Click on questions to see example responses and reference sources.
The full name is The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, which came into force on 26th June 2017 (‘MLR 2017’) and as amended by The Money Laundering and Terrorist Financing (Amendment) Regulations 2019 (‘MLR 2019’).
The Regulations transpose much of the Fourth and Fifth EU Money Laundering Directives into UK law.
Click a button for more on the Money Laundering Regulations:MLR2017MLR2019
The Regulations apply to a wide range of business sectors, including:
Banks, asset managers, some insurers, crypto-businesses and certain other firms which provide relevant financial services. Many are supervised for compliance with the Regulations by the Financial Conduct Authority (‘FCA’).
Service providers such as law firms and accountants, are members of professional bodies like the Law Society or Institute of Chartered Accountants in England and Wales (‘ICAEW)’. Schedule 1 to the Regulations lists Professional Bodies known as “self-regulatory organisations”, which also are, supervisory authorities for their respective members’.
Casinos (i.e. holders of a ‘casino operating licence’ per section 65(2)(a) of the Gambling Act 2005). The Gambling Commission is supervisory authority for Casinos.
Other providers subject to the Regulations include those monitored by HM Revenue & Customs (‘HMRC’) as a supervisory authority, including:
Firms (or individuals) undertaking regulated activity must meet certain day-to-day responsibilities if their business is covered by the Money Laundering Regulations. These include carrying out ‘customer due diligence’ measures to check that customers are who they say they are, along with a series of other measures, some of which are mentioned below.
The nature of systems and controls required is influenced by the size and complexity of the business, the number of customers involved and the number and type of products and services provided.
The UK allows a risk-based-approach (‘RBA’) to compliance with many requirements of the Regulations, but they also include a number of ‘must-do’ requirements applicable to firms providing regulated activity. In overview, key requirements include:
Note: The onus is on each regulated entity and its senior management to be able to demonstrate how and why their firm’s approach is appropriately risk-based.
Anti-money laundering (AML) guidance is available - Examples include:
Money Laundering Advisory Notices issued by HM Treasury ('HMT'):
Banks and other firms supervised by the Financial Conduct Authority (‘FCA’):
Law firms and legal practitioners:
UK providers of audit, accountancy, tax advisory, insolvency, or trust and company services:
Casinos and gambling businesses:
Businesses supervised by HM Revenue & Customs (‘HMRC’):
See also - 'Useful Links Page'
Guidance is guidance – not a prescriptive set of rules or procedures to be followed. A key principle of the UK regime is the ability to implement a ‘risk-based approach’ to systems and controls, when mitigating money laundering and terrorist financing risk:
Statutory AML supervisors have tools at their disposal when responding to financial crime risk in supervised firms’. Systemic issues can lead to enforcement action, depending on the severity of issues identified.
Professional body AML supervisors (PBSs) oversee and check AML risk-management by service providers in the legal and accountancy sectors. They too have supervisory tools at their disposal.
Where systemic risk is an issue and depending on the degree of severity identified, measures may include:
In egregious cases, the regulator may take action where an issue (or series of issues) identified is significant, or indicative of systemic weakness in a firm’s systems and controls arrangements.
Regulatory fines issued by the FCA typically relate to:
Note: Examples of FCA Enforcement are outlined on our 'Enforcement page'.
HMRC publishes the names of businesses (supervised by HMRC) that have not complied with obligations under the 2017 Money Laundering Regulations. Amongst other entities fined, the ’HMRC list’ identifies financial penalties of:
Note: The full list of HMRC cases includes other business names.
Business risk profile is influenced by a number of factors, such as, how the business is run, where it operates, the nature of goods/services sold, how staff are rewarded/incentivised, the nature of customer and third parties dealt with, where they are located, etc. However, if your firm/business is covered by Regulation 18, this requires you to carry out a written risk assessment to identify and assess the risk of money laundering, terrorist financing and proliferation financing that your firm faces.
In carrying out the risk assessment you must take account of information on money laundering, terrorist financing and proliferation financing risks made available by your supervisor/regulatory body, as well as risk factors relating to:
The guidance applicable to your sector/industry as referenced in FAQ 4 above could be useful to consider, along with the content of any published information that your regulatory body has published on previous enforcement activity, or sector-based review findings.
A number of country risk sources are available, which could be considered and a weighting applied, if necessary, to provide a unified and consistent risk-banding against which you can assess whether to treat customers with a nexus to certain countries, as relatively high, medium or low risk.
Money laundering, terrorist financing and/or bribery & corruption risk linked to certain countries can be assessed through sources/lists provided by:
Commercial service providers incorporate aggregated / multiple country-risk data into a ‘data file’. This could be incorporated via data-feed into your in-house customer risk assessment tool, or accessed via a web-based GUI, or other means. The following might be of interest if this is your preferred way forward (NB: These are provided as examples only and not a SYSC326 endorsement or recommendation of their functionality above other providers in the market):
UK regulated firms/businesses must, as a minimum take account of the following:
Anti-money laundering and countering the financing of terrorism (‘AML/CFT’) arrangements deployed in ‘Enterprise A’ may have some similarities with, but also differ from the specific arrangements required to mitigate ML/TF risk in ‘Enterprise B’.
The arrangements which best suits an organisation’s needs should be tailored and include:
For more on our AML services - See AML Services