MLR 2017: a summary of the changes

On June 26th, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”) came into force in the UK. MLR2017 implements the European Union’s Fourth Directive on Money Laundering and replaces two separate sets of rules, the Money Laundering Regulations 2007 and the Transfer of Funds (Information on the Payer) Regulations 2007.

The new regs don’t make any radical changes to the UK’s financial crime prevention regime. But they do tighten the existing rules in a number of important ways, expand their scope slightly, and bring them up to date.

The most notable changes are as follows:

“Relevant persons”

• Where previously only holders of a casino operating licence were covered by the regulations, they now pertain to all gambling providers
• Trustees now have greater obligations in relation to revealing the beneficiaries of trusts
  Those engaging in financial activity on ‘an occasional or very limited basis’ are not covered by the regulations. ‘Occasional or very limited’ is defined as:
  • annual turnover from financial activity of less than £100,000 (this figure was previously £64,000)
  • activity limited to transactions not exceeding EUR 1000 per customer
  • financial activity ancillary to a larger business
  • financial activity not more than 5% of the total turnover of the larger business
  • financial activity only offered to customers of the main business

The risk based approach

All businesses covered by the regulations are required to adopt a more emphatically risk-based approach to financial crime—in particular in relation to how they carry out customer and transaction screening.

The new regs set out the procedure that businesses have to follow to analyse their exposure to financial crime risk. The findings of this analysis have to be written up into a report addressing, among other things, customers, jurisdictions of operation, products and services, and the type and volume of transactions handled by the business.

In addition, businesses must keep in writing their policies and controls relevant to financial crime. These policies must be proportionate to the risks identified in the assessment and include things like CPD, the delegation of responsibilities and the deployment of relevant software.

Previously it was acceptable to default to simplified due diligence for any transaction. Under the new rules, businesses have to actively decide whether simplified due diligence is sufficient for a given transaction or whether an enhanced assessment would be more appropriate. On top of that, the new rules introduce a list of risky jurisdictions which, if linked to a transaction, make enhanced due diligence compulsory.

PEPs

The elements of the old regulations which only applied to foreign politically exposed persons now also apply to local ones. This means that business will have to carry out enhanced due diligence on transactions linked to a slightly broader cohort of their customers.

Third parties

Businesses can still rely on due diligence carried out by a third party, providing that third party is itself subject to the new regs or an equivalently stringent regime in another jurisdiction. But the third party must be able to provide all of the information it obtains in its research, with documentation, within two working days.

Reckless statements

Finally, MLR2017 introduces a new criminal offence. Under the old regs it was an offence to knowingly provide a false or misleading statement about financial crime. This has been expended to include statements that are not knowingly false but which are made recklessly, with little regard as to whether or not they are false.

MLR2017 has generally been well received, with nearly three quarters of relevant professionals in the UK reporting that they believe the changes will make it easier for firms to prevent money laundering. The full text of the regulations is available here.