Executive Summary
The Financial Conduct Authority’s January 2025 thematic review on Money Laundering Through the Markets (MLTM) represents a watershed moment for capital markets compliance. Following their seminal 2019 review (TR19/4), this comprehensive assessment reveals both progress and persistent vulnerabilities in how wholesale brokers and market participants combat sophisticated money laundering schemes.
As someone who has supervised hundreds of firms and witnessed the evolution of financial crime typologies, I can confirm that this review should be mandatory reading for every MLRO, compliance officer, and senior manager operating in UK capital markets. The findings are stark: while some firms have made commendable progress, significant gaps remain in business-wide risk assessments, transaction monitoring systems, and suspicious activity reporting.
Key Statistics from the Review:
- 280 wholesale broker firms regulated in the UK with combined revenues exceeding £24 billion
- 75% of wholesale brokers reported no SARs to the NCA over five years
- MLTM SARs increased 1,582% year-on-year, yet usage remains inconsistent
- Sample firms represented 8% of yearly notional value and 21% of market share
Understanding Money Laundering Through the Markets: Definitions and Scope
What is MLTM?
Money Laundering Through the Markets (MLTM) represents the sophisticated use of capital markets infrastructure to disguise the origins of criminally generated funds, making them appear as legitimate trading profits. Unlike traditional money laundering schemes that rely on cash-intensive businesses or simple bank transfers, MLTM exploits the complexity, speed, and global nature of capital markets transactions.
Core Characteristics of MLTM:
- Complexity: Multi-layered transaction chains across jurisdictions
- Speed: High-frequency trading that complicates audit trails
- Volume: Massive transaction values that dilute suspicious activity
- Legitimacy Facade: Use of regulated entities and established market infrastructure
- Cross-Border Nature: Exploitation of jurisdictional gaps and information asymmetries
The Regulatory Framework
The FCA’s approach to MLTM supervision sits within a comprehensive regulatory framework:
Primary Legislation:
- Money Laundering Regulations 2017 (MLRs)
- Proceeds of Crime Act 2002 (POCA)
- Terrorism Act 2000 (TACT)
- Economic Crime and Corporate Transparency Act 2023 (ECCTA)
Key Regulatory Requirements:
- Regulation 18 & 18A MLRs: Business-wide risk assessments
- Regulation 28 MLRs: Customer risk assessments and ongoing monitoring
- Regulation 35 MLRs: Enhanced due diligence for PEPs
- Regulation 39 MLRs: Reliance on third parties
Wholesale Brokers: The Critical Control Point
Market Structure and Vulnerabilities
Wholesale brokers occupy a unique position in capital markets infrastructure, serving as intermediaries between institutional clients and trading venues. Their role creates both opportunities for effective controls and vulnerabilities for exploitation.
Broker Categories by Revenue (2023 data):
- >£1 billion: 6% of firms (major interdealer brokers)
- £100m-£1bn: 8% of firms (mid-tier specialists)
- £10m-£100m: 27% of firms (regional and niche players)
- £1m-£10m: 28% of firms (smaller intermediaries)
- <£1 million: 31% of firms (boutique operations)
Geographic Risk Distribution
The FCA’s analysis reveals significant international exposure across the wholesale broker sector:
Top Client Jurisdictions (excluding UK):
- France: Highest volume across all revenue tiers
- Germany: Significant presence in larger firms
- USA: Concentrated in high-revenue brokers
- UAE: Notable presence in £100m+ tier
- Singapore: Growing representation
This geographic diversity creates both opportunities for legitimate business and channels for illicit fund flows, particularly through high-risk corridors identified in the UK’s National Risk Assessment.
MLTM Typologies: A Comprehensive Analysis
Primary Typology Categories
Based on the FCA’s case studies and industry intelligence, MLTM typologies can be categorized into several distinct patterns:
1. Wash Trading and Circular Transactions
Description: Simultaneous or near-simultaneous buy and sell orders for identical instruments, often involving the same beneficial owner across multiple accounts.
