The Treasury launched a consultation on 15 September 2016 entitled ‘Transposition of the Fourth Money Laundering Directive (‘4MLD’ or ‘the directive’)’ (‘the consultation’) 1. It outlined how the government intended to implement the directive and the Fund Transfer Regulation 2 (‘FTR’), which accompanies it. The consultation closed on 10 November 2016, with the government receiving 186 responses from a cross-section of stakeholders including supervisors, industry, non-governmental organisations and government departments. A copy of the consultation can be found on gov.uk.
The directive aims to give effect to the updated Financial Action Task Force (FATF) standards 3. It introduces a number of new requirements on relevant businesses and changes to some of the obligations found under the Third Money Laundering Directive (‘3MLD’) and the Money Laundering Regulations (‘MLRs’) 4. The FTR updates the rules regarding information on payers and payees accompanying transfers of funds, in any currency, for the purposes of preventing, detecting and investigating money laundering and terrorist financing (ML/TF), where at least one of the payment service providers involved in the transfer of funds is established in the EU.
The overall objective of transposition is to ensure that the UK’s anti-money laundering and counter terrorist financing (AML/CTF) regime is kept up to date, is effective and is proportionate. This will enable the UK to have a comprehensive AML/CTF regime and ensure that the UK’s financial system is an increasingly hostile environment for ML/TF.
The government sought views and evidence on the steps it proposed to take or should take, to transpose 4MLD and those aspects of the FTR that need to be transposed into national law. This document gives an outline of the responses submitted and the government’s policy positions following the consultation. A number of key decisions emerged from the consultation, including:
- a requirement for Her Majesty’s Revenue and Customs (HMRC) to act as the registry authority for all trust and company service providers (TCSP), who are not registered by HMRC themselves or the Financial Conduct Authority (FCA)
- an extension of the fit and proper test to agents of money service businesses (MSBs), which will be carried out by HMRC
- retaining letting agents within the scope of the new regulations where they carry out estate agency work within section 1 of the Estate Agents Act 1979 (as amended)
- the exemption of all gambling service providers from the requirements of the directive, except remote and non-remote casinos
- a decision not to allow pooled client accounts to be automatically subject to simplified due diligence, but instead for this to be applied on a risk based approach
A draft of the ‘Money Laundering Regulations’ (‘2017 MLRs’) can be found published alongside this consultation document. The 2017 MLRs have been informed by the responses submitted and reflect the government’s policy decisions. The Treasury welcomes views on the draft regulations, in particular your views on whether the drafting delivers the government’s stated aims, as well as on the further policy questions posed in this document. The government’s final policy decisions will be implemented through legislation to come into force by 26 June 2017.
1.1 Responding to the consultation
The government welcomes your views on the draft regulations.
Electronic responses are preferred and should be sent to: firstname.lastname@example.org
Questions or enquiries specifically relating to this consultation should also be sent to the above email address. Please include the words 4MLD CONSULTATION VIEWS or 4MLD CONSULTATION ENQUIRY (as appropriate) in your email subject line. If you do not wish your views to be published alongside the government response to this consultation, please clearly specify this in your email.
Hard copy responses may be submitted to:
Consultation on Transposition of 4MLD
Sanctions and Illicit Finance Team
1 Blue, HM Treasury
1 Horse Guards Road
1.2 Confidentiality and Disclosure policy
Information provided in response to this consultation, including personal information, might be published or disclosed in accordance with the access to information regimes. These are primarily the Freedom of Information Act 2000 (FOIA), the Data Protection Act 1998 (DPA) and the Environmental Information Regulations 2004. If you want the information that you provide to be treated as confidential, please be aware that, under the FOIA, there is a statutory Code of Practice that public authorities must comply with and which deals, amongst other things, with obligations of confidence.
In view of this it would be helpful if you could explain to the Treasury why you regard the information you have provided as confidential. If government receives a request for disclosure of the information, the Treasury will take full account of your explanation, but it cannot give an assurance that confidentiality will be maintained in all circumstances.
An automatic confidentiality disclaimer generated by your IT system will not, of itself, be regarded as binding on the Treasury. Your personal data will be processed in accordance with the DPA, and in the majority of circumstances, this will mean that your personal data will not be disclosed.
The closing date for comments to be submitted is 12 April 2017.
The requirements of the directive and FTR must come into effect through national law by 26 June 2017 in line with Article 67 of the directive and Article 27 of the FTR.
As noted in the consultation document, elements of 4MLD were reopened following terrorist attacks in Europe and the leak of the ‘Panama papers’. These negotiations are still ongoing. The government intends to transpose 4MLD in full by 26 June 2017 and will separately consult on the amended directive once it has been published in the Official Journal of the European Union and has come into force.
On 23 June, the EU referendum took place and the people of the United Kingdom voted to leave the European Union. Until exit negotiations are concluded, the UK remains a full member of the European Union and all the rights and obligations of EU membership remain in force. During this period the government will continue to negotiate, implement and apply EU legislation.
2. Who is covered by the directive?
Where there is little risk of money laundering or terrorist financing, the government has the discretion to exempt some persons engaging in financial activity on an occasional or very limited basis, from the requirements under the directive.
The government proposed adopting a turnover threshold of £100,000 for persons engaging in financial activity on an occasional or very limited basis, with the aim of reducing the administrative burden on businesses whilst retaining a “sufficiently low” figure as required by the directive and in line with proper risk-assessment. The vast majority of respondents to the consultation agreed with this limit, particularly given that all other criteria such as the financial activity not being the main activity of such persons, the financial activity being limited on a transaction basis, and given that a set of sectors are already excluded from exemption. The government therefore proposes to increase the current turnover threshold to £100,000.
3. Due diligence requirements and reliance
The obliged entities that fall within scope of the directive will need to apply different levels of due diligence measures to manage the risk of money laundering and terrorist financing. This may entail either customer due diligence (CDD), simplified due diligence (SDD) or enhanced due diligence (EDD).
3.1 A risk-based approach and ongoing monitoring obligations
The consultation document asked when stakeholders thought CDD measures should apply to existing customers while using a risk-based approach. Many respondents suggested general factors which would necessitate the application of CDD to existing customers to be set out in legislation. This is reflected in the draft regulations. Respondents generally felt that more detailed examples should be set out in sector-specific guidance and determined by firms themselves. This was on the basis that firms and supervisors can best understand their individual and sector risk profiles, that the factors affecting risk will vary by sector and that too much prescription in legislation may lead to a “tick-box” approach.
The government has therefore decided to include a summary of the risk factors set out in Annex 1 of the directive in the new regulations, in line with a risk-based approach. More detailed examples for different sectors can then be set out in sector-specific guidance.
The government requested views on what changes in circumstances should warrant obliged entities applying CDD measures to their existing customers. Stakeholders specifically mentioned:
- the majority thought that a change of name would require new CDD checks to avoid confusion over identity. This would become apparent at the point of a new transaction, but also if a customer informed the business, or for example if mail was returned to sender
- a change in marital status was thought to be relevant if the customer married a PEP. If it led to a name change there would be associated re-verification, but this would not necessarily link to increased risk of money laundering
- a change of address could affect risk if it involved moving to a higher risk jurisdiction, or potentially out of their current area, or to a different price range
- for companies, a change in the corporate structure, or significant change in beneficial ownership
- a change in vocation or promotion at work for a customer could affect their money laundering risk, for example if the customer became a PEP. However, some respondents also highlighted that information on vocation was more burdensome to request than information verifying identity and address. It may be more relevant for Source of Wealth or Source of Fund checks or, for example, for private banking
- where ownership of property changes, or where mortgages are paid off quickly or there is a change in the frequency of payments
- a combination of two or more changes at the same time were more likely to trigger CDD or EDD
The current Money Laundering Regulations (2007) provide threshold values for CDD in euros (directly from the directive) as opposed to pounds sterling. We will continue this approach in the updated Money Laundering Regulations. This means that any reference to an amount in euros should be considered as also a reference to an equivalent amount in any other currency and that the equivalent in sterling (or any other currency) on a particular day of a sum expressed in euros is determined by converting the sum in euros into its equivalent in sterling or that other currency using the London closing exchange rate for the euro and the relevant currency for the previous working day.
3.2 One-off company formation
The government requested views in the consultation on clarifying, through appropriate guidance, that a one-off company set-up is a business relationship which has an element of duration.
There were mixed views in response, although a number of respondents supported guidance confirming that one-off business formation constitutes a business relationship. The National Risk Assessment (NRA) 5 highlights that the nature of the services offered by TCSPs means that they do not see the activity of the company once it is formed, unless they subsequently provide further services to that customer. For the TCSP, the onset of the transaction (i.e. being instructed to form the corporate vehicle) is when suspicion would present itself. Therefore having adequate understanding of the regulations, and of the indicators that trusts or companies are being established to facilitate money laundering or terrorist financing, is an important preventative measure for TCSPs.
The government has therefore set out in the new regulations that when a trust or company service provider is asked to form a company, this is to be treated as a business relationship whether or not the formation is the only transaction being carried out for that customer.
