Your AML process is not the problem.
Your records are.

Under the Money Laundering Regulations 2017, your firm is judged during an FCA investigation on documented reasoning. Not what you did. What you can show.

If your records do not demonstrate why decisions were made, you are exposed to regulatory risk, MLR breach, and compliance failure.

See where you stand

The reality of an
FCA review

This is what an AML audit actually tests

How It works

Your AML systems produce reports. They show activity. They log actions.

That is not what the FCA is reviewing.

During an AML audit, your file is examined for judgement.

They will ask:

Why was this client accepted

Why was this risk rating assigned

Why were these checks considered sufficient

Why was enhanced due diligence not triggered

If the reasoning is not already documented, you do not get a chance to explain. You get a finding.

The Liability Gap

You are judged on what you can show, not what you did

Most firms believe their AML compliance is adequate because processes are followed and systems are in place.

But compliance is not based on activity. It is based on evidence.

If your file cannot demonstrate the reasoning behind a decision, that decision does not exist in the eyes of the regulator.

The 5 Year Exposure

Your biggest risk sits in your historical files. 

Your AML exposure does not sit in what you are doing today. It sits in what you did years ago.

Clients onboarded 2 to 5 years ago

Risk assessments made under old policies

Decisions based on judgement that was never recorded

Under FCA supervision, your entire client history can be reviewed. You will be expected to explain decisions made years earlier.

You will not be given time to reconstruct your thinking. If the reasoning is not in the file, the outcome is already defined.

This sits with you

This is not theoretical. It is personal

AML compliance is not fully delegated.

Directors are accountable for systems and controls under Regulation 21

MLROs carry personal liability under the Proceeds of Crime Act

If your records fail, responsibility does not sit with your system.

It sits with you.

For Directors

Who cannot delegate their Reg 21 liability for systems and controls.

Learn more

For MLROs

Who face personal exposure under POCA and need compliance that doesn't depend on their memory.

Learn more

Compliance depends on one thing.

Documented evidence of why decisions were made and why they were correct.

Not effort. Not process. Not intention.

If the FCA reviewed your files tomorrow, what would they see?

Most firms record actions. Regulators examine reasoning.

HaloAML ensures your records show the logic, judgement, and compliance thinking behind every decision.

get a compliance review
Speak to HaloAML