Thematic Review by FCA of Asset Managers in the UK

by Dechert LLP

The Financial Conduct Authority has now completed its thematic review of Anti-Money Laundering and Anti-Bribery and Corruption Systems and Controls: Asset Management and Platform Firms (TR13/9). The review of 22 wealth and asset management firms was published on 31 October 2013, and identified a number of areas of poor practice within the sector in dealing with the risks of money laundering, bribery and corruption. The concerns of the FCA regarding how asset managers address compliance should cause many firms to consider taking immediate action to improve systems and controls.

FCA Clamp Down

There are many similarities between this review and the former Financial Services Authority’s thematic review of investment banks in March 2012. The 2012 FSA review identified significant weaknesses in investment banks, including failure to undertake adequate anti-bribery and corruption risk assessments, poor management information, failure to carry out specific anti-bribery and corruption audit and significant issues in firms’ dealings with third parties used to win or retain business.

What will be of concern to the FCA are that many of the FSA failings are replicated in its findings relating to asset managers, such as failure to conduct adequate risk assessments, inadequate due diligence procedures, and failure to adequately monitor third party relationships, especially introducers.

The most recent thematic review findings and the FCA concerns need to be considered alongside their October announcement that they plan to clamp down on misconduct in the asset management industry. For the first time, they are establishing a supervisory team specifically for asset managers which will be staffed by around 50 people.

Risk Assessments

The review concluded that most firms had inadequate systems and controls for identifying, assessing and managing money laundering and bribery and corruption risks. The review found that, in some cases, risk assessments were not carried out, or, if they were carried out, they were not documented properly or at all, they were infrequent or they were too limited in scope. Asset Managers should be aware that even if a risk assessment is carried out it may still not be adequate if it lacks involvement from senior management or does not fully appreciate the level of risk applicable to that specific firm, for example by only considering one area of the firm’s business.

The review acknowledged that a small number of firms did have well established arrangements for risk assessment in place. The FCA was pleased to note that some firms had collaborative engagement with front-line business personnel, adequate senior management involvement and use of a consistent methodology to categorise and identify risks. However, these examples of good practice were only seen in a few firm of the 22 firms reviewed.

Due Diligence

The review reported that firms must have risk-sensitive AML policies and procedures that require them to identify the business relationships that pose the greatest risk of money laundering. Firms are required to identify their customers and, where applicable their beneficial owners in order to assess the risk posed by that business relationship. Asset Managers should be establishing a risk classification framework that is applied consistently at the time of on-boarding and on an ongoing basis. Frameworks may be insufficient if they are not regularly reviewed or approved by senior management.

The review identified that one of the most significant issues is related to PEPs and high risk customers. In such cases standard due diligence will not be enough. Firms must have clear policies to identify PEPs and high risk customers. Once identified these customers must be subject to on-going monitoring and enhanced due diligence. Most policy documents did not make clear the risk of corruption potentially posed by PEPs. Other deficiencies related to documenting the ultimate beneficial ownership, source of funds, and source of wealth which results in a flawed due diligence process and leave a firm open to risky business relationships.

Third Party Relationships

The FCA recognised that one of the most significant risk areas for firms lies in their dealings with introducers or agents, who may engage in corruption. The review highlights that firms should have appropriate policies and procedures to define a ‘third party’ and set out the firms approach to identification, selection and monitoring of the relationship.

The review concluded that, at most firms, the procedures to identify and assess the risk of third parties were not clearly defined and the extent of due diligence performed on the third parties was insufficient. In some cases, third party contracts did not include the necessary clauses addressing bribery and corruption or a right to audit.

Only a few firms were appropriately (or at all) documenting the rationale for commission payments and monitoring such payments regularly.

What Does This Mean For You?

Anti-bribery is currently a hot enforcement topic. The Bribery Act 2010 has been in force for over two years and all businesses, both inside and outside the regulated sector, are expected to have adequate procedures to combat risks of bribery and corruption. It is an FCA requirement that firms’ systems and controls include appropriate procedures to combat the risk of bribery, money laundering and other financial crime. Crucially, any failure to fulfil this requirement, could lead to enforcement action by the FCA separate from any need for a prosecutor to prove criminal Bribery Act offences.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dechert LLP | Attorney Advertising

Written by:

Dechert LLP

Dechert LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.