HM Treasury consultation on the Money Laundering Regulations 2017
Published on 13 April 2017
The SRA is the regulator of solicitors and law firms in England and Wales, protecting consumers and supporting the rule of law and the administration of justice. The SRA does this by overseeing all education and training requirements necessary to practise as a solicitor, licensing individuals and firms to practise, setting the standards of the profession and regulating and enforcing compliance against these standards.
The Law Society of England and Wales is the named supervisor for relevant persons who are regulated by it under Regulation 23 and Schedule 3 of the Money Laundering Regulations 2007 and remains the named supervisor in Schedule 1 of the draft Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 ('the 2017 Regulations').
This response should be read in conjunction with our response to the consultation on the proposed changes to the anti-money laundering supervisory regime.
We welcome the opportunity to respond to the HM Treasury consultation on the 2017 Regulations. We have commented below on the specific issues raised in the consultation and on the draft regulations.
We believe that AML supervision is most effective when undertaken by an independent body, which is not also responsible for representing the sector. Independent regulation is commonly understood and accepted as independent of both the profession and of Government. A regulator cannot command full public confidence if it is part of the body that represents the profession, nor can it do so without being held accountable to the public. In fact, public confidence and public accountability is key to the regulation of any profession or market whereas a representative body is accountable to its members. This lack of independence goes wider than just public confidence however, and was thrown into sharp relief in the aftermath of the Panama papers; at the subsequent PANA committee hearings; and may be an area of interest during the forthcoming UK inspection by FATF.
Whilst we note that a new requirement has been introduced in this respect in Regulation 48(1)(a) this fails to require complete separation of regulation and representation as we describe further below. We believe that this is inadequate to ensure public confidence in the supervision of AML activities.
Responses to consultation questions
The government is interested in views on its approach to one-off company formation, including under which circumstances it might be appropriate, as part of the risk-based approach, for a trust or company service provider to apply simplified due diligence where it concerns the formation of a single company.
We agree that the formation of trusts or companies has the potential to be a high risk activity and as such should usually be subject to due diligence. We agree that there should be the flexibility to apply simplified due diligence when the circumstances warrant it, however we suggest that there should be guidance made available setting out what factors to consider in deciding the level of risk posed.
The government welcomes views on its approach to allow SDD only when firms providing pooled client accounts are low risk.
The SRA supports a risk-based approach to implementing the 4th Money Laundering Directive and the proposed application to the level of the due diligence required in relation to payments into pooled client accounts.
The government would welcome views on whether the reference to "at the latest within two working days" should be included and if not, how long third parties should be given to provide this information.
We recognise that reliance on customer due diligence conducted by a third party is not used as often as was envisaged in the 2007 MLRs and we welcome steps which might encourage it to become more commonplace, thus removing duplication for consumers and regulated entities. The requirement for third parties that are relied upon, to produce copies of identification and verification documents immediately, or at least within two working days, is fairly onerous. It could dissuade entities from consenting to the customer due diligence conducted by them from being relied upon.
The government would welcome views from the sector on the requirement for the policies, controls and procedures to be documented.
The SRA supports the proposal that policies, controls and procedures to mitigate and manage the risk of money laundering and terrorist financing should be documented, either written in hard copy or in electronic form. We would expect policies and procedures to be set out in writing, to ensure clarity within the firm, and to demonstrate that consideration has been given to their effectiveness. We therefore welcome a legislative requirement for policies and procedures to be set out in writing.
Technical comments on the regulations
Criminality and Fit and Proper tests
The regulation of legal service providers is based upon a prescriptive statutory framework. It requires detailed scrutiny of, and gateways for, individuals involved in the carrying on of legal services. Firms that provide reserved legal activities must be authorised, and their managers, owners and compliance officers approved. The minimum requirements are set out in statute, but the method of approval is left to regulators to decide upon and implement in a proportionate manner. We are currently engaged in a project to review our regulatory arrangements based upon our experience and knowledge of the market to reduce unnecessary burdens and cost. The imposition of the regulations as they stand would go against much of this.
