Ministers unveil reforms to UK’s anti-money laundering regulations

In a draft statutory instrument (24 pages / 150KB PDF), which followed HM Treasury’s response (35-page / 319KB) to last year’s consultation on amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the MLRs), the government confirmed its proposed changes to the MLRs. One of the changes will remove account information service providers (AISPs) from the scope of the MLRs. Payment initiation service providers (PISPs), alongside bill payment service providers and telecoms, digital and IT service providers, will remain within scope of the regulations.

Mila Pencheva of Pinsent Masons said: “The decision to remove AISPs from the scope of the MLRs – but retain PISPs – is welcomed and strikes a fair balance between the risk of money laundering and innovation. However, it will be crucial for industry and regulatory guidance to provide further clarity on the anti-money laundering expectations placed on PISPs.”

The government said it is still considering whether there should be alignment between MLRs and the 2000 Financial Services and Markets Act (FSMA) on which activities make a relevant person a ‘financial institution’. It added that more detailed policy and legal analysis was required to ensure that any change did not have unintended consequences.

Andrew Barber of Pinsent Masons said: “The decision to carry out further consultations and analysis before making changes to the MLRs is the right one. Merely aligning the definition of a financial institution to that under FSMA will not be a shortcut to clarity. For instance, under the current definition, a number of completely unregulated businesses are caught and will need to continue to be in scope as they are at risk of being used as tools of money laundering – a common example being commercial lenders.”

He added: “If such unregulated businesses fall outside the definition of financial institution, a new category will need to be introduced for them, creating a risk of further complexity and uncertainty and a need for fresh body of guidance.”

The government also said supervision of the MLRs by the Financial Conduct Authority (FCA) would be expanded. In the future, a proposed buyer of a crypto-asset firm will be required to notify the regulator ahead of any acquisition. The change is intended to allow the FCA to undertake a ’fit and proper‘ assessment of the buyer, giving it the power to object to the acquisition before it takes place.

Pencheva said: “This requirement is a quasi-‘change in control’ process for cryptoasset firms. This is another important milestone towards the regulation of cryptoassets and will improve credibility in the industry.”

The draft legislation also proposes important changes to relevant firms’ dealings with trust customers. These will be brought into the scope of the MLRs customer due diligence (CDD) requirements from 1 September 2022, when delayed changes introduced by the EU’s 5^th Money Laundering Directive come into effect.

Financial regulation expert David Hamilton of Pinsent Masons said that the changes would increase the compliance burden on firms, particularly when dealing with trustees lacking in professional experience.

“From 1 September, Regulation 30A of the MLRs will require firms to collect proof of the trust’s registration with, or an excerpt from, the Trust Registration Service (TRS) register from the customer at the outset of the business relationship,” he said. “This can create issues for a firm where, for example, it sells an investment product that is placed into a non-exempt trust. The trustee, whose responsibility it is to register the trust with the TRS, may not be a professional and may have no idea of their obligation to register under the MLRs – which clearly has the potential to create issues for the firm when conducting their CDD.”

“The draft statutory instrument at least provides some clarification on that score. From 1 April 2023 firms will discharge their obligation under Regulation 30A if they collect an excerpt of the register or establish from an inspection of the register that no such information is held at that time. Although the clarification is welcome, it does add to firms’ compliance burden, requiring them to maintain clear audit trails of the steps they take to confirm trust customers’ registration status alongside their broader identification and verification measures. The compliance burden does not get any lighter when one considers that the amending legislation also proposes to extend the obligation to ‘ongoing’ CDD as well as CDD conducted at the start of the business relationship. Firms will therefore need to build TRS checks into their ongoing CDD triggers,” he said.

The government also sought views on options to improve supervisory consistency when accessing suspicious activity reports (SARs) as part of the consultation. It will use the revised MLRs to introduce a standardised ‘gateway’ approach to regulatory access, viewing and consideration of the quality of SARs submitted by regulated businesses, to the extent that this inspection is necessary to fulfil the regulators’ supervisory functions.

Hamilton described this change as a “significant development”.

“The government considers that this will help to standardise the approach to accessing SARs and clarify the right of access to support supervisors in delivering their supervisory obligations under the MLRs,” he said.

“This has the potential to increase enforcement risk in cases where, for example, a supervisory authority considers that the submission of poor-quality SARs is symptomatic of a broader systemic issue with a firm’s financial crime systems and controls. It will be interesting to see whether this materialises, but the threat is clear.”

Hamilton warned that UK firms subject to AML and counter-terrorism financing (CTF) requirements could expect to see more changes in the coming months, as the government “gets to grips” with post-Brexit requirements. Reports published by the UK Treasury last week committed the government to consult on further changes where it is considered that inherited EU rules prevent the UK from taking a more risk-based approach to money laundering prevention.

“This includes reviewing the enhanced due diligence required in respect of domestic politically exposed persons (PEPs),” Hamilton said. “At present, engaging with domestic PEPs triggers mandatory enhanced due diligence obligations under the MLRs, but as Baroness Penn stated in the House of Lords on 27 June, if the risks around domestic PEPs are found to be sufficiently low, ‘the government will consider changing the MLRs such that EDD and the additional requirements in Regulation 35 are not automatically required…but instead only triggered when there are other high-risk factors also present’.”

Any additional reforms would run in parallel with other government initiatives including the government’s second Economic Crime Plan, which is due to be published later this year, Hamilton said.

The reports – a review of the UK’s AML/CFT regulatory and supervisory regime (63-page / 604KB PDF), supplemented by post-implementation reviews of the MLRs (35-page / 474KB PDF) and the OPBAS Regulations (28-page / 390KB PDF) – also identified continuing deficiencies in AML and CFT risk assessments and understanding among regulated firms. Supervisors reported common deficiencies in firms’ application of risk mitigation measures including inadequate CDD and policies, controls, and procedures.

While there have been some improvements to the supervisory regime since the OPBAS Regulations, which established oversight body the Office for Professional Body Anti-Money Laundering Supervision, came into force, the Treasury report found continued inconsistencies in supervision. The Treasury reported “varying levels of effectiveness” in approach taken by the UK’s 25 AML supervisory authorities.