Tag Archives: psd2

FCA Regulatory Assessment Audit

FCA Regulatory Assessment Audit



Other Posts In This Series

EMI Compliance Manual Template

OK, So Why Should I Need A Compliance Manual?

For any Compliance Officer or SMF16 who has been in the UK financial services industry for any more than a year, this document is important.

Critically they will know that one of the first documents that they, as well as all staff, have to read and attest to having done so, is the Company Compliance Manual.

Although this is not a regulatory requirement …

 it is becoming a regulatory expectation!

There are a number of elements that the regulators not only expect to be documented, but also somewhere that explains the rationale behind the way company’s manager their risks. This would clearly be best summarised in a regulatory Operational or Compliance Manual.

The Regulator expects a firm to have a personalised and firm-specific compliance operating procedures manual pertinent to the firm and embedded within its processes and culture.

Most on-line and centrally maintained manuals offered by some consultancies are considered NOT to be personalised, firm specific OR relevant enough to the individual firm.

Similar Products bought by IFAs, Private Banks, GI Brokers, Payment Providers, MSBs, EMIs, Portfolio and Asset Managers and others!

Only £400+ VAT!

If You Know Our Quality Already

Buy Now




You will need a zip decompression tool such as 7-Zip (Free) available at www.7-zip.org/download.html or Winzip (Free version) available at free.winzip.com

An additional function is where the firm can articulate how they expect the staff to operate and the standards that they are expected to adhere to.

But what do I put in it?

Often Compliance Manuals can be used to document the sales process for adviser’s to follow including, for example, transaction only clients.

There has to be  clear distinction for specific procedures and, for example when to assess a client for appropriateness when they refuse to provide sufficient details for suitability.

We do not suggest you fill your Compliance Manual with just processes as it is a valuable place to store certain high level explanations of policies such as the Data Protection Act, Bribery Act, Outsourcing Policy and Whistleblowing protocols.

Additionally this invaluable document can be used to point to other company documents such as policies and forms or other constantly updated items such as the Anti-money Laundering and Terrorist Financing procedures or even areas such as your Approved Persons Policy or possibly additional changes from Euroland.



Taking a PSD2 Company to FCA Authorisation/Registration?

fca authrorisation compliance consultancy services london


FCA authorisation/registration application is a subject best assisted and supported by regulatory consultants. If you are attempting the process yourself, you will need to fully understand the requirements and definitions. The worst thing you can do is listen to those who think they know what is involved.

Key documents that any firm will need, apart from the application and individual forms from the FCA Connect system are

“FCA Payment Services and Electronic Money – Our Approach” https://www.fca.org.uk/publication/finalised-guidance/fca-approach-payment-services-electronic-money-2017.pdf, Version 4 June 2019,

the PSRs 2017 http://www.legislation.gov.uk/uksi/2017/752/pdfs/uksi_20170752_en.pdf and

the Guidelines on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2)

It should be noted that the FCA handbook refers to “Common Platform Firms” and that the common platform requirements (SYSC 4 to SYSC 10) apply to ALL Firms, even if designated as an “Other Firm”. “Other firms” mentioned in some regulations in the FCA handbook may not apply to as a “Rule” to your app directly, as stated throughout the handbook, however there is an expectation that where “Other firms should take account of the critical functions rules as if they were guidance (and as if ‘should’ appeared in those rules instead of ‘must’)”, Firms are expected to follow in a relevant and proportionate manner. Please bear in mind that there are specific rules that are applicable as rules, as explained in SYSC 1 Annex 1.3.3G. In most cases, other than one-man bands, it is considered to be ‘best practice’ to adopt the ‘guidance’ as expectations to maintain a higher standard than other retail adviser firms. The term ’should’ is not an indicator that the issue can be ignored.

If you need any assistance, please contact us.

Why Not Download our FREE Brochures – No Names, No Email Address, No Telephone, Just Download!

FCA non regulated activities: Do I need FCA Authorisation? [sdm_download id=”15471″ fancy=”0″]Basic FCA Authorisations Process [sdm_download

Why Not Download our FREE Brochures – No Names, No Email Address, No Telephone, Just Download!

