PwC's Managing upstream risk: Regulatory reform review - An asian perspective November 2013 | Page 28

In light of the findings, the FCA recommends that asset managers should review their own outsourcing arrangements and where appropriate: • Enhance their contingency plans for the failure of a service provider providing critical activities, taking into account industry-led guiding principles where applicable, and • Assess the effectiveness of their oversight arrangements to oversee critical activities outsourced to a service provider, making sure the required expertise is in place. 4.3 AML Update On 31 October 2013 the FCA published a thematic review on AML and anti-bribery and corruption systems and controls in asset management and platform firms, assessing how 22 firms manage their AML and anti-bribery and corruption risks. The review focused on the adequacy of the firms’: • AML systems and controls (including account opening, transaction monitoring, and suspicious activity reporting to mitigate money laundering risks); and • ABC systems and controls (including the use of business introducers, third party payments, and gifts and entertainment arrangements). A summary of the review is as follows: • ost firms had relatively well-developed M arrangements for the ownership of money laundering and bribery and corruption risks. However, some could not provide evidence to demonstrate the effectiveness of senior management oversight and challenge. • AML and ABC issues were dealt with primarily as a compliance matter rather than as part of proactive risk management. Failure to properly identify and assess risk often led to weaknesses in customer due diligence 28 Regulatory Reform Review | Banking and on-going monitoring of business relationships. • ost firms had a comprehensive suite of M AML policies and procedures approved by senior management. • ome firms had inconsistent or absent S controls to assess, classify and record risks posed by new customers, which meant that enhanced due diligence and enhanced ongoing monitoring was sometimes not carried out for high-risk customers. • There were weaknesses in how most firms acted on the outcomes of risk assessments. Identified risks were often non-measurable and not actively monitored. This impacted the extent to which appropriate controls were defined to mitigate those risks. • ome firms considered that the longstanding S nature of some business relationships alone was a satisfactory substitute for keeping customer due diligence information up to date. • ome firms failed to take adequate steps S to establish, verify and document the legitimacy of the source of funds and source of wealth to be used in business relationships for high risk customers. • Most firms failed to demonstrate adequate systems and controls for assessing bribery and corruption risks in relation to