FCA publishes findings on review of risk assessment processes
On 11 November 2025 the Financial Conduct Authority (FCA) shared the findings of a multi-firm review focussing on business-wide risk assessment (BWRA) and customer risk assessment (CRA) processes. The review forms part of the FCA's ongoing effort to combat financial crime, as outlined in its 2025 to 2030 strategy publication.
Scope of the review
The FCA's review assessed the BWRA and CRA processes of a range of financial services firms, such as building societies, e-money payment firms and wealth management firms.
Firm controls were evaluated against several key regulatory frameworks and guidance documents, including (but not limited to) the Money Laundering Regulations 2017, the Financial Crime Guide, and the Joint Money Laundering Steering Group guidance.
Identifying, understanding and assessing risk
The FCA found that while most firms it reviewed had implemented a BWRA, many failed to identify relevant risks or tailor their assessments to their specific business. Additionally, some firms struggled to explain how they were managing and mitigating the risks they had identified.
Mitigating risk
The FCA's findings indicate that financial crime risk is often considered in business strategy, growth and product development, but there is little evidence of how risk assessments, monitoring and decision-making are joined up.
Few firms had documented actions arising from their risk assessments.
Managing risk
The FCA found that many firms recognise the importance of governance and oversight, but senior management often focuses more on fraud risk than other financial crime risks.
Conclusion
The FCA’s findings highlight the importance of robust and tailored risk assessment processes. While many firms seemed to have demonstrated awareness of their obligations, the FCA's review reveals significant gaps in the identification, mitigation, and management of risks faced by some of the businesses having taken part in the multi-firm review.
Firms are encouraged to reflect on the FCA's findings and review their own risk assessment frameworks and overall risk-based approach to systems and controls.
If you would like to discuss the FCA’s findings further or explore how they may apply to your business, please contact Terence Dickens or Gena Ritchie.
Get in touch today
Are you looking for legal services?
Fill out our form to find out how our specialist lawyers can help you.