FCA non regulated activities: Do I need FCA Authorisation? [sdm_download id=”15471″ fancy=”0″]

PSD2 Companies FCA Authorisation Guide [sdm_download id=”15670″ fancy=”0″]

Basic FCA Authorisations Process [sdm_download id=”15473″ fancy=”0″]

Authorisations: Submission Assessment Service [sdm_download id=”15477″ fancy=”0″]

FCA Regulation & Authorisation for Claims Management Companies [sdm_download id=”15479″ fancy=”0″]

FCA Authorisation for CCA Firms [sdm_download id=”15482″ fancy=”0″]

FCA Authorisation for Investment Firms [sdm_download id=”15485″ fancy=”0″]

fca london compliance consultants authorisation

MLR 2017 – Estate Agents – How It Will Affect You? Part 1

hmrc-estate-agent-mlr 2017-mld4-gdpr-regulation-mapping


The most obvious development is that the 2007 MLR was 45 pages long and the new 2017 MLR is 106 pages long. In response to the increasing complexity of financial crime prevention and the prevalence of money laundering the regulations has become more detailed and more prescriptive.

Although always a component part of the MLR, there is a greater emphasis throughout the new regulations that firms must take a risk-based approach and responsibly take decisions according to risk-weighted decisions. It is now expected that firms have a more mature risk appetite statement that links to and drives operational decisions. Senior managers are deemed responsible for these outcomes and it is consequently important that comprehensive records are kept of decisions made and the motivation for them.

The MLR 2017 is structured in 11 Elements. The following sections summarise each of these, highlighting the main impacts that will affect an Estate Agent Businesses EABs.

Unfortunately, everyone (including us) used the final published draft as the, well, final rules, but there were 4 major changes in the final legislation laid before Parliament on the 22nd June. Additionally, a lot of professional “advisers” have got all in a fluster about the risk assessment and reporting, that many have missed the fundamentals.

Sign Up For Our Information Service & Get Sent PDFs About How You Are Affected

Check Out Our Other Posts at

Who Must Register – Money Laundering Supervision for Estate Agents 
MLR 2017 – Estate Agents – How It Will Affect You? Part 2 
Money Laundering Supervision for Estate Agents – Fees

Part 1 – Introduction

This component sets out the definitions and meanings that apply throughout the regulations and the supervisory authorities for those persons within the scope of the regulations.

The first and probably the most basic change that will impact every EAB, both large and small, is that
the scope of the MLR now extends to purchasers as well as sellers.

In the section explaining ‘Meaning of Business Relationship’, regulation 4 (3) states:
” For the purposes of these Regulations an estate agent is to be treated as entering into a business relationship with a purchaser as well with as a seller”.

This will, at least double the Customer Due Diligence (” CDD”) burden on every EAB, who must now also complete CDD before taking part in a business relationship with a purchaser. Along with the operational resource requirements, this will involve stating in the firm’s policies, when a purchaser turns into a customer and ensuring that the onboarding and periodic review methods are also updated to show this change.

The guidance on lettings is less clear; Recital 8 of the directive states that “estate agents could be understood to include letting agents where applicable”. In the UK, lettings agents are already in, and will continue to be within scope of the Money Laundering Regulations where they conduct estate agency activity and if you also provide letting services, then under the occasional transactions regulation you will need to include them on your CDD radar. The NRA stated that while lettings agents may be an attractive target for criminals seeking to disguise or hide the proceeds of crime, lettings remain an “intelligence gap”. The government will update the NRA before the end of the year, and will seek further evidence on the risks in the estate agency sector, including on the risks related to lettings activity.

hmrc,mlr 2017,mld4,aml,fca,estate,agent,agents,relocation,commercial,domestic,high streetGOVERNANCE AND ACCOUNTABILITY
There always needed to be a Nominated Person within an EAB, but the new regulations extend this to requiring a firm to also appoint a director (or equivalent) as having overall responsibility for money laundering. We see this as following the lead of the financial services regulators who introduced a Senior Persons and Certification Regime (SMCR) in 2016, with the intention of strengthening accountability within financial services. This new regime makes individuals within organisations directly responsible for the actions of the firm, with significant criminal penalties if they are found to have been at fault.