The government is interested in views on its approach to one-off company formation, including under which circumstances it might be appropriate, as part of the risk-based approach, for a trust or company service provider to apply simplified due diligence where it concerns the formation of a single company.
3.3 Simplified Customer Due Diligence
The government has proposed removing the list of products that could be subject to SDD currently set out in the current Money Laundering Regulations and adhering to the non-exhaustive list of factors outlined in Annex II of the directive. These include considering types of customers, geographic areas, and particular products, services, transactions or delivery channels.
The consultation also asked whether there were other factors or types of low risk situations which should be considered when deciding to apply Simplified Due Diligence.
There were quite a lot of firms in favour of removing the existing prescriptive list of SDD exemptions currently in the MLRs on the basis that this would promote a risk-based approach, and because SDD should be responsive to emerging risks, as set out in the NRA and other sector and firm level risk assessments. They did not think that there should be an exhaustive list, and wanted to avoid a tick-box approach. Generally these respondents supported having further illustrative examples or a non-exhaustive list in guidance underpinning the regulations, which some highlighted would be easier to keep up-to-date than a list in the regulations. However, other respondents supported keeping the existing list, to provide greater clarity.
A number of respondents highlighted life insurance as a low risk sector which should be considered for simplified due diligence. This is already included in the non-exhaustive list of potentially lower risk situations included in Annex II of the directive, and the NRA also identified this as an area of low risk. Life insurance policies where the premium is low will therefore be reflected in the non-exhaustive list in the new regulations. There was no clear consensus on any other additional factors which should be set out in the regulations, however, the government agrees with those respondents who suggested that any further low risk situations identified in sector specific risk assessments could be set out in sector specific guidance.
The government has therefore decided to include a non-exhaustive list of factors in the new regulations, in line with a risk-based approach. More detailed examples can then be set out in sector specific guidance.
3.4 Simplified Due Diligence and Pooled Client Accounts
The consultation document asked about the risks relating to pooled client accounts (PCAs) and mitigating actions; the effect of removing SDD for pooled client accounts; views on the retention of SDD measures on pooled client accounts; and views on the ESA guidelines treatment of pooled client accounts.
Many respondents argued that pooled client accounts were low risk, both because the funds were overseen by regulated sectors, and because checks were carried out on clients before funds were deposited. These respondents also highlighted the administrative burdens of removing SDD on PCAs. These included duplicative CDD, and the practical difficulties of holding account information, both for large firms who had thousands of client transactions per day, and also for smaller firms.
Others, however, highlighted that the risks were as high or low as the quality of the firm, and that PCAs could potentially be exploited for money laundering. Examples included the combining of tainted and clean money, or sending money to the account and then reclaiming it, claiming an erroneous transfer. This is supported by findings in the last NRA, which highlighted that law enforcement agencies in the UK have seen cases where client accounts have been used to provide personal banking facilities to criminals, to move and store large sums of criminal proceeds and to obscure the audit trail of criminal funds.
Given that there was no consensus that PCAs always present a low risk of money laundering, the government view is that PCAs should not be automatically subject to SDD, but rather on a risk-based approach. The government has therefore included PCAs in the new regulations on that basis.
The government welcomes views on its approach to allow SDD only when firms providing pooled client accounts are low risk.
3.5 Reliance on third parties
Obliged entities may, in certain circumstances, rely on third parties to meet the CDD requirements. The consultation document asked a number of questions relating to reliance, specifically the consultation asked for views on the meaning of a federation and member organisation; whether there were any additional institutions or persons situated in a member state or third country that could be relied upon; whether the regulated sector relies on third parties to meet some CDD requirements and finally, whether sub-agents should be able to rely on principal estate agents.
In consultation responses and comments at consultation events, the government has been informed that reliance is very rarely used by obliged entities in the UK. With the ultimate responsibility for meeting CDD requirements remaining with the obliged entity, the responses noted that the risks of relying on a third party are generally greater than the benefits. Some consultation responses noted that one of the barriers to reliance is that third parties can be slow in providing copies of identification documentation to help identify the customer or its beneficial owner. One suggestion was to set out in the regulations how long the third party has to provide these documents. With a view to tackling the barriers to firms using reliance, the government has included a reference to “at the latest within two working days”.
The government would welcome views on whether the reference to “at the latest within two working days” should be included and if not, how long third parties should be given to provide this information.
Compared to the Money Laundering Regulations 2007, there has been a significant expansion of the third parties that can be relied upon, with the proposed regulations now allowing reliance on all of the regulated sector captured under these regulations.
There was a range of views on the meaning of a federation and member organisation, with many responses seeking greater clarity on the definition of both a federation and member organisation. Some responses felt that the interpretation of member organisations is generally accepted as meaning the constituent firms within a group that are subject to the directive. Similarly for a federation, the term is interpreted to mean a group of several obliged entities associated by a legal or contractual agreement. To capture these views, the government has proposed one expansive meaning rather than two separate meanings.
The consultation document asked whether the regulated sector relies on third parties to meet some CDD requirements. The majority of responses stated that they did not outsource CDD checks, noting that they could not justify the cost given that they would continue to be liable for any failure to apply the measures. There were some organisations that do outsource CDD checks but they closely monitor the performance of the third party. The government has made clear in the regulations that obliged entities can use an outsourcing service provider but notes that the obliged entity will continue to be liable for ensuring that CDD requirements are met.
The consultation asked whether sub-agents should be able to rely on principal estate agents. The majority of responses were positive, welcoming the possibility of sub-agents relying on due diligence carried out by principal agents. The regulations now take a widened approach to reliance and it will be for the persons to ensure that they come within its terms.
4. Gambling providers
Under the existing MLRs, only holders of a casino operating licence are subject to the requirements. The directive effectively brings the entire UK gambling industry into scope.
However, the directive provides the option of exempting “in full or in part, providers of certain gambling services” (non-remote and remote providers, except casinos) from its requirements. Exemptions, however, can only be made on the “basis of the proven low risk posed by the nature and, where appropriate, the scale of operations of such services”.
The government recognises that the gambling industry is not immune to money laundering – a view reflected in the 2015 NRA. The industry is highly segmented, with a wide range of operators offering diverse products in different environments to different types of customers with various payment methods. The NRA noted that the nature of the services and products the sector provides can make it attractive to criminals seeking to spend criminal proceeds as part of a criminal lifestyle or to conceal or disguise the origins of criminally derived cash.
The Gambling Commission’s industry-specific risk assessment highlights the continued risks faced by gambling providers. While recognising that the level of ML/TF risk varies across gambling sectors, it notes that “a significant proportion of the money laundering that takes place within the gambling industry is by criminals spending the proceeds of crime, for example, for gambling purposes, rather than the traditional ‘washing’ of criminal funds”. More specifically, the Gambling Commission’s risk assessment notes that betting (non-remote), casinos (non-remote) and remote (casinos, betting and bingo) all carry significant ML/TF risks, when compared with other gambling services. Risks in these sectors include “ineffective controls and risk management” which exacerbate additional vulnerabilities such as “customers not being physically present for identification”; “gambling operations being run by organised criminals to launder criminally derived funds”; “peer to peer gaming”; “the use of false documentation to bypass controls”, and “the accessibility to multiple premises [especially] where Fixed Odds Betting Terminals are present”.
Responses to the consultation also highlighted a number of risks. For example, one submission noted that “cash transactions, combined with accessibility to multiple premises and anonymity on the part of the customer, are significant risk factors in the industry”. Another noted that for gaming machines (outside casinos), “a perpetrator can deposit illicit cash into high-stakes gaming machines or use it to purchase tokens for the machines and then stake only a small part of the amount, requesting a pay-out of the remaining funds into a bank account or in cash with a receipt”.
However, the NRA classified the gambling sector as low risk in relation to other regulated sectors. This is partly because there are a number of mitigating factors which help to manage risks in the gambling sector. These include:
The legislative framework: The licence conditions (mentioned in paragraph 4.8 below) are reinforced by obligations under the Proceeds of Crime Act 2002 6 (POCA), which apply to all gambling operators. POCA requires gambling operators to be alert to attempts by customers to gamble money acquired unlawfully, either to obtain legitimate or ‘clean’ money in return (and in doing so, attempting to disguise the criminal source of the funds) or simply using criminal proceeds to fund gambling. As a result, it places an obligation on the gambling operator to continually assess and understand information relating to gambling activity by the same customer in different parts of the business so that the operator has a fuller picture of the risks to which they are exposed. This information builds on the risk-based approach required of gambling operators. Where operators know or have suspicion that a person is engaged in money laundering, they are obliged to submit a suspicious activity report (SAR). The Criminal Finances Bill currently before Parliament will extend cash seizure powers to gaming machine vouchers.
Licence conditions: The Gambling Act 2005 requires gambling firms operating in, or selling to consumers in, Great Britain to be licensed by the Gambling Commission. The Act sets out three licensing objectives, the first of which is to prevent gambling from being a source of crime or disorder, being associated with crime and disorder, or being used to support crime. To support compliance with the Act, the Gambling Commission has in place a range of licence conditions and codes of practice, and publishes guidance and advice to gambling operators, including advice in relation to money laundering and the proceeds of crime. It also conducts suitability checks on all persons relevant to the business, including beneficial owners, persons who may exert influence over the business other than through ownership, and on key management personnel. Persons in key management positions must be licensed by the Commission and are subject to the same sanctions that are applied to operating licence holders.
