Back in May 2018, the European Parliament and Council of the European Union published Directive (EU) 2018/843, otherwise known as the Fifth Money Laundering Directive (“5MLD”). Following HM Treasury’s consultation exercise on how to transpose this into UK legislation, the awaited implementing instrument was published on 20 December 2019 in the form of the Money Laundering and Terrorist Financing (Amendment) Regulations 2019 (the “Amending Regulations”). With the Amending Regulations largely having come into force on 10 January 2020 it is likely to have been particularly challenging for firms to ensure compliance with the new obligations although the FCA has advised that:
‘In assessing our approach to firms that may not be compliant on that date, we will take into account evidence that they have taken sufficient steps before that date to comply with these new obligations.’[1]
Below we consider exactly what the key elements of the Amending Regulations require and some of the steps firms may want to take to ensure compliance:
Cryptoassets/Crypto Exchanges and Custodian Wallet Providers
With the rise of cryptoassets, concerns about their ability to act as a vehicle for money laundering have been raised across European Union member states due to their potential anonymity and global transfer risks. It is of no surprise therefore that 5MLD and the Amending Regulations introduce requirements on crypto exchanges and custodian wallet providers for the first time – bringing them into the scope of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”).
Under the Amending Regulations crypto exchanges and custodian wallet providers conducting activities with all three broad types of cryptoassets exchange tokens, security tokens and utility tokens, will be caught. As such they will have to comply with obligations on customer due diligence, risk assessments and reporting suspicious activity. They will also be required to register, with the FCA deemed to be the relevant supervisor for the UK. New businesses carrying out cryptoasset activity in scope of the Amending Regulations must register with the FCA before conducting business, whilst pre-10 January 2020 existing cryptoasset businesses must be registered by January 2021 and must submit a completed application for registration to the FCA by June 2020.
Customer Due Diligence (“CDD”)
Under the Amending Regulations a number of changes have been made to CDD compliance procedures. These include:
- Reducing the threshold of the e-money exemption – with increased evidence of terrorists’ intent to use e-money cards to transfer funds[2] the Amending Regulations seek to limit the conditions to which member states may apply the existing CDD exemption for low-risk e-money products. Firms will therefore need to limit the functionality of their e-money cards to ensure they meet the new conditions including to only allow a maximum of EUR150 to be stored and to ensure redemptions in cash, or remote payment transactions, do not exceed EUR50 per transaction.
- Electronic identification process – In light of technological advances, 5MLD has now set out the circumstances in which secure, remote or electronic identification processes may be taken into account when undertaking CDD. Firms should consider that they can now use electronic identification processes to regard information as obtained from a reliable source where these processes are secure from fraud and misuse and capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity.
- Identifying and verifying company information – the new Amending Regulation requires firms to now take reasonable measures to understand the ownership and control structure of a customer where that customer is a legal person, trust, company, foundation or similar legal arrangement. Where a firm’s customer is a company and no beneficial owner can be found they are already under an obligation to keep written records of the actions taken to find the beneficial owner, but can treat the senior person responsible for managing the company as its beneficial owner. However, the Amending Regulations require the firm to take further measures to verify the identity of the senior person and to keep written records of these actions. In light of the changes made, firms must now ensure they understand the ownership and control structure of a customer and should keep written records of actions taken to verify the senior person responsible for managing the company.
Beneficial Ownership Provisions
Alongside the Companies House reforms, 5MLD looks to implement new provisions as to the beneficial ownership of customers. These include collecting proof of company registration, conducting ongoing CDD in certain situations and to require mechanisms to be put in place to ensure the information held on the register of beneficial ownership at Companies House is correct.
In particular, given that failure to comply with the People with Significant Control regime can lead to criminal prosecutions, it is important for firms to check they are correctly complying with the regime when any new measures come in to check compliance through Companies House. Firms should also ensure they carry out ongoing CDD on customers where they have any legal duty in the calendar year to contact an existing customer to review any information which relates to the firm’s risk assessment of that customer or relates to the beneficial ownership of the customer.
Enhanced Due Diligence (“EDD”)
The Amending Regulations seek to expand the scope of persons on whom firms must conduct EDD, require firms to apply a new set of EDD measures to obtain additional information, expand when EDD will need to be carried out and require senior management approval to establish or continue certain relationships based on EDD.
Firms should ensure that they comply with the new regulations and carry out EDD where high-risk third countries will be involved in relationships or transactions; collect the additional information required where such relationships or transactions occur; carry out enhanced monitoring of the relationship or transaction; and obtain senior management approval for establishing or continuing a relationship involving a high-risk third country.
[1] FCA, Article on the Money Laundering Regulations, 23 December 2019, accessible at https://www.fca.org.uk/firms/financial-crime/money-laundering-regulations
[2] HM Treasury, National Risk Assessment of Money Laundering and Terrorist Financing Report 2017, p38, accessible at https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/655198/National_risk_assessment_of_money_laundering_and_terrorist_financing_2017_pdf_web.pdf