The past six months have seen considerable regulatory activity on money laundering prevention. From supplements from the Wolfsberg group through reports from the European Commission to domestic activity, there has been a lot to keep on top of. In this article, Emma Radmore looks at recent assessments, recommendations and Treasury’s review of the Money Laundering Regulations 2007 (MLR) and highlights the bewildering arrangement of similar, yet separate, requirements on financial institutions.
Treasury called for evidence at the end of 2009 on a wide-ranging review of the MLR. It wanted to know not only about the content of the MLR but also about their practical application, the role of guidance and the adequacy of supervision of compliance. Treasury wanted views from firms in all sectors that have to comply with the MLR and from those on the receiving end of them. The Call for Evidence was in two parts, for ease of focused responses.
Treasury took the review seriously, holding events and workshops and meeting with representatives of many stakeholders, including major industry associations. It received a stunning amount of response, but the most controversial and problematic issues arise not from the MLR but from the wider AML regime.
How the MLR regime works
Effectiveness, proportionality and engagement
Responses on the effectiveness and proportionality of the regime were mixed. Most large respondents thought the regime was effective in deterring money laundering, though some pointed out that none of the requirements would be insuperable to the professional launderer. On the one hand, many found the regime proportionate to the threat, but on the other some pointed out that continued laundering must mean it is not effective. The highest degree of consensus was on criticism of the authorities for not giving enough feedback for businesses properly to judge whether the high cost of compliance has tangible benefits.
The risk-based approach
Most respondents, especially larger institutions, support a risk-based approach to the MLR and think that any other approach would be disproportionate. They complain that some areas of the MLR do not allow for risk-based assessments – specifically on where enhanced due diligence (EDD) is required and on beneficial owners and Politically Exposed Persons (PEPs) related to their customer base. But smaller businesses find more difficulty in a riskbased approach and would welcome more prescription and guidance (although nearly all respondents found their respective industry guidance invaluable). Most criticism was that applying a risk-based approach does not sit comfortably with the risk of criminal sanction for noncompliance. Others commented on the difficulties of fitting a risk-based approach to one element of financial crime prevention in with the prescriptive approach they have to take to other elements. They referred specifically to the primary legislation on proceeds of crime and terrorist finance, and the sanctions and counter-terrorism regimes. Larger businesses, while supporting the risk-based approach in principle, found it hard to apply at customerservice level, for example rolling out a risk-based approach to bank branch counter staff.
Understanding the MLR
Many respondents suggested areas of the MLR that could be clearer. These included:
- positions of agents and principals; and
- outsourcing of compliance.
Others commented the UK seems to have gold-plated EU legislation in some areas and that sometimes available guidance may set standards higher than the MLR may require.
Treasury had asked for comment on whether the PEP definition should extend to UK PEPs. There was some support for an extension but the British Bankers’ Association among others opposed it, saying applying a risk-based approach is enough and to include UK PEPs would put the UK out of step with other countries. There were requests for the Government to provide lists of PEPs because of the time and cost involved in identifying them, which some think make the regime disproportionate.
There was some debate on whether it is proportionate to leave some businesses within the MLR scope (mortgage intermediaries argue lenders already do all the checks that they would do). But other respondents thought businesses such as exchanges and clearing houses should come within their scope.
Of respondents who commented on the ability the MLR give to rely on checks made by another person, most felt this facility would be more useful if criminal liability did not exist and if they had more confidence in supervision of the firms on whom they would rely. Some asked for a better thought-out list of who they could rely on. Many commented on types of transaction where multiple checks usually happen.
Supervision and guidance
Guidance and industry training and seminars were widely popular and respondents particularly praised the Joint Money Laundering Steering Group (JMLSG) guidance. But there are gaps where more guidance would be useful and some respondents found it unhelpful that supervisors were reluctant to respond to questions about particular planned activities. There was a general feeling that supervision could be more consistent (particularly where some supervisors appear to encourage behaviour well above the MLR requirements), while those supervisors who responded wanted better information sharing arrangements.
Industry practice diverges considerably, with firms noting particular difficulties in the practicalities of complying with the more onerous (beneficial owners and PEPs) requirements of the MLR. Firms therefore have to apply differing approaches to what is acceptable and this leads to worries that customers may be going to competing businesses that take a less diligent approach. Some respondents suggested UK businesses are at a competitive disadvantage to those from other jurisdictions.
Responses not strictly about MLR
Many respondents took the opportunity to raise their concerns about other aspects of AML and financial crime compliance. Apart from the comments about the mismatch between the prescriptive requirements of the sanctions and CTA regimes with the risk-based elements of the MLR, the major concerns criticised:
- the way the POCA consent regime works (or does not); and
- the lack of good quality feedback on SARs and generally on risks and threats.