In 2016, the Gambling Commission amended its licence conditions and codes of practice (LCCP) for all operators in relation to the prevention of crime associated with gambling, with a particular focus on anti-money laundering provisions. Changes to the LCCP include requiring licence holders to conduct an appropriate assessment of ML risks to their business, take account of this assessment to develop appropriate policies, procedures and controls, and implement them effectively. The AML assessment must be updated in the light of any changes and reviewed at least annually. Another new condition is for all remote casino operators with gambling equipment located outside Great Britain to comply with the MLRs (this replaced an individual condition which attached to the licence of each relevant operator) and an amendment to an existing licence condition requiring all licensees to have and put into effect appropriate cash handling policies.
Responses to the consultation supported the view that requirements placed on gambling operators - for example on staff training and stringent systems and controls - has had the effect of reducing the unregulated gambling sectors’ risk profile. A number of responses cited the NCA’s Suspicious Activity Reports (SARs) Annual Report 2014 7, which noted that the number of SARs submitted by the “non-regulated (gaming) sector increased by 77.19% year-on-year”. The respondents argued that this does not necessarily reflect an increase in money laundering activity, but rather “greater awareness in the sector of money laundering” – citing for example that “Licensed Betting Offices (LBOs) reported 0.06 SARs per unit (140 from 9000 LBOs) while casinos reported 7.5 SARs per unit (1052 from 140 casinos). Therefore casinos reported 125 times as many SARs as LBOs”. Responses also noted that the amount of ML/TF activity in the unregulated gambling sector is reflected by “the low level of enforcement enquiries made” and “the very low level of SARs reported by the sector that result in criminal prosecution”. A leading nationwide gambling operator noted that “in 2015 they had a total of 1 follow-up enquiry relating to SARs submitted and 25 law enforcement enquiries overall. In 2016 – up to 31 October – they had had no enquiries relating to submitted SARs”.
The role of the Gambling Commission: The legislative framework, either embedded through POCA or strengthened through the updated LCCP, does provide the Gambling Commission – a unique regulator in Europe – with a specific remit to keep gambling crime free and the powers to compel industry to take action. The Commission’s operational approach was viewed as a significant factor in effectively addressing the money laundering risks in the unregulated gambling sector. One submission noted that “the Gambling Commission has taken punitive action in cases where operators are non-compliant with AML/CTF controls and has put a notable emphasis on the industry learning from these cases and sharing best practice”.
Industry Action: With increased awareness, the industry has also taken steps to mitigate the risks of money laundering, primarily through effective systems and controls. For example, one submission to the consultation noted that “operators employ advanced internal control systems, which are built on a risk based approach and flag suspicious activity for enhanced customer due diligence”. A further clear example of industry initiative has been the creation of the Gambling Anti-Money Laundering Group (GAMLG), which aims to improve the gambling industry’s ability to combat money laundering through close public-private sector partnership. It proposes to do this primarily by producing, in collaboration with the Gambling Commission, good practice guidelines. Its remit will also include “the development of an industry-wide risk assessment and information sharing across operators in both the remote and non-remote environments”.
As outlined above, the UK’s NRA deems gambling to be low risk relative to other regulated sectors, and this is partly due to the mitigating factors detailed above which reduce the risk profile of the gambling sector. In context, in 2014-15 the gambling sector as a whole submitted 0.37% of all SARs, while the banking sector submitted 83.39% (a total of 318,445). As a result, the government will utilise the powers provided within the directive to exempt gambling sectors which are lower risk, apart from non-remote and remote casinos, which cannot be exempted. Therefore, the current position will be maintained where only holders of casino operating licences will be subject to the requirements under the new regulations.
The Gambling Commission will remain the supervisory authority for overseeing compliance with the MLRs in the casino sector. It will also be expected to continue to address money laundering risk in the remainder of the industry using a combination of requirements under POCA and existing regulatory and criminal investigation powers. To be an effective AML supervisor for the gambling industry, the Gambling Commission will need effective collaboration with law enforcement agencies – including improved access to information.
The government will regularly review its position on the ML/TF risk that gambling providers present. Moreover, the Gambling Commission will continue to evaluate ML/TF risk across all gambling sectors, and this information will contribute to and influence future NRAs. Importantly, the government recognises that the risk levels attributed to a particular gambling sector are not static and will vary over time. As a result, if a gambling sector can no longer be deemed low risk (including where the sector fails to adequately manage the ML/TF risks) then the exemption could not be maintained. It is therefore imperative that gambling providers comply with the requirements of the Gambling Act and the strengthened LCCP to ensure that they have effective policies, procedures and controls in place to mitigate ML/TF risks, and continue to raise standards. The Gambling Commission will continue to monitor compliance and where operators fail to meet their obligations they will act accordingly.
5. Electronic money
The MLRs set out that a relevant person may apply SDD for electronic money (as defined in the Electronic Money Directive) where there are reasonable grounds to believe that the product related to the transaction is e-money and:
- if the device cannot be recharged, the maximum amount stored in the device is no more than €250 or in the case of electronic money used to carry out payment transactions within the UK, €500
- if the device can be recharged, a limit of €2,500 is imposed on the total amount transacted in a calendar year, except when an amount of €1,000 or more is redeemed in the same calendar year by the electronic money holder (as defined in the same Electronic Money Directive)
4MLD limits the circumstances in which e-money issuers can be exempted from CDD based on an appropriate risk assessment that demonstrates a low risk, and where all of the following risk-mitigating conditions are met:
- the payment instrument is not reloadable, or has a maximum monthly payment transaction limit of €250, and can be used only in that member state
- the maximum amount stored electronically does not exceed €250
- the payment instrument is used exclusively to purchase goods or services
- the issuer carries out sufficient monitoring of the transaction or business relationship to enable the detection of unusual or suspicious transactions
For the purposes of the second bullet point, this may be increased to a maximum of €500 for payment instruments that can be used only in that member state.
Member states must also ensure that no more than €100 can be redeemed in cash from an e-money instrument.
Respondents noted that the risks associated with the use of anonymous prepaid cards are low. Many made the case that such products are not really anonymous. There is an electronic record of the sale and activity, e.g. time and location can be tracked. Every transaction is traced to the point of use, both online and offline. Industry have also invested heavily in the creation and continual improvement of transaction monitoring systems to prevent fraud and money laundering. If suspicious activities are suspected, this can be monitored and the data can be used for reporting purposes. This information cannot be captured when a transaction is made using cash.
Respondents supported allowing some products, which do not meet the criteria for an exemption from CDD, to benefit from SDD under Article 15 of the directive, where the product, customer, delivery channel and geographic factors indicate lower risk. E-money issuers explained that they currently use a risk based approach to CDD, which facilitates the use of SDD where lower risks justify it. They also noted that they have appropriate controls in place in order to identify suspicious transactions in respect of the e-money products they offer.
Respondents also supported the implementation of the €500 threshold for payment instruments that can be used only in the UK. This will increase the range of goods and services that can be purchased without significantly increasing the risk posed. It also supports financial inclusion, allowing the purchase of higher value products domestically.
The majority of respondents agreed with using all the available exemptions and allowing some e-money products to benefit from SDD where the risk is low. The NRA identified e-money products as medium risk for money laundering and low risk for terrorist financing. Given the responses to the consultation, the government view is that the limits set out under the directive are sufficiently high to mitigate the ML/TF risk, and that exemptions should therefore be applied. These will be kept under regular review. Given the ML risk set out in the NRA, more detailed sectoral guidance should set out the risk-based circumstances in which SDD could apply in other circumstances, in line with the ESA guidelines.
6. Estate agent businesses
Under the current Money Laundering Regulations 2007, firms or sole practitioners who carry out estate agency work are within the scope of the regulated sector. Estate agency work should be read in accordance with section one of the Estate Agents Act 1979 (as amended).
Estate agency work captured by this definition includes disposing of or acquiring an estate or interest in land outside the UK, where that estate or interest is capable of being owned or held as a separate interest. Estate agents based in the UK who deal with overseas property are covered, as well as estate agents based abroad if they are doing business with the UK.
The main categories of estate agency work captured by this definition, and so covered by the regulations, are residential and commercial estate agency services, property or land auctioneering services, and relocation agency or property finder services. Only lettings agents that deal in leases of capital value are currently covered by the regulations.
The government consulted on 4 areas of specific interest to estate agency businesses:
- the appointment of professional or self-regulatory body supervisors of estate agents
- lettings activity
- application of customer due diligence
- sub-agents and reliance
6.1 Appointment of professional or self-regulatory body supervisors of estate agents.
3MLD did not permit professional bodies to undertake AML/CTF supervision of estate agents, whereas Article 48(9) of this directive permits the Treasury to appoint self-regulatory bodies (SRBs) as supervisors of estate agents.
