On 28 November 2025, the Financial Conduct Authority (FCA) published a Final Notice in respect of the Institute of Certified Bookkeepers (ICB), imposing a public censure for breaching certain provisions of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017) due to serious deficiencies in its anti-money laundering (AML) supervision.
Key takeaways
Key takeaways are set out directly below, but for more details on the findings see our ‘Notice in a nutshell’ table beneath these:
Expectations of a professional body supervisor (PBS): This Final Notice marked the first time the FCA has censured a PBS, demonstrating that it is prepared to take enforcement action against such bodies where it considers their oversight of members falls below expected standards. Firms may see this reflected in their future interactions with a PBS as such bodies seek to learn lessons and avoid similar failings.
Knowledge of internal systems: Firms need to ensure that electronic systems, software and other tools they use are properly understood by their staff and that knowledge is maintained notwithstanding staff departures. The software used by ICB was not well understood by its staff. Members of staff who had been involved in the most recent update of the algorithm had left; no one at ICB could find a copy of the algorithm or instructions given to the software company which had designed it; and the software company responded to a request by providing an out-of-date version. No one at ICB had access to or had reviewed the risk rating algorithm and it was not updated to reflect evolving concerns. This has potential read across for other forms of technology including those using artificial intelligence and emphasises the importance of ensuring robust governance around technology use.
Record-keeping: Clear records of decisions taken in relation to supervisory actions should be maintained and kept up to date including supporting documentation in relation to key decisions with a clear rationale. Despite considering inspections vital to its risk-based approach to supervision, ICB did not record a reasoned explanation for the decision to suspend them, and the investigation identified internal emails referencing a lack of clear record-keeping at ICB.
Key information
Decision maker
FCA Settlement Decision Makers
Firm
Institute of Certified Bookkeepers, an international PBS for bookkeepers
Related decisions
None
Sanction
Public censure.
Note: The FCA does not have the power to impose a financial penalty on a PBS.
Settlement
Yes
Provisions
Regulation 16 of the Oversight of Professional Body Anti-Money Laundering and Counter Terrorist Financing Supervision Regulations 2017
Regulations 17(8), 46(1), 46(2)(a), 46(2)(c), 46(2)(d) and 46(4)(b) of the MLRs 2017
Relevant period
1 January 2022 to 26 July 2023
Factual findings
AML software issues
The MLRs 2017 required ICB to carry out risk assessments and formulate risk profile scores for its members and use this information to inform its supervision of them.
ICB used AML software for these purposes and required members to input data using an algorithm to allocate members’ risk scores.
From 1 January 2022 to 16 October 2022, there were known issues with the data and provision of information by ICB members. In breach of ICB’s professional conduct rules, large numbers of its members were either not using the AML software or failing to keep their information up to date.
Additionally, ICB’s key staff responsible for compliance and targeting supervisory activity did not fully understand how the software calculated member risk profiles which meant ICB did not regularly review or validate risk categories and its methodology for categorising risk. The algorithm had last been updated several years previously by staff who were no longer at ICB; no one could locate a copy of the algorithm or the instructions to the software company which had designed it; and the software company responded to a request by providing an out-of-date version. No one at ICB had access to or had reviewed the risk rating algorithm and it was not updated to reflect evolving concerns.
As a result, ICB’s compliance team had limited confidence in the accuracy of the risk assessments and risk profiles being produced and could not use the output to reliably target its supervisory activities (for example, to plan inspections).
ICB’s supervisory activity (including inspections) was driven primarily by whether or not members were using the software and keeping their data on it up to date.
Inspection suspension period
On-site and Zoom inspections were ICB’s most in-depth and intensive supervisory tools and its only opportunity to review members’ policies and procedures.
However, in light of the issues identified with the AML software, from 17 October 2022 to 26 July 2023 on-site inspections and Zoom inspections were suspended (unless already arranged).
No consideration was given to mitigating the impact of this on ICB’s ability to adequately supervise its members. ICB did not have appropriate processes or strategies to monitor or inspect its members or take necessary measures to ensure compliance with the MLRs 2017.
ICB compliance staff repeatedly escalated concerns that inspections should be recommenced as soon as possible, but ICB failed to take timely action.
Reasons put forward for the suspension of inspections by ICB in correspondence with the Office for Professional Body Anti-Money Laundering Supervision and interviews with the FCA were inconsistent and did not justify the nine-month suspension period.
ICB maintained poor records of its supervisory activities and decisions during the suspension period, including absence of supporting documentation relating to the decision to suspend inspections.
During the suspension period, ICB conducted onboarding interviews and approvals work, education activities for members and a remediation project to improve the integrity of the data held, but these did not constitute credible alternatives to inspections.
ICB had engaged constructively and worked to address these concerns, including improving staff’s understanding of how the algorithm used by the AML software generated risk profiles for members.
Failings
Breach of regulations 46(2)(a) and (c) and 46(1) of the MLRs 2017: As ICB did not have reliable risk profile scores to target its inspection activity on its highest risk members, it had failed to take an adequate risk-based approach to the exercise of its supervisory functions, which was further exacerbated by ICB not having appropriate processes or strategies to monitor or inspect its members during the suspension period.
Breach of regulations 46(4)(b) of the MLRs 2017: ICB was required to take appropriate measures to review the adequacy of its members’ policies, controls and procedures, and the way in which those policies, controls and procedures had been implemented, which it had been unable to do during the suspension period.
Breach of regulation 17(8) of the MLRs 2017: ICB failed to regularly review or validate its risk categories and methodology for categorising risk.
Breach of regulation 46(2)(d) of the MLRs 2017: ICB failed to maintain written records of its supervisory activities and decisions during the suspension period.
/Passle/6182994d49b2340a4c485aab/SearchServiceImages/2026-01-06-14-35-34-434-695d1db6d11cd484ab248072.jpg)
/Passle/6182994d49b2340a4c485aab/SearchServiceImages/2026-01-23-13-56-25-555-69737e097e5ca2c02909eb9d.jpg)
/Passle/6182994d49b2340a4c485aab/SearchServiceImages/2026-01-21-10-18-51-102-6970a80b18495354879275c5.jpg)
/Passle/6182994d49b2340a4c485aab/SearchServiceImages/2026-01-15-05-13-40-725-69687784795a8a75bc6bc9e5.jpg)