Money Laundering Regulations 2019
The Money Laundering and Terrorist Financing (Amendment) Regulations 2019 (MLR 2019 came into force on 10 January 2020. These regulations implement the EU Fifth Money Laundering Directive (Directive (EU) 2018/843, ‘5MLD’)) in the UK.
The Regulations make amendments to the existing Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017). These include an expansion of the scope of the regulated sector, and changes to aspects of regulated firms’ customer due diligence and enhanced due diligence obligations , in particular, an important new requirement to make reports to Companies House in relation to discrepancies between information collected during customer due diligence and information on the Persons with Significant Control register.
Scope of the AML regulated sector
Under the MLR 2019, the scope of persons and firms subject to MLR 2017 has expanded to include:
- Tax advisers – now includes those who provide ‘material aid, or assistance or advice, in connection with the tax affairs of other persons, whether provided directly or through a third party’. Instead of ‘advice about the tax affairs of other persons’.
- Lettings agents – this includes persons acting on behalf of either landlords or tenants, but only where agreements are concluded for the letting of land (including buildings) for a term of a month or more and a monthly rent (at any point during the term) of €10,000 or more. Certain exclusions apply, for example in respect of businesses which only publish lettings advertisements.
- Art market participants – this comprises (a) persons who by way of business trade in, or act as intermediaries in, the sale or purchase of works of art in respect of transactions amounting to €10,000 or more, and (b) the operators of freeports, who store works of art worth €10,000 or more in the freeport.
- Cryptoasset exchange providers – this comprises persons who, by way of business, exchange, or make arrangements to exchange, cryptoassets for money, money for cryptoassets, or one cryptoasset for another, and persons who operate machines which use automated processes to exchange cryptoassets for money (or vice versa). As foreshadowed in the Government consultation, and in line with the FATF recommendations, this ‘gold-plates’ the requirements of 5MLD, which focus on fiat-virtual currency exchangers and do not cover virtual-virtual currency exchangers.
- Custodian wallet providers – this comprises persons who, by way of business, provide services on behalf of customers to safeguard, or safeguard and administer, either private cryptographic keys (in order to hold, store and transfer cryptoassets) or cryptoassets.
Firms involved in these sectors will now have comply with requirements of the Money Laundering Regulations and be supervised. Cryptoasset exchange providers and custodian wallet providers (‘cryptoasset businesses’) will be supervised by the FCA, whilst art market participants and letting agents will be supervised by HMRC (in the case of letting agents, to the extent they are not supervised by a relevant professional body).
Obligations on regulated firms: policies, controls and procedures
In relation to systems and controls requirement, the Regulations make the following changes:
- Firms must have policies, controls and procedures to identify and scrutinise transactions which are complex or unusually large or haveunusual patterns of transactions or which have no apparent economic or legal purpose. The previous MLR 2017 requirements obliged firms to have policies, controls and procedures which provide for the identification and scrutiny (a) of transactions which are complex and unusual large, or (b) unusual patterns of transactions, in either case if the transaction(s) have no apparent economic or legal person.
- Firms must ensure that appropriate measures are taken to assess and, if necessary, mitigate any money laundering/terrorist financing (‘ML/TF’) risk when adopting ‘new products, new business practices (including new delivery mechanisms) or new technology’.
- Firms must have group-wide policies, controls and procedures for sharing information about clients with other group companies for AML/CTF purposes.
- Training requirements for ‘relevant employees’ are extended to any agents the firm uses in its business whose work is relevant to the firm’s compliance with the MLRs or who are otherwise capable of contributing identifying or mitigating MT/TF risk, or preventing or detecting ML/TF.
When to conduct client due diligence (CDD)
According to the MLR 2017, CDD must be applied "at appropriate times to exisiting customers on a risk based approach" and when the firm becomes aware that the circumstances of the customer relevant to its risk assessment have changed. In addition, the MLR 2019 require firms to conduct CDD when:
- they have legal duty in the course of the calendar year to contact existing clients for the purpose of reviewing any information which is relevant to the firm's risk assessment, and related to the customer's beneficial ownership; and
- the firm has to contact an existing client in order to fulfil any duty under the International Tax Compliance Regulations 2014.
Client due diligence
There are two amendments to the MLR 2017 of importance:
- Ultimate Beneficial Ownership (UBO) of corporate clients. Where a firm has not been able to identify the ultimate beneficial owner (“UBO“) of a client which is a body corporate, the firm must take reasonable measures to verify the identity of the senior person in the body corporate responsible for managing it and keep records of actions taken and difficulties encountered.
- Checking the Persons with Significant Control (PSC) register at Companies House and reporting discrepancies. Before forming a business relationship with a limited company or, LLP, or certain types of trusts, firms must check details in the PSC Register at Companies House as part of the client due diligence processes. Firms must report discrepancies to Companies House between the information they hold about a beneficial owner of a company, limited liability partnership, or Scottish Limited or qualifying partnership and the information that's on the Persons of Significant Control (PSC) register. Electronix identification verification. The MLR 2019 expressly confirm that electronic identification verification from independent and reliable sources is acceptable for CDD if it is free from fraud and provides sufficient assurance as to the identity of the individual. This provision does not make electronic identification mandatory - it simply clarifies that it can be used to meet CDD requirements if it meets a certain standard.