There was a mixture of views from respondents on whether SRBs should be appointed as supervisors of estate agents. Some noted that registration with self-regulatory bodies is voluntary, so there can be flux between businesses leaving and joining, leading to an elevated risk that some are missed for AML supervision. Several respondents also questioned whether SRBs will be able to resource supervision to a comparable level to that of HMRC. A respondent stated that the benefits and risks of multiple supervisors across one sector should be considered, noting that quality and consistency of supervision should be prioritised.
Respondents emphasised that an effective standard of supervision within the sector is key. One respondent suggested that SRBs can play a role to support HMRC supervision, such as by providing lists of members to HMRC and issuing HMRC AML guidance to members. Others considered that SRBs have the deepest understanding of their own sectors and are best placed to spot developing risks. Respondents also commented that professional bodies have a wider regulatory framework at their disposal, including client money regulations, quality control programmes, codes of ethics and requirements to carry out continuous professional development.
The government recognises the benefits of professional body supervision, which include in-depth knowledge of the risks and developments in the relevant sector. However, it should be noted that the NRA found that the effectiveness of the supervisory regime in the UK is inconsistent, and that a large number of professional body supervisors in a sector can risk inconsistencies of approach.
To ensure an approach that is aligned with the legal and accountancy sectors, the government has decided that where a self-regulatory body can demonstrate that it can meet the supervisory standards in the regulations, the Treasury may appoint the relevant professional body as a supervisor of estate agents. When evaluating the appointment of supervisory bodies, the Treasury will consider relevant factors, including whether the professional body has the capability to apply a risk-based approach to supervision and provide a credible deterrent; can ensure appropriate resourcing is in place; and has effective governance structures that guarantee the operational independence of regulatory functions.
6.2 Lettings activity
In a change from 3MLD, Recital 8 of the directive states that “estate agents could be understood to include letting agents where applicable”. In the UK, lettings agents are already and will continue to be within scope of the Money Laundering Regulations where they carry out estate agency activity.
While it should be noted that the majority of respondents to the consultation supported the inclusion of letting agents within the regime, intelligence and evidence was not provided to justify the inclusion of lettings activity and the attendant costs of this proposal for those affected. The government will only “gold plate” where there is good evidence that a material ML/TF risk exists. In line with the directive, lettings agents will continue to be within the scope of the regulations where they carry out estate agency work in accordance with section one of the Estate Agents Act 1979 (as amended). However, the application of the Money Laundering Regulations will not be extended to include lettings activity.
On the risks associated with lettings, respondents stated that capital transactions are riskier than lettings as they allow integration of large sums of criminal money into the financial system, while respondents also noted that lettings are not a quick or effective method of laundering money, given the time it would take to launder significant sums and because there is an extensive audit trail. Lettings are not a lasting store of value and so are an ineffective method of laundering money. Several respondents suggested that where tenants and landlords are associates, money laundering may be possible, whereby a landlord funds a tenant’s rent and receives “clean” money back. The NRA stated that while lettings agents may be an attractive target for criminals seeking to disguise or hide the proceeds of crime, lettings remain an “intelligence gap”. The government will update the NRA before the end of this year, and will seek further evidence on the risks in the estate agency sector, including on the risks associated with lettings activity.
Respondents noted that the proposal would not cover the private landlord sector – those landlords who do not use letting agents, but perform the letting function themselves. The proposal would leave a significant gap in coverage, as there would be no oversight of an agentless business relationship and no requirement to have policies or procedures in place to mitigate the risk of money laundering and terrorist financing in that relationship. Evidence has not been provided that agent-landlord-tenant relationships are riskier than landlord-tenant relationships, while a large number of respondents felt that landlord-tenant relationships would carry a similar or greater level of risk as agent-landlord-tenant relationships. Many respondents referred to the potential costs and benefits of regulation of the lettings sector in terms of quality of service and professionalism in the sector. However, this is beyond the scope of the consultation which focused on the regulation of lettings activity for the purposes of preventing money laundering and terrorist financing.
6.3 Application of customer due diligence
The government sought views on whether the requirement on estate agents to carry out customer due diligence should be clarified. This is because, in the UK, estate agents tend to act only for one of the parties to a transaction, usually the vendor. However, estate agents act as a key facilitator of the transaction and may be the only regulated professional whom the buyer encounters when purchasing a property. The government will clarify that for the purposes of the regulations, an estate agent is to be considered as entering into a business relationship with a purchaser as well with as a seller. This means that estate agency businesses must apply CDD to both contracting parties in a transaction.
Most respondents welcomed the proposed clarification, stating that estate agents are well-placed to act as gatekeepers for both parties because they have a relationship with both sides of the transaction, and they encounter the buyer at an early stage in the transaction. The NRA stated that the purchase of real estate is attractive for money laundering purposes, and found that law enforcement cases show that UK criminals invest proceeds in property, with property representing the most valuable asset type held by UK criminals against whom a confiscation order is made.
Several respondents stated that estate agents are well-positioned to check the buyer’s source of funds, noting that investments in real property allow integration of criminal money, and that it makes sense to apply due diligence at the point the buyer introduces money into the financial system. Other respondents noted that agents are already obliged to report suspicion, and questioned whether CDD should be carried out by an agent if there is no contractual relationship. Some respondents suggested that the increased scope for reliance under 4MLD (as set out in Chapter 3) should be utilised by estate agents to avoid due diligence being carried out twice on the same person.
6.4 Sub-agents and reliance
As set out in chapter 3, businesses will be permitted to rely on the due diligence carried out by any business subject to the regulations, while still holding ultimate responsibility for meeting the CDD requirements. The effect is that the parties must ensure they come within the widened terms. This was in line with the vast majority of responses to the consultation.
7. Correspondent banking
7.1 Overview of money laundering risk
FATF considers correspondent banking to be high risk. This is reflected in the Joint Money Laundering Steering Group (JMLSG) guidance, which states that:
The Correspondent often has no direct relationship with the underlying parties to a transaction and is therefore not in a position to verify their identities. Correspondents often have limited information regarding the nature or purpose of the underlying transactions, particularly when processing electronic payments or clearing cheques. For these reasons, correspondent banking is in the main non face-to-face business and must be regarded as high risk from a money laundering and/or terrorist financing perspective. Firms undertaking such business are required by the ML regulations (regulation 10) “to apply on a risk-sensitive basis enhanced customer due diligence measures”.
7.2 Customer Due Diligence and Enhanced Due Diligence requirements
The current approach taken in the MLRs, JMLSG guidance, and the directive, requires financial and credit institutions engaged in cross-border correspondent relationships with a third country respondent institution to conduct enhanced due diligence. This reflects the high risk nature of third country correspondent relationships. The EDD requirements are identified in Article 19 of the directive. These requirements include: gathering sufficient information about the respondent to understand fully the nature of its business; determining from publicly-available information the reputation of the respondent and the quality of its supervision; assessing the respondent’s AML/CTF controls; obtaining approval from senior management before establishing a new correspondent relationship; and documenting the respective responsibilities of the respondent and correspondent.
These measures are additional to the CDD requirements set out in Article 13 of the directive. These include requirements to: identify the customer and verify the customer’s identity; assess, and where appropriate obtain information on, the purpose and intended nature of the business relationship; identify the beneficial owner, take reasonable measures to verify the identity of the beneficial owner and, if the beneficial owner is a legal person, trust, company, foundation or similar legal arrangement, take reasonable measures to understand the ownership and control structure of that legal person, trust, company, foundation or legal arrangement; and, conduct ongoing monitoring of the business relationship. When performing these measures, credit and financial institutions must also verify that any person purporting to act on behalf of the respondent is so authorised to identify and verify the identity of that person.
The due diligence requirements laid out in Articles 13 and 19 clarify the requirements of 3MLD and are generally consistent with both the MLRs and FATF Recommendation 13 8 on correspondent banking.
Where the respondent is based in another European Economic Area (EEA) country, Article 19 of the directive does not apply. Where a correspondent relationship with a respondent based in another EEA country is considered high risk, correspondent credit or financial institutions must apply EDD, in line with Article 18 of the directive.
7.3 Payable through accounts
Where the respondent’s customers have direct access to accounts with the correspondent, 4MLD requires that the respondent has verified the identity of, and conducts ongoing CDD measures in relation to such customers, and is able to provide to the correspondent, on request, certain material obtained when applying such CDD measures. The requirement here is consistent with FATF Recommendation 13 and the MLRs. This approach reflects the high risk nature of payable-through accounts.
7.4 Shell banks
The directive requires that credit and financial institutions do not enter into or continue correspondent relationships with a shell bank. The MLRs prohibit credit institutions from doing business with a shell bank. The directive goes further by also prohibiting credit and financial institutions from doing business with a respondent bank that is known to allow its accounts to be used by a shell bank. This change brings EU legislation into line with the FATF standard in this area (Recommendation 13). The government agrees with this approach due to the high risk nature of shell banks.
