The Government enacted the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the MLR 2017) on 26 June 2017. These are based on the same principles as the pre-existing rules, but contain significant changes which affect how regulated organisations must structure their anti-money laundering functions and carry out checks.
The MLR 2017 apply to all organisations operating within the regulated sector which includes parts of the property industry. The rules will apply to RPs who carry out regulated activities which include undertaking "estate agency work" as an intermediary in property sales and providing lending, including recoverable grants.
The changes reflect the greater emphasis in the EU's 4th Money Laundering Directive, which the MLR 2017 implement, of a risk- based approach. As a result, the MLR 2017 are considerably more onerous than their predecessor, the 2007 regulations.
In order to comply with the implementation deadline HM Treasury issued the MLR 2017 without detailed guidance. As a result, we are assisting a number of our clients in deciding how best to implement the rules, whilst monitoring the guidance being issued by industry bodies.
This is especially important given the heightened scrutiny that money laundering risks have attracted in recent years, especially in the real estate and finance sectors. As a result, the Royal Institute of Chartered Surveyors currently identifies money laundering as one of the most significant areas of risk facing the property industry.
Key changes
- New roles and functions. Organisations must, depending on their size and risk profile, appoint a board member or member of the senior management team with responsibility for compliance with the regulations. Although the MLR 2017 do not state this must be a different person from the existing Money Laundering Reporting Officer (MLRO), we consider it is sensible, if practicable, for them to be different people in order that the compliance officer can review the practices of the MLRO and provide them with recommendations. Organisations must also consider establishing an independent audit function to monitor compliance.
- Training and screening. Organisations must screen employees involved in anti- money laundering (AML) compliance and provide them with regular training. Training is key as any individual who undertakes tasks related to AML may be subject to civil penalties or criminal sanctions should they fail to comply.
- Risk assessments. It will be necessary to undertake organisation-wide AML risk assessments and individual risk assessments for each new customer and transaction.
- More onerous customer due diligence. The documentation required will be more onerous. It is necessary to identify the source of funds and the ultimate beneficial owners of companies or trusts. Simplified due diligence no longer applies automatically to particular categories of customers. There are now more stringent rules regarding reliance on the due diligence of another party such as a solicitor.
- PEPs. Politically exposed persons (PEPs) will now include UK government officials as well as overseas officials. As a result PEPs are likely to be found on the boards of UK PLCs and public sector bodies. This elevates the risk profile of customers who would otherwise be low risk. There must also be approval from senior management for establishing a business relationship with a PEP and adequate measures must be taken to establish their source of wealth.
- Trusts. Trustees will need to be ready to provide details for a new register of beneficial owners of trusts. Beneficial owners are likely to include a trust's settlor, trustees, protector and beneficiaries.
All regulated bodies should update their AML personnel, policies and procedures to ensure compliance with the new regulations. This will involve filling the new roles identified above, re-drafting procedures, organising training for staff and setting up new audit functions.
Specific risk factors
It is important for organisations to consider risk factors specific to their own industry and business. The MLR 2017 list out particular factors to be considered, including the nature of an organisation's customers, geographic areas in which it operates, products or services, transactions and delivery channels. Activities involving high value property transactions or other large one-off movements of money will inevitably be higher risk.
Day-to-day operations will also be affected. Private and social housing landlords should consider the risk factors around accepting cash payments, especially if tenants produce large sums at short notice to avoid eviction.
Best practice
Given the risks, we are seeing some clients mitigating potential regulatory and reputational risks by implementing best practices which go beyond the legal minimum.
For example, some businesses are carrying out customer due diligence on their contract counter-parties. This is not strictly required, because these are not their "customers", but they are choosing to do so to manage risk. Others are changing business models to phase out cash payments and changing deal models to ensure that AML documentation is obtained at the very outset of discussions.
Obviously there are pros and cons to such an approach. No-one wants to add to their regulatory burden and this can impact on management time and overheads. It also necessary to ensure such an approach is consistent with other regulations, especially the upcoming General Data Protection Regulation which will tighten up the rules around the retention of personal data (see our article covering the changes on page 4). Having said that, the regulatory climate means that money laundering is a key risk for regulated businesses and regulators in the UK are increasingly sharpening their teeth. Implementing the MLR 2017 promptly and effectively is therefore an important task for regulated organisations.
A version of this article appeared in the In-House Lawyer in September 2017 (inhouselawyer.co.uk).
