant (http://www.complianceconsultant.org), One of the UK’s Leading Consultancies. Buy their top-selling AML & CTF Policy & Manual at https://goo.gl/qLdQ39.

[1] The Joint Money Laundering Steering Group, ‘Prevention of Money Laundering/Combating Terrorist Financing: 2017 Consultation Version’ (March 2017) page 45.


Keywords: money laundering,aml,kyc,antimony,what is money laundering,money laundering regulations,money laundering regulations 2007,money laundering definition,anti money laundering regulations,money laundering act,aml checks,money laundering uk,examples of money laundering,aml kyc,aml compliance,anti money laundering checks,report money laundering,what is aml,uk money laundering regulations,joint money laundering steering group,aml regulations,money laundering process,

How Good Are You? GDPR Preparation underway?

gdpr uk financial services fca

How Is Your Preparation Coming Along?

The European Union’s General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. GDPR will introduce new accountability obligations and stronger rights and restrictions on international data flows.

If You Need To Know About Consent, Erasure, and Accuracy standards – Go HERE!

Against a backdrop of radical technological advances and the Snowden revelations about data surveillance, the new framework is ambitious, complex and strict. It presents any organisation that has so far failed to begin preparations with a steep challenge to become compliant in time.

GDPR introduces new obligations for any organisation that handles data about EU citizens – whether that organisation is located in the EU or not. It introduces data breach notification into European law for the first time. And it places stricter responsibilities on organisations to prove they are adequately managing and protecting personal data.

For a 20 Page Q&A see our post HERE

compliance meaning-compliance officer-compliance definition-compliance



Gdpr 2018, Gdpr Article 9, Gdpr Consent Examples, Gdpr Data Protection, Gdpr Implementation, Gdpr Implementation Date, Gdpr Regulation, Gdpr Timeline, Gdpr Uk, Gdpr What You Need To Know

IFA Fails To Advise Correctly – No advise to fix or protect lifetime allowance


A financial advice firm has been told to compensate a client who was not advised to protect his pension benefits before the lifetime allowance was reduced.

Over the following years Mr M made further payments into his Sipp and in late 2006 the adviser said it was “a very sensible approach to top up existing pension funds with further contributions if they attract tax relief at this highest marginal rate”.

Mr M had several meetings with his adviser between 2006 and 2014 but there was nothing to show they considered any action to protect pension benefits from the decreasing lifetime allowance.

The Financial Ombudsman Service ruled Ormiston had failed to monitor the value of Mr M’s pensions so he had missed the opportunity to take fixed or enhanced protection.

Read More …


Pension Advisors, Pension Advisory Service, Pension Age In Uk, Pension Annual Allowance, Pension In Uk, Pension Protection Fund

Brochure for DB Pension Transfers

DB Transfer profits ifa service

How You Can Make Money From Defined Benefit Pension Transfer Business

Download the brochure by filling in your details below

Keywords: pension transfer value,pension transfer bureau,pension transfer charges,pension transfer discharge form,pension transfer exam,pension transfer fees,pension transfer guidance,pension transfer hurdle rate,pension transfer incentives,pension transfer jobs,transfer uk pension to nz kiwisaver,pension transfer leads,pension transfer multiples,pension transfer news,pension transfer options,pension transfer process,pension transfer qualification,pension transfer rules,pension transfer specialist,pension transfer timescales,pension transfer uk,pension transfer value,pension transfer without advice,critical yield pension transfer,uk pension transfer to new zealand,0 balance transfer for pensioners,pension fund act section 14 transfer,pension transfer 2 year rule,pension transfer 30000,transfer 401k to uk pension,uk pension transfer 5 year rule,pension transfer 6 months,transfer 80 pension

Insistent Clients: Identifying Them Then Dealing With Them And Remaining Compliant

fca conduct rules cobs insistent client sales process

fca conduct rules cobs insistent client sales process

What is an Insistent Client and how to deal with them.

The FCA Handbook does not refer to insistent clients and there are no rules or guidance specifically about this.

The following will hopefully help to show the FCA’s current stance after their recent consultation paper.

