AML Compliance Guidelines: United Kingdom

The United Kingdom is one of the most open and globally connected economies in the world. Home to the second largest financial centre, it is the 5th largest economy in terms of gross domestic product (GDP). Once at the forefront of the industrial revolution in the 19th century, now the driving force behind its growth is the services sector of which the financial sector is a major player.

The London Stock Exchange is the largest exchange in Europe, as of June, 2024. According to the annual review of UK financial services 2023, the foreign exchange trading accounts for 38% of global trade. The UK is also the world’s second largest asset management centre, managing £11.6 trillions worth of assets at the end of 2021. The UK is also home to the fintech industry in Europe, hosting 3200 companies which accounts for the second highest global share only after the USA.

Given the importance and scale of the UK’s financial system, the government has imposed a robust and dynamic Anti-Money Laundering regulatory framework to protect its international reputation and integrity of its financial system. According to a report by the National Crime Agency on National Strategic Assessment the amount of illicit cash generated every year in the UK is highly likely to be over £12 billion and the scale of money laundering carried out through the UK economy could be in the hundreds of billions of pounds annually.

Sectors Required to Comply with AML/CFT Laws in UK

• Banking Sector
• Money Service Businesses (Money Exchange & Money Remittance etc)
• Credit Lending Institutions
• High Value Dealers (Jewelers, Car Dealers and Antique Dealers etc)
• Letting And Estate Agency businesses
• Auditing, Accounting, Insolvency And Tax Advisory businesses
• Trust And Company Service Providers
• Independant Solicitors And Law Firms
• Crypto Asset businesses (Crypto Exchanges etc)
• Casinos, Gambling And Betting Agencies
• Auction Platforms
• Art Market Participants

What are the key legislations impacting AML/CTF and sanctions regime in the UK?

Who are the key AML regulators in the UK?

Statutory AML/CFT Supervisors

Professional Body AML/CFT Supervisors (PBSs)

Other Related bodies and Law Enforcement Agencies Guiding and Implementing Anti Money Laundering Measures in UK

What are the measures required to carry out due diligence obligations?

Under Regulation 28 of MLRs, when a regulated entity is required to carry out CDD measures, these measures at minimum should:

• Identify the customer and verify their identity using a reliable source (like govt issue ID or passport)
• Identify and verify the beneficial owner, if beneficial owner is a legal person take measures to understand ownership and control structure of the legal person
• In addition to customer (a body corporate), determine and verify the full names of board of directors or equivalent management body and senior persons responsible for its operations unless it’s a company listed on regulated exchange
• Assess, or obtain where appropriate, details about purpose and intended nature of business relationship or occasional transaction

The level of CDD measures to be taken must take into account the business-wide risk assessment of the regulated entity and risks associated with a particular client. Based on the level of this risk proportionate measures should be taken.

Enhanced Due Diligence

What Are Screening Requirements Under Enhanced Due Diligence Measures in UK?

Under Regulation 33(1) a regulated entity should apply enhanced due diligence and enhanced ongoing monitoring in addition to the measures required for normal due diligence to mitigate risks in following scenarios:

• Regulated entity based on a customers behaviour or transactions determines the risk of money laundering or terrorism is high
• Regulated entity determines that a customer or a potential customer is a politically exposed person (PEP), or a close associate or a family member of the PEP
• Establishing a business with a business relationship or carry out a transaction linked with a high risk third country (jurisdiction added into FATF lists commonly referred to as greylist and blacklist)
• Transactions are unusually large, complex, or have no apparent economic or legal purpose
• Regulations 33(6) provides a list of factors to be taken into account when considering to apply EDD measures like geographical risk factors, customer risk factors and product, service, transaction and delivery channel risk factors.

What are the measures that should be taken when applying EDD?

