Financial crime prevention laws are never static, and 2016 has proved no exception to the continuous cycle of changes to existing laws and the introduction of new ones. Over the course of the year, the UK has tackled both implementation of EU measures and the review of domestic measures, leading now to proposals for new legislation. Meanwhile, at the regulators, FCA has been considering how it can get better information to help it in its objective to prevent financial crime, while continuing to investigate and take enforcement action against firms that do not meet its standards.
Emma Radmore looks back at the key developments of 2016.
The current major task on Treasury's plate is to put in place the legislation necessary to implement the fourth Money Laundering Directive (MLD4). Our more detailed article has covered the changes MLD4 requires the UK to make, and some of Treasury's thoughts around implementation, as well as matters that are up for discussion. What seems clear from the consultation is that:
- The primary legislation will not change as a result of MLD4, so the offences within the Proceeds of Crime Act 2002 (POCA) and the Terrorism Act (TA) will not change
- Although, in some ways, the changes to secondary legislation (the Money Laundering Regulations 2007 and the Transfer of Funds (Information on the Payer) Regulations 2007 will not be fundamental, Treasury has nevertheless decided to repeal both of them, and replace them with one new statutory instrument. But it has not yet published a draft, so we do not yet know the extent to which the current structure and wording within the detailed provisions will change. Treasury has, however, noted that it will gold plate MLD4 only where there is evidence of a material money laundering or terrorist finance risk to address.
Treasury has not committed to a date for publication of the new Regulations, but MLD4 requires all implementing provisions to be in effect by 26 June 2017, and Treasury has indicated there will be a transitional period. Consequent on the new Regulations, though, will be changes to the Joint Money Laundering Steering Group (JMLSG) guidance notes, and FCA's Financial Crime Guide.
The European Commission is keen to make changes to MLD4 even before it is implemented. Indeed, originally, it wanted to introduce the changes and bring the implementation date forward to the beginning of 2017. However, it soon became clear that would not be feasible, and the proposals for change are still under discussion – some of it heated. The changes relate to:
- Inclusion of virtual currencies – but debate over precisely what to cover
- Removing some of the current exemptions for certain lower risk pre-paid instruments
- Setting a lower beneficial ownership threshold – of 10% - in relation to passive non-financial entities
- Requiring public access for limited beneficial ownership information
- Setting up central registries (again with some public access) for beneficial ownerships of trusts
- Giving financial intelligence units more powers over obliged entities even where no suspicious activity report (SAR) has been filed
- Requiring Member States to set up registers that would enable regulators and enforcement agencies to identify the beneficial owners of bank and payment accounts.
The UK government is concerned about some of these proposals, particularly on making public information on trust ownership where the trusts are private arrangements. It would limit the register to administered trusts. It is also concerned that the 10% threshold for some companies could cause confusion in complex corporate structures, with different limits applying to different entities within the group.
Meanwhile, the Government has been pushing forward with its plans to strengthen regulatory powers in relation to suspected money laundering. The Criminal Finances Bill, which is currently making its way through Parliament, includes proposals for:
- Unexplained wealth orders (which will enable enforcement agencies to obtain a Court order requiring individuals to provide statements about their interest in specified property, and how they obtained it and paid for it) – and making it a criminal offence to make a misleading statement in purported compliance with an order
- Possible interim freezing orders on property that is subject to an unexplained wealth order
- The NCA to be able to apply for an extension to the 31 day moratorium in relation to SARs, where it needs further time to investigate – and to be able to apply for a succession of extensions up to a maximum of an additional 186 days
- Firms to be able to share information with others on request from NCA or with its permission if certain conditions are met
- Powers for NCA to request further information either from firms that make a SAR or from others in the financial sector
- New offences relating failing to prevent facilitation of tax evasion.
Outside of the Criminal Finances Bill, the Government still needs to progress its review of the SARs regime, but we await details of the proposed changes. It is also still considering introducing powers to designate entities of money laundering concern.
In some ways, it's been a relatively unremarkable year in financial sanctions. It seems a very long time since January, when many of the EU sanctions against Iran were lifted as a result of the Joint Comprehensive Plan of Action. In theory, this meant the lifting of many of the wide-ranging sectoral restrictions and the need for notification or approval for transfers of monies to or from any Iranian persons. However, significant numbers of designated persons remain, and this, added to the fact the US did not life the same sanctions, means that business in Iran is still a challenge, which only those who will reap a significant business advantage will consider it worth the cost of undertaking.
