The Fourth Money Laundering Directive (MLD4) and the accompanying revised Fund Transfer Regulation (FTR) were adopted by the EU lawmakers around 18 months ago and published in the Official Journal of the EU on 5 June 2015. Read our summary of the changes. They are due for implementation by June 2017. However, since their adoption there have been almost constant calls, variously, for early implementation and for significant extensions to scope. Regardless of some remaining uncertainties, HM Treasury said it would consult in the autumn of 2016 on its plans for implementation, and has now, on 15 September, published its paper.
Where are the current UK laws?
The UK laws implementing the current EU anti-money laundering (AML) legislation are in a variety of primary and secondary legislation, notably the Proceeds of Crime Act 2002 and Terrorism Act 2000 as primary laws, and the Money Laundering Regulations 2007 (MLR 2007) and the Transfer of Funds (Information on the Payer) Regulations 2007. For financially regulated firms, these are backed up with regulatory requirements, most notably the PRA's Fundamental Rules and FCA's Principles for Business, the systems and controls rules and FCA's Financial Crime Guide.
What are the key changes for UK firms?
As was the case when the UK implemented the third money laundering Directive, UK firms will find much of the transition easier than firms from some other Member States, as many of the changes represent existing UK practice and, in some cases, changes the package makes have been introduced early in the UK.
What about Brexit?
As the government has stated on many occasions, until the Brexit exit negotiations are concluded, the UK will remain a full member of the EU, and during the period leading up to Brexit the government will continue to negotiate, implement and apply EU legislation. For MLD4, then, this means the implementation date will be before Brexit.
What laws will change?
Treasury plans to implement the MLD4 package by repealing the MLR 2007 and the Transfer of Funds (Information on the Payer) Regulations 2007, and replace them with one statutory instrument called the "Money Laundering and Transfer of Funds (Information on the Payer) Regulations 2017" to address everything the UK has to implement. It says it will gold plate only where there is good evidence of a material money laundering or terrorist finance risk that must be addressed. There would be appropriate transitional provisions and the new rules would take effect, as required, by 26 June 2017.
What are the main changes?
Scope – "obliged entities"
The businesses covered by MLD4 – or as it calls them "obliged entities" - are mainly those financial sector businesses already covered. Key changes though include a lowering of the threshold for cash transactions to €10,000, and extending the scope to both making and receiving payments in cash. Treasury will implement these changes in full.
MLD4 gives an option to Member States to exempt persons who engage in financial activity on an occasional or very limited basis, provided these persons are not money remitters. Treasury currently applies this exemption to entities meeting relevant conditions and with a total annual turnover of no more than £64,000. This amount was linked to the VAT registration threshold at the time. Treasury now plans to raise the threshold to £100,000, well in excess of what the threshold will be next year. It plans to leave the single transaction threshold at €1,000. Businesses wishing to benefit from the exemption will still need to meet all its other conditions as well as the monetary limits.
While the basic Customer Due Diligence (CDD) requirements remain, Treasury is interested in views on what should trigger application of CDD measures to existing customers, and what changes in circumstance should require such measures. It also asks for details of how much it costs firms to carry out CDD and on their policies in dealing with conversions of the euro amounts in the EU measures to sterling.
The MLR 2007 set out a list of products that could be subject to Simplified Due Diligence (SDD), and Treasury proposes to replace this with the non-exhaustive list of factors listed in an Annex to MLD4 that might mean SDD is appropriate. It asks whether respondents agree, and whether they think anything else should be expressly included in the list. Treasury also notes that MLD4 does not include the derogation for pooled client accounts held by legal professionals or notaries. It seeks views on what the money laundering and terrorist finance risks associated with these accounts would be, whether SDD should be permitted for them and the effects of removing the ability to use SDD. It also notes the European Supervisory Agencies' (ESA) guidance (which is still not finalised) should address this.
Treasury notes that, again, an Annex to MLD4 and the ESA guidance will address products and factors that suggest high risk and therefore should lead to Enhanced Due Diligence (EDD). It seeks views on whether any products not listed in MLD4 or proposed by the ESA guidance should be covered, and whether any products in other sectors should also be covered. It also asks for information on the costs of EDD to firms, and on the EDD measures they currently apply to clients operating in high-risk third countries.
Treasury seeks views not only on whether firms currently rely on third parties for CDD and, if so, the costs of doing so. It also asks for views on which entities in third countries could potentially be relied upon, and for opinions on what certain expressions in MLD4 mean. It is particularly interested in the new provision that "member organisations or federations" of obliged entities in third countries.
Assessment of risks and controls
MLD4 introduced, among other things, the requirement for firms to appoint a compliance officer at management level, screen employees and, proportionately, to consider an internal audit function. It also required approval of senior management for policies and procedures – and defines "senior management". Treasury asks whether there should be a threshold above which firms must appoint a compliance officer and screen employees, and for having an internal audit function (and, in this context, what "independent" means). It also asks what should be taken into account when screening employees. Treasury also takes the opportunity to seek views on how many of the controls firms are in fact already carrying out, and the likely cost of performing them.
