MLD5: Implementation at last

As ever, the UK had consulted with time to spare on implementation of the fifth Money Laundering Directive (MLD5) into UK law, consulting in April 2019 for implementation by 10 January 2020. But, shall we say, things got in the way? This resulted in significant delay to the final regulations, amending existing primary and secondary legislation, but the Money Laundering and Terrorist Financing (Amendment) Regulations 2019 were finally made on 19 December 2019 and laid before Parliament the next day. In this article, we look at the key changes the new Regulations make.

Changes to the MLRs: Scope

As expected, the most significant changes are to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs).

Scope changes: terms

One of the key changes MLD5 brings, and which was controversial in the consultation, was how cryptoassets would be defined – which in turn would have an effect on which businesses would come within scope of the MLRs. Treasury has decided to define cryptoasset as a "cryptographically secured digital representation of value or contractual rights that uses a form of distributed ledger technology and can be transferred, stored or traded electronically" – the term "money" as defined elsewhere in the MLRs does not included a cryptoasset.

Additionally, the relevant thresholds for electronic money products to fall within the MLRs have been changed – from €250 to €150 in relation to the general exemption for e-money products from the CDD requirements, and from €100 to €50 or €50 per transaction in relation to the limits for CDD relating to cash redemptions. A new requirement allows credit and financial institutions that act as acquirers for payment using an anonymous pre-paid card issued by a third country, to accept payment only where the card is subject to, and satisfies, requirements similar to those mandated in the MLRs.

Scope changes: businesses

There are new definitions of the following terms – each of which can be either a firm or a sole practitioner:

• Art market participant : someone who by way of business trades in, or acts as an intermediary in the sale and purchase of works of art (also a defined term) and the value of the transaction, or linked transactions, is at least €10,000; or the operator or a Freeport or any other person who, by way of business, stores works of art for a person or series of linked persons, to a value of at least 10,000;
• Cryptoasset exchange provider : someone who by way of business provides any one or more of the following services, including if it is the creator or issuer of any relevant product – exchanging, arranging or making arrangements with a view to the exchange of cryptoassets for money or vice versa or for other cryptoassets or operating a machine which uses automated processes to exchange cryptoassets for money or vice versa, when they are providing the services;
• Custodian wallet provider : someone who, by way of business, provides services to safeguard, or to safeguard and administer, cryptoassets on behalf of customers or provide cryptographic keys on behalf of customers to hold, store and transfer cryptoassets, when they are providing the services;
• Letting agent : someone who, or whose employees, carries out letting agency work, when carrying out such work. In turn "letting agency work" is things done in response to instructions received from a prospective landlord looking for a person to whom to let land, or a prospective tenant looking for land to rent and where an agreement is concluded for a letting of a month or more and at a monthly rent, for at least part of the term, of at least €10,000. Expressly excluded are the activities of publishing advertisements and disseminating information, and providing a means of contact or communication between prospective landlords and tenants, provided the firm does not carry out any other defined letting agency activities.

All these entities now fall under the need for registration under the MLRs – cryptoasset exchange providers and custodian wallet providers by FCA and letting agents and art market participants by HMRC.

The definition of "tax adviser" has also been expanded and now catches a greater range of activities, covering additionally those who provide "material aid, or assistance or advice, in connection with the tax affairs of other persons, whether provided directly or through a third party".

Changes to the MLRs: Customer Due Diligence (CDD)

Expansion of scope

The changes on the requirement to apply CDD expand the requirement to:

• Letting agents in relation to any transaction for a term of at least a month and where the rent is at least €10,000 per month for at least part of the term – and to apply the requirement to both landlord and tenant;
• Art market participants in relation to any trade in a work of art where the transaction or linked transactions are of a value of €10,000 or more or in relation to storage of such works;
• Cryptoasset exchange providers operating machines to exchange cryptoassets for money or vice versa, in relation to any transaction carried out using the machine.

Other changes

Other changes, relevant to all firms covered by the CDD obligation, stress the need to understand the ownership and control structure of any non-individual customer, and confirm the requirement to keep written records of relevant actions taken to identify beneficial owners and to verify the identity of the senior manager managing an entity where the firm has failed to identify the beneficial owner.