Otherwise, further sanctions were imposed in relation to North Korea, prohibiting UK businesses from setting up in North Korea or entering into joint ventures or similar agreements with North Korean entities without a licence from Treasury.
That apart, Treasury set up the Office of Financial Sanctions Implementation (OSFI), which took the opportunity of its creation to update and reissue existing Treasury guidance on how to comply with the sanctions regimes, and FCA took the opportunity of the revamp of its website to remind firms of its expectations. Key messages included that ignorance of the existence of sanctions regimes is no excuse for failing to take measures to comply with them, as they are widely publicised. FCA specifically notes to firms that it is good practice to consider not only the entity that is their customer but also its directors, beneficial owners and any third party payees when carrying out sanctions checks.
There have now been two publicised Deferred Prosecution Agreements (DPAs) for breach of s7 Bribery Act 2010 and one criminal prosecution. The latest DPA concerned a UK SME, some of whose employees and agents bribed third country agents "on a prolific scale". The court determined the company's "controlling mind" was responsible, while noting that the conduct, though serious and systematic, was not sophisticated nor was there any attempt to cover it up, and that most of the bribes were offered by agents under no pressure. Ultimately, the decision to use the DPA route was the result of a decision to make a prompt self-report when the company's UK parent discovered the problems when seeking to implement a global compliance programme. The decision was notable also because the company would have become insolvent had the proper measure of damages been applied. Instead, it was penalised what it could afford from its unencumbered available cash (which was around £350,000 out of a penalty that by rights should have been £16m). The clear message is that prompt self-reporting, before the scale of damage is known, with any necessary further follow up self reports, is a pre-requisite to the Serious Fraud Office even considering a DPA. There will certainly be further publicised DPAs and prosecutions in 2017.
For FCA, financial crime prevention supervision has been pretty much business as usual. There has in fact been only one significant fine during 2016, on Sonali Bank. FCA found a catalogue of problems at the bank, amounting to serious and systemic weaknesses over many years, which were first identified by FCA's predecessor in 2010, and then required further action at FCA's request after a remedial plan had been put in place but was not tested or monitored. FCA found that senior management did not embed compliance or proper oversight in relation to financial crime compliance despite warnings from both individual board members and internal audit. The bank had in place unclear reporting lines which did not pay sufficient attention to compliance with AML processes and, in any case, lacked practical guidance. This meant the bank failed to do proper customer due diligence and did not carry out enhanced due diligence when required, and failed to monitor transactions and relationships and did not make SARs when it should have done. Additionally, it took the bank more than 2 months to notify FCA of a suspectd fraud on a customer account – which was brought to the bank's attention by the customer.
FCA fined the bank £3.25m and banned it from accepting new customer deposits for 168 days.
Additionally, FCA fined and banned the bank's MLRO at the time. Although it noted he was under-resourced and overworked, it nevertheless found:
- Failure to put in place adequate monitoring
- Failure to identify serious operational control weaknesses
- Lack of knowledge among staff of AML policies and procedures
- The MLRO assured senior management that controls were working when they were not
- Failure to report internal audit and testing concerns when they arose and
- Failure to impress on senior management the need for more resource and failure to act to recruit that resource.
FCA will continue its fight against financial crime. It has been pleased at the results of its first cycle of its Systematic Anti-Money Laundering Programme, which it found has given it excellent information. It will use this information, together with the information it will obtain as firms complete the new reporting form which takes effect as part of the Supervision Manual reporting forms from the end of 2016, and which firms must submit within 60 days of their accounting reference date. The information will help FCA produce aggregate figures to assess the risks to the UK financial markets. FCA will also start a new initiative to inspect a random sample of 100 non-high risk firms each year.
There will of course be more! Not only will the JMLSG Guidance notes and the Financial Crime guide need substantial review to cater for MLD4 (if not also MLD5) during 2017, the Chancellor's announcements as part of the last Autumn Statement championed the UK's commitment to FinTech and, among other things, the use of electronic ID and other measures designed to facilitate online business. So 2017 will be sure to be another busy year.