AML heat to rise

Julia Penny, principal of JS Penny Consulting, says accountancy firms should ‘expect the FCA to be more robust and more aggressive with fines and other enforcement action’.

The FCA has a track record of robust enforcement. Between 2015 and 2025 it issued just under £1.1bn in penalties across 27 AML-related cases, including the first-ever fine for an audit firm – £15m for PwC – for failing to report suspected fraud.

Andrew Aitken, co-founder of regulatory consultancy AuthoriPay, says the FCA reserves its strictest enforcement actions and heaviest fines for AML violations. ‘Poor governance and poor senior management involvement, poor controls around enhanced due diligence on high-risk clients and a lack of ongoing monitoring are the things the FCA tends to enforce and fine the most,’ he says. ‘They are pretty thorough, pretty aggressive and not afraid to unleash punitive penalties on firms.’

Data-led

The FCA’s new role will see the financial services watchdog take a risk-based and data-led approach to supervising a population of approximately 60,000 regulated firms.

This means it can target its resources towards the highest-risk firms, which should expect more intense supervision. In practice, this will mean an increase in the frequency and depth of AML/CTF checks by the FCA.

‘The FCA is very big on a data-led approach to supervision and requires the supervised population to submit quite detailed and quite granular information on a regular basis’, says Colette Best, AML director at law firm Kingsley Napley.

As a result, firms are going to have to get used to uploading a greater volume of more detailed data on things they may not currently report on – or in the worst-case scenario, may not currently collect.

Bigger role

Joe Norburn, group CEO of compliance advisory business TCC Group, says the shift is ‘transformational’ because it moves accountancy firms into a much more structured regulatory environment than they have been used to.

‘Supervisors will expect clearer evidence for risk assessment, control testing and governance, rather than broad statements of compliance,’ he explains. ‘Many firms have worked with principles, but not necessarily with the level of documentation and audit trail that the FCA will look for.’

The FCA could register all in-scope firms, conduct appropriate gatekeeping checks and have powers to accept, deny, suspend or cancel registrations.

In its consultation, the government recognises that, once the FCA’s expanded remit is operational, some firms may experience a degree of dual regulation, with requirements to register and interact with their professional body for their regular activities as well as with the FCA for AML/CFT-related matters.

The FCA also applies a high bar to its gatekeeping role, so that firms that wish to register must meet its expectations on AML compliance. ‘They will scrutinise quite deeply what they expect of firms,’ Aitken says. ‘If they are not happy, they are quick to reject and not afraid to delay applications.’

The gatekeeping is expected to include applying a ‘fit and proper test’ for both the business and the beneficial owners, officers and managers. Individuals will be unable to act as beneficial owners, officers and managers before the FCA has completed its checks.

Penny says a more detailed set of checks could act as ‘a hurdle to get into that regulatory environment’ and could slow up the process of senior individuals being approved. ‘Whenever you split regulation and give some bits to another organisation, that organisation inevitably has its own role, its own remit, to fulfil so that increases the compliance burden.’

Rigour

There are other gatekeeping tests that may currently apply to regulated firms but are not rooted in the money laundering regulations, including the FCA’s requirements under the senior managers and certification regime (SMCR). Even if the full SMCR framework isn’t applied immediately, the FCA naturally expects clear ownership, documented oversight and regular challenge from senior leaders.

Aitken warns that, if the FCA feels senior managers aren’t engaged, ‘they are going to come down heavy on firms. Senior managers are going to have to show a vested interest in combatting financial crime and money laundering. Senior management need to be kept informed. The FCA get very stroppy if they don’t see enough reporting coming up to senior management.’

Culturally, this means AML can’t sit as a ‘compliance side-task’, Norburn says. ‘Firms will likely need to adopt a more structured approach to governance, with proper reporting, clear escalation routes and senior leaders engaging with AML risk on a regular basis.’

More resources

Although many firms will need to invest in updating their risk assessments, onboarding checks and record-keeping, the biggest cost will likely be people, as firms may need dedicated AML roles rather than spreading responsibility across the practice. Senior members of staff and partners may have to be appointed specifically to undertake the money laundering reporting officer (MRLO) role.

Penny says the practice of giving a partner the MLRO job without a commensurate reduction in their day-to-day work and client base will no longer be tenable, as they will not have enough time to be able to do a really robust supervisory job.

She expects mid-tier firms to increasingly look to recruit compliance managers or mandate a compliance partner. The danger, here, is that the role can be viewed ‘as a bit of a dead-end for their career because it is not necessarily valued. The rest of the firm has to change mindset and give enough reward for taking on this onerous role, learning to take on a new thing and be able to do it well.’