Earlier this month, the Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022 (MLR 2022) came into force to make a number of amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017).
MLR 2017 was previously amended by the Money Laundering and Terrorist Financing (Amendment) Regulations 2019 (MLR 2019), which brought the UK regime in line with the Fifth Money Laundering Directive (EU) 2018/843 (read our previous article on this).
This note sets out a brief summary of the main changes under MLR 2022, which, together with other recent legislative developments such as the new Economic Crime (Transparency and Enforcement) Act 2022 and the Economic Crime and Corporate Transparency Bill, demonstrate the political will of His Majesty’s Government to make the UK an unattractive environment for economic crime.
Expansion of risks covered to include proliferation financing
MLR 2022 adds proliferation financing to the list of financial crime risks covered by the MLR 2017, alongside money laundering and terrorism financing.
It creates new obligations on the Treasury and relevant persons to incorporate proliferation financing into their existing money laundering and terrorism financing risk assessment processes, to identify and assess any additional, specific risks posed.1
The requirements around establishing and maintaining policies, controls and procedures to mitigate and manage risks effectively are also extended to require relevant persons to ensure these address proliferation financing risk.2
Changes to certain categories of relevant persons
MLR 2022 amends the list of relevant persons falling within scope of MLR 2017 by:
- Requiring cryptoasset exchange providers and custodian wallet providers to apply customer due diligence measures in relation to a cryptoasset transfer which is equal to or exceeds the equivalent in cryptoassets of EUR 1,000 in value (taken together with any other cryptoasset transfer which appears to be linked).3
- Extending the definition of "trust or company service providers" (TCSPs) to expressly include TCSPs providing services involving the formation of all forms of business arrangement, rather than just companies and legal persons.4The result is that TCSPs will now fall within scope of MLR 2017 when they form limited partnerships registered in England and Wales or Northern Ireland for clients.
- Clarifying the definition of "art market participants" added by MLR 2019 to exclude artists who sell their own works of art over the EUR 10,000 threshold, including when the artist sells their art as an individual and when they sell it through a company or partnership in which they are a shareholder or partner.5
- Removing Account Information Service Providers (AISPs) from scope on the basis that, as purely informational tools which allow customers to view their data and link that information to other services, the government considers AISPs to present low money laundering, terrorist financing and proliferation financing risk.6
"Travel Rule" for wire/bank transfers involving cryptoassets
MLR 2022 extends the scope of the existing information sharing regime for wire transfers (which is contained in the retained EU Funds Transfer Regulation) to include transfers involving cryptoassets.7 The regime is designed to enable financial institutions to detect potential money laundering or terrorist financing by ensuring that the identities of the parties to a transaction are known and that appropriate records are kept. The requirements will apply to both domestic and cross-border wire transfers.
The changes come into force on 1 September 2023.8
Changes in control of cryptoasset firms
MLR 2022 amends the Financial Services and Markets Act 2000 to bring cryptoasset exchange providers and a custodian wallet providers registered with the Financial Conduct Authority (FCA) within the scope of the FCA's change in control regime. These changes will require proposed acquirers of a cryptoasset firm to notify the FCA ahead of any acquisition of, or increase in, control, so that a 'fit and proper' assessment can be conducted.9
The amendments create a single threshold for what constitutes 'control' of a cryptoasset firm of 25% or more, which is aligned to the definition of "beneficial owner" in the MLR 2017.10
The statutory notes to MLR 2022 explain that these amendments are designed to prevent firms wanting to access the UK cryptoasset market from bypassing the MLR registration gateway (and therefore assessment by the FCA) by acquiring already registered cryptoasset firms.
The FCA is also granted powers to object to proposed acquisitions of cryptoasset firms, and to publish details of its objections.11 Failure to obtain approval from the FCA before acquiring or increasing control of a cryptoasset firm becomes a criminal offence.12
New powers for AML supervisory authorities
MLR 2022 grants new powers for AML supervisory authorities to:
- request a relevant person to provide a copy of any suspicious activity report filed with the National Crime Agency.13
- in the case of HMRC or the FCA, publish notices of decisions to refuse to register an applicant for supervision, plus any other information about the decisions considered appropriate.14 If the applicant appeals the decision, the supervisory authority must update the public information to reflect the appeal and its outcome. Under the MLR 2017, the FCA and HMRC can already publish notices relating to the cancellation and suspension of registrations.
It also extends a number of powers granted to the FCA under MLR 2019 specifically in respect of cryptoasset firms to all 'Annex 1 financial institutions', including:
- The power to request a firm to provide certain categories of information to the FCA.
- The power to appoint a s.166 FSMA skilled person to investigate a firm.
- The power to impose directions in writing on a firm. 15
The statutory notes explain that while 'Annex 1' firms have been historically categorised as ‘low risk’, this extension was prompted by increasing concerns about the light touch approach to supervising them, and the limited supervisory tools available to the FCA to do so.
Under MLR 2019, relevant persons who identify a discrepancy between the beneficial ownership information available in the PSC Register and the beneficial ownership information provided by the company in the course of customer due diligence (at the onboarding stage), must report this to Companies House. MLR 2022 removes the timing window to make this an ongoing requirement, but limits the matters that must be reported to "material" discrepancies that may reasonably be considered (i) to be linked to money laundering or terrorist financing or (ii) to conceal details of the business of the customer.16 Specific examples of "material" discrepancies are listed, including incorrect names, dates, dates of birth, nationalities, addresses and missing PSCs.
MLR 2022 also extends the discrepancy reporting regime to discrepancies on the new Register of Overseas Entities maintained by Companies House (which was created under the Economic Crime (Transparency and Enforcement) Act 2022).17
Both changes come into force on 1 April 2023.18
Information sharing amongst supervisory authorities and other relevant authorities
MLR 2022 amends the existing provisions relating to disclosures between supervisory authorities, or by supervisory authorities to other relevant authorities, for specific purposes connected to their functions, to:
- Expand the list of "relevant authorities" who may share and receive information and intelligence to include other government agencies, such as certain functions of the Department for Business, Energy & Industrial Strategy and Companies House.19
- Expand reciprocal sharing of information and intelligence between supervisors and relevant authorities (including law enforcement), where the purpose of such disclosure is connected with (i) the effective exercise of the functions of the supervisory authority or other relevant authority or (ii) money laundering, terrorist financing or the integrity of the international financial system.20
- Enable the FCA to disclose the confidential information it receives, in relation to its MLR duties, more widely.
Removal of requirements relating to the national register of bank account and safe-deposit box ownership
Under MLR 2019, the UK had until 10 September 2020 to establish a centralised automated mechanism – such as a central registry or electronic data retrieval mechanism – which allowed for the identification of natural and legal persons holding or controlling bank accounts, payment accounts or safe-deposit boxes in the UK. However, following Brexit and further stakeholder engagement, the project was not pursued by the government. MLR 2022 therefore removes the redundant requirement.21
With these amendments to the MLR 2017, together with the new Economic Crime (Transparency and Enforcement) Act 2022 and Economic Crime and Corporate Transparency Bill, the UK is taking increasing steps to tighten its anti-money laundering and economic crime controls. The true test of these changes will be in their implementation and enforcement.