High-risk third countries
Firms must conduct enhanced due diligence (EDD) when a client is established in a high-risk third country or a relevant transaction involves a client in a high-risk third country. The EDD measures required are:
- obtaining additional information on the customer and the customer’s UBO;
- obtaining additional information on the intended nature of the business relationship;
- obtaining information on the source of funds and source of wealth of the customer;
- obtaining information on the reasons of for the transaction;
- obtaining the approval of senior management for establishing or continuing the business relationship; and
- conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied and selecting patterns of transactions that need further examination.
Regulation 33 lists various (non-exhaustive) customer, delivery channel, and geographical risk factors which firms must take into account in assessing whether a particular situation presents a higher ML/TF risk, and the EDD measures that should be taken to mitigate such risk.
The various client, delivery channel and geographical risk factors have been supplemented to add the following:
- The customer is the beneficiary of a life insurance policy.
- The customer is a third-country national applying for residency or citizenship in an EEA state in exchange for transfers of capital, the purchase of property, government bonds or investment.
- There is a transaction related to oil, arms, precious metals, tobacco products, cultural artefacts, ivory and other items related to protected species, or other items of archaeological, historical, cultural and religious significance, or of rare scientific value.
Firms will need to ensure that any risk assessment processes incorporate these new risk factors. If these risk factors mean a higher money laundering/terrorist financing risk, then EDD measures must be conducted to mitigate the risk.
Reporting discrepancies in beneficial ownership information to Companies House
Firms supervised under the money laundering regulations must report ‘discrepancies’ between information firms have about the beneficial ownership of theireir clientslients and the Persons of Significant Control (PSC) Register to Companies House.
A beneficial owner does not have the same definition as a PSC. The requirement to report discrepancies is based on the Companies House definition of a PSC.
Discrepancies are not defined in the regulations. Companies House guidance states that only factual errors and not typing mistakes should be reported as discrepancies. The purpose of discrepancy reporting to Companies House is to ensure that the information on the PSC register is adequate, accurate and current. Discrepancies include a
- person listed as a PSC
- missing PSC
- PSC exemption
- PSC type
- place of registration
- date of birth
- legal form
- company statement
Supervision and enforcement
New obligations for supervisory authorities
Supervisory authorities have additional obligations:
- providing secure communications channels for reporting of actual and potential breaches of the money laundering regulations to the supervisor;
- taking reasonable measures to ensure that the identity of whistleblowers are known only to the supervisory authority;
- and encouraging its supervised sector to report actual or potential money laundering breaches to the supervisory authority.
In order to meet this requirement, the IFA has a whistleblowing policy and communication channel.
All supervisory authorities will also be required to include the amount of human resource dedicated to AML/CTF supervision within the information they are obliged to report to HM Treasury under Schedule 4 of the Money Laundering Regulations 2017.
Self-regulatory supervisors such as the IFA are required to publish an annual report setting out, amongst other things, the steps they have taken to encourage breach reporting, the number of reports received, and the measures taken to monitor and enforce compliance. Furthermore, self-regulatory bodies will be expressly required to ensure that potential conflicts of interest within the organisation are appropriately handled.
There are some limited changes to the provisions relating to cooperation between supervisory authorities and with international partners.
Approval of BOOMs and fit and proper test
Regulation 26 requires the supervisory authorities of certain types of professional firms to approve their beneficial owners, officers and managers (‘BOOMs’).
Amendments in the Money Laundering Regulations 2019 (MLR 2019) clarifies that individuals seeking BOOM approval from supervisory bodies such as the IFA must provide information which enables the IFA to determine whether the applicant has been convicted of a relevant offence.
Furthermore, supervisory authorities are placed under a new duty to take necessary measures to ensure that any BOOM application meets these requirements prior to approval.
Registration extension for some non-taxpaying trusts
As part of the implementation of the EU Fifth Money Laundering Directive, new rules were introduced on 6 October 2020 which extended the scope of HMRC’s trust register to all UK and some non-UK trusts, whether or not the trust has to pay any tax, but with some exclusions.
HMRC’s guidance explains in broad terms which trusts will need to be registered:
- All UK express trusts, unless they are specifically excluded – UK trusts are generally those where all of the trustees are based in the UK.
- Non-UK express trusts (generally those where all the trustees are resident outside the UK) which have either:
- at least one trustee resident in the UK when the trustees enter into a “business relationship” with an “obliged entity” or acquire land or property in the UK; or
- no UK resident trustees, but the trust acquires land or property in the UK.
- Non-express trusts and specifically excluded express trusts which have a tax liability. These trusts will still have to be registered on the Trust Registration Service (TRS) for self assessment purposes, even though they are not in scope under the new 5MLD rules.
HMRC is currently updating its Trust Registration Service for the extension of these non-paying trusts. The updated service should be available later in 2021. The deadline for extension of the trust registration is 10 March 2022.