Recent publications come in light of UK’s “greater autonomy” in setting AML and CTF regulations following Brexit.

By Jon Holland, Rob Moulton, and Jonathan Ritson-Candler

Background to the review

On 22 July 2021, HM Treasury published both a Call for Evidence on a review of the UK’s anti-money laundering (AML) and counter-terrorist financing (CTF) regulatory and supervisory regime and a Consultation Paper on amendments, to be made via statutory instrument in Spring 2022 (the SI), to the UK’s key piece of AML and CTF legislation, the Money Laundering Regulations 2017, as amended (MLRs 2017). Despite both papers being published concurrently, they are “separate documents with distinct purposes”. The planned amendments to the MLRs 2017 by virtue of the SI are either “time-sensitive” or “relatively minor” and were proposals for change that were already in development. The SI will, therefore, be unaffected by the findings of the Call for Evidence and any amendments to the MLRs 2017 resulting from the Call for Evidence will be made separately.

The Call for Evidence has arisen due a number of factors, namely: (i) post-Brexit, the UK has autonomy to set AML and CTF standards to support UK competitiveness and ensure the UK is a “clean and safe place to do business”; (ii) the government’s Economic Crime Plan (published in 2019) committed HM Treasury to undertake a review of the MLRs 2017; and (iii) the MLRs 2017 require HM Treasury to carry out a review of the MLRs 2017 from time to time, with the first report due no later than 26 June 2022.

The closing date for comments on the Call for Evidence and Consultation Paper is 14 October 2021.

Scope and purpose of the Call for Evidence

The Call for Evidence will review the UK’s AML and CTF regime in three key workstreams:

1. Reviewing the overall effectiveness of the MLRs 2017 by assessing the:

a) Effectiveness of the system: a holistic look at the outcome of recent improvements (such as following the implementation of the EU’s Fifth Money Laundering Directive into UK law in January 2020) and how requirements imposed by the MLRs 2017 either contribute to high-impact activity (i.e., activity that most contributes to the overarching objectives of the AML and CTF regime) or low-value activity (e.g., compliance with mandatory requirements that is time consuming, but that does not commensurately contribute to the overarching AML and CTF objectives). The review will also seek to uncover elements that have created unintended consequences, or that are not achieving the outcomes or behaviours intended.

b) Extent of the regime (i.e., the sectors in scope as relevant entities): to ensure the sectors in scope of the regulations remain proportionate based on the risk posed, and whether any sectors currently out of scope should be brought within scope. The review suggests that sectors or sub-sectors may also be removed from scope if assessments show they are so low risk that inclusion under the MLRs 2017 becomes disproportionate (see also, the intention to de-scope certain payment service providers in the SI, per the Consultation Paper).

c) Evidence of current enforcement action: including consideration of the enforcement powers provided under the MLRs 2017, whether they remain appropriate and proportionate, and if their use by supervisors and law enforcement is effective and dissuasive. HM Treasury notes “very few” criminal prosecutions under the MLRs 2017 to date, and that the FCA has only recently commenced its first criminal AML proceedings (albeit under the previous UK rules and in the context of cash deposits at a retail bank between November 2011 and October 2016). The review is, therefore, assessing whether the relatively low number of prosecutions represents a failing of the current enforcement regime.

2. Determining whether key elements of the current regulations are operating as intended. The review is intended to identify specific regulations in the MLRs 2017 that may not consistently or proportionately support the overall aims of the MLRs 2017 or that represent a disproportionate burden, focusing on:

a) The degree to which in-scope entities feel able, in practice, to take risk-based decisions, and any barriers to doing so given the MLRs 2017 are “deliberately not prescriptive” and are intended to provide flexibility to promote a proportionate and effective risk-based approach. For example, do firms find it difficult to identify and articulate money laundering (ML) and/or terrorist financing (TF) risk and/or are firms concerned about a divergence in the supervisory expectations of a risk-based approach compared to their own?

b) Whether the rules that prescribe when enhanced due diligence must be applied and when simplified due diligence can be considered run contrary to firms’ ability to exercise a risk-based approach.

