Search This Blog


Tuesday, 18 October 2016

Boring But Important: UK's Anti-Money Laundering Consultation

The Treasury is consulting on how to implement the fourth Money Laundering Directive into UK law by 26 June 2017, with responses due on 10 November 2016. Draft guidance from the European Banking Authority is also open for consultation. In parallel, a new EU Funds Transfer Regulation will take direct effect, updating the rules on information on payers and payees accompanying the transfer of funds in any currency.

The consultation is important, given that money laundering is also a key enabler of serious and organised crime, estimated by the Home Office to cost us £24 billion a year. Terrorists also tend to use the proceeds of crime as a means to obtain funding, but might also try to obtain finance from (unwitting) legitimate sources.

The current Money Laundering Regulations 2007 cover 150,000 UK businesses, with more likely to be covered due to a lowering of the threshold for eligible transactions in cash (or a series of transactions that appear to be linked) by persons trading goods, from EUR15,000 down to EUR 10,000 (probably about £1000 in 2017 money!); and an extension to include receiving as well as making payments in cash.

With the exception of money remittance, the government is able to exempt from the regulations some persons engaging in certain financial activities on an occasional or very limited basis where there is little risk of money laundering or terrorist financing:
  • the financial activity is limited in absolute terms (the proposal is that the total annual turnover from the activity should not exceed £100,000);
  • the financial activity is limited on a transaction basis (the proposed maximum threshold per customer and per single transaction, whether the transaction is carried out in a single operation or in several operations which appear to be linked, is £1,000);
  • the financial activity is not the main activity of such persons (the proposal is that the activity should not exceed 5% of the total turnover of the natural or legal person concerned);
  • the financial activity is ancillary and directly related to the main activity of such persons;
  • the main activity of such persons is not an activity referred to in Article 2(1)(3)(a) to (d) or 2(1)(3)(f) of the directive; and
  • the financial activity is provided only to the customers of the main activity of such persons and is not generally offered to the public.

The directive requires firms to verify the identity of a customer and any beneficial owner(s) before establishing a business relationship or carrying out a transaction, subject to certain thresholds. But the timing of the verification can be altered: (i) where there is little ML/TF risk and it is necessary so as not to interrupt the normal conduct of business, then verification can be carried out during the establishment of a business relationship - although it shall still be completed as soon as practicable after initial contact; and (ii) an account may be opened with certain institutions provided there are adequate safeguards in place to ensure transactions are not carried out by the customer or on its behalf until the necessary CDD measures are completed.

The directive also requires obliged entities to apply customer due diligence measures to existing customers at appropriate times, using a risk-based approach, as well as to new customers. In particular, such measures should be applied when the circumstances of a customer change, but it is not clear which circumstances are relevant ("e.g. name, address, vocation, marital status etc.") and how a firm would know they had changed. There is a non-exhaustive list of factors in Annex 1 of the MLD that must be taken into account when assessing the risk of money laundering and terrorist financing, raising some uncertainty as to what might constitute an exhaustive list in any given circumstances.

Certain thresholds for implementing customer due diligence apply, but the fact they are expressed in Euros highlights the significant problems posed by the volatility of the pound following the Brexit vote.

Simplified due diligence remains an option, but the list of products currently specified in Regulation 13 is to be replaced by a non-exhaustive list of factors in Annex II of the directive and further guidelines due from the EBA by June 2017 - heralding more uncertainty. In addition, pooled client accounts are no longer mentioned specifically in this context, meaning that the existing explicit option for an institution hosting another firm's client money account (or 'segregated' account or 'safeguarded' account) to apply simplified due diligence in connection with the beneficial owners of the funds in that account will no longer apply.

Enhanced due diligence measures must be implemented in certain circumstances, a non-exhaustive list of which appears in Annex III, with further details in the EBA consultation documents that the Treasury expects everyone to review separately... In fact, there are numerous instances where the various European financial authorities are to draw up regulatory technical standards, so watching that space is very important, as it could act as a brake on innovation.

There has been some increase in the scope of entities that can be relied upon to have conducted customer due diligence, and the Treasury is inviting further suggestions here, particularly to help reduce the regulatory burden. Here it would be very helpful if governments could actually work together to achieve, or at least support, formally 'reliable' ways of verifying the identity of each others' citizens, as envisaged by the eIDAS regulation (there is a single reference to electronic signatures as a means of reducing certain risks, in Annex III).

The new directive is more prescriptive on the internal controls that firms are required to implement, which must vary according to the nature and size of the business concerned. The Treasury is open to suggestions on the thresholds etc., particularly related to a compliance officer and independent audit functions.

There are separate chapters in the consultation specific to gambling, e-money, estate agents, correspondent banking; dealing with politically exposed persons (PEPs); and meeting the requirement for a central register of beneficial owners of corporate and other legal entities incorporated in each member state; as well as reporting, supervision and sanctions for breaches of the regulations.

Worth a read to know what's coming down the 'pike.

Monday, 19 September 2016

Prospectus Requirements To Be More Crowd Friendly

Under the new Prospectus Regulation adopted by the EU Parliament, the scope of exemptions from the need for onerous disclosure requirements will be expanded from late 2017. 

