1 Legal and enforcement framework
1.1 Which legislative and regulatory provisions constitute the anti-money laundering, counter-terrorist financing and general financial crime prevention (collectively, ‘AML') regime in your jurisdiction, from a regulatory (preventive/sanctions) and enforcement (civil/criminal penalties) perspective? Are there any legislative and regulatory requirements that apply below the national level (ie, at a state or regional level)?
The UK anti-money laundering regime is comprised of a complex array of laws and statutory instruments.
Proceeds of Crime Act 2002: The Proceeds of Crime Act 2002 (POCA) contains the principal money laundering offences that apply to all persons, namely:
- the concealing offence;
- the arranging offence; and
- the acquiring or possession offence.
The POCA also created offences in relation to:
- tipping off;
- prejudicing an investigation; and
- failing to disclose money laundering.
The principal money laundering offences carry a maximum sentence of 14 years' imprisonment and/or a fine. The POCA contains provisions that allow for the confiscation of the proceeds of crime and the civil recovery of criminal property.
European directives:Five successive European directives establishing the EU framework for tackling money laundering have been implemented into UK law via statutory instruments. The Fourth Money Laundering Directive was transposed into UK law by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, SI 2017/692 (MLRs). Under the MLRs (as amended by the Fifth Money Laundering Directive), obligated entities/relevant persons must steps in relation to the following areas, among others:
- risk assessments, procedures and controls;
- due diligence;
- disclosures concerning beneficial ownership and express trusts; and
- where appropriate, the appointment of a compliance officer and independent auditor.
There are several offences created by the MLRs which carry a maximum sentence of two years' imprisonment and/or a fine. These include:
- contravening a relevant requirement;
- prejudicing an investigation; and
- making false or misleading disclosures.
Terrorism Act 2000: The Terrorism Act 2000 (‘TA 2000') creates four principal terrorism offences:
- fundraising for the purposes of terrorism;
- using or possessing money or other property for the purposes of terrorism;
- entering into or becoming concerned in an arrangement as a result of which money or other property is made available for the purposes of terrorism; and
- laundering money via the concealment, removal from the jurisdiction or transfer of terrorist property, or in any other way facilitating the retention or control by or on behalf of another person of terrorist property.
The TA 2000 also creates tipping off and failure to disclose offences, which are similar to those contained in the POCA. The principal offences under the TA 2000 apply to everyone, while some of the failure to disclose offences only apply to persons operating in the regulated sector. The TA 2000 is distinct from the POCA in that it deals with terrorist property, not criminal property, as such the funds engaged by the TA 2000 may have originated from legitimate means.
Sanctions and Anti-Money Laundering Act 2018: The Sanctions and Anti-Money Laundering Act 2018 also gives ministers of state the power to make regulations that are designed to facilitate the investigation, detection and prevention of money laundering and terrorist financing
1.2 Which bilateral and multilateral instruments on AML have effect in your jurisdiction?
As discussed at 1.1 above the UK has implemented the five successive European Directives establishing the European Union's framework for tackling money laundering into UK law via statutory instruments.
The Financial Conduct Authority (FCA) has signed a number of bilateral and multilateral agreements with overseas regulators. These agreements help to foster cooperation between the FCA and overseas regulators, allowing for the exchange of information and the supervision of cross-border firms.
The United Kingdom is also a member of the Financial Action Task Force and follows its guidelines on global AML standards.
1.3 Which public sector bodies and authorities are responsible for enforcing the AML laws and regulations? What powers do they have?
There are 25 supervisory bodies that are responsible for ensuring compliance with the MLRs. Three of these are statutory supervisors: the Financial Conduct Authority (FCA), His Majesty's Revenue and Customs and the Gambling Commission. The remaining 22 are comprised of legal and accountancy professional body supervisors (PBSs).
The AML supervisors work to ensure that the entities and individuals that they supervise comply with their duties under the MLRs and enforce against non-compliance. The supervisors also work to provide support through education, providing guidance and raising awareness of sectoral risks.
The three statutory supervisors have a range of powers available to them, including the power to inspect premises, request information and seize items. They can also impose financial penalties and suspend or revoke the authorisation/registration needed to carry out certain activities. The legal and accountancy PBSs also have powers to enforce against non-compliance with the MLRs and publish guidance on the steps that they will take in the event of non-compliance.
Further, unlike the other AML supervisors, the FCA has dual powers of investigation and prosecution in respect of AML enforcement.
AML supervisors tend to pursue civil resolutions, such as fines and regulatory sanctions, in response to breaches of MLRs.
1.4 Are there any self-regulatory organisations or professional associations? What powers do they have?
In the United Kingdom, there are 22 PBSs that supervise their members in respect of AML compliance. These self-regulatory organisations supervise entities/individuals predominantly operating within the legal and accountancy sectors and include bodies such as:
- the Chartered Institute of Management Accountants;
- the Chartered Institute of Taxation;
- the General Council of the Bar; and
- the Law Society of England and Wales.
The PBSs have a range of powers at their disposal, including powers of inspection, censure and the imposition of financial penalties.
The PBSs do not generally have the power to prosecute breaches of MLRs. They can, however, set rules and use various powers to enforce compliance with the MLRs. As an example, the Council for Licensed Conveyancers – which supervises regulatory property and probate lawyers for AML compliance – has a range of powers at its disposal, including the power to revoke licences, disqualify from holding a licence or impose a financial penalty on the professionals that it supervises. By contrast, the Association of Taxation Technicians refers MLRs breaches by its professional members to the Taxation Disciplinary Board, an independent body that has the power to impose financial penalties, expel individuals from membership and more.
The PBSs also produce guidance for their members to help them recognise and mitigate the money laundering risks in their relevant sectors.
1.5 What is the general approach of the financial services regulators in enforcing the AML laws and regulations?
The FCA regulates the financial services industry in the United Kingdom. It has investigatory, enforcement, supervisory and rule-making powers.
The FCA generally seeks to deal with breaches of the MLRs via civil means, such as imposing financial penalties and prohibiting individuals from performing significant management functions in any FCA-regulated firm.
The FCA also has powers to investigate and prosecute money laundering offences under both the Financial Services and Markets Act 2000 (FSMA) and the MLRs. The FCA will generally seek to discipline the firms that it supervises under the FSMA if it is seeking a regulatory resolution.
The FCA reserves criminal prosecution for the most egregious breaches of MLRs, as evidenced by its prosecution of National Westminster Bank in 2020 for serious AML failures, which resulted in the bank having to pay a fine of £264.8 million
The FCA is increasingly taking a tougher stance on the issue of compliance by imposing significant fines for AML compliance. Recent FCA action in this area has also seen a shift in focus away from breaches that relate to onboarding procedures to failures in relation to ongoing monitoring. This shift in focus signals how important it is for regulated firms to ensure that they comply with their AML obligations throughout all stages of regulated activities.
