3rd February 2020
The Money Laundering and Terrorist Financing (Amendment) Regulations 2019 came in to force on 10 January 2020, with the effect of implementing Fifth Money Laundering Directive into UK law.
Money laundering is said to be a key enabler of serious and organised crime, which costs the UK at least £37 billion every year, hence why there is so much government activity in this area.
Businesses that are caught by money laundering regulations need to ensure that staff are adequately trained in respect to the core obligations and changes, breach of which is a criminal offence and can in some instances attract further regulatory sanction.
Tax advisers: The definition of tax adviser is expanded to include those who offer material aid or assistance on tax matters.
Estate agency: The scope of regulated businesses in the property agency sector is expanded to include the letting agency sector for high value transactions with a monthly rent of EUR 10,000 or more.
Art intermediaries: Art market participants for transactions exceeding EUR 10,000, including art galleries, auction houses and freeport operators storing high-value art, are also brought into scope of the legislation.
Cryptoassets: Cryptoasset exchange providers and custodian wallet providers are also brought into scope of the MLRs, to ensure the UK meets evolving global standards and fully addresses emerging risks. Regulation 14A within Part 2 of the amended MLRs sets out the definition of custodian wallet providers and cryptoasset exchange providers. The latter includes where the firm or sole practitioner offers exchange services as creator or issuer of any of the cryptoassets involved (often this is referred to as an “initial coin offering” by industry). This is because initial coin offerings are another point of exchange at which those in possession of illicit funds could launder their money into a new, clean cryptoasset, obfuscating the original source or purpose of such funds.
The definition of cryptoasset exchange providers also extends to operating a machine which automates such an exchange, commonly known as a cryptoasset automated teller machine (“CATM”). The Amending Directive requires the UK to regulate “virtual currency” exchange providers and wallet providers. The FATF standards refer to “virtual asset” service providers.
The UK government has chosen to use the definition of “cryptoasset” in these Regulations instead of the term “virtual currency”. The UK’s Cryptoasset Taskforce previously set out that “cryptoasset” includes exchange, security and utility tokens. The government considers that all relevant activity involving all three types of cryptoassets should be captured in AML/CTF regulation. Respondents to the consultation on the implementation of the Amending Directive agreed with this approach and were of the view that the “virtual currency” definition in the Amending Directive should be broadened in scope.
In adopting the UK’s taskforce definition, it also confines the scope of cryptoassets to those using distributed ledger technology, which HM Treasury considers is a more specific and precise definition that still meets the EU’s ultimate intention to regulate this sector for AML/CTF purposes.
Enhanced Due Diligence (EDD)
The instrument makes amendments to Part 3 of the MLRs in relation to CDD measures to be taken by regulated businesses. Letting agency businesses must apply CDD DExEU/EM/7-2018.2 4 measures in relation to both the tenant and landlord for rental agreements with a monthly rent of EUR 10,000 or more.
Art market participants must apply CDD measures when carrying out transactions equivalent to EUR 10,000 or more in relation to the sale of a work of art. CDD measures must also be carried out by cryptoasset exchange providers and custodian wallet providers entering into a business relationship and in other specified cases in line with other relevant persons.
CATM operators must also carry out CDD for all exchanges of money for cryptoassets, whatever the amount. The reason for this is that the government has seen evidence that CATMs could be used for illicit purposes, such that setting a value threshold could see repeat business or “smurfing” just below this threshold to circumvent CDD measures.
The instrument makes several amendments to regulation 28 of the MLRs on CDD measures.
Firstly based on FATF recommendations 10.8 and 22.1, the instrument introduces an explicit CDD requirement for relevant persons to take reasonable measures to understand the ownership and control structure of their customers.
Secondly, to require relevant persons to take reasonable measures to verify the identity of senior managing officials when the beneficial owner of a body corporate cannot be identified.
Policies, Controls and Procedures
The instrument also makes two further amendments in Part 2 based on the latest FATF recommendation concerning the policies, controls and procedures for regulated businesses. Firstly, based on FATF recommendation 15.2, relevant persons must ensure that they have policies to ensure they undertake risk assessments prior to the launch or DExEU/EM/7-2018.2 5 use of new products or business practices, as well as new technologies.
Secondly, based on FATF recommendation 18.2(b), parent undertakings must also ensure they have group-wide policies on the sharing of information about customers, customer accounts and transactions for AML/CTF purposes. Relevant persons must also take appropriate measures to ensure agents used for the purposes of its regulated business receive AML/CTF training, ensuring a first line of defence against illicit finance.
Bank Account Portal
The instrument inserts a new Part 5A into the MLRs, which requires the establishment of a mechanism for the FIU and competent authorities to access details pertaining to UK bank accounts, building society accounts, certain credit union accounts and safe-deposit boxes.
The details that can be accessed are limited to details about the account/safe-deposit box itself (the IBAN number, roll number or alternative, date of account opening/lease beginning, date of account closing/lease ending, and duration of a lease) as well as details about the account holder and beneficial owner, or safe deposit box owner, lessee, controller or key holder (their name, date of birth, address and ID number provided under regulations 28-29 and 33-37 of the MLRs).
This does not impose any additional requirements for institutions to collect data. Law enforcement cannot use this mechanism to access details about transaction history or contents of an account or safe deposit box.
How can we help?