Under Regulations 33(3b), EDD at minimum should include the following measures when entering into a business relationship with a customer established in high-risk third countries or transaction linked to high risk third countries:

• Obtaining additional information on customer, beneficial owner and intended nature of business or reason of a transaction
• Obtaining information about customer’s source of funds or source of wealth or customer’s beneficial owner
• Obtaining senior management’s approval for establishment or continuation of business relationship
• Increasing the degree and timing of controls applied to monitor business relationship and transactions

Under Regulation 33(4), EDD measures in relation to a transaction which is unusually large or has no apparent economic reason, at minimum should include

• Examining background and nature of transactions
• Increasing the degree and nature of monitoring of the business relationship to determine if business relationship or transaction appears to be suspicious

What are the obligations of the regulated entities related to the politically exposed persons?

Identification of PEP:

Under Regulation 35 of the MLRs, a regulated entity is obligated to apply risk management systems and controls to determine if a customer or beneficial owner of a customer is a politically exposed person (PEP) or a known close associate or a family member of a PEP. These measures should be proportionate to risk assessment and inherent ML/TF risks in its business.

EDD measures for PEPs:

If a customer is determined to be a PEP, known close associate or family member of a PEP, a regulated entity in addition to normal due diligence requirements apply the following measures:

• Senior management approval to establish or continue a relationship with such customer
• Take necessary measures to obtain the source of wealth and source of income
• Conducting enhanced ongoing monitoring during the course of the business relationship

Requirements for former PEPs:

Where a PEP ceases to hold prominent public function, a regulated entity should continue to apply enhanced due diligence measures for at least 12 months after leaving his position or as determined by the regulated entity based on the risk profile of the PEP. Immediately after a PEP leaves his position, it is not required to apply Enhanced Due Diligence measures for known close associates and family members of the PEP.

Who is a Politically Exposed Person under UK’s AML Law?

Under Regulation 35(12), a politically exposed person or PEP means a person who holds a prominent public function which is higher than middle ranking or a more junior position. A “family member” of a PEP means, a spouse or civil partner, children, spouses or civil partners of the children and parents of the PEP.

A “known close associate” of a PEP means, an individual who has a joint beneficial ownership stake in a legal entity, a legal arrangement or any other close business relationship with a PEP or a sole beneficial ownership in any of such businesses known to have been set up for the benefit of the PEP.

Regulation 35(14), provides a list of professions or positions that are included in the meaning of  prominent public function.

What are the record keeping and reporting requirements for the regulated entities?

Regulated entities are required to maintain documents and records used to carry out due diligence measures and details of transactions. This record should be retained for up to five years after termination of a business relationship or execution of a transaction. This record must be disposed-off or deleted after completion of a five years period unless otherwise required under any legal proceedings or enactment.

Failure to report any suspicion of money laundering or terrorist financing by a regulated entity during the course of carrying out a regulated activity to the authorities is a punishable offence under Proceeds of Crime Act 2002 (POCA) and Terrorism Act 2000 (TACT).

What Are Crypto Travel Rule Compliance Requirements in the United Kingdom?

Under Regulation 64C of MLRs, cryptoasset service providers initiating a transfer are required to obtain and pass on the certain information of the originator and beneficiary to the cryptoasset business of the beneficiary. This requirement is referred to as the Crypto Travel Rule and has been enforced in the UK since September 2023.

Such information should include names and account numbers of both parties (originator and beneficiary). Moreover, where any of the cryptoasset business involved in transaction is operating outside the United Kingdom, originating cryptoasset business shall also include one of the additional information like customer identification number of originator, or date and place of birth, or address, passport number or national ID number.

If a beneficiary cryptoasset business determines that the information required under the travel rule is missing or incomplete they can request such information from the originating cryptoasset business and may assess to hold relevant transactions until such information is received.

Why is adverse media and PEP screening important for compliance with regulations?

Screening is the most important pillar of a firm’s risk management systems for AML compliance. Use of a risk based approach is a fundamental requirement in developing policies, procedures and controls. Where risk of ML/TF is higher businesses are required to allocate more resources and apply enhanced due diligence.

To comply with regulations 33 and 35 of MLRs, when conducting due diligence measures a customer should be screened against any publicly available adverse media information, watchlists and PEP lists to apply measures appropriate to the level of the risk a customer poses in relation to money laundering and terrorism financing.

Establishing a business relationship with a client, who has a criminal history or publicly available adverse media information, without taking appropriate enhanced due diligence measures, may result in violation of these regulations and result in unlimited fines or even imprisonment.