1.6 What are the statistics regarding past and ongoing AML procedures in your jurisdiction?
There is no centrally held data set of past and ongoing AML procedures in the United Kingdom. It may, however, be possible to obtain statistics from one of the supervisory bodies discussed in question 1.3 via a freedom of information request.
1.7 What reporting activities exist for reporting suspicious activities and/or transactions (SARs)? Are there any specific powers to identify the proceeds of crime or to require an explanation as to the source of funds?
SARs can be submitted by organisations or individuals operating both within and outside of the regulated sector. Individuals and organisations that submit SARs are referred to as ‘reporters'. SARs must be submitted as soon as the reporter knows or suspects that a person is engaged in money laundering or dealing with criminal property.
The easiest way to submit a SAR is electronically via the National Crime Agency's (NCA) secure electronic online system. Reporters can also manually submit SARs by downloading and completing the relevant forms from the NCA's website.
SARs are held on a secure database by the NCA. Once a SAR has been submitted, the reporter must take care to not commit the tipping off offence contained in the POCA. Having submitted a SAR, the reporter must not undertake the prohibited act until it has the consent of the NCA, which is presumed following the conclusion of seven working days (‘notice period') (as discussed at question 3.4). If the NCA refuses consent within the notice period, a further period of 31 calendar days commences, during which time the NCA will work to take proactive enforcement action (‘moratorium period'). As under the notice period, the reporter must take care not to tip off and must avoid the prohibited act during this time.
1.8 Is there a central authority for reporting (ie, a Financial Intelligence Unit (FIU) responsible for assessing SARs reported from relevant entities subject to AML requirements)? Does this authority work internationally?
The UK Financial Intelligence Unit (UKFIU) has national responsibility for receiving, analysing and disseminating financial intelligence gathered from SARs. It is located within the National Economic Crime Command as part of the NCA.
The UKFIU receives SARs on behalf of the NCA. It analyses information contained in SARs, extracts intelligence from them and sends the most sensitive SARs to the relevant organisations for investigation. The SARs that are not deemed highly sensitive are sent to UK law enforcement agencies via secure channels.
The UKFIU also works with foreign intelligence units and the Egmont Group, which aims to facilitate the exchange of knowledge, information and cooperation between financial intelligence units located across the globe.
1.9 What relevant public or private corporate or other registers exist to assist with conducting and/or validating AML information, ultimate beneficial owners etc; and what details must be disclosed?
A wide variety of public and private registers exist to assist with conducting and validating AML information.
Companies House maintains a register of people with significant control (PSC), which includes information about the individuals who own or control companies, such as their name, month/year of birth, nationality and the particulars of their interest in the company. UK companies (apart from listed companies) and limited liability partnerships must declare this information when issuing their annual confirmation statement to Companies House.
PSCs are persons that:
- hold more than 25% of shares or voting rights in a company;
- have the right to appoint or remove the majority of the board of directors; or
- otherwise exercise significant influence or control in a company.
The FCA's Financial Services Register lists all individuals and entities that are regulated by the FCA. This is an extremely useful source for conducting and/or validating AML information. The checks carried out by the FCA in its authorisation process mean that its register is a useful source for verifying information such as legal existence and principal place of business.
In August 2022, the United Kingdom launched a new register of overseas entities held by Companies House. The register requires overseas entities that own land or property in the United Kingdom to declare their beneficial owners and/or managing officers. Those that do not will face severe sanctions. The register is relatively new; however, it may provide a useful source for verifying beneficial owners in some contexts.
The Economic Crime and Corporate Transparency Bill, which is currently being debated in Parliament, will introduce further reforms in relation to the registration and filing of information by companies that are registered with Companies House. The reforms are designed to ensure the accuracy and reliability of the information held by Companies House (see further question 9.1).
1.10 How do such registers interoperate with one another and do they do so internationally?
The registers do not really interoperate as such, but may contain common information, such as registered place of business. Most jurisdictions will maintain their own registers containing information that can be used to assist with conducting and/or validating AML information.
2 Scope of application
2.1 Can both individuals and companies be prosecuted under the AML legislation?
Both individuals and companies can be prosecuted under the AML legislation. However, a company cannot be prosecuted for one of the principal money laundering offences unless the mental element of the offence can be attributed to a senior person(s) that represents the directing mind and will of the company in accordance with the identification principle.
Prosecutors have historically had some difficulty proving corporate criminal liability where the identification principle applies; a more common route is thus for a company to be charged with a substantive offence, but for resolution to be sought via a deferred prosecution agreement.
The identification principle does not apply to breaches of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), as no mental element is required. Enforcement agencies typically reserve prosecution for the most serious breaches of AML legislation, so in most instances civil and regulatory penalties will be applied.
2.2 Can foreign companies be prosecuted under the AML legislation?
A foreign company that breaches the AML legislation can, in certain circumstances, be prosecuted in the English courts. AML legislation such as the Proceeds of Crime Act 2002 (POCA) also has extraterritorial effect. In practice, the company in question will need to have some nexus to the United Kingdom – for example, because it carries on business there or because the acts or omissions giving rise to the AML breaches occurred there. Also, the identification principle must be satisfied for the foreign company to be prosecuted for one of the principal money laundering offences.
2.3 Does the AML legislation have extraterritorial reach?
The AML legislation in the United Kingdom has extraterritorial effect. In Regina v Rogers [2014] EWCA Crim 1680, the UK Court of Appeal held that it was clear that Parliament had intended for the principal money laundering offences contained in the POCA to have extraterritorial effect.
The court considered that the POCA's definition of ‘criminal property' in Section 340(3), together with Section 340(9), which reads that property is "all property wherever situated", is an indication of the extraterritorial effect of the POCA. The court also held that Section 340(11)(d) of the POCA, which states that money laundering is an act which would constitute an offence (including one under Section 327) if done in the United Kingdom, is a clear indication of Parliament's intent to give extraterritorial effect to the POCA.
The court observed that money laundering is an offence that is no respecter of national boundaries, and that it would be surprising if Parliament had not intended for the POCA to have extraterritorial effect.
2.4 Are there restrictions on financial institutions' accounts for foreign shell banks? Which types of firms are subject to such restrictions?
Under the MLRs, credit institutions and financial institutions are prohibited from entering into or continuing to engage in a correspondent relationship with a shell bank. Credit institutions and financial institutions must also undertake enhanced due diligence to ensure that they do not enter or continue to engage in a correspondent relationship with another credit or financial institution that is known to allow its accounts to be used by a shell bank.
Under the MLRs, financial institutions include those carrying out:
- lending activities;
- financial leasing;
- payment services;
- participation in securities issues; and
- provision of portfolio management and advice.
Credit institutions include institutions that accept deposits or repayable funds from the public or grant credit for their own accounts.
2.5 Are there cross-border transaction reporting requirements? If so, what must be reported under what circumstances and to whom?