Insistent Clients must not be confused with an Execution Only client


What Is Execution Only?
This is where the Client knows exactly what they want and the choices readily available incorporating the premium, sum assured, term and availability of critical illness, waiver, etc.

So What Is An Insistent Client?
This term is used to describe a situation where a client is adamant that they should be taking a different route of advice to that prescribed by the adviser.

This presentation contains images that were used under a Creative Commons License. Click here to see the full list of images and attributions: https://app.contentsamurai.com/cc/97859

insistent client,execution only,compliant process,past business review,regulated complaint,financial conduct authority contact,regulated mortgage contract,fca cass rules,mortgage regulations,fca permissions,consumer credit agreement,tax credit compliance,check fca register,fca approved persons,fca check,fsa regulations,fca regulated firms,terms of business agreement,fca investigation,financial services regulation,consumer credit regulations,fca approval,fca consumer credit,fca authorised person,fca license,consumer credit

The GDPR and UK Financial Advisers: Consent, Erasure & Accuracy

GDPR general data protection regulation 2018 eu presentation kit

General Data Protection Regulation (GDPR) Data Subject Consent is essentially targeted at giving data subjects more control over use of their data – for example in connection with marketing activities, which (in the absence of consent) could not otherwise be legally warranted by a data controller.

Giving a data subject the option to give or refuse consent protects individuals from unwanted and unjustified communication from service providers and is highly aimed at the business-to-consumer world. It will affect advisers given that it will dictate how they can approach new business opportunities from new or existing clients.

If an email, SMS message or phone call is sent or made to an individual and that individual follows it up with a request to understand where they gave permission for such correspondence, then it is the obligation of the firm to be able to prove the individual in question has indeed consented to receiving such correspondence. If the firm cannot provide this evidence, then this constitutes a breach.

GDPR and financial advisers: The Right Of Erasuregdpr uk financial services fca
While this does have an effect on correspondence with clients, it only affects certain types. The other relevant condition for advisers to be aware of here is the ‘necessary for the performance of the contract’ condition.

A client may well opt out of marketing communications, such as a firm’s newsletter, but the firm would still have to send them correspondence on things like portfolio updates and contracts as such correspondence is essential for the performance of the contract between the data subject and the firm. What would the data subject be expecting to receive from the firm?

The opt-in process for obtaining valid consent under the incoming General Data Protection Regulation (GDPR) will be quite onerous for firms marketing to individuals. It is therefore a good idea to get into started early and consider how the firm will market to prospects post-GDPR.
You can obtain a full GDPR presentation along with two question packs at https://goo.gl/n5JsXy

GDPR and financial advisers: Data Accuracy
Simple steps could be taken now, for instance, updating the privacy policy to make sure that the firm has made some inroads towards compliance. In marketing materials that are submitted now, it deserves including the double “opt-in” option in such correspondence. Provided the guidelines for obtaining valid consent under the GDPR are met, if people opt in now, then the firm will have the ability to correspond with them after 25 May 2018.

If consent from an individual is sought, they must respond to be considered to have opted in. Their silence or inaction are not indicative of consent. Similarly, where someone has opted into correspondence at an event, in person, the firm should consider a mechanism to follow up to gain their unequivocal written consent as a form of best practice.

This applies to of electronic opt-ins too and is called ‘double opt-in’. This is to avoid circumstances whereby an individual’s details may have been shared under false pretences, or by mistake. A face-to-face meeting does not constitute an explicit response. Compliance Consultant (http://www.complianceconsultant) can help you through this.

fca operational risk management rules mapping handbookConcerns Raised
How would you know if someone had given consent to be marketed to and, beyond that, how are they going to get clients to say yes in the future.

The topic of consent, is one of the few black and white areas of GDPR with draft guidance. If the person being marketed to – that is to say, being contacted outside the bounds of the performance of a contract – has not explicitly and unambiguously agreed to be contacted, then this would constitute a breach of the GDPR.

Clients can not be deceived at all. Having a pre-ticked box below an online form, for example, does not constitute consent. The user must be made aware of what their contact details will be used for, how their data will be processed and have the opportunity to make their own choice about whether or not they receive communication from the firm.

