UK: Regulatory Creep-Is It Inevitable?

This paper will first discuss the concept of regulatory creep with reference to the corpus of regulatory activity. It will then focus on anti-money laundering regulation as an area consistently identified as industry's most costly and burdensome regulatory requirement.

I. THE CONCEPT

('Regulatory creep: myths and misunderstandings' – Clive Jones quoting former CBI Director-General, Digby Jones)

(Cabinet Office Report - Better Regulation Task Force and Regulatory Creep Sub-Group - 2004: 'Avoiding Regulatory Creep')

II. INTRODUCTION:

There is now a growing matrix of conventions, treaties, directives, recommendations, memoranda of understanding, all designed to come as close as possible in denying criminals a safe hiding place for their criminal proceeds. Regulation has increased, along with the costs of compliance, but the standards and implementation are not uniform. The breadth of the regulation has been discussed by numerous commentators at length, but should this present level of regulation simply be accepted as a permanent feature of our polity¹? So marked was the trend to regulate in the UK that the period starting in the mid-1990s to the present day has witnessed what some commentators refer to as the rise of the regulatory state: "We now have regulation on such a scale that it is possible to refer to the regulatory state or, perhaps more accurately, the regulatory sub-state as part of our constitutional arrangements.²"

Over the past half- century, the UK in particular has seen a transfer of those powers once falling squarely within the government's remit, to 'independent' regulators; independent in their operation whilst appointed by government and implementing policy goals set for them. The Financial Services Authority (FSA), for example, is one of the most powerful; in 2004 Baroness Noakes (see below) quipped that the FSA's rule book, though available online, is said to reach 9 feet if it is printed out, and later commented that it is a very large body that has, "intruded itself into the activities of many businesses in a massive way." It is unsurprising that later that month, the FSA found itself in contention for the tongue- in-cheek inaugural Telegraph Regulatory Creep of the Year award³. As the British Chambers of Commerce director general David Frost concluded at that time, "while these humorous awards highlight the bodies involved in regulation, the ever increasing burden is not a barrel of laughs for British business."

These regulators have often been described as "operating at arm's length from government⁴", and as being reliant upon "the ethos of the government of the day for [their] very existence⁵". Baroness Noakes, commenting on the 2004 report of the Select Committee on the Constitution into the 'regulatory state⁶', even went so far as to assert that "regulation is a back-door method of increasing the length of the arm of the state, which is why we believe it should be resisted in principle."

Regulation in itself is not a novel concept: in one way or another states have regulated the market order for centuries. Yet there has been the temptation, on behalf of this UK government at least, to set up a new regulatory body wherever there is concern about an issue. The 2004 Cabinet Office Report, entitled, 'Avoiding Regulatory Creep⁷', identified that there is always the possibility when creating a new regulator that it will look for gaps in compliance and that this may result in regulatory creep. These regulators will inevitably respond to the pressure for action and intervention by becoming more active, by increasing the scope of their interest and by expanding their role and scope. The Report found that this was one of the factors that helped encourage regulatory creep in the anti-money laundering regime. By way of example, Part 3 of the Act will enable Ministers to confer on regulators certain sanctioning powers, including the use of compliance notices, restoration notices and fixed monetary penalties. For the purposes of this Part, 'designated regulators' will include, amongst others, the Hearing Aid Council, the British Hallmarking Council, the Gangmasters Licensing Authority and the Financial Services Authority.

Survey data has consistently shown that businesses are concerned about the cumulative burden of regulation; the obvious danger of over-regulation, other than its associated costs, is that it becomes the enemy of innovation and entrepreneurship. The OECD itself acknowledges that regulation is perhaps the most pervasive form of state intervention in economic activity⁸.

On 4th February 2008, it was announced that the Conservatives had launched an independent review of regulation, led by Sir David Arculus, the former chairman of the Better Regulation Task Force, the independent review body set up by the government. Other members of the body⁹ include John Tiner, the former chief executive of the Financial Services Authority (FSA), and Teresa Graham, former deputy head of the government's Better Regulation Commission. The Arculus Review will look at how regulation "creeps through our system in a three-stage horror machine: from Brussels to Whitehall to town hall, with a 10-page European directive turning into a 30-page British law and a 100 pages of local guidelines.¹⁰" The Conservatives claim that there have been 14 new regulations a day since 1997¹¹.