The new regulations also describe the rules around ownership and management restrictions of the EAB. This is found in the following section.

Part 2 – Money laundering and Terrorist Financing

This section identifies the “relevant persons” to whom the money laundering provisions in these Regulations apply (regulations 8 to 15). Regulations 16 to 25 impose requirements for risk assessments to be undertaken by the Treasury and the Home Office, the supervisory authorities and relevant persons to identify and assess the risks of money laundering and terrorist financing. They also require relevant persons to have policies, controls and procedures to mitigate and manage effectively the risks of money laundering and terrorist financing identified through the risk assessments. Regulation 26 prohibits anyone from being the beneficial owner, officer or manager of certain firms unless that person has been approved by the firm’s supervisory authority.

Risk assessment is central to the MLR and impacts almost every aspect of the legislation. The rules have been dramatically extended, now covering six pages instead of the one page found in the 2007 MLR. EABs are required to produce and maintain a detailed and comprehensive risk and control register. Risk management and assessment must broadly cover two perspectives:

1. Enterprise Risk identification and management for the safe pursuit of the firm’s strategy. This must be declared through a Risk Statement including a Risk Appetite statement.
2. Identification and Assessment of risks presented by customer engagement and transacting, in accordance with existing regulations and driving the appropriate level of CDD.

The regulations are so much more detailed when specifying the need for a comprehensive and integrated risk management framework and specify that this must be documented and made available to the supervisory authority. Risk and control frameworks must include self-assessment mechanisms that are embedded within the day-to-day operation of the firm.

As an extension to the risk management framework and a step up from the existing regulations, the rules specify that firms must establish and maintain written policies, controls and procedures. Firms must ensure that they implement processes to ensure that these are reviewed regularly to ensure that are embedded and up-to-date. The regulator will require sight of these documents along with the method for maintaining them and ensuring they remain reliable.

Firms must have established risk and control self-assessment procedures in place.

Part 3 – Customer due diligence hmrc-estate-agent-mlr 2017-mld4-gdpr-regulation-mapping

This section makes provision for customer due diligence strategies. Regulations 27 to 32 identify what CDD measures must be undertaken by relevant persons, as well as when those measures must conducted. Regulations 33 to 35 identify when enhanced customer due diligence measures must be applied by the relevant person along with the general customer due diligence measures required by regulations 27 to 32. Regulations 36 to 37 identify when simplified customer due diligence measures may be applied by the relevant person.

Here we see a fundamental change that will have a significant impact to the way all CDD is conducted by EABs. Under MLR 2017 an obligation has been placed on a party to provide information within 2 days of it being requested. This concerns parties being ‘relied’ upon, corporate bodies and trusts. This obligation is referenced several times throughout the MLR, but for example regulation 42( 1) states:
” When a UK body corporate enters into a relevant transaction with a relevant person, or forms a business relationship with a relevant person, the body corporate must on request from the relevant person (and at the latest within two working days) provide the relevant person with-.
(1a) information identifying-.
( i) its name, registered number, registered office and principal place of business;.
( ii) its board of directors, or members of its management body;.
( iii) its senior management;.
( iv) the law to which it is subject;.
( v) its legal owners, and.
( vi) its beneficial owners, and.
(1b) its memorandum of association or other governing documents.
(2) If, during the course of a business relationship, there is any change in the identity of the individuals or information falling within paragraph (1), the UK body corporate must notify the relevant person of the change and the date on which it occurred within two working days.”.
It is difficult to see how this will operate and how enforceable it will be. However, if effective, this could greatly reduce the burden on CDD teams.

A three-tiered approach to CDD still exists, with customer due diligence being the default level. The concept of both simplified and enhanced due diligence remains, but the regulation is now more prescriptive about how these may be applied. It is essential that all firms have a clear and robust risk assessment methodology that can be applied routinely to each new client before deciding what level of due diligence is appropriate.

Beneficial ownership, bodies, corporates or partnerships still only extends to control or ownership of 25% or more.

Regulation 26 (1) states, “No person may be the beneficial owner, officer or manager of a firm within paragraph (2) (” a relevant firm”) [a list including estate agents] unless that person has been approved as a beneficial owner, officer or manager of the firm by the supervisory authority of the firm.”.

