The deadline for comments to HM Government's consultative exercise regarding the enshrinement of the European Union's fifth Money Laundering Directive (5MLD) in English law passed a month ago. In this article we look at the detail of the British proposals and ask whether they will truly support regulated entities as they struggle to tackle the world's money laundering epidemic.

The requirements of 5MLD must come into effect in national law by 10 January 2020, as dictated by article 4 of the directive.

The threat of money laundering is a serious one. Last year Rob Wainwright, the head of Europol, said that the 400 top-level professional money launderers that his outfit had identified were enjoying a 99% success rate in the banking system, which is the most regulated sector of all.

Money laundering costs the UK at least £37 billion each year, according to the authorities. This sum will only grow in the future, as technological advances provide criminals with even more tools with which to undermine our defences.

Indeed, in its recent Strategic Assessment of Serious Organised Crime, the National Crime Agency (the UK's answer to the US Federal Bureau of Investigation) warned that “advancing technology gives offenders new tools to commit and hide their crimes...communicating covertly through encrypted services and moving illicit finances at speed.” It is no surprise that the NCA has called for a more proactive approach to the prevention of financial crime among regulated entities.
 
It is in this climate that the European Union has enacted its fifth Money-Laundering Directive. Designed to update EU law to make it fit for the 21st Century, 5MLD aims to add to the anti-money-laundering arsenal of the EU and impose more burdens on regulated entities.

As a member of the EU, the UK is obliged to enshrine 5MLD in its law and it will, indeed, be incorporated in the existing Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. In its consultative paper the Government said that it did not want the new law to damage the UK’s status as the financial capital of the world. Several responses are now public and one can read them online. From these initial responses it is clear that, although there is broad support for the thrust of the new legislation, firms are worrying about the extra effort they will have to expend.
 
New sectors entering the regulatory fold

The consultative document indicates that the new law will reach farther than ever before, taking in letting agents and art intermediaries as obliged entities (the EU term for reporting entities) in certain defined circumstances. It also adds a new battery of FinTech companies, such as "custodian wallet providers" and virtual currency exchange platforms, to the obliged entity list. More prepaid instruments, such as gift cards and travel cards, will soon be subject to the scrutiny of money-laundering reporting officers or MLROs and the threshold requirement has been reduced from €250 to €150.

For the first time, these sectors will be subject to the same regulatory oversight as banks, payment providers, estate agents, accountants and law firms. With this in mind, such businesses need to take steps now to ensure they have the appropriate “Know Your Customer” (KYC) and AML processes in place when 5MLD’s amendments are enshrined in the regulations.

Enhancing oversight

5MLD instructs every EU member state to set up bank account registers in order to give the police easy access to information about all bank accounts in the European Economic Area. The registries will all be interconnected, allowing every national authority in the bloc to share information with all the others and to demand information from obliged entities, wherever they are.

There is also a requirement for each EU country to list the functions that qualify as “prominent public functions” publicly in order to sharpen its definition of “politically-exposed persons” (PEPs). This is designed to help businesses identify both the PEPs themselves and their close associates during the 'onboarding' process. Anonymous safe deposit boxes will no longer be allowed.

In addition to all of this, 5MLD aims to make banks scrutinise business relationships and transactions involving highly risky non-EU countries more closely. The EU has recently published guidelines regarding its methods for identifying highly risky countries. Member states will be able to restrict obliged entities from opening branches in these countries and will be able to prevent the opening of branches by obliged entities based in any one of these jurisdictions.

All of these are vital steps not just towards the development of true pan-European AML co-operation, but also towards the prevention of money launderers from hiding their activity by outsourcing it to countries with the weakest regulation.

Know your customer!

HM Government also wants to update Regulation 28 of the Money-Laundering Regulations, to address some issues raised by the Financial Action Task Force's latest evaluation of the UK. At the moment, Regulation 28 states that banks and other obliged entitites ought to take “reasonable measures” to verify key information about corporate bodies, but FATF Recommendation 10.9 absolutely requires them to verify this information, while Recommendation 10.8 states that a relevant person should be “required to understand the nature of their [sic] customer’s business and its ownership and control structure.” With this in mind, HM Treasury wants Parliament to amend Regulation 28(3) to use the FATF's stronger wording.

The Treasury wants Parliament to update Regulation 28 for another reason. At the moment, if the customer of an obliged entity is a body corporate, that obliged entity may treat the senior person responsible for managing the body corporate as its beneficial owner. The Treasury wants to extend reporting requirements that pertain to beneficial ownership to include any legal arrangement that is similar to a trust, and also to tax-neutral trusts.

Electronic ID

The directive explicitly approves of electronic identification for the first time. This will be a cost-cutting boon for firms that want to 'onboard' customers in non-face-to-face situations.

The directive also stipulates that processes that identify people electronically ought to be “regulated, recognised, approved or accepted at national level by the national competent authority.”

In its consultative document the Government says: "The requirement for electronic identification processes to be regulated, recognised, approved or accepted at national level by the national competent authority in order to be taken into account does not require formal recognition by regulators for a particular identification scheme – approval from the competent national authority can be implicit. The Government welcomes views on whether standards on an electronic identification process set out in Treasury-approved guidance (such as that published by the Joint Money Laundering Steering Group) would constitute implicit recognition."

International co-operation

The fifth directive calls on member-states to improve overseas access to their central registers of corporate bodies’ beneficial owners. It will, when transposed into 28 countries' laws, allow foreign authorities to obtain basic information from each other without the need to demonstrate a "legitimate interest" in the companies in question. In the UK, this is already available.

The directive, however, contains no formal definition of a “legitimate interest.” Each EU country is therefore at liberty to come up with its own, although 5MLD does specify that no definition ought to restrict pending administrative or legal proceedings. It should also take into account the work that investigative journalists and private bodies do that is useful in preventing people from laundering money, financing terrorism and committing predicate offences.

In addition, the directive features a new "discrepancy reporting requirement" which will require obliged entities to report any discrepancies that they detect between the information that they hold and the information on the register.

Getting ready for the new regulations

The revisions that HM Government wants to make to the Money-Laundering Regulations will, if and when they are enacted, change the way in which banks, financial firms and businesses in other regulated sectors operate, particularly when it comes to their KYC processes.

This might present firms with unwelcome new burdens, but regulatory technology (RegTech) is already available to support them by automating the monitoring process.

Advanced “augmented intelligence” software featuring machine learning and natural language processing (NLP) are now capable of doing the heavy lifting, searching global databases for information about customers. My own company's system uses more than 500 search terms in many languages to perform real-time searches of the Surface Web (the portion of the World Wide Web that is readily available to the general public and searchable with standard web search engines) and the Deep Web (the part not indexed by any web search engine), as well as other key global databases for information about people and entities.

Performing many KYC checks simultaneously and searching the Web 24 hours a day, seven days a week, such RegTech can spot adverse media reports and relay them to human compliance managers without delay. It makes life easier for human analysts and helps them make effective judgements about risk instead of replacing them. As a result, it can spot any links that private banks' customers and prospective customers may have with suspect businesses and highly risky countries outside the EU.

Preparing to comply

Regulated businesses in the UK ought to take steps now to prepare for the amendments that the Government is likely to make to the Money-Laundering Regulations. If they do not, they could have to pay regulatory penalties and face financial and reputational harm.

Regulators, for their part, ought to guide firms clearly and explicitly in the use of specific pieces of KYC software. They ought to know what each product does and how effective it is. By clearly approving of the use of RegTech in key KYC processes, regulators can let regulated entities know more about how to upgrade their operations while remaining compliant with the rules.