The Financial Conduct Authority has now completed its thematic review of Anti-Money Laundering and Anti-Bribery and Corruption Systems and Controls: Asset Management and Platform Firms (TR13/9). The review of 22 wealth and asset management firms was published on 31 October 2013, and identified a number of areas of poor practice within the sector in dealing with the risks of money laundering, bribery and corruption. The concerns of the FCA regarding how asset managers address compliance should cause many firms to consider taking immediate action to improve systems and controls.
FCA Clamp Down
There are many similarities between this review and the former Financial Services Authority’s thematic review of investment banks in March 2012. The 2012 FSA review identified significant weaknesses in investment banks, including failure to undertake adequate anti-bribery and corruption risk assessments, poor management information, failure to carry out specific anti-bribery and corruption audit and significant issues in firms’ dealings with third parties used to win or retain business.
What will be of concern to the FCA are that many of the FSA failings are replicated in its findings relating to asset managers, such as failure to conduct adequate risk assessments, inadequate due diligence procedures, and failure to adequately monitor third party relationships, especially introducers.
The most recent thematic review findings and the FCA concerns need to be considered alongside their October announcement that they plan to clamp down on misconduct in the asset management industry. For the first time, they are establishing a supervisory team specifically for asset managers which will be staffed by around 50 people.
Risk Assessments
The review concluded that most firms had inadequate systems and controls for identifying, assessing and managing money laundering and bribery and corruption risks. The review found that, in some cases, risk assessments were not carried out, or, if they were carried out, they were not documented properly or at all, they were infrequent or they were too limited in scope. Asset Managers should be aware that even if a risk assessment is carried out it may still not be adequate if it lacks involvement from senior management or does not fully appreciate the level of risk applicable to that specific firm, for example by only considering one area of the firm’s business.
The review acknowledged that a small number of firms did have well established arrangements for risk assessment in place. The FCA was pleased to note that some firms had collaborative engagement with front-line business personnel, adequate senior management involvement and use of a consistent methodology to categorise and identify risks. However, these examples of good practice were only seen in a few firm of the 22 firms reviewed.
Due Diligence
The review reported that firms must have risk-sensitive AML policies and procedures that require them to identify the business relationships that pose the greatest risk of money laundering. Firms are required to identify their customers and, where applicable their beneficial owners in order to assess the risk posed by that business relationship. Asset Managers should be establishing a risk classification framework that is applied consistently at the time of on-boarding and on an ongoing basis. Frameworks may be insufficient if they are not regularly reviewed or approved by senior management.
The review identified that one of the most significant issues is related to PEPs and high risk customers. In such cases standard due diligence will not be enough. Firms must have clear policies to identify PEPs and high risk customers. Once identified these customers must be subject to on-going monitoring and enhanced due diligence. Most policy documents did not make clear the risk of corruption potentially posed by PEPs. Other deficiencies related to documenting the ultimate beneficial ownership, source of funds, and source of wealth which results in a flawed due diligence process and leave a firm open to risky business relationships.
Third Party Relationships
The FCA recognised that one of the most significant risk areas for firms lies in their dealings with introducers or agents, who may engage in corruption. The review highlights that firms should have appropriate policies and procedures to define a ‘third party’ and set out the firms approach to identification, selection and monitoring of the relationship.
The review concluded that, at most firms, the procedures to identify and assess the risk of third parties were not clearly defined and the extent of due diligence performed on the third parties was insufficient. In some cases, third party contracts did not include the necessary clauses addressing bribery and corruption or a right to audit.
Only a few firms were appropriately (or at all) documenting the rationale for commission payments and monitoring such payments regularly.
What Does This Mean For You?
Anti-bribery is currently a hot enforcement topic. The Bribery Act 2010 has been in force for over two years and all businesses, both inside and outside the regulated sector, are expected to have adequate procedures to combat risks of bribery and corruption. It is an FCA requirement that firms’ systems and controls include appropriate procedures to combat the risk of bribery, money laundering and other financial crime. Crucially, any failure to fulfil this requirement, could lead to enforcement action by the FCA separate from any need for a prosecutor to prove criminal Bribery Act offences.