Article 3(8) of the directive defines “correspondent relationships”. This term is not currently defined in the MLRs. However, this definition is consistent with the FATF definition of correspondent banking, which can be found in the FATF glossary 9, when read in conjunction with the FATF Recommendation 13 interpretation of “similar relationships” as described in the Interpretive Note to FATF Recommendation 13 10. Whilst the FATF definition of correspondent banking does not explicitly mention “credit institutions”, as 4MLD does, such institutions (as defined in EU law 11) are included in the wider FATF definition of “financial institutions” 12.
7.6 Consultation responses
The consultation asked three questions. The first two related to the impact of the definition outlined in Article 3(8) of 4MLD.
Responses to these questions requested further clarity and guidance on the definition of “correspondent relationship” and the services and products that are in scope, including for bank-to-bank or principal-to-principal transactions that do not relate to an underlying customer of the respondent institution. Some consultation responses requested a more focused definition of correspondent banking, whilst others suggested the need for further guidance on risk differentiation.
HM Treasury will work with sectoral guidance drafters to ensure that these issues are taken into account, and the definition of and requirements around correspondent relationships are clarified. As this guidance is developed, HM Treasury will continue to take account of the work on the definition of correspondent banking which is taking place at FATF as part of the Financial Stability Board coordinated action plan on the withdrawal of correspondent banking relationships.
The consultation’s third question on correspondent relationships related to the application of the risk-based approach when applying EDD. Responses here focused on the need for financial and credit institutions to retain flexibility in the application of EDD and the importance of a proportionate approach to managing risk. Responses also asked for further clarity on the application of EDD requirements for particular types of service and product. The government has provided for flexibility and taking account of sector assistance in the new regulations.
8. Politically exposed persons
Respondents strongly supported the government’s proportionate interpretation of the 4MLD provisions relating to PEPs, their family members and their known close associates. Respondents agreed that the level of risk varies substantially from case to case. Some firms said they were already distinguishing between low- and high-risk PEPs and tailoring their EDD measures accordingly, which had reduced their compliance costs when compared to taking a uniform approach.
The government will take steps to address concern about the disproportionate application of EDD and its consequential impact on financial inclusion. The government will require firms to assess the risks posed by PEPs, their family members and their known close associates on a case-by-case basis and tailor the extent of enhanced measures accordingly. EDD is a sliding scale and it is right that low-risk PEPs should be treated at the lowest level, just as it is right for high-risk customers to face more stringent measures.
The Directive is clear that refusing to establish a business relationship or carry out a transaction with a person simply on the basis that they are a PEP is contrary to the letter and the spirit of the law. Firms should instead assess the risk posed by each customer and they should not form judgements based solely on anyone’s status as a PEP. Firms should apply a similarly risk-based approach to the family members and close associates of PEPs. As set out below, the Financial Ombudsman Service may assess complaints from PEPs, family members and known close associates who have been denied access to financial services solely because of this status or because they have been treated unreasonably by financial institutions.
When assessing the level of risk posed by UK PEPs and the extent of EDD to apply, firms should take full account of the UK’s position as a world leader in the fight against corruption, money laundering and terrorist financing. The UK is characterised by strong and stable democratic institutions, a free press, an independent judiciary and free and fair elections. Firms must form their own view of the risks associated with individual PEPs on a case-by-case basis, but the government would expect that PEPs entrusted with prominent public functions by the UK should generally be treated as lower-risk and firms should apply EDD accordingly.
Submissions called for clear guidance on the definition and treatment of a PEP, particularly for the benefit of small firms that might not have easy access to commercial PEP lists. Respondents were interested to know how to distinguish between low- and high-risk PEPs and what EDD measures might be appropriate in each case. Many noted that the existing guidance focuses on the treatment of high-risk foreign PEPs rather than low-risk domestic ones. Firms agreed that new guidance would be essential for the proportionate application of the rules: for example, some noted that there are over 400 registered political parties in the UK and asked for the guidance to provide illustrative criteria for assessing which types should be automatically covered.
To address these issues, the Financial Conduct Authority will publish specific guidance on the treatment of domestic and foreign PEPs, their family members and their known close associates. The FCA will begin a public consultation on this guidance shortly. Respondents in other regulated sectors called for their respective supervisors to produce similar guidance
Respondents suggested that firms could look at a wide range of factors when evaluating the risk posed by each customer and determining the extent of EDD, including:
- the value and nature of the product in question
- the individual’s prominence in public life, their level of influence within their organisation and their ability to directly access or control public or party funds. These criteria should be incorporated into the risk assessment for family members and known close associates, as well as the assessment for PEPs themselves
- whether they are already subject to disclosure requirements, such as registers of interests or independent oversight of their expenses
- whether any other statutory checks or controls are in place to ensure their funds are handled appropriately
- in the case of PEPs who are affiliated with a political party, whether they are associated with the local branch of their party or the national one; whether their party has elected any members to the UK Parliament, a devolved legislature or the European Parliament; and whether they are subject to a reporting regime, such as one established under the Political Parties, Elections and Referendums Act 2000
- the levels of risk posed by the country that entrusted them with their prominent public function and the country in which they reside
- whether they are still performing their prominent public function or have retired in the preceding 12 months
- the tone of recent publicity about them
Respondents made a number of suggestions in support of a proportionate application of EDD. Rather than making new requests for information in every instance, respondents said that firms should use credible public information (such as public registers of interests) or information that was already in their possession (such as records of past transactions). In view of the responses received and the need to ensure a proportionate application of the Directive, the government’s view is that EDD requirements should take full account of any existing statutory reporting provisions, such as those established under the Political Parties, Elections and Referendums Act 2000. The government will take steps to set out in clear terms how firms should approach these provisions in order to reduce the burdens on them and their customers and to avoid an inappropriate gold-plating of the Directive.
8.2 Family members, known close associates and former PEPs
Respondents raised concern about the disproportionate treatment of the family members and known close associates of PEPs by certain financial institutions. The government strongly supports a proportionate and sensible approach to the application of EDD. Many submissions called for firms to individually assess the risks posed by each family member and known close associate, as opposed to automatically treating all relatives and associates in the same way as the PEP to whom they are connected. In the government’s view, where an obliged entity has determined that a customer or a potential customer is the relative or known close associate of a PEP, there must be an assessment of the level of risk associated with that person and the extent of enhanced due diligence measures to be applied in relation to that person. This assessment should take account of their degree of influence, the risk posed by the PEP to whom they are connected and the other risk factors outlined in the above list. When deciding whether a person is a known close associate, firms only need to have regard for information that is already in their possession or credible information that is publicly known.
Under Article 22 of 4MLD, once a PEP ceases to be entrusted with a prominent public function, obliged entities must continue to perform EDD for at least 12 months. However, firms are no longer required to apply EDD in relation to the family members or known close associates of a former PEP. This is because these individuals no longer have the same connection to an influential individual as they previously did, so they should not, in every case, pose the same degree of risk. Instead, firms should take a risk-based approach to the family members and known close associates of former PEPs. In low-risk cases, they should apply ordinary customer due diligence measures to these persons immediately after the PEP ceases to be entrusted with their prominent public function. In cases where the individual continues to present an elevated ML/TF risk, the firm should apply enhanced measures in proportion to the ongoing risk.
Respondents noted that a large number of former PEPs were being treated as though they were still performing prominent public functions. This was particularly true for former UK ambassadors and other former government employees. In the government’s view, these individuals are not and have never been PEPs. They would have held prominent public functions before the transposition of 4MLD, and as employees of the UK government, they would have been classified as “domestic PEPs” rather than “foreign” ones. As a result, there would have been no obligation to apply EDD to them while they held their post. These individuals will not become PEPs even after the government transposes 4MLD, unless they assume another prominent public function.
8.3 Access to redress
The consultation document asked for evidence regarding the ability of the Financial Ombudsman Service (FOS) to consider complaints from PEPs against financial institutions. The great majority of respondents supported the FOS’ work in this area. Nearly all of them agreed that the FOS’ existing powers were adequate for addressing the concerns of PEPs who had been treated unreasonably by obliged entities, individuals who had been refused business relationships simply because of their identification as a PEP and individuals who had been incorrectly classified as a PEP.
Through the Bank of England and Financial Services Act 2016, the Financial Services and Markets Act 2000 gives the government a power to make arrangements for the FCA to receive, assess and adjudicate complaints from PEPs in certain circumstances. In light of the evidence from the consultation, the government intends to clarify that the FOS, rather than the FCA, is responsible for performing this role. The technical drafting elements of the Money Laundering Regulations will amend the relevant provisions in the Financial Services and Markets Act 2000 to make this clear. They will also make minor, technical changes to ensure the clause operates effectively.
8.4 International sporting federations
In the consultation document, the government proposed to extend the definition of a PEP to include senior members of international sporting federations. Respondents questioned the need for this reform. Obliged entities should already apply EDD to high-risk individuals in accordance with the risk-based approach, so it was not clear that extending this to every leading member of an international sporting federation would be effective or proportionate. Respondents also questioned whether it would be straightforward to develop a workable definition of an “international sporting federation.” On the basis of this evidence, the government has decided not to proceed with this proposal.
