Anti-Money Laundering and the 5th Money Laundering Directive
For the legal sector Ant-Money Laundering (AML) is currently a very hot topic with the SRA being very proactive and the recent implementation of the Fifth Anti-Money Laundering Directive (5 MLD) to consider. Before considering the new changes, it may be useful to look at the AML situation in general and consider how compliant your firm is. This is certainly an area that law firms must ensure that they are fully compliant with or run the risk of disciplinary, and possibly criminal, sanctions.
The Fourth Anti-Money Laundering Directive (4 MLD) was brought into UK law on 26 June 2017 by The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017). This introduced the concept of “risk based due-diligence” which underpins the current approach to AML. MLR 2017 brought with it detailed changes to the AML requirements. On 10 January 2020 5 MLD came into force in the UK and across the European Union. The changes this brought with it are not as extensive as those introduced by 4 MLD but it does extend the remit of AML to new areas of business and expands on some existing compliance requirements.
In the SRA Risk Outlook for 2019 – 2020 the SRA state, “Issues with money laundering are at the top of our priority list. As has been pointed out by the National Crime Agency (NCA), solicitors are on the frontline in the battle against money laundering. But far too many firms do not have the necessary systems in place to keep money launderers out of legal services. For example, some have not completed a basic risk assessment that should underpin a firm’s approach. This is not just poor practice – having a risk assessment is a legal requirement under 2017 government regulations. Compliance is essential and I urge you all to take the necessary steps as quickly as possible.”
The SRA have demonstrated their commitment to monitoring AML compliance in a series of thematic reviews during 2018 in which over 100 hundred firms were visited and over 200 files inspected. The reviews highlighted many areas of inadequate or noncompliance, and disciplinary action was taken against around a third of the firms visited. Key areas of concern were in relation to:
- Firm wide AML risk assessments;
- Widespread breaches of AML policies;
- Inadequate record keeping;
- Inadequate file risk assessments;
- Overall adequacy and availability of policies, controls and procedures;
- Inadequate processes to manage risks around politically exposed persons (PEP’s);
- Ongoing customer due diligence (CDD);
- Lack of adequate training;
- The low level of Suspicious Activity Reports (SAR’s) submitted to the NCA;
- Failures relating to the requirement for an independent audit function.
In March 2019, the SRA contacted 400 firms as part of a desk-based assessment primarily to assess compliance with the requirement for firm wide AML risk assessments. Of the 400 firms contacted 21% were found to be non-compliant. Following this a further 7,000 firms are being contacted and asked to confirm that they have conducted a firm wide AML risk assessment and have a written record of this. No doubt this will be followed up by further SRA visits.
To put the action taken by the SRA into context in the last five years they have taken more than 60 cases linked to AML issues to the Solicitors Disciplinary Tribunal (SDT). As a result of these cases more than 40 solicitors have been struck off, voluntarily come off the roll, or have been suspended. At the beginning of May 2019, the SRA had more than 160 live investigations into law firms linked to money laundering issues.
In order to deal with the monitoring of AML compliance the SRA have set up a new dedicated AML Team with increased resources to monitor and ensure compliance with AML requirements. The SRA are clearly taking their obligations very seriously in relation to AML.
To ensure compliance with the money laundering regulations law firms must take steps that include ensuring that they:
- have conducted a firm wide AML risk assessment;
- have adequate AML policies and procedures in place;
- deal with client due diligence obligations appropriately;
- have systems to identify high risk matters;
- have systems to identify Politically Exposed Persons (PEPs);
- screen staff appropriately;
- provide all staff with adequate training;
- have an independent audit function.
On 10 January 2020 5 MLD was brought into UK law by the Money Laundering and Terrorist Financing (Amendment) Regulations 2019 (MLR 2019). Interim guidance on the changes has been provided by the Legal Sector Affinity Group (LSAG). A link to the guidance is included in the Law Society AML guidance which can be found at:
The key changes referred to in the guidance include changes to:
MLR 2019 extends the list of relevant persons falling within scope of the regulations to include:
- tax advisors;
- letting agents;
- art market participants; and
- cryptoasset exchange providers and custodian wallet providers.
Policies, Controls and Procedures (PCP’s)
Firms must have PCP’s in place to identify transactions that are either:
- complex, or
- unusually large, or
- where there is an unusual pattern of transactions, or
- the transaction or transactions have no apparent economic or legal purpose.
Whether a transaction is “complex” or “unusually large” should be judged both in relation to the normal activity of the practice and the normal activity of the client. Previously under MLR 2017 only transactions that were both complex or unusually large had to be identified and scrutinised, and transaction or transactions that had no apparent economic or legal purpose.
Client Due Diligence (CDD)
MLR 2019 clarifies that electronic identification may be used to complete CDD, providing that the method used is secure from fraud and misuse and provides an appropriate level of assurance that the person claiming their identity is in fact that person.
