On Monday 26 June 2017 the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”), which transpose the Fourth EU Anti-Money Laundering Directive into UK law, came into force, having been laid before Parliament and approved on Friday 22 June 2017. These revoke the Money Laundering Regulations 2007 and the Transfer of Funds (Information on the Payer) Regulations 2007.
Regulated businesses, including accountants and bookkeepers offering self-employed services, are now obliged to ensure both their firm-wide and client-specific risk assessment processes and procedures are sufficiently robust to comply with MLR 2017.
AAT recommends the government consider, given the extremely short timeframe between the final version of the regulations becoming available and their coming into force, that a grace period is granted to afford firms and individuals time to adjust to their new obligations.
AAT recognises that many of the changes required under the new regulations may, in turn, mean significant changes to firms’ systems and controls, and is currently working to get guidelines published as soon as possible. HMRC has yesterday (Wednesday 28 June) updated their online Money Laundering guidance to reflect changes to legislation.
Key changes include:
High value dealers and cash transactions (s.14)
- The threshold for eligible transactions in cash (either in one transaction or a series of transactions that appear to be linked) will come down from £12,544 (EUR 15,000) to £8,361 (EUR 10,000); and will be extended to receiving as well as making payments in cash.
Fit and proper test (s.58)
- The Regulations introduce a ‘criminality test’ for beneficial owners, officers or managers of a supervised business (accountancy or bookkeeping businesses) to prevent criminals convicted in relevant areas or their associates from holding a management function in or being the beneficial owners of those obliged entities. Spent convictions and cautions will not be considered when assessing whether a person is a fit and proper person, and they should be prohibited from being a beneficial owner, officer or manager of a supervised business.
Firm-wide risk assessment (s.18)
- The regulations set out a more prescriptive approach to the firm-wide risk assessment. There is a requirement for a written risk assessment and a list of factors that you must take into account.
Policies, controls and procedures (ss.19-20)
- There are further provisions in the new Regulations around a firm’s requirement to have policies, controls and procedures to prevent activities related to money laundering and terrorist financing, as well as data protection requirements. A written record of training must be maintained.
Internal controls (s.21)
- Firms must now appoint a money laundering compliance principal (MLCP), and that individual must be on the board of directors (or equivalent management body), or a member of senior management, where appropriate to the size and nature of the business. The requirement for nominated officer (MLRO) remains the same as the previous regulations. The MLCP and MLRO can be the same person.
- The Regulations now introduce a requirement to screen staff whose work is relevant to compliance with the regulations.
- Firms must also establish an independent audit function to assess the adequacy and effectiveness of the firm’s AML policies, controls and procedures.
One-off company formation (s.4)
- When a trust or company service provider is asked to form a company, this is to be treated as a business relationship and falls within the scope of the regulations, whether or not the formation is the only transaction being carried out for that customer.
Application of customer due diligence (Part 3)
- Businesses will need to apply different levels of due diligence measures (e.g. identifying and verifying the customer’s identity) to manage the risk of money laundering and terrorist financing. This may entail either simplified due diligence (SDD), customer due diligence (CDD), or enhanced due diligence (EDD), based on the level of perceived risk. These Regulations bring in a greater emphasis on taking a risk-based approach when assessing what type of checks to undertake on a customer.
Simplified due diligence (s.37)
- The Regulations allow relevant businesses to apply SDD measures for areas of lower risk. Annex II of the Directive sets out a non-exhaustive list of factors that should be considered when deciding whether SDD is appropriate and these have also been set out in these Regulations.
- Pooled client accounts are accounts held by accountants, legal professionals and notaries with financial institutions, to hold money on trust or for a purpose designated
by a client. Pooled client accounts are no longer automatically subject to SDD, but instead for this to be applied on a risk-based approach.
Potentially exposed Persons (PEPs) (s.35)
- When you identify a potential client is a PEP, you must assess the level of risk associated with your client and the extent of any EDD that you should perform on that client.
- Firms should apply a similarly risk-based approach to the family members and close associates of PEPs. A family member of a PEP includes their spouse, civil partner, children and parents.
- Firms must form their own view of the risks associated with individual PEPs on a case-by-case basis, but it is acknowledged that PEPs entrusted with prominent public functions by the UK should generally be treated as lower-risk and firms should apply EDD accordingly.
- There has been significant expansion of the third parties that can be relied upon for carrying out CDD checks, with the Regulations now allowing reliance on all of the regulated sector captured under these Regulations. However, this comes with the proviso ‘notwithstanding the relevant person’s reliance on the third party, the relevant person remains liable for any failure to apply such measures.’
- If you are relying on a third party, you must obtain copies of all relevant documentation. You must also enter into a written arrangement that confirms the firm being relied on will provide the relevant documentation immediately on request.
Register of beneficial ownership (s.45)
- The requirements of transparency of beneficial ownership for legal arrangements apply to trustees in express trusts, and therefore not to partners in partnerships or trustees in statutory, constructive or resulting trusts.
- Trustees of express trusts must hold accurate and up-to-date information on the trust’s beneficial owners, and any potential beneficiaries named in a letter of wishes or other relevant document.
- HMRC will maintain a register of trusts with tax consequences.
Data retention (ss. 40-41)
- The Directive requires that businesses retain CDD information and transaction data for a period of five years at the end of a relationship. The Regulations also introduce a new requirement that businesses must delete data once the five-year period has elapsed. This change will align the UK framework with the 4th Anti-Money Laundering Directive (4MLD) and international standards on data protection.
Enforcement (Part 9, chapter 2)
- The ability of a supervisor to impose sanctions is an important deterrent and incentivises regulated businesses to comply with the Regulations. Where supervisors are unable to impose suitable pecuniary sanctions, they may consider the use of the HMRC/FCA powers.