Firms must establish and maintain robust defences and risk management frameworks that identify and mitigate money laundering and bribery and corruption risks. Although previous regulatory action relating to anti-money laundering (AML) and anti-bribery and corruption (ABC) systems and controls failings has focused on the banking and insurance sectors, there are significant risks in other sectors.
So we carried out a thematic review on asset management and platform firms to assess whether this sector is taking adequate steps to mitigate the money laundering and bribery and corruption risks it faces.
Although we found some good examples of risk management – for instance, most firms had relatively well-developed arrangements for the ownership of money laundering and bribery and corruption risks – we found common weaknesses across the 22 firms in our sample. Given the communications we have issued on AML and ABC, we expected the industry to have done more in ensuring they had suitable systems and controls in place.
What we did
- AML systems and controls (including account opening, transaction monitoring, and suspicious activity reporting to mitigate money laundering risks); and
- ABC systems and controls (including the use of business introducers, third party payments,and gifts and entertainment arrangements)
Our findings
- Most firms had relatively well-developed arrangements for the ownership of money laundering and bribery and corruption risks. However, some could not provide evidence to demonstrate the effectiveness of senior management oversight and challenge.
- AML and ABC issues were dealt with primarily as a compliance matter rather than as part of proactive risk management. Failure to properly identify and assess risk often led to weaknesses in customer due diligence and on-going monitoring of business relationships.
- Most firms had a comprehensive suite of AML policies and procedures approved by senior management.
- Some firms had inconsistent or absent controls to assess, classify and record risks posed by new customers, which meant that enhanced due diligence and enhanced on-going monitoring was sometimes not carried out for high-risk customers.
- There were weaknesses in how most firms acted on the outcomes of risk assessments. Identified risks were often non-measurable and not actively monitored. This impacted the extent to which appropriate controls were defined to mitigate those risks.
- Some firms considered that the longstanding nature of some business relationships alone was a satisfactory substitute for keeping customer due diligence information up to date Some firms failed to take adequate steps to establish, verify and document the legitimacy of the source of funds and source of wealth to be used in business relationships for high risk customers.
- Most firms failed to demonstrate adequate systems and controls for assessing bribery and corruption risks in relation to dealing with and monitoring third party relationships, such as relationships with agents or introducers.
- Most firms had well-established AML and ABC training initiatives in place setting out relevant AML and ABC rules and regulations. However, the findings call into question the effectiveness of this training. Firms should develop more ‘tailored’ training material focusing on risks specific to their business. Most firms had appropriate arrangements to govern training, including monitoring staff completion activity and incentivising staff to adhere to training requirements through performance management protocols.