The review aims to raise standards across firms by sharing examples of good practice and highlighting key failings identified across firms.
The outcome of the review focusses on 3 core areas:
Key failings highlighted in the findings include:
❌ Policies and procedures lack sufficient detail including undefined periods for periodic reviews and alternative methods for ID&V;
❌ Failure to document key pieces of information, such as the purpose and intended nature of the business relationship, or the completion of EDD measures;
❌ Weak governance, including unclear requirements on senior management approval; and
❌ Lack of independent second-line assurance, with the same staff responsible for onboarding and review.
Firms should take actionable steps to align with the best practice outlined in the findings, including:
✅ Adopting a purposeful approach to CDD/EDD, with requirements linked to regulatory obligations and clear rationale;
✅ Enabling exceptions and failure management, including the effective use of alternative forms of ID&V;
✅ Maintain a tailored approach to EDD ensuring the additional requirements to CDD are clear and measures are evidencable;
✅ Avoid a tick-box approach and ensure the purpose of CDD/EDD is clearly ‘lived’ in practice with any gap robustly identified and reported through the appropriate governance forums; and
✅ Use of independent assessments to review CDD processes, alongside established internal audit reviews of CDD systems and controls.
💡 Plenitude’s Advisory & Transformation Services support firms in conducting independent assessments to proactively identify control gaps and strengthen CDD/EDD frameworks. Visit our website for more information: https://www.plenitudeconsulting.com/services/advisory-and-transformation