8.5 Amendments to the Fourth Money Laundering Directive
As noted in the Introduction, the European Union is debating amendments to several articles of 4MLD. In December 2016, member states proposed to introduce a distinction between low-risk domestic PEPs and other PEPs, so that firms could apply customer due diligence to low-risk PEPs who had been entrusted with prominent public functions by an EU member state or an institution of the EU. The proposal still needs to be negotiated with the European Parliament and the Commission, so there is no guarantee that it will remain in the amended directive. If it does, then the Treasury will transpose it after the amending directive has been published in the Official Journal of the European Union and has come into force. Regardless of the final outcome of these negotiations, a proportionate approach will continue to form the cornerstone of the Treasury’s approach toward PEPs and those connected to them, whether foreign or domestic.
9. Beneficial ownership
9.1 Company beneficial ownership
Article 30 of the directive has two main requirements: that EU member states hold adequate, accurate and current information on the beneficial ownership of corporate and other legal entities incorporated within their territory in a central register; and that such information should be made available to specific authorities, organisations and those with a legitimate interest across the EU. Possible approaches to Article 30 are discussed in further detail in the discussion paper published in November 2016, in response to which the Department for Business, Energy and Industrial Strategy will publish a written ministerial statement in due course.
The consultation noted that not all legal entities would necessarily be in scope of the directive’s requirements and invited views on the types of legal entity in the UK which might be viewed as coming within the scope, and on the PSC regime itself.
The UK has already legislated to require transparency of the beneficial ownership of UK companies, Limited Liability Partnerships and Societates Europaeae. The obligation on these entities to maintain a register of people with significant control (“PSC register”) and provide this to the UK registrar of companies (“Companies House”) was put in place through the Small Business, Enterprise and Employment Act 2015, and a subsequent suite of regulations in March 2016.
Responses to the consultation strongly supported a pragmatic approach to scope. Respondents supported measures that deliver greater transparency without placing undue burdens on entities.
Responses argued for the inclusion or exclusion of certain types of legal entity. Many respondents supported the inclusion of Scottish Limited Partnerships. Others argued against the inclusion of Charitable Incorporated Organisations and Scottish Charitable Incorporated Organisations, and against the inclusion of FCA-regulated membership based bodies: co-operatives, community benefit societies, building societies, friendly societies and credit unions. These responses are in line with the findings of the UK’s NRA, which noted the limited reporting obligations of Limited Liability Partnerships (LLPs), Limited Partnerships (LPs) and Scottish Limited Partnerships (SLPs), restricting the transparency and scrutiny of them.
Most respondents supported the view that the existing requirement for PSC entities to update the central public register at Companies House annually was insufficient to meet the directive’s requirement for information to be ‘current’, and an effective approach would be a combination of periodic confirmation and a requirement to notify changes in beneficial ownership within a shorter time frame.
Some responses argued that consideration should be given to the accuracy of data on the PSC register, and the benefit of introducing verification measures in the incorporation process conducted by Companies House. The government is confident that maintaining one of the most open and extensively accessed registers in the world is a powerful tool in identifying false, inaccurate, or possibly fraudulent information. With many eyes viewing the data, errors, omissions or worse can be identified and reported. This means that the information held on the register can be policed on a significant scale by a variety of users. Ongoing consideration is being given as to whether this could be complemented by any additional measures.
Details of the policy decisions relating to Article 30 will be published by the Department for Business, Energy and Industrial Strategy in their written ministerial statement. This will address issues including the scope of the requirements, and the time limits for updating the central register on changes to beneficial ownership information.
9.2 Trust beneficial ownership
Article 31 requires the trustees of any express trust to hold adequate, accurate and up-to-date information on the beneficial ownership of their trust. They must make this information available to law enforcement and the UK Financial Intelligence Unit (UKFIU). They must also disclose their status as a trustee when entering into business relationships or conducting transactions in their capacity as a trustee.
Article 31 requires member states to establish central registers of beneficial ownership information for express trusts with tax consequences. HMRC plans to launch its register in summer 2017 as an online service. Respondents generally supported the government’s approach to the new registration system and agreed that it should build on existing tax reporting mechanisms to minimise the administrative burdens on trustees. They agreed that, at a minimum, trustees should be required to update the register once a year in each year that the trust generates a UK tax consequence. Many respondents said trustees should also update their information whenever there is a change in the beneficial owners or the structure of the trust.
Respondents expressed a range of views on the scope of the register. They agreed with registering the proposed list of trust-like legal arrangements from other jurisdictions. Several respondents suggested exemptions for particular types of trusts. Nevertheless, Article 31 is clear that any express trust with tax consequences will need to be registered, irrespective of its function. The term “express trust” should be taken to mean a trust that was deliberately created by a settlor expressly transferring property to a trustee for a valid purpose, as opposed to a statutory, resulting or constructive trust. In this context, investment trusts are not the same as express trusts where there is a transfer of legal ownership of property from the settlor to the trustee. “Tax consequences” should be taken to arise if the trust incurs UK liabilities for income tax, capital gains tax, non-resident capital gains tax, inheritance tax, stamp duty land tax or stamp duty reserve tax. UK resident trusts with UK tax liabilities will be required to register, as will trusts that are resident outside of the UK but have a UK tax liability.
Several respondents asked whether contracts or last wills and testaments would need to be registered. Contracts, wills and testaments will not need to register automatically, but only if they create an express trust, in which case the beneficial ownership information of that trust would need to be reported to HMRC where it generates a tax consequence.
Trustees will be required to provide information on the identities of the settlors; other trustees; beneficiaries; all other natural or legal persons exercising effective control over the trust; and all other persons identified in a document or instrument relating to the trust, including a letter or memorandum of wishes. This information will include:
- their name
- their correspondence address and other contact details
- their date of birth
- if they are resident in the UK, their National Insurance Number (applies to individuals only) or their Unique Taxpayer Reference (applies to non-individuals only)
- if they are not resident in the UK, their passport or ID number with its country of issue and expiry date
If a trust has a class of beneficiaries, not all of whom have been determined, then it will not be necessary to report all of the above information. Instead, trustees will need to provide a description of the class of persons who are entitled to benefit from the trust. Trustees will also be required to provide general information on the nature of the trust. These include its name; the date on which it was established; a statement of accounts describing the assets; the country where it is resident for tax purposes; the place where it is administered; and a contact address.
When considering what information to collect, the government has aimed to strike the right balance between minimising the administrative burdens on trustees and giving law enforcement and compliance officers the tools they need to combat the misuse of trusts. By collecting the information outlined above, HMRC and law enforcement will, for the first time, be able to draw links between all parties related to an asset in a trust. This would deliver a marked change in their ability to identify and interrupt suspicious activity involving the misuse of trusts. HMRC will also be able to compare the Unique Taxpayer References and/or National Insurance Numbers of the parties to a trust and factor these into its wider understanding of those persons’ tax liabilities. This will be particularly important in the longer term as part of the implementation of HMRC’s digital strategy. For example, when HMRC can see that a payment out of a trust and a payment to an individual are both the same payment, it will be better able to ensure that the right amount of tax is paid at the right stage of the process.
10. Reporting obligations
10.1 UK Financial Intelligence Unit
The UK Financial Intelligence Unit (UKFIU) is hosted in the National Crime Agency (NCA), and has the overall responsibility for governance of the Suspicious Activity Reports (SARs) regime. The UKFIU has the national responsibility to receive, analyse and disseminate financial intelligence submitted through the regime.
The statutory functions of the NCA are set out in the Crime and Courts Act 2013, which gives the NCA the responsibility to lead the overall effort to tackle serious and organised crime.
10.2 Reporting requirements
Part 7 of the Proceeds of Crime Act (POCA) 2002 contains three money laundering offences. The first relates to concealing criminal property (s327), the second relates to facilitating the acquisition, retention, or use of criminal property (s328), and the third relates to the acquisition, use and possession of criminal property (s329). POCA - as defined in section 338 - provides individuals with a statutory defence if they make an authorised disclosure to the NCA. The disclosure should be made before the act (typically a financial transaction) takes place, or immediately afterwards. The provisions apply to everyone, and not just to those in the regulated sector.
A person who makes an authorised disclosure can avail themselves of a defence against committing a money laundering offence if they seek the consent of the NCA, under section 335 of POCA, to conduct a transaction or activity about which they have suspicions. This can be actual consent or ‘deemed’ consent under section 335. The NCA has 7 working days to provide a notice of refusal. If such a notice is not provided, the reporting person has ‘deemed’ consent. If a notice is provided, the NCA has a further 31 days to take action in relation to the transaction. Whilst the reporting person awaits the NCA’s decision on consent, the activity or transaction should not proceed.
The regulated sector, such as banks, wider financial institutions, and the legal and accountancy sectors, are required to report suspicion of money laundering offences, as set out in section 330 of POCA. This applies where the relevant information is received in the course of business in the regulated sector. Failure to do so is an offence.
Furthermore, the reporting person cannot disclose to the customer the fact that a SAR has been submitted, or any other information that may prejudice NCA’s investigation into the reported activity or transaction, as doing so could constitute a ‘tipping off’ offence under section 333A of POCA.
