The European Union’s Fifth Anti-Money Laundering Directive (5MLD) came into force in the UK on 10 January 2020. Despite the fact that the UK is scheduled to leave the EU on 31 January 2020, at the time of implementation it was still a Member State of the EU and therefore there was an obligation to bring the provisions of the Directive into UK law before Brexit. Though the scale of change is smaller than the fourth directive, there are still amendments that we need to be aware of.
The Money Laundering and Terrorist Financing (Amendment) Regulations 2019 (2019 Regulations), is the statutory instrument that gives effect to the changes required under the 5MLD and was published on 20 December 2019. This will see an extending of the scope of persons subject to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (2017 Regulations). It also extends customer due diligence measures, creates bank portals to be accessed by Financial Intelligence Units (FIUs) and national regulators and creates a system of registration for crypto-asset businesses, amongst other developments.
The provisions governing customer due diligence on anonymous prepaid cards and requests for information about accounts and safe-deposit boxes will come into force later, on 10 July and 10 September 2020 respectively.
As mentioned, the scope of the persons subject to the 2017 Regulations has expanded under the 2019 Regulations. This includes crypto-asset exchange providers, custodian wallet providers and crypto-asset automated tellers.
The letting agency sector for high value transactions (where property commands €10,000/month or more in rent) and art market participants for transactions that exceed €10,000 are also to be included.
Virtual currencies such as Bitcoin will have a legal definition. The definition of ‘crypto-asset’ adopted by the UK is broader than that of the equivalent ‘virtual currency’ definition in 5MLD.
Customer due diligence measures have to be applied by letting agency businesses and art market participants, as well as crypto-asset exchange providers and custodian wallet providers under the 2019 Regulations, as well as the obligations under the amended 2017 Regulations.
The stringency of these due diligence measures have been increased to include the requirement of relevant individuals to take reasonable measures to understand the control structure and ownership of their clients, and to verify the identities of managing officials where beneficial ownership of a corporate entity is unclear. Enhanced due diligence will also have to be performed by companies that do business with high-risk third countries, specifically focused on addressing the deficiencies in that country.
FIUs and national regulators must be given access to details about UK bank accounts, building society accounts and safe deposit boxes for certain specified purposes under the 2019 Regulations. This would mean in practice that authorities will be able to obtain such information as IBAN numbers and further details about the bank accounts and their holders.
Under the 2019 Regulations, new crypto-asset businesses must register with the FCA before they can undertake crypto-asset activities. Those already undertaking such business prior to the 10 January 2020 implementation date are allowed until 10 January 2021 to register. Registration demands that owners and senior managers or officials are ‘fit and proper’. However, regardless of registration the FCA has begun its supervision of in-scope businesses as of 10 January 2020. There are also certain reporting requirements placed on crypto-asset exchange providers and custodian wallet providers.