We are concerned that the 2017 Regulations do not fit with the existing regulatory landscape or the SRA's approach to regulation. As drafted, the criminality tests in the regulations may cause considerable difficulty in supervising businesses in our sector, and would cause a significant increase in the regulatory burden and costs. We believe that there will be a considerable impact on those we regulate because of the differences between the 2017 Regulations (requiring criminality tests) and the legal services regime (requiring fit and proper tests). This additional test will not significantly improve controls around those with influence over the running of firms, but would impose additional regulation that is disproportionate and unnecessary.
The existing regulatory framework for legal services has already achieved the aim of the 2017 Money Laundering Regulations in safeguarding the propriety of those offering legal services, and we believe that there should be a carve-out that recognises the current arrangements. Criminality tests should not be required where there is an equivalent fit and proper test already in place, such as is the case for SRA-regulated entities.
Costs of regulation
The new requirements for professional body regulators will result in increased costs, however there is no fee charging or costs recovery provisions in the 2017 regulations. The SRA is funded primarily from practising fees 1, which may only be used for certain purposes 2. We believe that supervision of persons that we regulate under the money laundering regulations falls within the permitted purposes, but would request clarification on this point in light of the increased costs of regulation that will flow from the 2017 Regulations - as well as the proposed levy to fund the Office for Professional Body Supervision.
Risk assessment and controls
Regulation 16(2)(c) requires HM Treasury to consider whether rules on money laundering and terrorist financing made by supervisors applying to their sector are appropriate, however in the legal sector, this function is already performed by the Legal Services Board (LSB).The Legal Services Act (LSA) contains a statutory regime to approve regulatory arrangements made by approved regulators such as the SRA 3. The LSB benchmarks against regulatory objectives, which deal with consumer protection and rule of law issues. This regulation will duplicate existing statutory provisions adding an additional, and we believe, unnecessary level of oversight.
The SRA regulates on a risk basis and we already publish a Risk Outlook, which is regularly updated to include the latest trends and risks connected to money laundering and cyber crime. The new regulations (Regulation 17(1)) require supervisors to produce a risk assessment for those they supervise, but does not include a transitional period for its development. As stated above we already produce a risk assessment however, the regulations require us to draw upon the Commission report and the HMT/Home Office risk assessments which are not yet published. We believe that there should be a two-year transitional period to allow the risk assessment to be developed and published once the Commission report and government risk assessments are available.
Similarly, Regulation 17(4) requires supervisors to prepare individual risk profiles for each person they regulate, unless they can group firms together. We would ask for clarification on whether the profiles should take into account national and European risk assessments, and if so, suggest that there should be a two-year transitional period to allow for the publication of the government risk assessments and the development of individual risk profiles in accordance with those.
Notification of intention to provide TCSPs
Regulation 23 provides that where a person supervised by FCA acts, or intends to act as a TCSP they must notify the FCA of that fact. Given the requirements for self-regulatory organisations introduced by the 2017 regulations in relation to TCSPs, this provision should be extended beyond those regulated by the FCA, as we will need to know who that we regulate is offering these services in order to comply with the regulations.
Ownership and management restrictions / Prohibition
We currently operate authorisation procedures for the individuals and businesses that we regulate. These are based upon detailed provisions in legislation 4 and have been developed to support the regulatory objectives for legal services and better regulation principles. We approve owners and managers of all authorised bodies. Our regulations ensure that those that have influence and control over the way in which legal services business are run are subject to approval. However, the definition of owners and managers contained in the Legal Services Act (LSA) is different to that in the 2017 Money Laundering Regulations. As a result we will be required to make additional approvals for some managers and owners of bodies we authorise. We believe our current approach has adequately controlled the risks that arise in relation to such businesses and the proposed framework would impose a considerable extra regulatory burden.
