A controversial recent judgment affects how UK businesses approach money-laundering issues. John Binns walks us through the new landscape.
Cause for Alarm?
In R (World Uyghur Congress) v National Crime Agency, the Court of Appeal interpreted the provisions of the Proceeds of Crime Act 2002 (POCA) in a way that alarmed many, raising important questions about how to deal with scenarios where criminal conduct has given rise to 'tainted' funds and/or goods, whose journey through accounts and supply chains was previously thought to have 'cleansed' them. Now, the definition of 'criminal property' can include funds and goods that have been exchanged for adequate consideration, effectively spreading the taint exponentially with each exchange, like amoebae. How should businesses (whether regulated for anti-money laundering (AML) purposes, or otherwise), and their advisers, approach this new take on the law?
POCA: a Primer
What POCA is for
For those unfamiliar with POCA, a brief primer is necessary. (Others may skip to 'What has changed?', below.)
The basic idea of POCA is to give law enforcement maximum discretion to pursue proceeds of crime and those who deal with them, by enabling various actions against people and property, and requiring intelligence from people both inside and outside the 'regulated sector' (broadly, financial institutions and other 'gatekeepers' of the financial system). Tempering that are some provisions (adequate consideration, and the consent regime – more on both below) that enable legitimate business to carry on, with the premise that some interaction between it and tainted property is unavoidable.
The statute is divided into parts. Parts 2 to 4 are about making orders against convicted defendants to pay sums equivalent to their benefit from crime, and restraining property that may be used to pay such orders. Part 5 is about the civil recovery of property obtained through unlawful conduct (or, sometimes, intended for use in such conduct), without the need for convictions.
Importantly for present purposes, Part 5 provides that property is recoverable in the hands of those who obtain it following a disposal (not just once, but any number of times), but not those who obtain it 'in good faith, for value, and without notice' (historically known to law students as 'equity's darling').
What is 'money laundering'?
Part 7 of POCA, like much of the statute, defines terms in a way that most people (even lawyers) would not expect. Under the heading of 'money laundering', it creates offences by prohibiting (broadly speaking) any dealings with, or arrangements concerning, 'criminal property' (not just money). Exceptions apply where the person doing the prohibited act:
- makes an 'authorised disclosure' (in practice, a suspicious activity report (SAR) to the National Crime Agency (NCA) and obtains 'consent' (also called a 'defence against money laundering', or DAML) (the 'consent regime');
- intends to do that, but has a 'reasonable excuse' for not doing so; or
- (for offences of 'acquiring, using or possessing' criminal property, but not otherwise) provides 'adequate consideration' for the property (subject to caveats).
Reporting and consent
Separately from the consent regime, people in the regulated sector are required to submit a SAR (a 'required disclosure') where they have reasonable grounds to suspect that someone is money laundering. These SARs are required to include whatever details the reporter knows about the person suspected, the location of the property, and the grounds for suspicion. Voluntary ('protected') disclosures can also be made, though this is rare.
Consent can be given explicitly or obtained by default after an initial 'notice period' of 7 full working days, or (if consent is refused before then) after a further 'moratorium' of 31 calendar days (though this can be extended up to 6 times, for a further 31 days each time).
An 'authorised disclosure' must come from the person who has done (or is doing, or will do) the prohibited act and disclose 'that property is criminal property' (in practice, requiring the property involved in the prohibited acts to be specified). It must be made either before the act begins or as soon as practicable afterwards, if there is a reasonable excuse for the delay.
'Criminal property'
'Criminal property' is defined very broadly, to include property of any kind that is or represents ('in whole or in part') someone's benefit from 'criminal conduct', where the person doing the act knows or suspects that this is so. Notably:
- 'criminal conduct' usually includes overseas conduct that would breach UK law if it occurred here; and
- 'in whole or in part' means that when an account receives tainted funds, it becomes tainted in its entirety (as does an account receiving funds from it, and so on).
