Building Trust: A blueprint for programmable finance
The FCA’s review exposed deep AML gaps for two-thirds of UK corporate-finance firms— and signals how policymakers and markets can design systems that prove trust.
tl;dr:
The FCA’s latest review reveals systemic AML weaknesses across UK corporate-finance firms — a signal that the next phase of regulation will be built through design, not disclosure.
This essay decodes what the findings mean for market credibility and programmable finance — outlining how policymakers, builders and investors can engineer systems that prove trust in real time.
🧩 Part I: The Architecture of Compliance Under Stress
The City’s compliance layer has quietly failed a stress test.
In October, the Financial Conduct Authority (FCA) published its review of financial-crime controls across the UK’s corporate-finance sector — revealing not misconduct, but structural fragility.
In this essay, I unpack what the FCA’s findings reveal about the architecture of compliance, why these gaps threaten market credibility, and how the same design principles will shape the next generation of digital-finance and regulatory systems.
The lesson runs deeper than regulation. As finance becomes programmable, trust is shifting from institutions to infrastructure — turning oversight into an engineering challenge. The rules of supervision are evolving into design principles for proof-based systems, where credibility is demonstrated in real time, not declared after the fact.
The firms that originate deals and connect issuers to investors still operate on frameworks too thin for modern AML and compliance design — and that weakness, more than any bad intent, defines the architecture problem the FCA has revealed.
Trust must now be engineered, not assumed — through automated, AI-assisted verification that detects risk before it compounds.
Let’s dive in:
🧩 Inside the FCA’s Corporate-Finance Review: signals for the new architecture of trust in finance
The Financial Conduct Authority has published new findings on financial-crime controls across the UK’s corporate-finance sector — the network that channels capital to enterprise and sustains the City’s competitiveness.
Of the 303 firms assessed, 270 responded, and the results were sobering: about two-thirds fell short of one or more obligations under the Money Laundering Regulations.
What emerges is not a story of isolated failure but of systemic fragility in the UK’s compliance architecture — a quiet signal that the integrity of capital markets now depends on how effectively they can prove it.
🏢 Firm Profile: The Middle Layer of the City
Corporate-finance firms are the nervous system of the UK’s capital markets — small, highly specialised, and structurally under-examined.
The FCA’s portfolio covers around 440 CFFs, ranging from
Boutique advisory houses focusing on M&A and private placements
Corporate brokers and Nomads guiding listings on AIM
Specialist debt, restructuring, and fundraising advisers
Principal firms supervising networks of smaller appointed representatives (ARs)
Most are non-bank intermediaries — they do not hold client money or operate trading platforms.
Instead, they connect issuers with investors, structure deals, and advise management teams.
Their scale is modest:
Typically under 50 employees, often structured as LLPs or small corporates.
Compliance teams are thin — one officer or consultant may cover AML, CDD, and governance.
Many rely more on relationships than documentation.
That’s what makes this survey crucial: these firms don’t move large flows like banks or payment platforms — but they originate the capital deals that feed the markets.
If the origination layer is weak on financial-crime controls, the integrity of the capital pipeline is compromised before money even moves.
The FCA’s findings are therefore less about enforcement and more about architecture — the thin connective tissue between capital and compliance.
🔍 Mapping the Compliance Gaps
The FCA’s review operates less as an audit and more as an X-ray of the City’s compliance architecture — exposing the points where oversight weakens, records stop, and accountability fades.
Weak Controls
11% of firms have no documented business-wide risk assessment.
10% keep no customer-due-diligence records.
27% lack formal customer-risk assessments.
29% of principal firms don’t assess the financial-crime risks of their ARs.
Several admitted to having no audits, no site visits, or monitoring.
Positive Practices
97% report regularly to senior management on financial-crime matters.
72% use structured risk-assessment forms.
Some maintain live risk registers — evidence that good governance can scale without bureaucracy.
Viewed together, these figures outline a fragmented compliance landscape — isolated pockets of robust governance surrounded by gaps wide enough for systemic risk to slip through. They confirm that the challenge for most firms isn’t awareness — it’s execution and evidence.
The FCA’s data points toward a single conclusion: trust collapses where systems stop recording it, and resilience begins only when oversight becomes continuous.
The gaps uncovered aren’t isolated weaknesses — they point to a deeper question of what sustains trust when systems fail to record it.
🧭 Why Financial Crime Controls Matter for Market Trust
The regulator’s message is quiet but sharp: relationships aren’t controls.
CFFs often rely on personal networks and long-standing ties — but the regulator is drawing a hard line between trust and traceability.
In practice, this report signals a renewed focus on documentation as enforcement: if it isn’t written, logged, and reviewable, it doesn’t exist.
The UK’s capital-markets plumbing runs through these mid-tier firms. Weak AML frameworks here don’t just create compliance risk — they erode the credibility of listings, M&A, and private placements that feed the market’s growth.
💡 The same principle that safeguards the City’s analogue firms will soon define the digital perimeter: trust must be proven by design, not declared by policy.
The City’s weaknesses are architectural, rather than procedural — and their repair will come not from new rules, but new systems.
The following section sketches the blueprint: how compliance, redefined in code, becomes the new architecture of digital trust.
🔒 Subscribe to unlock the forward-looking framework and the practical design principles for builders, policy makers and market participants.