When it comes to legacy clients, where a firm may wish to contact them to notify them about new products and services, then it was agreed the firm would will need to seek their permission to do so.

This will have to be done in advance of GDPR entering force, since any correspondence after 25 May 2018 in this fashion will constitute a breach, since those individuals will not have consented to be contacted at all. If firms have not begun to seek consent – or fresh consent in order to meet the higher threshold under the GDPR – from existing contacts within their database, then they should seek to do so now.

If these individuals do not respond to requests, it is to be believed they do not wish to be contacted. It is worth demonstrating the benefits they will lose out on from desisting so, like special deals, new investment opportunities, industry news etc.

Beyond receiving their unambiguous consent to be marketed to, a firm also needs to keep it very easy for an individual to change their communication selections – or in other word, withdrawing consent. This is just like offering an unsubscribe option on emails – something firms should currently be doing.

There is often discussion whether it would be acceptable to include a small amount of marketing in documents that are distributed to individuals as part of the performance of the contract. This could, for example, be used as a vehicle to update them of new investment opportunities. The answer is that yes it can, but the marketing must, however, be relevant to the overarching reason of the letter and should not detract from that as the main message.smr smcr fca aper

Data subject consent: Key actions and considerations

As consent from individuals must be unambiguous and they must also have the opportunity to redefine their communication preferences at any time. How will you achieve this?

How will you ensure the person competing the form/questionnaire/application is over the minimum age?

Even if the client “Opts-Out” certain correspondence may be necessary for the performance of the contract with the individual concerned, in which case consent would not be required; how will you explain this?

The fall back position is simple; If there is ANY uncertainty about whether a firm has consent from an individual, then it should consider that it does not have consent.

Data subject consent: Questions for the all industry advisers

Have you started gathering consent from clients and prospects and if so, how? How is it recorded?

Does this data form part of Senior Management MI Packs?

How and when are you going to seek consent from legacy clients?

Do you currently capture consent and, if so, how would yo demonstrate this?


Compliance Consultant can assist you in all your GDPR preparation and can work with most websites, back office systems and financial promotion strategies. Contact us now on 0203 815 7939


Specialist Regulatory Compliance Consultancy

Keywords: General Data Protection Regulation (Gdpr), General Data Protection Regulation 2018, General Data Protection Regulation Compliance, General Data Protection Regulation (Gdpr) Requirements, General Data Protection Regulation Articles, General Data Protection Regulation Business, General Data Protection Regulation Changes, General Data Protection Regulation Date, General Data Protection Regulation Effective Date, General Data Protection Regulation Fca, General Data Protection Regulation Uk, General Data Protection Regulation Uk Gov, General Data Protection Regulation Uk Implementation

MIFID II What Compliance Wealth Managers & Advisers Need To Get In Place

MiFID II finally comes into effect on 3 January 2018

Although there may still be some grey areas, it is time to make sure you have your compliance arrangements in place or being progressed so that there are no nasty surprises.

Get a PDF of this post from this link (right click and “download as…”)

Here are 11 things we suggest wealth managers, asset managers or independent financial advisers do to best prepare themselves ahead of the New Year deadline:

1. Not only make a register of all conflicts of interest, but also articulate how these are mitigated or managed and review them, at least annually.

2. Review whether your firm needs additional qualifications, training or Part IV permissions to maintain independent status.

3. Structured Deposits: * HOTSPOT* Apply for new permissions by 2 January 2018 if you wish to advise on these.

4. Carefully consider your recruitment procedures and ascertain if they need tightening (consider SM&CR impacts too).

5. Conduct Risk: Review your remuneration structure and ensure no incentives negatively impact clients.

6. Decide which staff the “Personal Account Dealing” rule should apply to, and create a register of direct equities they hold.

7. Create or amend your Personal Account Dealing policy to reflect the need to report staff holdings changes.

8. Legal Entity Identifier: * HOTSPOT* Decide if you need to apply for this through the London Stock Exchange.

9. Confirm if your discretionary fund manager (DFM) or platform will offer online reporting access and thereby avoid the need for time consuming paper reporting.