Case Study Analysis: The FCA documented instances where counterparties included:
- Individual and legal entity with shared beneficial ownership
- Institutional and retail clients with trading authorization overlap
- Spouses or family members
- Individual accounts and joint accounts under single control
Red Flags:
- Identical transaction volumes on consecutive days
- Price execution outside normal market conditions
- Minimal economic rationale for position transfers
- Complex beneficial ownership structures
2. Pre-Arranged Trading
Mechanism: Execution of trades at predetermined prices that deviate from fair market value, effectively transferring value between parties.
Operational Indicators:
- Account funding just sufficient for margin requirements
- First trade executed immediately after account opening
- Transaction prices inconsistent with market conditions
- Device fingerprinting showing multiple accounts from same source
3. Free of Payment (FoP) Transfers
Structure: Movement of securities between custody accounts without corresponding payment, designed to create legitimacy for underlying assets.
Sophistication Levels:
- Basic: Direct transfers between related entities
- Advanced: Multi-hop transfers through legitimate intermediaries
- Complex: Integration with coupon payment streams to justify large cash flows
4. Network-Based Schemes
Organization: Coordinated activity across multiple small regulated entities with shared infrastructure or personnel.
Common Characteristics:
- Turnover disproportionate to trading activity
- Minimal web presence or corporate substance
- Shared addresses, auditors, or employees
- Reluctance to provide comprehensive source of wealth documentation
Emerging Typologies
Sanctions Circumvention
The FCA highlighted increasing use of capital markets to circumvent international sanctions, particularly following geopolitical developments:
Methodologies:
- Third-party payment structures obscuring beneficial ownership
- Corporate action manipulation (consent fees, dividend payments)
- Use of newly incorporated entities in high-risk jurisdictions
- Exploitation of timing gaps in sanctions implementation
Cryptocurrency Integration
While not extensively covered in this review, emerging intelligence suggests increasing convergence between traditional MLTM and digital asset schemes:
Convergence Points:
- Stablecoin backing through traditional securities
- Tokenization of traditional assets for laundering purposes
- Cross-platform arbitrage exploiting regulatory gaps
Business-Wide Risk Assessment (BWRA): Foundation of Effective Controls
Regulatory Requirements and Best Practice
The FCA’s findings on BWRA effectiveness reveal significant variation in approach and quality across the wholesale broker sector. Regulation 18 and 18A of the MLRs require firms to assess and document financial crime risks, yet many firms demonstrate insufficient consideration of MLTM-specific vulnerabilities.
Core BWRA Components for MLTM:
- Inherent Risk Assessment
- Control Effectiveness Evaluation
- Residual Risk Calculation
- Risk Appetite Alignment
- Continuous Monitoring Framework
Common BWRA Deficiencies
Generic Risk Assessments: Many firms employ template-based approaches that fail to reflect their specific business model, customer base, and market focus.
Insufficient MLTM Consideration: BWRAs often lack detailed analysis of capital markets-specific typologies, focusing instead on traditional banking risks.
Weak Documentation: Critical assessment methodologies, scoring rationales, and risk mitigation strategies are poorly documented or absent entirely.
Limited Senior Management Engagement: The FCA found instances where senior management could not adequately explain their firm’s financial crime risks or how controls mitigate them.
BWRA Excellence Framework
Quantitative and Qualitative Integration: Leading firms combine numerical risk scoring with detailed qualitative analysis, creating comprehensive risk profiles that inform control design.
Dynamic Risk Factors: Effective BWRAs incorporate both static factors (business model, geographic reach) and dynamic elements (market conditions, regulatory changes, threat intelligence).
Control Effectiveness Testing: Superior firms regularly test and validate their risk assessments through independent reviews, scenario analysis, and control effectiveness testing.
Customer Risk Assessment (CRA): Precision in Risk Identification
Regulatory Framework and Expectations
Customer Risk Assessment represents the cornerstone of effective MLTM prevention, translating business-wide risk understanding into customer-specific controls. Regulation 28(12) and (13) of the MLRs mandates comprehensive customer risk assessment, yet the FCA’s review reveals significant inconsistencies in implementation.
