FCA Puts Firms on Notice Over Anti-Money Laundering Shortfalls

April 13, 2026

FCA Puts Firms on Notice Over Anti-Money Laundering Shortfalls

Nina Moffatt, Bhavesh Panchal, Arun Srivastava, Samantha Wood Paul Hastings LLP + Follow Contact LinkedIn Facebook X Send Embed

The FCA has provided feedback on its 2025 multi-firm review of customer due diligence (CDD), enhanced due diligence (EDD) and ongoing due diligence controls across various regulated sectors.

The feedback relates to the following topics:

• Policies and procedures.
• CDD and EDD processes.
• Compliance monitoring and audit. The FCA’s review is part of its wider financial crime supervisory work, with the aim of raising standards and sharing practical insights. As with feedback provided on other review work, the FCA has shared examples of good and poor practice. An interesting observation made by the FCA is that “Good practice often goes beyond minimum regulatory requirements…”, indicating that the FCA expects firms to be operating above the minimum legally required standards.

The key issues that arise in our view are:

• Customer risk assessment (CRA) — The review work illustrates the importance of firms carrying out a proper CRA and understanding the different risks posed by customers. This is the foundation to ensuring that processes are correctly calibrated and respond effectively to the risks posed to the firm.
• Providing detailed practical guidance — Policies and procedures must provide practical and sufficiently detailed guidance for staff to follow and understand what the firm’s processes are.
• Recordkeeping — Making sure you document all stages of your processes is essential in demonstrating compliance. The FCA’s expectation is to be able to see an audit trail of all steps in a compliance process.
• Independent second line assurance — Firms must ensure that second line testing/assurance is independent and operates impartially. The findings from the FCA’s review are summarised in the table below

| Review Topic | FCA Findings |
| Policies and procedures | - The FCA found that some firms’ policies were lacking detail on practical steps to comply with customer identity verification.
- For example, there was insufficient coverage of what alternative ID verification could be carried out if customers lacked standard documentation.
- In our experience the FCA’s expectation is that policies and procedures must be sufficiently detailed to provide practical guidance to staff on what specific steps they should take to implement the firm’s AML requirements. For example, the FCA has expressed the view that materials must be detailed enough so as to allow new staff members to pick the policies and procedures and know what they need to do to perform their role without further assistance.
- Periodic reviews and event-driven refreshes — The FCA noted that with some firms polices contained insufficient detail on these areas, including in relation to the cadence of periodic reviews and steps to be taken in relation to event-driven refreshes.
- Governance deficiencies — These issues relate to escalations and circumstances in which senior management sign off is needed.
- Distinctions between CDD, EDD and measures relating to PEPs — The review looked at whether firms distinguish between CDD and EDD sufficiently. It also looked at the response to the change in requirements around domestic PEPs. In some cases EDD measures were not sufficiently different from CDD to deliver enhanced scrutiny of the customer or business relationship. |
| CDD | - Recording information on the purpose and intended nature of the business relationship — The FCA found that some firms do not do enough to record CDD information and other relevant matters as part of the CDD process.
- EDD — The FCA identified failures in evidencing and documenting EDD measures taken for high-risk customers.
- It is clear that the FCA has high expectations around EDD processes and noted that “strong firms” document each stage of this process.
- Customer risk assessment (CRA) — The FCA noted that most firms tailor their approach to the risk profile of each customer, ensuring that higher-risk customers are subject to enhanced checks and reviews. The CRA in our experience is a key area of focus for the FCA. |
| Compliance monitoring and audit | - Level and depth of reviews and independence of these arrangements — The FCA noted a variation in the level and depth of compliance monitoring and audit. These matters need to be proportionate to a firm’s profile and risks.
- Independent second line assurance — The FCA noted that “strong firms” operate independent third line testing that assessed controls. This standard appears to be the FCA’s benchmark.
- The FCA questioned the effectiveness and impartiality of testing if firms did not have independent second line assurance, with the same staff responsible for both onboarding and reviewing customers. |
Next Steps

The FCA signalled that it will keep a close eye on how firms respond to its findings, stating that “we will continue to monitor firms through our supervisory work, to make sure they are considering the points raised here.” Firms should therefore review and follow up on the agency’s findings to ensure compliance.

Send Print Report

Related Posts

• FCA Confirms Motor Finance Redress Scheme — Key Points for Motor Finance Lenders
• FCA Insights: Key Anti-Money Laundering and Counterterrorist Financing Framework Expectations for Cryptoasset Firms
• FCA and PRA Propose Targeted Reforms to UK Securitisation Framework

Latest Posts

• FCA Puts Firms on Notice Over Anti-Money Laundering Shortfalls
• 7th Circuit Confirms BIPA Amendment Has Retroactive Application See more »

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
Attorney Advertising.

©
Paul Hastings LLP

Written by:

Paul Hastings LLP Contact + Follow Nina Moffatt + Follow Bhavesh Panchal + Follow Arun Srivastava + Follow Samantha Wood + Follow more less

PUBLISH YOUR CONTENT ON JD SUPRA

• ✔ Increased readership
• ✔ Actionable analytics
• ✔ Ongoing writing guidance Join more than 70,000 authors publishing their insights on JD Supra

Start Publishing »

Published In:

AML/CFT + Follow Anti-Money Laundering + Follow Compliance Management Systems + Follow Compliance Monitoring + Follow Customer Due Diligence (CDD) + Follow Due Diligence + Follow Financial Conduct Authority (FCA) + Follow Financial Crimes + Follow Financial Services Industry + Follow Internal Audit Functions + Follow Policies and Procedures + Follow Regulatory Oversight + Follow Risk Assessment + Follow Risk Management + Follow Finance & Banking + Follow more less

Paul Hastings LLP on:

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra: Sign Up Log in ** By using the service, you signify your acceptance of JD Supra's Privacy Policy.* - hide - hide