Tuesday, 21 October 2025
The Financial Conduct Authority (FCA) has published a new press release highlighting worrying gaps in how many UK corporate finance firms manage financial crime risks. According to the regulator, a recent survey found that two-thirds of corporate finance firms that do not submit formal financial-crime return data may be falling short of expectations under the UK’s anti-money-laundering (AML) regime.
The survey covered authorised corporate finance firms that connect companies to capital. Out of 303 firms contacted, 270 responded. Among those respondents: 11 % reported they lack a documented business-wide risk assessment—a requirement under current AML regulations. Ten per cent said they did not maintain documented records of customer-due-diligence processes. Additionally, 29 % of the principal firms indicated they had not carried out financial-crime risk assessments for their appointed representatives (ARs), and 6 % said they had not monitored AR compliance or conducted onsite audits.
Despite these shortcomings, the FCA found positive practices in many firms. Some 97 % of respondents said they report financial-crime issues to senior management on a regular basis. Others described formal risk-assessment frameworks, periodic reviews, management-information dashboards and auditing of controls—all examples the FCA cited as stronger approaches.
Andrea Bowe, Director of the FCA’s specialist directorate, commented that “corporate finance firms play a vital role in the UK’s capital markets. Their exposure to money-laundering risks means it is essential that they have strong, proactive controls in place.” She added that the FCA will write to firms with weaker frameworks, specifying the improvements expected, and follow up in due course.
This release complements earlier FCA guidance published in October 2025 that offers examples of good and poor practice for such firms. That guidance emphasises the need for documented risk assessment, monitoring of ARs, ongoing due diligence and internal oversight. Many firms were found to have weaknesses in these areas.
For corporate finance firms, the FCA’s message is clear: authorisation alone is not sufficient. Firms must demonstrate that they have effective control systems in place, that these systems cover all parties—including ARs—and that they keep these systems actively reviewed and updated. Failure to do so may increasingly attract regulatory scrutiny.
Source: CMS
