Every business in the UK faces risks from financial crime – from financial institutions to wholesale energy providers, from manufacturers to retailers, from construction companies to estate agents, from media and telecoms providers to charities. Whatever your business, wherever you sit in the distribution chain, you should be aware of the vulnerabilities of your business model and take steps to mitigate those risks.

By following our top ten tips, businesses can be as well prepared as possible to address any issues that arise.

1. Know what laws apply

It may sound obvious, but it is critical to know the laws that apply. Everyone doing business in the UK is subject to the Proceeds of Crime Act 2002, Terrorism Act 2000 and other counter-terrorism legislation, Bribery Act 2010, the financial sanctions regime and the failure to prevent facilitation of tax evasion offences in the Criminal Finances Act 2017 (CFA). Many businesses, not only those regulated by the PRA and FCA, fall within the "regulated sector" and therefore must comply with the Money Laundering, Terrorist Finance and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). For example, commercial lenders, trust and company service providers, high value dealers – all of these must have in place the policies and procedures the MLRs require, and must register with the appropriate supervisory authority. So, know what laws, and indeed what industry and regulatory guidance apply.

2. Get your risk assessment right

The best policies stem from the most well thought-out risk assessments. All businesses have only finite resources, but focussing on the key risks your firm faces is resource well spent. Getting the risk assessment risk, and carrying it out holistically – all financial crime risk, all areas of business, all departments, will result in more user-friendly, practical and effective policies.

3. Get senior management understanding and backing

The best programmes are ones that senior management is behind. Statements of ethics publicly promulgated by senior management and HR structures that reward compliance are far more effective than policies that appear to be just another piece of bureaucracy.

4. Get the right teams involved

Financial crime prevention is not a job only for legal or compliance. Have a cross-unit group, involving also HR, procurement, accounts, business development, customer relations, IT... that way, risks from all perspectives can be identified and addressed.

5. Have relevant and fit-for-purpose policies

There is definitely no "one-size-fits-all" policy. The best policies are those that flow on from a proper risk assessment and spend the most time and detail on the areas of particular risk. For example, on assessing which customers are highest risk, and what due diligence should be carried out on them; or providing easy to follow guidance on the reporting of suspicions.

6. Check your third party contacts and contracts

Your potential liabilities do not extend only to the activities of your own staff. Getting due diligence right on those you do business with, particularly those in your supply chain who may be "associated persons" for Bribery Act and CFA purposes is key. As is making sure your contracts oblige them to be compliant with relevant laws in a way that they understand – so, requiring a small intermediary in South America, for instance, to warrant that they will "comply with the Bribery Act" is unlikely to be effective – the contract should explain precisely what you require.

7. Train your staff

Businesses that expect staff to read a dense set of policies are likely to find disengaged staff who do not understand the risks they face. Training that calls out the risks and requirements in a way staff understand will be far more effective. Where possible, train each department separately, so staff can appreciate how the policies relate to their jobs.

8. Monitor changes in law and compliance with policies

Once you have a set of policies, it is critical to keep it under review. Things changes, not only the laws, but also the business. If you enter a new business line or new geographical area, your policies will need review. It is also essential to have a compliance monitoring programme in place to check your policies work and that employees and, where relevant, agents, comply with them. A pristine set of unread policies is no good to anyone.

9. Learn from your (and others' mistakes)

There is an increasing body of war stories from those who have suffered prosecutions or regulatory enforcement actions for breach of financial crime prevention requirements. These published cases should be a prompt for all businesses – especially but not only those in a similar business to the censured entities – to assess whether they may face similar risks and can bolster their policies in any way.

10. If there's a problem, deal with it

Tempting though it may be to sweep a problem under the carpet and hope nobody notices, financial crime problems have a habit of becoming public. Self reporting may seem risky, and will certainly not guarantee no punishment, but the prosecuting authorities (SFO) and regulators (FCA) are usually at pains to give credit, in the form of lesser fines and punishments to those who proactively self-report and genuinely make every effort to address the problem. Asking your legal advisers for help is a good start – and don't wait until you know everything; speed is key.


Need help? We can help you with senior management briefings, designing your risk assessment, helping you with your policies and procedures, and training your staff and associates. And keep up to date with what's going on in financial crime prevention by subscribing to our FIN. update.