What is the Financial Conduct Authority (FCA)?

The Financial Conduct Authority (FCA) regulates the financial services industry in the UK. It is an independent body funded entirely by the fees it charges regulated firms but is accountable to the Treasury, the UK government’s economic and finance ministry. 

The FCA was established in 2013 by the Financial Services Act (2012) as part of a widespread regulatory overhaul in the UK following the 2008 financial crisis. Along with the Prudential Regulation Authority (PRA), the FCA replaced the old Financial Services Authority (FSA). 

What does the FCA do?

Whereas the PRA ensures financial institutions (FIs) are run safely and can manage their risks, the FCA has three operational objectives: 

• Protect consumers from the harm caused by misconduct in financial services. 
• Enhance market integrity to support a healthy UK financial system. 
• Promote effective competition in the interests of consumers. 

These serve the FCA’s overall, Parliament-mandated strategic objective: to ensure financial services markets function well. In 2023, the FCA introduced a secondary objective to support the international competitiveness and growth of the UK economy in the medium to long term. 

To achieve these aims, the FCA regulates around 42,000 businesses. For the majority of these firms, the FCA acts as both a conduct and prudential regulator. This means they oversee both how firms interact with consumers and the market, and their processes for dealing with potential solvency issues and other risks. The only exceptions are banks, building societies, credit unions, insurers, and large investment firms, which are prudentially supervised by the PRA and are known as dual-regulated firms. 

The FCA carries out activities in the following areas: 

• Authorization: Most financial services need to be authorized by the FCA, including banks, insurers, credit and mortgage brokers, payments firms, cryptoasset firms, and more. These firms must demonstrate that they meet regulatory standards and will work with the FCA openly and proactively. 
• Rules and guidance: All regulated firms must comply with the FCA Handbook, which details how they should conduct various aspects of their business. This includes minimum standards that financial services products must meet to enter the market. 
• International standards: The FCA engages with counterparts in other jurisdictions to contribute to international regulatory standards and transposes these into domestic regulations.  
• Supervision: The FCA assesses firms against its standards, considering individual firms’ behavior and market evolution. Thematic reviews, which assess current or emerging risks in particular sectors and markets, play a significant role in FCA supervision. 
• Enforcement: The FCA can impose regulatory, civil, and criminal penalties on firms that don’t comply with its regulations. These range from withdrawal of authorization to fines and asset freeze applications to prosecution. 

Given the severity of the penalties the FCA can hand down – with multi-million-pound fines issued to household-name businesses in 2024 – firms must maintain a solid knowledge of their regulatory requirements and take practical steps towards compliance. 

What are the FCA’s AML compliance requirements?

The FCA enforces compliance with the Money Laundering, Terrorist Financing, and Transfer of Funds (Information on the Payer) Regulations (MLRs) among the businesses it regulates. It also requires firms to comply with additional AML regulations, and has published the Financial Crime Guide (FCG) as part of the FCA Handbook to help them do this. To comply with the MLRs and FCA guidance, FIs should implement anti-money laundering and countering the financing of terrorism (AML/CFT) programs which cover the following essential points: 

• Governance: Firms should assign overall responsibility for AML to a director or senior manager and appoint a Money Laundering Reporting Officer (MLRO) to supervise compliance procedures. 
• Risk assessments: All firms must base their AML programs on risk assessments, which should consider the kinds of customers, products, locations, and transactions likely to represent a higher risk level. 
• Customer due diligence: Businesses must verify the identities of all customers and understand the purpose of each customer’s business relationship with the firm, using this information to build a risk profile for each customer. If a firm cannot complete customer due diligence (CDD) measures, it must not begin a business relationship with that customer. 
• Ongoing monitoring: Firms must conduct ongoing monitoring of all their business relationships. This includes analyzing transactions to check if they align with a customer’s expected behavior, and ensuring customer data and risk profiles remain accurate and up-to-date. 
• Enhanced due diligence: As part of a risk-based approach, firms must draw up and apply enhanced due diligence (EDD) measures in cases where a higher financial crime risk is present. 
• Payments: Payment service providers (PSPs) must collect identifying information on payers and payees for any transaction and chase missing data. 
• Staff training: Firms must review their employees’ competence and take steps to ensure they remain able to implement AML policies where necessary, including through regular training. 
• Record-keeping: FIs must keep documents relating to CDD and to occasional transactions for five years after the end of the business relationship or the transaction in question. Records relating to transactions within business relationships do not need to be kept beyond ten years if the relationship lasts longer than that. Firms must also keep records demonstrating how their AML policies fulfill their compliance obligations. 
• Reporting: Firms must appoint a nominated officer to submit suspicious activity reports (SARs) to the National Crime Agency (NCA). 