Regulation 26 introduces a new requirement for approval of beneficial owners, officers and managers of firms that we supervise which must be implemented by June 2018. This implies a transitional approach to this requirement. However the consultation states that the supervisors will be required to carry out the criminality test from 26 June 2017 when the regulations come in to force. A one-year transitional period is not sufficient to approve all beneficial owners, officers and managers of firms, and we believe that if implemented as currently drafted a two-year transitional period would be more proportionate. The operational impact for the SRA of approving all beneficial owners is that we will need to ask firms regulated under the MLRs to identify any additional individuals that require approval under Regulation 26 of MLR 2017. We will need to implement an application process for people taking up positions that require approval under MLR 2017 if they are not already approved for a different post. This is likely to require considerable systems and IT development, which is why we believe a two-year transitional period is more appropriate.
Although Regulation 26(6) provides that we can direct the manner and content of applications, there is no authority given to charge a fee for dealing with such applications. In order to regulate in a targeted manner, such authorisation costs should be borne by the relevant business and not by the regulated community as a whole.
Significantly, Regulation 26(7) provides that a supervisor 'must approve' an application unless the applicant has been convicted of a relevant offence. However, this does not recognise the fact that the tests that we apply to approved persons in connection with the provision of legal services are much broader and therefore refusal of approval of a person may be on other public interest grounds. Also, we may consider spent convictions for the purposes of assessing suitability when authorising persons for certain roles. This regulation needs to be clear that it only applies for the purposes of approval under these regulations and does not effect the supervisory authority's right to withhold approval on other grounds.
Duties of supervisory authorities
Regulation 45(2)(d) requires supervisors to keep a record of 'actions' taken in the course of supervision. We would ask for clarification on the scope of the provision, and in particular whether this is intended to solely cover formal regulatory action resulting in disciplinary findings.
The SRA believes that the provisions intended to separate the supervisory and representative functions of professional body regulators are inadequate. We believe that regulatory functions should be completely separated from representative functions.
Regulation 48(1)(a) requires self regulatory organisations to ensure that 'supervisory functions are exercised independently of any of their other functions which do not relate to disciplinary matters.' We note the statement in the consultation that the intention is to ensure supervisory bodies have 'effective governance structures that guarantee the operational independence of regulatory functions.' In the response to the consultation on the supervisory regime it states that the government intend to require professional body supervisors who both advocate for and supervise their members to ensure 'that their advocacy and supervisory functions are operationally independent' and that greater oversight is key to ensuring that 'supervisory activities are not undermined by their advocacy role'.
Operational or functional independence is insufficient to provide public confidence, as it does not provide for complete separation in governance terms or in terms of public perception. To ensure public confidence in regulation, supervision needs to take place through a separate corporate entity. There is currently an LSB investigation into whether, and if so, the extent to which the Law Society has interfered with SRA independence 5. This the latest in a series of reviews going back to the Clementi Report 6 in 2004 which have sought to impose greater independence in legal services. We cover this point more fully in our submission on the anti-money laundering supervision regime.
27. Further, the consultation position does not appear to achieve the stated intention. The LSA requires separation of representative and regulatory functions (section 27). Regulatory functions are defined by reference to a wide definition of regulatory arrangements. These include disciplinary rules but are much wider than this (section 83 LSA). However, the drafting of Regulation 48(1)(a) is very unclear and appears to ring-fence disciplinary functions from other, broader supervisory or regulatory functions, including, for example training and authorisation procedures such as the Regulation 26 process. Equally, as drafted it is arguable that disciplinary functions can, however, be carried out alongside representative functions.
Regulation 50 appears to require supervisors to collect the information listed in Schedule 4. Clarification would be welcome that this is the intention. This would impose a significant burden on supervisors, and those we regulate. Whilst we already hold some of the information listed, some additional information will need to be collected. We therefore request a two-year transitional period to allow us to collect this information. The information in Schedule 4, paragraph 6 should be limited to information in relation to regulated activities, not all services provided by relevant persons. Not all legal services provided by legal services providers are regulated activities, for example, we regulate multi-disciplinary practices who provide a wide range of services some of which we do not regulate. Paragraphs 7 and 12 should be limited to contraventions of which the supervisory authority is aware (not all contraventions).
Regulation 51 contains a provision permitting disclosure of information to relevant authorities. The regulations need to make clear that nothing in that regulation is intended to prevent disclosure of information otherwise permitted by law.