CRA Methodology Best Practices
Multi-Factor Risk Scoring: Leading firms employ sophisticated algorithms considering:
- Geographic Risk (30% weighting): Country of incorporation, operation, and beneficial ownership
- Customer Type (20% weighting): Regulated vs. unregulated entities, business model complexity
- Product/Service Risk (10% weighting): Instrument types, trading patterns, settlement mechanisms
- Relationship Structure (5% weighting): Intermediation chains, give-up arrangements
- Adverse Media/PEP (25% weighting): Screening results, politically exposed persons status
Geographic Risk Assessment Framework
The FCA highlighted sophisticated country risk assessment as a differentiator among leading firms:
Comprehensive Risk Factors:
- ML/TF Risk Indices: FATF evaluations, national risk assessments
- Sanctions Exposure: OFAC, EU, UN sanctions lists and risk corridors
- Corruption Metrics: Transparency International, World Bank governance indicators
- Criminal Environment: Global Initiative indices, organized crime assessments
- Regulatory Framework: AML/CFT regime effectiveness, international cooperation
PEP Categorization and Treatment
Domestic vs. Foreign PEP Distinction: The FCA noted limited compliance with Regulation 35(3)(A) requiring differentiated treatment of domestic and foreign PEPs.
Risk-Based PEP Controls:
- Foreign PEPs: Automatic enhanced due diligence, senior management approval
- Domestic PEPs: Risk-assessed approach, potentially standard due diligence
- International Organization PEPs: Case-by-case assessment based on role and jurisdiction
Know Your Customer (KYC) and Customer Due Diligence (CDD): Operational Excellence
KYC Framework Evolution
The FCA’s assessment reveals significant maturation in KYC processes since 2019, with firms increasingly adopting risk-based, technology-enabled approaches to customer onboarding and monitoring.
Electronic Onboarding Platforms
Technology Integration Benefits:
- Standardized data collection and validation
- Automated risk scoring and alert generation
- Comprehensive audit trails and documentation
- Integration with screening and monitoring systems
Implementation Considerations:
- Customer experience optimization
- Regulatory compliance validation
- Data quality and completeness controls
- Escalation and exception handling procedures
Source of Wealth and Funds Verification
Structured Verification Framework:
- Employment Income: CV verification, payslip analysis, tax return validation
- Business Income: Company accounts, ownership documentation, revenue verification
- Inheritance/Gifts: Legal documentation, bank statement verification, donor verification
- Investment Disposals: Transaction records, valuation evidence, proceeds tracking
- Other Sources: Independent verification requirements, documentary evidence standards
Ongoing Monitoring and Periodic Reviews
Risk-Based Review Cycles:
- High Risk: Annual comprehensive review
- Medium Risk: Three-year standard review
- Low Risk: Five-year light-touch review
Event-Driven Review Triggers:
- Adverse media alerts
- Sanctions/PEP screening hits
- Transaction monitoring alerts
- Regulatory intelligence updates
- Customer notification of changes
Transaction Monitoring (TM): The Technical Challenge
Current State Assessment
The FCA’s review reveals that transaction monitoring represents the most significant challenge for wholesale brokers in combating MLTM. Unlike retail banking scenarios with clear customer behavior patterns, capital markets transactions often appear legitimate in isolation, requiring sophisticated analytical approaches to identify suspicious activity.
Technology Limitations and Solutions
Current System Deficiencies:
- Generic Banking Focus: Most TM systems designed for traditional banking rather than capital markets
- Limited MLTM Scenarios: Few systems incorporate capital markets-specific typologies
- High False Positive Rates: Overwhelming compliance teams with irrelevant alerts
- Insufficient Cross-Asset Capability: Limited ability to correlate activity across instrument types
Next-Generation TM Architecture:
- Machine Learning Integration: Advanced pattern recognition for complex trading behaviors
- Cross-Market Correlation: Ability to analyze activity across multiple venues and asset classes
- Real-Time Processing: Immediate identification of suspicious patterns during trading hours
- Natural Language Processing: Analysis of communications and settlement instructions
Integrated TM/TS Framework
Collaborative Model Benefits:
- Shared Intelligence: Market abuse alerts informing ML investigations
- Resource Optimization: Combined expertise across surveillance functions
- Comprehensive Coverage: Holistic view of customer activity and market impact
- Enhanced Escalation: Clear pathways for dual STOR/SAR reporting
Operational Integration Strategies:
- Joint daily review meetings
- Shared case management systems
- Cross-training initiatives
- Combined reporting and MI frameworks
Manual vs. Automated Approaches
Hybrid Model Optimization:
- Automated Screening: High-volume, rule-based initial filtering
- Expert Analysis: Human review of complex patterns and relationships
- Escalation Protocols: Clear criteria for investigation and reporting
- Continuous Refinement: Regular tuning based on outcomes and feedback
Governance and Oversight: Senior Management Accountability
Regulatory Expectations
The FCA emphasizes that effective MLTM prevention requires active senior management engagement, not merely compliance delegation. Senior Management Functions (SMF) holders must demonstrate comprehensive understanding of their firm’s financial crime risks and control effectiveness.
