In response to the European Union’s Fourth Money Laundering Directive, the government has published MLR 2017 which came into force on the 26 June 2017. The MLR 2017 builds upon the current statutory framework, although there are some important changes that practitioners and those working in the regulated sectors need to be aware of. It is important to know that as a result of the MLR 2017, the Money Laundering Regulations 2007 and The Transfer of Funds (Information on the Payer) Regulations 2007 have been revoked.
Risk Assessments (Regulation 18)
The identification and assessment of risk was an important factor running throughout the Money Laundering Regulations 2007. The MLR 2017 looks to create an increased emphasis on a risk based approach effectively replacing the checklist mentality with a more robust assessment process. There is now a requirement for risk assessments to be undertaken by both the supervisory authorities (for example the Financial Conduct Authority and HMRC) and a relevant person covered by the MLR 2017. Regulation 18 gives a list of factors which a relevant person must take into consideration when performing a risk assessment including factors relating to its customers, the countries and geographic areas in which it operates, its products or services, its transactions and its delivery channels.
Extra Territorial Reach (Regulation 20)
The MLR 2017 applies to relevant persons and its subsidiaries including subsidiaries located outside of the United Kingdom. Subsidiaries and branches in the European Union must comply with the national law implementing the fourth money laundering directive. Where subsidiaries and branches are in countries with anti-money laundering regimes which are not as strict as the United Kingdom’s, the relevant person must ensure those subsidiaries and branches apply measures equivalent to those required by the MLR 2017.
Internal Controls (Regulation 21)
Regulated firms must appoint one individual who is responsible for compliance with the MLR 2017. Where appropriate, with regard to the size and nature of its business, this individual must be on the board of directors, or a member of senior management. Sole practitioners without employees are exempt from this requirement. All firms which currently have in place an MLRO under the Money Laundering Regulations 2007, where this person is sufficiently senior, will be able to undertake this role.
There is also an obligation under regulation 21b, where appropriate to the size and nature of the business, firms must assess the skills, confidence and conduct of employees who are involved in the identifying, preventing or detecting of money laundering and terrorist financing. This will include any members of staff who work within the departments which have a focus on compliance with the MLR 2017.
Training (Regulation 24)
Firms are required to provide regular training to relevant employees to ensure that they are made aware of the law relating to money laundering and terrorist financing, and to the requirements of data protection. The training must be provided on a regular basis. It must also address how to recognise and deal with transactions and other activities and situations which may be related to money laundering or terrorist financing.
Customer Due Diligence (CDD) (Regulations 27 and 28)
This is a key provision of the MLR 2017 and highlights the risk based approach taken in the fight against money laundering and terrorist financing. Several changes have been made in relation to CDD to ensure the highest risk situations receive enhanced customer due diligence. The MLR 2017 provides a list of situations where CDD must be applied and it sets out a list of factors which need to be taken into account. They also set out a list of information/documents that need to be obtained when undertaking CDD on a body corporate. Firms are required to identify and verify the identity of a person purporting to act on behalf of the customer, and confirm that they have the authorisation to act.
Enhanced Due Diligence (EDD) (Regulation 33)
The MLR 2017 list the circumstances where EDD needs to be applied in any case identified as high risk. Again, there is a list of factors that must be taken into account when assessing whether a high risk of money laundering exists and it provides information about the extent to which EDD measures should be applied.
Enhanced Customer Due Diligence for Politically Exposed Persons (PEP) (Regulation 35)
As with the Money Laundering Regulations 2007, the MLR 2017 requires relevant persons to have in place a public risk management system to identify if the beneficial owner is a PEP, or a family member of a PEP or a known close associate of a PEP. However, the MLR 2017 has expanded its definition to include domestic PEPs. The MLR 2017 also states that EDD measures must be applied to a person for at least twelve months after they cease to be involved with a public function.
Reliance on Third Parties (Regulation 39)
Under the MLR 2017 any person who relies on the third party to conduct CDD must enter into a written arrangement with that third party. The third party will be obliged to provide copies of CDD documents upon request.
Criminal Offence (Chapter 3)
The MLR 2017 creates an offence of prejudicing investigations. Any individual who recklessly makes a statement which is false or misleading in the context of a money laundering investigation commits an offence which is punishable by up to two years’ imprisonment.