Chapter 2 deals with registration and includes the new requirement for registration with HMRC of TCSPs supervised by self regulatory organisations. It contains a prohibition against acting as a TCSP unless included in a register or if an application for registration has been made. The transitional provisions in Regulation 55(4) nor 55(5) do not apply to those regulated by the SRA who currently perform TCSP activities. Therefore, the effect of the very tight timescales means that they must apply for registration before the regulations come into force to be able to continue to provide these services. We believe that government should allow a two-year transitional period to allow registration to take place.
The fit and proper test is wider than the criminality test in Regulation 26 as it has additional elements to be assessed if the criminality element is satisfied. The Regulations state that the assessment will be done by the registering authority, not the supervisory authority (although it must consult with and may rely on the opinion of the supervisory authority). The Regulations 7 require a TCSP to provide confirmation from its supervisor that officers, managers and beneficial owners are fit and proper persons. The effect of this would be to require applicants to first apply to their supervisor to undertake a fit and proper test, before then applying to the registering authority, who may then conduct the same assessment. This involves unnecessary duplication and we believe needs clarification.
The fit and proper test in Regulation 57 is very different from the character and suitability tests that we carry out as a legal services regulator. It is concentrated on very narrow issues and requires consideration of persistent failures to comply with anti-money laundering legislation and the risks of the applicant's business being used for money laundering or terrorist financing. Therefore, without carrying out further checks, we would not be able to confirm that someone who had been authorised by us under our regulatory regime as a legal services provider would meet the test in Regulation 57. This is despite the fact that we believe our current test is more robust and proportionate in dealing with relevant risks.
We interpret Regulation 26 as allowing us to exercise discretion in deciding whether to approve a person if an offence has been committed. Therefore, even if we had approved a person under Regulation 26 we would not automatically be able to confirm that the applicant and the listed persons pass the criminality element of the fit and proper test in Regulation 57 which states that someone who has been convicted of a relevant offence is not fit and proper. The most we could do without considering the position afresh is to confirm whether we had approved the persons mentioned in Regulation 26(1) in relation to which we had received applications for approval in accordance with that regulation.
Regulation 59 (cancellation of registration) should require the registering authority to give notice of any suspension or cancellation to the supervisory authority, to allow us to take appropriate regulatory steps.
Regulation 74 enables the FCA and HMRC to impose a penalty or issue a statement of censure in relation to any person that it is satisfied has contravened a relevant requirement imposed upon them under the regulations. Whilst Regulation 75 only relates to relevant persons, Regulation 74 is broader. "Relevant requirement" is defined in Regulation 73 and schedule 6. Some of the paragraphs in schedule 6 need to be limited as otherwise where the relevant regulation also imposes requirements on supervisory authorities they appear to fall within the people upon whom the sanctions in Regulation 74 could be imposed. The relevant paragraphs of schedule 6 are as follows:
- a. paragraph 5(b) relates to requirements imposed under Regulation 25 and should be limited to requirements imposed on relevant persons and relevant parent undertakings.
- b. paragraph 6 should be limited to relevant persons and their beneficial owners, officers and managers.
- c. paragraph 8 should be restricted to relevant persons.
- d. paragraph 11(a) and (b) should be restricted to requirements imposed on relevant persons, payment service providers or connected persons.
- e. paragraph 11(c) does not appear to impose any requirements.
1. The SRA is permitted to charge practising fees under S51 LSA and related statutory provisions.
2. Permitted purposes are provided in section 51(4) and rules made by the Legal Services Board ('LSB') under section 51(3).
3. Legal Services Act section 20, Schedule 4.
4. including the Legal Services Act, the Solicitors Act 1974, the Administration of Justice Act 1985 and the Courts and Legal Services Act 1990
5. The LSB is conducting a formal investigation into the governance arrangements between the Law Society and the SRA. This will consider whether the Law Society's oversight and monitoring of the SRA impaired the independence or effectiveness of the SRA's regulatory functions.
6. Legal Services Board: History of the reforms
7. Regulation 57(3)