III. REGULATORY CREEP: BENIGN DEVELOPMENT OR CONSCIOUS DECISION?

The title of this Paper, 'regulatory creep,' is deceptive in that it suggests that increased regulation is a benign, unintended development. The reality is that we do not have an unintentional growth in regulation, but a conscious decision on the part of the UK Government to deal with more issues by way of regulation.

Regulation under this government has become part of the regular involvement of the state in business life. It is not an unintended by-product but a deliberate policy in its own right. By way of example, the Regulatory Enforcement and Sanctions Act 2008, which received royal assent in July, is a "central part of the Government's ambitious better regulation agenda¹³" and aims to streamline and improve regulatory enforcement. Yet it also introduces wider discretionary powers for regulators and reflects the conscious decision to deal with more issues by way of regulation. Regulation has a guiding aim, part of which is to put risk back onto business. With law enforcement inadequately resourced, it is perhaps unsurprising that this Government are, as part of a thought-out plan being replicated internationally, pushing that resource burden back onto business. Indeed, the British Chambers of Commerce's 2008 'Burdens Barometer', shows that the cumulative cost to business of new regulation since 1998 has risen to £65.99 billion. A report by the BCC into the Regulatory System further noted that, despite expressed concern with the total volume of regulation, that there is a quickly growing volume. About 130 regulations per annum were generated in the first four years of this government. The number has increased progressively to about 350 in the year covered by the report (the year to 30th June 2007.)

IV. ANTI-MONEY LAUNDERING

The Money Laundering Regulations 2007 brought in the risk-based approach, as preferable to a more prescriptive approach, partly to meet criticism from the regulated sector. However, it has left the regulated sector needing to determine risk and apply appropriate processes. The regulated sector now has to take account of a growing body of regulations, statutes, policy and guidance. In truth these Regulations add yet another layer to the rapidly increasing quantity of legislation and regulation under which business is already being asked to operate.

As with other such 'goal-setting' regulation, or regulation which imposes general duties or sets broad objectives leaving those who are being regulated to decide how to meet them, the Third EU Money Laundering Directive, and through it the Money Laundering Regulations 2007, have set goals of some generality. The requirements for systems and controls placed on firms by the 2007 Regulations are high- level, yet these are not prescriptive Regulations; the detail of how to implement is very much left to firms, facilitated by industry guidance. Compliance is then supervised by a statutory regulatory body. Detailed guidance on compliance or best practice is provided by a regulator or an industry body but this may well go beyond the regulatory requirements.

Whether or not this guidance is given any legal significance, as it may do under the Money Laundering Regulations, there is also the associated risk that the guidance, rather than the regulation itself, may become the 'benchmark' for enforcement. Under the 2007 Regulations, in deciding whether a person has failed to comply with a requirement, the designated authority must consider whether he followed any relevant, treasury-approved, guidance¹⁴; similarly in deciding whether a person has committed any of the criminal offences contained with the Regulations, the court must consider whether he followed any relevant, treasury-approved, guidance¹⁵. This mirrors the requirement under section 330(8) of the Proceeds of Crime Act 2002, whereby in deciding whether a person in the regulated sector committed a section 330 failure to disclose offence, the court must consider whether he followed any relevant treasury-approved guidance.

The issue of goal-setting regulation and the notion that it often leads to regulatory creep was addressed by the Better Regulation Task Force, who concluded that this type of regulation can, 'leave a vacuum that Government, regulators and industry will seek to fill with guidance...[which] may stray beyond the original intention and/or it might be applied prescriptively by regulators and those being regulated.' The emphasis now for those in the regulated sector has shifted towards a consideration of risk in relation to the client and the business carried out for them. The aim is to allow a move away from a tick box, "one size fits all" regime, to a system that is proportionate to the perceived risk and thus more flexible. But where stakeholders are not clear whether the requirements in a piece of guidance produced are statutory or best practice, thus creating additional burden and cost, the result may be over-zealous or prescriptive application. Thus, while the regulated sector now has ample and detailed guidance on compliance, they are also in a position where they must not only take account of it but, as the Law Society's Practice Note emphasises, where they may be even be required to explain any deviation from a Guidance document that in effect fails to differentiate between Guidance and good practice.

