Accountants are key gatekeepers for the financial system, facilitating vital transactions that underpin the UK economy. As such, we have a significant role to play in ensuring our services are not used to further a criminal purpose. As professionals, accountants must act with integrity and uphold the law, and must not engage in criminal activity.
This guidance is based on the law and regulations as of 13 July 2021.
It replaces the draft guidance published September 2020.
Please note that while most requirements remain, some requirements of the regulations relating to EU lists no longer apply since the UK has left the EU.
This guidance covers the prevention of money laundering and the countering of terrorist financing. It is intended to be read by anyone who provides audit, accountancy, tax advisory, insolvency, or trust and company services in the UK and has been approved and adopted by the UK accountancy anti-money laundering supervisory bodies.
Click HERE to download Anti-Money Laundering and Counter-Terrorist Financing Guidance for the Accountancy Sector 2022.
The FATF’s assessment of the UK’s compliance with international AML standards
The Financial Action Task Force (FATF) has reviewed the UK’s progress towards compliance with money laundering and counter-terrorist financing recommendations. The FATF has a series of measures it expects countries to have in place around AML, and the FATF undertakes detailed reviews of the country’s progress every few years in an assessment known as mutual evaluation reports (MER).
The UK last had an ‘on-site visit’ from the FATF in 2018, known as the 4th round MER, but in May 2022, the FATF issued a follow-up report assessing the UK’s progress.
The UK was previously rated as only partially compliant on Recommendation 13 (R.13), based on the lack of application of enhanced due diligence (EDD) measures for correspondent banking within the EEA. EDD measures were only applied for cross-border correspondent banking to respondent institutions outside of the EEA.
Given the FATF’s partially compliant assessment, the UK has amended the Money Laundering Regulations to change the definition of third country to any jurisdiction outside of the UK. This means mandatory EDD measures apply to correspondent banking and similar relationships with all countries outside of the UK, and so the FATF now rates the UK as compliant on R.13.
Financial intelligence units
The UK was rated partially compliant for R.29, regarding financial intelligence units (FIUs), in the 4th round MER. This was due to FATF concerns about the independence and under-resourcing of the UK’s FIU, part of the National Crime Agency (NCA).
The FATF was concerned the UK FIU had only limited ability to conduct operational and strategic analysis and it wasn’t clear if it could seek all the information it needed from reporting entities in order to perform its analysis.
In this recent follow-up assessment, the FATF noted that some progress has been made to expand the UK FIU’s ability to conduct operational analysis. A SARs Reform Programme was implemented with an expansion of the UK FIU, alongside new technology. The expansion went from 81 staff to 141 staff, however the FATF previously noted the staffing numbers should be at least 200 over fifteen years ago in the 3rd round MER.
This comes alongside a huge growth in the number of SARs filed, over 270,000 in the last three years. Plus, the UK FIU’s new IT systems are not yet fully operational. They have just begun working with the National Data Exploitation Capability (NDEC) to better analyse SAR data, but this is also not fully operational either.
Despite the positive developments, the FATF still considers the UK only partially compliant for R.29 given the staffing and IT issues.
Cooperation and coordination
The FATF amended R.2 to require data protection and privacy considerations in the cooperation and coordination between relevant authorities. In the 4th round MER, the UK was rated as compliant for R.2.
The UK data protection and money laundering authorities cooperate and coordinate in the development of policy to ensure the compatibility of AML and data protection requirements. The FATF has rated the UK as still compliant with R.2.
The FATF updated R.15 to include obligations related to virtual assets (VA) and virtual asset service providers (VASP). The revised recommendations added requirements on identifying, assessing and understanding money laundering risks associated with virtual assets. There was also a requirement for VASPs to be licensed or registered, requirements for countries to apply adequate risk-based AML supervision, and for that supervision to be conducted by competent authorities.
In the 4th round MER, the UK was rated largely compliant on R.15, as it lacked a legally binding requirement on financial institutions to asses the risks of new products and business products and delivery mechanisms, despite having non-binding guidance.
Since the MER, the UK has amended the Money Laundering Regulations on policies, controls and procedures so financial institutions are now explicitly required to assess the risks of new products and new business practices.
The UK also met many of the revised requirements of R.15. The UK identifies and assesses money laundering risks related to cryptoasset exchange providers, wallet providers and so forth, and requires them to register with the FCA. They also have to understand and mitigate their AML risks.
The UK has also begun supervising crypto providers for compliance, and has taken active steps to identify natural or legal persons which carry out VASP activities without approval or permission. There are sanctions for those who breach the regulations and VASPs have the same sanctions obligations as other regulated persons.
The FATF did identify some gaps in R.15 compliance. There’s an ambiguity in the law around whether UK law covers transfers of virtual assets, however the UK is exploring legislative change in this area.
The UK also does not apply the travel rule for visual assets, and hasn’t assessed the risks of safeguarding of virtual asset activities. Therefore, the FATF cannot determine whether the UK’s supervision of crypto is risk-based. Due to these gaps and other gaps around equivalence of EU-based firms for the purposes of reliance (R.17), internal controls (R.18) and the imposition of countermeasures (R.19), the UK is still rated largely compliant for R.15.