What do we find on proactive AML monitoring reviews
We present our most common findings for the three stages of customer due diligence, including our assessment of how well firms perform each stage. We also explain some of the themes we see around non-compliant firms.
Updating customer due diligence
The most common finding from our 2023/24 AML monitoring reviews related to updating customer due diligence. Where we made this finding, firms were not performing, and updating, their customer due diligence throughout the duration of the client relationship.
Firm-wide risk assessments
The risk-based approach underpins the MLR17 – firms should focus their resources on the services and clients that have the highest risk of money laundering. To determine how and where resources should be focused, firms must perform a risk assessment to understand the risk that the firm may be used to conceal or launder the proceeds of a crime.
Review of policies, controls and procedures
We find that some of the firms we review haven’t performed a regular review of the adequacy and effectiveness of their policies, controls and procedures.
Training
Training ensures that staff/agents are aware of their suspicious activity reporting obligations and understand and how to comply with a firm’s AML policies.
Reporting discrepancies in PSC register
A person with significant control (PSC) is someone who owns or controls a company. If firms identify a discrepancy between the information they gather while carrying out their regulatory obligations on their corporate clients and the information their client has provided on the PSC register, they must report that discrepancy to Companies House or HMRC. We find that firms do not have the required policies and procedures in place to record and report any identified discrepancies.
