Click Questions to see example responses, some of which include embedded links to reference sources.
The Fifth Money Laundering Directive, (EU) 2018/843 (‘5MLD’) amended the Fourth Money Laundering Directive, (EU) 2015/849 (‘4MLD’), on the prevention of the use of the financial system for the purposes of money laundering and terrorist financing:
MLR 2019 were published on 20 December 2019 and entered into force on 10 January 2020. An Explanatory Memorandum accompanying MLR 2019 includes: "There are over 100,000 businesses within scope of the MLRs, requiring businesses to know their customers and manage their risks. The MLRs are deliberately not prescriptive, providing flexibility in order to promote a proportionate and effective risk based approach to combating money laundering and terrorist financing."
MLR 2019 introduced amendments to MLR 2017. These FAQ highlight elements of new and enhanced obligations relevant to regulated firms’ and their internal compliance arrangements but does not reflect a full analysis or representation of all MLR 2019 requirements.
MLR 2019 influences include:
Examples of systems and controls enhancements required include:
When new technology is adopted - Firms must consider whether their policies, controls and procedures are adequate enough from a wider risk perspective, such that Regulation 19.4.(c) effectively requires The policies, controls and procedures referred to in paragraph (1) must include policies, controls and procedures … which ensure that when new products, new business practices (including new delivery mechanisms) or new technology are adopted by the relevant person, appropriate measures are taken in preparation for, and during, the adoption of such products, practices or technology to assess and if necessary mitigate any money laundering or terrorist financing risks this new product, practice or technology may cause.
Information-sharing enhancements - Regulation 20(1)(b) has been expanded to require the establishment and maintenance of group-wide Policies, Controls and Procedures for information-sharing with other group companies for AML/CTF purposes. The MLR expressly require inclusion of "policies on the sharing of information about customers, customer accounts and transactions".
Electronic verification – Regulation 28 has been amended to include a new paragraph (19), to wit: ‘verification’ of certain customer information obtained during CDD may be regarded as obtained from a reliable and independent source where it is obtained by means of an electronic identification process which is "secure from fraud and misuse and capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity.”
Whilst setting the scene for enabling increased reliance on electronic verification and reduced processing of hardcopy identification documents, from an operating perspective a risk-based approach should be adopted, to:
Corporate Clients & Beneficial Ownership - Regulation 27 (8) requires customer due diligence measures to be applied when a firm has:
Under new Regulation 30A firms are required to report to the Registrar of Companies any discrepancy found between information on beneficial ownership gathered by the firm (whether through CDD or otherwise), and the company’s registered information.
Regulated firms were already required to take appropriate measures to ensure their relevant employees were:
Under the revised Regulation 24, firms are now also required to take appropriate measures to ensure any agents it uses for the purposes of its business (covered by the Regulations) are provided with training, and to keep records of that training in the same way as for employees.
Regulation 33 (1) (b) - Amended to require firms must apply enhanced customer due diligence (EDD) measures and enhanced ongoing monitoring (in addition to customer due diligence measures (CDD)), to manage and mitigate the risks arising in any business relationship with a person established in a high-risk third country or in relation to any relevant transaction where either of the parties to the transaction is established in a high-risk third country.
For the purposes of the above:
Note: A consequence of the amendment is that EDD and ongoing monitoring are required, when either the customer or a counterparty to a transaction is ‘established in’ a high-risk third country.
Regulation 33 (1) (f) - Amended to require firms must apply enhanced customer due diligence measures and enhanced ongoing monitoring (in addition to customer due diligence measures), to manage and mitigate the risks arising in any case where:
A much broader risk consideration exists in the revised MLR, when the ‘obligation’ to apply enhanced customer due diligence could apply.
Regulation 33 (3A) - A new ‘must’ requirement for EDD on business relationships with persons established in high-risk third countries or in relation to any relevant transaction where either of the parties to a transaction is established in a high-risk third country – In such cases EDD measures must include:
FCA Guidance - High-risk factors
The FCA notes Regulation 33 amendments require firms to include new additional high-risk factors when assessing the need for EDD, and to seek additional information and monitoring in certain cases, such as, where:
Commercial firms (or sole traders) engaged in the following activities must now comply with MLR 2017 (and MLR 2019 revisions) and be supervised by HMRC or regulated by the FCA:
The MLR 2019 define ‘Cryptoasset’, as: ‘A cryptographically secured digital representation of value or contractual rights that uses a form of distributed ledger technology and can be transferred, stored or traded electronically’.
Money is also considered to be money in Sterling, any other currency, or in any other medium of exchange (but does not include Cryptoassets).
From 10 January 2020 firms are subject to MLR 2017 requirements (as amended by MLR 2019), and so are required to:
See also: (i) FAQ 3 “What do the Regulations require?” in our Money laundering FAQ; and (ii) FAQ 10 below (Where should I start?).
The Explanatory Memorandum accompanying the MLR 2019 includes: "HM Treasury will not be issuing guidance to accompany the instrument."
