FCA’s Dear CEO Letter to Annex 1 Firms on common control failings in AML frameworks

March 25, 2024 by Anastasia Kaisidou


The FCA has published its latest Dear CEO letter which focuses on common control weaknesses in Annex 1 Firms (eg lending, leasing, payment services, money broking and safe custody firms). The Letter explains where the FCA considers firms are falling short of the requirements set out in the Money Laundering Regulations (MLRs) which the FCA has identified as part of its ongoing firm monitoring visits and desk-based assessment activities.

Common weaknesses

The Letter requires each of the Annex 1 Firms to complete a gap analysis against the following 4 observed common weaknesses within the next 6 months and take reasonable steps to close any control gaps identified:

  1. Business Model – discrepancies between firms’ registered and actual activities, and lack of Financial Crime controls to keep pace with business growth
  2. Risk Assessment – weaknesses in Business Wide Risk Assessments and Customer Risk Assessments
  3. Due Diligence, Ongoing Monitoring and Policies and Procedures – lack of detail in policies creating ambiguity around actions staff should take to comply with their obligations under the MLRs
  4. Governance, Management Information and Training – lack of resources for Financial Crime, inadequate Financial Crime training and absence of a clear audit trail for Financial Crime related decision-making

Key points to remember (applicable to all firms)

  1. Discrepancies between firms’ registered and actual activities: you have an obligation to notify the FCA of changes in your business activities and details (within 30 days of the date of the change) and inform the FCA of any MLR individual changes.
  2. Financial crime controls: ensure that as your firm grows, you are providing additional financial crime focused resources to support business expansion and complexity which may require new and enhanced controls.
  3. Business wide risk assessments: ensure that you have a comprehensive risk assessment programme and methodology to identify the inherent ML, TF and PF risks faced by your firm and to assess the effectiveness of your controls to mitigate the risks.
  4. Customer Risk Assessments: review your customer risk assessment frameworks to ensure that you are taking a holistic view of the client relationship covering all relevant risk factors to enable the appropriate level of customer due diligence to be completed.
  5. CDD policies, procedures and monitoring: make sure you have comprehensive and up-to-date CDD policies and procedures which cover your regulatory obligations and that you have effective ongoing CDD monitoring processes.
  6. The need for high-quality training: firms must deliver regular training to staff, including role- specific training to improve levels of financial crime awareness.
  7. Absence of clear audit trail: ensure that you have a clear audit trail to support your firm in financial crime decision-making.
  8. Independent audits: where appropriate, depending on a firm’s size and complexity, an independent audit function should periodically examine and evaluate the effectiveness of the firms’ policies, procedures and controls.


Whilst the Dear CEO Letter focused on control weaknesses in Annex 1 Firms, given the FCA’s continued focus on the fight against financial crime, the Letter is a timely reminder to all firms that they must have appropriate policies, controls and procedures to prevent firms from being used for purposes connected with financial crime.

Senior managers are expected to take clear responsibility for managing Financial Crime Risks within their businesses, which should be treated in the same manner as other risks faced by the business.  Financial crime risks should be a standing risk agenda item in governance meetings to ensure effective challenge and oversight.

How Can Effecta Help?

Effecta Compliance has AML specialists that can help you complete your gap analysis and assess your compliance with the requirements of the MLRs, Joint Money Laundering Steering Group (JMSLG) guidance and the FCA’s Financial Crime Guide which apply to your firm and help you to remediate controls where necessary.

Effecta can also perform an independent tailored Health Checks or Compliance Assurance Reviews of your Financial Crime systems and controls to help maintain and improve your controls and governance.

Click here to download this insight as a PDF