The MLRs also expressly state that information may be regarded as obtained from a reliable source where obtained via appropriate electronic services secure from fraud or misuse and capable to providing an appropriate level of assurance that the person claiming a particular identity is the person with that identity.

In relation to enhanced due diligence (EDD), a few tweaks make it clear that EDD should apply in relation to any relevant transaction where a party is established in a high-risk third country (defined by reference to the EU's list, and confirming that "established" means being incorporated or having a principal place of business or principal regulator in that jurisdiction, or being resident in that jurisdiction if an individual). Further guidance extrapolates that EDD must include getting additional information on the customer, its beneficial owner and the intended nature of the business relationship, information on source of wealth and funds of the customer and its beneficial owner, understanding the reasons for the transaction, getting senior management approval and conducting enhanced monitoring. There are also clear requirements where the product in question is a life insurance policy.

Discrepancies with other sources

A new Regulation 30A imposes a requirement on firms to get proof of registration or similar where the entity is subject to UK company or partnership registration requirements and report to the relevant registrar any discrepancies between information on beneficial ownership that the firm collects or otherwise becomes aware of and what is stated in the register.

Other changes affecting firms

Among the other changes to affect firms are:

• A change to the list of required policies, controls and procedures at group level (Regulation 20(1)(b)) to add policies on the sharing of information about customers, customer accounts and transactions;
• A requirement on firms to undertake appropriate risk assessments before they launch new products or business practices, as well as new technologies;
• A change to the requirements in Regulation 24 on training to include as well as employees any agents the firm uses for the purposes of its business whose work is relevant to money laundering prevention or compliance with the MLRs;
• Changes to bring relevant new obligations within the list of "relevant requirements" for the purposes of possible enforcement action for breach of such a requirement.

Registration requirements

Additions to the MLRs set requirements on FCA in respect of the fit and proper test it must apply to applicants for crypto-asset business, and requires relevant businesses to inform their customers before entering into any transaction whether the activity is within or outside the scope of the Financial Ombudsman Service and Financial Services Compensation Scheme.

Additionally the MLR now set reporting requirements for cryptoasset businesses and allow FCA to require skilled persons reports on such businesses.

Wider changes

Among the wider changes the new MLRs bring is:

• An obligation on the Government to introduce a "central automated mechanism" for making and responding to requests for information about accounts and safe-deposit boxes, and sets the information that an enforcement agency or the Gambling Commission may request and the mechanism for doing so ;
• To oblige every credit institution and provider of safe custody services to set up and maintain systems that will enable it to respond to requests using the central automated mechanism;
• Obligations on self-regulatory organisations to publish annual reports on monitoring and enforcement activities;
• To create an offence for officers of supervisors who disclose confidential information other than as permitted by the MLRs;
• Obligations on the National Crime Agency (NCA) in respect of provision of information in response to requests; and
• An obligation on Treasury to review and report on the operation of the MLRs at least every 5 years with the first report coming before 26 June 2022.

Changes to other legislation

There are of course some consequential changes to other legislation, mainly:

• To the Proceeds of Crime Act 2002 and the Terrorism Act 2000 to update the scope of the "regulated sector"; and
• To the Companies Act 2006 in respect of required particulars about a company and rectification of the register, with mirroring changes to the Limited Liability Partnerships (Application of Companies Act 2006) Regulations 2009,the Unregistered Companies Regulations 2009 and the Scottish Partnerships (Register of People with Significant Control) Regulations 2017.

When do the changes take effect?

The majority of the changes are effective from 10 January 2020, but the provisions on CDD on anonymous pre-paid cards take effect from 10 July 2020, and those on the bank account portal on 10 September 2020. Additionally, firms that come newly within scope of the MLRs and the requirement to register for supervision, will have to comply with the MLRs from 10 January 2020 but FCA at least has indicated a grace period within which firms must apply for registration – and, if the registration has not been completed and approved by 10 January 2021 the firm will need to cease trading. FCA has also stated that any cryptoasset business that starts trading after 10 January 2020 must be registered before it can carry on the relevant activity. The amended MLRs themselves merely state that application must be made by 10 January 2021.