Just as the Money Laundering Regulations 2017 are starting to bed in, along come the Money Laundering and Terrorist Financing (Amendment) Regulations 2019, which enshrine the provisions of the European Union’s fifth Money Laundering Directive (5MLD) into British law.

Implemented on 10 January with relatively little fanfare (unlike its predecessor), the new set of regulations is an iteration of the regime to date rather than a wholesale overhaul. There are, however, a number of significant changes of which the regulated community, which now contains some new entrants, ought to be aware.

The key changes for regulated entities (or relevant persons) are:

• the mandatory reporting to Companies House of discrepancies between beneficial ownership  information at Companies House and the firm's own compliance checks (it is unknown how this will work in practice because the regulations leave it open to the Government to issue ancillary regulations in future);
• the application of enhanced due diligence or EDD in the following circumstances –
        ° transactions which are either complex or unusually large or in an unusual pattern or have no apparent lawful or economic purpose (these are 4 defined and separate circumstances and they do not all have to be present, as they did before, for EDD to be essential);
        ° any business or transactions involving a highly risky non-EU country (the UK is, after all, still in the EU), making EDD necessary when any party to a transaction (not just the customer) is involved with or established in a highly risky country (the European Commission has published a list of such countries);
• additional 'red flags' or signs of high risk to consider when one decides whether to undertake EDD, i.e. if -
        ° the HNW individual is involved in the trade of oil, arms, precious metals, tobacco products, cultural artefacts and items of archaeological, historical, cultural and religious importance or of rare scientific value in addition to ivory and protected species;
        ° there has been no face-to-face meeting and no electronic identity systems have been involved;
        ° the customer is seeking citizenship/residency in exchange for capital investment;
        ° the person is the beneficiary of a life insurance policy (if relevant to the retainer).
• the need for documented risk assessments for AML/ATF purposes on any new products or business practice (not just new technology).
• the need for data-sharing policies for dealing with parent undertakings that share information about customers (including accounts and transactions) to subsidiaries;
• fresh requirements to do with beneficial ownership that oblige reporting entities to take reasonable measures to understand the ownership and control structure of a company or trust that is the beneficial owner of a customer (if the beneficial ownership cannot be established and all possible means of doing so have been exhausted then reasonable measures should be taken to identify and verify senior person responsible for managing the company. This must be recorded in writing);
• electronic identification for customer due diligence (CDD) rather than just paper-based ID such as passports or diving licences through a process that must be independent of the customer and secure from fraud and misuses (HM Treasury is to issue guidelines);
• the prohibition of pre-paid cards if they are issued outside the EU (unless they were issued in a territory that has AML legislation equivalent to the EU’s standards);
• training in larger firms to include initial and periodic screening of relevant staff (which include compliance officers, front-office staff, introducers of business, those who are customer-facing), which screening ought to involve assessments of these people's integrity, skills, knowledge and expertise to ensure they are capable of carrying out their functions; and
• AML training for agents who are used for any regulated activity.

There are other changes of which firms ought to be aware.

• Every EU country must draw up a list of specific functions which qualify as “prominent public functions” to ensure that people who might be "politically exposed persons" or PEPs are identified for "duly diligent" purposes (the EU will then consolidate the lists from all countries).
• Every EU country must set up a register of the ultimate beneficial owners of companies and trusts (the UK has already done this for corporations). It is important to note that the beneficial-ownership threshold of 25% in MLD4 has been lowered to 10% for those non-financial entities that are not engaged in active business activity (the idea is to target those entities that people use as intermediary structures and which are often designed deliberately to create opacity).
• There must be centralised automated mechanisms for identifying the holders of bank accounts and safe deposit boxes by 10 September. This will give the police and AML supervisors easy access to the information. In other words, banks and other financial firms will be required to have systems in  place to enable them to respond using a central automated mechanism to a request for information by this-or-that government agency.  
• National registers are to be connected via the European Central Platform by 10 March 2021.

The following organisations are new entrants to the regulated sector.