Since July 2019, the UK government and private sector partners have been on a mission to upgrade the UK’s response to economic crime. This mission has been guided by the Economic Crime Plan, which lists 52 actions for how the response to economic crime should be bolstered. As monitored by RUSI’s Economic Crime Plan tracker, progress has been steady, with 80% of the actions either completed or in progress. In July 2021, a further action was initiated – Action 33, which calls for a review of the UK’s Money Laundering Regulations (MLRs) and the Office of Public Body Anti-Money Laundering Supervision (OPBAS) Regulations.
The MLRs are one of two pieces of legislation forming the foundation of the UK’s anti-money laundering and countering the financing of terrorism (AML/CFT) regime (the other being the Proceeds of Crime Act 2002). They set out how the private sector should ‘detect and prevent money laundering and terrorist financing … while minimising the burden on legitimate customers and businesses’.
Historically, the content of the MLRs was informed by the EU and its Anti-Money Laundering Directives (AMLDs). Following Brexit, the UK has ceased transposing the AMLDs and now has an opportunity to forge its own pathway.
The UK review is not the only introspection currently underway. In July 2021, the EU issued its latest and most ambitious AML Package, which sets out considerable reforms to how the EU AML/CFT regime will operate. Reforms are also being undertaken in the US, with the unveiling of the Anti-Money Laundering Act 2020 in December, which will now be operational over several years as its rules are set.
With all these reforms in motion, it is useful to consider what the UK can learn from other jurisdictions and what repercussions any divergences might have.
Convergence and Divergence
At the centre of the UK’s review is a Call for Evidence on the UK’s AML/CFT Regulatory and Supervisory Regime. This gives us some insights into what the future UK AML/CFT regime could look like, and where it may converge with and diverge from the EU and US. There are three areas of particular note:
1. Approach to Risk
Perhaps the most crucial theme emanating from this document is how the UK will expect the private sector to identify and control financial crime risk. This is a longstanding challenge requiring a balance to be found between meeting the regulatory requirements (often referred to as taking a ‘tick-box’ approach) and genuinely identifying the criminal risks an entity is exposed to based on its activities and product offering (the so-called Risk-Based Approach, or RBA). The consultation states that the government will remain committed to the RBA and will use this opportunity to explore the persistent frustrations which wed more cautious entities to the tick-box approach. It will examine how well risk is understood, what barriers exist to understanding risk and what more the government and supervisors could do to facilitate greater clarity on risk. Borrowing from the US, it asks whether the UK should introduce National AML/CFT Strategic Priorities to focus the private sector on particular risk areas. Although potentially useful, if these are introduced, the UK should learn from the first US iteration of such priorities, which have been received with scepticism given that they encompass all major economic crimes.
The UK is also toying with the idea of introducing a definition of ‘compliance programme effectiveness’. This would make it easier for the private sector to understand its obligations and demonstrate that it is employing effective controls. This idea is likely to be welcomed by the private sector. Earlier this year, the Wolfsberg Group (a group of the world’s 14 largest banks) published a letter setting out how the private sector believes it should demonstrate effectiveness in lieu of an official position.
Across the Channel, the EU has opted for a more prescriptive approach in its latest reforms. A new EU Rulebook on AML/CFT will be introduced for the private sector, accompanied by technical standards for compliance, moving away from the flexibility afforded by a risk-based approach. This difference in approach is likely to cause difficulties for firms that operate in both the UK and EU markets, and different control measures may be required in each.
AML supervision – a fundamental cornerstone of any AML regime – is another significant element of the consultation. The UK’s fragmented system of three statutory supervisors and 22 Professional Body Supervisors (PBSs) has been subject to extensive criticism, including in the 2018 FATF evaluation of the UK, and has more recently been referenced by international partners as an example of the shortcomings of a multiagency model.
Since 2018, some improvements have been made, including the introduction of the Office of Public Body Anti-Money Laundering Supervision (OPBAS) to oversee the PBSs. Now, the government is going further and using this opportunity to ask fundamental questions about the structure and scope of the UK AML supervisory regime, including what role OPBAS should play.
Radically rethinking AML supervision is also on the agenda in the EU. The EU plans to introduce a new pan-European financial supervisor, the Anti-Money Laundering Authority, which will directly oversee the implementation of AML/CFT measures by the bloc’s riskiest financial institutions and monitor the national supervisors responsible for all other financial institutions. Crucially, it will intervene when national financial supervisors are deemed to be failing and usurp supervisory responsibility where necessary. The aim of this approach is to achieve greater consistency across the bloc, leaving fewer loopholes for criminals to exploit.
Consistency is something sorely lacking in the UK approach, and introducing a similar body responsible for oversight of the whole AML supervision sector certainly has some intuitive merits. If the UK retains its current AML supervision structure, however, it may be able to learn lessons from the EU in adopting its new ‘layered’ approach to supervision, and it should perhaps extend OPBAS’s mandate to include other, underperforming areas of UK supervision such as HMRC (responsible for trust and company service providers, the real estate sector and art market participants).
3. Technology and Data
After years of awkward co-existence, the utility of technology and data in the fight against financial crime is now widely accepted. The Call for Evidence makes it clear that the government plans to remove barriers to adoption of new technologies such as digital IDs. This level of support is analogous to sentiments in the US, where lawmakers have for years signalled a strong commitment to the use of new technology and innovation in compliance.
The EU is an interesting outlier on this topic. Although it is very supportive of the use of digital IDs, there are factions within the EU that are more sceptical of the widescale processing of personal data for compliance. In May of this year, for example, the European Data Protection Board sent a letter to the European Commission listing several concerns related to the need to balance data privacy and AML obligations, a balance it feels is incorrectly weighted in the latter’s favour.
There is an opportunity for the UK to show global leadership on this issue, particularly by aligning the latest version of its digital ID and attributes trust framework with the FATF’s Digital ID guidance, which will ensure that digital ID solutions being developed satisfy international standards for financial crime compliance.
What the Future Holds
Over the next few years, we are going to see significant reforms of the major AML/CFT regimes. As the UK pushes its own vision forward, there will be elements of convergence with its closest partners and areas where it carves out its own agenda. As a new framework develops, the UK should learn from partners in the EU and US and co-opt the best elements from each for its new independent vision. Failure to do so will only serve to create points of divergence which criminals will ultimately exploit.