Following months of uncertainty, on Christmas Eve a Brexit agreement was finally reached between the United Kingdom (“UK”) and the European Union (“EU”). The European Union (Future Relationship) Act 2020 (the “Act”) received Royal Assent on 30 December 2020. While the agreement signalled an early Christmas present for many, for others it failed to offer the certainty that they long hoped such an arrangement would provide. One of the areas on which the Act fails to offer much guidance is money laundering and terrorist financing.
The EU has introduced six anti-money laundering (“AML”) directives. As a member of the EU, the UK implemented the first five of those directives by way of a number of regulations (the “Regulations”). The sixth AML directive came into effect for EU member states on 3 December 2020, four weeks short of the end of the transition period.[1] The UK government chose not to implement the most recent directive into national law because it considered that its domestic legislation “is already largely compliant with the Directive’s measures, and in relation to the offences and sentences set out in the Directive, the UK already goes much further”,[2] that is, subject to the following exception: the sixth directive extends criminal liability for money laundering to corporations that fail to prevent it. Such conduct is not presently a criminal offence under UK law. Nevertheless, the UK government has requested the UK Law Commission[3] to review the position and consider whether UK law is “sufficiently equipped to tackle economic crime”.[4] The outcome of that review could lead to further alignment between UK AML laws and the European AML regime.
As the Regulations have been transposed into domestic law, they are likely to remain largely unchanged post-Brexit. However, one immediate change flowing from the UK’s exit from the EU is the amendment to the definition of “third country”, as set out in The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the “2017 Regulations”). Before 1 January 2021, “third country” was defined as a state other than an EEA5 state. It is now defined as a state other than the UK.[6] The term is used in a number of places throughout the 2017 Requirements. As a result, persons who are subject to the 2017 Regulations may need to reassess the requirements that they have in place in respect of EEA customers and clients, as those customers will now be considered third countries for the purposes of undertaking customer due diligence (“CDD”) and ongoing monitoring pursuant to the 2017 Regulations, and therefore will be subject to third country requirements.
Perhaps most significantly, the updated definition will have an impact on enhanced CDD and ongoing monitoring in the context of correspondent banking relationships. Regulation 34 of the 2017 Regulations states that a credit or financial institution which has, or proposes to have, a correspondent relationship with another such institution from a third country must, in addition to satisfying the enhanced CDD measures set out at Regulation 33, satisfy further criteria listed at Regulation 34. That requirement will, of course, now incorporate all relevant EEA institutions.
Further, parent undertakings subject to the 2017 Regulations, which have subsidiaries or branches established in an EEA state, will need to consider under Regulation 20 of the 2017 Regulations whether the country/countries in which those undertakings or branches are established impose AML and anti-terrorist financing requirements “as strict as” those in the UK. If those countries do not, the parent undertaking will need to ensure that measures equivalent to those required by the 2017 Regulations are applied by those subsidiaries or branches (as far as permitted under the law of the third country/countries). Although most EEA states should have implemented the AML directives into national law, it should not be assumed that each of those countries already has requirements “as strict as” those in the UK. The European Commission has previously commented on the incorrect or late transposition of EU law, and the wrong application of EU law, by member states. Additionally, some countries may choose to implement the minimum required to be compliant with EU law, thereby not necessarily ensuring equivalence of AML and anti-terrorist financing requirements between all member states and the UK.[7] Further guidance from HM Treasury8 in this area would be welcome.
