UK AML Regulations 2024: What you need to know to comply

As both technological advancements and the cost of living continue to ramp up, the financial services sector is under threat from criminals looking to profit from illegal and unethical activities. In fact, according to the National Crime Agency, £2.46 billion was lost by businesses and individuals to fraud in FY 22/23 alone—a significant amount of which is down to successful money laundering crimes.

The size and scale of money laundering is significant, with a report from Deloitte and International Finance revealing that it accounts for 2-5% of global GDP annually. But being proactive and following UK law enforcement’s regulations can protect your business, customers, and the economy from the immense impacts this financial crime can have.

We know it can be difficult to stay up to date with the regulations as they continually evolve. To help you to stay on the right side of the law, we’ll be taking a deeper look at how you can ensure your business complies in 2024.

Recent changes to the AML regulations

1. Proliferation financing was added to the list of financial crimes covered by MLR 2017

2. Additions of relevant persons were made to certain categories – MLR regulations have extended to ensure:

• Crypto asset exchange providers and custodian wallet providers to apply customer due diligence to measures related to crypto asset transfer equal or exceeding the value of EUR 1,000 in value. 
• The definition of trust or company service providers (TCSPs) now expressly includes TCSPs providing services involving the formation of all types of business arrangement. 
• The definition of “art market participants” is clarified to exclude artists selling their works over 10,000 EUR, whether they sell as an individual or as part of a corporation. 
• Removes Account Information Service Providers (AISPs) from the scope on the basis that they’re informational tools that’ll allow customers to view their data and link their information to other services.

3. An extension of the Travel Rule for wire and bank transfers involving crypto assets

4. Changes to the control of crypto asset firms – any acquirers of crypto asset firms (that fit into the relevant persons scope as above) will need to notify the FCA so a proper and full assessment can be made. 

5. New powers granted to AML supervisory authorities – these included:

• Requesting a relevant person provides a copy of suspicious activity reports filed with the National Crime Agency 
• Requires the FCA or HMRC to publish notices of decisions to refuse an applicant registration for supervision and any other relevant information that led to the decision 

Plus, it extends powers granted to the FCA by MLR 2019 in respect of crypto asset firms to all “Annex 1 financial institutions”. These powers include requesting firms to provide certain categories of information to the FCA, appointing a s.166 FSMA skilled person to investigate a firm, and to impose directions in writing to a firm. 

6. Extensions to the discrepancy reporting regime – MLR 2022 removed the timing window for reporting discrepancies between beneficial ownership information in the PSC register and that provided by the company, to ensure it’s an ongoing requirement. It also extends to include discrepancies on the new Register of Overseas Entities.

7. Information sharing for supervisory and other authorities – amendments to the existing rules for disclosures between supervisory authorities or from supervisory authorities to other authorities to:

• Expand the list of “relevant authorities” to include other government agencies 
• Expand reciprocal sharing of information and intelligence between supervisors and relevant authorities 

• Enable the FCA to disclose confidential information it receives in relation to MLR duties more widely

8. Requirements related to the national register of bank account and safe-deposit box ownership were removed

9. Domestic PEPs are to be treated as inherently lower risk than overseas PEPs

5 ways to ensure compliance in 2024 

With FCA fines rapidly soaring compared to a couple of years ago, it’s clear that stricter measures are being taken to penalise businesses within the financial services sector who act non-compliantly.  

Here are five ways to ensure your business meets the mark: 

1. Invest time conducting your risk assessment

A central theme to the FCA’s AML requirements is for regulated firms to provide evidence that they have assessed each of their customers for anti-money laundering risk. Failure to keep a recorded history of risk assessments and designated customer risks, and inconsistencies with approaches to risk assessing customers have all been identified within FCA final notices as reasons for penalties. 

For these reasons, it’s crucial that firms are making customer risk designations on an individual basis, rather than applying a broad view derived from characteristics such as customer geographical location, or industry. Similarly, it’s vital for successful AML plans for customer risk ratings to be monitored and reviewed regularly, giving companies opportunities to spot suspicious activity before financial crime can be carried out.  

To comply, businesses need to take a dynamic approach to mitigating risk. Any AML risk assessment created needs to be tailored to individual clients, and the organisation should be able to not only prove they’ve carried out assessments, but also the measures or steps they have in place to manage and prevent genuine risks where possible.  

2. Prioritise CDD and EDD during customer onboarding

Putting time and effort into designing your customer onboarding process isn’t just important for attracting and retaining clients, but also for identifying and handling any risks that demand scrutiny. By prioritising customer due diligence (CDD) and enhanced due diligence (EDD) within your AML framework, from as early as the onboarding stage, you can ensure you meet the required standards of the UK MLR regulations.  

By properly assessing risk at the stage of onboarding a customer, you can ensure any measures you put into place are informed by the specific risks that have been identified in the earliest possible stage of a new client joining.  

3. Commit to ongoing risk monitoring 

It’s crucial for businesses to recognise that just because a customer doesn’t immediately pose a risk, that they can’t or won’t further down the line. To protect your livelihood and meet the FCA’s requirements for regulated firms to conduct periodic reviews of existing client accounts.  

Although opening new accounts with customers could boost your revenue, in the long-term, doing this in the absence of thorough risk monitoring of your existing customers could be detrimental to the financial or reputational stability of your organisation. Despite both being important to business growth, assessing the evolving risk already within your organisation needs to be prioritised to properly comply with MLR regulations.  

4. Provide adequate staff training for CDD

The FCA has identified a lack of informative and tailored training as a common reason for employees being charged with due diligence responsibilities and having insufficient knowledge to carry out their roles. Yet, in many FCA final notices, we’re still noticing mention of company leadership failing to provide adequate staff training related to financial crime risks and regulations. To avoid the risk of both financial and reputational loss, you need to ensure any training your staff receive is robust, effective, well-informed, and commercially relevant. 

As well as being accurate, it’s also highly important that your staff training materials are engaging—tiresome, laborious tasks with little interactivity will be less likely to be absorbed by your staff.  

5. Follow remediation plans through to completion

Having a log of your AML processes, systems, and controls isn’t just crucial for proof of assessment and action to the FCA. It’s also vital for putting well-informed remedial plans into place, following the assessment of prior AML processes, and any compliance deficiencies that were identified within these.

Ideally, organisations should be able to approach risk considerations in a tailored and targeted way, which can help better inform remedial improvements to AML systems and controls. In line with the above points, and the FCA requirements, in creating and following a programme that is robust, and fit to be continuously monitored and audited, your organisation will ensure compliance is at the top of your agenda, no matter what challenges your AML processes incur.  

Staying on top of AML regulations is crucial for maintaining compliance. And with the FCA implementing many new regulations with a view to protecting businesses and customers from the financial and reputational damage that money laundering can create, it’s crucial you’re in-the-know. 

Looking to tighten your AML defences? We’re here to help. Our regulatory compliance solutions can check your clients for suspicious financial activity, and continue to monitor this continuously. And best of all, they can be seamlessly integrated with your existing systems. 

Contact us today to find out more about how we can help you.