Tackling Money Laundering Through Markets (MLTM) FCA Report – January 23, 2025

The Financial Conduct Authority (FCA) has published its updated review of money laundering through markets (MLTM), building on prior work such as the 2019 thematic review (TR19/4). This latest analysis outlines progress, persistent gaps, and new challenges in combating financial crime in capital markets. It also provides practical recommendations for firms to strengthen their financial crime systems and controls. This report is part of the FCA’s broader commitment under the UK’s Economic Crime Plan 2023–2026, highlighting the need for industry-wide collaboration and innovation to mitigate MLTM risks effectively.

The Threat of MLTM

MLTM involves laundering illicit funds through capital market instruments like equities, bonds, derivatives, and currencies, making these funds appear legitimate. The nature of capital markets—fast-paced, complex, and global—renders them particularly susceptible to exploitation by criminal networks. Among the primary risks identified in the report are:

1. Anonymity of transactions through multi-jurisdictional accounts and opaque ownership structures.
2. Speed and scale of transactions, enabling criminals to quickly move vast sums.
3. Complexity of instruments, such as derivatives or structured products, that obscure the audit trail.
4. Weak governance in some firms, limiting oversight of transactions and controls.

The FCA emphasises that combating MLTM requires addressing these systemic vulnerabilities with robust systems, consistent monitoring, and enhanced cooperation between market participants and regulators.

Key Findings from the FCA Review

The FCA conducted in-depth reviews of wholesale brokers and other market participants, focusing on business-wide risk assessments (BWRAs), customer risk assessments (CRAs), transaction monitoring (TM), governance, training, and reporting mechanisms. Despite some improvements, major gaps persist, requiring urgent attention.

1. Business-Wide Risk Assessments (BWRAs)

Firms’ BWRAs often lack specificity, with risks documented in overly generic terms. This compromises their ability to identify the particular ways in which they could be exploited by criminal actors. The FCA noted that many firms failed to:

• Incorporate tailored assessments of inherent and residual risks specific to their operations.
• Document scenarios that would trigger updates to their risk assessments.
• Include risks related to terrorist financing (TF) and proliferation financing (PF), as required by regulations.

Solutions and Best Practices: Firms must adopt a comprehensive, structured approach to BWRAs. A strong BWRA should:

• Analyse inherent risks based on the firm’s business model, geographical reach, customer base, and products offered.
• Quantify risks using both qualitative and quantitative metrics, assigning probability and impact scores to each.
• Link BWRA outputs to broader governance and decision-making processes.
• Ensure regular updates, triggered by regulatory changes, emerging typologies, or operational developments.

2. Customer Risk Assessments (CRAs)

CRAs are critical for understanding individual customer risks, yet many firms do not adequately document their methodologies. Specific failures include:

• Over-reliance on single factors, such as geography, while neglecting other important elements like industry or transaction patterns.
• Insufficient differentiation between domestic and foreign Politically Exposed Persons (PEPs), leading to inconsistent due diligence.
• Lack of documentation for risk overrides, updates, and escalations.

Solutions and Best Practices: Effective CRAs should:

• Integrate multiple risk factors, including geographic, industry-specific, and adverse media risks.
• Clearly document the rationale behind customer risk ratings and any overrides.
• Establish dynamic CRA processes that adapt to new information or changes in customer behaviour.
• Use automated tools to calculate risk scores, supported by manual reviews for high-risk customers.

3. Know Your Customer (KYC) and Customer Due Diligence (CDD)

KYC and CDD processes were found to be inconsistent across firms. Common issues include:

• Failure to document the purpose and expected activity of customer accounts.
• Over-reliance on third-party due diligence without formal agreements.
• Limited evidence of SoW (Source of Wealth) and SoF (Source of Funds) checks.

Solutions and Best Practices: Firms must strengthen their KYC and CDD processes by:

• Implementing robust onboarding procedures that collect and verify key customer information, including anticipated account activity.
• Establishing reliance agreements when depending on third parties, with clear obligations to share CDD information promptly.
• Conducting regular reviews of customer files, ensuring they include complete audit trails, including rationale for account approvals and escalations.

4. Transaction Monitoring (TM)

Transaction monitoring systems remain a significant weakness in many firms. Most TM systems are not adequately tailored to detect MLTM-specific risks, and collaboration between TM and trade surveillance teams is often lacking.

Solutions and Best Practices: The FCA recommends firms adopt more integrated TM systems. Effective TM should:

• Use AI and advanced analytics to detect suspicious patterns, such as mirror trades, wash trades, and circular trading.
• Collaborate across TM, trade surveillance, and operational teams to contextualise alerts and improve their relevance.
• Regularly update TM rules and thresholds to reflect new typologies and risks.

5. Governance and Oversight

Strong governance is essential to maintaining effective financial crime controls. However, the FCA noted deficiencies in senior management engagement and accountability. Some firms lack clear reporting lines or fail to prioritise financial crime risks in decision-making.

Solutions and Best Practices: To strengthen governance, firms should:

• Establish risk committees and ensure financial crime is a standing agenda item for senior management meetings.
• Develop detailed Management Information (MI) reports, including metrics on customer onboarding, risk ratings, and suspicious activity alerts.
• Encourage cross-departmental collaboration to ensure a holistic approach to risk management.

The FCA’s Recommendations for Industry-Wide Improvement

The FCA underscores the importance of collaboration and innovation in addressing MLTM risks. The Economic Crime and Corporate Transparency Act 2023 provides a framework for information sharing, enabling firms and regulators to work together to detect and prevent financial crime more effectively.

The FCA encourages firms to:

1. Leverage technology to enhance transaction monitoring and risk assessments. For instance, AI-driven tools can identify complex ML patterns that traditional systems might miss.
2. Engage with industry bodies and law enforcement to share intelligence and best practices. Collaboration can improve the quality and consistency of Suspicious Activity Reports (SARs).
3. Invest in training and capacity building. Role-specific training, tailored to the firm’s operations, can equip staff to identify and respond to MLTM risks effectively.

Practical Case Studies Highlighting Risk Typologies

The FCA report includes several real-world examples to illustrate common MLTM typologies:

• Pre-arranged Trading: In one case, a client engaged in distorted debit spread trades that were flagged by transaction monitoring systems. Investigation revealed high-risk indicators, including connections to sanctioned jurisdictions.
• Wash Trades: Another firm identified repeated instances of simultaneous buy-and-sell transactions involving the same beneficial owners. These trades were flagged as attempts to obscure illicit funds.
• Mirror Trading: A firm uncovered mirror trades across multiple accounts linked by common addresses and devices, highlighting the importance of cross-account monitoring.

These cases underscore the need for firms to integrate TM, trade surveillance, and customer risk information to detect and respond to suspicious activity effectively.

The FCA’s updated review emphasises the critical need for firms to adopt a proactive and integrated approach to combating MLTM. By strengthening risk assessments, enhancing governance, improving transaction monitoring, and fostering collaboration, firms can not only mitigate financial crime risks but also safeguard the integrity of the capital markets.

Public bodies, firms, and regulators must work together to address the evolving MLTM threat. The FCA will continue its supervisory work to ensure firms implement these recommendations and adapt to emerging risks. With innovation, collaboration, and robust controls, the financial sector can take significant steps toward a more secure and transparent market environment.