However, not all post-Brexit changes to the 2017 Regulations result in potentially more onerous conditions being applied to certain customer relationships. Under the 2017 Regulations, enhanced CDD and ongoing monitoring must be applied in any business relationship or transaction with a person established in a high-risk third country.[9] Prior to the UK leaving the EU, that requirement did not apply when the customer was a branch or majority-owned subsidiary of an entity which was established in an EEA state if the following conditions were satisfied:
-
The entity was:
-
subject to the requirements in national legislation implementing the fourth money laundering directive as an obliged entity10; and
-
supervised for compliance with those requirements in accordance with section 2 of Chapter VI of the fourth money laundering directive;
-
-
The branch or subsidiary complied fully with procedures and policies established for the group under Article 45 of the fourth money laundering directive; and
-
The relevant person, applying a risk-based approach, did not consider that it was necessary to apply enhanced CDD measures.11
Owing to the substitution of “EEA state” with “a third country”,[12] the requirement to apply enhanced CDD and ongoing monitoring in any business relationship or transaction with a person established in a high-risk third country does not apply where the customer is a branch or majority-owned subsidiary of an entity established in a third country, such as the United States of America, provided that the above-mentioned conditions, as amended below, are met.
-
The entity is:
-
subject to requirements in national legislation having an equivalent effect to those laid down in the fourth money laundering directive on an obliged entity (within the meaning of that directive); and
-
supervised for compliance with those requirements in a manner equivalent to section 2 of Chapter VI of the fourth money laundering directive;
-
-
The branch or subsidiary complies fully with procedures and policies established for the group under requirements equivalent to those laid down in Article 45 of the fourth money laundering directive;[13] and
-
The relevant person, applying a risk-based approach, does not consider that it is necessary to apply enhanced CDD measures.
Aside from the abovementioned immediate changes, it is not anticipated that the UK’s exit from the EU will lead to further substantive changes to the UK’s AML regime, at least in the short term.
Closely related to the topic of AML is the issue of beneficial ownership. The fourth EU AML directive required all member states to introduce registers of beneficial ownership for legal entities. The fifth directive enhanced requirements relating to beneficial ownership. At present the UK has registers that relate to three asset types: land and properties, companies and trusts.
Since 2016, the People with Significant Control register has been in force in the UK. It is a publicly available database that records beneficial ownership information in respect of most UK registered entities. This year the UK government intends to introduce a publicly available beneficial ownership register for UK properties owned by overseas companies and legal entities. The proposal is set out in the draft Registration of Overseas Entities Bill which was published in 2018 and borne out of the UK’s commitment at the Anti-Corruption Summit two years earlier. The aim of the Bill is to promote transparency in relation to beneficial ownership in the UK property market and to tackle money laundering. It is envisaged that the register will be maintained by Companies House and failure to comply with the related legislation could result in the commission of a criminal offence.[14]
Concluding Remarks
Perhaps the area in which you and your clients will see the biggest impact on a day-to-day basis is considering whether EEA countries in which parent undertakings have subsidiaries or branches established impose AML and anti-terrorist financing requirements “as strict as” those in the UK. As set out above, previous experience suggests that uniformity of implementation across EEA states cannot be taken for granted.
1 Regulated entities have until 3 June 2021 to implement the sixth AML directive.
3 The UK Law Commission is a statutory independent body created to keep the law of England and Wales under review.
4 https://www.gov.uk/government/news/spotlight-on-corporate-crime-laws.
5 The European Economic Area consists of EU member states and three countries of the European Free Trade Association: Iceland, Liechtenstein and Norway.
6 Section 3(g) of Part 2 of The Money Laundering and Transfer of Funds (Information) (Amendment) (EU Exit) Regulations 2019.
7 https://ec.europa.eu/commission/presscorner/detail/en/IP_17_1846.
8 Her Majesty’s Treasury is the UK government’s finance and economic ministry.
9 Before the UK left the EU, those countries were identified by the European Commission, and any revisions made to that list by the European Commission after 31 December 2020 will not automatically be incorporated into UK domestic law (see Schedule 8 of the European Union (Withdrawal) Act 2018).
10 As defined in that directive.
11 Regulation 33 of the 2017 Regulations.
12 Section 6 of Part 2 of The Money Laundering and Transfer of Funds (Information) (Amendment) (EU Exit) Regulations 2019.
13 Ibid.
14 https://www.gov.uk/government/consultations/draft-registration-of-overseas-entities-bill.