MLD4 covers, in principle, all gambling providers. The consultation both explains the controls newly-covered providers will have to put in place (asking for comment on, for example, when is the right time to apply CDD) and seeks views on which providers could be exempted.
MLD4 gives Member States the discretion to exempt some low-risk e-money products from parts of CDD. Treasury notes that, if the UK is to use the discretion, it will need to change legislation to accommodate the new exemptions. Treasury's view is that the National Risk Assessment suggests the exemptions should be used where possible, but it seeks views on the risks the sector presents and on the costs of compliance.
MLD4 extends the types of estate agency business that are covered, for example to cover letting agents. It also permits self-regulatory bodies to supervise compliance. Treasury seeks views on application generally of CDD in estate agency business and on supervision of the sector.
MLD4 requires EDD on correspondent banking, which the MLR 2007 already do. Treasury will implement all the MLD4 measures in full. But it also expects firms to apply a risk-based approach and seeks views on how this should be achieved.
One of the key changes in MLD4 is to broaden the definition of a Politically Exposed Person (PEP), including to cover domestic PEPs within its scope. Treasury believes MLD4 allows firms to take a risk-based approach to identifying whether a customer is a PEP and lets them apply EDD to the appropriate degree. It considers it is critical that there be appropriate industry guidance to ensure this happens – and notes industry concerns over the potential inconsistencies between the JMLSG guidance and FCA's Financial Crime Guide in this area. It asks several questions on the scope of the requirements (including whether senior members of international sporting federations should be included in the PEP definition – which MLD4 does not do), how to apply them and the cost of doing so, and the ability of PEPs to complain to the Financial Ombudsman Service if they are unreasonably refused a business relationship.
MLD4 introduces the beneficial ownership register for corporates that the UK has already introduced in its People with Significant Control (PSC) regime for UK entities. It also has plans for a public register of company beneficial ownership for overseas companies who already own or buy property in the UK or who bid on UK central government contracts. But the UK still needs to work out which entities are covered by the MLD4 requirement that are not caught by the PSC regime. Treasury also notes the Commission is proposing to widen the scope of the additional trust register, and asks what considerations it should take into account when developing the required central register of trust beneficial ownership information. It has already stated it will not share trust beneficial ownership information with private entities or individuals.
MLD4 strengthens current reporting requirements. Treasury acknowledges the UK SARs regime needs improvement, but clearly whatever changes it makes must meet the MLD4 specifications. It also seeks views on whether it should implement the option to require record retention for an additional five years once the normal retention period has expired.
MLD4 specifies powers and duties of supervisors. Treasury asks several questions on the powers of supervisors and reasons on which a supervisor may cancel or refuse a registration or add conditions to it.
MLD4 sets out minimum sanctions Member States must impose on obliged entities that breach the requirements. Treasury plans not to set an upper limit on the administrative fines it can impose. It seeks views on this, and on whether it should consider additional sanctions and measures.
- The "Panama Papers" extension? The European Commission is keen to extend MLD4 to address several concerns that have come to light since the Directive's adoption. These issues include giving financial intelligence units (FIUs) greater powers to request information from obliged entities, even if the entities have not made relevant SARs and enabling FIUs and supervisors to identify the holders and beneficial owners of bank and payment accounts. Other aspects of the proposals address designating virtual currency exchange platforms and custodian wallet providers as obliged entities, reducing the threshold above which CDD must be applied to non-reloadable prepaid instruments and removing the exemption from CDD for online use of pre-paid instruments. The final strand of the proposals looks at a harmonised approach to third countries with strategic deficiencies in their AML and countering terrorist finance regimes. But right now, no changes have been adopted, and the Treasury's consultation covers only the text adopted last year;
- A lower beneficial owner threshold? The Commission is also keen to further improve transparency by, among other things, reducing the threshold for determining beneficial ownership to 10% for passive non-financial entities. It also wants to make beneficial ownership information on trusts and trust-like arrangements available to persons with a legitimate interest in knowing the information and to obliged entities undertaking CDD. Alongside this, it asks for an automated centralised mechanism for identifying holders of bank accounts. The UK Government has several concerns on these proposals but, again, the changes have not been adopted, and are not covered by the current consultation;
- ESA guidance? MLD4 requires the ESA to publish guidance on the risk based approach and on SDD and EDD. The ESAs published their drafts for consultation some time ago, and Treasury recommends that firms read the drafts. But there is no suggestion it will displace domestic regulatory guidance; and
- Better Regulation? The government is still considering the responses to its consultation on lessening red tape and doing away with unnecessary regulation. The results of this, and the planned overhaul of the Suspicious Activity Reports regime, is separate to the need to implement MLD4.
What happens next?
Consultation closes on 10 November. Treasury has not committed to a date by which it will publish the legislative changes. As the changes must take effect by 26 June 2017, firms should start planning for change before the final form new legislation is published. While for many UK firms, there may be little significant change, this does not mean they will not have to review their policies, procedures and processes to ensure they are compliant with the new standards by next June.