10. Ensure you are comfortable with and confirm whether your DFM or platform will issue the 10% loss notification and how. This an extension of the COBS 16.3 rules (https://www.handbook.fca.org.uk/handbook/COBS/16/)

11. Check your agency agreement with your DFM where model portfolios are being used: does the responsibility for regular and ongoing checking of suitability sit with you as the adviser?

Legal Entity Identifier (LEI)
A key impact of the new regulations is that from 3 January 2018, an investment management firm will only be able to continue trading in financial markets on behalf of certain clients if those clients have obtained a LEI. If you have clients that are required to have an LEI, have you informed them of this? These entities include; Trusts (but not bare trusts), Companies (public and private), Pension Funds (but not selfinvested, personal pensions), Charities, and Unincorporated Bodies.

Note that investment trusts and ETFs are not excluded from the requirement for a LEI. Advisers might need to consider whether the cost of an LEI has any impact on a decision to use other than collectives in portfolios. The other point to note is that an LEI is NOT required if investment is being made exclusively in collectives such as investment bonds, OEICs or unit trusts.

How do you obtain an LEI?
The LEI can be obtained directly from the London Stock Exchange (LSE) for an initial fee of £115+VAT and there is an annual renewal fee of £70+VAT.


Mifid Ii Requirements, Mifid Ii Transaction Reporting Requirements, Mifid Ii Compliance, Mifid Ii Compliant, Mifid Ii Regulation, Mifid Ii Esma, Mifid Ii For Dummies, Mifid Ii Lei, Mifid Ii Overview

From FCA Authorisations to SMCR And Beyond – We Do It All

Fields marked with an * are required

Keywords: Regulatory Compliance And Governance, Regulatory Compliance Best Practices, Regulatory Compliance Banking Industry, Regulatory Compliance Consultant, Regulatory Compliance Consulting Firms, Regulatory Compliance Experience, Regulatory Compliance Financial Services, Regulatory Compliance Firms, Regulatory Compliance In Banking, Regulatory Compliance Program

Money Laundering Regulations 2017 Changes

As you know, the 26 June 2017 saw the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”) came into force, having been made, laid before Parliament and approved all on 22 June 2017.

Regulated businesses are now faced with the inestimable task of ensuring both their firm-wide and client-specific risk assessment processes and procedures are sufficiently robust to comply with MLR 2017 – after the commencement date.

If you use an external Compliance Service, they may well have provided you with an update on the legislation before it came into force, however, anyone who used the original draft in the belief that they would be the final rules will have failed to identify key points that are required by firms, that have been changed or were introduced in the final legislation.

Questions You Need To Ask

1. Have we reviewed the definitions and procedures in accordance with the MLD4?
2. Have we updated the CDD/EDD/SDD and Beneficial owner sections?
3. Have we trained our staff on the changes?
4. Is our policy up to date?
5. Is our policy approved by the board?
6. Would our AML/KYC/FC preparations or current arrangements stand up to independent external scrutiny?
7. Do you need to review the ‘state of play’ within your firm?

If the answer to ANY of these questions is “NO”You Need Our Help.

After a comparative analysis of the draft Regulations and the final MLR 2017 from the draft published by HM Treasury in April 2017 there are key differences which we have identified below.

Risk Assessment & Review
At your business level, two risk assessments are required. A business-wide risk assessment of money laundering and terrorist financing geographical features, transactions, products and delivery channels, as well as a specific risk inquiry prior to the commencement of each client relationship and, following a consideration of customer type, indeed, during the course of the relationship.

Governance Requirement
Regulation 19 of the Act shows a positive duty on regulated businesses to “regularly review and update” such policies and controls has been inserted in Regulation 19( 1)(b). Businesses will also be required to maintain a written record of all changes to AML policies, controls and procedures made because of a review plus all “steps taken to communicate” the changes to staff. This means that your version control is now of paramount importance. A similar requirement applies in Regulation 20 to parent companies in the UK, falling within the scope of a “relevant” (regulated) person.

Internal Controls
Alongside the requirement to implement and regularly review AML policies and procedures, is a requirement in Regulation 21 that regulated persons implement internal controls applicable to employees engaging with compliance matters. Previously, the draft Regulations required a firm to “carry out screening of relevant employees and agents” at regular intervals. “Screening” relates to assessing the skills, knowledge and expertise of a particular individual. The final version of the Regulations, however, has slightly lessened the compliance burden in one respect by dropping the reference to “agents” in Regulation 21.

