Prateek Swaika and Sagar Gupta of Boies Schiller Flexner discuss the regulatory framework of UK’s anti-money laundering regime and explore key legal developments.
In response to the Russian military action in Ukraine, the UK government has continued to impose stringent sanctions and strengthened its anti-money laundering regulations aimed at targeting Russian financial and trade sectors, state-owned media and individuals connected with the Russian government. In turn, this has influenced the attitude, risk appetite and risk exposure of businesses in recent months.
Considering the heightened scrutiny and evolving regulatory landscape, businesses (including accountants, consultants and lawyers) in the UK are facing ever-increasing oversight and must be careful not to run afoul of AML regulations. This includes instituting and maintaining up-to-date policies and procedures designed to promote and achieve AML compliance.
In the current climate, professional services firms are naturally concerned about the kinds of clients they represent. While there are obvious worries around sanctions and AML compliance, there are also broader issues, including access to justice and promoting the rule of law that professional service providers must grapple with.
Tom Fox’s musings on the war following a recent chat with Exiger CEO Brandon Daniels; the pair discuss the ways in which Russia’s invasion of Ukraine is impacting businesses today, noting that a complex geopolitical climate set the stage for — and will perpetuate — these seismic shifts.Read more
Increasing regulatory scrutiny
Businesses, particularly small to medium ones, are likely to come under increasing pressure to maintain strict compliance with an ever-growing number of compliance checks and obligations. In mid-2022, HM Treasury published its review of the UK’s AML and countering the financing of terrorism (CFT) regulatory and supervisory regime, looking at systemic, regulatory and supervisory effectiveness and new risks, including Russia-linked illicit finance. The review concluded that AML/CFT supervisory gaps remain.
We anticipate that this area will continue to see reform, such as with the passing of the Economic Crime and Corporate Transparency Bill, which remains under consideration in Parliament. This legislation provides for increased investigation and enforcement powers for Companies House, brings crypto assets within the scope of civil forfeiture orders, legislates against the misuse of limited partnership structures and permits businesses to share information to combat economic crime. Given that AML and sanctions have been front and center of the UK government’s legislative and regulatory agenda in recent months, it is unsurprising that regulators such as the Solicitors Regulation Authority (SRA) are also being given more teeth in order to ensure AML compliance among practitioners. In this regard, recent reforms to the SRA’s enforcement powers include the ability to issue higher fines to law firms of up to £25,000.
These changes have brought the role of AML compliance officers in businesses and law firms into sharp focus. With the increased regulatory enforcement owing to the geopolitical situation in Europe, it is likely that businesses will continue to be closely monitored and scrutinized for their AML compliance, including the conduct of AML compliance officers. With increasing focus on customer due diligence and verification of ultimate beneficial owners, due to the legislation described below, it is likely that firms will need to conduct a lookback review of customer due diligence files and take appropriate action. In view of this increasing compliance burden, it is imperative for AML officers to maintain ongoing dialog with their business teams to promote information sharing and risk reporting.
The key components of the UK’s current AML regime are: (a) the Terrorism Act 2000; (b) the Proceeds of Crime Act 2002; and (c) the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. These regulations were amended in 2019 and 2020 to implement the Fifth Money Laundering Directive by expanding the scope of covered entities and introducing customer due diligence, enhanced reporting requirements and enhanced due diligence for high-risk factors.
The 2017 regulations require businesses to adopt policies, controls and procedures to mitigate and effectively manage the risks of money laundering and terrorist financing. These requirements include risk management practices, internal controls, customer due diligence, reliance and record keeping, and ongoing monitoring and management of compliance with AML policies. Failure to comply with the 2017 regulations can attract civil and criminal penalties.
Pursuant to those regulations, designated supervisory authorities, such as the SRA, Bar Standards Board, Association of International Accountants, Association of Taxation Technicians, Chartered Institute of Management Accountants and others provide sector-specific guidance from time to time. It is important that businesses also keep abreast with their guidance in addition to the legislative requirements.
Exploring recent developments
Economic Crime (Transparency and Enforcement) Act 2022
To monitor and combat the flow of illicit finance into London, the UK Parliament passed the Economic Crime (Transparency and Enforcement) Act 2022, which introduced the following:
A new register at Companies House of overseas owners of UK property: On Aug. 1, the UK government introduced the Register of Overseas Entities, which is intended to capture the details of all overseas entities dealing with property in the UK, including details of current and past beneficial owners, managing officers and in the case of a trust, its beneficiaries, settlors, grantors and other interested persons. Any overseas entity that: (a) intends to buy, sell or transfer property or land in the UK; (b) has bought or leased land or property in the UK on or after Jan. 1, 1999 in England and Wales and Dec. 8, 2014 in Scotland; or (c) has disposed of land or property in the UK after Feb. 28 2022, was required to register with Companies House by Jan. 31 2023. Overseas entities have an ongoing obligation to keep their information updated. Several organizations, such as the Department for Business, Energy and Industrial Strategy, Companies House, HM Land Registry and Register of Scotland, have published helpful guidance that organizations should consider as part of their AML compliance. For instance, the Companies House guidance states that information about a trust provided for these purposes will only be shared with law enforcement and other public authorities, such as the revenue and customs office, and will not be available to the public.