c) Any changes necessary to make it more straightforward for firms to rely on the client due diligence (CDD) carried out by other firms in place of collecting the same identification and verification documents to comply with their own CDD obligations.

d) Whether the MLRs 2017 appropriately enable the safe and effective use of existing and future technologies by firms to tackle ML and TF (such as legal entity identifiers, privacy enhancing technologies and personal digital identity technology).

e) The case for imposing new substantive legal obligations on supervisors (such as the FCA) to bring considerations of Suspicious Activity Reports (SARs) into the core of their activity and to explore the role supervisors can play in “driving up standards” in the quality of SARs. HM Treasury is considering: (i) requiring supervisors to review SARs submitted by their supervised population (such as all firms supervised for AML and CTF purposes by the FCA) as part of their wider assessments and/or to separately consider to what extent the quality and quantity of a firm’s SARs reflects its own risk assessment; and (ii) expecting supervisors to use existing enforcement powers where they identify consistently poor behaviour relating to SARs. This is likely a response to the 2018 Mutual Evaluation of the UK by the Financial Action Task Force (FATF), in which the FATF highlighted concerns about the quality of SARs submitted in the UK and questioned whether the UK could use the intelligence gathered from SARs more effectively.

f) Whether HM Treasury-approved relevant guidance is helpful to firms or whether it is potentially overly prescriptive or otherwise inconsistent so as to hamper firms in their compliance.

3. Reviewing the structure of the supervisory regime: to assess the effectiveness and appropriateness of the UK’s supervisory regime in meeting its objectives. The review will consider the overall structure of the regime, including statutory (e.g., the FCA, HMRC, and the Gambling Commission) and professional body supervisors (e.g., the Office for Professional Body Anti-Money Laundering Supervision, which supervises the 25 professional body supervisors in the legal and accountancy sectors), the strengths and weaknesses of the regime, particularly any supervisory gaps resulting from the structure, and possible options for reform (for example consolidation of the supervisory bodies or the creation of a single body with oversight of the whole regime). HM Treasury is concerned that the fragmented and devolved nature of AML and CTF supervision may create gaps in supervision, leaving it vulnerable to exploitation by criminals. This aligns with similar reforms under consideration at EU level, which may result in a single EU strategic AML supervisor.

Notably, although the review will consider important areas of overlap with the Proceeds of Crime Act 2002 (POCA), it does not aim to recommend significant changes to POCA or other legislation (including, presumably, the Terrorism Act 2000). The Home Office will consult separately on a package of legislative proposals related to economic crime.

Proposed amendments to the MLRs 2017 in the Consultation Paper

The Consultation Paper considers amendments that are time-sensitive and are required to ensure that the UK continues to meet international standards and to clarify ambiguities following Brexit. The aim, therefore, is for the SI to be “very focused” and to include a number of specific measures, including:

  • Changes in scope to exempt particular payment service providers that may present a low risk of ML and TF: the potential activities for exclusion are: (i) account information service providers; (ii) bill payment service providers; and (iii) telecom, digital and IT payment service providers. (i) and (ii) are currently supervised for AML and CTF purposes by the FCA and (iii) are supervised by HMRC (or the FCA, depending on their business model). The Consultation Paper is requesting views on whether payment initiation service providers should also be considered as presenting a low risk and should therefore be excluded from the scope of the MLRs 2017 and AML and CTF supervision.
  • Clarifying the definitions of “financial institution” and “credit institution”: the Consultation Paper is seeking views on whether the activities that qualify a firm as a financial or a credit institution should be amended to align with the Financial Services and Markets Act 2000, as amended and defined terms under the Regulated Activities Order. The review is also seeking views on whether it is currently unclear if any activities fall within the scope of the MLRs 2017 and, if so, how best to address these.
  • Clarifications to strengthen supervision: the review is considering the merits of amending the MLRs 2017 to permit, without ambiguity, AML/CTF supervisors to have a right of access to view the content of SARs submitted by their supervised populations on request. This proposal does not go so far as to include any additional specific legal obligation for the AML/CTF supervisor to review any SARs obtained from their supervised population for quality assessment purposes (however, see above regarding the Call for Evidence).
  • Amending Regulations 16, 18, and 19 to include provisions on proliferation financing: such that the MLRs 2017 will require certain regulated entities (namely, financial institutions, designated non-financial businesses, and professions and virtual asset service providers, as stipulated by the FATF) to assess the risk of potential breaches of UN targeted financial sanctions relating to the financing of proliferation of weapons of mass destruction.
  • Amending Regulations 12 and 4 to include the formation of limited partnerships in the services list in the definition of Trust or Company Service Providers: in order that the definition of Trust or Company Service Provider adequately covers all business arrangements and services provided that are required to be registered with Companies House.
  • Aligning the obligation to report discrepancies in beneficial ownership to ongoing CDD obligations: firms are required to report discrepancies between the beneficial ownership information they collate during CDD and those on record on the Persons with Significant Control Registers to Companies House. However, this obligation only applies at initial onboarding. The Consultation Paper proposes to amend firms’ ongoing CDD obligations to also reference beneficial ownership information and, in the event any discrepancies are subsequently identified, these too should be reported to Companies House.
  • Improving information sharing and gathering: by making minor amendments to improve the effectiveness of the intelligence and information sharing gateway and allow for reciprocal protected sharing between relevant authorities (with a proposal to extend the definition of “relevant authorities” to include additional government agencies such as Companies House). In addition, the Consultation Paper requests views on the merits of giving further supervisory powers to the FCA to enable it to better supervise Annex 1 financial institutions (which include, for example, firms providing financial leasing services, certain consumer credit firms, etc.) by: (i) providing the FCA with additional flexible information gathering powers; and (ii) extending the FCA’s powers to include skilled person reports and a power of direction, such as restricting a firm’s ability to take on new customers.
  • Introducing the “travel rule” to cryptoassets transfers: to replicate, insofar as practicable, the rules applicable to bank transfers in the Funds Transfer Regulation to cryptoasset transfers such that cryptoasset exchange providers and custodian wallet providers (together, cryptoasset service providers) must send and record information on the originator and beneficiary of cryptoasset transfers:

a) The information that must accompany the transfer will depend on its value and whether the cryptoasset service providers are carrying on business in the UK. Transfers below the equivalent of £1,000 must be accompanied by the originator and beneficiary’s name and account number / unique transaction identifier. Transfers above this de minimis threshold require the same information plus additional information on the originator, including their address, personal document number, and customer identification number or date and place of birth. If, however, all cryptoasset service providers involved in the transaction are UK based, the only information required is each parties’ account number / unique transaction identifier.

b) Intermediary cryptoasset service providers will also be required to ensure that all information received about the originator and the beneficiary that accompanies the transfer is retained with the transfer.

c) Cryptoasset service providers will be required to implement effective procedures to detect whether the required beneficiary and originator information is missing from an inbound transfer. This will include, if appropriate, monitoring in real time or after the transfer. When the transaction is above the de minimis threshold, the beneficiary’s cryptoasset service provider must, before making a cryptoasset available to the beneficiary, verify the accuracy of beneficiary information received with the transfer. In practice, this may be done by checking the beneficiary information is consistent with information verified as part of the CDD process.

d) If a cryptoasset service provider repeatedly fails to provide the required information, the receiving cryptoasset service provider must take appropriate steps, such as issuing warnings, before either rejecting any future cryptoasset transfers from, or restricting or terminating its business relationship with, that cryptoasset service provider.

The Consultation Paper acknowledges that introducing the travel rule to cryptoasset transfers into the MLRs 2017 is to ensure that the UK complies with FATF Recommendation 16. Notably, therefore, whilst the mandatory addition of originator and beneficiary information to such transfers is a material change, it aligns with an approach the FATF recommends globally, such that the UK will not be an outlier. The EU has recently published a package of proposals to update and amend the EU-wide Money Laundering Directives. The package includes a proposal for the creation of a new EU authority to combat ML and TF, a new regulation setting directly applicable rules on CDD and beneficial ownership in Member States as well as revisions to the Transfer of Funds Regulation to include the travel rule for cryptoasset transfers. A watchpoint for firms will be the potential for divergence between the EU’s proposals and the outcome of the UK’s Call for Evidence.