Estate agents must ensure that before 26 June 2018 that they have applied to the supervisory authority for approval. You will not be in breach concerning this regulation if applications that have been made before 26 June 2017 have not been determined.
Taken literally, this means that all firms must submit applications to HMRC for approval of their members and senior managers. Logistically this represents a significant amount of extra work the firm, but nothing compared with the administration that HMRC will have to complete.

The definition of a PEP now includes domestic PEPs but the time limit from when a person ceases to be considered a PEP has not been changed and is still 12 months from leaving a politically exposed position; longer at the discretion of the firm conducting CDD. All EABs will must have significant controls and on-going tracking of any PEP relationship they establish.

Firms must have established risk and control self-assessment procedures in place.

Sign Up For Our Information Service & Get Sent PDFs About How You Are Affected

Check Out Our Other Posts at

Who Must Register – Money Laundering Supervision for Estate Agents 
MLR 2017 – Estate Agents – How It Will Affect You? Part 1 
MLR 2017 – Estate Agents – How It Will Affect You? Part 2 
Money Laundering Supervision for Estate Agents – Fees

Part 4 – Reliance and record keeping.

This section lays out the circumstances where a relevant person may rely upon another person to apply customer due diligence measures (regulation 38). It also explains as to which records relevant persons are required to keep, and when they are to be deleted (regulation 39), and clarifies the requirements concerning data protection (regulation 40).

Reliance has been extended, making things easier to use a 3rd party for part or all CDD. The regulations are more prescriptive and significantly include other estate agents. However, it should be noted that the risks of relying on a 3rd party are generally greater than the benefits. Barriers to reliance are that 3rd parties might be slow in supplying copies of identification documentation to help identify the customer or its beneficial owner. To mitigate this, the regulations specify that a 3rd party must abide by the two-day rule for providing information and updating on changes.

Proceed with caution; it may now be easier to depend on others, but be aware that the risk of this being information being inadequate or wrong still lies with you.

The regulations describe the form of written arrangement that must be put in place when exercising reliance, together with additional record keeping requirements. Firms must ensure that when placing reliance on any 3rd party, that they comply carefully to the rules and that detailed files are kept as these may be called on for as many as five years after the completion of the transaction or business relationship. If you are the relevant person being ‘relied’ upon, you must also keep your own records for the same period.

Detailed records must be kept for a minimum of five years from the date the transaction or customer relationship ended. Under the MLR 2017 an estate agent must delete records held after the required period of five years has elapsed. The only exception to this is when there may be other legal reasons for retaining the information, for instance, an ongoing investigation.
Separate to the MLR is the General Data Protection Regulation (GDPR) targeted at securing customer and personal data and ensuring that an individual has access to their data, kept by organisations. This is a separate legislation, but applies completely to EABs. It is intertwined with the MLR and comes into force in May 2018. Firms would do well to adopt its recommendations in front of the implementation date.

Training is an obligatory requirement and there is an increased importance on the importance of training. The regulator sees culture being at the heart of combating financial crime and believes that it should belong to everybody’s everyday job. This begins with recognition which emerges from training. Senior managers will be incriminated for a lack of training which could bring about punitive damages. Firms must ensure that they have assessed and enhanced training to meet the new requirements in the MLR. This must be well documented and evidenced; without which there is no other way to prove it happens.


What should you do?
HM Treasury has left little time for firms to acclimatise to the new regulations and with the June deadline fast approaching, firms must act now to ensure they understand and adopt the new rules in time.

Compliance Consultant can help provide you with the tools you need to implement, train and embed the new rules, and we can move quickly, getting your firm and your people up to speed in a short space of time, including training and awareness.

Call us today on 0207 097 1434 or

Get Our Solution

money laundering regulations-what is money laundering-money laundering 2017-hmrc

Sign Up For Our Information Service & Get Sent PDFs About How You Are Affected

Check Out Our Other Posts at

Who Must Register – Money Laundering Supervision for Estate Agents 
MLR 2017 – Estate Agents – How It Will Affect You? Part 2 
Money Laundering Supervision for Estate Agents – Fees