Money Laundering Regulations 2019


The Money Laundering and Terrorist Financing (Amendment) Regulations 2019 (MLR 2019 came into force on 10 January 2020. These regulations implement the EU Fifth Money Laundering Directive (Directive (EU) 2018/843, ‘5MLD’)) in the UK, and follow a high-level consultation in summer 2019. There was no opportunity to consult on the regulations which were laid before Parliament on 20 December 2019.

The Regulations make amendments to the existing Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017). These include an expansion of the scope of the regulated sector, and changes to aspects of regulated firms’ customer due diligence and enhanced due diligence obligations , in particular, an important new requirement to make reports to Companies House in relation to discrepancies between information collected during customer due diligence and information on the Persons with Significant Control (PSC) register.

Scope of the AML regulated sector

Under the MLR 2019, the scope of persons and firms subject to MLR 2017 has expanded to include:

  • Tax advisers – now includes those who provide ‘material aid, or assistance or advice, in connection with the tax affairs of other persons, whether provided directly or through a third party’. Instead of ‘advice about the tax affairs of other persons’.
  • Lettings agents – this includes persons acting on behalf of either landlords or tenants, but only where agreements are concluded for the letting of land (including buildings) for a term of a month or more and a monthly rent (at any point during the term) of €10,000 or more. Certain exclusions apply, for example in respect of businesses which only publish lettings advertisements.
  • Art market participants – this comprises (a) persons who by way of business trade in, or act as intermediaries in, the sale or purchase of works of art in respect of trasnactions amounting to  €10,000 or more, and (b) the operators of freeports, who store works of art worth  €10,000 or more in the freeport.
  • Cryptoasset exchange providers – this comprises persons who, by way of business, exchange, or make arrangements to exchange, cryptoassets for money, money for cryptoassets, or one cryptoasset for another, and persons who operate machines which use automated processes to exchange cryptoassets for money (or vice versa). As foreshadowed in the Government consultation, and in line with the FATF recommendations, this ‘gold-plates’ the requirements of 5MLD, which focus on fiat-virtual currency exchangers and do not cover virtual-virtual currency exchangers.
  • Custodian wallet providers – this comprises persons who, by way of business, provide services on behalf of customers to safeguard, or safeguard and administer, either private cryptographic keys (in order to hold, store and transfer cryptoassets) or cryptoassets.

Firms involved in these sectors will now have comply with requirements of the Money Laundering Regulations and be supervised. Cryptoasset exchange providers and custodian wallet providers (‘cryptoasset businesses’) will be supervised by the FCA, whilst art market participants and letting agents will be supervised by HMRC (in the case of letting agents, to the extent they are not supervised by a relevant professional body).

The FCA must maintain a register of cryptoasset exchange providers and custodian wallet providers, whilst HMRC may do so in relation to art market participants and letting agents.

Obligations on regulated firms: policies, controls and procedures

In relation to systems and controls requirement, the Regulations make the following changes:

  • Firms must have policies, controls and procedures to identify and scrutinise transactions which are complex or unusually large or haveunusual patterns of transactions or which have no apparent economic or legal purpose. The previous MLR 2017 requirements obliged firms to have policies, controls and procedures which provide for the identification and scrutiny (a) of transactions which are complex and unusual large, or (b) unusual patterns of transactions, in either case if the transaction(s) have no apparent economic or legal person.
  • Firms must ensure that appropriate measures are taken to assess and, if necessary, mitigate any money laundering/terrorist financing (‘ML/TF’) risk when adopting ‘new products, new business practices (including new delivery mechanisms) or new technology’.
  • Firms must have group-wide policies, controls and procedures for sharing information about clients with other group companies for AML/CTF purposes.  
  • Training requirements for ‘relevant employees’ are extended to any agents the firm uses in its business whose work is relevant to the firm’s compliance with the MLRs or who are otherwise capable of contributing identifying or mitigating MT/TF risk, or preventing or detecting ML/TF.

When to conduct client due diligence (CDD)

Currently, CDD must be applied ‘at appropriate times to existing customers on a risk-based approach’ and when the firm becomes aware that the circumstances of the customer relevant to its risk assessment have changed. The MLR 2019 require firms to conduct CDD when: 

  • they have any legal duty in the course of the calendar year to contact existing clients for the purpose of reviewing any information which is relevant to the firm’s risk assessment, and relates to the customer’s beneficial ownership; and
  • the firm has to contact an existing client in order to fulfil any duty under the International Tax Compliance Regulations 2014.

Client due diligence

There are two amendments to the MLR 2017 of importance:

  • Ultimate beneficial ownership (UBO) of corporate clients. Where a firm has not been able to identify the ‘UBO’ of a client which is a body corporate, the firm must take reasonable measures to verify the identity of the senior person in the body corporate responsible for managing it and keep records of actions taken and difficulties encountered.  
  • Checking the Persons with Significant Control (PSC) register. Before forming a business relationship with a limited company, LLP or certain types of trusts, firms must check details in the PSC Register ‘PSCs’ in Companies House. Firms will be required to collect proof of registration or an excerpt from the register and  report discrepancies between the information on Companies House and the beneficial ownership information they receive when conducting CDD.   
  • Electronic ID: The MLR 2019 now expressly confirm that electronic ID verification from independent and reliable sources is acceptable for CDD purposes if it is free from fraud and provides sufficient assurance as to the identity of the individual. This this provision does not make electronic ID mandatory – it simplify clarifies that it can be used to meet CDD requirements if it meets a certain standard.   

