The Financial Action Task Force (FATF) has recommended that the UK Financial Conduct Authority (FCA) consider the wider use of criminal background checks on owners and controllers of financial institutions.
This recommendation is aimed at ensuring that criminals and their associates are prevented from owning or controlling financial institutions.
The FCA currently conducts criminal background checks on a risk-based approach, meaning checks are performed when specific concerns about an individual’s fitness and propriety arise.
In line with the FATF recommendation, the FCA is now proposing to require controllers and beneficial owners to obtain criminal background checks from the Disclosure and Barring Service (DBS) (or equivalent for persons outside of England and Wales). This requirement will apply to those making an application for authorisation or registration with the FCA and for a notice of an intended acquisition or increase in control (‘change in control’ or ‘CIC’).
The FCA proposals will apply to the following persons:
- potential controllers submitting a CIC notice under Part XII of Financial Services and Markets Act 2000 (FSMA)
- controllers of firms applying to become authorised persons under FSMA (new firm authorisations (NFA)) (both Markets in Financial Instruments Directive (MiFID) and non-MiFID)
- individuals with a qualifying holding in a payment institution or e-money institution
- beneficial owners of Annex 1 financial institutions and cryptoasset businesses registered under regulation 54(1A) of the Money Laundering Regulations (MLRs)
- persons submitting a CIC notice in accordance with the MLRs, Payment Services Regulations 2017 (PSRs) and the Electronic Money Regulations 2011 (EMRs)
- controllers submitting an application or notification made to the PRA where the FCA is required to provide its consent or consultation (excluding appointed representatives (AR))
Subject to feedback from this consultation, the FCA proposes that this requirement will apply for all new applications or notifications submitted from January 2025 onwards. The change will not impact any applications or notifications submitted before this date, including those which have not yet been determined when the new requirements are introduced.
A standard DBS will contain details of both spent and unspent convictions, cautions, reprimands, and warnings that are held on the Police National Computer (PNC), which are not subject to filtering.
From January 2025, where an individual has submitted an application/notification within the preceding 6 months and a DBS check was undertaken, a new DBS check will not
be required. In respect to the variation of permissions (VoP) process, where a firm is already authorised or registered, FCA would not require the firm to request a DBS check, however, the firm should continue to ensure the fitness of its controllers and owners.
More information on the proposals can be found here.