Article 26(1) of the UK Markets in Financial Instruments Regulations requires investment firms that execute transactions in financial instruments to report complete and accurate details of such transactions to the relevant competent authority, which in the United Kingdom is the Financial Conduct Authority (FCA). These reports are instrumental in helping the FCA to detect and investigate market abuse.
The reports must include details such as:
- the names and numbers of the financial instruments bought or sold;
- the firm undertaking the trade;
- the dates and times of execution;
- the buyer and seller; and
- a designation to identify the persons and the computer algorithms within the investment firm responsible for the investment decision and the execution of the transaction.
2.6 Does money laundering of the proceeds of foreign crimes constitute an offence in your jurisdiction?
Under the POCA, ‘criminal conduct' is defined as conduct which constitutes an offence in any part of the United Kingdom or which would constitute an offence in any part of the United Kingdom if it occurred there. Therefore, the fact that the proceeds being laundered are connected to foreign crimes does not prevent the laundering of those proceeds from constituting an offence in the United Kingdom, provided that the underlying offence is also criminalised there.
Under the POCA, a person does have a defence in relation to the principal money laundering offences if it knows, or has reasonable grounds to believe, that:
- the relevant criminal conduct occurred in a particular country or territory outside the United Kingdom;
- at the time it occurred, it was not unlawful under the criminal law of that country; and
- it is not of a description prescribed by an order made by the secretary of state.
This defence is referred to as the ‘overseas conduct defence'.
The overseas conduct defence does have some limitations. One is that many of the predicate offences that give rise to money laundering, such as fraud and bribery, will constitute criminal offences in other jurisdictions. Another is that the Proceeds of Crime Act 2002 (Money Laundering: Exceptions to Overseas Conduct Defence) Order 2006 prescribes that the overseas conduct defence also will not apply where the predicate offence would incur a term of imprisonment exceeding 12 months' imprisonment or more had it been committed in the United Kingdom.
3 AML offences
3.1 What AML offences are recognised in your jurisdiction and what do they involve? Are there any codified or common law defences?
The Proceeds of Crime Act 2002 (POCA) contains the principal money laundering offences that apply to all persons:
- The concealing offence is committed where a person conceals, disguises, coverts, transfers or removes criminal property from the jurisdiction.
- The arranging offence is committed where a person enters into or becomes concerned in an arrangement which it knows or suspects will facilitate by whatever means the acquisition, retention, use of control criminal property by or on behalf of another person.
- The acquiring or possession offence is committed where a person acquires, uses or has possession of criminal property.
A person does not commit one of the principal money laundering offences if:
- it makes an authorised disclosure in accordance with Section 338 of the POCA and is given consent to act;
- it intended to make a disclosure but has a reasonable excuse for not doing so; or
- the prohibited act was done in carrying out a function that relates to the enforcement of any provision of the POCA or of any other enactment that relates to criminal conduct or the benefit from criminal conduct.
A person also does not commit one of the principal money laundering offences if it knows or has reasonable grounds to believe that:
- the relevant criminal conduct occurred in a country outside of the United Kingdom; and
- the conduct was lawful under the criminal law of that country or territory.
It is also a defence to the acquiring or possession offence to have acquired, used or had possession of the criminal property for adequate consideration.
Other offences created under the POCA concern:
- failure to disclose;
- tipping off; and
- prejudicing an investigation.
Failure to disclose is committed where a person in the regulated sector receives information that should lead him or her to suspect that a person is engaged in money laundering and fails to make an authorised disclosure, namely a SAR, to the nominated officer, who is usually the money laundering reporting officer. A person has a defence to a charge of failure to disclose if he or she can show that that the information was passed onto the nominated officer.
The tipping off offence is committed where a person alerts another to the existence of a SAR and in so doing prejudices an investigation. There are a number of defences to the offence of tipping off, including where:
- the person did not know or suspect that the disclosure was likely to prejudice an investigation; or
- the disclosure was made in connection with the detection, investigation or prosecution of a criminal offence.
The offence of prejudicing an investigation is committed when a person:
- knows or suspects that an appropriate officer is conducting or proposes to conduct an investigation in connection with money laundering, confiscation, civil recovery, detained property or frozen funds; and
- makes a disclosure which is likely to prejudice the investigation or falsifies, conceals, destroys or otherwise disposes of documents that are relevant to the investigation.
There are a number of defences to the offence of prejudicing an investigation, including where the person:
- is a professional or legal adviser and the disclosure was made to a client in privileged circumstances; or
- did not know or suspect that the disclosure would prejudice the investigation.
3.2 How are predicate offences defined in your jurisdiction? Is tax evasion a predicate offence for money laundering?
In the United Kingdom, money laundering offences are not confined to any particular class of predicate offences. Tax evasion is a predicate offence for money laundering in the United Kingdom.
In terms of the principal money laundering offences, criminal conduct is conduct which constitutes an offence in any part of the United Kingdom or would constitute an offence there. Money laundering can therefore be committed wherever proceeds have been generated from criminal conduct and those proceeds have been laundered.
3.3 What reporting offences exist (eg, failure to disclose, tipping-off and prejudicing or obstructing an investigation)?
Several criminal reporting offences exist in the United Kingdom. The POCA contains offences relating to failure to disclose money laundering, tipping off and prejudicing an investigation. The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) contain the offences of prejudicing an investigation and providing false or misleading information. Enforcement of MLR offences can be dealt with on a criminal or civil basis. The POCA offences are enforced on a criminal basis. The POCA contains a separate civil recovery regime that does not apply to these reporting offences.
The Crown Prosecution Service released updated guidance on the prosecution of the POCA failure to disclose offence in June 2021, which suggests that it will now be possible to prosecute this offence of failure to disclose money laundering even where it cannot be proved that money laundering was planned or has actually occurred.
3.4 Do any restrictions or thresholds (eg, in terms of parties, asset type or transaction value) serve to limit the types of activities that constitute AML offences?
Under the POCA, deposit-taking institutions will have a defence to a charge concerning any one of the three principal money laundering offences as long as the transactions on the account do not exceed £250. This amount is referred to as the ‘threshold amount' under the POCA and the associated defence is only available to deposit-taking institutions.
A regulated entity that submits a suspicious activity report (SAR) to the National Crime Agency (NCA) and receives the requisite consent from the NCA before the act is done will have a defence to a charge concerning one of the principal money laundering offences. This is sometimes referred to as a defence against money laundering SAR (DAML SAR). The NCA will be deemed to have given consent if it does not respond to the DAML SAR within seven working days.
A regulated entity will also have a defence to such a charge when it intended to make such a disclosure but had a good reason for not doing so.
4 Compliance
4.1 Is implementing an AML compliance programme a regulatory requirement in your jurisdiction? If so, what aspects must this cover? Are there any criteria and/or conditions that a money laundering reporting officer or any other person responsible for AML must observe?
