If something is too good to be true, then it probably is…

An old adage, and one that everyone involved in the provision of financial services should live by. However, for whatever reason, this maxim is often forgotten. This is evidenced by the details of numerous enforcement cases brought by the Financial Conduct Authority (“FCA”), most recently in Sunrise Brokers LLP (12th November 2021).The purpose of this article is not to discuss the findings in the Sunrise case. Afterall, these can be found on the FCA’s website. Instead, this article sets out a “cheat sheet” of questions based on matters raised by the FCA in their final notice. It is hoped that this will prove useful to firms and practitioners in assessing whether their systems and controls for onboarding and maintaining client relationships are likely to meet regulatory expectations.

Is your business (becoming) too reliant on one or a small number of income streams?
• A lack of business diversification could give rise to significant conflicts of interest.
• Have you identified this in your conflicts of interest register?
• Have discussions been held with senior management re: strategies to mitigate this conflict? Have these been documented? Are action points being regularly followed up?
Are control functions coming under pressure to prioritise commercial interests over the fulfilment of regulatory obligations?
• This is a red rag to any regulatory bull.
• Front desk assumptions re: the repute of a prospective or existing client should never be taken at face value by control functions. Evidence should always be obtained to corroborate any assertions made.
• Commercial discussions do not constitute due diligence.
• It is irrelevant whether a contact at a prospective client was known previously to someone in the firm.
• All proposed business must be subjected to independent scrutiny before trading takes place.

Are you onboarding too quickly?
• If you are, this is likely to be a red flag that the standard of due diligence being performed is inadequate.
o “It is the Authority’s view that [the] review of the KYC documents was rushed, given the commercial pressure… and therefore lacked an adequate level of scrutiny” (p.30)
Does a proposed arrangement veer from business that the firm is used to?
• If so, have you assessed whether personnel throughout your firm have the necessary skills, knowledge, and expertise to handle the business?
o For example, are staff involved in conducting due diligence familiar with business structures and typologies that are typical of the business proposed?
• Have you updated your policies and procedures to accommodate the new business?
• If a significant departure from an existing business model is being proposed, have you considered whether you need to inform the regulator? You may need to do this even if a proposed activity is technically within your firm’s existing permissions.
• This assessment should be conducted in the advance of the launch of each new business stream.

Have you ‘clocked’ situations requiring enhanced: (i) due diligence; (ii) scrutiny and (iii) ongoing monitoring?

• Example situations:
o complex scenarios, e.g. where several clients are connected by one ultimate beneficial owner (“UBO”);
o a prospective client is not physically present;
o reluctance or refusals to provide information;
o requests to enter into transactions at off-market rates, whether above or below traded price;
o a client’s trading starts to deviate from the purpose / intended nature of the business relationship declared during their onboarding; and
o a very young person has, for example, a large pension pot and is seeking to use this to engage in highly speculative investing.
• Remember: due diligence never sleeps – are the justifications for the frequency of your ongoing monitoring documented?
Are your employees clear that “medium” or “low” risk does not equate to “no” risk?
• How can you be sure that clients or introducers that are regulated or listed entities are applying robust systems and controls?
• The more complex a proposed business arrangement is, the less likely it is that merely obtaining proof that a client or introducer is regulated by the FCA or other regulator will be considered sufficient to meet a firm’s due diligence obligations.

Are you placing too much reliance on third parties?
• No matter how reputable a third party may be, their intermediation should never be seen as a substitute for one’s own understanding.
• A prospective client should never automatically be deemed to pose a lower risk just because it has been introduced by another regulated entity.
• Always keep your own records, never assume that reliance on third party systems is enough.
• In all cases, it is irrelevant whether you are just an agency broker and that clearing, settlement or the handling of monies takes place elsewhere.
Is the value of client categorisation as an early warning indicator recognised by the firm?
• Client categorisation should not just be perceived as a formalistic chore.
• If a firm’s permissions are limited, e.g. to dealing with certain categories of client or by conditions, an effective categorisation process can help ensure a firm stays within them.
• Furthermore, if a firm is starting to onboard higher numbers of, say, elective professional clients than previously, this could be an indicator that the firm’s risk profile is changing.
• A client’s consent to being treated as an elective professional client can never be assumed, positive affirmation must be received.
• Similarly, a firm would be wise to seek evidence to demonstrate that a client is eligible to be opted up from retail client status, as opposed to just relying on (possibly erroneous) self-certification.
• Again, a firm should not rely on client categorisations performed by third parties. A firm should always make a fresh assessment considering the products and services that it offers.
• Trading cannot start before the client categorisation process is complete. In certain situations, this could lead a firm to breach its permissions.
To summarise, question everything. You never can be too curious.
A.C.Culley & Co. has substantial experience of implementing compliance programmes at brokerage firms. Please contact us today on enquiries@acculley.com if you would like any assistance with your compliance programme.

References
2021. FCA fines Sunrise Brokers LLP £642,400 for serious financial crime control failings in relation to cum-ex trading. Available: https://www.fca.org.uk/news/press-releases/sunrise-brokers-llp-fine-serious-financial-crime-control-failings [Accessed 18th November 2021].
DISCLAIMER: All information and materials in this circular are provided on an ‘as is’ basis and are not intended in any way to be comprehensive. Anyone making use of this material does so at their own risk. The materials and opinions in this circular do not constitute advice. A.C.Culley & Co. accepts no responsibility and gives no representations or warranties, express or implied, that any of the information and materials in this circular are complete, accurate or free from errors or omissions. A.C.Culley & Co. reserves the right to update any of the documents, data and other information on in this circular at any time without notice. A.C.Culley & Co. is not a law firm and does not offer legal services.