The FCA Just Showed Its Hand. Here's What It Means for You.

The following is a newsletter authored by Mathew Beale, Co-Founder & CEO, www.itrackaml.com

The FCA Just Showed Its Hand. Here's What It Means for You.

The FCA doesn't usually telegraph its priorities this clearly. Over the past few weeks, it has done so through speeches, multi-firm reviews, and public warnings.

If you read between the lines, the regulator has handed firms an unusually candid roadmap for what "good" looks like, and where it's planning to look next.

We've pulled together the key signals below, with our take on what they mean in practice and what iTrackAML users can already take comfort in.

1. Financial crime is now a board-level priority, not a back-office one

• In his recent speech, FCA CEO Nikhil Rathi placed financial crime at the centre of the regulator's five-year strategy, calling for a more joined-up approach between the FCA and industry.

What this tells us:

• The days of siloed, check-the-box enforcement are numbered.
• The FCA wants an ecosystem where firms and regulators share intelligence, not just paperwork.
• Firms that can show proactive risk management, not just retrospective reporting, will be in a stronger position, both with regulators and with the customers and partners who trust them.

What iTrackAML users can take comfort in:

• Your risk data isn't sitting in a spreadsheet waiting to be reconstructed for a regulator.
• It's live, structured, and ready to demonstrate proactive oversight whenever you need it.

2. The FCA just published its own CDD checklist

• Few publications have been this directly useful: the FCA's multi-firm review on customer due diligence lays out real examples of good and poor practice across CDD, EDD and ongoing monitoring.

What this tells us:

• Treat this as a benchmarking exercise, not background reading. Pull it up against your current CDD workflows and see where the gaps are.
• The firms that act on it now will be the ones with a paper trail to show for it later.

What iTrackAML users can take comfort in:

• Dynamic risk scoring and continuous monitoring are already built into your CDD and EDD process, so the "good practice" the FCA is describing isn't something you need to build from scratch.
• It's already how your workflow runs.

3. Sanctions controls still have real gaps, and the FCA has the data to prove it

• A review covering more than 150 firms found persistent weaknesses in sanctions screening, particularly around trade sanctions and oversight of third parties.

What this tells us:

• This has been a known risk area for years, and the FCA is signalling it's not going away as a supervisory focus.
• If your sanctions screening still leans heavily on manual review or infrequent checks, now is the time to revisit it.

What iTrackAML users can take comfort in:

• Sanctions and PEP screening run in real time, not on a periodic batch cycle, so the gaps the FCA found in trade sanctions and third-party oversight are exactly what your current setup is designed to close.

4. Enforcement is becoming quieter   and more data-driven

• In a recent speech, the FCA's Therese Chambers made the case that effective enforcement isn't just about headline cases.
• It's built on supervision, early detection, and technology working in the background.

What this tells us:

• The FCA is investing in its own analytical capability, which means it will increasingly be able to spot inconsistencies that firms might once have gotten away with.
• Manual, paper-based processes will become harder to defend, not because they're against the rules, but because they can't keep pace.

What iTrackAML users can take comfort in:

• You're already operating the way the FCA is now supervising, with technology doing the detection work in the background, not a once-a-year file review trying to catch up.

5. Market abuse detection is setting the bar for everyone else

• The FCA has reiterated that advanced data and intelligence tools are essential to catching market abuse early.
• This guidance is intended for market-facing firms.
• Still, the principle behind it applies more broadly: using modern technology to detect risk is quickly becoming the baseline expectation, not a nice-to-have.

What this tells us:

• This is no longer a market-abuse-specific message; it's a statement about supervisory expectations across the board.
• Firms relying on manual or periodic risk reviews in any area of financial crime will increasingly appear out of step with what the FCA considers standard practice.

What iTrackAML users can take comfort in:

• The same automation and analytics principle the FCA is describing for market abuse is already embedded in how your firm handles risk assessment more broadly; you're not waiting for this expectation to arrive.

6. Even football sponsorships are on the FCA's radar

• In a recent warning, the FCA flagged unauthorised crypto and trading platforms using football sponsorships to build credibility and reach new customers.

What this tells us:

• Third-party risk isn't confined to traditional counterparties anymore.
• Sponsorship deals, introducer relationships, and high-visibility partnerships all deserve the same due diligence rigour as any other onboarding decision.

What iTrackAML users can take comfort in:

• Third-party and introducer due diligence isn't a separate, bolted-on process for you; it runs through the same screening and risk-assessment workflow as every other relationship, so high-visibility partnerships don't slip through on lighter checks.

Where iTrackAML fits in

• None of this is about adding more process for its own sake. It's about being able to clearly and confidently show that your controls are working.
• That's exactly what iTrackAML is built for:
• Automated, risk-based CDD and EDD, with dynamic scoring and continuous monitoring
• Real-time sanctions and PEP screening, built into your risk workflows rather than bolted on
• Intelligent risk assessment that combines regulatory expertise with automation
• Third-party and introducer due diligence, so high-risk relationships get the scrutiny they deserve
• Full audit trails, so when the FCA (or whoever your regulator is) or your own board asks how you know your controls work, you have a clear answer

Further reading

• FCA: How we're working to fight financial crime
• Nikhil Rathi: Working together against financial crime
• Therese Chambers: Beyond the headlines
• FCA CDD review: good and poor practice
• FCA sanctions systems and controls review
• FCA warning on football sponsorship deals

Want to see how your current controls measure up?

• Book a personalised demo →

Stay compliant. Stay ahead. 😊

The iTrackAML Team itrackaml.com

This newsletter was authored by Mathew Beale, Co-Founder & CEO, www.itrackaml.com