The Financial Conduct Authority (FCA) has issued a detailed review of firms’ approaches to financial crime risk assessments. The findings reveal weaknesses across the sector, including generic business-wide risk assessments (BWRAs), inadequate control evaluation, and limited senior management oversight. These shortcomings expose firms to enforcement risk, skilled person reviews, and material financial crime vulnerabilities.

 

Why this matters

This is not an isolated thematic piece. It reflects a broader supervisory direction of travel. In its Dear CEO letters to the asset management and alternatives sector (26 February 2025), the FCA explicitly warned that increased investment in private and alternative assets brings higher exposure to AML, market abuse, and financial crime risks. Firms are expected to upgrade their frameworks now—not after an FCA visit.

 

FCA expectations

In line with the FCA’s findings on risk assessment processes and controls, firms must:

  • Understand the risks your business is exposed to, including money laundering, sanctions, anti-bribery and corruption, proliferation financing, and terrorist financing.
  • Implement robust financial crime systems and controls to manage and mitigate those risks effectively.

To help firms benchmark their arrangements against FCA expectations and align with JMLSG guidance, we set out key questions and considerations:

 

Key areas and questions
  1. Business-wide risk assessment: Does the firm proactively assess all relevant financial-crime risks, including proliferation financing (PF), sanctions, and jurisdictional exposure? Even though asset managers do not directly trade goods, a firm identifies PF exposure arising from investments in logistics, shipping, and commodities companies operating in or near sanctioned jurisdictions (e.g., Iran, DPRK) have these been considered?
  2. Customer risk assessment (CRA): Are high-risk clients subject to the same level of enhanced due diligence (EDD) both at onboarding and for ongoing monitoring?
  3. Governance and oversight: Do governance structures ensure senior ownership and challenge of BWRA/CRA outcomes, especially when entering new emerging markets, launching new products, or expanding its client base?
  4. Controls and mitigation: Have identified elevated sanctions risks in the BWRA led to changes in onboarding and screening processes? When was the last time the firm conducted a monitoring review or audit of third parties relied upon for customer due diligence?
  5. Regulatory compliance, emerging risks and continuous improvement: Is the firm monitoring regulatory developments (e.g., FCA Dear CEO letters, PF guidance, sanctions updates) and incorporating them into risk assessments? Is there a rapid growth (Monzo fine) without scaling compliance controls creates systemic risk and regulatory exposure? Have you considered the criminals are using generative AI for deepfake fraud, social engineering, and synthetic identity creation?

 

The FCA’s review is a wake-up call, where it is emphasising that financial crime risk assessments are not optional but foundational to effective governance and compliance. Firms cannot treat them as a tick-box exercise they must be holistic, dynamic, and evidence-based, linking directly to controls, senior oversight, and business decision-making.

 

At fscom, we combine deep expertise in asset management and financial crime compliance. We help firms implement tailored risk frameworks and controls, grounded in the right questions:

  • Are BWRA and CRA outcomes fully integrated into governance and senior management decision-making?
  • Are controls continuously tested, monitored, and updated to mitigate emerging risks?
  • Is documentation robust enough to evidence sound judgment and regulatory compliance?

If you require support, fscom’s specialists can help refine your risk frameworks, enhance controls, and ensure your assessments reflect current and emerging risks. Please contact us to discuss how we can assist.

 

This post contains a general summary of advice and is not a complete or definitive statement of the law. Specific advice should be obtained where appropriate.