top of page

FCA warning: UK financial services companies lack adequate governance systems and controls

Updated: Oct 27, 2021

FCA has issued a series of warnings to financial services providers in the UK including banks, wealth managers and trade finance organisations about the lack of adequate governance systems and controls across the sector. Among the key areas of concern for the FCA are AML and financial crime, regulatory reporting, KYC and customer due diligence, and transaction management.

CBUAE issues new AML regulation for LFIs

Over the past few months, the UK’s financial regulator has issued a series of warnings in the form of “Dear CEO” letters to all major financial players in the country, including retail banks, wealth managers and trade finance organisations, about the lack of adequate GRC systems and controls within most organisations.

The warnings are result of the regulator’s recent investigations in the sector that revealed some major gaps and weaknesses in key areas like anti-money laundering (AML), fraud, risk assessments, due diligence, transaction management and regulatory reporting.

"Although we have observed examples of effective control frameworks and good practice, we are disappointed to continue to identify, across some firms, several common weaknesses in key areas of firms’ financial crime systems and control frameworks. […] The consequences of poor financial crime controls in a high-risk sector such as retail banking are significant. It can lead to criminals abusing the financial system to launder the proceeds of crime, supporting further criminal activity and damaging the integrity of the UK financial market." FCA’s Dear CEO Letter to Retail Banks, May 2021


Stay on top of the latest governance, regtech and innovation trends and insights!


FCA’s “Dear CEO” letters: Areas of concern

In the section below, we’ve provided a summary of the FCA’s key areas of concern expressed in the recent “Dear CEO” series by sector category.

Retail banks

The FCA’s “Dear CEO” letter to retail banks was released on 21 May 2021 in response to common control failings identified in firms’ AML frameworks across the following key areas:

  • Governance - the FCA recognised the role of the 3 lines of defence strategy and highlighted the risk of companies blurring the lines between the 1st (business line management) and the 2nd (risk and compliance) line roles. Another issue was that key controls of overseas firms' branches or subsidiaries were not adapted to the local requirements. Finally, whilst the sign-off by senior management in certain high-risk scenarios is required, many firms did not demonstrate a sufficient level of governance and accountability in this area either.

  • Risk assessment – According to the FCA’s investigations, most customer risk assessments were too broad and lacked proper relevance (e.g., the major focus was on detecting customers’ AML risks, often omitting other essential risks like tax evasion or bribery). Also, in many cases, customer due diligence processes were inadequate.

  • Transaction monitoring - the FCA considered that in some firms monitoring was not implemented appropriately in accordance with their business activities and underlying customer base.

  • Suspicious Activity Reporting (SARs) failings – many firms were lacking clear, formal procedures for employees to raise internal reports to the nominated officer. Some firms were even missing enough evidence for the efficiency of their investigation and decision-making processes and rationale for reporting or not reporting SARs to the National Crime Agency.

All firms that received the letter had to complete a gap analysis against each of the core areas of concern by 17 September 2021, and are now expected to take prompt and reasonable steps to close any gaps identified and demonstrate compliance to the FCA in potential future proceedings.

Wealth managers

On 16 September 2021, the FCA’s issued a “Dear CEO” letter to the wealth management and stockbroking sector as a follow up to its previous letter sent in June 2019. The key areas of concern covered in this year’s letter are:

  • Fraud and market abuse – The FCA continuously sees examples of customer loss due to investment fraud or scams in the UK’s wealth management sector. In most cases, incidents happen due to the lack of appropriate internal systems and controls within organisations to assess and mitigate any financial crime risks. But there have also been cases in which firms have knowingly abused the trust placed in them by customers, investing clients’ portfolios into unsuitable investments, investment scams, or even being used to conduct market abuse.

  • Resilience – The COVID-19 pandemic has increased market volatility and many firms have experienced financial losses as a result of it. So, the FCA prompted firms to make sure they have a good understanding of their regulatory capital and reporting requirements.

  • Costs and charges – Although the transparency in the sector has improved as a result of the MiFID II regulation, the FCA still believes that customers are not fully aware of the overall cost they pay for their investments. Hence, they expect firms to adopt clear systems and processes for collecting and aggregating all the data that is relevant to both ex-ante and ex-post costs and charges disclosures and distribute this data to customers in a timely and accurate manner.

To address the FCA’s concerns, wealth managers are expected to take all necessary actions to ensure compliance. In the official letter, the regulator also emphasised that it will use the Senior Managers and Certification Regime (SM&CR) to engage directly with accountable individuals on areas of concern.

Trade finance

On 9 September 2021, the PRA and FCA co-published a “Dear CEO” letter to trade finance organisations in the UK after the occurrence of a few cases of high-profile failures of commodity and trade finance firms with significant financial loss.

