Are you ready for 4MLD on Monday?

Is your firm prepared for 4MLD?

If not, you only have this weekend to get sorted and while we have had draft versions and a consultation JMLSG guidance in circulation for some time now, the new Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017) are were finally laid before Parliament yesterday, and will come into force on Monday, meeting the 4MLD implementation deadline of 26 June.

There was some doubt as to whether the UK would meet the deadline because of the recent general election, in which case the 2007 regulations would have applied in the interim. However, with the MLRs 2017 becoming law on Monday, today was the last working day under the old regime.

There were some changes to the MLRs 2017 from the draft version. Nothing major; however there are relevant changes you should be aware of. I have therefore included a comparative table at the end of this article. It is worth noting that the numbering of the regulations is slightly different from the draft, so I have gone with the numbers in the finalised Regulations.

Monday morning will be a double whammy for firms in terms of new regulations, with the new EU Wire Transfer Regulations taking effect. Some firms, particularly cash based remitters are being hit especially hard, requiring ID on all transactions going forward. It is certainly a challenging time ahead and so, to help you cope with that Monday morning feeling, here is a reminder of what this means for your firm.

Simplified due diligence (SDD)

SDD thresholds for e-money is no longer based on just an annual limit, but impose initial load and ongoing usage limits. Products that allow cash withdrawals now attract a €100 monthly threshold. UK only cards have a €500 limit, while international cards are capped at €250.

E-money firms whose wallets allow top ups higher than this will need to conduct CDD on their clients.

For those of you that are particularly up to speed in you AML laws, you will know that the upcoming “5MLD” is considering reducing these further, but more on that as it happens.

Purporting to act on behalf of

Where someone acts on behalf of the customer, for example directors on behalf of a company, you will need to confirm that they are directors, or that they otherwise have authority to bind the customer. You will then need to verify the signatory to the contract.

Politically exposed persons (PEPs)

Domestic PEPs are now within scope of the regulations, which caused a bit of a stir among UK politicians when 4MLD was published.

However, FCA guidance on the matter was issued, allowing firms to assess PEPs as “low risk PEPs” in certain circumstances relating to jurisdiction risk and whether they had held an office with executive decision making power (e.g. an MP without ministerial office). If this is the case, less extensive measures can be taken to establish the source of wealth and source of funds.

Firms are reminded here that getting the ID of a PEP is not the intention of the law, the intent is to take measures to detect or prevent bribery, so ongoing monitoring as a high risk customer with specific bribery based monitoring rules is advised.

Risk assessments

Extra guidance was given on risk assessment, which must not be unduly influenced by one factor. JMLSG guidance states that firms must appropriately weight various factors including:

  • customer risk;
  • geographical risk;
  • product risk;
  • transactional risk; and
  • delivery channel risk.

One factor cannot trump all other considerations, meaning you cannot classify a client as high risk solely because he or she comes from a high-risk country or is in a “high risk industry” (A phrase which completely misunderstands the concept of risk if you ask me but, I digress).

Also of vital importance to firms, profit considerations are not to influence the risk rating one iota. If a company is outside of your risk criteria, the fact that there is profit to be made is not something that can override your assessment.

It goes without saying, of course, that these assessments need to be written and documented. There is extensive guidance in the Regulations now about the factors you should consider as a minimum, and so firms should check that their risk assessments include all of these factors.

As a general suggestion: to firms using Transparency International as their sole source for geographic risk, don’t! Transparency International do great work, but corruption isn’t everything.

Group companies

The new regulations extend well beyond British shores, with firms required to draw up group wide AML/CTF strategies covering subsidiaries or branches of UK entities based abroad.

Firms with a presence abroad will need to start writing policies and procedures covering the entire group.

On this note, firms should consider the viability of controls they have in each country. Requirements such as checking the client’s source of funds and that they are from an account in their own name may not be feasible in some countries, and so firms will need to be careful about making sweeping changes without considering impacts.

Need help?

If you haven’t already, you must review your current policies and procedures against the new requirements to check if you are compliance.

This will include a review against the relevant guidance for your firm, as while the above are the changes to the legislation, other changes such as the specific types of document you need (such as whether you can accept electronic copies of utility bills) are only finally hammered out in the regulatory guidance.

This can be a daunting task so feel free to give me or one of my colleagues a call for help. We can help with anything from advice on any aspect of the Regulations, to conducting a gap analysis on your current procedures, to writing the policies and procedures your firm needs to comply.

This post contains a general summary of advice and is not a complete or definitive statement of the law. Specific advice should be obtained where appropriate.

 

Draft Regulations

MLRs 2017

Impact?

5(3)

 

Definition of beneficial owners in relation to partnerships expanded to include an individual satisfying condition under the Scottish Partnerships (Register of People with Significant Control) Regulations 2017).

Change of limited importance

6(2)

 

Definition of beneficial owner of a trust elaborated in relation to an individual having “control over the trust”.

Change of limited importance

14(2)

 

Clarifies meaning of payments in cash to high value dealers.

Change of limited importance.

19(1)(b)

 

Policies and procedures to mitigate risk are to be “regularly reviewed”.

Change of limited importance, as this was implied anyway and included in guidance documents.

19(1)(c)(iii)

 

Written record must be kept of steps taken to communicate policies and changes to policies to staff.

Significant change, as firms don’t just have to record policies, but communication of policies. Firms may wish to have employees confirm receipt or show email communications with updates etc. 

20(1)(c)

 

Firms to regularly review and update group level AML policies.

Change of limited importance, as this was implied anyway.

20(1)(d)

 

Firms to keep maintain record of steps to communicate group wide policies to staff.

Significant change as firms don’t just have to record policies, but communication of policies.

24(1)(b)

 

Firms to keep written record of training measures.

Significant change

27(4)

 

A transaction does not cease to be a cash transaction for CDD if it is made to someone other than the other party to the transaction, or paid into a bank account of the other party

Clarification

29(6-7)

 

Financial institutions must not set up an “anonymous account” for customers, and must apply CDD to anonymous accounts already existent.

Limited relevance

37(3)(b)

In the draft regulations (under regulation 36(b) electronic money used for payments for humanitarian purposes was a product factor when considering whether to apply SDD.

Electronic money for humanitarian purposes is no longer a factor to consider SDD.

Significant

37(5)

Pooled accounts only a relevant factor for SDD where customer is legal professional

Pooled accounts now a factor for SDD for all customers who are regulated entities.

Limited relevance

40(4)

Records relating to transactions had to be kept for the duration of the business relationship and 5 years thereafter.

Records relating to transactions within a business relationship only have to be retained for 10 years after the transaction.

Significant as previously all client data was retained. This may help firms who have old legacy systems being kept alive for record keeping. Bear in mind this is transactional data only, CDD must be retained. 

40(5)(c)

Firms can refrain from deleting CDD records after the 5-year period where the data is required for court proceedings.

Clause is added so that firms do not need to delete records where the firm believes that they need to be retained for legal proceedings.

Limited relevance

Related Posts

CASS Audit

TISA CASS Compliance Survey

Earlier this year, TISA launched a CASS compliance survey in association with fscom, aiming to gather insights on key areas of interest related to CASS

Read More