Regulated persons (both natural and legal) in the United Kingdom must put in place various measures to ensure that they are compliant with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). These measures relate to areas such as:
- customer due diligence;
- internal controls and ongoing monitoring;
- record keeping;
- the appointment of a nominated officer;
- suspicious activity reporting; and
- training.
Businesses that are regulated by the MLRs must appoint a nominated officer. The nominated officer's principal role is to:
- be aware of any suspicious activity involving the business that could be linked to money laundering or terrorist financing;
- receive disclosures in relation to such activities; and
- where necessary, report such activities to the National Crime Agency (NCA).
The nominated officer can also be the money laundering reporting officer (MLRO).
The role of the MLRO is more expansive than that of the nominated officer. The MLRs do not contain a definitive list of the responsibilities of an MLRO. However, an MLRO will need to have a clear understanding of the AML and CTF risks facing the business and the sector in which it operates. He or she should help to oversee and implement an effective risk-based compliance programme. The MLRO will need to have access to sufficient resources to create and implement any changes to the compliance functions within the business. He or she must also possess the necessary degree of independence to make compliance decisions that may not be popular with internal stakeholders within the business.
The nominated officer and/or MLRO must be a person that is part of the business. Sole traders with no employees must act as the nominated officer.
Under Financial Conduct Authority (FCA) supervision rules, the role of an MLRO is a controlled function and any person seeking to perform the role of an MLRO in an FCA regulated business must first obtain the FCA's approval before performing that function.
4.2 What customer and business partner due diligence (know your customer/client due diligence) requirements apply in this regard? Do any look-through requirements apply? Are there any simplified or enhanced due diligence requirements for certain types of persons and activities?
Customer and business partner due diligence requirements in the United Kingdom are designed to manage risk. Regulated entities are required by the MLRs to apply customer due diligence when they:
- establish customer relationships;
- carry out transactions that exceed €1,000;
- suspect that money laundering or terrorist financing is occurring; or
- have doubts about the adequacy or veracity of any documents that they have previously obtained for the purpose of identification or verification.
The benchmark for when regulated businesses such as high-value dealers, art market participants and letting agents must carry out customer due diligence is dependent upon the amount involved in the business relationship or transaction that they are engaged in.
Regulated businesses must take steps to identify and verify their customers. The decision about the level of due diligence that is applied must be made on a case-by-case basis in accordance with the risk associated with that particular transaction.
The MLRs state that regulated entities must apply enhanced customer diligence in a number of instances, including where:
- there is a high risk of money laundering or terrorist financing;
- the business relationship or the parties to the transaction are established in a high-risk country;
- the customer or potential customer is a politically exposed person (PEP) or a family member or a known close associate of a PEP; and/or
- the transaction is complex or unusually large.
Simplified due diligence can be applied to transactions or business relationships that present a low degree of risk of money laundering and/or terrorist financing. Regulation 37 of the MLRs sets out the factors that should be considered when determining whether simplified due diligence should be applied.
4.3 What due diligence requirements apply in relation to ultimate beneficial owners?
Where a customer of a regulated person is beneficially owned by another person, the regulated entity must identify the beneficial owner. The regulated person must take reasonable steps to verify the identity of the beneficial owner so that they are satisfied that they know their identity. Where the beneficial owner is a legal person, trust, company or entity with a similar legal arrangement, the regulated entity must take reasonable steps to understand the ownership structure of that beneficial owner. A regulated entity will not be required to carry out these due diligence checks on ultimate beneficial owners that are listed on a regulated market.
Where the customer is a body corporate, the regulated person must keep a written record of all the steps they have taken to identify the beneficial owner. A written record must also be kept where the regulated person:
- has been unable to identify the beneficial owner; or
- is not satisfied that the individual identified is in fact the beneficial owner.
A regulated person that is engaged in a business relationship with a customer that is established in a high-risk third country or involved in a transaction where either of the parties is established in a high-risk third country must obtain additional information about the customer's beneficial owners, including their source of wealth or funds.
Regulated persons that provide a contract of long-term insurance must take reasonable measures to determine whether one or more of the beneficial owners of the beneficiary of such a policy is a PEP or the family member or known close associate of a PEP.
4.4 Which books and records requirements have relevance in the AML context? What privacy laws apply?
Under Regulation 40 of the MLRs, regulated persons must keep specified documents in relation to customer due diligence and transactions for a period of five years from the date on which the regulated person knows or has reasonable grounds to believe that the business relationship has ended or the transaction has been completed. Personal data that has been obtained to satisfy the requirements of the MLRs must be deleted after the five years expire, except in limited circumstances such as where:
- the data subject has consented to the retention of his or her data; or
- the records need to be retained for purpose of any court proceedings.
Although the United Kingdom is no longer part of the European Union, the General Data Protection Regulation (GDPR) has been implemented into UK national law. Under the MLRs, data obtained by regulated persons to satisfy the requirements of the MLRs can only be processed for the purposes of preventing money laundering, terrorist financing or proliferation financing. Before establishing a business relationship or entering into an occasional transaction with a new customer, regulated businesses must provide the customer information required under Article 13 of the UK GDPR, which includes an explanation that personal data that is received from the customer will only be processed for the purpose of preventing money laundering or terrorist financing.
4.5 What other compliance best practices should a company implement to mitigate the risk of AML violations?
Companies should keep risk at the forefront of their minds. Companies should be alive to the need to take extra measures to manage the risks that arise in each transaction or customer relationship, even where they have already complied with their AML regulatory obligations. Best practice requires that compliance not be treated as a tick-box exercise. Companies should ensure that their compliance with the law is underpinned by good judgement.
There can be a tendency for companies to frontload compliance checks to the onboarding phase of a new customer relationship, and this can sometimes mean that they do not apply the requisite level of diligence and monitoring once the relationship has been established. This approach can have serious consequences, as shown by the significant fines that have been issued in the United Kingdom against regulated persons because of AML failures that occurred after the establishment of a customer relationship. Best practice dictates that ongoing monitoring must form a crucial part of an AML programme.
Those at the top of the company must promote a culture of compliance and ensure that those who are directly tasked with implementing AML compliance within the firm are sufficiently empowered in their decision making and given access to the proper resources to effectively carry out their duties.
4.6 Are companies obliged to report financial irregularities or actual or potential AML violations?
Regulated persons must report anything that gives rise to a suspicion of money laundering or terrorist financing to their nominated officer and/or an appropriate authority. The suspicion can arise for a multitude of reasons, including where:
- a customer wishes to make unusually large cash transactions;
- a customer seeks to make a transaction that is not in keeping with its usual course of business;
- a customer is seeking to use intermediaries to protect its identity;
- a customer is undertaking an unusually large foreign currency transactions; and/or
- the transaction involves an unusual source of funds.
There is no exhaustive list of what may constitute suspicious activity and regulated persons must have adequate monitoring systems in place so that they can identify and report suspicious activity. Any individual working within the regulated sector must disclose any suspicions of money laundering or terrorist financing to the MLRO or nominated officer. The MLRO or nominated officer should then ask more questions if necessary and make an assessment about whether a suspicious activity report should be submitted.