Some case law
Case law has:
- said that the 'ordinary conduct of litigation' by lawyers does not breach POCA, noting that to require SARs from them may conflict with their obligations of legal professional privilege (LPP) (Bowman v Fels (2005));
- defined 'suspicion' to mean the person thinks there is 'a possibility, which is more than fanciful', and to be 'settled' ('a vague feeling of unease would not suffice') (R v da Silva (2006)); and
- suggested (controversially) that the money-laundering offences in POCA apply globally, not just within the UK, at least where the predicate offending takes place here (R v Rogers (2014)).
What has Changed?
'Cleansing' of criminal property
Prior to the World Uyghur Congress judgment, many had thought that when property changed hands in an exchange that met the test for adequate consideration, not only would the acquisition not be an offence, but the acquired property would also cease to represent the benefit obtained from the original criminal conduct, so that it would (assuming no other offence was involved) no longer be 'criminal property' (and so would be 'cleansed'). The benefit would instead be represented by the value given by the acquirer (whether funds, goods, or services).
The judgment makes clear that this is (and always has been) wrong. When criminal property changes hands, it can (as in the civil recovery provisions in POCA Part 5) be traced into the hands of the acquirer, not just once but any number of times, always provided that person has the required knowledge or suspicion.
This renders the adequate consideration exception rather a dead letter, at least for those who acquire property for the purpose of selling it (or funds for the purpose of spending them). While there would be no need for consent to acquire, possess or use the property, in practice consent would almost certainly be needed (prudently, before the acquisition takes place) to cover its onward use (converting, transferring, or removing from the jurisdiction). That would apply not just to immediate acts, but anything further (involving the same property, or property that it has been converted into, exchanged for, or mixed with).
Importantly, the judgment also seems to say, though this is regrettably less clear, that the exception to all this (similarly, based on the equivalent provision in Part 5) is the intervention of 'equity's darling', where the property is acquired 'in good faith, for value, and without notice'.
The impact of this can be seen by looking at some practical examples. Where goods have been manufactured using forced labour (as in the World Uyghur Congress case itself) or some other unlawful conduct, those goods now continue to be 'criminal property' through the supply chain, in the hands of the wholesaler, the retailer, and even the consumer (if they have knowledge or suspicion).
Logically, the same would seem to apply to the proceeds of each trader's sale of those goods, and to anything mixed or bought with those proceeds, and so on. The requirement for knowledge or suspicion provides one limit on this exponential (and potentially endless) process of proliferation. 'Equity's darling' may (or may not) provide another.
Why worry?
The reason why this has alarmed many is that, following the logic through, the 'taint' of criminal property can be traced into so many accounts, and so many goods, that the task of avoiding prohibited acts (and, for those in the regulated sector, the task of complying with obligations) becomes simply insurmountable in practice. This is true not just for businesses operating in higher-risk supply chains, but also for professional advisers, regulated firms, and even responsible consumers.
Others' forgivably commonsense retort, that the real prospect of convictions relying on the judgment is remote, is of course true. But in the absence (for now) of authoritative guidance, the lines between what is allowed or required and what is not are lamentably unclear. An approach of 'this may be unlawful, but we will almost certainly get away with it' will not be palatable for everyone, and seems unlikely, in particular, to work for AML regulators. A walkthrough of the process for analysing whether SARs are needed (and what they would, could, or should say) would therefore seem to be a good idea.
What to Do
Assess the grounds
In assessing whether a SAR is needed, the traditional starting point is to consider the grounds for suspicion (applying R v da Silva). Depending on the strength of those grounds, a purchase of goods or an acquisition of funds may be able to go ahead, or, in the regulated sector, business may be taken on or retained, with no need for a SAR.
Under the new law, the goods or the funds (if they do, in fact, represent the benefit of criminal conduct) may become criminal property in the new owner's hands at some later date, if they then develop a suspicion. Worse, tainted goods may by then have also tainted the proceeds from their sale, and funds may have tainted other funds they have mixed with, goods bought with those funds, and so on.
This, of course, is why it matters whether the 'circuit breaker' from POCA's civil recovery provisions (the 'cleansing' that comes with the intervention of 'equity's darling') applies. If it does, then the starting point for someone deciding whether to purchase goods or receive funds is now whether they are on 'notice' of any criminal property. If they are not on notice, and they buy in good faith and for value, then any future suspicion would not present a problem. The question of 'notice' is subtly different from those of 'suspicion' or 'reasonable grounds to suspect', but provides a similarly definitive lodestone for making an informed decision.
