Just before Christmas, the Treasury published changes to the Money Laundering etc. Regulations 2017 (MLRs) that take effect on 10 January 2020. A wider range of firms will be caught by the Regulations (which may affect your risk assessment of your customers, suppliers, etc.) and there are new requirements for customer due diligence, risk assessments, policies, controls, procedures and training. I have summarised what should be the most relevant the changes below (my numbering to make it easier to refer to). Let me know if you need help assessing the impact and/or updating AML policies and procedures.
Changes to Scope of the MLRs
- The range of firms covered by the MLRs now includes letting agents, art market participants, cryptoasset (e.g. virtual currency) exchange providers and custodian wallet providers.
- The definition of tax adviser is also extended to those who provide material aid or assistance on tax; and certain limits are lowered for e-money transactions and new restrictions are imposed on acquiring anonymous prepaid card transactions.
- Law enforcement authorities and the Gambling Commission can obtain information about safe-deposit boxes and about accounts held with banks, building societies and credit unions.
Changes to due diligence requirements etc.
- When you adopt new products, business practices (including new delivery mechanisms) or technology you must take appropriate measures in preparation for, and during, that process to assess – and if necessary mitigate – any money laundering or terrorist financing risks change may cause.
- If your firm is a parent, you must establish and maintain throughout your group all the various policies, controls and procedures for the purposes of preventing money laundering and terrorist financing – including for data protection and sharing information and including policies on the sharing of information about customers, customer accounts and transactions.
- You must take appropriate measures – and keep records to prove – that you train your employees and agents whose work is relevant to your AML compliance or the identification or mitigation of the risk, prevention or detection of money laundering and terrorist financing. The training must be in the law relating to money laundering and terrorist financing, and related data protection requirements; as well as how to recognise and deal with suspicious transactions and other activities or situations which may be related to money laundering or terrorist financing.
- The triggers for applying customer due diligence measures now include:
• at appropriate times for existing customers, on a risk-based approach; • when you become aware that the circumstances of an existing customer relevant to your risk assessment for that customer have changed; • when you have a legal duty to contact an existing customer for the purpose of reviewing any information relevant to your risk assessment and relating to the beneficial ownership of the customer, including information which enables you to understand the ownership or control structure of a legal person, trust, foundation or similar arrangement who is the beneficial owner of the customer; • when you have to contact an existing customer to fulfil a duty under the International Tax Compliance Regulations 2015.
- The obligation to understand the ownership and control structure of a customer applies whether the customer is a body corporate or other legal person, trust, company, foundation or similar legal arrangement.
- Where you’ve exhausted all possible means of identifying the beneficial owner of the body corporate and either you haven’t succeeded or you aren’t satisfied that the individual identified is in fact the beneficial owner, you must keep written records of all the actions you’ve taken to identify the beneficial owner and take reasonable measures to verify the identity of the senior person in the body corporate responsible for managing it, as well as all the actions you’ve taken and any difficulties you encountered in doing so.
- Before establishing a business relationship with a customer, you must collect proof of registration or an excerpt of the relevant company or partnership registry (as the case may be) and report to the relevant registrar any discrepancy between information relating to the beneficial ownership of the customer that you collect from the register and information that otherwise becomes available to you in the course of carrying out your duties under the MLRs.
- There are new triggers for carrying out ‘enhanced’ customer due diligence measures, as well as a specified (non-exhaustive) list of measures.
- The thresholds for applying customer due diligence in the context of e-money are significantly reduced.
- There are new restrictions on acquiring anonymous prepaid card transactions.