In April 2019, HM Treasury issued a Consultation Paper (‘Transposition of the Fifth Money Laundering Directive’) to inform the UK’s approach to implementing 5MLD:
Cryptoasset Exchange Providers and Custodian Wallet Providers are supervised by the Financial Conduct Authority (‘FCA’). The FCA expects all UK Cryptoasset businesses carrying on activities in scope of the MLRs will need to register with the FCA from 10 January 2020. FCA responsibility is limited to AML/CTF registration supervision and enforcement only.
In July 2019 the FCA issued Policy Statement 19/22, setting out guidance on the types of Cryptoasset which fall within its regulatory remit, and the implications this has on consumer protection.
The FCA web page ‘Cryptoassets: AML / CTF regime’, suggests firms may want to consider guidance from:
Art Market Participants and Letting Agents (which are not supervised by one of the professional bodies listed in Schedule 1 to the MLR 2017) join other businesses which are supervised by the Commissioners for Her Majesty’s Revenue and Customs (‘HMRC’). HMRC’s library of ’AML Guidance’ includes AML guidance for estate agents and letting agents.
Guidance issued by the British Art Market Federation and approved by HM Treasury, is designed to provide a detailed explanation of AML requirements. The guidance document is divided into two parts.
Regulation 56 prohibitions apply to the regulated sector, including Cryptoasset businesses. Operating or trading in the regulated sector without being registered could lead legal and/or regulatory action being taken against the parties involved.
Cryptoasset Exchange Providers and Custodian Wallet Providers are supervised by the FCA, with Art Market Participants and Letting Agents (if not supervised by a relevant professional body) supervised by HMRC.
The FCA will maintain the register of Cryptoasset Exchange Providers and Custodian Wallet Providers. HMRC might do so for Art Market Participants and Letting Agents.
From 10 January 2020, Regulation 56 prohibitions apply to all new Cryptoasset Exchange Providers and Custodian Wallet Providers which intend to undertake Cryptoasset activity (i.e. They must register before doing so). Whereas, Regulation 56A transitional provisions allow some limited flexibility for pre-existing Cryptoasset businesses, such that, the FCA has stated '"Existing cryptoasset businesses which were already carrying out cryptoasset activity before 10 January 2020 may continue their business, in compliance with the MLRs, but must register by 10 January 2021 or stop all cryptoasset activity. We encourage businesses to apply well in advance of this deadline.":
Arising out of new Regulation 30A, all regulated firms are required to report to the Registrar of Companies any discrepancy found between information on beneficial ownership gathered by the firm (whether through CDD or otherwise), and the company’s (i.e. the customer’s) registered information.
The Companies House website describes ”Discrepancies must be reported if there’s a material difference between the 2 sets of information. Companies House will investigate these discrepancies and, if necessary, contact the company.” The website also provides:
Cryptoasset Exchange Providers and Custodian Wallet Providers
FCA View - "All businesses will need to comply with the MLRs from 10 January 2020. We will start supervising businesses from 10 January 2020, irrespective of whether they have registered or applied to be registered. Our supervisory approach to cryptoasset businesses will be in line with our approach to other businesses under the MLRs. Firms who pose the greatest money laundering and terrorist financing risk will receive an increased level of supervisory focus. If, following supervisory engagement, we have reason to believe serious misconduct has taken place, we may decide to commence an enforcement investigation."
The FCA also observed:"We expect firms to comply with the new, amended regulations from 10 January 2020. In assessing our approach to firms that may not be compliant on that date, we will take into account evidence that they have taken sufficient steps before that date to comply with these new obligations."
Regulation 26 requires that no person may be the beneficial owner, officer or manager of a relevant firm (‘BOOMs’), or a relevant sole practitioner, unless that person has been approved as a beneficial owner, officer or manager of the firm or as a sole practitioner by the supervisory authority of the firm or sole practitioner.
Regulation 58 requires the FCA to apply an additional 'fit and proper’ test when assessing applicants who wish to carry on the business of a Cryptoasset Exchange Provider or Custodian Wallet Provider, including whether an applicant or any BOOM has adequate skills and experience and has acted and may be expected to act with probity.
The FCA can suspend or cancel a Cryptoasset business's registration at any time, if the business or its BOOMs do not meet fit and proper test requirements.
Letting Agents and Art Market Participants
NB: In the case of Letting Agents, to the extent they are not supervised by a relevant professional body.
On 10 January 2020, HMRC noted "While all firms must be fully compliant with the new requirements from 10 January, HMRC will take into account the short lead-in time businesses have had to implement all the new requirements in assessing the response to any non-compliance" and "HMRC will assess each case on its own merits."
Letting Agents and Art Market Participants are also subject to Regulation 26 BOOM approval requirements. A transitional provision allows a person to act in such a capacity for a newly regulated business, if they make an application for approval by 10 January 2021.
Regulation 58 requires HMRC to apply the 'fit and proper’ test when assessing applicants, including whether an applicant (or any BOOM) has adequate skills and experience and has acted and may be expected to act with probity.
For insight into HMRC’s approach to conducting the fit and proper test – See ‘Guidance’
No anti-money laundering or counter terrorist financing (‘AML/CTF’) framework can guarantee complete protection against, or prevention of risk. The framework which is best suited to ‘Enterprise A’, may have some similarities and differences, to ‘Enterprise B’.
The framework arrangements which best suits your organisation’s needs should include:
For more on our AML services - See AML Services