UK and International Tax news

Money Laundering Regulations 2017

Friday 21st July 2017

On 26 June 2017, The Money Laundering , Terrorist Financing  and Transfer of Funds (Informationon the Payer) Regulations 2017 [SI 692/2017], colloquially known as the Money Laundering Regulations 2017, bring the European Fourth Money Laundering Directive [EUD 2015/849 of 20 May 2015] into UK law.

 

The MLRs build on the current regulatory framework with some specific and potentially significant changes, including  whole firm risk assessment, internal controls, screening of relevant employees, compliance officer, and an independent audit function, policies, controls and procedures, client due diligence [CDD], simplified [SDD] and enhanced [EDD], politically exposed persons [PEP], and  reliance on third parties. In particular, identifying and assessing risk was an important theme running through Money Laundering Regulations 2007 [MLR2007] and firms were encouraged to assess the risks faced by the business, as well as the risk that clients would be involved in money laundering or terrorist financing.

The latest regulations set out a more prescriptive approach to this firm-wide risk assessment and there is a requirement for a written risk assessment and a list of factors that you must take into account. These include information provided by the Supervisory Authority on risk factors in the sector, customers, the countries or geographic areas in which the firm operates, products or services, transactions, and delivery channels.

The regulations accept that the nature of the risk assessment will depend on the size and nature of the firm. The overall risk assessment of a small firm for example may be quite succinct but there must still be proper documented identification and assessment of the risk of money laundering or terrorist financing.

The regulations keep the core requirement that CDD must be performed before a business relationship is established and where any factors relevant to the risk assessment have changed, such as a client’s identity or a transaction that is not consistent with existing knowledge of the client, or in the services being provided to the client, there is still a requirement to identify and verify the owner and the beneficial owner.  The regulations state that reliance solely on Companies House may be insufficient.

There are three key changes to the CDD requirements:

  • CDD must be completed even for company formation services,
  • Identification and verification of the identity of a person purporting to act on behalf of your client are required,
  • Identification and verification of a body corporate, its registration number, its registered address, and principal place of business, the law to which it is subject, its constitution (set out in governing documents) and the names of the board of directors and its senior management.

Under MLR2007, SDD was the default option for a defined list of entities including listed companies. MLR2017 embed SDD into the risk-based approach. CDD must still be performed but this may be limited if SDD is appropriate. The regulations give a list of low risk factors where SDD may be appropriate, which is similar to the list of entities in MLR2007 (ie, credit or financial institutions) but also includes customers in geographical areas of lower risk.

The rules around EDD are significantly different under the regulations. EDD must be applied where there is a high risk of money laundering or terrorist financing, in any business relationship with a client established in a high-risk country, if the client is a Politically Exposed Person (PEP), or a family member or known close associate of a PEP, in any case where the client has provided false or stolen identification documentation or information on establishing a relationship, and in cases where the client has entered into transactions that are complex and unusually large, or there is an unusual pattern of transactions, and the transaction or transactions have no apparent economic or legal purpose.

EDD procedures will include, as far as reasonably possible, an understanding of the background and purpose of the transaction, and increases in the degree and nature of monitoring of the business relationship to determine whether the transaction or the business relationship are suspicious.

Further measures including seeking additional independent, reliable sources to verify information the client has provided, taking additional measures to understand better the background, ownership and financial situation of the client, and other parties to the transaction, taking further steps to ensure that the transaction is consistent with the purpose and intended nature of the business relationship; or to increase the monitoring of the business relationship, including greater scrutiny of transactions.

The regulations give a list of risk factors that might indicate that there is a high-risk of money laundering or terrorist financing and these should be considered when assessing if EDD might be appropriate.

Contact Us