Introduction to the UK AML Regime

UK Anti-Money Laundering Regime

The UK anti-money laundering regulatory framework is underpinned by the Money Laundering, Terrorist Financing & Transfer of Funds (Information on the Payer) Regulation 2017 (MLR 2017) (and amended by the Money Laundering & Terrorist Financing (Amendment) Regulation 2019. A further piece of legislation is the Proceeds of Crime Act 2002 (POCA) which establishes a number of money laundering offences:

• The main money laundering offences (Concealing (s327), arrangements (s382 and acquisition, use and possession (s329).
• Tipping Off (s333A)
• Failure to disclose (s330

The main money laundering criminal offences under POCA apply to all persons. Tipping Off and Failure to disclose only apply to those in the ‘Regulated Sector. The MLR 2017 applies to the ‘Regulated Sector’ and imposes requirements on a firm’s policies, procedures and controls. 

Money Laundering offence under MLR 2017 and POCA apply to corporations as a well as individuals. 

It is worth noting further criminal offences are established under the Terrorism Act 2000. These offences are similar offences to ‘arrangements’ and failure’ to disclose’ under POCA where terrorism or terrorism property is involved. 

Different penalties apply to POCA offences. The highest is 14 years imprisonment and / or an unlimited fine for the main laundering offence. The regulated offences under POCA and offences under the MLR are punishable by up to two years imprisonments and an unlimited fine. 

What are the requirements under the Money Laundering Regulation 2017?

The MLR 2017 applies to the regulated sector and imposes requirements relating to policies and procedures, customer due diligence, record keeping and controls. Failure to comply with MLR 2017 requirements is a criminal offence. 

The Regulations require that the firm:

• Undertakes a written risk assessment to identify and assess the risk of money laundering and terrorist financing that the firm faces.
• Implement systems policies, controls and procedures to address money laundering and terrorist financing risks and meets the requirements under the regulations.
• Established and maintains policies, controls and procedures to mitigate and manage the risk of money laundering.
• Implement appropriate Customer Due Diligence measures and where applicable implement further measures to establish beneficial owners of corporate entities and apply enhanced due diligence for high-risk customers.
• Provide regular and appropriate training to staff making them aware of the law relating to money laundering and how to recognize and deal with money laundering. 

Overview and guidance in relation to customer due diligence and record - keeping 

Regulation 27 of the MLR 2017 requires firms to conduct customer due diligence when:

• Establishing a business relationship
• Carrying out an occasional transaction
• There is a suspicion of money laundering or terrorist financing; or
• There are doubts the veracity or adequacy of documents previously obtained for the purpose of customer due diligence.

Customer due diligence comprises:

• Identifying the customer; and
• Verifying their identity on the basis of documents, data or information obtained form a reliable and independent source. 

Composition of a firms Customer due diligence will be based on the firm’s risk assessment as to what evidence is appropriate to identify customers. It is a risk based approach, the riskier the transaction/ product the higher the level of due diligence required. 

If there is a beneficial owner who is not the customer e.g. shareholder when providing services or products for a company, the firm will be obliged to verify the identity of the beneficial owner so that it is satisfied and knows who the beneficial owner is. 

Customer due diligence does not end at on-boarding further monitoring is required to monitor a customer activity and transactions. 

The Joint Moey Laundering Steering Group, a private sector body of leading UK Trade Associations in the financial services industry, offers guidance with regard to customer due diligence. 

Under the MLR 2017 failure to conduct a risk assessment, failure to maintain adequate controls, failure to conduct adequate customer due diligence, failure to keep adequate records or failure to train staff, is an offence subject to imprisonment  up to a maximum of two years on indictment and /or an unlimited fine.