The following commentary on such matters comes from by Craig Weston (senior associate) and Megan Forbes (2^nd year trainee) of the Criminal and Regulatory Investigations Group at . The editors at this news service are pleased to share these views with readers and invite responses. Email tom.burroughes@wealthbriefing.com

What are the key changes?

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) came into force on 26 June 2017 and went further than its 2007 predecessor by establishing a risk-based approach to money laundering for those in the regulated sector as set out below.

The regulations were laid before parliament one working day prior to commencement, affording companies very little time to get to grips with MLR 2017 and update their policies in advance of enactment.  Whilst this inevitably resulted in affording a fair period of time for compliance, the MLR 2017 is now well-established and companies should expect to feel its full force should they fail to consider and adapt to the following changes:

1. Risk assessments: businesses must take steps to identify and assess the risks of money laundering and terrorist financing. Whilst MLR 2007 required risk assessment and due diligence policies, MLR 2017 requires the relevant person to produce a written AML risk report which has regard to a number of risk factors such as its customers, geographic area, products, transactions, delivery channels, and size and nature of the business. Policies must then be updated accordingly.

2. Policies: written policies, controls and procedures must be established and maintained in order to address money laundering and terrorist financing risks.  These must be proportionate to the size and nature of the business and approved by senior management and must be regularly updated. These policies must also be applied to the group structure, meaning all subsidiaries as well as branches established outside the UK which carry out activities that would be regulated if carried out in the UK.

3. Customer Due Diligence (CDD): simplified CDD is no longer automatically considered sufficient. Consideration must be given to the applicable risk factors in order to consider what type of CDD is most appropriate. Enhanced due diligence and ongoing monitoring are compulsory in specified high-risk situations, including where the customer is a politically exposed person (PEP) or the transaction involves a high risk third country. There are also requirements to undertake CDD when you become aware of any changes in circumstances of a client, whilst CDD checks on corporate bodies are now more prescriptive.  Simplified CDD is only permitted where there is low risk of money laundering or terrorist financing, when taking into account the risk assessment.

4. Obligations on trustees: Trustees of relevant trusts are now required to maintain accurate written records of the details of the trust, including a statement of account for the trust describing its assets, the full name of any advisors being paid to provide advice and a contact address for the trustees. They are also required to maintain records of the trustees’ details. There is a requirement to register the details of express UK trusts and some foreign trusts where they involve UK assets or income.

5. PEPs: UK PEPs are now considered potentially high risk individuals, as well as foreign PEPs. A UK PEP might not require the same level of enhanced due diligence as a foreign PEP, but consideration should be given to their risk, as opposed to only carrying out enhanced due diligence for foreign PEPs

6. Criminal Offence: MLR 2017 provides the ability to investigate anti-money laundering breaches, take civil enforcement action or use criminal prosecution. The regulations introduced a new criminal offence, punishable by up to two years’ imprisonment, for individuals who recklessly make a misleading or false statement in the context of a money laundering investigation. It remains a criminal offence, as established by MLR 2007, to breach the requirements under the regulations, which can be result in up to two years’ imprisonment or an unlimited fine. Whilst civil enforcement powers will generally be used, regulators may consider criminal enforcement where failings are particularly serious or repeated. 

Who falls under the scope of the MLR 2017?

With little change from the previous regulations, MLR 2017 applies to:

• Credit institutions;
• Financial institutions;
• Auditors, insolvency practitioners, external accountants and tax advisors;
• Independent legal professionals (when conducting transaction work);
• Trust or company service providers;
• Estate agents;
• High value dealers; and
• Casinos

However, all gambling providers are now caught by MLR 2017, as opposed to just holders of a casino operating license, which was the case under the previous Money Laundering Regulations 2007 (MLR 2007). There are also increased obligations for trustees relating to transparency of beneficiaries in their trusts.

For those engaging in financial activity on “an occasional or very limited basis”, the threshold for being exempt from the regulations has been increased from a turnover of £64,000 to a turnover of £100,000 under MLR 2017. 

How can you comply?

In order to ensure compliance with MLR 2017, firms should:

• Review and update their written AML risk assessments, taking into account the specified risk factors involved in their business;
• Review and update AML policies, controls and procedures and ensure these are approved by senior management;
• Familiarise themselves with AML 2017 and train staff in the regulations.  Employees must be expected to contribute to preventing money laundering so training and communication of new policies and regulations is imperative;
• Review their due diligence procedures and ensure staff are properly trained in appropriate CDD; and
• Review sector specific guidance published by the sector regulators.

What are the consequences of non-compliance?

Following a National Crime Agency estimate that £24 billion linked to serious and organised crime is laundered through the UK economy each year, MLR 2017 signals the UK’s increasingly firm stance on money laundering and the step up in enforcement by regulators. 

As the William Hill Group learnt in February 2018, the regulators are prepared to enforce record sanctions on companies that fail to comply. The Gambling Commission investigation found that the group breached anti-money laundering and social responsibility regulations between November 2014 and June 2017, resulting in a catalogue of failures in allowing significant sums of money to be gambled without the required source of funds check, financial alert reviews or due care towards escalating gambling habits.

The William Hill Group is not the only one to have been on the receiving end of the enforcement crackdown. Deutsche Bank was fined £163 million in January 2017 for failing to maintain an adequate anti-money laundering control framework, resulting in $10 billion of unknown origin being transferred from Russia to offshore bank accounts in a manner suggestive of financial crime.

Whilst there has been very little by way of enforcement under MLR 2017 due to its recent implementation, the indication is clear that the FCA and other regulatory bodies are stepping up enforcement to demonstrate the importance of tackling money laundering in the UK and the role that companies’ money laundering policies plays in its prevention. Companies should expect to receive fines that go significantly further than simply removing their financial benefit, and although use of criminal prosecution has so far been limited, it is another tool in the regulators’ arsenal that may well be pulled out soon to serve as a further deterrent to non-compliance.