New AML regulations: What you need to know
Richard Simms examines the EU’s fifth money laundering directive (5MLD) consultation and highlights areas where accountants may have to tighten their AML compliance.
On 15 April 2019, the Treasury issued a consultation on the introduction of the EU’s 5MLD into UK law. The consultation closes on 10 June 2019. It seems likely that the UK will implement 5MLD.
The consultation is broken into 14 chapters, spans 88 pages, and clocks in at a novella-sized 30,000 words. Due to the sheer volume of the content, it would be a gargantuan endeavour to analyse each point at length before the consultation closes.
Instead, I have summarised the salient 5MLD changes for accountants in a bullet point fashion below. Under each heading, I have also posed some questions that should be considered when replying to the consultation.
This abridged version is intended to inform your consultation response - if you so wish to respond - and to strip back the consultation to who will be affected by the changes and what will be regulated.
Of course, one of the big headlines to emerge from the consultation is how 5MLD will expand the definition of a tax adviser in terms of money laundering compliance, which I’ve previously covered in depth elsewhere on the site. And it is on this point that the transposition of 5MLD consultation begins.
New obliged entities
One of the main issues discussed in the consultation is over who else should be required to be regulated for AML compliance.
The position of a tax adviser who does not advise a client directly is being questioned. Should they be regulated or are they already regulated?
Expanding the definition of ‘tax adviser’ introduces the provision of tax advice “by way of arrangement”.
Letting agents are not currently covered unless they also provide estate agency services. Being an agent for properties commanding a monthly rental income of 10,000 euros or more may need to be regulated. Private landlords may be included and who customer due diligence (CDD) will need to be carried out on is for consideration.
There’s a lot to think about in how to regulate crypto assets. They’re online, their ownership is often unclear and have no set territories. Evidence suggests that they can be part of illicit activities.
And while art intermediaries are already regulated for AML as high-value dealers for cash transactions over 10,000 euros, the 5MLD would expand to any payment at that level whether cash or not.
Electronic money refers to the electronic store of monetary value on a device (eg a prepaid card).
This, as a means to transfer value, presents an ML/TF (Money Laundering/Terrorist Financing) risk. Exemptions exist on when CDD needs to be performed. It’s proposed that these limits will be tightened.
Customer due diligence
5MLD sets out various changes to the customer due diligence steps, which are listed below:
Electronic identification processes: Does what constitutes “secure” electronic identification processes need to be clarified?
Should such services be “regulated, recognised, approved or accepted at national level by the national competent authority”. Is existing guidance sufficient?
The customer due diligence chapter also includes changes to regulation 28 of the money laundering regulations 2017 (MLR17).
CDD requirement based on Financial Action Task Force (FATF) recommendation to identify and verify names of senior management of a body corporate: a proposed extension of the requirement to identify and verify beneficial owners to include senior management responsible for operations of a body corporate.
CDD requirement to verify the identity of senior managing officials when the beneficial owner of the body corporate cannot be identified: further steps to identify senior management and records of these steps will be required.
CDD requirement based on FATF recommendation to understand the ownership and control structure of customers: a proposal to make a specific requirement generally and not only in a client that requires Enhanced Due Diligence (EDD).
And the CDD chapter concludes with changes to regulation 31. The proposed clarification is a requirement to cease transactions if CDD cannot be satisfied but also if EDD cannot be satisfied.
Obliged entities (known in the UK as regulated entities): beneficial ownership requirements
5MLD adds further requirements to the checking of beneficial owners:
5MLD requires checking registers when entering into new business relationships: A proposed requirement to confirm correct registration of a company or trust; this would apply to new business relationships.
Requirement for ongoing CDD where there is a duty to review beneficial ownership information: An extension of the current duty to (re)apply CDD when things change to a regular requirement in certain specific circumstances.
Enhanced due diligence (EDD)
What constitutes a business relationship or transaction involving a designated high-risk third country? “Involving” is the keyword, as compared to “established in” which is in MLR17. EDD may be required in a transaction involving high-risk third countries. The existing EU list will be replaced by a UK list when required.
A FATF recommendation is to include ‘beneficiary of a life insurance policy’ as a relevant risk factor when determining whether to apply EDD measures (changes to regulation 33). An additional risk factor to be considered within EDD.
Politically exposed persons
Prominent public functions: Is the existing FCA guidance on UK functions that are PEPs correct and a possible list by UK headquartered intergovernmental organisations of their prominent public functions?
Mechanisms to report discrepancies in beneficial ownership information
Requiring obliged entities to report discrepancies: Companies House is likely to be the body that reports of discrepancies will need to be made by those regulated for AML that spot a discrepancy. Companies House will then contact the company to amend the register.
Requiring competent authorities (eg HMRC) to report discrepancies: A similar reporting duty to Companies House by competent authorities rather than regulated entities.
Trust registration service: Extension of the requirement to register express trusts whether they have a UK tax consequence or not. HMRC will run a technical consultation later this year.