The offences relating to terrorist financing are set out at sections 15 to 18 of the Terrorism Act 2000 (TACT). These cover fund-raising for the purpose of terrorism (s15); use and possession of terrorist property (s16); entering into funding arrangements for the purposes of terrorism (s17); and money laundering involving terrorist property (s18).
Individuals have a defence against a terrorist financing offence under section 21ZA of TACT if, before becoming involved in a transaction or arrangement, they notify the authorities of their suspicions (or belief) that the property is terrorist property; disclose the information on which the suspicion is based; and have the consent of the authority to conduct the transaction. A person is deemed to have consent if they do not receive notice that consent is refused within 7 working days.
Furthermore, under section 21ZB, an individual or company has a defence if they notify the authorities of a terrorist financing suspicion after a transaction or arrangement has taken place. This defence applies where there is a reasonable excuse for not disclosing the suspicion prior to the transaction taking place, the disclosure is made on the individual’s own initiative, and is made as soon as reasonably practicable. Section 21ZC provides a defence where a person intended to make a disclosure under section 21ZA or 21ZB, but had a reasonable excuse for failing to do so.
Section 19 of TACT applies where a person believes or suspects that an offence under sections 15 -18 has been committed by another person, and that belief or suspicion is based on information which came to the person in the course of their trade, profession or business. The person will commit an offence unless they disclose their belief or suspicion, and the information upon which it is based, to law enforcement as soon as reasonably practicable. Section 21A makes a similar provision for businesses within the regulated sector. Section 21D also provides a “tipping off offence”, which applies where a person in the regulated sector discloses that an investigation in relation to allegations of a terrorist financing offence is being contemplated or carried out, or that a disclosure relating to suspicions of a terrorist financing offence has been made.
Following implementation of the Criminal Finances Bill, the NCA will be able to require the provision of further information in relation to a SAR from any member of the regulated sector. It will also be able to do so on behalf of a foreign financial intelligence unit.
The directive requires that individuals, including employees and representatives of a regulated business, who report suspicions of ML/TF activity, internally or to the UKFIU, are protected from adverse or discriminatory employment actions. The Public Interest Disclosure Act 1998 (PIDA) inserted in Part IVA of the Employment Rights Act 1996 (ERA) provides protection to workers who have made a protected disclosure. If a worker believes that they have experienced detrimental treatment because they have been a whistle blower, they can take a claim to the Employment Tribunal. Furthermore, the government will add to the Prescribed Persons provisions in PIDA to extend the NCA’s responsibilities in the order so that they are able to accept protected disclosures from whistleblowing workers for money laundering purposes.
10.3 Data retention
Article 40 of the directive sets out that member states shall require obliged entities to retain documents necessary to comply with CDD requirements for 5 years after the end of a business relationship or occasional transaction, along with supporting evidence and records of transactions. This is consistent with FATF’s recommendation 11 that requires financial institutions to maintain, for at least five years, all necessary records on transactions and records obtained through CDD measures to enable them to comply swiftly with information requests from competent authorities upon request.
Under Article 40, member states had the flexibility to increase the period for retaining CDD documents and transactions data beyond 5 years. The government will retain the minimum 5 year data retention period required by the directive. By not extending beyond 5 years, the government is seeking to minimise the additional burdens on business, while ensuring that law enforcement have access to the necessary information.
In many cases, respondents felt that retaining both the CDD information and transactions data for the duration of the business relationship was disproportionate as they felt law enforcement were unlikely to ask for this level of information. Generally, it was felt that a retention period of five years after the end of the business relationship or occasional transaction was sufficient, although it is noted that in exceptional circumstances, law enforcement and prosecutors may require access to information dating further back.
Consultation responses also suggested that an extended retention period would not be consistent with EU data protections rules. The data protection legislation cited in consultation responses included the General Data Protection Regulation and the Charter of Fundamental Rights. The fifth principle of the UK Data Protection Act was also referenced, which specifies that “personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes”.
11. Supervision of obliged entities
11.1 Call for Information: AML Supervisory Regime
In response to the evidence provided through the Call for Information: AML Supervisory Regime, the government will clarify and consolidate its expectations of AML supervisors through these regulations. The government continues to consider how to best address the remaining issues raised in the Call for Information, and will publish the full Response in due course.
11.2 Supervisory Regime
The UK has 25 supervisors, a mixture of self-regulatory bodies and regulators. They are a highly diverse group including large global professional bodies, smaller professional and representative bodies, as well as public sector organisations. The Treasury is responsible for the appointment and removal – on the basis of non-compliance with the regulations – of supervisors.
The directive requires that supervisory authorities effectively monitor obliged entities and take appropriate measures to ensure their compliance with the directive. Articles 47 and 48 provide greater clarity and detail on what is expected of supervisors in ensuring that obliged entities comply. For example, Article 48 notes that all supervisors must have adequate powers and financial, human and technical resources to fulfil their supervisory functions.
11.3 Identifying and Assessing Risk
Underpinning all supervisory action is the risk based approach, which depends on a supervisor understanding risk across the businesses it regulates. Understanding the scale and nature of risk will enable supervisors to take a proportionate approach.
The new regulations place a requirement on all supervisors to identify and assess the international and domestic ML/TF risks associated with persons in their sector. When making such risk assessments, supervisors must consider factors such as the NRA. Supervisors are able to take a cluster approach to risk profiling obliged entities in their sectors, provided they share similar characteristics and the ML/TF risks associated with those entities are not significantly different.
Given the dynamic nature of ML/TF risks – at both an international and domestic level – supervisors are required to review the risk profiles at regular intervals, especially following any significant events, measures taken by other supervisory authorities, or emerging ML/TF risks. This is important because it will enable supervisors to take a risk-based approach to supervision, and to determine the proportionate level of mitigation required to address ML/TF risk. As outlined in the ESA guidelines, mitigation should be followed by continued monitoring to ensure that ML/TF risks have been appropriately addressed, and follow-up action should be taken as necessary.
Article 47 requires currency exchange and cheque cashing services and trust or company service providers (TCSPs) to be licensed or registered, and providers of gambling services to be regulated. Only remote and non-remote casinos will be captured under the scope of the regulations and this is provided by the provisions of the Gambling Act 2005, as amended by the Gambling (Licensing and Advertising) Act 2014.
Currently, the Financial Conduct Authority (FCA) must register authorised persons who act as a money service business or as a TCSP. Her Majesty’s Revenue and Customs (HMRC) must register those relevant persons not captured by the FCA register who are high value dealers, money service businesses or TCSPs. HMRC must also register bill payment service providers and telecommunication, digital and IT payment services providers for whom they are the supervisory authority. HMRC may also register relevant persons who are not registered by professional body supervisors and who are estate agents, auditors, external accountants and tax advisors.
The directive requires all TCSPs to be registered. From 26 June, HMRC will act as the registering authority for all TCSPs. This means HMRC will expand their register to include TCSPs who are supervised by professional bodies. The new regulations will require professional body supervisors to inform HMRC of their members who carry out TCSP activity so that they can be added to the register. A requirement is placed on professional body supervisors to inform HMRC if relevant members have passed fit and proper tests and to inform HMRC if the fit and proper status of their members has changed. HMRC will not act as the supervisory authority of those professional body members whom it registers, and it remains the duty of the supervisory authority to ensure that TCSPs who fall under their supervision are compliant with the new regulations.
The regulations set out information which registering authorities may specify that applicants must provide when being registered. This includes information on the nature of the applicant’s business and a risk assessment which meets the requirements of the new regulations. However the government also recognises that depending on the nature of the individual business, more information may be required to make a determination on the status of a registration. For this reason, the new regulations will allow registering authorities the ability to request further information as they deem necessary.
Additionally, the government sought views on the ability of registering authorities to refuse to register or to cancel an existing registration. Consultation responses supported the government’s view that this could take place where, for example, the registered person had failed to comply with the regulations or where the person had failed to pass a fit and proper test. However where the registering authority refuses to register for certain reasons, it must do so on “reasonable grounds of suspicion” and where it seeks to cancel a registration, it must do so on the basis that they are “satisfied” that relevant officers are not fit and proper.
11.5 Fit and proper tests
Article 47 requires that individuals who hold a management function in MSBs or TCSPs, or who are the beneficial owners of such entities, are fit and proper persons. Supervisors of TCSPs and MSBs will be required to carry out fit and proper tests on these individuals and entities. The government sought views on what is meant by a “management function.” Supported by submissions from respondents, the new regulations define the holder of a “management function” as an “officer” or a “manager.”
An “officer” is:
- in a body corporate: (i) a director, secretary, chief executive, member of the committee of management or a person purporting to act in such a capacity or an individual who is a controller of the body, or a person purporting to act as a controller
- in relation to an unincorporated association, means any officer of the association or any member of its governing body, or a person purporting to act in such a capacity
- in relation to a partnership, means a partner, or a person purporting to act as a partner
Whereas a manager is:
- a person who has control, authority or responsibility for one or more aspects of the business of that firm and includes a nominated officer
The government also sought views on the scope of the fit and proper test in the MSB sector. The sector operates through a network of more than 50,000 agents, many of whom have relationships with more than one MSB. HMRC have good practice guidance which encourages MSB principals to carry out fit and proper tests on MSB agents, although the current legislation does not explicitly state that this should be done. The government understands that individuals in an MSB are given a “management function” over an agency of the MSB. As a result the new regulations will clarify that fit and proper tests are to be carried out on both the MSB principal and agent. This test will be carried out by HMRC. This decision was supported by responses to the consultation, with respondents stating that this would “bring uniformity in fit and proper tests across the sector, ensuring consistency and a level playing field”.