The regulation won't apply to offers of securities (shares and bonds etc) to fewer than 350 (previously 150) natural or legal persons per member state or no more than 4,000 natural or legal persons in the EU who aren't qualified investors etc; or where the total being raised in the EU over a 12 month period is less than EUR1 million (previously EUR500,000). 

Each member state can exempt offers from the prospectus requirement where the amount being raised over 12 months in the EU does not exceed EUR5 million (previously EUR10 million) - though there are measures to confine the offer to the relevant member state.  

Other rules are aimed at making the amount of information disclosed more proportionate. 

Boring But Important: Changes To Money Laundering Regulation

The UK government is consulting on important changes required to implement the fourth EU directive on anti-money laundering (which is still subject to change in the meantime) and changes to wire transfer regulation. Responses are due by 10 November.

This is not the only consultation paper issued recently, so it will be a week or so before I add further summary detail below!

The Next Revolution in UK #Payments: Non-bank PSPs and The RTGS

The Bank of England is consulting on the reform of its Retail Gross Settlement System ("RTGS"), which processes half a trillion pounds worth of transactions a day covering almost every payment in the UK economy — from salaries to invoices, from car purchases to retail sales, pensions and investments. 

The system is 20 years old and needs to be reinvented in way that is more flexible and cost-effective. It must interoperate with a wider range of payment systems on a 24x7 basis and better support the increasingly rapid evolution of various new payment methods in the retail, commercial and financial markets.

Responses can be made online by 7 November 2016. 

Monday, 8 August 2016

Consultation on Transposing PSD2 In the UK and Loads Of Other Stuff

Just when you thought it was safe to go on holiday, the Treasury let's slip that it will begin a 6 week consultation on transposing PSD2 in August, which is a bizarrely short time frame and awkward time of year, given the issues and scale of uncertainty involved.  

Kind of makes it tough to engage with clients, and for clients to engage the right management and staff internally.

Maybe that's the point?


At this rate, we'll have between Christmas and New Year to consider the regulatory implications of Brexit.

Monday, 11 July 2016

#FinTech Service Providers Must Proactively Support FCA Compliance

The FCA has finalised its new guidance to authorised firms on outsourcing to the 'cloud' and other third party IT services, which is mandatory for some firms but (strongly) advisory for others. Unfortunately, exactly what amounts to 'outsourcing' remains grey and short of examples, as do important issues such as the meaning of 'cloud' (largely a marketing term anyway), whether access to data centres is necessary and so on. Not only does that leave FCA staff and finance firms in doubt, but it leaves service providers exposed to the need for financial firms to suddenly switch providers where the FCA considers that guidelines should have been followed but have not been.

The FCA guidance says that outsourcing is "where a third party delivers services on behalf of a regulated firm". That suggests the service in question must effectively be part of the firm's service to its customers, like answering customer calls on the firm's behalf in a call centre, as opposed to, say, the supply of commercial IT hosting services for web sites, apps or back-office software etc., which the firm is not in the business of providing to customers. 

A table in the guidelines sets out an extensive process and related paper trail designed to show that a firm has outsourced a function appropriately.

So lack of clarity on the boundary between outsourcing and normal service provision means that some IT providers may not realise that a financial firm has incorrectly classified the use of its services; and/or the service provider may not be willing or able to help the regulated firm jump through the many hoops laid out in the FCA's guidance. 

As a result, service providers risk losing customers who are finance firms that have failed to grind through the FCA's requirements and have to re-run their outsourcing process.

For all practical purposes, this places the burden on IT service providers to clarify the nature of their offering and make sure they are ready to help their finance customers either explain why there is no outourcing or demonstrate compliance with the FCA's outsourcing guidelines.

Some might observe that this represents regulatory 'scope creep', since it effectively subjects outsourcing providers to FCA regulatory requirements even where they are not required to be authorised (and may even be based outside the UK). Whether this is ever challenged as being ultra vires - beyond the FCA's powers - remains to be seen, but it is certainly a cost of doing business with UK financial firms.

FCA Calls For Input On #P2Plending and #CrowdInvestment Rules

It's been two years since the FCA created specific rules governing peer-to-peer lending and crowd-investment in securities, and the FCA promised a review of those rules in 2016. That review has just begun with a call for input closing on 8 September. 

This comes at an important time for the industry, as the FCA's report reveals that it has only processed 9 of 97 applications for authorisation by P2P lending platforms (44 of which operate under a two year old interim permission) and only 9 firms have been authorised to join the 25 firms that were operating in the crowd-investment market during the FCA's interim review in 2015. This shows that the FCA authorisation process, and regulation itself, are significant 'choke points' in the development of innovative financial services, notwithstanding firm support for the sector from the Treasury and strong growth in supply and demand from consumers and small businesses on existing platforms. 

It remains to be seen whether the FCA will further complicate life for crowdfunding entrepreneurs and their customers or clear the regulatory path to facilitate the growth of alternatives to the declining supply of bank finance, likely to worsen post-Brexit...