A rag-bag of changes to UK money laundering regulations

UK regulations implementing the EU 5^thMoney Laundering Directive (“5MLD”) came into force on 10 January 2020: the Money Laundering and Terrorist Financing (Amendment) Regulations 2019 (“MLR 2019”).

The regulations make a rag-bag of transparency enhancements to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”), which implemented the EU 4^thMoney Laundering Directive (“4MLD”). They also implement a number of recommendations from the international Financial Action Task Force.

Few of these updates break completely new ground, but there are quite a number of technical tweaks that will require AML and CDD policies and procedures to be reviewed and updated, and the regulated sector is extended to several new business areas. This article highlights some key changes, but firms should always consult the MLR 2019 for full details.

Sector-specific industry guidance to reflect MLR 2019 is also to be updated for approval by HM Treasury. Finally, further amendments to MLR 2017 were proposed on 24 January 2020, to expand the scope of the Trust Registration Service and amend trust registration deadlines.

New sectors

The new sectors now brought within scope of the MLRs are:

• art market participants (customer due diligence must be conducted where the value of (linked) transactions is EUR 10,000+);
• letting agents (CDD must be conducted on rental agreements with monthly rent of EUR 10,000+);
• those providing material aid or assistance on tax matters (widening the existing definition of “tax advisors”); and
• cryptoasset exchange providers and custodian wallet providers.

Firms and sole practitioners in these sectors are required to register before 10 January 2021 for approval by the relevant AML/CTF supervisor – namely HMRC for each of the above sectors, except for cryptoassets and custodian wallet providers where the FCA is supervisor.

Cryptoassets

The FCA thinks there around 80 potential cryptoasset firms requiring registration. The MLRs 2019 gold-plated the 5MLD requirement for AML/CTF supervision of “virtual currencies”, extending the scope to capture all relevant activity involving exchange, security and utility tokens. This follows the categorisation set out by the UK Cryptoassets Taskforce in its final report in October 2018.

The government heeded industry concerns with FATF guidance on Virtual Assets which suggested that firms should obtain originator and beneficiary information when conducting cryptoasset transfers, and this requirement is not included in MLR 2019. However, the government calls on firms to develop compliance solutions in anticipation of such a requirement being implemented in the UK.

Group policies

MLR 2019 now requires parent companies to establish group policies "on the sharing of information about customers, customer accounts and transactions" for all subsidiaries, whether incorporated in the UK or overseas. This expands the requirements on group policies brought in by MLR 2017 on data protection and sharing information with subsidiaries for AML purposes. Where overseas law prohibits the application of equivalent measures by subsidiaries, the parent company is required to inform its AML/CTF supervisor and take additional measures to handle the risk.

Customer Due Diligence

There is a new requirement in MLR 2019 for firms to apply ongoing CDD measures, when they have a legal duty in the calendar year (for example under the International Tax Compliance Regulation 2015) to contact an existing customer to review information relevant to their risk assessment and beneficial ownership information. This has the potential to increase CDD volumes considerably.

There is also now an explicit CDD requirement to understand the ownership and control structure of customers. For many firms, such beneficial ownership checks will already be undertaken. Identity verification must also now be undertaken for senior managing officials of corporate bodies where the beneficial owner cannot be identified.

Where a discrepancy occurs between beneficial ownership information in the Companies House register of Persons with Significant Control and the beneficial ownership information provided by the company in the course of CDD, this must now be identified and reported to Companies House. Such discrepancies will not be flagged on the public PSC register, to avoid any tipping off. Again, this looks likely to increase the volume of CDD-related tasks.

E-ID and E-money

CDD procedures could potentially be streamlined now that MLR 2019 permit the use of electronic identification processes when conducting CDD remotely. However, before implementing such changes, it may be advisable to await publication and Treasury approval of more detailed guidance on electronic identification in the promised updates to sectoral guidance. Firms relying on electronic identification will remain liable for the CDD information received from their service providers, although there is a separate Cabinet Office and DCMS call for evidence on Digital Identity which could begin to mitigate this risk.

MLR 2019 reduces the thresholds for e-money exemptions to CDD. Exemptions are now available only where: maximum stored value is EUR 150 or less (previously EUR 250); the payment instrument is not reloadable or has a monthly cap of EUR 150 (previously EUR 250), and is only to be used in the UK; the instrument is used only to purchase goods and services; anonymous e-money cannot be used for funding; and cash redemptions or remote payments do not exceed EUR 50 per transaction (previously EUR 100).

While a proposed UK ban on payments by anonymous prepaid cards was not implemented, the MLR 2019 do implement the 5MLD prohibition of payments with anonymous prepaid cards issued in non-EU countries, where AML measures are not equivalent to the UK MLRs.

High-risk third countries

Enhanced due diligence (“EDD”) is now required for business relationships or transactions "involving" a high-risk third country. This is defined to mean both a business relationship with a person established in a high-risk third country (as under previous MLRs); or also now a transaction already subject to CDD where either of the parties (not just the customer) is established in such a high-risk country.

Where EDD is triggered for high-risk third countries, additional diligence is required on: the customer, its beneficial ownership, the nature of the business relationship and reasons for the transactions, and source of funds for the customer and beneficial owner(s). Senior management approval is required, as well as enhanced ongoing monitoring.

Agents and Managers

The MLR 2019 mandate measures to ensure that any agents, including sub-agents, used to deliver a firm’s business are made aware of the law, receive AML/CTF training and are “fit and proper”. HMT highlights potential concerns with the Money Service Business sector’s use of sub-agents.

The government had also consulted on expanding AML/CTF supervisors’ powers over “officers” controlling or directing companies or partnerships, to include also “managers”. Potentially this could have led to action against junior managers for non-compliance with the MLRs. In light of mixed feedback, the government is to seek further evidence and consider the change again at a later stage.

Trust Registration Service

A summary of issues raised in responses to HM Treasury’s consultation on the MLR 2019 was not published until 23 January 2020, presumably awaiting finalisation of a new joint consultation published on the following day by HMT and HMRC on the Trust Registration Service (“TRS”). Here again, the proposed changes do not represent a sea change, but do ratchet up the transparency levels.

4MLD introduced trust registration requirements limited to UK express trusts with a taxable consequence. The further amendments proposed to MLR 2017 would expand this to require all UK resident express trusts (unless the trust falls within specified categories of excluded trusts) and certain non-UK resident express trusts. 

For trusts set up before 6 April 2021, if the trustees incur a liability to one of the specified taxes for the first time the trust must be registered by 31 January after the tax year in which the liability arose; otherwise the trust must by registered on or before 10 March 2022. Trusts set up on or after 6 April 2021 but before 9 February 2022 must by registered on or before 10 March 2022. Trusts set up on or after 9 February 2022 must be registered within 30 days of being set up.

Sufficient steps

The general thrust of the changes to MLRs and the January 2020 implementation date have been known since 5MLD was published in 2017. There was a Treasury consultation on UK implementation back in April 2019. However, the final UK regulations were not published until 20 December 2020, giving firms only a handful of working days to execute updates for 10 January 2020. In light of this, the FCA has said that in assessing any non-compliance, it will take into account evidence of firms taking “sufficient steps” before then to comply with the new obligations.