In the last decade, the FCA has repeatedly stepped in to penalise national financial firms in the fight against money laundering. In fact, since the money laundering regulations of 2017, huge banks like Santander, HSBC, Natwest and Standard Chartered Bank have been the recipients of fines totalling over £500 million for their failings.
It’s time for firms to learn the rules, not least to prevent money laundering, but also to avoid these costly penalties. Respecting the rules ensures that you’re steering clear of funding illegal activities, and platforms like Trustpair help you add those extra layers of security.
What Are the Money Laundering Regulations 2017?
The UK’s Money Laundering Regulations are beneficial guidance for banks, credit unions, firms and other financial institutions. These measures must be followed to prevent criminals from hiding the proceeds from their crimes.
The requirements center around due diligence – researching new account applications, monitoring for suspicious financial activity and completing background checks for information. Institutions must rely on a risk-based approach to take the appropriate actions, from a low to standard and a high risk person.
They were first introduced in 2007. They were later updated in 2017 to reflect the changing threat landscape, largely thanks to digital advancements.
The 2017 Anti Money Laundering Regulations aren’t prescriptive, instead, it’s up to firms to develop their own policies and procedures according to the risks that may impact their business service.
Key Requirements Under MLR Act
There are a few important requirements of MLR 2017, including:
- Due Diligence
- MLRO
- Internal Controls
Due diligence
The money laundering regulation due diligence requirements ask institutions to decide between three different levels of due diligence. It depends on the risk relationship with the person.
Risk factors include
- Publicity versus privacy: companies listed on the stock exchange may be considered low risk because much of their information is publicly known. However, public figures like politicians could be at higher risk of legal and financial blackmail
- Jurisdiction: individuals in countries with regulations that promote transparency may be considered lower risk
- Payments history: an opaque transaction structure or transfer could indicate higher risk
| Type of due diligence | Customer risk level | Required checks |
| Simplified due diligence | Low risk customer |
|
| Standard due diligence | Average level of risk | All of the previous plus:
|
| Enhanced due diligence | High risk customer | All of the above, plus:
|
MLRO
Assigning a money laundering reporting officer (MLRO) within your company was one of the key updates from the 2017 regulations. This makes the responsibility clear within any company: employees are required to report any suspicious activities that they find to this assigned officer.
The role then requires the MLRO to review the facts. If they suspect that money laundering has occurred, they’ll be required to fill out a Suspicious Activity Report (SAR). This form alerts external organisations, like the police, to the potential criminal activities. But it must be completed in the strictest of confidence, given that the subject can’t find out.
Internal Controls</h3>
Each organisation must complete a policy statement which provides a framework for how your business will deal with the threat of money laund
It should list your internal controls, roles and responsibilities, the methods you’re implementing to prevent money laundering, staff training and response practices. For example, your internal controls should consider the record-keeping requirements of this regulation, including all the due diligence completed and ongoing monitoring records. You may also implement quarterly staff training as a means of control to recognise suspicious transactions, leaving staff with no excuses to let the relevant funds or persons go.
Updates Since 2017: What Changed in 2019, 2020 and beyond?
A lot has happened since the regulations were first introduced, so we’ve put together a timeline of events for your firm:
2018
The Money Laundering and Terrorist Financing (Miscellaneous Amendments) led to due diligence rule amendments. This mainly updated references to the Payment Services Regulation (PSR), which was updated between 2009 and 2017. The Sanctions and Anti-Money Laundering Act 2018 also came in this year, updated from 2005. This outlined the EU’s powers, sanction types and designated persons that these penalties could apply to.
2019
Changed the right to appeal (rule 99) against HMRC’s supervisory decisions.
2020
Brexit finally happened, and the UK chose to retain this law, with a few minor information amendments. This year, the introduction of the 5th Anti-Money Laundering Directive (5AMLD) also happened in the EU. This widened the scope of money laundering monitoring to lettings agents, art dealers, crypto asset providers and custodian wallet providers.
2021
The regulation was amended to update high risk countries which might indicate that the financial infrastructure is less transparent, the rules are not strong enough, transactions are more likely to relate to terrorist financing, or finances are easier to hide. Examples of these countries include Bulgaria, Lebanon and Venezuela.
2022
The rules were amended once again to expand its scope further within cryptocurrency businesses and trusts. Money laundering regulations in 2022 gave regulators a chance to catch up following the stark growth of online banking and finance tools introduced during covid, which potentially helped criminals to hide their identities.
2023
Money laundering regulations 2023 saw an amendment to the UK’s due diligence standards for politically exposed individuals. The rules lowered the starting point for enhanced due diligence for domestic PEPs compared with foreign PEPs.
2024
The 6th Anti-Money Laundering Directive (6AMLD) added to global money laundering regulations 2024, expanding the list of money laundering and terrorist financing offences in Europe.
How Does Account Validation Support MLR Compliance?
Account validation is the automated validation of worldwide bank details, presented in a contextualised assessment so that your people can see the risks. This directly supports MLR Compliance because it’s part of the due diligence process, but can also be automatically performed every time you make a new payment, meeting some of the ongoing monitoring requirements too. If somebody makes a change to their payment details, for example, you can verify that it’s really them, and their new accounts do exist and are owned by them, rather than impersonators attempting to launder money.
In 2024, 93% of UK businesses were targeted by fraudsters, and 42% of companies actually suffered two or more successful attacks. Therefore, account validation is more important than ever for businesses to ensure they’re not funding illegal activities, and staying on the right side of the regulations.
Trustpair’s solution checks the legitimacy of vendors and their banking data throughout the entire payment chain. Demo the platform to learn how you can reliably wipe out the risks of payment fraud.
Penalties for Non-Compliance
The UK’s Money Laundering Regulations are overseen by the HMRC authority rather than the FCA. This makes them slightly different to most of the financial regulations that companies deal with.
Penalties include unlimited fines and up to two years in prison for offenders.
HMRC focuses on financial penalties, which they state will be “proportionate to the failure” and are designed to “deter non compliance”. They’ll also consider the reasons for non-compliance, scale of the offence and size of the business.
In 2022, Santander was fined £107.7 million for AML failures. This included gaps in their services’ internal controls that led to one customer receiving and transferring millions through their account, even after it had been flagged by the bank’s AML team.
To avoid penalties like these, organisations should closely assess how well they trust their current supervisory compliance procedures, and successfully prevent money laundering.
A recap on the UK’s MLR 2017
The 2017 Money Laundering regulations have rules on due diligence, internal controls, and assigning a money laundering reporting officer. The rules have been updated regularly, especially for new technology that could conceal identities. Trustpair adds a layer of security and compliance to payments by continuously monitoring your third-party data.