Joint Money Laundering Steering Group’s Guidance on Due Diligence Requirements for Financial Institution in UK

More detailed information is available in JMLSG’s guidance for financial institutions in the UK on prevention of money laundering and combating terrorism financing.

JMLSG provides comprehensive guidelines regarding the implementation of an appropriate screening system which caters to the specific needs of a business. When choosing between manual and automated screening systems a business should take in account its exposure to high risk customers and scale of its operations like customer base and frequency of transactions. JMLSG recommends adopting an automated screening system where a business is exposed to high risk profiles, has  a large customer base and high frequency of transactions.

Guidance also recommends that any screening services used should be able to identify non latin scripts (Chinese, Arabic, Russian etc) and have the customizable capability of fuzzy matching.

What are the maximum penalties for non compliance with AML regulation in the UK?

Failure to comply with AML regulations may result in fines, suspensions, licence cancelation, temporary or permanent restriction on individuals to act as management, imprisonment of employees who failed to ensure compliance with AML regulations. While failure to comply with MLRs may result in imprisonment up to 2 years, the original money laundering offence under section 327, 328 and 329 (concealing, transfering, arranging, using or possessing criminal property) of POCA may result in up to 14 years of imprisonment, upon conviction on indictment.

Regulations do not provide a maximum limit of fine which can be imposed in case of non compliance. FCA has power to impose any amount of fine based on the severity of the violation. During 2021 a total of £567,765,219.95 was imposed by FCA which included an enormous fine of £264,772,619.95 levied by the court pursuant to FCA’s successful prosecution of National Westminster Bank Plc for its failure to comply with AML regulations.

So far in 2024, FCA has imposed a total of £87,064,281 worth of fines on different regulated entities. Starling Bank Limited received one of the largest fines in 2024 which amounted to £28,959,426 ($38 million) for failure to comply with sanctions screening requirements. Particularly Staling Bank’s screening systems failed to take into account the full range of applicable sanctions lists which led to potential sanctions breaches since 2017.

Sanctions Compliance Requirements in the United Kingdom

Who is required to follow sanctions in the United Kingdom?

Every UK resident, every UK citizen anywhere, every legal entity operating in the UK, and every legal entity incorporated under the laws of the UK operating anywhere are obliged to comply with sanctions issued by the UK government and UNSC. UK entities are obligated to comply with sanctions issued by the United Kingdom (UK Sanctions Lists) and sanctions implemented by United Nations Security Council Resolutions (UNSCR) as the UK is a member of the UN.

What are penalties for non-compliance with financial sanctions in the UK?

Financial sanctions are issued by HM Treasury under the powers derived from the Sanctions Act. Sanctions in the United Kingdom are implemented, monitored and enforced by the Office of Financial Sanctions Implementation (OFSI) a part of the HM Treasury. In case of violation of sanction regulations; under the Article 146 of Policing and Crime Act 2017, OFSI can impose a monetary penalty up to £1,000,000 or 50% of the economic value of the breach, whichever is higher. For criminal liability an imprisonment for up to 10 years under the Article 17 of the Sanctions Act.

What are penalties for non-compliance with sanctions related to trade, aircraft and shipping in the UK?

Starting October 10 2024, Office of Trade Sanctions Implementation (OTSI), a part of the Department for Business and Trade, will have powers to enforce trade related sanctions whereas Department for Transport (DfT) will enforce aircraft and shipping related (designated vessels & shipping companies) sanctions under the Trade, Aircraft and Shipping Sanctions (Civil Enforcement) Regulations 2024. OTSI will have power to impose a maximum penalty of £1,000,000 or 50% of the economic value of the breach, whichever is higher. This statutory guidance (Trade, aircraft and shipping sanctions, civil enforcement: guidance) provides detailed information on scope, reporting obligation, and amount of civil penalties related to trade, aircraft, vessels and shipping services related sanctions.

Who is a high value dealer and what are their obligations under money laundering regulations?