On the other hand, if the 'circuit breaker' does not apply, then the best that can be done is an assessment of the future prospect that a suspicion will arise. If that risk is credibly assessed as low, then it may provide at least some assistance in dealing with that problem when it arises. Needless to say, if there is suspicion about property that has already been acquired, the problems will be harder to fix (on which more below).
Whatever test applies, the stage of assessing risk is of course affected by a business' due diligence procedures. While the concept of 'notice' is broad enough to cover scenarios where a business deliberately shuts its eyes to suspicion, a responsible corporate that has such procedures is undoubtedly now in a far riskier position (more likely to face problems when suspicion arises) than it was before the judgment. Businesses considering whether to adopt or improve such procedures, meanwhile, may think twice before taking on the additional POCA risks that now come with them.
Trace the property
The next task is to analyse the consequences that flow, have flowed, and will flow, if property is 'criminal property' ( in other words, 'follow the money'). Where, and into what form and whose hands, has the property flowed already? Has it given rise (by conversions, exchanges, mixing, or a combination) to more criminal property? Where, and in whose hands, is it now? What is its current value?
The most important questions for the purposes of considering a consent request are about possible future acts in connection with that property. Possible issues include:
- the nature of the acts or arrangements, and which offence provisions would be engaged. Acquisitions for adequate consideration (and subsequent use and possession of that property) may not need consent (unless a caveat applies), while converting, transferring, and removing from the jurisdiction (among other things) would;
- the value of the property involved in each act that would need consent (which would need to be stated in any consent/DAML SAR);
- which individuals and entities would be involved, and which party/ies are best placed to obtain consent for them (noting that an authorised disclosure has to come from the person doing the act, or someone authorised to represent them);
- the reporting obligations of anyone in the regulated sector who would have grounds to suspect the acts (and the prospect that they may also require consent);
- whether such acts would take place within the UK (noting that, applying R v Rogers, POCA's jurisdiction may be broader than that);
- when the acts may take place (noting the effect of POCA's notice period and moratorium provisions
- what criminal property would then exist after the acts occur; and
- what further acts may then need consent (triggering a further set of questions, and so on).
In a version of the law where property is 'cleansed' at some point and acts involving it cease to need consent, the above analysis would be considerably easier. Without that, the exercise needs to consider the flow of property at least until it reaches the hands of someone who lacks the required notice, knowledge, or suspicion, and quite possibly further.
Consider the options
It is possible that, at this point, the result of the analysis may seem daunting. The original tainted property identified in the risk assessment may have already flowed and spread to the extent that the breadth of future acts and people that need consent is simply too large to contemplate in a single SAR (with consequences to be explored below). Conversely, for lawyers and others involved in litigation, Bowman v Fels may provide the answer and ensure that no SAR is necessary.
Separately, lawyers and others will need to consider whether they can include information that might otherwise belong within the 'grounds for suspicion' box in a SAR, but is subject to LPP or received in privileged circumstances. If not, then there may be a reasonable excuse for not submitting a SAR, and consent may not be required.
Absent these circumstances, the question to consider is what practical options may be available to avoid criminal liability. If the decision is whether to buy tainted products or acquire tainted funds, then the legally simpler answer is now not to do so (even for adequate consideration), in which case no consent would be needed. Whether this works commercially, however, may be another question; for some businesses, it may even be terminal.
If it is possible to limit the future taint by using a segregated account, then this may be preferable for the purposes of obtaining consent for future acts. Without a segregated account, the taint extends to all future uses of the account into which the funds are received. In either case, the position of the bank should be considered, as should the need for consent for onward users (for example, employees or suppliers who have the requisite knowledge/suspicion).
