The Money Laundering Regulations 2007
The Money Laundering Regulations 2007 (available in PDF here) come into effect in the UK on 15 December 2007. These regulations supersede the Money Laundering Regulations 2003, which are withdrawn. The new regulations implement the requirements of the EU’s Third Money Laundering Directive: accordingly, similar changes are happening throughout the EU.
The new provisions now being brought in are less far-reaching than were the 2003 Regulations, but they still contain some important changes of detail which practising accountants and all other regulated persons will need to bear in mind. In particular, there is an emphasis in the new Regulations on the adoption of a risk-based approach by regulated persons to the carrying out of their compliance obligations. This means that practitioners are expected to form a view on the level of risk presented by prospective clients and by particular situations and to determine, on the strength of this assessment, the extent of the compliance work they feel they need to carry out.
The 2007 Regulations retain the following core elements:
- Accountants in public practice, as well as tax advisers and insolvency practitioners (and many other classes of businesspeople), are subject to statutory requirements under the Regulations by virtue of being deemed to be part of ‘the regulated sector’.
- Client due diligence checks must be carried out in respect of new clients.
- Internal procedures must be put in place to minimise the risk of the firm being used for money laundering purposes.
- A money laundering reporting officer (or ‘nominated officer’) must be appointed by firms to act as the conduit for intra-firm reporting of suspicions and to assume responsibility for making final decisions on behalf of the firm as to whether particular matters stand to be reported to the Serious Organised Crime Agency (SOCA).
There is no change either in the basic provisions of the Proceeds of Crime Act 2002, namely that persons in the regulated sector must not themselves infringe the statutory money laundering offences and must report knowledge or suspicions of money laundering or terrorist financing: in the case of persons other than nominated officers, such reports must be made to the firm’s nominated officer, while the nominated officer must make the decision on behalf of the firm as to whether or not to make an external report to SOCA. Neither is there any change in the ‘all crimes’ approach of POCA – the financial proceeds of any crime under UK law may give rise to a duty to report.
The new Regulations incorporate, however, a number of changes which members should note. These are summarised as follows:
Definitions
There is a new definition of ‘trust and company service provider’ (reg3(10)). This definition will encompass persons who, by way of business, form companies or other legal persons, act or arrange for another person to act as director or secretary of a company, or provide an address for a company or partnership.
Client due diligence (regs 5-7)
The circumstances in which CDD checks must be carried out are extended. The Regulations now insist that CDD procedures are carried out when the regulated person
- establishes a business relationship
- the regulated person carries out an occasional transaction
- suspects money laundering or terrorist financing
- doubts the integrity of information previously obtained for CDD purposes.
CDD procedures must also be applied to existing clients on a ‘risk sensitive basis’.
The new Regulations also go into further detail as to expected procedures. Reg 5 says that CDD checks amount to
- identifying the customer and verifying his identity on the basis of documents, data or information obtained from ‘a reliable and independent source’
- obtaining information on the purpose and intended nature of the business relationship
- (where the client is an entity) identifying the ‘beneficial owner’, and taking ‘adequate measures, on a ‘risk-sensitive basis’ to verify his identity; ‘adequate measures’ also include, in the case of legal entities (e.g. companies and trusts) steps to understand the entity’s ownership and control structure.
A ‘beneficial owner’ is defined, in reg 6, as being, in the case of an unquoted company, a person who ultimately owns or controls more than 25% of the shares or voting rights in the entity, or who otherwise exercises control over the entity’s management. Separate definitions are included in reg 6 of the beneficial owners of trusts and partnerships.
On-going monitoring (reg 8)
Regulated persons are obliged to conduct ‘on-going monitoring‘ of a business relationship with a client. By virtue of this requirement, they are expected to scrutinise transactions entered into under the relationship to ensure that they are consistent with the their knowledge of the customer and his risk-profile. Under this requirement, they are also expected to keep documents which are kept for CDD procedures up-to-date.
Simplified due diligence (reg 13)
There is an exemption from the requirement to carry out the standard CDD checks where the regulated person believes the client is, inter alia, a listed company or a credit or financial institution which is itself subject to EU money laundering rules.
Enhanced due diligence (reg 14)
Regulated persons must carry out ‘enhanced’ CDD, and ‘enhanced’ on-going monitoring, in certain specified circumstances and in any other situation which presents a higher risk of money laundering or terrorist financing. Among the specified circumstances set out in the Regulations are where the customer has not been personally present for identification purposes and where the client is a ‘politically exposed person’ (or an immediate family member or known close associate of such a person). A ‘politically exposed person’ is an individual who, in the preceding year, has exercised ‘a prominent public function’ in a state or institution outside the UK.
Reliance on other persons (reg 17)
Regulated persons may rely on specified persons - which include external accountants, auditors, insolvency practitioners and tax advisers – to have carried out the standard CDD checks (provided that the other person consents to being relied upon for this purpose).
Record-keeping and internal procedures (reg 20)
Regulated persons are still required to establish and maintain in-house systems and procedures. But there is a new onus on them to establish ‘appropriate and risk-sensitive ‘ policies and procedures on such matters.
Supervision (reg 22)
All regulated persons (including all persons who act as external accountants and auditors) are to be supervised by an appropriate agency for their compliance with their compliance obligations under the Directive. In the case of ACCA members, this will ordinarily be carried out by ACCA itself, and no action need be taken by members. (Those external accountants who are not members of an approved supervisory authority will have to be apply to be supervised by HMRC). Members should note that ACCA, as a supervisory authority under the Regulations, has its own legal responsibility to inform SOCA whenever it acquires knowledge or forms a suspicion of money laundering or terrorist financing.
Professional guidance
To supplement the new statutory regulations, CCAB has revised the professional guidance for accountants, which ACCA had issued as Technical Fact Sheet 94. This new CCAB guidance will be issued by ACCA as a new Fact Sheet and will be posted on these pages.
The revised guidance is significantly lengthier than was the previous version. This is an inevitable consequence of i) the additional detail set out in the new Regulations, which the revised guidance seeks to explain; ii) changes in the law since 2003; and iii) the drafting approach adopted, which aimed to provide more comprehensive and helpful guidance than the more general advice that was contained in Fact Sheet 94.