Guidance

By way of example, guidance has been published by:

• The Law Society of England and Wales: This 'practice note' is currently awaiting treasury approval. The note's self- appointed purpose is to outline the legal and regulatory framework of AML/CTF obligations for solicitors within the UK, outline good practice on implementing the legal requirements, outline good practice in developing systems and controls to prevent solicitors being used to facilitate money laundering and terrorist financing and provide direction on applying the risk-based approach to compliance effectively.
• The Law Society of Scotland (adoption of the JMLSG Guidance with some variation/addition). The Law Society of Scotland is currently seeking Treasury approval.
• The Bar Council: This Guidance focuses on the responsibilities imposed on barristers pursuant to the new Regulations. The Bar Council is not currently seeking Treasury approval and indeed the debate is ongoing within the Council as to the necessity and/or desirability of seeking such approval.
• HM Revenue and Customs: While this Guidance is addressed at certain officers within certain categories of business, it also directs Trust and company service providers that are supervised by HMRC towards the CCAB guidance (below) as additional guidance that they may find useful. Treasury approval is currently being sought. An additional Guidance Notice has also been issued detailing registration procedures for those required to register with HMRC.
• The Office of Fair Trading: This Guidance is intended for businesses that are the subject of the regulations and for whom the OFT is the Supervisory Authority. Those businesses supervised by the OFT are informed that further information on their obligations under the regulations can be found in guidance produced by industry bodies. They are also referred to the additional detailed guidance of the Joint Money Laundering Steering Group (JMLSG). It is not clear whether Treasury approval is being sought.
• The Consultative Committee of Accountancy Bodies: This Guidance has now received Treasury Approval. Businesses and individuals should take account of it when acting in the course of business as auditors, external accountants, insolvency practitioners and tax advisers, and when acting in the course of business as trust and company service providers. The Guidance also cautions that where other standard setters or professional/trade bodies have produced specialist Guidance concerning particular services or activities, businesses and individuals may need to have regard to that Guidance as a supplement to this Guidance. In addition, supplementary guidance for tax practitioners¹⁶, which is appended to the CCAB guidance, has also been issued and awaits treasury approval.
• The Joint Money Laundering Steering Group: This Guidance, which does have Treasury approval, is addressed to firms in the industry sectors represented by the member bodies of the JMLSG and to those firms regulated by the FSA. All such firms – which include those which are members of JMLSG trade associations but not regulated by the FSA, and those regulated by the FSA which are not members of JMLSG trade associations - should have regard to the contents of the guidance. In addition, financial services firms which are neither members of JMLSG trade associations nor regulated by the FSA are encouraged to have regard to this guidance as industry good practice. The introductory comments also specify that firms which are outside the financial sector, but subject to the Regulations, particularly where no specific guidance is issued to them by a body representing their industry, may also find this guidance helpful. Please note that the JMLSG has published proposed amendments to Part I of its December 2007 Guidance, for comment by 26 September 2008.
• The Gambling Commission: This Guidance outlines the full legal framework for anti money laundering (AML) and counter terrorist financing (CTF) requirements and systems across the remote and non-remote casino sector. It's self-appointed purpose is to interpret the requirements of the relevant law and regulations, and how they may be implemented in practice; indicate good industry practice in AML/CTF procedures through a proportionate risk-based approach; and assist operators to design and implement the policies and procedures necessary to mitigate the risks of being used in connection with money laundering and the financing of terrorism. The Commission is currently awaiting Treasury approval of this Guidance.
• The Council for Licensed Conveyancers : The CLC issued detailed interim Guidance in December 2007, with consultation on its contents running until January 2008. A brief Guidance Note and Toolkit have since been published. This Guidance may be submitted for Treasury approval.
• The Royal Institution of Chartered Surveyors: RICS provides a range of articles and guidance to assist members with their preparations for the money laundering regulations, however, this is inaccessible for non-members.
• HM Treasury (Information sheets)
• The Financial Action Task Force: FATF have recently published the following:
• • Risk-Based Approach Guidance for Trust and Companies Service Providers (TCSPs)
  • Risk-Based Approach Guidance for Accountants
  • Risk-Based Approach Guidance for Real Estate Agents
  • Risk-Based Approach Guidance for Dealers in Precious Metals and Stones
  • Guidance on the Risk-Based Approach: High Level Principles and Procedures

