FCA chief executive Nikhil Rathi gave a speech this week that deserves more than a skim-read. Speaking on 14 May, he described financial crime as a "threat to national security" — language we don't hear often from regulators.
For independent financial advisers, the speech signals a shift in how the FCA expects firms to approach financial crime prevention. Here's what it actually means for your practice.
The headline message
Rathi's core argument is that financial crime has evolved faster than the industry's defences. Criminal networks are more organised, more technologically sophisticated, and better connected across borders than ever before.
The FCA's response? They're moving away from treating financial crime as something individual firms handle in isolation. Instead, they want a "system-wide" approach involving better information sharing between firms, smarter use of technology, and deeper collaboration with law enforcement.
This isn't just rhetoric. The FCA has already demonstrated its willingness to act — three arrests were made just two weeks ago in connection with suspected unlawful financial promotions. The regulator is backing up speeches with enforcement.
What this means for IFAs specifically
You might read "financial crime" and think this applies mainly to banks and large institutions. That would be a mistake.
The FCA has made clear that firms of all sizes are expected to play their part. The Solicitors Regulation Authority has been fining firms as small as sole practitioners for AML failures — with penalties starting from just £658. The principle applies equally to FCA-regulated advice firms.
Three areas deserve your attention:
1. Client due diligence isn't a box-ticking exercise anymore
Rathi specifically mentioned "smarter use of technology" in fighting financial crime. The implication is clear: manual, paper-based KYC processes that haven't changed in a decade won't cut it.
This doesn't mean you need enterprise-grade software. But it does mean your client onboarding should include:
- Electronic identity verification (not just photocopies of passports)
- Sanctions and PEP screening that's actually current
- Source of funds documentation that goes beyond a salary slip
If a client is investing £150,000 and your file contains nothing about where that money came from, you have a problem.
2. Ongoing monitoring is the new battleground
The FCA's emphasis on information sharing suggests they're increasingly interested in what happens after onboarding. Are you reviewing client circumstances periodically? Would you notice if a long-standing client's transaction patterns suddenly changed?
For most IFA practices, "ongoing monitoring" has meant an annual review meeting. That's not what the FCA is talking about. They want firms to have systems that flag unusual activity — a client who's never touched their pension suddenly requesting maximum drawdown, for instance, or a pattern of third-party payments that doesn't match the client's stated circumstances.
3. Your reporting obligations are being watched
Rathi's speech touched on collaboration with law enforcement. Translation: the FCA wants to see more Suspicious Activity Reports (SARs) from advice firms, and they want those reports to be useful.
In 2024, the National Crime Agency received over 900,000 SARs. The vast majority came from banks. Advice firms submitted relatively few. The FCA would like that to change.
If you've never submitted a SAR, ask yourself honestly: is that because you've genuinely never encountered anything suspicious in years of practice? Or is it because you're not sure what threshold warrants a report?
The legal position is clear: you must report if you know or suspect money laundering. "Suspect" is a low bar. If something feels wrong, report it.
Practical steps to take this month
Review your AML policy. When did you last actually read it? Does it reflect how you operate today? Most firm policies were written years ago and haven't kept pace with either the business or the regulatory environment.
Check your training records. Everyone in your firm who handles client money or client information needs documented AML training. Annual refreshers aren't optional.
Audit five client files at random. Look specifically at source of funds documentation and identity verification. If you find gaps, you've found your priority.
Test your SAR process. Does everyone in your firm know how to escalate a concern? Do they know who your MLRO is? Would they feel comfortable raising a suspicion about a valuable client?
The bigger picture
Rathi acknowledged the FCA "cannot prosecute its way out of the problem." But that doesn't mean enforcement is softening. It means the regulator is adding prevention and disruption to its toolkit while maintaining its willingness to act against non-compliant firms.
For IFAs, the message is straightforward: financial crime prevention is no longer something you can treat as a compliance afterthought. The regulator expects it to be embedded in how you run your practice.
The firms that take this seriously will find it's actually good for business. Robust financial crime controls protect your clients, protect your PI insurance, and protect your reputation. The firms that don't will eventually find themselves explaining their approach to the FCA.
That's not a conversation anyone wants to have.
PostGuard automatically checks your social media posts against FCA financial promotion rules before you publish. Catch problems before the FCA does — start with 3 free checks at postguard.online