As discussed in question 1.7, the regulated person must make the report as soon as it knows or suspects that an individual or entity is engaged in money laundering or dealing with criminal property.
Non-regulated entities may also report their suspicions of money laundering or terrorist financing to the UK Financial Intelligence Unit at the NCA in order to avail of a defence to the principal money laundering offences under the Proceeds of Crime Act 2002.
4.7 Does failure to implement an adequate AML programme constitute a regulatory and/or criminal violation in your jurisdiction?
a failure to implement an adequate AML programme constitutes a regulatory and/or criminal offence in the United Kingdom. The MLRs require regulated entities to put in place adequate AML policies, controls and procedures to prevent money laundering. Under Regulation 86 of the MLRs, any person that contravenes a relevant requirement will be guilty of an offence.
A person that is summarily convicted for the offence of contravening a relevant requirement is liable to face a maximum term of imprisonment of three months and/or a fine. A person that is convicted on indictment will face a maximum sentence of two years' imprisonment and/or a fine. The court will consider any guidance issued by the FCA or any other supervisory authority or appropriate body in deciding whether an offence has been committed.
5 Enforcement
5.1 Can companies that voluntarily report AML violations or cooperate with investigations benefit from leniency in your jurisdiction?
Companies that self-report AML violations and/or cooperate with investigations can benefit from leniency in the United Kingdom. There is no exact measure of the level of leniency that a self-reporting and/or cooperating company will receive, as each case will invariably have to be dealt with on its own facts. However, the court will consider self-reporting and cooperating with an investigation as mitigating factors when deciding the appropriate sentence to impose. This will be counterbalanced by any aggravating features that are present in the case, such as the type of breach that has occurred and how long the breach has continued for.
In Financial Conduct Authority (FCA) investigations, companies that do not dispute the FCA's findings and settle at the earliest opportunity will qualify for the FCA's settlement discount scheme. However, this scheme will not apply once court proceedings have been instituted.
The Crown Prosecution Service (CPS) and the Serious Fraud Office (SFO) can enter into deferred prosecution agreements (DPAs) where one of the principal money laundering offences has been committed. A DPA can also be issued in relation to the offences of failing to disclose money laundering and tipping off. DPAs are a discretionary measure and can only be issued by the director of the SFO or the director of public prosecutions. DPAs can only be issued in relation to companies and not individuals, and must be approved by the court. DPAs are not currently used by other investigative agencies such as the FCA and His Majesty's Revenue and Customs (HMRC); however, in practice, HMRC will refer the matter to the CPS for a charging decision and, where appropriate, a DPA to be considered. Please see question 5.4 below in relation to the FCA.
5.2 Can the existence of an AML compliance programme constitute a defence to charges of AML violations?
The existence of an AML compliance programme may constitute a defence to a charge of breaching AML violations in some circumstances. As discussed at question 4.7, a person that contravenes a relevant requirement imposed by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) will be guilty of an offence. It will be a defence for any person charged with an offence of contravening a relevant requirement to show that it took all reasonable steps and exercised all due diligence to avoid committing the offence.
The existence of an AML compliance programme may therefore potentially provide a defence to charges of AML violations.
5.3 What other defences are available to companies charged with AML violations?
As discussed at question 3.4, regulated persons that submit a defence against money laundering suspicious activity report to the National Crime Agency, or that intended to make such a disclosure but have a good reason for not doing so, will not be guilty of the principal money laundering offences. A regulated person that can establish that it took all reasonable steps and exercised all due diligence to avoid breaching a relevant requirement under the MLRs will also not be guilty of an offence.
5.4 Can companies negotiate a pre-trial settlement through plea bargaining, settlement agreements or similar?
As discussed at question 5.1, in certain circumstances it will be open to companies to enter into a settlement agreement or DPA with the prosecution.
The FCA has a settlement agreement scheme that can apply to instances of AML breaches as long as court proceedings have not been instituted. Similarly, the CPS and the SFO have a discretionary power to invite a corporate defendant to enter into negotiations for a DPA where it is suspected that a qualifying offence has been committed. A qualifying offence includes the principal money laundering offences.
In practice, where there have been very serious breaches of the MLRs by a regulated entity, an enforcement agency such as the FCA is likely to pursue a criminal prosecution as opposed to seeking some form of settlement.
Companies that wish to engage in some form of settlement agreement must be fully advised about the import of such a settlement and the conditions that may be imposed on the conduct of their business as part of that agreement. Companies that are contemplating such a settlement must seek expert legal advice at the earliest opportunity.
5.5 What penalties can be imposed for violations of the AML legislation? How are these determined? Can non-exhaustive penalties be imposed for such violations (eg, exclusion from public procurement, exclusion from entitlement to public benefits or aid, disqualification from the practice of certain commercial activities, judicial winding up)?
A wide range of penalties can be imposed on persons that are found to have violated the AML legislation.
Corporate offenders that are convicted of money laundering face a maximum sentence of an unlimited fine. The courts will consider the category of offending by reference to the corporate's culpability and the harm committed. In sentencing a corporate for a money laundering offence, the courts also have the power to make a number of ancillary orders, including a compensation order, which would require the corporate to pay compensation for any injury, loss or damage that resulted from its offending. The court can, if invited to by the prosecution (or of its own volition), make a confiscation order, which will deprive the offending corporate of the benefit from its criminal conduct. Confiscation must be dealt with before the imposition of any other financial order except for compensation, and must form part of the assessment of the level of financial order that can be imposed.
Money laundering supervisors such as the FCA and HMRC also have the power to:
- suspend or cancel a business's registration;
- ban or suspend senior individuals from having a role in a regulated business; and
- issue a public statement censuring the business.
Individuals who are convicted of one of the principal money laundering offences face a maximum term of imprisonment of 14 years and/or a fine. In determining the category of offending for individual offenders, the courts will consider the factors that point to the culpability of the offender, such as whether:
- the offender abused a position of trust, power or responsibility; or
- the offence involved a significant level of planning.
The court will then consider the harm caused by the offender, which will be assessed by the value of the money laundered and the level of harm associated with the underlying offence that gave rise to the money laundering.
5.6 Can funds, property and/or proceeds of AML and/or financial crime be subject to asset freezing/confiscation/forfeiture or victim compensation laws? If so, under what circumstances and what types of funds or property may be confiscated/forfeited? Can such actions be taken if there is no criminal conviction?
There are several types of civil recovery orders contained in the Proceeds of Crime Act 2002 (POCA) that can be made in relation to the funds and property which do not require a criminal conviction to have been secured.
