FATF has published its highly anticipated report on the effectiveness of the UK’s anti-money laundering and counter-terrorist financing measures.
On 7 December 2018, the Financial Action Task Force (FATF) published its highly anticipated mutual evaluation report of the UK. The report sets out the UK’s global standing in combatting money laundering and terrorist financing. The report is generally positive, ranking the UK as either highly or substantially effective in its fight against money laundering and terrorist financing in the majority of areas. The report does, however, highlight some concerns about the UK’s approach, particularly in relation to the Suspicious Activity Reporting (SAR) regime, the utilisation of financial intelligence, and the FCA’s role in the supervision of firms’ compliance with anti-money laundering (AML) and counter-terrorist financing (CTF) rules.
The UK’s last FATF evaluation took place in 2007 and in light of recently heightened sensitivities around money laundering, the government was motivated to ensure that the UK maintained its status as a global financial centre with robust tools to combat financial crime. The report summarises the FATF’s analysis, based on its on-site visit in March 2018, of the UK’s compliance with the FATF 40 Recommendations and the effectiveness of the UK’s AML and CTF regimes. It also provides recommendations as to how those systems can be strengthened.
The report is largely positive and states that the UK:
- Has a robust understanding of the money laundering and terrorist financing risks to which it is subject.
- Proactively investigates, prosecutes, and convicts a range of money laundering and terrorist financing activity, securing approximately 1,400 convictions a year for money laundering offences.
- Has improved its legal framework since the 2007 evaluation by implementing the People with Significant Control (PSC) Register to aid enforcement agencies, regulators and businesses in identifying the ultimate beneficial owners of UK-incorporated companies.
- Ensures that all entities within the FATF definition of “financial institution” (e.g., banks and regulated investment firms) and “Designated Non-Financial Business Professionals” (e.g., lawyers and accountants) are subject to appropriate AML and CTF rules and are supervised for compliance with those rules.
Areas for Improvement
There are, however, a number of development points for the UK that are of particular interest. First, despite “high-end” money laundering having been a long-standing risk area for the UK (i.e. complex money laundering involving significant amounts of funds, which the UK is exposed to given its role as a global financial centre), this has only been an investigation and enforcement priority since 2014. Given that such cases often take years to progress to trial, FATF observes that it is unclear whether the level of prosecutions and convictions for high-end money laundering is or will be commensurate with the UK’s risk profile. Put very shortly, the UK may be doing a good job with easier cases, but not the more complex and potentially more serious ones.
The FATF also notes that the UK is not taking full advantage of its financial intelligence data, largely because of the policy decision that the Financial Intelligence Unit (UKFIU) should have a limited remit — despite similar concerns being raised “over a decade ago in the UK’s previous FATF evaluation”. The UKFIU is the team within the National Crime Agency that receives, analyses and distributes the financial intelligence gathered from SARs. The FATF comments that the UK is unusual in that the UKFIU does not undertake the centralised operational and strategic data analysis of SARs, preferring instead to operate a “distributed model”. This means that relevant enforcement agencies with access to the UKFIU’s data are responsible for undertaking their own separate analysis of SARs, which means the UKFIU “misses the opportunity to search for criminal activity that might otherwise be missed [by enforcement agencies] which mine the SARs database for issues linked to their own geographical or operational remits”.
The FATF also highlights that, whilst the volume of SARs reported to the UKFIU is increasing year on year, 80% of those SARs continue to be from four (unnamed) banks. Meanwhile, the number of SARs filed by the accountancy and legal sectors, as well as money services businesses (e.g., bureaux de change and money transmitters) is decreasing. Accordingly, the FATF expresses concern about the quality of SARs submitted and the possibility that firms may be “defensively filing” (e.g., submitting SARs “in response to unexplained / unusual transactions without any additional analysis or investigation”). In our experience, these concerns are legitimate — and reflect the overly broad definition of criminal conduct on which the UK AML regime is based. Taken together, the FATF calls into question whether SAR data is being fully exploited in a systematic and holistic way, and suggests that “the deliberate policy decision to limit the role of the UKFIU and persisting issues with the SAR reporting regime cast doubt over the overall effectiveness of the exploitation and use of financial intelligence”.
The FATF’s concerns echo concerns about the SAR regime voiced by the Law Commission, which consulted on potential changes to the regime in July 2018.
The FATF report also focuses on how compliance with AML and CTF rules is supervised in the UK and the approach taken by different regulators. In particular, the FATF looked closely at the FCA’s AML and CTF supervision model, under which only a small population of firms are subject to regular, periodic review. This model includes three tiers:
- Systematic AML Programme: Applies to the 14 largest retail and investment banks operating in the UK. They are inspected, on site, every four years.
- Proactive AML Programme: Applies to the next 156 firms from high-risk sectors. These firms are also subject to an on-site inspection every four years.
- Risk Assurance Review: Applies to the remaining 19,500 firms subject to FCA supervision. Of those firms, the FCA reviews a sample of 100 each year — including 60 reviews by way of on-site inspection and 40 desk-based reviews. The selection of firms is 80% random sample and 20% intelligence-based.
As a result, the FATF states that the FCA’s own risk-based approach to supervision requires substantial improvement and should be based on a more nuanced understanding of firms’ risk profiles rather than their size alone. According to the FATF, “there are a significant number of firms undertaking high and medium risk activities falling outside [of the FCA’s] regular, cyclical supervisory attention”. The FCA should therefore “consider how to ensure appropriate intensity of supervision for all the different categories of its supervisory population”.
Action Points for Firms
Practical takeaways for firms from the FATF report are as follows:
- Ensure that your risk assessment, as mandated under the Money Laundering Regulations 2017, has been performed, documented, and is periodically updated. The FATF noted that risk assessments were completed to varying standards and that the vast majority of firms did not carry out adequate assessments of customer risks. Note also that firms must submit their risk assessment to the FCA on demand.
- Review the National Crime Agency’s 2017 Guidance on submitting better quality SARs and consider reviewing internal policies and procedures associated with internal and external SARs.
- Be aware that the FCA placed particular emphasis on individual accountability within firms with regard to AML and CTF. In particular, given that under the Senior Managers and Certification Regime the Money Laundering Reporting Officer is a Senior Management Function, and there is a Prescribed Responsibility in relation to financial crime, senior managers in those roles should be aware of the FATF Report. The very recent (December 2018) penalty imposed by the FCA on the CEO of a UK bank found to have significant AML weaknesses underscores the FCA’s focus on this issue.
- Note that FATF recommended that the FCA consider wider use of criminal background checks for Approved Persons and Senior Managers, i.e. a move to making them a standard part of the approval process rather than only in cases where a concern arises as to an individual’s fitness and propriety.
- Recognise that changes to the PSC Register will enter into force in January 2020, whereby regulated firms using the PSC Register as part of their client due diligence process will be required to report any inaccuracies they discover to Companies House.