Enhanced due diligence

High-risk third countries

Firms must conduct enhanced due diligence (EDD) when a client is established in a high-risk third country or a relevant transaction involves a client in a high-risk third country. The EDD measures required are:  

  • obtaining additional information on the customer and the customer’s UBO;
  • obtaining additional information on the intended nature of the business relationship;
  • obtaining information on the source of funds and source of wealth of the customer;
  • obtaining information on the reasons of for the transaction;
  • obtaining the approval of senior management for establishing or continuing the business relationship; and
  • conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied and selecting patterns of transactions that need further examination.
High-risk factors

Regulation 33 lists various (non-exhaustive) customer, delivery channel, and geographical risk factors which firms must take into account in assessing whether a particular situation presents a higher ML/TF risk, and the EDD measures that should be taken to mitigate such risk.

The various client, delivery channel and geographical risk factors have been supplemented to add the following:

  • The customer is the beneficiary of a life insurance policy.
  • The customer is a third-country national applying for residency or citizenship in an EEA state in exchange for transfers of capital, the purchase of property, government bonds or investment.
  • There is a transaction related to oil, arms, precious metals, tobacco products, cultural artefacts, ivory and other items related to protected species, or other items of archaeological, historical, cultural and religious significance, or of rare scientific value.

Firms will need to ensure that any risk assessment processes incorporate these new risk factors. If these risk factors mean a higher money laundering/terrorist financing risk, then EDD measures must be conducted to mitigate the risk.

Reporting discrepancies in beneficial ownership information to Companies House

Firms supervised under the money laundering regulations must report ‘discrepancies’ between information firms have about their clients and the PSC Register in  Companies House. Discrepancies must be reported if there’s a material difference between the two sets of information. Companies House will investigate these discrepancies and, if necessary, contact the company.

There are some practical matters that are yet to be addressed. For example, how should ‘material discrepancies’ be interpreted, should clients be informed of these discrepancies and how quickly should these discrepancies be reported. It is hoped the further guidance on this matter will be forthcoming shortly.

This is an area that the IFA raised in our response to the government’s high-level consultation on the Transposition of the EU Fifth Money Laundering Directive into UK Law. At the time of writing, the government has not responded to the feedback on the consultation.

Supervision and enforcement

New obligations for supervisory authorities

Supervisory authorities have additional obligations:

  • providing secure communications channels for reporting of actual and potential breaches of the money laundering regulations to the supervisor;
  • taking reasonable measures to ensure that the identity of whistleblowers are known only to the supervisory authority; and
  • encouraging its supervised sector to report actual or potential money laundering breaches to the supervisory authority.

In order to meet this requirement, the IFA has a whistleblowing policy and communication channel.  

All supervisory authorities will also be required to include the amount of human resource dedicated to AML/CTF supervision within the information they are obliged to report to HM Treasury under Schedule 4 to the Money Laundering Regulations.

Self-regulatory supervisors such as the IFA are required to publish an annual report setting out, amongst other things, the steps they have taken to encourage breach reporting, the number of reports received, and the measures taken to monitor and enforce compliance.  Furthermore, self-regulatory bodies will be expressly required to ensure that potential conflicts of interest within the organisation are appropriately handled.

There are some limited changes to the provisions relating to cooperation between supervisory authorities and with international partners.

Approval of BOOMs and fit and proper test

Regulation 26 requires the supervisory authorities of certain types of professional firms to approve their beneficial owners, officers and managers (‘BOOMs’).

Amendments in the Money Laundering Regulations 2019 (MLR 2019) clarifies that  individuals seeking BOOM approval from supervisory bodies such as the IFA must provide information which enables the IFA to determine whether the applicant has been convicted of a relevant offence.   

Furthermore, supervisory authorities are placed under a new duty to take necessary measures to ensure that any BOOM application meets these requirements prior to approval.  

Register of trust UBOs: forthcoming changes

The significant expansion of the register of ultimate beneficial ownership for trusts and similar legal arrangements has not been implemented with these regulations but is a requirement of the EU Fifth Money Laundering Directive.

Currently, HMRC requires a trust to be registered via the Trust Registration Service if the trust:

  • is an express trust where the trustees have incurred a tax liability in a given tax year; and
  • all non-UK express trusts which receive UK source of income or have UK assets on which the trustees have incurred a UK tax liability in a given tax year. 

The term ‘express trust’ covers all trusts that have been deliberately created by a settlor (i.e. as opposed to statutory, resulting or constructive trusts), while a ‘UK tax liability’ for these purposes includes a liability to income tax, capital gains tax, inheritance tax and/or stamp duty land tax

Under the EU Fifth Money Laundering Directive, the register will be expanded to cover all ‘express trusts’, and the information will be available, inter alia, to competent authorities, firms conducting CDD, and any person that can demonstrate a legitimate interest.

These changes are of particular significance for the UK, given the widespread use of trusts in our legal system.