The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
Issued on 2 March 2018 | Updated on 25 November 2019
This guidance is to help you understand your obligations and how to comply with them. We may have regard to it when exercising our regulatory functions.
Who is this guidance for?
This guidance is for firms and individuals we regulate that are subject to The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) which came into force on 26 June 2017.
Purpose of this guidance
Paragraph 7.1 of the Code of Conduct for Solicitors, RELs and RFLs, and paragraph 3.1 of the Code of Conduct for Firms require individuals and firms respectively to make sure they keep up to date with, and remain aware of, their responsibilities under any new legislation as and when it is introduced.
This guidance aims to update firms and individuals on the key changes to the MLRs that came into effect on 26 June 2017 and noting that further changes to the regulations are due to take effect in late 2019/early 2020.
Regulation 8 of the MLRs states that the regulations apply to certain categories of persons acting in the course of business carried on in the UK. The main categories likely to be relevant are:
- independent legal professionals participating in certain financial or real property transactions (regulation 12(1))
- trust or company service providers (regulation 12(2))
- auditors, insolvency practitioners, external accountants and tax advisers (regulation 11)
- estate agents (regulation 13)
The category that is most likely to be applicable is "independent legal professionals" as s this is likely to include those firms offering conveyancing services or corporate finance work. Many firms may also be acting as a trust or company service provider, and some others may be acting as tax advisers, or estate agents.
We are responsible for the supervision of anti-money laundering (AML) and take our responsibilities very seriously. These responsibilities include gathering and holding data on the firms and legal practices we supervise; approving managers, officers and beneficial owners; and undertaking appropriate supervision and regulatory action. We liaise with the National Crime Agency (NCA), Her Majesty's Treasury (HMT), and Her Majesty's Revenue and Customs (HMRC) on a regular basis, as well as other regulatory bodies.
You may need to make changes to your firm's or practice's procedures, systems and controls to comply with the requirements in the MLRs.
Key changes you need to be aware of
Risk assessments (Regulation 18)
You must identify and assess the risk of your firm or legal practice being used for money laundering and terrorist financing. You must maintain a written risk assessment, giving consideration to risk factors such as:
- the types of products or services (for example conveyancing services)
- client base
- geographical considerations (high-risk countries – see below)
- industry or business sector of the client
- delivery channel of services (face-to-face, virtual)
You will need to keep an updated written record of what you have done, and we may ask to see your risk assessment from time to time as part of our regulatory activities.
Policies, controls and procedures (Regulation 19)
Having completed a risk assessment (above), you must establish and maintain policies, controls and procedures to mitigate and manage the money laundering risks you have identified. These must be proportionate to the size and nature of your business and be approved by an officer or employee who has enough knowledge of the firm's ML/TF risk exposure and who is of sufficient authority. These policies, controls and procedures must include:
- risk-management practices
- internal controls
- customer due diligence (CDD)
- reliance and record keeping
- monitoring and management of compliance with, and internal communication of, the policies.
You will need to regularly review and update policies and keep a record of your policies, any changes made, and what steps have been taken to communicate those policies to staff.
Internal Controls (Regulation 21)
You should appoint a senior person to be responsible for your firm's compliance with the MLRs. This Money Laundering Compliance Officer (MLCO) should be a member of the board of directors (or your firm's equivalent).
You should also appoint a nominated officer, usually referred to as the Money Laundering Reporting Officer (MLRO), to receive internal reports of suspicious activity, and make Suspicious Activity Reports (SARs) to the National Crime Agency where necessary.
You must notify us of any changes to the identity of the MLCO and MLRO.
You will be required to carry out screening of all relevant staff members and agents, both before appointment and at regular times during it. Screening will need to cover any person whose work is relevant to compliance with MLR 2017, and any other applicable financial crime statutes, such as sanctions lists and the UK Bribery Act 2010.
Enhanced Customer Due Diligence: politically-exposed persons (Regulation 35)
You must identify domestic, as well as foreign, politically-exposed persons (PEPs). Under previous regulations, the definition of PEPs was limited to foreign nationals, however you must now screen all PEPs against national or commercial databases. This requirement also extends to family members or known close associations of PEPs.
Other new requirements
Training (Regulation 24)
You must provide staff with appropriate training on money laundering and terrorist financing, and keep a record of the training staff have undertaken. This now includes an obligation to make staff aware of the law on data protection, insofar as it is relevant to the implementation of the regulations.
We have seen, in some firms and practices, that although training is taking place it is not specifically tailored to the needs of staff. As a result, it does not achieve its goal of helping to identify and prevent money laundering.
Approvals for beneficial owners, officers and managers (Regulation 26)
We must approve all beneficial owners, officers and managers of a firm. Acting as a beneficial owner, officer or manager of a firm without approval after 26 June 2018 is a criminal offence (unless you have applied for approval and it has yet to be determined).
Checks on corporate bodies (Regulation 43)
The new regulations are more prescriptive regarding CDD checks on corporate bodies. You are expected to know your clients, beneficial owners and ultimate beneficial ownership. Where the client is a corporate body, you must obtain and verify:
- its name
- its company number or other registration
- the address of its registered office and, if different, its principal place of business.
In addition, unless the corporate body is a company listed on a regulated market, you must take reasonable measures to determine and verify:
- the law to which it is subject, and its constitution or other governing documents, and
- the names of the board of directors or senior persons responsible for its operations
Timing of CDD (Regulation 30)
You must verify clients as soon as possible after your first contact with them and before establishing a business relationship. The MLRs state that you may undertake CDD while establishing the business relationship if there is a low risk of money laundering and it is necessary not to interrupt the normal conduct of business.
Enhanced due diligence (EDD) (Regulation 33)
Under the regulations, EDD measures must include, as a minimum, examining the background and purpose of the transaction and increasing the monitoring of the business relationship. Regulation 33(1) sets out a list of circumstances in which EDD measures must be applied, which includes:
- any transaction or business relationship involving a person established in a 'high risk third country'
- any transaction or business relationship involving a 'politically-exposed person' (PEP), or a family member or known associate of a PEP
- any other situation that presents a higher risk of money laundering or terrorist financing.
Simplified due diligence (SDD) (Regulation 37)
Simplified due diligence is permitted where a firm determines, after individual risk assessment of the client, that the business relationship or transaction presents a low risk of money laundering or terrorist financing, taking into account their risk assessment. This is a change from the Money Laundering Regulations 2007, under which SDD could be more widely applied.
Reliance (Regulation 39)
Reliance is still possible under the MLR. You may rely on another person (another regulated individual) who is subject to the MLR or equivalent to carry out CDD, but you remain liable for any failings. To rely on a third party, you must enter into a written agreement with the third party under which they agree to provide copies of any identification and verification data on the customer or its beneficial owner within two working days, and to keep records in accordance with MLRs.
Read out full guidance on the 2017 Money Laundering Regulations.
We also provide resources and information about AML compliance
If you require further assistance, please contact the Professional Ethics helpline.