Anti Money Laundering Regulations Update

October 17, 2023 by Clare Curtis

Background

The 2022 Money Laundering & Terrorist Financing (Amendment #2) Regulations (MLTFR) came into effect on 01/04/2023. Businesses subject to the MLTFRs are now required to perform checks of the register of overseas entities (ROE), at Companies House, for dealings with corporate entities. For Trust Entities, businesses must direct and comply with checks of the Trust Registration Service, hosted by the HMRC.

The purpose of these changes is to improve clarity and fight harder against MLTF. Failure to adhere to these amended regulations could well see the perpetrators suffer considerable penalties. Businesses are being urged by legal experts to pay close heed and ensure that they are complying so as to avoid potential legal and financial consequences.

Early in 2023, substantial fines against two banks, Guaranty Trust Bank (UK) Limited (GT Bank) (fined £7.6m) and Al Rayan Bank PLC (fined £4m), were enforced due to compliance failures regarding Anti Money-Laundering (AML) requirements, on top of six actions in the 12 months prior to those. Key elements of those actions were regarding AML systems and controls inadequacies.

AML is currently top of the agenda, maybe alongside Consumer Duty, of the Financial Conduct Authority (FCA)’ s enforcement agenda and has been since the onset of the year.

Risk Assessment

The FCA expect firms to take reasonable care to organise and control its affairs responsibly and effectively, with adequate (at minimum) risk management systems. It would appear there were several occasions when this principle for business was not adhered to. Some issues, among others not so serious, were:

  • A failure to maintain records regarding historical risk assessments and customer risk designations, The FCA regard risk assessment and the correct documentation of it, as an essential doctrine of a firm’s AML compliance framework.
  • It was also noted that in many cases, firms based customer risk designations in an extensive manner derived from a customer’s geographic location rather than establishing it upon individual assessments per customer.
  • The FCA also anticipates that customer risk ratings should be reviewed frequently, ensuring that all information is correct and up to date so as not to affect the accuracy of its risk assessment.
  • The FCA were also alarmed to discover that some firms had no formal risk assessments of their customers except for politically sensitive persons and persons associated with sanctioned countries. This is quite obviously a significant issue.

So, in essence here, the lessons to be learned are that firms should be employing a dynamic approach to alleviating risk, using bespoke risk assessments for each and every customer, with the facility to be quantified to the shape, offerings, and size of the firm.

The firm should be able to evidence clearly and succinctly and demonstrate at least a good knowledge of, where any authentic risks may be within the company and what plans of action are in place to deploy as and when necessary.

New Customers and Customer Screening

Once again it would appear that on too many circumstances are Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) failing to meet expected requirements. For instance, there have been several cases where a firm has used CDD utilised by other group entities resulting in a failure to adequately establish the source of funds and wealth from higher risk customers, thus being basic instances of neglect in the compliance of the AML process. Firms must ensure that when onboarding new clientele that the ideal CDD is employed for that customer, and that any identification of potentially genuine risks be deemed necessary of heightened scrutiny. This then follows on to EDD, where, rather than just amassing more information, which the interpretation sometimes finds itself regarding the potential client, EDD should identify what supplementary steps are required to bolster the defence of the previously identified risks.

Continuous Monitoring

The FCA have clearly stated that they expect firms to have in place and adhere to utilising good ongoing monitoring processes. In addition, they expect firms to ensure these monitoring processes are ingrained throughout the business and also they must guarantee that existing account accounts have been reviewed prior to welcoming any new customers. Safety over immediate revenue would be a fitting motto here.

Training

All staff are anticipated to be trained to a proficient level in the firm’s AML procedures, up to a level where they can each individually document their full understanding of said procedures. The FCA have been and will continue to govern this and may inspect on random occasions that the entirety of the employees are up to speed. For staff training has emerged as quite a major issue and full and proper control of AML regulation cannot be fulfilled unless all staff are aware of their responsibilities, what they should be identifying and what to perform if and when they do indeed recognise any potential danger. Indeed, what has been found, on a number of occasions, that the training offered to staff was insufficient in such categories including:

  • The training was not specific to each individual’s role within the company.
  • A staff training log had not been administered and/or maintained.

Therefore, the inadequacy of staff training had led to other failures in background checks. Firms must make certain that the training is relevant to each individual member of staff and that their obligations are clear and the actions they can/should be taking are set out correctly.

Proficient and Applicable Remedial Procedures

Incredibly, several firms failed to implement remedial procedures once a problem had been identified. Any such issue should be announced, addressed, and speedily corrected so as not to impact and harm clients and markets. Firms should have in place a system that is a defence against such issues including ongoing, dynamic monitoring and training of staff.

One other amendment the FCA have pointed to rigidly is that it requires firms to report any material discrepancies on a person of significant control (PSC) or registrable beneficial owner of an overseas entity throughout the business relationship.

Recap

  1. Risk Assessment: Take, at minimum, reasonable care to control the firm’s affairs effectively and have in place adequate systems.
  2. New Customers: Ensure that a comprehensive CDD and EDD (if necessary), has been undertaken.
  3. Continuous Monitoring: Ensure good ongoing monitoring processes and be certain to have reviewed existing accounts before onboarding new customers.
  4. Training: It is imperative that comprehensive and ongoing training is performed, whilst ensuring all staff have a full understanding of what their role within the AML structure is.
  5. Remedial Procedures: Address any problems immediately before there is any impact on clients and/or markets.

How we Effecta Compliance help

Effecta Compliance has AML specialists that can help you assess your compliance with the relevant AML regulations which apply to your firm as well as assist you to remediate where necessary.  In addition Effecta Compliance offers comprehensive in-person AML training including specific training aimed at the Board.

We are also able to assist you on an ongoing basis with your client take on process and assist several clients on a retained basis or as and when required.

Click here to download this insight as a PDF