Extension of the grounds to obtain an unexplained wealth order (UWO): Initially introduced in the Criminal Finances Act 2017, a UWO is a court order that can require a person to explain their interest in a property, including explaining how they obtained that property. The 2022 act extended the scope of UWOs. An additional ground has been included whereby a UWO may be granted if there are reasonable grounds to suspect that “the property has been obtained through unlawful conduct.” Further, a UWO can now be obtained against directors (or equivalent officers like partners or managers) rather than the corporate entity. Importantly, the 2022 act limits the costs implications of unsuccessful UWO applications on enforcement agencies, who will now be liable for adverse costs only if they act unreasonably, dishonestly or improperly in conducting the investigation.
Strengthening sanctions enforcement and penalties for breaches: The 2022 act introduced an urgent designation procedure that allows the government to designate persons for sanctions even in the absence of a “good reason to pursue” their purpose, or if sanctions are “a reasonable course of action for that purpose.” The urgent designation procedure came into force in March 2022 and applies if: (a) an individual or entity has already been designated by another country such as the U.S., EU, Australia or Canada; and (b) the designation is in the public interest. Further, monetary penalties may now be imposed on a strict liability basis, as the 2022 act removes the requirement that, to be held liable, a person must have known or had “reasonable grounds to suspect” that their activities were in breach of sanctions laws. Lastly, the 2022 act expands information sharing powers between law enforcement agencies and allows the Office of Financial Sanctions Implementation to name and shame sanctions offenders.
Amendments to the 2017 regulations
Following a consultation on targeted amendments to the 2017 regulations, HM Treasury published a response setting out the UK government’s approach. The main amendments relevant for businesses include: (a) removal of account information service providers from the regulated sector; (b) providing AML/CTF supervisors access to the content of suspicious activity reports (SARs) to enhance the performance of their supervisory functions; and (c) incorporating transfer of crypto assets within the scope of the 2017 regulations.
In the context of legal professionals and law firms, the key changes are:
- Widening information and intelligence sharing gateways by allowing the SRA to obtain SARs from its members in order to assist it in meeting its supervisory functions.
- Requiring designated non-financial businesses and professions (DNFBPs) to carry out risk assessments of proliferation financing in addition to the AML risk assessments.
- Extending the grounds for disclosure and sharing of information and intelligence by supervisory authorities and allowing reciprocal information sharing between them.
Legal Sector Affinity Group guidance
The LSAG was set up under the 2017 regulations. One of its roles is to provide definitive guidance on the application of AML regulations to the legal sector. Its guidance, as approved by HM Treasury, has mandatory application in both criminal and civil proceedings under the 2017 regulations, i.e., in deciding whether a legal practitioner or law firm has committed a criminal offense or contravened a relevant requirement, the court or the SRA (as applicable) is required to consider whether that person has breached the guidance. Whilst the considerations for accepting clients can differ between law firms based on their risk profile and practice area, it is critical that the LSAG guidance be followed in client onboarding and due diligence processes. The principal changes in this guidance include:
- High-level compliance principles: These provide a useful audit list of areas to address to ensure that a practice is compliant with the 2017 Regulations: AML governance, practice-wide risk assessment, client/matter level risk assessment, AML policies, controls and procedures, client due diligence, suspicious activity reporting, technology, training, internal controls and record keeping.
- Risk assessment: These provide useful information regarding risk factors, risk weightings and documentation of risk assessments at each level — practice-wide, client and matter. These risk assessments should be reviewed and adjusted at regular intervals.
- Higher risk jurisdictions: These jurisdictions are to be determined by the UK government’s list of high-risk third countries replacing the EU lists. The UK list is most recently set out in the Money Laundering and Terrorist Financing (High-Risk Countries) (Amendment) (No. 2) Regulations 2022.
- Client due diligence (CDD): Provides clarity on the evidence required for source of funds and source of wealth, as this has been a recurring issue for property and transactional law firms. This also includes updates around the verification of the identities of beneficial owners, which required new beneficial owners who are non-natural persons to be verified to the same standard as a natural person.
- Technology: Expands on the requirement for law firms to consider and understand the purpose and basis on which they are using AML-related technology (along with its underlying functionality) to mitigate risk.
- Legal professional privilege: Includes a new legal professional privilege and suspicious activity reporting decision-making template, which is a useful tool that may be used to meet the onerous reporting requirements.
Separately, the LSAG has issued two advisory notes on remote working, client interaction and associated use of AML technology and the impacts on economic instability. Whilst these advisory notes do not have the same effect as the LSAG guidance, they set out the expectations of the legal sector professional body supervisors and are supplemental to the LSAG guidance.
Since its approval by HM Treasury in mid-2022, the LSAG guidance has been updated to reflect recent amendments to the 2017 regulations.
The way ahead
Considering the overall increasing AML compliance burden and regulatory scrutiny and serious consequences for failing to comply, businesses are likely to remain under pressure to carefully consider their exposure to money-laundering risks and ensure that these risks are assessed and mitigated effectively in line with up-to-date regulatory obligations.