E-Learning Login
Compliance Portal
June 23, 2026
The FCA has published a financial crime controls review of firms in the insurance sector, setting out the review findings and what insurance firms can do to improve their financial crime systems and controls. The FCA expects firms to maintain adequate and proportionate policies and procedures to counter the risk that they might be used to further financial crime. They should remain vigilant to evolving risks and invest in appropriate financial crime systems, controls and resources. The findings will be of interest to all insurers and insurance intermediaries.
The FCA reviewed the design of financial crime systems and controls across a selection of large insurance firms to see how effective they are. We found that they are mostly effective. There are areas, however, for some improvement and firms should follow good practice on risk assessments, client due diligence arrangements and transaction monitoring.
The findings are set out under the following headings:
- AML transaction monitoring
- Controls monitoring and testing
- Policies and procedures
- Roles and responsibilities
- Obligations management
- Third-party outsourcing
- Sector-specific findings
- Next steps
In retail insurance:
- Firms meeting the FCA’s expectations demonstrated strengths in systems and controls for sanctions, fraud risk management, and anti-bribery and corruption. The areas for improvement identified were risk assessment and policies and procedures. Our most recent Bulletin sets out practical guidance in relation to financial crime risk assessments.
In wholesale insurance:
- Firms meeting the FCA’s expectations demonstrated systems and controls which were typically either moderate or strong. There was strong effectiveness in anti-bribery and corruption, people and knowledge and sanctions. The areas for improvement identified were fraud risk management.
In retail insurance, the sector-specific findings included:
- Moderate effectiveness overall in financial crime systems and controls across large retail firms.
- Strengths in sanctions, fraud risk management, and anti-bribery and corruption control. This is consistent with the lower inherent anti-money laundering risks of these products, where financial crime exposure is more likely to arise from fraud and sanctions breaches.
- Risk assessment controls were assessed as weak, primarily due to limitations in evidence provided specific to individual business units.
- Client due diligence controls were weak across most large firms, largely because they had not fully documented their approach. As non-AML regulated entities, the extent of due diligence may be more limited, but best practice is to clearly document the rationale for any differentiated approach.