Cash seizure: The POCA allows for the seizure, detention and forfeiture of cash. A specified officer (eg, a constable or revenue and customs officer) must have reasonable grounds for suspecting that the cash is recoverable property or intended for use in unlawful conduct. ‘Recoverable property' is any property which has been obtained through unlawful conduct, including the proceeds of money laundering and financial crime.
Cash seizure proceedings are civil in nature and are dealt with in the magistrates court. The magistrates court can make an order for the forfeiture of cash where it is satisfied on the balance of probabilities that the cash is recoverable property or intended for use in unlawful conduct. Cash seizure, detention and forfeiture can be actioned without a criminal conviction.
Restraint: The POCA allows for the restraint of a person's assets that will be needed to satisfy a confiscation order after a prosecution and conviction. Assets can include items such as artwork, jewellery and cars. Restraint orders can be granted if any one of five conditions is met. These conditions include where a criminal investigation into an offence has commenced and there are reasonable grounds for believing that the defendant has benefited from their criminal conduct. A restraint order has the effect of freezing a person's assets and prevents specified persons from dealing with the property.
Account freezing: A magistrates court can make an order to freeze money held in an account that is maintained with a relevant financial institution where there are reasonable grounds for suspecting that money held in the account is recoverable property or is intended by any person for use in unlawful conduct. An application for an account freezing order will be made by an enforcement officer and can be extended for up to two years. Funds in a frozen account can also be forfeited in due course if the relevant criteria are satisfied.
Property freezing orders can also be made in relation to property that is likely to become subject to a civil recovery order. A property freezing order prevents anyone to whom it applies from dealing with the property in anyway.
Confiscation: Confiscation proceedings are dealt with in the Crown Court and are designed to deprive a defendant of the benefit from criminal conduct. Confiscation orders are made against people, not property, and require the person against whom the order is made to pay a sum that represents the value of the benefit that it has derived from their criminal conduct. Unlike the civil recovery orders discussed above, confiscation orders do require a criminal conviction. The courts will consider whether the defendant's conduct satisfies the conditions for having a criminal lifestyle and whether the defendant has benefited from the criminal conduct, and will go on to determine the recoverable amount. Defendants that fail to comply with a confiscation order face a further period of imprisonment that will be determined in accordance with the recoverable amount, the serving of which does not extinguish the amount due under the confiscation order.
5.7 What is the statute of limitations for prosecuting AML offences in your jurisdiction?
The Magistrates Court Act 1980 imposes time limits on the prosecution of summary only offences which are dealt with in the magistrates court. There is generally no limitation period on prosecuting offences that are triable either way or indictable only. AML offences are triable either way, which means that there will generally be no limitation period for prosecuting such offences.
6 Alternatives to prosecution
6.1 What alternatives to criminal prosecution are available to enforcement agencies that find evidence of AML violations?
AML supervisors such as the Financial Conduct Authority (FCA) and His Majesty's Revenue and Customs play an important role in enforcing money laundering compliance. As an alternative to criminal prosecution, they have the power to a impose a variety of sanctions, including:
- financial penalties;
- the disqualification of individuals from occupying specified roles in businesses that fall within their supervisory perimeter;
- suspension notices;
- prohibition notices; and/or
- cancellation of AML supervision registrations.
In cases concerning the FCA involving breaches of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), settlement agreements cannot be reached after criminal proceedings have started.
As discussed in question 5.1, the Crown Prosecution Service and the Serious Fraud Office can invite a corporate that is suspected of AML violations to enter into a deferred prosecution agreement (DPA), which will have the effect of suspending a criminal prosecution subject to conditions contained within the DPA.
6.2 What procedures are involved in concluding an investigation in this way?
The number of AML supervisors means that there is no single procedure for concluding investigations with non-criminal resolutions. Each supervisor has its own procedure for concluding investigations where a non-criminal disposal has been agreed.
The FCA, for example, will not engage in settlement discussions until it has a sufficient understanding of the nature and gravity of the suspected misconduct or issue to make a reasonable assessment of the appropriate outcome.
Non-criminal disposals can also sometimes involve multiple parties such as the firm and individuals within the firm who are seeking some form of settlement with the enforcement agency. Non-criminal disposals will necessarily involve an admission of/or acceptance of wrongdoing. There will be some opportunity to engage in discussions about the form of the settlement agreement and to make representations to the enforcement agency.
6.3 What factors will determine whether such an alternative to prosecution is to be offered by an enforcement agency to those who have been involved in AML violations?
The decision to offer an alternative to prosecution to a regulated person that has committed an AML violation will depend on the facts of the case. The more serious the breach or suspected offence, the less likely the relevant agency will be inclined to pursue an alternative to prosecution.
Enforcement agencies will want to send a message of deterrence where serious violations have occurred. However, in many cases they will be unable to achieve this via a criminal prosecution because criminal prosecutions can be very expensive, lengthy and resource intensive. This is another factor that will determine whether an alternative to prosecution is offered by an enforcement agency. Further, alternatives to prosecution still allow enforcement agencies to impose significant financial penalties that can serve as a deterrent to others.
The level of cooperation offered by the offending party, its willingness to seek an alternative to prosecution and any remedial action it has taken to address the issues that gave rise to the violation will also help to determine whether an alternative to prosecution is offered by the enforcement agency.
The FCA has made it clear that any redress to consumers that have been disadvantaged by a firm's misconduct will be a particularly important factor in whether a settlement agreement can be reached.
6.4 How common are these alternatives to prosecution?
Alternatives to prosecution are offered at the discretion of the enforcement agency concerned. In practical terms, most enforcement agencies tend to deal with violations of the MLRs by:
- issuing fines or censures; or
- in some cases:
-
- suspending or cancelling an entity's AML registration; or
- suspending or disqualifying an individual from carrying out a specified function within a regulated business.
The volume of breaches that might occur during a year or over a given time period means that it is not practicable for enforcement agencies to attempt to criminally prosecute each one. Regulatory resolutions are therefore far more common than prosecutions.
Where a firm or individual has committed an offence under the Proceeds of Crime Act 2002, an alternative to prosecution is far less common; and as discussed in question 5.1, DPAs are not available for individuals.
6.5 What reasons, if any, could lead to an increase in the use of such alternatives?
Alternatives to prosecution are already in use and there is no one factor that could lead to an increase in their usage. The resource-intensive nature of criminal investigations means that enforcement agencies can be more inclined to pursue an alternative to prosecution. It may be that increased detection of money laundering violations by enforcement agencies and/or increased reporting of wrongdoing will lead to an increase in the use of alternatives to prosecution.
7 Private AML enforcement
7.1 Are private enforcement actions for AML offences available in your jurisdiction? If so, where can they be brought and what process do they follow?
Private prosecutions are available for AML offences in the United Kingdom. However, private prosecutions can present some difficulties, including funding; therefore, one approach is to collect sufficient evidence so that the matter can be referred to the Crown Prosecution Service (CPS), His Majesty's Revenue and Customs or the Serious Fraud Office so that the relevant body can consider a charging decision and, if appropriate, take over the prosecution. Criminal trials also have a higher burden of proof than civil trials. Private prosecutors do not have the same powers of compulsion or arrest that enforcement bodies such as the Financial Conduct Authority enjoy.
