The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) effective on 26 June 2017, replaced the 2007 Regulations.
The 2017 Regulations largely apply to the same entities and individuals as the 2007 Regulations, including accountancy services; trust or company services; or related services such as tax advice, audit or insolvency. Dealers in goods who make or receive any cash payment exceeding €10,000 (the threshold was €15,000 in the 2007 Regulations), whether in one transaction or several linked transactions, must also comply. There is an exemption for those engaging in financial activity on an occasional basis if their annual turnover is less than £100,000 (increased from the previous threshold of £64,000) and other criteria are met.
The requirements of the MLR 2017 are set out below.
The regulations require a risk assessment of your firm to be conducted and documented, in order to identify money laundering and terrorist financing risks that your firm may face and how you will mitigate against these risks
Risk assessments must be proportionate to the size and nature of the firm. The risk factors to be taken into account relate to:
The firm wide risk assessment must take into account information made available by your supervisory authority. AIA has worked with other accountancy bodies to produce guidance on circumstances where there may be a high risk of money laundering or terrorist financing:
Circumstances where there might be a high risk of ML or TF
Firms must provide firm wide risk assessments, including underlying information, to their supervisory authority on an annual basis as part of the annual member firm return as well as on request.
Where appropriate to the size and nature of the business, firms must appoint a money laundering compliance principal (MLCP) and that individual must be on the board of directors (or equivalent management body), or a member of senior management, where appropriate to the size and nature of the business. Sole practitioners with no employees are exempt from this requirement.
Firms must also appoint a nominated officer (Money Laundering Reporting Officer (MLRO)), to receive internal suspicious activity reports and who assesses whether a suspicious activity report should be made to the National Crime Agency (NCA).
All firms currently have an MLRO under MLR07. Where this person is sufficiently senior then they can act as MLCP and nominated officer.
If the MLRO is not sufficiently senior and an MLCP must be appointed, the MLCP’s name must be communicated to AIA within 14 days of first appointment to aml@aiaworldwide.com.
Where appropriate to the size and nature of the business, firms must assess the skills, knowledge, conduct and integrity of those employees who are involved in identifying, mitigating, preventing or detecting money laundering and terrorist financing in the course of business. This includes those staff whose work is relevant to compliance with the regulations.
You must also regularly train your relevant employees in how to recognise and deal with transactions and other activities which may be related to money laundering or terrorist financing.
Where appropriate to the size and nature of the business, firms must establish an independent audit function to examine and evaluate the effectiveness of the firm’s AML policies, procedures and controls Sole practitioners with no employees are exempt from this requirement.
The regulations do not state that the independent audit function must be external to the firm, but it should be independent of the function being reviewed.
Firms must have written policies, controls and procedures to effectively manage and mitigate the risk of money laundering and terrorist financing, as well as data protection requirements. These policies, controls and procedures must be proportionate to the size and nature of the business, approved by senior management, regularly reviewed, updated and communicated internally within your firm.
There is also a requirement for firms with overseas subsidiaries and branches to establish group wide policies and procedures that comply with UK requirements.
The firm’s policies, controls and procedures should be risk based which means that firms should focus their resources on areas that present the greatest threat of money laundering and terrorist financing.
Firms need to provide staff with appropriate training on money laundering and terrorist financing. This training now includes an obligation to make staff aware of the law on data protection, insofar as it is relevant to the implementation of the MLR2017. A written record of training must be maintained.
Under MLR2017 AIA must approve all beneficial owners, officers and managers (BOOMs) in our supervised firms.
The approval process seeks to ensure that no BOOM has been convicted of a relevant offence as set out in Schedule 3 to the MLR 2017.
In order to be approved, HM Treasury has informed supervisors that they must obtain evidence of Disclosure and Barring Service (DBS) check to get a copy of your criminal record. This is called 'basic disclosure' check. The check will only show convictions that are not ‘spent and guidance to assist members in obtaining the required criminal record checks is provided.
Firms must perform client due diligence before establishing a business relationship and when any factors relevant to client risk assessment have changed. These include:
Firms must identify the beneficial owner of the client and take reasonable measures to verify their identity and if the beneficial owner is an entity or legal arrangement, take reasonable measures to understand its ownership and control structure. The regulations state that you can’t rely solely on Companies House registers of beneficial ownership.
There are three key changes to the CDD requirements:
SDD can be applied when you have assessed the client as low risk of money laundering and terrorist financing. MLR2017 sets out a list of factors to be taken into account when assessing whether a client presents a low degree of money laundering risk and terrorist financing. If they do, SDD measures can be applied.
Enhanced Due Diligence (EDD) should be applied where there is a higher risk of money laundering or terrorist financing. MLR2017 sets ou a list of circumstances in which EDD measures must be applied, which includes:
MLR2017 also set out a list of factors that must be taken into account in assessing whether there is a higher risk of money laundering and terrorist financing present. Under the EDD measures, the regulations require that at minimum, the background and purpose of the transaction should be examined and the frequency in which the business relationship is monitored is increased.
In addition, you may take additional measures as part of your EDD such as seeking additional independent, reliable sources to verify the information that your client has provided to you.
The regulations give a list of risk factors that might indicate that there is a high risk of money laundering or terrorist financing. You should consider these when assessing if EDD might be appropriate:
Customer risk factors:
Product, service, transaction or delivery channel risk factors:
Geographical risk factors:
The regulations require you to have appropriate risk management policies and procedures in to identify whether a client, or the beneficial owner of a client, is a PEP or a family member or known close associate of a PEP.
A family member of a PEP includes their spouse, civil partner, children and parents.
A known close associate of a PEP means:
When you identify a potential client is a PEP, you must assess the level of risk associated with your client and the extent of any EDD that you should perform on that client. As a minimum, you must:
When a client ceases to be a PEP, you must continue to apply your EDD procedures for at least 12 months (or longer if necessary, to address the risk of money laundering or terrorist financing). However, if your client is a family member or known associate of a PEP, you can stop applying EDD procedures as soon as the PEP status ends.
In determining whether someone is a known close associate of a PEP, obliged entities are allowed to rely only information they already hold or that which is freely available in the public domain.
The FCA has published guidance on the treatment of PEPs for anti-money laundering purposes.
If you place reliance on the CDD of a third party, or if a third party places reliance on your CDD, you need to be aware of the changes under the regulations.
If you are relying on a third party, you must obtain all relevant information. You must also enter into a written arrangement that confirms that the firm being relied on will provide the relevant documentation immediately on request.
Firms must keep a copy of documents and records five years after the business relationship has ceased or the completion of the transaction. At the end of the five years, firms must delete any personal data in those records unless:
In addition, firms must provide new clients with:
Firms should consider updating their letters of engagement to existing clients.
HMRC established a register of TCSPs who are not registered with the Financial Conduct Authority (FCA) covering all non-FCA registered firms. A firm must not act as a TCSP unless it is on the register or has applied and not been rejected from registration.
AIA will automatically register your firm for AML supervision on the HMRC TCSP register provided your firm is supervised for AML by AIA as an accountancy service provider AND you have declared you provide TCSP services on your annual firm declaration. Further details can be found here.
Amendments to the MLR2017
On 10 January 2020 changes to the UK Money Laundering Regulations came into force.
The Money Laundering and Terrorist Financing (Amendment) Regulations 2019 (MLR 2019), make some limited but important amendments to the existing regulations.
Further information on the key changes is available here.