A pragmatic approach may involve splitting the problem into two or more parts, either because they raise different issues, or to make more practical use of the consent regime. Timing may be relevant, if an acquisition has already taken place and so consent is needed now, but at least some future uses can afford to wait longer until their details are clear. On general principles, if it is possible to submit a SAR that may be useful to law enforcement, and/or to seek a consent that would enable the desired business to go ahead, then businesses should continue to do so in compliance with POCA, even if it requires some creative thinking.
The Worst of Both Worlds?
'Generic' SARs
Having considered all these issues, a business may nevertheless find itself in the position where, thanks to the World Uyghur Congress case, its only route to use property acquired for adequate consideration is to submit a 'generic' request for consent, involving all conceivable future uses of the property (and everything it is converted into, exchanged for, or mixed with), without limitation of time ( to coin a phrase, 'everything, everywhere, all at once').
Even that may be inadequate in practice, unfortunately, given the need for consent to extend to third parties on whose behalf the business may not be able to seek it. A clothing retailer cannot reasonably be expected to warn its conscientious, well-informed consumers not to gift, lend or re-sell its cotton products, or take them abroad, without consent from a constable. Nor will law firms' recruitment efforts be helped if new employees are told to submit consent/DAML SARs before they spend any of their first month's salary.
An unanswered question at this stage is how the NCA will respond to consent/DAML SARs that are broad or generic in nature, but which flow from the acquisition of property for adequate consideration. Where the need for consent is historic insofar as the suspicion relates to property acquired some time ago, which by now has proliferated to the extent that the acts and people requiring consent are very large, then a generic request would often be the only practicable option.
Traditionally, the response to over-broad requests (or those that seek consent for acts far into the future) has been to dispute their validity. Certainly, if a SAR inadequately describes the relevant criminal property, it may not achieve the desired consent/DAML as a matter of law. Otherwise, there may be an uncomfortable standoff in which a business believes it has consent, but the NCA disagrees.
Reasonable excuse
To take a step back for a moment, the purpose of the consent regime is to provide law enforcement with intelligence (from SARs) and time (the notice period and, if needed, the moratorium) to take appropriate action. This may include restraining property for confiscation purposes, civil recovery proceedings, and/or criminal enquiries, in the UK and/or overseas.
The reality of the 'generic SAR' is that it is quite likely to achieve precisely nothing. The NCA hears that, for instance, the entire balance of the acquirer's account is about to be rendered 'criminal property', and is put in the position of having to consider consent for the onward use of those funds (and everything bought with or mixed with it). Those funds are not liable to restraint, and no court will not realistically order their freezing or forfeiture.
The most a generic SAR can do is enable the NCA to gather intelligence about the original property and the suspect, either because of what the acquirer describes as its grounds for suspicion, or pursuant to a notice or an order that requires them to provide more. If a business has information they think will genuinely help law enforcement, it need not use the consent regime to report it.
While the generic SAR may not achieve anything positive, it can certainly have negative effects, insofar it inhibits those involved in a potential transaction from proceeding for up to 7 full working days (and possibly much longer) while the NCA considers the request. This may have the effect of holding up legitimate business, in precisely the way that the adequate consideration defence was designed to avoid.
As a reminder, each of the money-laundering offences is subject to an exception where the person doing the act (or concerned in the arrangement) intends to make a disclosure but has a reasonable excuse for not doing so. There is as yet no authoritative guidance to apply the 'reasonable excuse' provision to scenarios arising due to the World Uyghur Congress cases, and they should not be relied upon lightly or without advice. Nevertheless, it may well be applicable in circumstances where the only realistic option is to submit a SAR that achieves nothing for law enforcement, whose protection (even if the NCA accepts it as valid) would not extend far enough to be of any practical use for the acquirer, and whose only real impact is to inhibit legitimate business.
POCA and Common Sense
It is very far from ideal that businesses are put in the position of having to navigate through the provisions of POCA (and case law) to ensure that one of its most important protections continues to be of practical use. The point of adequate consideration and the consent regime was to introduce at least a sliver of commerciality and common sense into a statute that can often be counterintuitive and produce absurd results. With one stroke, the Court of Appeal in the World Uyghur Congress judgment would appear to have comprehensively hobbled the former, and stored up huge problems for the latter. The need for a commonsense approach to our money laundering laws has never been greater.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.