A&O Shearman | FinReg | UK FCA findings of risk assessment processes and controls in firms
Financial Regulatory Developments Focus
This links to the home page
Financial Regulatory Developments Focus
Filters
Recent Posts
UK FCA findings on CFD providers' compliance with the consumer duty
Joint UK—Singapore report on tokenised assets and announcements on collaborative partnerships
UK FSCS update on compensation levy for 2025/26 and early view forecast for 2026/27

  • UK FCA findings of risk assessment processes and controls in firms
    November 11, 2025
    The UK Financial Conduct Authority (FCA) has published findings from a multi-firm review of business-wide risk assessments (BWRA) and customer risk assessments (CRA) as part of its financial crime supervisory work under the 2025–30 strategy. You may like to read our article "Financial Crime: The FCA's Strategy for 2025 – 2030" for further information on the strategy.

    The FCA found that while most firms maintain BWRAs, weaknesses remain in identifying, understanding and assessing risk. Common issues include failure to tailor assessments to specific business risks, lack of detail and evidence to support claims of being "low risk" and limited quantitative analysis. Examples of good practice include annual reviews of BWRAs, comprehensive assessments using both quantitative and qualitative analysis and tailored assessments aligned to the firm's business model, products and customers.

    On mitigating risk, the FCA found firms often consider financial crime risk in business strategy, growth, and product development, but integration between risk assessments, decision-making and monitoring activities is limited. Stronger firms are found to align compliance capacity with growth plans, track BWRA actions and embed financial crime risk across all business areas. Poor practice includes failing to scale CRAs and inadequate record-keeping.

    On managing risk, the FCA found many firms recognise the importance of governance and oversight, but senior management generally demonstrate greater understanding of fraud risk compared to other financial crime risks. Most firms have considered how to document and share risk assessments, but better-performing firms record discussions, changes and approvals. The FCA expects firms to understand their exposure to financial crime risk, maintain robust systems and controls, and review risk-based approaches regularly. The FCA will continue supervisory engagement to ensure firms consider these findings to drive improvements and reduce risk across the industry.

    Return to main website.
    Topics: Corporate GovernanceFinancial Crime and Sanctions