5 MLD does not allow any automatic departure from CDD requirements based on customer type alone. Instead, firms will be able to adjust the extent of CDD measures in cases where a certain business relationship or transaction has been deemed to present a lower risk of money laundering. Similar procedures were in place under MLR 2017 in relation to the use of simplified due diligence (SDD) whereby it could no longer be automatically applied but required consideration and a record of the decision made.
CDD measures must also now be applied where there is any legal duty in the course of the calendar year to contact an existing client for the purpose of reviewing any information which, “is relevant to the risk assessment for that customer” and “relates to the beneficial ownership of the customer, including information which enables the relevant person to understand the ownership or control structure of a legal person, trust, foundation or similar arrangement who is the beneficial owner of the customer.” This therefore places greater emphasis on keeping CDD up to date.
Further changes to the CDD requirements in relation to beneficial ownership are:
- Where a client is a body corporate and the beneficial owner cannot be identified, relevant persons must instead take all reasonable measures to verify the identity of the senior managing official. The relevant person must keep records detailing all actions it took to do this and any difficulties encountered in doing so.
- Before establishing a business relationship with a company (registered or unregistered), Limited Liability Partnership, Scottish Partnership or trust the relevant person must take reasonable measures to understand the ownership and control structure of that legal person, trust, company, foundation or similar legal arrangement.
- Before entering a new business relationship with a company subject to beneficial ownership registration requirements (i.e. the People with Significant Control (PSC) regime), the relevant person must collect from the company either proof of the company's registration on the PSC Register, or an excerpt of the PSC Register.
One of the most significant changes introduced by MLR 2019 applies where a discrepancy between the beneficial ownership information available in the PSC Register and the beneficial ownership information provided by the client company in the course of CDD is identified. In this situation a report must be made to Companies House as soon as reasonably possible. Further information and an online reporting form is available on the Companies House website to assist with this. It is not however, a requirement for practices to actively seek out any such discrepancies.
Enhanced Customer Due Diligence (EDD)
As referred to above in relation to PCP’s under MLR 2017 there was a requirement to conduct EDD in various situations including where a transaction was complex or unusually large, or where there was an unusual pattern of transactions and the transaction or transactions had no apparent economic or legal purpose. The new requirements extend the requirement to carrying out EDD in relation to any business relationship or transaction with a person "established in" a high-risk third country to include any relationship or transaction "involving" a high-risk country. The MLR 2019 state that this means:
- a business relationship with a person established in a high-risk third country; or
- a transaction subject to CDD anyway, to which either party is established in a high-risk third country.
For a legal person to be "established in" a third country means that they are incorporated or have their principal place of business in that country. For an individual it means that they are resident in that country rather than that they were born in that country. High-risk third countries are those that have been identified by the European Commission as such and a list is provided in the LSAG interim guidance.
Additional requirements for business relationships or transactions involving a party "established in" a high-risk country now apply including obtaining additional information on the client and any beneficial owner(s), establishing the source of funds and wealth of the client / the beneficial owner(s), and understanding the reasons for the intended or performed transactions.
EDD – Additional Factors to Consider
- whether the person is a beneficiary of a life insurance policy;
- whether the person is seeking residence/citizen rights in exchange for investments in that EEA state;
- whether the firm operates without face to face meetings with clients and without electronic identity systems to mitigate this; or
- whether the person is involved in the trade of oil, arms, precious metals, tobacco products, cultural artefacts, ivory and other items related to protected species, and other items of archaeological, historical, cultural and religious significance, or of rare scientific value.
Where a firm uses agents / consultants to assist with preventing, identifying or mitigating the risk of money laundering within its business, it must ensure that they are made aware of the law in relation to AML and data protection, and receive regular AML training.
Screening of Employees
Although this was an existing requirement under MLR 2017 greater emphasis is now placed on the requirement for firms to conduct adequate screening of relevant employees. This should include the assessment of their skills, knowledge and expertise in order to ascertain whether they can carry out their roles effectively, and in relation to their conduct and integrity. Where appropriate Disclosure and Barring Service (DBS) checks should be considered. Similar procedures are already in place to comply with CQS.
There had been indications via the consultation paper that there may be changes to the trust registration regime, but these have not been included in MLR 2019.
In conclusion it would be advisable for firms that have not already done so to review their approach to AML compliance. This review should include ensuring that the firm wide risk assessment is accurate and up to date, that all policies and procedures are compliant with the new requirements and that all staff, including agents and consultants, have received adequate and relevant training. Steps should also be taken to ensure that requirements in relation to PEP’s are fit for purpose; this is likely to go beyond self-certification by the client and may require the use of electronic verification. Finally, firms must ensure that they are dealing with the identification of beneficial owners properly and reporting discrepancies if identified.