A lively panel discussion at this year’s annual conference of the Institute offered a refreshingly honest take on how firms can, and should, respond when regulators come knocking. Drawing on deep experience from enforcement, legal, and in-house roles, the panellists shared practical advice, common missteps, and thoughtful reflections on what effective engagement with the regulator really looks like.

The key message? There is no great mystery to handling regulatory scrutiny well, but it does require clarity, consistency, and preparation long before any formal investigation begins.

One of the recurring themes was the importance of early recognition. Problems rarely appear overnight. They tend to unfold gradually, through inspections, questions, or informal discussions. However, many organisations are slow to spot the warning signs or hesitate to escalate internally. This delay, even when unintentional, can frustrate regulators and make a relatively minor issue harder to resolve.

When a firm is under the spotlight, leadership matters. The best responses come from organisations that take clear ownership, avoid finger-pointing, and understand the importance of coordination. Having a single point of contact to manage regulator engagement is essential. Not only does this ensure a consistent message, but it also helps maintain oversight of what’s being shared and how.

The discussion highlighted the value of striking the right tone. Regulators expect firms to be open, but not passive. A defensive or overly legalistic approach rarely plays well, but nor does offering up too much, too soon, without thinking through the implications. A measured, professional stance that balances cooperation with careful control over scope and messaging is far more effective.

Clarity is especially important when it comes to scoping. Ambiguous commitments can lead to misunderstandings and increase the risk of scope creep, particularly in remediation plans. If a firm agrees to refresh KYC across all high-risk clients, for instance, it must be able to define that group precisely and deliver against that promise.

Another area where firms can help themselves is through practical preparation. Project management, though not the most glamorous topic, emerged as a critical factor. Firms that have planned and tested their internal response processes in advance tend to perform far better when real scrutiny arrives. That includes knowing who needs to be in the room, how to mobilise support quickly, and how to manage delivery across different teams and jurisdictions.

Several panellists also spoke in favour of disclosing related issues early, where appropriate and relevant. While this can feel risky, especially in the moment, it often pays off in the longer term by building trust. Regulators understand that problems can arise, but they are less tolerant of surprises or withheld information. The real objective is not just to fix a single issue, but to demonstrate that the organisation takes its responsibilities seriously and is committed to doing better.

Looking ahead, the conversation turned to future areas of regulatory focus. While KYC and transaction monitoring remain critical, the panel noted increasing attention on whistleblowing, sanctions compliance, and data management. The FCA’s ambition to become a data-led regulator will place pressure on firms to produce timely, accurate, and meaningful information. Other areas likely to see more attention include payments firms, market conduct, and firms operating across jurisdictions, particularly where UK branches of overseas entities are concerned.

The panel also touched on the value of bringing in outside help early, particularly at the scoping stage. External advisers who have seen multiple investigations can help frame a proportionate response and ensure that commitments are realistic. For firms with limited in-house capacity, this kind of support can make a real difference.

Perhaps one of the most helpful points came in response to a question about unstructured regulatory visits. It’s not unusual for firms to receive a visit with one agenda, only for the discussion to shift once it begins. While this can be frustrating, the advice was to remain calm, note any unexpected changes, and explain when time is needed to provide a more developed answer. Transparency is important, but so is the ability to set clear boundaries when appropriate.

The above does not mean firms need to be flawless, only that they approach these moments with honesty, preparation, and a clear plan. For financial crime professionals, the message is a simple one: stay alert, stay organised, and don’t wait until the letter arrives to get your house in order. The best responses don’t begin with the knock at the door, they start well before it.

Tom Vidovic is a senior financial crime compliance specialist. He held several roles in the financial services industry as well as the consulting sector, including as Financial Crime Advisory Manager for Deloitte; Associate Director, FCC Controls for Standard Chartered Bank; Financial Crime Forensic Manager for KPMG; and FIU Financial Crime Consultant for Wells Fargo; and most recently as Nominated Officer for a foreign bank. He is a Certified Fraud Examiner, Certified Anti-Money Laundering Specialist, and holds an MBA in Sustainable Finance. 

The Institute of Money Laundering Prevention Officers trading as The Institute. © Copyright Institute of Money Laundering Prevention Officers. All rights reserved.
Log in | Powered by White Fuse