AML frameworks for wealth managers: current expectations
Wealth management firms occupy a structurally elevated risk position within the UK's anti-money laundering framework. The combination of high-net-worth clients, complex asset structures, international relationships, and discretionary mandates creates conditions in which the proceeds of serious crime — corruption, fraud, and tax evasion in particular — can be placed and layered with relative ease. The FCA's repeated supervisory work in this sector, including its 2021 and 2023 reviews of private banking and wealth management AML controls, has found systemic weaknesses that have persisted across multiple assessment cycles.
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) require wealth managers to conduct risk-sensitive customer due diligence (CDD) at onboarding and on an ongoing basis. For higher-risk clients — including politically exposed persons (PEPs), clients from high-risk jurisdictions, and those with complex beneficial ownership structures — enhanced due diligence (EDD) is mandatory. The JMLSG Guidance, which the FCA treats as an industry standard, provides extensive guidance on what EDD should entail in practice: this includes understanding the source of wealth and source of funds, refreshing CDD at appropriate intervals, and ensuring that relationship managers can articulate why a client's activity is consistent with their profile.
The FCA's supervisory findings have consistently identified weaknesses in three areas: first, the inadequacy of risk-based approaches to periodic review — many firms conduct CDD reviews on a calendar basis regardless of risk level, rather than triggering reviews based on material changes in client circumstances or risk indicators; second, the failure to adequately challenge source of wealth explanations, with relationship managers accepting assertions without corroboration; and third, inconsistent application of PEP policies, particularly for domestic PEPs and close associates where the definition of enhanced scrutiny has been contested. Following the Financial Services and Markets Act 2023, the FCA has issued updated guidance on domestic PEP treatment requiring firms to apply a proportionate and risk-based approach rather than treating all PEPs as categorically high-risk.
Transaction monitoring remains a structural challenge. Many wealth managers rely on periodic review by relationship managers rather than automated rule-based or AI-assisted monitoring. The FCA expects firms to be able to demonstrate that their transaction monitoring capabilities are calibrated to the actual risk profile of their client base, that alert thresholds are set and reviewed rationally, and that the process for investigating and documenting alerts is documented and consistently applied. Suspicious activity reporting (SAR) rates that are materially below peer norms are a supervisory red flag and may trigger a skilled persons review.
Framework design priorities
Firms reviewing their AML frameworks should prioritise: a documented, risk-based approach to CDD refresh that goes beyond calendar scheduling; a structured EDD policy with clear evidentiary standards for source of wealth; a transaction monitoring capability that is proportionate to the firm's risk profile and documented in a written monitoring policy; and a culture of challenge in which compliance teams have genuine authority to escalate and, where necessary, exit relationships that cannot be satisfactorily risk-assessed.