Today (10 January 2020), the majority of the Money Laundering and Terrorist Financing (Amendment) Regulations 2019 ('the Regulations') entered into force.
The Regulations implement the fifth EU money laundering directive in the UK through amending the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
Following departure from the EU, the UK is not expected to take an any less intensive approach to financial crime than previously. In particular, much of the regulation regarding anti-money laundering is driven by FATF. Therefore, we anticipate UK regulation in this area to be less impacted by departure from the EU than other areas of regulation.
We set out below five features of the Regulations which may be of particular interest to financial institutions.
Expansion of the regulated sector
The Regulations expand the regulated sector to bring the following within scope:
- cryptoasset exchange providers;
- custodian wallet providers;
- art market participants; and
- letting agents.
Firms in these sectors will now be required to conduct KYC due diligence and undertake monitoring to identify suspicious transactions. Cryptoasset businesses carrying out regulated activities in the UK are required to register with the FCA, with transitional provisions applying for existing providers.
Reporting beneficial ownership discrepancies to Companies House
The Regulations introduce a new obligation on firms, in respect of UK companies, to report to Companies House any discrepancy between beneficial ownership information on the People with Significant Control Register and information which the firm receives through its due diligence.
Enhanced due diligence in high-risk third countries
The European Commission maintains a list of countries with deficient AML and terrorist financing regimes ('high-risk third countries'). The most recent list, updated in October 2018, lists 16 such countries. A copy of the list is available here.
Until now, firms were under an obligation to conduct enhanced due diligence where they were entering into a business relationship or transaction with a person established in one of these high-risk third countries. Under the Regulations, this has been broadened so that enhanced due diligence is also required where a firm enters into a transaction where either of the parties are established in a high-risk third country.
Firms are therefore now required to conduct enhanced due diligence on customers in respect of transactions which involve a party established in a high-risk third country, even where that party is not the firm’s customer (for example, where funds are transferred by a customer in the UK to a high-risk third country).
Where the enhanced due diligence obligation is engaged as a result of establishment in a high-risk third country, the following measures are required:
- obtaining additional information on the customer and on the customer’s beneficial owner;
- obtaining additional information on the intended nature of the business relationship;
- obtaining information on the source of funds and source of wealth of the customer and of the customer’s beneficial owner;
- obtaining information on the reasons for the transactions;
- obtaining the approval of senior management for establishing or continuing the business relationship; and
- conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination.
NCA co-operation with EEA FIUs
The Regulations require the NCA to take such steps as it considers appropriate to co-operate with EEA member-state financial intelligence units (FIUs) (ie the NCA’s counterparts). In particular, the NCA must:
- promptly provide information requested by FIUs (save where doing so would be contrary to UK law); and
- consent to a request from an FIU to disseminate such information to appropriate authorities in EEA member states (save where this could prejudice an investigation or would be contrary to UK law).
Law enforcement in EEA member states already routinely co-operate on money laundering matters. The mandatory obligation to co-operate in the Regulations further illustrates the trend towards increasing co-operation between national authorities and sharing of information to successfully detect and prosecute financial crime. The UK Government has indicated that it expects to continue to co-operate on financial crime (and other serious crime) following the UK’s departure from the EU.
Law enforcement requests for account information
From 10 September 2020, the Regulations will enable law enforcement (including the NCA) and the Gambling Commission to request certain account information from credit institutions, including: the identity of account holder and their personal data, details of beneficial owners and account opening and closing dates.
Firms will be required to provide information requested 'fully and rapidly' using a central platform to be established by the Treasury.
In order to facilitate such requests, a new obligation will require credit institutions to maintain adequate records for at least five years from account closure to enable them to respond to an information request.
The heightened focus on financial crime has been one of the prevailing criminal and regulatory enforcement trends of the last decade. The Regulations reflect many of the themes that characterised the AML landscape in recent years, including the drive for greater transparency, widening the scope of AML regulation, increased co-operation and information sharing between national authorities, and scrutiny of business relationships in high risk jurisdictions. Their implementation offers a timely reminder to firms within the regulated sector to review and update their AML policies and procedures and may require a good deal of work for firms now falling within scope of the Regulations to ensure they have adequate systems in place.