UK: Can I outsource AML and sanctions compliance, KYC and CDD requirements for my UK financial services firm to third parties?

Outsourcing internal functions to third parties or to group entities in third countries with lower overhead costs, is a cost-effective way to meet the practical elements of UK regulatory compliance. However, it is not possible for a financial services firm to outsource liability for regulatory compliance, even if a third party undertakes the practical steps. 

The UK’s Financial Conduct Authority (“FCA”) will reject applications where: 

1. it does not consider the application firm to have adequate senior management resident in the UK; and 
2. it believes that you outsource too much of your compliance functions and / or you have inadequate controls over the provision of the compliance function.

If you wish to outsource internal functions, you must be able to demonstrate that you have (i) appropriate management resident in the UK, (ii) conducted appropriate pre-contracting due diligence on outsource providers, and (iii) put provisions in place for the firm to bring outsourced functions back in-house if compliance standards are not being met.

Learn More: 

• UK Founder Series: Financial Services Startups
• Glossary: Financial Conduct Authority

Related FAQs

• UK: What’s the best way to get my UK financial services firm authorised?
• UK: What are the requirements for "regulatory capital" for a financial services firm?
• UK: What approach should I take to the UK’s financial regulatory regime in my position as a founder?
• UK: What’s the most cost effective way for my UK financial services firm to manage its compliance obligations?
• UK: Can I offer shares or share options to early team members of my UK financial services firm?
• UK: If my financial services firm is incorporated in the UK and the business operates globally, where do we stand with regulation?