July brought a flurry of activity on the AML/CTF prevention front, both domestically and internationally. HM Treasury is calling for evidence in the effectiveness of the UK regime and proposing changes to the regulatory requirements, while the EU moves to consolidate its legislation.
Emma Radmore looks at the opportunities for change.
What is HMT reviewing?
HMT is carrying out a broad review of the effectiveness of the AML and CTF regulatory and supervisory regimes, following the actions set out in the Economic Crime Plan for 2019-22. Within this it highlights the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) and the Oversight of Professional Body Anti-Money Laundering and Counter Terrorist Financing Supervision Regulations 2017 (OPBAS Regulations). It wants to look at:
- The overall effectiveness of the regimes and their scope
- Whether key elements of the regulations are operating as intended
- The structure of the supervisory regime.
It wants to see whether the regime is working most effectively to deter money laundering and terrorist financing activity while being proportionate and managing burdens on business. And now Brexit gives it greater autonomy to assess how the regime responds to the UK's particular circumstances and risks.
What is HMT asking for?
There are two current initiatives:
- A call for evidence on the effectiveness of the UK regime
- A consultation on proposed changes to the MLRs.
While there are obviously significant links between the two initiatives, they are separate, and the results will be dealt with separately.
What does the call for evidence want?
The call for evidence briefly explains the genesis of the MLRs and how they have gradually expanded in both scope and detail to the current version. It draws out as key points:
- The intention that the MLRs detect and prevent ML/TF before it occurs, both through financial institutions and enablers, while minimising the burden on legitimate customers and businesses
- The scope covers both money laundering and terrorist financing, as drawn out in National Risk Assessments
- The introduction of OPBAS in 2018 to support the 22 professional bodies who supervise their members for AML compliance, following concerns about the quality of professional body supervision
- The intention to look at how effective the supervisory regime is – which will include assessing some areas of overlap with primary legislation and, in particular, the Suspicious Activity Reporting (SAR) regime, but the intention is not to recommend any significant changes to POCA or other legislation (this will be the subject of a separate Home Office initiative).
What makes an effective regime?
HMT asks for views on both whether respondents agree with the objectives of the regime and whether it meets them. It describes the objectives as:
- The regulated sector to identify, prevent and report suspicious transactions
- Supervisors take a risk-based approach to monitoring compliance, and make proportionate and dissuasive use of their powers and enforcement tools
- Accurate and up to date beneficial ownership information is collective, maintained and made available to competent authorities so as to prevent the exploitation of UK corporate vehicles and other forms of legal personality.
- The regulated sector works in partnership with supervisors and the government to improve collective understanding of the ML/TF threat, which in turn ensures compliance activity is focussed on the highest risks and the regulated sector provides valuable information to law enforcement.
What are the focus points?
Is the approach right?
HMT wants to know whether respondents think its approach is a good one, whether its objectives are correct (and any evidence of where the current MLRs have contributed to meeting them or prevented them from being achieved), and what particular areas it should focus on, either in industry or in supervision.
It is aware that there is a common view that the mandatory requirements in the MLR demand too much time from relevant entities, such that the other activities which can actually contribute more meaningfully to the fight do not get as much resource as they need. As a result part of the review will look at whether a significant proportion of resource generally is used on activities which make a limited contribution to the objectives – and this will include, for example, the indirect contribution to the objectives for, for instance, the fit and proper test for those who run money services businesses.
High impact activities
HMT asks what activities should be considered high (or indeed low) impact, and whether any activities should be considered high impact by the MLRs that are currently not. It is interested in how high impact activities have contributed to its objectives.
Of course the UK already publishes regular National Risk Assessments. HMT wants to know whether it should usefully publish Strategic National Priorities and, if it should, how firms and supervisors should respond to them.
Is the scope right?
HMT seeks views on whether any sectors or subsectors currently inside the scope of the MLRs should in fact be excluded, and what, if any should be added – it particularly highlights AISPs and PISPs, Bill Payment Service (BPSPs) and Telecom, digital and IT payment service providers (TSITPSPs), and a broader range of gambling and antiquities subsectors than are currently within scope.
Are the enforcement powers right?
HMT asks whether the current powers in the MLRs and their application is sufficient, proportionate and appropriately dissuasive, and whether the relatively low number of prosecutions is a challenge to effective enforcement.
How to use the Risk Based Approach (RBA)
The next section of the call for evidence looks at whether certain elements of the MLRs do, or do not support their own aims, or are disproportionately burdensome. A particular focus of the section is on whether firms feel the MLRs are permissive enough in enabling businesses to use various technologies. HMT asks whether the MLRs inhibit the use of new technologies and, more broadly, what government and industry could be doing to widen the adoption of new technologies to tackle economic crime.
Supervisors and SARs
HMT is also interested in the potential for supervisors to play a greater role in the SARs regime, for instance by gathering more information on SARs firms have submitted so that they can better understand their firm's appreciation and understanding of risk and ensure they are responding appropriately to potential threats identified in SARs. It seeks views on various issues, ranging from whether supervisors should have more involvement in SARs and what, if any, limitations should be put on their role through to what more could be done to improve SAR quality.
