The UK’s new money laundering regime
November 2017 | PROFESSIONAL INSIGHT | BANKING & FINANCE
Financier Worldwide Magazine
November 2017 Issue
The Money Laundering Regulations 2017 (MLR2017) introduced a number of new provisions that replace and expand the requirements of the Money Laundering Regulations 2007. MLR2017 was laid before parliament with only a single working day before the deadline for its coming into force, which left those regulated by MLR2017 very little time to update and implement new compliant policies. This article provides an overview of the key changes that must be reflected in anti-money laundering (AML) policies and procedures.
The ‘risk based approach’
There has been a move away from the more formulaic ‘tick box’ regulation that characterised the old framework, and in its place a new ‘risk based’ approach is mandated by MLR2017. Relevant persons, as defined by the regulations, will need to undertake risk assessments of their businesses to evaluate whether the policies and procedures are commensurate with the risks. Such assessments should take account of all business relationships, and consider factors such as the geographic location of customers, the products and services, as well as the nature and type of transactions and delivery channels in which the business and its customers are engaged.
These assessments must be documented and inform the relevant AML policies and procedures. If deemed appropriate, with regard to the nature and size of the business and the level of any identified risks, the introduction of an internal audit should be considered in order to test the robustness of the policies and procedures. The responsibility for conducting and reviewing assessments and the policies and procedures must rest with a senior manager or board member, often referred to as the Money Laundering Compliance Principal (MLCP). The MLCP will also be responsible for ensuring appropriate training is given to relevant staff covering the business’ approach to, among other factors, risk mitigation, due diligence and reporting responsibilities. Relevant staff members include those who occupy any role defined in MLR2017, or those who contribute to the identification and mitigation of risk or the prevention and detection of money laundering.
Standard due diligence
Customer due diligence remains a crucial component of the new framework. Appropriate due diligence must be performed prior to the establishment of a new business relationship and in circumstances in which factors relevant to risk assessments have changed, for example, there has been a change in the corporate structure, or the services provided.
MLR2017 introduces a number of changes to the previous due diligence requirements. For example, if the prospective customer is a company, the following information must be obtained, verified and documented as a minimum: its name, registration number, registered address, principal place of business, the law to which it is subject, its constitution and names of senior management. All individuals purporting to act on behalf of a customer and the identity of all owners and beneficial owners must be verified; it will not be sufficient to rely merely on records held at Companies House.
Due diligence efforts may be simplified in circumstances in which the prospective customer is a publically owned enterprise, a financial institution subject to MLR2017 or a company that’s securities are listed on a regulated market. In addition, where a risk assessment determines a customer as low risk, for example as a result of its geographic location, or its products representing a low risk, simplified measures may be appropriate. The key consideration is that risk is appropriately assessed and documented so that decisions on due diligence efforts can be justified.
Enhanced due diligence
In certain circumstances, MLR2017 requires that due diligence efforts be enhanced so that they can appropriately mitigate identified risks. In circumstances in which a high risk of money laundering is identified following the risk assessment, enhanced due diligence must be undertaken. Risk factors might include: the customer business relationships are conducted in unusual circumstances; the customer is a resident in a region considered high risk; the business relationship is or appears to be a vehicle for holding personal assets; the customer is a cash intensive business; the corporate structure is unusually or excessively complex or diffuse; or payments are offered or received from unknown third parties. MLR2017 requires as a minimum that in such cases there is increased scrutiny of the background and purpose to any transactions and enhanced monitoring of the business relationship. Practical steps may include seeking independent, reliable information to verify information provided by the customer.
Politically exposed persons
When considering entering a business relationship with a politically exposed person (PEP), defined as an individual who is entrusted with prominent public functions, other than as a middle-ranking or more junior official, enhanced due diligence must be applied. Furthermore, MLR2017 extends the scope of PEPs to include family members and close associates. Family members include spouses and civil partners, children and parents. A close associate is defined as an individual known to have business relations with a PEP, or an individual who has sole ownership of an entity or arrangement that is known to be established for the benefit of a PEP. In such cases, approval for a business relationship should be sought from senior management or MLCP, appropriate measures should be undertaken to understand the provenance of the PEP’s assets and funds, and enhanced monitoring of the business relationship is an ongoing requirement.
Furthermore, MLR2017 introduces the requirement that enhanced due diligence will be required for a period of 12 months after the PEP leaves their prominent public function. Family members and close associates are not subject to this legacy requirement under MLR2017, but nevertheless, appropriate risk assessments should take place to determine the level of due diligence and ongoing monitoring required.
For those operating subsidiaries outside the European Union (EU), the MLR2017 requirements must be applied to those subsidiaries as a minimum standard. That is to say that the relevant domestic legislation in a foreign jurisdiction must be assessed alongside MLR2017 and the higher standard must be adopted, notwithstanding the fact that the domestic legislation may not require it.
For subsidiaries located within the EU, the relevant domestic legislation that implements the fourth money laundering directive is the standard to be applied.
New criminal offence
While the criminal offences relating to money laundering remain in place, MLR2017 creates a new offence. Any person who recklessly makes a false or misleading statement in the context of a money laundering investigation can now be punished by a fine, a maximum of two years imprisonment or both.
When read together with the Criminal Finances Act 2017, which introduced, among other provisions, further information orders, unexplained wealth orders and the new offence of failure to prevent facilitation of tax evasion, the regulatory landscape has undergone significant change in 2017. Professionals across all industries and sectors will need to familiarise themselves with those changes and update and amend their policies and procedures in order to ensure that they and their businesses remain compliant.
Robert Amaee is a partner and James McSweeney is an associate at Quinn Emanuel. Mr Amaee can be contacted on +44(0)20 7653 2000 or by email: firstname.lastname@example.org. Mr McSweeney can be contacted on +44 (0)20 7653 2000 or by email: email@example.com.
© Financier Worldwide
Robert Amaee and James McSweeney