What you wanted to know during our recent (hugely well attended) webinar on regulatory assessments

We recently welcomed Sam Jarvis to Avyse Partners. Sam spent 15 years at the FCA, mainly in the financial crime team. Throughout that time, she visited countless firms; from global high-street names to firms run by one person with ten customers, and everything in-between.  

Whilst at the regulator, Sam completed every type of financial crime visit; from thematic reviews to short-notice visits, from deep-dives lasting six months to half-day desk-based reviews. She’s seen first-hand how firms do it well, and how they don’t. 

We wanted to make the most of Sam’s experience and recently hosted a free webinar on ‘regulatory assessments and what to expect’. This delved into Proactive Anti-Money Laundering Programme (PAMLP) Visits in particular. To find out more about this type of visit, please read on.   

In case you couldn’t make it to the session, below we’ve set out the key questions people wanted answers to and our responses to those.   

Q&A

What is a Proactive Anti Money Laundering Programme (PAMLP) Visit?  

This is a type of supervisory assessment used by the financial crime team at the FCA. The PAMLP population of firms used to be driven by a ‘pool’ of around 200 firms, visited on a repeat cycle every 3-4 years however this process has now evolved. The factors driving the updated selection process include previous visit findings, a firm’s inherent financial crime risk, wider supervisory intelligence, the annual financial crime (REP-CRIM) return and any whistleblowing reports.  

The visit usually lasts 3-4 days and consists of document reviews, interviews and walkthroughs. At a high-level the areas it covers include 1) policies and procedures 2) customer risk assessment and business-wide risk assessment 3) due diligence, ongoing monitoring and transaction monitoring 4) governance and management information 5) communication, training and awareness 6) the identification and management of high-risk / sanctions individuals or entities.   

The output of the visit includes a feedback letter and, depending on the findings, more serious tools could be used, including attestations, skilled person reviews (‘Section 166’) and a restriction on the firm’s business (‘VREQ’).  

The possible actions the FCA can take after a visit include a VREQ, a Section 166 or even an Enforcement referral. How often does this actually happen, or do most firms just get a letter with findings? 

In some instances, firms will receive a feedback letter, usually with a request for a remediation plan, and no other tools will be used. Sometimes, the FCA uses the more serious supervisory tools such as a VREQ or a Section 166.  

An Enforcement referral from one standalone visit is rarer; enforcement referrals tend to happen for two main reasons 1) The FCA have found repeat findings at the same firm (for example when compared with a similar visit a couple of years ago), or, 2) The pace of change is far too slow which therefore brings into question the competency of those in key governance and oversight positions.  

Will the FCA ask for hard copies of customer files or do they prefer electronic copies? 

The FCA now ask for electronic copies of files. For firms whose files are currently paper based, we recommend customer files are uploaded now to reduce any future pain. 

Would external firm representatives like yourselves be allowed to assist during the visit?  

Absolutely!  However, if we were on-site at the same time as the FCA, this would be in a support role. For example, we would not be able to attend interviews with staff.  We offer mock PAMLP visits which are highly accurate in terms of content and tone, and we recommend such a visit takes place far in advance of any FCA visit.  

Being proactive and not waiting to be notified of a visit will give you time to make meaningful adjustments within a realistic timeframe. As soon as the letter arrives, you are likely to have four to six weeks before the FCA assessment, most of which will be spent preparing documents and logistics. Planning ahead is likely to improve your visit findings and help minimise the extent to which regulatory tools are deployed. 

Is it useful to provide an overview of your business model to the FCA when they come to visit?  

Yes! Context is key, especially if your firm is of the size which means you don’t have a fixed FCA supervisor. It’s best not to assume the FCA know about the finer details of your firm, your industry, your customers, your products, your jurisdictional exposure etc. FCA staff deal with many firms, day-in-day-out and business models understandably differ. This context will help supervisors understand why your risk profile is X, or why you’ve decided customers in Y sector are within your risk appetite etc.  

We recently worked with an advisory client to pull together a summary of their financial crime framework, the various intersections and overlaps between different business lines, and how the branch interacts with head office. Not only was this a helpful document to provide to the FCA to get them quickly up to speed with the bank, it was a valuable resource to senior management to help them succinctly articulate how financial crime is addressed at the bank. 

You said there are different areas the FCA look at whilst they are on site for a PAMLP visit. Is one area (like Governance or the Customer Risk Assessment) weighted much more heavily than others? 

There is no official weighting system, so all areas should be deemed important. 

Closing summary 

If you are expecting a regulatory visit, if you’ve had one but wonder if you might get another, or if you’ve just always wondered what to prioritise in case the regulator does come knocking, please do reach out and we’ll be happy to chat this through with you. We’re a friendly, highly experienced team and we would be delighted to share that experience with you to help you and your firm.