High Value Dealer (HVD)

A high value dealer is a business or sole trader who deals in goods and accepts or receives high value cash transactions of 10,000 euros or more, either executed as a single or series of connected transactions. Following list is example of businesses or sole traders who deal in high value cash transaction will be captured under AML regulations and needs to be registered with HMRC:

• Alcohol
• Art & Antiques
• Auction
• Caravans, motorhomes & static vans
• Cash & carry or wholesaler
• Car Dealers
• Electronic goods
• High-end retail Stores
• Household, Sports & Guns
• Jewellery, Gems & Stones Dealers
• Pharmaceutical or chemicals
• Textiles & Clothing

National Risk Assessment (NRA) of 2015, 2017 and 2020, consistently maintains that cash poses a high risk of money laundering due to its inherent vulnerability like anonymity, portability and untraceability. While the use of digital transactions is becoming increasingly popular among consumers, cash is still one of favourite means for criminals to launder proceeds of crimes. The NRA (2020) assessed that money laundering risk associated with HVDs has increased from low to medium due to the extent of cash transactions and anonymity it offers, exposure to high risk jurisdictions, and convenience of cross border movement of high value goods. All these factors make HVDs vulnerable to being exploited by criminals to hide illegal proceeds or being used by the designated individuals to evade sanctions.

HVDs can get more details from Money laundering supervision guidance for high value dealers prepared by HMRC. It includes obligations of HVDs like policies procedures, due diligence, staff training, record-keeping and reporting, sector specific risk factors and common money laundering typologies and practical ways to discharge these obligations.

Sanctions, PEP and Adverse Media Screening for High Value Dealers in UK

High Value Dealers should pay particular attention to screening their customers against all applicable sanctions lists to ensure compliance with Sanctions Act. High value dealers should also screen their customers against PEP lists and adverse media sources in order to ensure compliance with enhanced due diligence requirements set out by Regulation 33 of MLRs. Non compliance with MLRs may result in maximum two years imprisonment and unlimited fine, where violation of Sanctions Act may result in maximum 10 years in imprisonment or a fine up to £1,000,000.

What are the AML compliance requirements for the Legal Sector in the UK?

Solicitors Regulators Authority (SRA) regulates all the solicitors and most of the law firms working in the legal sector in the United Kingdom. Legal Sector Affinity Group (LSAG) is made up of legal sector regulatory and representative bodies. LSAG has prepared guidance for the legal sector to comply with their AML obligations which is approved by the HM Treasury. Part 1 is regarding AML guidance generally for the legal sector whereas part 2 has specific guidance related to barristers, notaries and trust and company service providers.

This guidance provides practical information to the legal sector on how to discharge obligations under AML regulations and prevent risks of ML/TF/PF. This includes practical information on governance, policies, procedures and controls, risk assessment, client due diligence, staff training, suspicious activity reports and record keeping etc.

Trust and Company Service Providers (TCSPs)

As per the latest risk assessment reports, trust and company service providers (TCSPs) are especially vulnerable to committing or facilitating offences related to money laundering and asset freezing measures against the designated persons. TCSP services can be misused by corrupt politically exposed persons to hide illicit funds. TCSP services can also be used by designated entities through their proxies such as family members to form companies with layers of holding entities or shell companies to hide true beneficial owners and evade asset freezing measures.

Keeping in view the overall risk factor involved in trust and company formation services, TCSPs should be highly vigilant in identifying and verifying their clients and beneficial owners as required by MLRs, and screen them against applicable sanctions, adverse media and PEP lists to be aware of their true risk profile.

PEP and Adverse Media Screening for Legal Sector

LSAG recommends more frequent screening of their clients and beneficial owners using a commercial screening service for larger or specialist firms where they expect to undertake work on behalf of PEPs regularly or in the normal course of their business. Screening against PEP and adverse media lists when assessing the risk factors related to a client is crucial to determine the appropriate level of due diligence measures needed in a particular case.