"There are inherent risks within trade finance activity, given that it can be complex, global in nature and the large volumes of trade flows utilising multiple currencies. Firms need to demonstrate that they have taken a risk sensitive approach to their control environment that ensures the relevant risks are effectively mitigated. Our recent assessments of individual firms have highlighted several significant issues relating to both credit risk analysis and financial crime controls. These issues have exposed firms to unnecessary risks that are material in both a conduct and prudential context." FCA Letter to Trade Finance, September 2021

The FCA’s key areas of concern in relation to the operations of trade finance organisations are:

  • Risk assessment – A major issue spotted during the FCA’s recent investigations was the insufficient focus on the identification and assessment of key financial crime risk factors, such as the risk of dual-use goods or the potential for fraud. Similar to the retail banking sector, client risk assessments in many organisations also appeared to be too generic, so the FCA reminded the firms’ heads to take a holistic approach to assessing associated financial crime risks. The Money Laundering Reporting Officer (SMF17) should be responsible for ensuring that the assessment is subject to appropriate governance, oversight and challenge.

  • Counterparty analysis – The FCA expects firms to undertake appropriate credit analysis of all trade finance counterparts prior to formal credit limits being put in place. Firms are also reminded that their policies and procedures should set out clearly when it may be appropriate to conduct due diligence on other parties.

  • Transaction approval – The FCA requires all firms to have efficient processes in place to be able to identify instances of higher risk which require enhanced due diligence. Firms should ensure there is adequate oversight of the work being undertaken, to ensure that the policies and controls are operating effectively. This could include monitoring the discounting of red flags, transaction approval rationales, and the quality of escalations from first line business functions or trade finance operations teams.

  • Transaction payments - When end-buyers represent the primary source of repayment under the transaction, the FCA expects prudent risk management to obtain formal written acknowledgement from the end-buyer that the amount due and payable under the trade finance transaction is payable to the financing firm, and not to the borrower. Also, for transactions involving credit insurance arrangements, best practice would also be for a firm to seek formal confirmation that they are explicitly identified as a loss payee for risk insurance cover on non-payment of debts by the end-buyers and that the firm is in compliance with any requirements set out in the insurance agreement.

FCA’s pledge to fight financial crime

In a formal speech at the AML & ABC Forum 2021 in March, Michael Ruck, Executive Director of Enforcement and Market Oversight, confirmed that the “dear CEO” letter should be considered “a clear indication of an area of focus for the FCA”.

A further testament to this is that the FCA is currently investigating more than 40 companies and individuals for suspected AML offences. The regulator also recently settled its first criminal proceedings against a major UK bank relating to its AML systems and controls.

Commenting on the FCA’s first AML-related prosecution, Claire Simm, Head of Financial Services Compliance and Regulation at leading financial consultancy Kroll, emphasised: “The FCA’s decision to exercise its criminal powers is the first of its kind in the UK and a clear warning from the regulator that compliance failures will not be tolerated, on top of the already significant deterrents of mega-fines and reputational damage.”

According to Kroll, “We can expect to see large fines and criminal enforcement continue through 2021 and beyond.”

How to stay compliant and avoid financial scrutiny

The FCA’s recent AML and financial crime developments in the UK financial sector are presenting yet another regulatory burden for organisations. To remain compliant and avoid any potential future financial scrutiny and losses, financial services providers will have to go through the following key compliance steps:

  1. Conduct a detailed gap analysis of your existing risk and control frameworks against regulatory requirements

  2. Implement both quantitative and qualitative business-wide risk assessment to identify key risk factors

  3. Tailor and enhance policies and procedures to meet all regulatory requirements

  4. Create a robust governance risk and control system that provides appropriate oversight and accountability to all relevant parties

  5. Consider deploying a risk and control software solution to facilitate the process by reducing manual efforts, paperwork and risk of misconduct and error

ControlNet is an end-to-end control and risk management software system that allows organisations to manage the controls and risks across all 3 lines of defence: Business line management, Risk management, and Audit.

By digitising the management of internal controls and risks, ControlNet eliminates the need to use inefficient, manual and paper-based systems and processes. Build a strong control and risk environment in a simple, cost-effective and secure way, with ControlNet.

If you want to learn more about how we can help you remain compliant with the FCA’s rising GRC and AML regulations, click here to arrange a brief demo with one of our team.




How to manage internal controls - Whitepaper Banner


Still using paper-based checklists or excel spreadsheets to manage your internal risks and controls?

ControlNet helps you automate the process, and create an efficient, accountable and secure operational environment.



bottom of page