Ethics guidance

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

Issued on 2 March 2018

Status

While this document does not form part of the SRA Handbook, we may have regard to it when exercising our regulatory functions.

Who is this guidance relevant to?

This guidance is relevant to firms and individuals that are subject to The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) which came into force on 26 June 2017.

Regulation 8 of the MLRs states that the regulations apply to certain categories of persons acting in the course of business carried on in the UK. The main categories likely to be relevant are:

  • independent legal professionals participating in certain financial or real property transactions (regulation 12(1))
  • trust or company service providers (regulation 12(2))
  • auditors, insolvency practitioners, external accountants and tax advisers (regulation 11)
  • estate agents (regulation 13)

The category that is most likely to be applicable is “independent legal professional”. This applies to all firms participating in the financial or real property transactions listed at regulation 12(1). It is likely to include those firms offering conveyancing services or corporate finance work. Many firms may also be acting as a trust or company service provider, and some others may be acting as tax advisers, or estate agents, etc.

The SRA is responsible for the supervision of anti-money laundering (AML) and we take our responsibilities very seriously. These responsibilities include gathering and holding data on the firms we supervise; approving managers, officers and beneficial owners; and undertaking appropriate supervision and regulatory action. We liaise with the National Crime Agency (NCA), Her Majesty’s Treasury (HMT), and HMRC on a regular basis, as well as other regulatory bodies.

You may need to make changes to your firm’s procedures, systems and controls to comply with the requirements in the MLRs.

Key changes you need to be aware of

Risk assessments (Regulation 18)

You must identify and assess the risk of your firm being used for money laundering and terrorist financing. You must maintain a written risk assessment, giving consideration to risk factors such as:

  • the types of products or services (for example conveyancing services)
  • client base
  • geographical considerations (high risk countries – see below)
  • industry or business sector of the client
  • delivery channel of services (face to face, virtual)

You will need to keep an updated written record of what you have done, and we may ask to see your risk assessment from time to time as part of our regulatory activities.

Policies, controls and procedures (Regulation 19)

Having completed your firm’s risk assessment (above), you must establish and maintain policies, controls and procedures to mitigate and manage the money laundering risks you have identified. These must be proportionate to the size and nature of your business, and be approved by senior management (an officer or employee who has sufficient knowledge of the firm’s ML/TF risk exposure and of sufficient authority). These policies, controls and procedures must include:

  • risk management practices
  • internal controls
  • customer due diligence (CDD)
  • reliance and record keeping
  • monitoring and management of compliance with, and internal communication of, the policies.

You will need to regularly review and update policies and keep a record of your policies, any changes made, and what steps have been taken to communicate those policies to staff.

Internal Controls (Regulation 21)

You should appoint a senior person to be responsible for your firm’s compliance with the MLRs. This Money Laundering Compliance Officer (MLCO) should be a member of the board of directors (or your firm’s equivalent).

You should also appoint a nominated officer, usually referred to as the Money Laundering Reporting Officer (MLRO), to receive internal reports of suspicious activity, and make Suspicious Activity Reports (SARs) to the National Crime Agency where necessary.

You must notify us of any changes to the identity of the MLCO and MLRO.

You will be required to carry out screening of all relevant staff members and agents, both before appointment and at regular times during it. Screening will need to cover any person whose work is relevant to compliance with MLR 2017, and any other applicable financial crime statutes, such as sanctions and the UK Bribery Act 2010.

Enhanced Customer Due Diligence: politically exposed persons (Regulation 35)

You must identify domestic, as well as foreign, politically exposed persons (PEPs). Under previous regulations, the definition of PEPs was limited for foreign nationals, however you must now screen all PEPs against national or commercial databases. This requirement also extends to family members or known close associations of PEPs.

Other new requirements:

Training (Regulation 24)

You must provide staff with appropriate training on money laundering and terrorist financing, and keep a record of the training staff have undertaken. This now includes an obligation to make staff aware of the law on data protection, insofar as it is relevant to the implementation of the regulations.

We have seen, in some firms, that although training is taking place it is not specifically tailored to the needs of the staff. As a consequence, it does not achieve its goal of helping to identify and prevent money laundering.

Approvals for beneficial owners, officers and managers (Regulation 26)

We must approve all beneficial owners, officers and managers of a firm. Acting as a beneficial owner, officer or manager of a firm without approval after 26 June 2018 is a criminal offence (unless they have applied for approval and it has yet to be determined).

Checks on corporate bodies (Regulation 43)

The new regulations are more prescriptive on CDD checks on corporate bodies. You are expected to know your clients, beneficial owners and ultimate beneficial ownership. Where the client is a corporate body, you must obtain and verify:

  • its name
  • its company number or other registration
  • the address of its registered office and, if different, its principal place of business.

In addition, unless the corporate body is a company listed on a regulated market, you must take reasonable measures to determine and verify:

  • the law to which it is subject, and its constitution or other governing documents, and
  • the names of the board of directors or senior persons responsible for its operations.

Timing of CDD (Regulation 30)

You must verify clients as soon as possible after your first contact with them before establishing a business relationship. The MLRs state that you may undertake CDD whilst establishing the business relationship if there is a low risk of money laundering and it is necessary not to interrupt the normal conduct of business.

Enhanced due diligence (EDD) (Regulation 33)

Under the regulations, EDD measures must include, as a minimum, examining the background and purpose of the transaction and increasing the monitoring of the business relationship. Regulation 33(1) sets out a list of circumstances in which EDD measures must be applied, which includes:

  • any transaction or business relationship involving a person established in a 'high risk third country'
  • any transaction or business relationship involving a 'politically exposed person' (PEP), or a family member or known associate of a PEP
  • any other situation that presents a higher risk of money laundering or terrorist financing.

Simplified due diligence (SDD) (Regulation 37)

Simplified due diligence is permitted where a firm determines, after individual risk assessment of the client, that the business relationship or transaction presents a low risk of money laundering or terrorist financing, taking into account their risk assessment. This is a change from the Money Laundering Regulations 2007, under which SDD could be more widely applied.

Reliance (Regulation 39)

Reliance is still possible under the MLR. You may rely on another person (another regulated individual) who is subject to the MLR or equivalent to carry out CDD, but you remain liable for any failings. To rely on a third party, you must enter into a written agreement with the third party under which they agree to provide copies of any identification and verification data on the customer or its beneficial owner within two working days, and to keep records in accordance with MLRs.

Further information

Read our full guidance on the 2017 Money Laundering Regulations

We also provide resources and information about AML compliance

If you want technical advice about the questions, please contact our Professional Ethics Guidance Team.

Print page to PDF