HM Treasury’s response to last year’s consultation on proposed amendments to the Money Laundering Regulations (MLRs) is out. The response sets out the direction the government has taken on introducing time sensitive updates to the MLRs, to strengthen and clarify how the anti-money laundering (AML) regime operates. Subject to Parliamentary approval, most of the measures in the draft statutory instrument will come into force on 1 September 2022.
Key areas include removing Account Information Service Providers (AISPs) from the scope of the regulated sector, new provisions on crypto assets , access to suspicious activity reports (SARs) for supervisors, and an ongoing requirement to report discrepancies in ownership information at Companies House. We have summarised some of the keys updates below:
AISPs are no longer in scope of the regulated sector and subject to the MLRs:
AISPs are information tools that only allow customers to view their data and link it to other services.
They do not come into possession of funds and cannot access accounts to execute payments.
These factors indicate that AISPs would be of limited utility in any money laundering methodology.
Payments Information Service Providers (PISPs) remain within scope. Generally they seen as higher risk than AISPs:
They are involved in payment chains so represent a higher risk of being used as a tool for economic crime more broadly (such as fraud).
However, the ML/TF risk remains low as PISPs do not execute the payment transactions themselves and do not hold payment service users’ funds.
SARs: An explicit legal power to allow supervisors to access and view the content of SARs submitted by their supervised population will be introduced.
This will help standardise how SARs are accessed and clarify access rights to support supervisors deliver their supervisory obligations under the MLRs.
The measure will allow supervisors to identify risks, assess their supervised populations’ understanding of risk, and determine the quality and consistency of reporting.
The measure will help grant supervisors a better understanding of sectoral risks to tailor guidance and improve the effectiveness of their risk-based approach to supervision.
Proliferation financing (PF): The MLRs will be updated to implement the FATF standards in respect of Recommendation 1, requiring financial institutions to identify, assess and take effective action to mitigate PF risk.
HM Treasury will be legislated to carry out a PF National Risk Assessment and financial institutions will need to complete a PF risk assessment. There will be flexibility to create a new risk assessment for this or incorporate PF into existing ML/TF risk assessments.
A definition of PF will also be included in the MLRs.
Reporting of discrepancies: Expansion of Regulation 30A(1) to introduce an ongoing requirement to report beneficial ownership information discrepancies.
Currently, regulated entities must report beneficial ownership information discrepancies to Companies House before onboarding a customer.
From now on, obliged entities will also be required to report discrepancies when conducting ongoing customer due diligence.
The requirement will be streamlined to include a list of ‘material’ discrepancies that need to be reported.
The discrepancy reporting regime has also been extended to include entities on the new public ‘Register of Overseas Entities’.
Subject to Parliamentary approval, this measure will not come into force until April 2023 once broader Companies House reform has taken place.
Transfers of cryptoassets: The new law sets out changes to comply with the expansion of FATF Recommendation 16 - the ‘Travel Rule’:
A 12-month grace period for implementation to run from the point at which the amendments take effect until 1 September 2023, subject to Parliamentary approval.
Only applies to intermediaries that are crypto-asset exchange providers or custodian wallet providers, not other firms like software providers.
Fiat and crypto transfers are treated separately and are no longer both considered for the calculation of the de minimus threshold.
Unhosted wallet transfers should not automatically be viewed as higher risk. Obliged firms are only expected to collect this information for transactions identified as posing an increased risk of illicit finance.
An exemption for transfers which involve only UK based cryptoasset firms, to avoid the unnecessary transfer of personal data.
The de minimis threshold will be set at €1,000.
The government has decided to maintain the information sharing requirements as set out in the consultation, as outlined below:
We now await the response of the ‘Call for Evidence’ on the effectiveness of the UK’s AML regime and what the future of AML supervisory will look like. Look out for a FINTRAIL update once that response is released.
At FINTRAIL, we combine deep financial crime risk management with regulatory expertise to help keep your anti-financial crime programmes and governance structures in step with the latest official guidance.
Please get in touch if you would like support with reviewing, enhancing and formalising your anti-financial crime governance framework. Please email us at contact@fintrail.com