Comments from ACCA to the HM Treasury, December 2009.
ACCA is please to comment on Part A of the call for evidence issued as part of the above project; this complements the paper from CCAB already submitted. ACCA is a supervisory body under the Regulations and performs similar statutory functions under the Companies Act 2006 (with regard to company auditors), the Insolvency Act 1986 (with regard to insolvency practitioners) and the Financial Services and Markets Act 2000 (with regard to members providing incidental investment advice).
The contents of this letter focus on the first group of questions posed in the paper and take into account not only our experience as a regulator but that of our members in dealing with the Regulations in practice.
We welcome the fact that the review is being undertaken and approve of the three guiding principles chosen to guide the review, as set out in Box 2A on page 7. We believe that, after a difficult initial phase of implementation, accountants in practice now generally support the aims of the anti-money laundering regime and understand that the rules can benefit them in practical ways.
There are, however, two very obvious limiting factors to the current review. The first is that the UK's rules in this area are to a great extent pre-determined by the content of the EU's Money Laundering Directive, and no deviation is possible from those provisions of the Directive that are mandatory, even if to do so was considered to be desirable in the light of the review's guiding principles. We do not therefore comment in this response on those aspects.
The second is that the Proceeds of Crime Act is outside the review's scope. Because of this, no change can be contemplated in respect of the 'all crimes' definition of money laundering, a definition which has substantial consequences for the proportionality of the UK's regime and, in particular, for the burden of compliance with the Regulations. Neither can any change be contemplated regarding the circumstances in which regulated entities can be considered to have tipped off third parties. The result of these two factors is that the scope for achieving any substantial improvements to the regime in terms of effectiveness and proportionality is necessarily restricted.
Our principal reaction to the questions posed in the call for evidence is that it is not possible for regulated entities and supervisory bodies to make meaningful comment on how effective the AML regime actually is. Regulated entities have made substantial investment over the past six years in terms of training and other in-house procedures and they will continue to absorb such compliance costs. They have also had to come to terms with the often difficult processes of deciding whether to make SARs and avoiding the offence of tipping off. But it is a feature of the regime that little if any direct feedback is received by regulated entities from the authorities as to whether their efforts are making any meaningful contribution to the fight against crime. Consequently, most of these entities will not be in a position to judge whether their efforts are effective, whether by reference to their cost or to their active contribution to the fight against crime. Professionally-qualified accountants will not be deterred by this from continuing to comply with their obligations, not least because they are now supervised to make sure that they do so. But there is a danger that, unless more is done to engage with the regulated community about the effectiveness of the contribution they are making, entities will come to view their compliance obligations as being essentially bureaucratic in character and will lose confidence in the idea that there is a direct connection between their statutory functions and the fight against serious crime.
With regard to the implementation of any new changes that might flow from this review, we would underline the point that any reform to regulatory requirements imposes costs on businesses, and the more frequent these occur the greater the accumulated compliance costs will be. So at this early stage we would ask that any changes be brought into effect at the same time and with as much lead in time as can be arranged.
1: To what extent is the scope of the Regulations and the application to business activity appropriately risk-based?
The 2007 Regulations now apply risk-based criteria to many of the individual provisions. This applies in particular to the way in which a regulated entity carries out CDD, on-going monitoring and enhanced DD. We would say that, in principle, the application of risk-based criteria to these procedures is appropriate, even if the implication is that diligence checks in respect of the larger cases will necessarily involve more time and expense for the regulated entity (with no automatic co-relation to the real risk of money laundering). The one section of the Regulations where there is no application of the risk basis is Part 3 (Record-Keeping, Procedures and Training). As a result all entities, regardless of size, have to, inter alia, keep records for a specified time and adopt policies and procedures on a number of specified matters. If the UK were free to restrict or extend the risk-based approach as it saw fit, this might be an area where more could be done to acknowledge the differing resources of smaller regulated entities.
2: To what extent are the CDD requirements set out in the Regulations a proportionate response to the threat from money laundering?
As stated above under General Comments, it is not possible for commentators to offer any informed opinion as to the effectiveness of any element of the AML regime. That said, we believe that the carrying out of CDD procedures is, in principle, a reasonable precaution against the threat of an entity being used to launder money. Such procedures are very familiar to accountants and other categories of professional adviser who have long been expected to carry out Know Your Client (KYC) measures at the outset of a professional relationship. The very fact of having standardised expectations about obtaining background information about clients may be oh help to regulated entities in terms of dissuading money launderers to use their services. Several of our members have told us that they have undertaken initial meetings with a prospective client, at which they explain the CDD information they would ask for (along with other AML information), and have never heard from that individual or business again: this may very well happen for reasons unconnected with money laundering but it is at least conceivable that prospective clients may be dissuaded from engaging accountants if they think that their activities would give rise to a SAR.