The 'Guidance' highlighted above, a small selection from the body of ongoing work in this area, is in reality a mixture of best practice and guidance on complying with regulatory requirements. Yet it is the absence of a clear differentiation between the two that allows for, and indeed encourages, regulatory creep. The 2004 Report by the Better Regulation Task Force found that a number of terms were being used to describe this 'guidance' or 'best practice', which was only serving to compound the problem. Amongst their discoveries were the following:

• Guidelines
• Advice
• Voluntary Codes of Practice
• Approved Codes of Practice
• Best practice guidance
• Good practice guidance
• Guidance on complying with regulatory requirements
• Criteria
• Guidance Notes
• Approved Documents
• Principles

A key principle of the UK's approach to anti-money laundering measures is the riskbased approach; a move away from the former prescriptive approach towards a preferred flexible approach. The principle, of course, is that resources should be directed in accordance with priorities so that the greatest risks receive the highest attention. Yet where the body of guidance available lacks coherence or strays beyond the original intention then those falling within the regulated sector are left not knowing what is expected of them and what constitutes compliance with the law. The danger then is that guidance that is available will be applied prescriptively, often either because it has legal significance in its own right or because it has become the benchmark for enforcement. The language used in guidance can also add to the confusion. The line between the use of guidance, coupled with the risk-based approach, as an alternative to prescriptive regulation, and the sort of regulatory creep described above can then increasingly become blurred.

Sanctions

The majority of the Guidance available notes that as the range of Politically Exposed Persons is wide and constantly changing, those in the regulated sector should remain alert to situations suggesting the client falls within this category. Therefore, those in the regulated sector are now finding themselves having to consider a plethora of other schemes to aid them in their assessment of risk. Those tasked with assessing a firm's 'PEP risk profile' are directed towards resources such as the Transparency International Corruption Perceptions Index (CPI), which ranks approximately 180 countries in terms of the degree to which corruption is perceived to exist among their public officials and politicians. This is only one of a series of relevant reports and databases on corruption risk published by specialised national, international, nongovernmental and commercial organisations.

Another example is the use of sanctions lists to help in assessing risk. However, sanctions can apply to individuals and/ or entities and can vary greatly from programme to programme, with a lack of guidance in this area complicating the situation further. In addition, sanctions lists can be found in dozens of jurisdictions, and these are, unsurprisingly, not homogenous. Add to this the distinction between financial sanctions and other, perhaps reputational or exclusory sanctions, and the number multiplies again; where should those in the regulated sector be expected to draw the line?

Examples of those lists most likely to be consulted include:

1. The FATF 'Blacklist' (the list of "Non-Cooperative Countries or Territories" (NCCTs)), which includes all countries which FATF perceives to be noncooperative in the global fight against money laundering and terrorist financing¹⁷. At present, there are no Non-Cooperative Countries and Territories listed.
2. A list of all sanctions currently in force in the UK is maintained by HM Treasury (although it was previously maintained by the Bank of England). The UK can impose financial sanctions against persons and entities, including a prohibition on making funds available to individuals/groups or a complete asset freeze.
3. In addition to the list of sanctions detailed above, on 29 February 2008, HM Treasury issued advice on specific jurisdictions presenting heightened risks of money laundering or terrorist financing¹⁸. This followed a warning by FATF of increased risk in Uzbekistan, Iran, Pakistan, Turkmenistan, São Tomé and Príncipe and the northern part of Cyprus¹⁹.
4. The Office of Foreign Assets Control ("OFAC") of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals. KPMG's Global Anti-money Laundering Survey 2007 noted that the impact of OFAC sanctions violations can be very damaging to an institution's reputation but can also have substantial financial ramifications with punitive fines and criminal action.