Supervisors powers and duties
The Call for Evidence asks several questions within this section, including probing whether there are examples of where supervisors have not taking account of discretions the MLRs allow, and whether there should be an official definition of AML/CFT programme effectiveness – and, if so, what it should look like. It also explores the supervisors' gatekeeper function – and whether the current set of tests adequately providers an effective system – in particular, there are currently various, slightly different, "fit and proper" and similar tests both within and outside the MLR requirements.
A separate part of the call for evidence probes the strengths and weaknesses of the supervisory regime and asks whether there should be any change to the current model.
CDD and reliance
Drilling down the RBA, HMT seeks comments on the current requirements and relaxations on appropriate levels of customer due diligence (CDD). Many business have complained that the list of mandatory requirements for implementing enhanced due diligence (EDD) has become overly prescriptive which not only goes against the RBA but leads banks sometimes to de-risk entire categories of customer rather than performing individual risk assessments. At the other end of the scale, there is evidence that firms do not feel able to apply simplified due diligence (SDD) in some situations where it ought to be possible. On a related note, HMT asks whether the "reliance" provisions in the MLR are appropriate and proportionate.
Although HMT has tried to help in approving a single piece of guidance for each sector, many stakeholders still complain of the length and complexity of some pieces of guidance, and possible inconsistencies between guidance for firms that operate in more than one sector. But no-one really knows whether they would prefer comprehensive prescriptive guidance or not.
Policing the perimeter
Finally, the call for evidence asks about businesses that carry on activities that are within MLR scope but which operate without a supervisor – and how these risks can best be addressed.
What changes to the MLRs will there be?
HMT describes the consultation on MLR changes as "time-sensitive" – that is, it wants to make the changes as quickly as possible. As a result the currently proposed changes are very focused, and further changes will follow as a result of, among other things, the call for evidence.
For the time being, the changes proposed:
- Would exempt AISPs, PISPs, BPSPs and TDITPSPs from MLRs, although HMT particularly seeks views over whether it is right to exempt PISPs. The logic is that AISPs are merely informational tools whereas PISPs are involved in payment chains – albeit they do not execute payment transactions themselves or hold users' funds. Treasury does not think there actually are any BSPS in the UK, and feels that of the 130 firms registered with HMRC as PSPs (BPSPs and TDITPSPs) only around 20 are actually PSPs. TDITPSPs deal with low volumes of transfers between regulated entities
- Would remove artists from the current scope of the "art market participant" definition, as it was never the intention that they should be included – although there will be future consultation on whether further amendments may be needed to bring within scope those who trade in sale and purchase of digital art
- would expressly allow supervisors to have right of access to SARs made by their supervised population, without mandating that they must, or add any particular obligation for supervisors to review SARs
- would amend the activities that make firms "credit" or "financial" institutions for MLR purposes to align them with the RAO – and also clarify some current grey areas
- would amend the wording of parts of the MLR to include provisions on proliferation financing risk assessments and policies and procedures, and to include the formation of limited partnerships under the activities of trust or company service providers – essentially to ensure the activities of TSCPs over all forms of business arrangement registered at Companies House, and clarify what is meant by a "business relationship" for TSCP business
- would expand MLR 30A to ensure that discrepancies in beneficial ownership information must be reported to Companies House if discovered after the business relationship has been established, not just on establishment – the number of reports received so far suggest this is a valuable tool, even though quite a few of the 35,000 have concerned merely spelling errors and minor issues
- would improve information sharing between supervisors and give FCA more flexible information gathering powers
- would tailor the provisions of the Funds Transfer Regulation to the cryptoasset sector, to include them within the "travel rule" adapted as appropriate, and in due course.
HMT has provided specific drafting for change on the art market participant definition and the proliferation financing wording only at this point.
When do the consultations close?
What happens next?
HMT plans to take forward changes to the MLRs in legislation to be laid before Parliament in Spring 2022, and will make any further changes resulting from responses to the call for evidence separately.
What's happening in the EU?
Meanwhile, in the EU, the European Commission published a package of measures designed to strengthen the EU AML/CFT regime. It has published four proposals:
- a Regulation to establish a new central Authority: this would both set common supervisory standards and also directly supervise some high-risk businesses that operate in a number of Member States
- a Regulation that would contain directly applicable rules in key areas, including the scope of "obliged entities", the scope of internal policies, controls and procedures, CDD measures (to be backed up with technical standards issued by the new central authority), third country policy and threats from outside the EU, beneficial ownership transparency requirements, reporting obligations and limiting the use of bearer instruments (including anonymous crypto-wallets): this new "Single Rulebook" will again provide consistency of approach
- a proposal for a 6th AML Directive that would consolidate and replace MLD4 as amended by MLD5. Given what will be in the Regulation, the Directive will address only measures applicable at national, EU and Member State level, the set up and access to beneficial ownership, bank account and real estate registers, responsibilities and tasks of FIUs and AML supervisors and regulatory cooperation
- a revision of the 2015 Regulation on funds transfer to make it possible to trace transfers of crypto-assets.
There is also a proposed EU wide limit of €10,000 on cash payments (unless national limits are lower than this).
All the proposals now need to be discussed by the European Parliament and Council, and the Commission hopes that once the changes have been made and apply, the new AML authority can start to operate in 2024.
Watch this space
All in all then, a time of further strengthening of AML/CFT laws is on the horizon – with an emphasis on consistent application and ability to move with the times.
This article was first published in Financial Regulation International (www.financialregulationintl.com)