A private prosecution does, however, allow a client (known as the complainant) to maintain a level of control over the prosecution which a public prosecution would not afford it, such as the allocation and choice of resources, and choice of legal team. The CPS does retain the power to take over any private prosecution so that it may continue to prosecute or, in certain circumstances, end the prosecution.
As with all criminal proceedings, a private prosecution will commence in the magistrates court. The prosecutor will apply for a summons for the defendant to attend court on a specified date and time. If the magistrates accede to the application, the case will progress in line with the normal procedure for criminal cases. The defendant will make its first appearance in the magistrates court. The court will deal with matters of plea, venue of any trial and allocation. If the case is sent to the Crown Court for trial, the defendant will attend a plea and trial preparation hearing; and if the defendant maintains a not guilty plea, the case will proceed to a trial before a jury, with the judge giving usual directions in relation to matters such as the service of evidence and disclosure.
7.2 What types of relief may be sought and what types of relief are most commonly awarded? How is the relief awarded determined?
In criminal proceedings, the court has the power to make a compensation order after a defendant has pleaded guilty or been convicted of an offence. A compensation order requires the defendant to pay compensation for any personal injury, loss or damage that flows from the offence that was committed. Compensation orders can be made in place of, or in addition to, another sentence. The court will hear representations from the prosecution and the defence, and will take into consideration how much the defendant can afford to pay.
Civil liability need not exist for the court to make a compensation order. However, where civil liability does exist, the court will not ordinarily make a compensation order that is in excess of what would be recoverable in civil proceedings.
Criminal courts in the United Kingdom also have the power to make restitution orders which restore to victims of crime goods or the value of goods that have been unlawfully obtained from them. The court is not required to take account of the defendant's means when making a restitution order. The court, however, cannot make a restitution order with respect to goods that are in the possession of a third party.
Once criminal proceedings have been commenced, a private prosecutor can apply for a restraint order prohibiting the defendant from dealing with specified assets to prevent their dissipation if it is believed that the alleged offender has benefited from their criminal conduct.
7.3 Can the decision in a private enforcement action be appealed? If so, to which reviewing authority?
Criminal decisions in private enforcement actions can be appealed. A defendant that is convicted and/or sentenced in the magistrates court can appeal to the Crown Court. The defendant does not need permission to appeal. Both the prosecutor and defence can appeal to the High Court in relation to decisions made in the magistrates court by way of case stated. Such appeals are not evidentiary in nature and no witnesses will be called. Appeals by way of case stated are confined to legal argument about the process that was followed in the magistrates court and the application of the law and/or how the magistrates exercised their powers.
The prosecutor or the defence can appeal the decision of the High Court in an appeal by way of case stated to the Supreme Court. The High Court must certify that the point of law in issue is of general public importance. The Supreme Court must also give leave to appeal.
A defendant in the Crown Court can appeal to the Court of Appeal in relation to a point of fact or law. A defendant that wishes to appeal a conviction or sentence from the Crown Court must obtain leave to appeal from the Court Appeal. The only exceptions to this are cases involving contempt of court or where the Crown Court judge has issued a certificate of fitness for appeal.
A Court of Appeal decision can be appealed to the Supreme Court where the Court of Appeal certifies that the decision concerns a point of law of general public importance and either the Court of Appeal or Supreme Court grants leave to appeal.
8 AML, cyber and crypto-assets
8.1 How does the AML regime dovetail with other cyber law in your jurisdiction?
Under the Payment Services Regulations 2017 and the Electronic Money Regulations 2011, payment institutions and electronic money institutions must, as part of an application for authorisation to the Financial Conduct Authority (FCA), include descriptions of the internal control mechanisms that they have established to comply with their obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs).
As discussed in question 9.1, the Economic Crime and Corporate Transparency Bill will allow businesses in the AML regulated sector to disclose customer information to other businesses within the AML regulated sector for the purpose of detecting and preventing economic crime. So where, for example, a bank has terminated its relationship with a customer due to concerns about an issue such as money laundering, it can disclose that information to another bank so that it is aware of its decision. Regulated persons that disclose customer data for purposes other than those identified in the Bill can be held civilly liable.
The European Union's Fifth Anti-Laundering Directive extended the AML rules to virtual currencies. This extension means that parties which provide storage, holding or transfer services for virtual currencies such as Bitcoin must comply with AML rules within relevant jurisdictions, including the United Kingdom.
Anecdotally, the FCA originally rejected Binance's application to AML supervision registration because it was unhappy with the responses that it had received from the company as part of its application for AML supervision registration.
8.2 What specific considerations, concerns and best practices should companies be aware of with regard to AML prevention in the cyber sphere?
The cyber sphere is admittedly more difficult to regulate than more traditional modes of commerce and the question of risk must be at the core of any AML prevention strategy. It is crucial that regulated persons operating in the cyber sphere carry out a proper assessment of the AML risks posed by the nature of the business they are engaged in. The results of this assessment must then inform the policies, procedures and controls that are put in place to mitigate against the AML risks that are identified.
Careful thought must be given to inherent risks posed by the cyber sphere, particularly around due diligence and customer verification. Businesses should be alive to the ever-evolving nature of the cyber sphere and must put in place compliance systems that are fluid enough to adapt to a risk landscape that is fast moving.
It is important that suitably trained and qualified individuals are put in charge of implementing and overseeing compliance programmes in businesses that operate in the cyber sphere. Regulated persons must ensure that their staff undergo continuous sector-specific training that will equip them to effectively carry out their roles, and that those overseeing the compliance programme receive adequate support from senior officers within the business.
8.3 Does the AML regime extend to crypto-asset activity and if so, how?
As mentioned in question 8.1, the European Union's Fifth Anti-Laundering Directive extended the AML rules to virtual currencies. The FCA supervises cryptoasset businesses for compliance with the MLRs. Since 10 January 2020, businesses seeking to undertake cryptoasset activities in the United Kingdom have been required to register with the FCA under the MLRs. These activities include:
- exchanging, or arranging or making arrangements with a view to the exchange of, cryptoassets for money or money for cryptoassets;
- providing services to safeguard or safeguarding and administering cryptoassets on behalf of customers; or
- providing private cryptographic keys on behalf of customers in order to hold, store and transfer cryptoassets, when providing such services.
The FCA website contains a list of all the activities that fall within its AML supervision perimeter. The FCA also maintains a list of all the unregistered cryptoasset businesses that it is aware of.
Any person that intends to acquire 25% or more control in a cryptoasset firm that is registered with the FCA must obtain the FCA's approval before acquiring the stake in the firm.
Cryptoasset business that are supervised by the FCA must demonstrate that they have put in place policies, procedures and controls that adequately mitigate the AML risks posed by the size and nature of their business.