Attempts to introduce 'de-regulatory' measures

In publishing the draft money laundering regulations, the Economic Secretary Ed Balls commented that firms will have greater scope to rely on the customer identification checks conducted by others. This, he said, is a de-regulatory measure in line with the recommendation of the Better Regulation Task Force report on regulatory creep, and one that should improve the experience both of the firm and the customer.

Yet for those seeking to make use of the reliance, or indeed the simplified due diligence, provisions of the Money Laundering Regulations, contention surrounding the concept of equivalence is likely to render some of the attempts at 'de-regulation' meaningless. After a series of meetings at European level to try to agree a list of jurisdictions deemed equivalent, a list was finally compiled in April this year, much to the chagrin of the UK Crown Dependencies, who only 'may' be considered to be equivalent to EU states' standards, effectively leaving them with an intermediate or qualified status, thus again requiring the application of judgment/investigation. The position is worse still for the British overseas territories, such as the Cayman Islands and the British Virgin Islands, who have been excluded altogether.

The Government have indicated that the criteria for inclusion on the list are based primarily on performance against the Financial Action Task Force's (FATF) 40 + 9 recommendations; thus if a country is viewed benignly by FATF, then calling it an "equivalent jurisdiction" under the Directive is surely circular. Except of course, that no jurisdiction, not even within the EU, is rated as fully compliant by FATF. According to a recent report even the most fully compliant countries have had their efforts to implement FATF's 40 recommendations marked as "PC" (partially compliant), and several, including Norway, Portugal and the UK, have at least one "NC" (non compliant) assessment. As one commentator recently identified, irrespective of the composition of the list, every self-respecting compliance officer viewing an application for business from the newly minted 'equivalent' jurisdiction should nonetheless be mindful of FATF's much more thorough view (if there is one) of that country's anti-money laundering legislation²⁰.

V. CONCLUSION

"Regulatory creep can skew the focus of those being regulated away from the key objective of the regulation and encourage them to concentrate on the process for demonstrating compliance rather than on the outcome, delivering little, if any, additional benefit ²¹."

The international character of modern, sophisticated money laundering undoubtedly necessitates a coordinated response across diverse legal systems. Yet, the regulation of anti- money laundering responsibilities requires a balance between ensuring that measures are effective without placing disproportionate burdens on those industries which must later implement them. Not every occurrence of money laundering can be uncovered or even detected, but, with the 2007 Money Laundering Regulations upon us, our regulators will nevertheless require us to have in place more robust systems and procedures than hitherto. Those Regulations, which created a wider 'regulated sector', will also affect the supervisory authorities, be they those agencies who have found themselves with an increased responsibility, or those who are entirely new to AML regulation.

Since the 1998 G8 summit, attention in the fight against money laundering has increasingly focused on "gatekeepers", i.e. the intermediaries who can be used, wittingly or unwittingly, to help launder the proceeds of crime. They are considered to owe special obligations because they are uniquely positioned to detect crime, and to disrupt it by withholding their services. The Financial Action Task Force (FATF) report on Money Laundering Typologies 2000-2001 highlighted the role of 'gatekeeper' professionals in facilitating money laundering. FATF observed that those individuals desiring to launder criminal proceeds – unless they already have specialised professional expertise themselves – must turn to the expertise of legal professionals, accountants, financial consultants, and other professionals to aid them in the movement of such proceeds. The 2003-2004 Typologies further noted that this trend towards the involvement of gatekeepers in money laundering schemes, which had been documented previously by FATF, appears to be continuing.

