Money Laundering Regulations
On 10 January 2020 changes to the UK’s Money Laundering Regulations are coming into force. The changes amend and update the UK’s AML regime to incorporate international standards set by the Financial Action Task Force (FATF) and to transpose the EU’s 5th Money Laundering Directive.
The FCA has published a page on its website as of 23rd December 2019.
The Government has also published The Money Laundering and Terrorist Financing (Amendment) Regulations 2019 (“Amendment Regulations”) which amend the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”).
Many of the changes resulting from the 5th Money Laundering Directive do not affect firms regulated by the FCA and rather the Amendment Regulations and the 5th Money Laundering Directive bring other areas and activities under the remit of anti-money laundering legislation.
Changes that may have some impact on financial services firms are outlined below. Where the term “relevant person” is used, this means the firm carrying out AML checks on its clients.
Customer Due Diligence
The Amendment Regulations have amended Regulation 28 of the MLR 2017 and has added the following provisions as a new Regulation 28 (3)(A):
“Where the customer is a legal person, trust, company, foundation or similar legal arrangement the relevant person must take reasonable measures to understand the ownership and control structure of the legal person, trust, company, foundation or similar legal arrangement”.
In addition, where a relevant person “has exhausted all possible means of identifying the beneficial owner of the body corporate and (a) has not succeeded in doing so, or (b) is not satisfied that the individual identified is in fact the beneficial owner, the relevant person must:
- keep records in writing of all the actions it has taken to identify the beneficial owner of the body corporate;
- take reasonable measures to verify the identity of the senior person in the body corporate responsible for managing it, and keep records of:
- all the actions the relevant person has taken in doing so; and
- any difficulties the relevant person has encountered in doing so”.
Regulation 28 of the MLR 2017 stated that:
- “verify” means verify on the basis of documents or information in either case obtained from a reliable source which is independent of the person whose identity is being verified;
- documents issued or made available by an official body are to be regarded as being independent of a person even if they are provided or made available to the relevant person by or on behalf of that person
The Amendment Regulations have inserted a new provision which states:
“information may be regarded as obtained from a reliable source which is independent of the person whose identity is being verified where—
- it is obtained by means of an electronic identification process, including by using electronic identification means or by using a trust service (within the meanings of those terms in Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23rd July 2014 on electronic identification and trust services for electronic transactions in the internal market); and
- that process is secure from fraud and misuse and capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity.”.
As such, verification of identity by electronic means is now permitted.
The Amendment Regulations have inserted a new Regulation 30A for firms to report to Companies House discrepancies between the information the firm holds on their customers compared with the information held in the Companies House Register.
Enhanced Due Diligence
The Amendment Regulations have made some changes to Regulation 33 of the MLR 2017 concerning enhanced due diligence and now requires that enhanced due diligence measures to be undertaken in transactions that are, amongst other factors, complex or unusually large rather than complex and unusually large.
In addition, enhanced due diligence measures taken by a relevant person in any business relationship with a person established in a high-risk third country or in relation to any relevant transaction where either of the parties to the transaction is established in a high-risk third country must include:
- obtaining additional information on the customer and on the customer’s beneficial owner;
- obtaining additional information on the intended nature of the business relationship;
- obtaining information on the source of funds and source of wealth of the customer and of the customer’s beneficial owner;
- obtaining information on the reasons for the transactions;
- obtaining the approval of senior management for establishing or continuing the business relationship;
- conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination.”
Other changes include adding new businesses to the definition of obliged entities thereby bringing them under the remit of the MLR 2017. The new businesses covered by the legislation are letting agents, art market participants (including operators of freeports), and providers of exchange or storage services for “crypto-assets” (as defined in new regulation 14A) such as virtual currencies. The definition of tax adviser is also extended to those who provide material aid or assistance on tax.
Businesses carrying out certain crypto-asset activities will need to comply with the MLRs in relation to those activities from 10 January 2020, and such businesses need to register with the FCA during 2020.
Regulation 6 of the Amendment Regulations inserts a new Part 5A into the MLR 2017 to require the Treasury or the Secretary of State to establish a mechanism to enable law enforcement authorities and the Gambling Commission to obtain information about safe-deposit boxes and about accounts held with banks, building societies and credit unions.
This new Part 5A imposes duties on credit institutions and the providers of safe custody services to respond to requests for information, via a central automated mechanism. A law enforcement authority or the Gambling Commission may request details related to accounts and safe-deposit boxes including, but not limited to, name, date of birth and address of the holder(s) or beneficial owner(s).
Amendments to regulation 38 of the MLR 2017 regarding electronic money mean that firms can only forego customer due diligence measures in situations where:
- the maximum amount which can be stored electronically is €150 (previously €250)
- the payment instrument used in connection with the electronic money (the relevant payment instrument) is:
- not reloadable; or
- is subject to a maximum limit on monthly payment transactions of €150, which can only be used in the UK (previously €250)
- the relevant payment instrument is used exclusively to purchase goods or services
- anonymous electronic money cannot be used to fund the relevant payment instrument
If you have any queries, please contact your usual Complyport Consultant.