Sanctions Screening for Legal Sector

Moreover, it’s an offence under the Sanctions Act to deal with a property of a designated person or for the benefit of a designated person, or making funds, financial services or economic resources available directly or indirectly to a designated person. Hence, the legal sector must ensure when establishing a business relationship with a client or conducting a transaction on behalf of a client that such person is not a designated entity by screening against the applicable sanctions lists (UK Sanctions and UN Sanctions). When conducting sanctions screening law firms and solicitors shall also consider other applicable international sanctions particularly issued by Office of Foreign Assets Controls (OFAC) of the USA based on the jurisdictions relevant to their operations.

What are the AML obligations of Art Market Participants in the UK?

Art market participant (AMP) means a firm or a sole practitioner who as a business trades in work of art or as an intermediary facilitates selling or buying of work of art or stores a work of art in a freeport, whose value is equal to or above 10,000 euros. However, selling a personal work of art is exempted from these regulations.

The British Art Market Federation (BAMF) has developed a comprehensive guide for the art market participants to comply with their obligations under AML regulations in the UK. At the heart of the AML regulations is identifying and verifying the person who is selling or buying the art, in case of a legal entity identifying the beneficial owner or person in control of the company or trust etc.

Due to the nature and scope of the Art business, AMP are expected to encounter politically exposed persons more frequently when dealing in arts in the normal course of their business. Dealing with PEP carries high money laundering risk and therefore, regulations require AMP must identify if any of the persons involved in any transaction is a PEP and apply higher due diligence measures to minimise the risks of money laundering attached with such dealings.

AMP are required to have systems in place to identify if a person is a PEP, a family member or a close associate of a PEP. Guidance suggests for this purpose AMP may use publicly available information like reliable media sources, government or parliamentary websites. Guidance also suggests that AMP may also use a commercial database for PEP screening.

To apply the required level of due diligence for customer’s or their beneficial owners, AMPs may also need to check if there is any publicly available information like allegations of criminality or terrorism, commonly referred to as adverse media sources. Where an AMP suspects risks of money laundering or terrorism financing when carrying out business, it must be reported to UKFIU via suspicious activity report (SAR).

AMP must not deal with an individual or entity designated under UK Sanctions or UNSC resolutions. If AMP identifies that any of the parties involved in a transaction is a designated entity or individual it must be reported to UKFIU via an SAR.

What are the AML obligations for the Real Estate Sector in the UK?

Letting agency and estate agency businesses are regulated under the MLRs in the United Kingdom. HM Revenue and Customs provides comprehensive guidance to the real estate sector regarding their AML obligations and practical information on how to discharge these obligations to prevent ML/TF/PF risks in their sector.

Estate agents are required to carry out customer due diligence measures when establishing a business relationship with a client, conducting an occasional transaction that amounts 15,000 euros or more. Whereas letting agents are obligated to apply CDD measures when concluding a renting agreement where rent is 10,000 euros a month or more.

PEP and Adverse Media Screening Requirement by Real Estate Sector in UK

When conducting identity verification estate agents and letting agents must identify and verify their clients, prospective clients, beneficial owners and counterparties to any transaction. All such parties should be screened against relevant adverse media sources and PEP lists in order to assess their risk profile and apply appropriate enhanced or simple due diligence measures based on their risk profile.

Sanctions Screening Requirement in Real Estate Sector of UK

Additionally, under the Sanctions Act which applies to all individuals and legal entities in the UK, real estate and letting agency business are also required to screen all their customers, beneficial owners and counterparties against the applicable sanctions lists (UK and UN Sanctions or any other sanctions based on operational jurisdiction). Individuals and entities included in sanctions lists are known as designated individuals/entities. Providing services for the benefit of a designated entity/individual or dealing with funds or property of a designated entity/individual directly or indirectly is an offence and may attract fines or imprisonment in case of violations.

In 2024, HMRC published a list containing 1.6 million worth of fines issued to estate agents and letting agents for not complying with the regulations. All estate and letting agency businesses must register with HMRC. Before a letting agency or an estate agency business apply for registration they must conduct an anti-money laundering risk assessment and put in place policies, procedures and controls to mitigate these identified risks.

Additionally, in September 2024, OFSI, the sanctions enforcement authority, issued a penalty notice to Integral Concierge Services Limited (ICSL), a property management company, for dealing with a property of a designated person in relation to Russian sanctions regulations.