Spotlight on Client Categorisation, AML Weaknesses, and Sector Resilience

Unknown Speaker

Hey everyone, and welcome back to the B-Compliant Podcast. I'm Vicky Pearce and, as ever, I'm joined by the lovely Rachel MacRae. Today, we've got a packed agenda, but let's kick things off with the FCA's recent multi-firm review on client categorisation. Rachel, this one's right up your street, isn't it?

Rachel MacRae

Absolutely, Vicky. I mean, it makes for interesting reading — and whilst I would sometimes prefer a good novel to an FCA paper, it is still a good read for compliance nerds like us! The FCA’s review, which looked at firm's assessments, documentation and record-keeping of Elective Professionals, High Net Worth and Sophisticated Clients and basically exposed a lot of what we've been warning about: firms falling back on these tick-box exercises for categorising clients, when really, the rules, especially COBS 3, require a much more thoughtful approach.

Unknown Speaker

Yeah, and it’s not just corporate finance firms in trouble here. The FCA made it clear they’re looking at everyone, not just those in this sector. That whole “superficial assessment” criticism came through loud and clear—so many firms only had high-level, generic processes, or relied massively on familiarity, which the FCA definitely aren’t going for.

Rachel MacRae

You know, I think the record-keeping piece was the bit that really struck me. If firm's can't evidence that they are assessing a client correctly, or if they lack clear processes for validating or updating categorisations over time - this is not a once and done assessment - then the FCA's position is that these clients should be treated as retail clients, regardless of any contractual terms. Firm's can no longer just assume that if someone’s been a Professional client in the past, they’re still fine to be treated the same way.

Unknown Speaker

Exactly. And it's not just the categorisation, it’s those investor statements too - the high net worth and sophisticated investor ones. Firms were mixing up templates from COBS and the Financial Promotion Order—sometimes using expired certifications or not double-checking if the exemptions actually applied to the securities being discussed. It’s just not good enough, is it?

Rachel MacRae

Definitely not. The good practice there was so clear—regular, structured governance, built-in system controls so that if someone's certification is expired, they just can't be sent promotions. Simple things, with proper renewal reminders. It’s not rocket science, but without it, you are opening yourself up for scrutiny.

Unknown Speaker

Yes... for firm's that don't keep track of their client categorisations and investor statements or review these on a regular basis, or for those that rely on that old classic tick box exercise, this should be a bit of a wake up call.

Rachel MacRae

The lesson is—tailor your process, go through your policies, check your COBS 3.7 and 3.8 obligations, set up the right systems. You can’t rely on “oh, well, they’re a regular, we’ve known them for ages.”.

Unknown Speaker

And let’s not forget, the FCA are consulting soon on bigger changes to the categorisation regime, so if you aren't on top of it now, it’s only going to get harder. Firms need to get proactive, look for gaps, plug them, and take this as a genuine opportunity to modernise. It’s the usual story: better to stay ahead than be forced to catch up when the regulator comes knocking.

Rachel MacRae

Speaking of not leaving things until the FCA comes knocking… Another publication from them, this time on Financial Crime controls within corporate finance firms; they found some worrying gaps in anti-money laundering frameworks. It wasn’t all doom and gloom as almost all firms reported regularly to senior management, which is decent... but the number of firms falling short on the basics was kind of, well, shocking.

Unknown Speaker

Yeah, around two-thirds of firms not being fully compliant with the Money Laundering Regulations? That’s not something you want to hear. Missing risk assessments, no customer risk forms in nearly a third of cases, and the classic—no documented evidence for customer due diligence. I mean, that’s… I was going to say basic, but it’s literally the core of AML.

Rachel MacRae

And it goes even further. Some firms weren’t even keeping up-to-date monitoring of source of funds or updating records. Then there’s poor oversight of appointed representatives—about a third of principal firms hadn’t even done a financial crime risk assessment on their ARs, and some didn’t have policies on AR risks at all. That’s worrying, especially since informal relationships or “gut feel” keep cropping up. That doesn’t cut it anymore, not with the FCA’s attitude. Financial Crime risks are complex and often opaque, and just because firm's might have known client's for years, that excuse will not stand up if the FCA starts asking questions about your systems and controls.

Unknown Speaker

No, absolutely not. Relationships don’t replace documentation. The FCA made it clear: you have to have current, written risk assessments and CDD for every client and AR. Otherwise, it’s a breach—not a slap on the wrist, a proper breach. Whilst the focus of the good and poor practice publication was on corporate finance, there are lessons every firm can learn as we know that the bad practices aren't limited to just this sector - all firms need to sit up and listen.

Unknown Speaker

Yeah, and that brings us nicely to the whole idea of sector resilience. The FCA’s Chief Executive, Nikhil Rathi, gave quite a speech at the City Dinner, didn’t he? I liked the bit about seeing resilience and defense as opportunities instead of just extra cost, especially with modern risks—cyber, catastrophe, and operational. It’s not just about ticking boxes anymore, is it?

Rachel MacRae

No, definitely not. That protection gap in things like cyber insurance is growing, and Rathi basically challenged the sector to innovate, measure risks, and see resilience as something that could drive, not just defend, growth. It’s a mindset shift for a lot of firms—and actually, it’s one we’ve touched on before, especially back in the episode where we talked about cybersecurity and conflict management. Firms need to get comfortable with resilience being baked into their business models, not seen as a compliance burden.

Unknown Speaker

Right—and if anyone needs a sharp reminder about personal accountability, look no further than the recent FCA action against Neil Sedgwick Dwane. This was a pretty clear-cut insider dealing case: knew the information, acted on it for personal gain, and the FCA came down hard—£100k fine and a permanent ban from the industry. He didn’t just breach internal rules, it was a fundamental failure of trust and integrity. The regulator’s not shy about using all its powers if you cross the line.

Rachel MacRae

It’s a textbook reminder that personal integrity and strong controls aren’t optional. And honestly, it’s not just about avoiding fines or bans; it’s about keeping public trust and the sector resilient as a whole. The FCA’s message is—you’re responsible for your actions, and firms need both the systems and the culture to ensure everyone remembers that, every day.

Unknown Speaker

Couldn’t agree more, Rachel. That’s all we’ve got time for this week. If you’ve got questions, or want help stress-testing your firm’s frameworks, reach out to us at B-Compliant. And don’t forget to subscribe so you don’t miss our next episode—we’ll be back soon with more on the ever-evolving world of compliance.