Following consultation with the FCA, the new regulations will place a requirement on the FCA to refuse registration of an Annex 1 financial institution, where it believes an individual holding a management function - including a beneficial owner - is not a fit and proper person. Annex 1 financial institutions include businesses who are, for example, non-bank providers of safe deposit boxes, firms offering finance leases, and commercial lenders with no consumer credit activity. The FCA oversees these businesses’ compliance with the MLRs but has no other supervisory oversight. The FCA believes that the great majority of Annex 1 firms are legitimate, but that there are some exceptions, where firms seek to gain legitimacy through a presence on the FCA’s public register. Some of these firms subsequently seek to defraud members of the public.
The FCA currently has limited grounds to refuse registration to Annex 1 firms and has no power to reject or cancel a registration in cases where the FCA concludes the people behind the business are not fit and proper persons. Currently, the FCA can decline to register an Annex 1 business only if: a) it does not provide all information requested at registration, b) information it provides appears to be false or misleading; or c) it fails to pay a charge imposed by the FCA. The FCA will now be able to use the requirements under the new regulations to refuse registration of an Annex 1 firm where an individual holding a management function is not fit and proper.
11.6 Criminality tests
Article 47(3) introduces a new criminality test for three sectors that are not subject to fit and proper tests – (i) auditors, external accountants and tax advisors; (ii) notaries and other independent legal professionals and (iii) estate agents. The directive notes that necessary measures should be taken to “prevent criminals convicted in relevant areas or their associates from holding a management function in or being the beneficial owners of those obliged entities.” The government sought views on a number of issues, including what is meant by “criminals convicted in relevant areas”, the definition of “associates”, and whether to extend the directive’s scope to include not only those who have been convicted of a relevant criminal offence but also those persons who are, for example, under investigation or charged for a crime in the relevant areas.
Respondents supported the government’s interpretation of “relevant areas” to mean convictions that are relevant to the risk of money laundering or terrorist financing or that have a bearing on whether a person is suitable to hold a management function. Submissions noted that this approach “should at least cover all predicate offences and any convictions that concern the proceeds of crime, money laundering and terrorism”. With regards to the definition of “associates”, respondents commented that “it should not refer to family members, or be modelled on the meaning of ‘close associates’ in the context of PEPs”. Responses to the consultation were aligned with the intent of the directive; “associates” is intended to mean criminal associates, i.e. those associates of criminals that are participating in, or are demonstrably connected with criminal enterprise. “Associates” therefore only include those known to have committed a criminal offence that is subject to the criminality test. The criminality test will not be extended to include persons being investigated for, or charged with, a relevant crime and the government will not permit supervisors to take into account spent convictions and cautions when assessing whether a person should be prohibited from being a beneficial owner, officer or manager of a supervised business. This recognises that the rehabilitation period of relevant convictions and cautions provides appropriate safeguards.
The government also sought views on extending the criminality test to High Value Dealers (HVDs), with law enforcement and HMRC evidence pointing towards an increased number of organised crime groups having been involved in large scale criminality using trade-based money laundering involving high value goods. The majority of respondents supported extending the criminality tests to HVDs, with submissions recognising “that this would be proportionate to the risk in the sector”.
Once the regulations come into force, supervisors will be required to carry out criminality tests on all beneficial owners, officers and managers from that date. A person may not continue to act in the capacity of a beneficial owner, officer or manager where that person fails the criminality test.
Ensuring that information flows among supervisors, between supervisors and law enforcement, and between supervisors and the businesses they supervise, is a key feature of a robust AML/CTF framework. For example, a supervisory authority should consider other relevant supervisors’ ML/TF risk assessments when analysing the risk profiles of their own regulated businesses, and a supervisory authority can only do this if the relevant information has been shared.
The new regulations place a duty on supervisory authorities to take appropriate steps to share relevant information. For example, the new regulations place a requirement on all supervisors to make up-to-date ML/TF information available to those whom they supervise. This should include information on money laundering and terrorist financing practices that occur in their sectors; indicators which may suggest that a transfer of criminal funds is taking place; and relevant information from other sources such as the European Commission, ESAs, Home Office and the Treasury.
Supervisors must also collect information from their regulated sectors to assist them in carrying out their supervisory functions. This should include information to support risk assessments. Supervisors must also collect information such as the number of firms they supervise, divided into those they consider high, medium and low risk. Supervisors must provide the Treasury with such information on request, to enable the Treasury to assess, understand and mitigate risks in each sector.
The government continues to support the UK’s supervisory framework, which consists of both statutory and self-regulatory supervisors. Self-regulation allows industry or a profession to adopt regulatory procedures which best fit the nature of the sector. However, the new regulations clarify what is expected of self-regulatory bodies and therefore ensure consistency in standards across these organisations for AML/CTF purposes. For example, the new regulations state that self-regulatory bodies must make arrangements to ensure that their AML/CTF supervisory functions are operationally independent from any functions which do not relate to disciplinary matters. Professional bodies must also appoint a person to monitor and manage compliance with the new regulations, and must also provide adequate resources to carry out their supervisory functions.
Under Article 8.3 and Article 8.4 of the Fourth Money Laundering Directive, the regulated sector are required to establish and maintain policies, controls and procedures to mitigate and manage effectively the risk of money laundering and terrorist financing. In the consultation responses, there was some discussion on the form that the policies should take. The government has clarified that the policies, controls and procedures should be documented, either written or in electronic form.
The government would welcome views from the sector on the requirement for the policies, controls and procedures to be documented.
12. Administrative sanctions
Where an obliged entity has breached the requirements of the directive or the FTR (through the transposed regulations), then effective, proportionate and dissuasive sanctions must be available. The directive requires that obliged entities are held liable for breaches of the provisions in the new regulations, and where appropriate, members of the management body and other relevant persons may be held responsible for the breach. For clarity, the applicable provisions include customer due diligence, reporting obligations, record-keeping and internal controls.
Where there are serious, repeated, or systematic breaches of customer due diligence, reporting obligations, record-keeping, or internal controls, the directive requires that at least the following sanctions and measures are available:
- a public statement identifying the natural or legal person and the nature of the breach
- an order requiring the natural or legal person to cease the conduct and not repeat it
- where an obliged entity is subject to an authorisation, withdrawal or suspension of the authorisation
- a temporary ban against any person discharging managerial responsibilities in an obliged entity, or any other natural person, held responsible for the breach, from exercising managerial functions in obliged entities
- maximum administrative pecuniary sanctions of at least twice the amount of the benefit derived from the breach, where it can be determined, or at least EUR 1,000,000
The regulations provide a power to HMRC and the FCA as designated supervisory authorities to impose an appropriate civil penalty on relevant persons, so long as they are satisfied that the person has breached a relevant requirement. Where HMRC or the FCA use this power, they must publish information on the type and nature of the breach, and the identity of the natural or legal person on whom the sanction is imposed. Where a person appeals against a penalty imposed by a designated supervisory authority, that authority must publish the status of the appeal on their website without undue delay. Relevant information may be published anonymously where the naming of the relevant person is considered, for example, to be disproportionate or would jeopardise the stability of the financial markets. In cases where designated supervisory authorities consider that anonymous publication is insufficient in certain situations, they must not publish information.
The government takes the view that all supervisors should be able to demonstrate that they have provisions which enable them to impose effective, proportionate and dissuasive sanctions. The ability of a supervisor to impose sanctions is an important deterrent and incentivises regulated businesses to comply with the regulations. Where supervisors are unable to impose suitable pecuniary sanctions, they may consider the use of the HMRC/FCA powers. The government will continue to work alongside all supervisors to ensure that measures are in place to impose sanctions and that these powers are used, where appropriate, to address AML/CTF breaches. Furthermore, the new regulations will require supervisors to provide information to the Treasury on the number of penalties that they have imposed.
The FATF Recommendations, 2012. http://www.fatf-gafi.org/media/fatf/documents/recommendations/pdfs/FATF_Recommendations.pdf ↩
Glossary to the The FATF Recommendations, 2012. http://www.fatf-gafi.org/media/fatf/documents/recommendations/pdfs/FATF_Recommendations.pdf ↩
The FATF Recommendations, 2012. http://www.fatf-gafi.org/media/fatf/documents/recommendations/pdfs/FATF_Recommendations.pdf ↩
Article 4.1(1) of the capital requirements regulation. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32013R0575 ↩
Glossary to the The FATF Recommendations, 2012. http://www.fatf-gafi.org/media/fatf/documents/recommendations/pdfs/FATF_Recommendations.pdf ↩