The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

UK FSA Highlights “Serious Weaknesses” Within Firms’ AML and Customer Data Management Practices

As part of its crackdown on the industry’s systems and controls around anti-money laundering (AML) data, especially for politically exposed persons (PEPs), which it stepped up last year, the UK Financial Services Authority (FSA) has released the findings of a survey of these practices across the industry that highlights “serious weaknesses” in “many” firms. The main conclusion of the report is that around three quarters of the banks in the FSA’s sample group are not managing their risks or their PEP data effectively, which could soon result in them facing the brunt of the regulator’s enforcement powers (whatever that may entail).

The regulator indicates in the paper that it expects firms to take action as a result of the criticisms it makes of the management of this data by translating them into “more effective policies and controls” where it has indicated any issues lie. If this does not happen, it has warned further FSA “action” will be warranted, pointing to the two firms that have already been referred to the enforcement division for the “apparent serious weaknesses” in their systems and controls.

The FSA adds: “We will, where appropriate, use our enforcement powers to reinforce key messages in this report to encourage banks and other firms to strengthen AML systems and controls and deter them from making decisions which do not take adequate account of money laundering risk.”

The main issue at the heart of these concerns is the management of PEP data. As defined by the regulator: “PEPs are individuals whose prominent position in public life may make them vulnerable to corruption. The definition extends to immediate family members and known close associates.” Regulators therefore consider the management of the data concerning these individuals to be a priority to prevent money laundering and terrorist financing.

In order to foster better practices with regards to this data, the report outlines proposed guidance in the form of examples of good and poor practice which, following post-consultation implementation, the FSA says it will “expect firms to take into account”. The finalised guidance will be included in Financial Crime: a guide for firms, on which the regulator is currently consulting in CP11/12 and urges firms to provide feedback upon.

Thus far, the industry hasn’t performed particularly well with regards to judging the risks posed by PEPs: “Around a third of banks, including the private banking arms of some major banking groups, appeared willing to accept very high levels of money laundering risk if the immediate reputational and regulatory risk was acceptable.”

In terms of managing PEP data, the failures continue: “Over half the banks we visited failed to apply meaningful enhanced due diligence (EDD) measures in higher risk situations and therefore failed to identify or record adverse information about the customer or the customer’s beneficial owner. Around a third of them dismissed serious allegations about their customers without adequate review.”

More than a third of banks visited by the FSA also failed to put in place effective measures to identify customers as PEPs. The regulator’s report notes that some banks exclusively relied on commercial PEP databases, even when there were “doubts about their effectiveness or coverage”. Relying solely on third party data is therefore not sufficient to keep the regulator happy, further controls and data checks are necessary.

The FSA indicates that some firms were particularly at fault in checking this data: “Some small banks unrealistically claimed their relationship managers or overseas offices knew all PEPs in the countries they dealt with. And, in some cases, banks failed to identify customers as PEPs even when it was obvious from the information they held that individuals were holding or had held senior public positions.”

Data management failures also rank highly in the list of criticisms: “At a third of banks visited, the management of customer due diligence records was inadequate and some banks were unable to give us an overview of their high risk or PEP relationships easily. This seriously impeded these banks’ ability to assess money laundering risk on a continuing basis.”

Three quarters of the banks in the FSA’s sample failed to take adequate measures to establish the legitimacy of the source of wealth and source of funds to be used in the business relationship. The regulator notes that this was of concern in particular where the bank was aware of significant adverse information about the customer’s or beneficial owner’s integrity.

Frameworks for risk data assessment were also found to be lacking: “Some banks’ AML risk assessment frameworks were not robust. For example, we found evidence of risk matrices allocating inappropriate low risk scores to high risk jurisdictions where the bank maintained significant business relationships. This could have led to them not having to apply EDD and monitoring measures.”

Some banks also failed to make the grade in terms of governance structures and had “inadequate safeguards” in place to mitigate relationship managers’ conflicts of interest. “At more than a quarter of banks visited, relationship managers appeared to be too close to the customer to take an objective view of the business relationship and many were primarily rewarded on the basis of profit and new business, regardless of their AML performance,” says the report.

Moreover, in some cases, the governance issue goes right to the top: “At a few banks, the general AML culture was a concern, with senior management and/or compliance challenging us about the whole point of the AML regime or the need to identify PEPs.”

The FSA also indicates that nearly half the banks in its sample failed to review high risk or PEP relationships regularly, adding: “Relevant review forms often contained recycled information year after year, indicating that these banks may not have been taking their obligation to conduct enhanced monitoring of PEP relationships seriously enough.”

Given the seriousness with which the FSA is treating this issue and the catalogue of criticisms in the paper, the industry can expect a much harder line to be taken with regards to scrutinising these data management practices and risk assessment frameworks going forward.

Related content


Recorded Webinar: Sanctions – The new pre-trade challenge for the buy-side

Sanctions screening at the security level is a relatively recent requirement for the buy-side. It dives deeper than traditional KYC and AML screening and is immensely challenging as firms must monitor frequently changing sanctions lists, source up-to-date sanctions data and beneficial ownership data, and integrate these to screen growing lists of potentially sanctioned securities. As...


2022 – The Year of Transition, Turning Data Management Theories into Practical Solutions

Welcome to Data Management Insight 2022 and some of the hot topics we will be exploring as capital markets participants continue to mainstream data as a resource to improve business value, extend digitalisation, drive up efficiencies, foster innovation, and last but not least, improve regulatory compliance processes. It will not all be plain sailing, however,...


RegTech Summit APAC

Now in its 2nd year, the RegTech Summit APAC will bring together the regtech ecosystem to explore how capital markets in the APAC region can leverage technology to drive innovation, cut costs and support regulatory change. With more opportunities than ever before for RegTech to add value, now is the time to invest for the future. Join us to hear from leading RegTech practitioners and innovators who will share insights into how they are tackling the challenges of adopting and implementing regtech and how to advance your RegTech strategy.


Regulatory Data Handbook 2021/2022 – Ninth Edition

Welcome to the ninth edition of A-Team Group’s Regulatory Data Handbook, a publication dedicated to helping you gain a full understanding of regulations related to your organisation from the details of requirements to best practice implementation. This edition of the handbook includes a focus on regulations being rolled out to bring order and standardisation to...