SMF Responsibilities and Competencies
SMF16 (Compliance Oversight):
- Technical Expertise: Deep understanding of MLRs and MLTM typologies
- Control Effectiveness: Ability to assess and challenge control design and operation
- Resource Management: Ensuring adequate staffing and technology investment
- Stakeholder Engagement: Effective communication with regulators and law enforcement
SMF17 (Money Laundering Reporting Officer):
- Independence: Sufficient seniority and independence to challenge business decisions
- Technical Knowledge: Comprehensive understanding of MLTM risks and controls
- Investigation Skills: Ability to conduct thorough suspicious activity investigations
- Regulatory Liaison: Effective communication with UKFIU and other authorities
Board and Committee Governance
Risk Committee Responsibilities:
- Quarterly MLTM risk assessment reviews
- Annual control effectiveness assessments
- Resource adequacy evaluations
- Regulatory engagement oversight
Audit Committee Focus Areas:
- Independent control testing validation
- Management information quality assessment
- Regulatory compliance verification
- External audit coordination
Suspicious Activity Reporting (SAR): Quality and Effectiveness
UKFIU MLTM Glossary Code Usage
The FCA’s analysis reveals concerning gaps in MLTM SAR reporting, with many firms demonstrating limited awareness of the UKFIU’s specialized ‘XXMLTMXX’ glossary code introduced in May 2021.
SAR Quality Framework
Essential Components of High-Quality SARs:
- Clear Suspicion Articulation: Specific explanation of why activity is suspicious
- Comprehensive Context: Full customer background and relationship history
- Detailed Transaction Analysis: Complete description of suspicious transactions
- Investigation Documentation: Evidence of thorough internal review
- Risk Mitigation: Actions taken to address identified risks
Statistical Analysis and Trends
MLTM SAR Growth Patterns:
- FY 2019/20: 13 total SARs
- FY 2020/21: 42 total SARs (223% increase)
- FY 2021/22: 708 total SARs (1,582% increase)
- FY 2022/23: 1,284 total SARs (81% increase)
- FY 2023/24: 1,919 total SARs (49% increase)
DAML vs. Intelligence-Only Distribution:
- DAML SARs: 13.49% of total submissions
- Intelligence-Only SARs: 86.51% of total submissions
Sector-Specific Reporting Patterns
Primary Reporting Entities (FY 2023/24):
- Banking Sector: 60%+ of MLTM SARs
- Financial Services: 20%+ of MLTM SARs
- Accountancy: <5% of MLTM SARs
- Virtual Assets: <5% of MLTM SARs
- Legal Sector: <5% of MLTM SARs
Training, Resources, and Organizational Capability
Capability Development Framework
Effective MLTM prevention requires sophisticated organizational capabilities spanning technical expertise, analytical skills, and regulatory knowledge. The FCA’s review highlights significant variation in how firms approach capability development.