A Guide to the Essentials of Anti-Money Laundering

Our expert guide explains how firms of all sizes can create effective AML programs, build trust with regulators, and turn compliance into a business advantage.

Download your copy

How firms can ensure FCA compliance 

Firms that fail to comply with the FCA’s extensive AML requirements face multiple threats of public enforcement action (with a “name and shame” strategy mentioned by the FCA as one planned initiative in 2024), heavy monetary penalties, and a damaging reputation for lax compliance procedures that can tarnish consumer trust and affect business growth. To avoid these consequences, firms should know how to implement FCA rules and include these steps in their AML compliance programs. 

• Understand AML risk factors: Firms need to be aware of the different factors affecting the risks they face. Customer risk depends on details like occupation and politically exposed person (PEP) status. Geographic risks are determined by customer locations, with certain jurisdictions designated as higher-risk because of weaker regulatory environments or associations with predicate crimes in money laundering. Product and service risk involves certain parts of firms’ offerings being misused by criminals—often services such as correspondent or private banking. 
• Regularly check sanctions lists and other data: When conducting CDD at onboarding, firms should ensure they are screening their customers against the latest available information on sanctions, adverse media, and PEPs – otherwise, they risk inadvertently onboarding high-risk customers and breaching FCA regulations. 
• Build dynamic customer risk scoring into AML processes: Using their business-wide risk understanding and the data collected at onboarding, firms should assign risk scores to each of their customers. Ideally, this should be done with an AML software solution capable of dynamically updating these scores and prioritizing higher-risk cases for assessment by compliance analysts. 
• Use enhanced due diligence measures where necessary: The FCA stipulates that higher-risk customers and transactions require greater scrutiny to ensure their legitimacy. Firms should consider appropriate methods of conducting enhanced due diligence (EDD), such as checking for source of funds (SOF) and source of wealth (SOW) checks or more information on ultimate beneficial ownership (UBO). 
• Maintain awareness of financial crime typologies across the business: Methods of money laundering, terrorist financing, and other kinds of financial crime are constantly evolving, with regulations frequently being updated to keep pace with these. As well as being aware of their regulatory responsibilities, firms should ensure staff are trained to spot potential indicators of emerging crime typologies. 

Stay FCA-compliant with smart AML software

ComplyAdvantage supports firms in meeting their AML obligations with industry-leading risk intelligence and compliance tools. Using our artificial intelligence (AI)-powered Mesh platform, FCA-regulated businesses can: 

• Screen their customers against the latest data: Our customer screening and ongoing monitoring solutions automatically check customer information against the latest data, including sanctions lists, watchlists, and politically exposed person (PEP) data. This lets onboard customers securely and gain a real-time view of their financial crime risks. 
• Use machine learning to detect suspicious transactions: A comprehensive library of rules and scenarios aids firms in revealing unusual or unexplained customer behavior, with cutting-edge machine learning (ML) systems ready to step in and fill any gaps where behavior isn’t covered by existing rules.  
• Create an easily accessible audit trail: An intuitive interface automatically keeps records of every event and decision, allowing firms to efficiently find the necessary information during audits or reviews and build positive relationships with regulators.