On the positive side, if the CDD procedures result in accountants not taking on clients who are involved in criminal activities, then this will be a welcome outcome for them. But it must be remembered that complying with the CDD requirements will always involve a financial cost, and in some cases, where the risk associated with the relationship is considered to be higher, that cost can be significant. It may be that the cost of carrying out the CDD will be so great that it would exceed the value of the prospective business relationship, in which case the fact of having to undertake risk-based CDD, or enhanced DD, will cause the entity concerned to consider whether it really wants to perform the work at all. In the sort of scenario referred to above, where a regulated entity conducts a free initial meeting with a prospective client, the cost of that first meeting will have to be written off (whether the client disappears for reasons connected with money laundering or not). With regard to complex business structures, whether or not they are covered by the rules on enhanced DD, it will frequently take several full days' work for an entity to gather the required data, a time commitment which may comfortably exceed the time it subsequently takes to provide the service requested.
The question of whether the cost of carrying out the appropriate level of due diligence procedures is proportionate to the value of the prospective business relationship will be a decision for the individual regulated entity to take. As regards the proportionality of the rules to the threat of money laundering, this must be unquantifiable.
The one specific aspect of the diligence requirements which has perhaps caused most uncertainty, and which might be usefully addressed by the present Review, concerns the position of politically exposed persons (PEPs). The drafting of the Regulations in this respect could, we suggest, be improved - there is in fact no express requirement in the Regulations for regulated entities to take steps to identify whether a prospective client is a PEP: the wording only covers what an entity is supposed to do if one of its clients is a PEP. But more substantially, the rules appear to assume that regulated entities will be able to identify, firstly, persons who are PEPs and, secondly, persons who are family members and associates of PEPs. While we accept that persons who meet the definition of PEP will often carry a high risk of money laundering, we suggest that the relevant regulations could be amended so as to recognise that most regulated entities will not come across PEPs and to provide that, where they do, risk-based criteria may be applied in the course of identification.
3: To what extent are CDD requirements effective in the fight against money laundering?
As already stated, the regulated sector is not in a position to offer more than anecdotal evidence in response to this question. As a regulatory body we would agree that the carrying out of CDD procedures is essential for enabling practising accountants to provide a thorough and professional service to their clients. We would also agree that they serve the interests of the AML regime by putting accountants in a position whereby they are able to identify normal and usual patterns of business behaviour, and by extension abnormal and unusual patterns of behaviour, as well as illegal acts. We would therefore agree that CDD procedures carried out by regulated entities represent a valuable and essential precaution against the risk of money laundering. As a supervisory body, we are satisfied that there is a high level of compliance with the CDD requirements on the part of our members.
4: To what extent do the record-keeping and policy and procedural requirements support firms' anti-money laundering efforts?
The requirements in Part 3 of the Regulations are in our view largely administrative and serve mainly to influence firms' practices with regard to due diligence, on-going monitoring and reporting. To this extent it is true that they 'support' firms' ant-money laundering efforts. The main cost associated with these requirements is probably the on-going cost of training relevant staff in money laundering and terrorist financing issues.
5: To what extent do the Regulations provide Supervisors with appropriate compliance monitoring and enforcement powers and penalties to deter non-compliance?
We think the powers and responsibilities delegated to the private sector supervisory authorities under the Regulations are appropriate for the purposes of ensuring that their members comply with their own responsibilities.
6: To what extent do the Regulations provide for a suitable system of registration and 'fit and proper' testing to be established and carried out on a risk basis?
In the case of the recognised private sector supervisory bodies, each will be required to satisfy the authorities that they have internal procedures to ensure that persons subject to their regulation are fit and proper persons. We believe the recognised bodies can be relied upon to ensure that this happens in practice.
7: Are the requirements of the Regulations compatible with and complementary to the requirements of a) other aspects of the UK 's broader AML regime/legislation and b) international standards and practice.
We think that the Regulations are compatible with POCA and the corresponding legislation on terrorist financing. As regards international comparability, the Regulations, taken together with the primary legislation, are in our view more than consistent with the standards expected to be followed by the EU's Money Laundering Directive and the FATF Recommendations. Other jurisdictions, notably the US , are significantly behind the UK in terms of imposing AML/CTF responsibilities on accountants and other categories of professional adviser. And because of the much wider legal definition of 'money laundering' in the UK, the number of SARs filed by accountants and auditors (and other types of entity) is very considerably higher in the UK than is the case in other member states of the EU.
8: How well does HMT engage with you in developing the Regulations and are the requirements of the Regulations clearly communicated?
We think that HMT has consulted effectively with the regulated sector on the drafting and revision of the Regulations. In common with other professional and trade bodies, ACCA has communicated the requirements of the Regulations to its members by means of its web site, CPD events, guidance in its internal publications and access to its own advisory helpline. CCAB has also co-ordinated the development of the accountancy profession's supplementary guidance and this is made available free of charge to members of each of the participating bodies. ACCA has also prepared a more concise guide for practitioners on the requirements of the primary and secondary legislation and this too has been made available to ACCA member firms free of charge.
One other comment we would make on the Regulations concerns the provision contained in regulation 17 to the effect that regulated entities may place conditional reliance on the CDD checks carried out by certain other parties. We are not aware that any significant use is being made of this entitlement by accountants. The feedback we have from our members is that accountancy firms will invariably carry out their own CDD checks even when relevant data is available from another professionally-qualified accountant. We do not suggest that the option be removed, and accept that there may be types of regulated entity which make more use of it. But this would appear to be a provision which is having minimal impact on at least one element of the regulated sector.