Role-Specific Training Programs
Front Office Training:
- MLTM typology recognition
- Customer behavior analysis
- Escalation procedures and thresholds
- Regulatory obligations and protected disclosures
Middle Office Training:
- Settlement anomaly identification
- Payment instruction analysis
- Cross-border transaction risks
- Documentation requirements and verification
Compliance Function Training:
- Advanced investigation techniques
- SAR quality and submission processes
- Regulatory liaison and communication
- Technology tool optimization
Resource Allocation Best Practices
Staffing Considerations:
- Customer-to-staff ratios by risk category
- Peak workload management and surge capacity
- Specialized expertise vs. generalist coverage
- Technology augmentation and efficiency gains
Technology Investment Priorities:
- Core TM system capabilities and customization
- Data analytics and visualization tools
- Workflow management and case tracking systems
- Integration platforms and API development
Regulatory Enforcement and Future Outlook
Enforcement Trends and Penalties
While the FCA has not published specific enforcement statistics for MLTM violations, broader financial crime enforcement trends indicate increasing regulatory focus and penalty severity.
Recent Enforcement Themes:
- Systems and controls failures resulting in significant fines
- Senior management accountability and personal penalties
- Remediation requirements and ongoing monitoring
- Public censure and reputational impact
Future Regulatory Developments
Technology and Innovation:
- Artificial intelligence and machine learning applications
- Distributed ledger technology and digital assets integration
- RegTech collaboration and standardization initiatives
- Cross-border data sharing and analytics platforms
International Coordination:
- Enhanced information sharing protocols
- Standardized typology classification systems
- Joint supervision and enforcement initiatives
- Global regulatory technology standards
Implementation Roadmap: Practical Steps for Firms
Immediate Actions (0-6 months)
Priority 1: BWRA Enhancement
- Conduct comprehensive MLTM risk assessment review
- Document specific capital markets typology risks
- Validate control effectiveness against identified risks
- Establish clear risk appetite statements and tolerances
Priority 2: SAR Process Improvement
- Train relevant staff on UKFIU MLTM glossary code usage
- Review and enhance SAR quality assurance procedures
- Establish clear escalation criteria and investigation protocols
- Implement outcome tracking and effectiveness measurement
Priority 3: TM System Optimization
- Review current alert configuration and effectiveness
- Implement MLTM-specific scenarios and rules
- Enhance integration between TM and TS functions
- Establish clear false positive management and tuning procedures
Medium-Term Developments (6-18 months)
Technology Enhancement:
- Evaluate and implement advanced analytics capabilities
- Enhance data integration and correlation functionality
- Develop comprehensive management information dashboards
- Implement automated workflow and case management systems
Capability Building:
- Develop specialized MLTM expertise within compliance function
- Establish industry intelligence sharing relationships
- Create comprehensive training and competency frameworks
- Implement regular control effectiveness testing programs
Long-Term Strategic Initiatives (18+ months)
Innovation and Transformation:
- Evaluate emerging RegTech solutions and AI applications
- Develop predictive analytics and machine learning capabilities
- Establish strategic partnerships with technology providers
- Create industry-leading best practices and thought leadership
Regulatory Leadership:
- Participate in industry working groups and standard-setting initiatives
- Contribute to regulatory consultation and policy development
- Share anonymized intelligence and best practices with industry peers
- Establish centers of excellence and knowledge sharing platforms
Conclusion: The Path Forward
The FCA’s 2025 MLTM thematic review represents more than a regulatory assessment—it provides a roadmap for transforming capital markets’ resilience against financial crime. As someone who has witnessed the evolution of money laundering schemes from simple structuring to sophisticated market manipulation, I can attest that the current threat environment demands unprecedented collaboration between regulators, firms, and technology providers.
Key Success Factors:
- Leadership Commitment: Senior management must demonstrate active engagement and resource commitment
- Technology Investment: Firms must embrace advanced analytics and AI-driven solutions
- Industry Collaboration: Enhanced information sharing and best practice development
- Regulatory Partnership: Constructive engagement with FCA and law enforcement agencies
- Continuous Evolution: Adaptive approaches that evolve with changing threat landscapes
The wholesale broker sector stands at a critical juncture. Firms that embrace comprehensive MLTM prevention frameworks will not only achieve regulatory compliance but will also position themselves as trusted partners in the global financial system. Those that fail to adapt risk not only regulatory sanction but also exclusion from an increasingly sophisticated and interconnected marketplace.
The fight against money laundering through the markets requires technical expertise, operational excellence, and unwavering commitment to integrity. This review provides the foundation—now it’s up to each firm to build upon it.