Money laundering is one of the most common types of financial fraud, and its incidence, complexity and amounts of money involved continue to increase in most parts of the world. Legislation, both domestic and international, continues to attempt to combat it.
The international Financial Action Task Force sets global standards from promoting legislation to combat fraud, money laundering and the financing of terrorists. In response to the most recent updating of these standards, the European Union (to whose regulations and directives the United Kingdom is still subject until it leaves the Union) issued its Fourth Money Laundering Directive in 2015 and, as a result, the UK Government has issued new money laundering regulations to replace the Money Laundering Regulations 2007.
The full title of the new regulations is The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (referred to here as MLR 2017), and they came into force on 26 June 2017. Here we look at some of the main changes that accountants in practice need to be aware of.
Assessment of the risks of money laundering and terrorist financing is now a legal requirement under MLR 2017, set at three levels:
- The Treasury and the Home Office must make arrangements before 26 June 2018 for a risk assessment to be undertaken to identify, assess, understand and mitigate the risks of money laundering and terrorist financing affecting the United Kingdom.
- Each supervisory authority must identify and assess the international and domestic risks of money laundering and terrorist financing to which those relevant persons in its sector are subject.
- Relevant persons must take appropriate steps to identify and assess the risks of money laundering and terrorist financing to which their business is subject.
Accountants in practice will need to draw up new written statements of policies, controls and procedures. They will also need to maintain and regularly review them to mitigate the risks of money laundering and terrorist financing.
These policies, controls and procedures must include risk management practices, internal controls, customer due diligence, reliance on third parties, record-keeping and monitoring compliance with, and internal communication of, the policies, controls and procedures.
The policies, controls and procedures must provide for:
- the identification and scrutiny of any large or unusual transactions, or any without any apparent economic or legal purpose;
- the identification and scrutiny of any activity or situation which looks likely to be related to money laundering or terrorist financing;
- additional measures to prevent the use of new products for money laundering or terrorist financing;
- appropriate measures to mitigate the risk of money laundering or terrorist financing which might arise from the adoption of new technology; and
- procedures that ensure that anyone in the relevant person’s organisation is required to report suspicious activity to the Money Laundering Reporting Officer.
Customer due diligence
The basic principles of customer due diligence measures remain the same. Essentially these are
- identifying the customer (and/or any beneficial owner);
- verifying the customer's identity using documents, data or information obtained from a reliable and independent source; and
- finding out about the purpose and intended nature of the business relationship
a. at other appropriate times to existing customers on a risk-based approach;
b. when the relevant person becomes aware that the circumstances of an existing customer relevant to its risk assessment for that customer have changed.
Simplified due diligence may only be used if it is determined that the business relationship or transaction presents a low degree of risk of money laundering and terrorist financing based on the risk assessment process.
On the other hand, MLR 2017 requires that enhanced due diligence must be carried out if any of the following six criteria are met:
- there is a high risk of money laundering or terrorist financing:
- the person or business is established in a high-risk third country;
- there is a correspondent relationship with a credit institution or a financial institution;
- the customer or potential customer is a politically exposed person (PEP), or a family member or known close associate of a PEP;
- a customer has provided false or stolen identification documentation or information and the relevant person proposes to continue to deal with that customer;
- any of the following apply:
ii. the transaction has no apparent economic or legal purpose; and
iii. by its very nature the arrangement presents a higher risk of money laundering or terrorist financing.
Politically exposed persons
The definition of a PEP is much wider than it was in previous MLRs. It now includes people in the UK who fall within the definition, which includes heads of state, ministers, Members of Parliament, Supreme Court judges and ambassadors.
This definition has been slightly expanded in MLR 2017 to include:
a. any individual who exercises ultimate control over the management of the body corporate;
b. any individual who ultimately owns or controls (in each case whether directly or
c. indirectly), including through bearer share holdings or by other means, more than 25% of the shares or voting rights in the body corporate; or
d. an individual with significant control over the body corporate, within the meaning of the Companies Act 2006.
Further information on the changes brought in by MLR 2017 and how they might affect you is available in the Money Laundering Handbook.