The FCA can use its enforcement powers under the MLRs where registered cryptoasset business are found to have breached the MLRs. The FCA will follow its Enforcement Guide, which details how it approaches enforcement and conducts investigations.
9 Trends and predictions
9.1 How would you describe the current AML enforcement landscape and prevailing trends in your jurisdiction? Are any new developments anticipated in the next 12 months, including any proposed legislative reforms?
Over the last 24 months, the Financial Conduct Authority (FCA) has taken a tough stance against institutions that have demonstrated poor compliance with their AML obligations. It has issued significant fines against institutions that have breached the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and this trend is likely to continue over the coming months.
The Economic Crime (Transparency and Enforcement) Act 2022, which served as part of the UK government's response to Russia's invasion of Ukraine, created a new public register of beneficial owners for non-UK entities that buy or own land in the United Kingdom. This public register, which is for beneficial owners that own more than 25% of shares or voting rights in an entity, is designed to prevent bad actors from using corporate structures to launder money through the United Kingdom.
The Economic Crime and Corporate Transparency Bill, which is currently at the reporting stage in the UK Parliament, will strengthen the United Kingdom's AML powers. The bill will make it easier for businesses to share information for the purposes of detecting, preventing and investigating economic crime. This will be achieved in part by ensuring that they will not be held liable under civil laws for breaching confidentiality where they share the information in order to help combat economic crime.
The bill will also increase corporate transparency by requiring directors, persons with significant control and those delivering documents to Companies House to verify their identity with the registrar. This new requirement is designed to undermine the ability of bad actors to register fictitious beneficial owners or directors.
The bill will also give Companies House the power to:
- query information that is held on its register;
- reject new filings; and
- compel people to provide additional information to assist Companies House in making a determination about a filing that it has queried.
The bill will further require companies to record the full names of their shareholders in their registers and contains the power to create regulations that will allow more information to be obtained about shareholders.
The bill will also enhance the ability of the UK Financial Intelligence Unit (UKFIU) to secure information from businesses about money laundering by enabling information orders to be made without the need to submit a suspicious activity report.
Lastly, it is likely we will see a growing number of investigations into frauds (and the money laundering associated with them) that were committed during the COVID-19 pandemic in the coming months.
9.2 Has your jurisdiction's AML regime been evaluated by an international organisation, such as the Financial Action Task Force (FATF), the Council of Europe (Moneyval) or the International Monetary Fund; and if so, when?
The UK AML regime has been evaluated by the Financial Action Task Force (FATF) on four occasions, with the most recent evaluation published in June 2022. The International Monetary Fund carried out a financial sector assessment of the UK AML regime in March 2022.
9.3 Does your jurisdiction meet the recommendations of the Financial Action Task Force; and if not, what are the barriers to meeting these?
The United Kingdom is currently rated as compliant with 24 recommendations of the FATF and largely compliant with a further 15 recommendations. The one shortfall relates to Recommendation 29, which concerns the independence and operational capacity of the UKFIU. In its previous Market Evaluation Report, the FATF had rated the United Kingdom as being partially compliant with Recommendation 29 due to concerns about the impact of a lack of resources on the UKFIU's ability to perform its key functions and its operational independence. The FATF has recognised that the United Kingdom has made some progress in enhancing is operational capabilities by hiring additional staff and making more use of technology. However, it has taken the view that the United Kingdom still has more progress to make, which is why the partially compliant rating remains.
9.4 What noteworthy technology developments have you observed in your jurisdiction over the past 12 months in the growth of regtech and suptech solutions, as well areas where blockchain and digital assets or online-based communities are used as an enabler (eg, money laundering using video games or online forums)?
There have been no noteworthy developments in relation to regtech and suptech over the past 12 months. The FCA held a regtech webinar in February 2022, at which the topic of suptech was also discussed. Over the last 12 months, the FCA has issued a number of significant fines against regulated entities that have breached AML rules or failed to detect market abuse. The increased enforcement activity of the FCA in this area may mean that regulated entities feel that they need to invest in regtech and suptech to help prevent the breaches that the FCA has been taking a tough stance against.
Most of the litigation around virtual assets has been civil in nature and has concerned the freezing and recovery of cryptoassets and/or non-fungible tokens. While there have been reports about the seizure of cryptocurrencies by police forces and enforcement agencies, there have been no significant criminal investigations involving blockchain or digital assets.
10 Tips and traps
10.1 What are your top tips for the smooth implementation of a robust AML compliance programme and what potential sticking points would you highlight?
The successful implementation of a robust AML compliance programme requires the support of top-level management and oversight from suitably qualified individuals who are sufficiently empowered to implement the programme.
AML compliance programmes must be designed in a way that is commensurate to the risks posed by the nature of the business, transaction or product that the business is engaged in. The question of whether a compliance programme meets the risks posed by the nature of the business must be kept under constant review. New products and new markets can pose new compliance risks, and businesses must be proactive in mitigating those risks. This will include the questions of whether staff need additional training and whether existing programmes need to be modified or new systems need to be introduced.
There should be clear reporting channels for staff who wish to raise compliance concerns. Those who are tasked with overseeing compliance programmes must proactively respond to any compliance issues; and those who are responsible for the governance of the business as a whole (eg, board members) must support and probe the workings of the business's compliance programme.
One potential sticking point could be where a business adopts a static approach to compliance that is reactive as opposed to proactive. Compliance is not a ‘one size fits all' exercise, which is why a proper consideration of the risk and potential risk of business is an important factor in the design of any compliance programme.
It is also important that businesses learn from the AML failings of other businesses in their sector so that they do not make the same mistakes.
10.2 What are the key threats and trends that you have seen in your jurisdiction with respect to money-laundering techniques during the COVID-19 pandemic?
The COVID-19 pandemic provided new opportunities for bad actors to launder the proceeds of criminal activities. The lockdowns that were put in place during the pandemic led to a diffuse way of working that created new risks for business. The increased competition among businesses that was created by the economic constraints of the pandemic made it more likely that AML due diligence was less stringent to ensure business continuity in a competitive marketplace. Less restrictive AML environments were undoubtedly exploited by bad actors that were seeking to launder the proceeds of crime.
As businesses were forced to move the majority of their interactions with customers online, this increased digitisation of customer interactions created opportunities for bad actors to exploit weaknesses in customer verification and online transactions to commit fraud and launder the proceeds of their fraud.
The proliferation of fraud in the pandemic led to a significant increase in money laundering. It is anticipated that, as with the 2008 global economic crisis, the scale of economic crime that took place in the pandemic will only become known in the years to come.
10.3 Are your jurisdiction's relevant AML legislative and rulemaking instruments available in online; and if so, are they publicly available and in English?
The relevant AML legislative and rulemaking instruments in the United Kingdom are the Proceeds of Crime Act 2002 and the MLRs (as amended). These are all available online.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.