Who is required to register? UK resident express trusts, Non-EU express trusts acquiring UK land and property, Non-EEA (European Economic Area) express trusts entering a business relationship with a UK obliged entity and overseas and non-express trusts that are liable for UK tax
Data collection: A list of information required to be registered is set out.
Registration deadlines: For existing trusts, a deadline of 31 March 2021 will be set for unregistered trusts in existence on 10 March 2020. For new trusts created on or after 1 April 2020 the trust must be registered within 30 days. The government will consult on appropriate penalties for non-tax paying trusts as the basis of tax due for calculation penalties will not be workable.
Data sharing: New requirements are to be introduced regarding disclosure to entities regulated for AML that have a legitimate interest. This information could be requested from the trust or from the Trust Registration Service. Which is the best method is to be determined. This will be part of HMRC’s technical consultation later this year.
Legitimate interest: Someone who is actively involved in AML and CTF activity has reason to believe a trust or person is involved with ML/TF and has evidence underpinning that belief.
Information on non-EEA companies: Trusts that own or control a corporate structure based outside of the EEA (European Economic Area) will need to register on the TRS. Self-certification by the trustee on registration of the trust, the government’s preferred option.
National register of bank account ownership
Scope of application: Natural or legal persons, holding or controlling payment or bank accounts identified by the International Bank Account Number (IBAN), safe deposit boxes held by credit institutions within their territory. May extend to credit and pre-paid cards and not IBAN accounts including credit unions and building societies.
Scope of information included on the register: The minimum data necessary for the carrying out of AML/CTF investigation. The government seeks views on what is required for the different aspects of accounts covered.
Access to information included on the register: the purpose of the data is to assist national FIUs (Financial Intelligence Units) with investigations and national competent authorities to assist with their AML/CTF obligations. The suggested scope in the proposal is very broad including HMRC and Companies House.
Submission of information: Either data will be submitted on a weekly basis for changes to the previous submission or government will have direct access to search the data held by those obliged to report.
Requirement to publish an annual report
Views are sort on whether to continue to publish an annual AML/CTF report on the supervisory activity of AML/CTF supervisors. Information is reported annually by supervisors to HM Treasury.
Other changes required by 5MLD
Access to information on people who own real estate - it’s felt that sufficient access already exists.
Whistleblowing protections: Employees within entities that are regulated for AML/CTF should be protected from retaliatory or hostile action, especially from adverse employment actions. The Employment Rights Act 1996 as extended by the Public Interest Disclosure Order 2014 already provides such protection.
Pooled client accounts (PCAs)
PCA requirements: Banks that have customers who hold funds on behalf of their clients, accountants or solicitors for example, where the customer is regulated for AML/CTF can, where appropriate, undertake Simplified Due Diligence (SDD) which does not require CDD to be performed on the clients of their customer. If the customer is not regulated for AML/CTF then CDD may be required to be performed by the bank on the customers’ clients; for example, the customers of a letting agent.
Potential options: Views are sought on the risks posed by PCAs and what obligations should be placed on banks in regard to PCAs.
Additional technical amendments to the MLRs
Enforcement powers: Increase the ability to publish information on directions issued to group undertakings and any decision to remove or cancel a person’s registration under regulation 60 MLR17.
Also, expansion of the term “officers” to include “manager” within the scope of who action can be taken against by AML supervisory authorities to enforce breaches of relevant (AML) requirements imposed upon the person supervised by the Supervisory Authority.
Information: Sharing of information between OPBAS (Office of Professional Body Anti-Money Laundering Supervisors) and HM Treasury to be included in MLR17.
The requirement to cooperate: Professional body AML supervisors would be required to communicate with Office for Professional Body Anti Money Laundering Supervision (OPBAS) – this acts as a reinforcement rather than something new.
Changes to the requirement to be registered: Removal of the grace period allowed to money service businesses and trust and company service providers (MLR17 refers to Trust or Company Service Providers) to trade pending determination of their application.
Complex network structures: Consideration is being given to extending the requirement of who should be trained regarding AML within such a structure. An example is a Money Service Business that may have a multi-layer arrangement for agents in place that exceeds the scope of the current AML regulations.
Criminality checks: Self-declaration of not being convicted of a relevant criminal conviction to a professional body AML supervisor will not be sufficient. There is a mixed approach across the relevant supervisors and this is to clarify that evidence must be part of any application to a supervisor.
New technologies (changes to regulation 19): Proposed expansion of the requirement on financial institutions to undertake an ML/TF risk assessment on new products, business practices and delivery mechanisms rather than just new technologies.
Group policies (changes to regulation 20): Should financial groups be required to have policies relating to the provision of customer, account and transaction information from branches and subsidiaries or financial groups?
The consultation closes on 10 June 2019. You can respond to the consultation by sending your views before the closing date to [email protected]
You might also be interested in
I am the Managing Director of FA Simms and Partners, the Insolvency and Rescue practice and of AMLCC, the anti-money laundering compliance and risk management online package for accountants and bookkeepers.
I trained as a Chartered Accountant in Norwich and then spent...