PwC's Managing upstream risk: Regulatory reform review - An asian perspective November 2013 | Page 28
In light of the findings, the FCA recommends
that asset managers should review their
own outsourcing arrangements and where
appropriate:
• Enhance their contingency plans for the
failure of a service provider providing
critical activities, taking into account
industry-led guiding principles where
applicable, and
• Assess the effectiveness of their oversight
arrangements to oversee critical activities
outsourced to a service provider, making
sure the required expertise is in place.
4.3 AML
Update
On 31 October 2013 the FCA published a
thematic review on AML and anti-bribery
and corruption systems and controls in asset
management and platform firms, assessing how
22 firms manage their AML and anti-bribery
and corruption risks. The review focused on the
adequacy of the firms’:
• AML systems and controls (including
account opening, transaction monitoring,
and suspicious activity reporting to mitigate
money laundering risks); and
• ABC systems and controls (including the
use of business introducers, third party
payments, and gifts and entertainment
arrangements).
A summary of the review is as follows:
• ost firms had relatively well-developed
M
arrangements for the ownership of money
laundering and bribery and corruption risks.
However, some could not provide evidence
to demonstrate the effectiveness of senior
management oversight and challenge.
• AML and ABC issues were dealt with
primarily as a compliance matter rather than
as part of proactive risk management. Failure
to properly identify and assess risk often led
to weaknesses in customer due diligence
28
Regulatory Reform Review | Banking
and on-going monitoring of business
relationships.
• ost firms had a comprehensive suite of
M
AML policies and procedures approved by
senior management.
• ome firms had inconsistent or absent
S
controls to assess, classify and record risks
posed by new customers, which meant that
enhanced due diligence and enhanced ongoing monitoring was sometimes not carried
out for high-risk customers.
• There were weaknesses in how most firms
acted on the outcomes of risk assessments.
Identified risks were often non-measurable
and not actively monitored. This impacted
the extent to which appropriate controls
were defined to mitigate those risks.
• ome firms considered that the longstanding
S
nature of some business relationships alone
was a satisfactory substitute for keeping
customer due diligence information up to
date.
• ome firms failed to take adequate steps
S
to establish, verify and document the
legitimacy of the source of funds and source
of wealth to be used in business relationships
for high risk customers.
• Most firms failed to demonstrate adequate
systems and controls for assessing
bribery and corruption risks in relation to