The continuing efforts by governments to combat money laundering has made the work of the money launderer more difficult. Yet it is not only the launderers themselves, but also the 'gatekeeper professionals', who are so uniquely positioned to detect their activities, that are increasingly feeling the presence of anti-money laundering regulation. This trend looks set to continue with the advent of the Money Laundering Regulations 2007, with serious concerns relating not only to the resources and expertise that must now be dedicated to compliance, but also to the disproportionate amount of time being spent documenting the rationale behind a decision.

Any options for reform must therefore consider at the outset how those being regulated will demonstrate compliance in practice. In addition, as the Better Regulation Task Force recommended four years ago, guidance that is available should take into account the projected costs and benefits of the original regulatory proposal to make sure that the guidance does not stray beyond the original intention. Guidance should not encourage or necessitate over-compliance by those who are subject to it.

What is clear is that any option for reform, undertaken in an effort to ease the compliance burden on the regulated sector, will need to be mindful of the significant and recurring challenges posed by adherence to the risk-based approach. Those identified by FATF include:

• that this approach requires resources and expertise to gather and interpret information on risks, both at the country and institutional levels, to develop procedures and systems and to train personnel. It further requires that sound and well-trained judgment be exercised in the implementation within the institution/firm and its subcomponents of such procedures, and systems ;
• that such an approach may also cause uncertainty regarding expectations, difficulty in applying uniform regulatory treatment, and lack of understanding by customers/clients;
• that attempting to pursue a risk-based approach without sufficient expertise may lead to flawed judgments. Firms may over-estimate risk, which could lead to wasteful use of resources, or they may under-estimate risk, thereby creating vulnerabilities; and
• that the regulated sector may find that some staff members are uncomfortable making risk-based judgments. This may lead to overly cautious decisions, or disproportionate time spent documenting the rationale behind a decision. This may also be true at various levels of management.

Footnotes

1 So queried the Earl of Northesk, Lords Hansard, 2nd December 2004

2 Lords Hansard, 2nd December 2004, Lord Norton of Louth

3 http://www.telegraph.co.uk/money/main.jhtml?xml=/money/2004/12/20/cbtape20.xml

4 Lords Hansard, 2nd December 2004, Lord Norton of Louth

5 Ibid, The Earl of Northesk

6 'The Regulatory State: Ensuring its accountability' (6th Report, Session 2003-04, HL Paper 68)

7 Produced by the Better Regulation Task Force, in conjunction with the Regulatory Creep Sub-group.

8 ECO/WKP(2005)6

9 The group will be independent of the Conservative Party, which will be under no obligation to accept

its recommendations.

10 "Let us lift this burden of petty bureaucracy": Alan Duncan, the Shadow Secretary of State for

Business, Enterprise & Regulatory Reform, writing for the Telegraph, 7th February 2008.

11 Ibid

12 Lords Hansard, 2nd December 2004, The Earl of Northesk

13 Business Minister Shriti Vadera

14 Regulation 42

15 Regulation 45

16 This Guidance is issued by

" the Chartered Institute of Taxation,

" the Association of Taxation Technicians,

" the Institute of Chartered Accountants in England and Wales,

" the Association of Chartered Certified Accountants,

" the Chartered Institute of Management Accountants; and

" HM Revenue and Customs

as an Appendix to the anti-money laundering guidance released by the Consultative Committee of Accountancy Bodies (CCAB).

17 http://www.fatf-gafi.org/document/51/0,3343,en_32250379_32236992_33916403_1_1_1_1,00.html

18 http://www.hm-treasury.gov.uk/newsroom_and_speeches/press/2008/press_20_08.cfm

19 http://www.fatf-gafi.org/dataoecd/16/26/40181037.pdf

20 "Getting out of Europe-the Equivalence question" by David McCluskey and published in The Money Laundering Bulletin, June 2008 edition.

21 Cabinet Office Report - Better Regulation Task Force and Regulatory Creep Sub-Group - 2004:'Avoiding Regulatory Creep'

This article was delivered to The Anti Money Laundering Professionals Forum: Annual Anti Money Laundering European Conference on 26 September 2008.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.