Following the recent decision in the Shah case, institutions are likely to feel the tensions of the criminal reporting regime against potential civil liability more keenly than ever.
Updated JMSLG Guidance
JMLSG Guidance was universally acknowledged to be very useful in helping firms structure their AML compliance. JMLSG finalised updates to its Guidance at the end of 2009. There were few changes to Part 1 of the Guidance, which applies to all firms. Those that were made updated cross-references and made a few stylistic changes. There were more significant changes to some parts of Part II reflecting issues raised by particular market segments. The life and pensions section now includes more guidance on outsourcing responsibilities and beneficial owners and there are clarifications
FATF plenaries and Treasury update on overseas jurisdictions
During March, Treasury published a note updating on the jurisdictions about which it and FATF have concerns over anti-money laundering laws. FATF recently noted deficiencies in the regimes of:
- Iran: FATF has called on its members to apply countermeasures in relation to Iran. Treasury now recommends all UK businesses should regard any business involving Iran as presenting a high risk of money laundering or terrorist finance. Those subject to the MLR should apply enhanced due diligence and utmost care while other regulated firms should take the advice into account in their systems and controls;
- Angola, the Democratic People’s Republic of Korea (DPRK), Ecuador and Ethiopia: These jurisdictions have not committed to an action plan to address deficiencies. Treasury says firms’ systems and controls should take account of the risk these jurisdictions present and mitigate it appropriately; and
- Pakistan, Turkmenistan and São Tomé and Príncipe: These jurisdictions continue to concern FATF and firms’ systems and controls should take account of the risks they present.
FATF has also noted concerns in the AML /CTF regimes of Antigua and Barbuda, Azerbaijan, Bolivia, Greece, Indonesia, Kenya, Morocco, Myanmar, Nepal, Nigeria, Paraguay, Qatar, Sri Lanka, Sudan, Syria, Trinidad and Tobago, Thailand, Turkey, Ukraine and Yemen.
Not too long ago, FATF updated its “mutual evaluation of the UK”. It had previously identified some perceived deficiencies in the UK’s AML regime which it wanted the UK to address and report back. Many within the UK industry always disputed the findings, claiming they were because FATF did not understand the strength of industry guidance. But, anyway, FATF was pleased with the MLR, which enshrined into law aspects of AML compliance already in JMLSG guidance. It has agreed the UK has progressed so much that it now will just provide a biennial update to FATF.
Wolfsberg update statement
Finally, at the end of 2009, the Wolfsberg Group published a follow-up statement to its 2003 paper on AML screening, monitoring and searching. The paper looks in more detail at how financial institutions’ screening and other processes can pick up unusual dealing patterns for the institution to review and decide whether the pattern or transaction creates a suspicion of money laundering. The paper addresses:
- real-time payment screening – which the Group says should take place only where there is a link to embargoes or sanctions, but not be undertaken more widely. All institutions should be able to rely on lists provided by relevant authorities as being complete. Institutions acting as intermediaries should be able to rely on cooperation from their counterparties and would be expected only to screen information input by the originator of a payment or other instruction;
- transaction monitoring frameworks – which institutions should align to the risks their business model identifies and be appropriate for their particular products, services and customer base. The Group does not believe monitoring models that are not risk based are as effective at identifying suspicious circumstances as those that are; and
- using retroactive searches – which may be appropriate for several reasons, including as part of ongoing risk-based due diligence or because of regulatory or court requirements.
What does all this mean for financial institutions?
Financial institutions need anti-financial crime procedures that help them comply with a panoply of legislation. The most difficult issue they face is that the legislation stems from different priorities and as a result sets differing standards. Most institutions must cope with:
- the strict, criminal liability, no-risk-permitted regime created by UN, EU and domestic sanctions legislation;
- the mirroring domestic regime under the Counter- Terrorism Act;
- criminal liability for offences related to money laundering and terrorist finance under POCA and the Terrorism Act;
- the risk-based approach (with some prescription included) of the MLR; and
- FSA’s regulatory expectations under SYSC in respect of all these, but which FSA also expects to address other financial crime risks, such as those arising from bribery and corruption.
There is no one procedure that ensures compliance with this huge range of requirements. Each institution must make its own decisions based on its own business. Where it can apply risk-based tests, it should do so. But sometimes there is no flexibility to do this and the mixture of prescription and flexibility within what should be complementary procedures is hard to achieve. No one will be surprised that industry guidance is so appreciated, but many will hope regulators could add a little of their own guidance to give firms a better idea of what to expect come the next ARROW visit.
This article first appeared in Compliance Monitor