Training records
A duty to maintain written records of training provided to relevant employees, which practically would include all fee earners and those in the Compliance function, also appears in Regulation 24. No such duty featured in this April’s draft Regulations.

Special Offers For Limited Number And/Or Date
If you want to get an up-to-date AML & CTF Manual, please click on this link (http://aml-compliance-manual-ofac-sanctions-ctf.co.uk) and use the code “CCMLD4” in the payment box.

Hurry because this only valid for the first 25!

If you want to take advantage of our policy checking offer, go to our special offer HERE but hurry, this is only on sale until the 31st August!

compliance manual template fca pra financial services

You might also be interested in;

How Can You Adapt To The Growing Rate Of Regulatory Change With Confidence?

Regulatory Rules Mapping

Getting FCA Authorisation


Anti-money Laundering Act, Anti-money Laundering Training, Anti-money Laundering Program, Anti-money Laundering Regulations, Anti-money Laundering Policy, Anti-money Laundering Law, Anti-money Laundering And Counter-terrorism Financing Rules, Anti-money Laundering And Counter-terrorist Financing, Anti Money Laundering Book Download, Anti-money Laundering Council, Anti-money Laundering Compliance Program Policies And Procedures, Anti-money Laundering Directive Eu, Anti-money Laundering Eu, Anti Money Laundering Estate Agents, Anti Money Laundering Framework, Anti Money Laundering Handbook, Anti Money Laundering Hot Topics, Anti-money Laundering Kyc

What the FCA found when it did a Suitability Assessment of the IFA Sector in 2017



The Independent Financial Advice (IFA) sector was given a clean bill of health by the FCA in May 2017. Or was it?

A suitability review of 1,142 separate pieces of advice given by 656 firms against the rules in the Conduct of Business sourcebook showed that in 93.1% of cases, advice provided was suitable.

Interestingly enough, and one that the regulator has now agreed, they used a simple balance of probabilities of extrapolation of the data in their assessments, across the industry. This does not mean that the processes used to arrive at the suitable advice were correct, simply that the advice provided was more than likely to be what the client should have been recommended.

You have to dig your way through appendix 1 to find that 481 of the 656 firms in the sample had a single file examined. The file was chosen randomly, from advice given in 2015. We are pretty sure if an IFA told the FCA that its own quality assurance consisted of one file it would get a sudden amount of regulatory attention.

What, if any, assurance can consumers understand from this? Simply that in 2015, 481 firms of IFAs gave a single good piece of advice. The advice in 2013 could have been terrible and 2014 may not be described in any positive way.

So the next question must be; how is this reflected within the industry?

In January 2017, the Financial Services Compensation Scheme (FSCS) issued a statement, announcing three supplementary levies for 2016/17, totaling ₤114mn. Its Chief Executive explained:

” We will ask life and pensions intermediaries to pay their share of an additional ₤ 36m to fund compensation for the high numbers of SIPP-related claims we are continuing to receive, but also need to trigger a cross subsidy for the first time. These claims relate to advice to switch pension funds into high risk investments. We previously flagged the potential for high costs here … And we currently expect a deficit of ₤ 15m on our home finance intermediation account due largely to the failure of one particular firm that gave bad advice to engage in risky property investments alongside mortgage advice.”

The State of Play

The FCA says everything is fine. The FSCS says it needs more money due to poor advice surrounding self-invested pension plans, and pension transfers. In 2017 alone, the FSCS declared 90 firms in default. A lot of these were IFAs whose professional indemnity insurance claims limit were exhausted, and who couldn’t fund the Financial Ombudsman Service’s awards.

If you were running an IFA business, would you be telling everyone that the FCA are happy with ALL advisers and their suitable advice, or would you keep quiet in case someone digs deeper and finds the methodology was questionable?

We can help you with all your compliance support issues

Enter Your Details For A FREE Suitability Report Construction Guide

Suitability Definition, Suitability Assessment, Suitability Kyc, Suitability Rule Financial Advice