Anti-Money Laundering Legislation in the UK Explained

• The most important anti-money laundering legislation in the UK includes the Proceeds of Crime Act 2002 and the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017.
• The Proceeds of Crime Act defines money laundering and makes it illegal to deal with criminal money.
• Money laundering regulations apply to businesses and professionals in finance, legal services, property, high-value deals and cryptocurrency exchanges.
• Money laundering regulations require businesses to assess and manage money laundering risks as part of a preventative approach.
• Regulated businesses must implement anti-money laundering policies, conduct customer due diligence and monitor transactions.

As mentioned, there’s a long list of anti-money laundering legislation in the UK. But business owners should be most familiar with two key pieces:

• The Proceeds of Crime Act 2002; and
• The Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017.

The Proceeds of Crime Act 2002 (POCA) establishes what money laundering is and makes it illegal to deal with criminal property (the proceeds of unlawful activity).

POCA defines money laundering as

In plain language, criminals hide where illegal funds came from by using them to buy “clean” assets.

Under POCA, regulated businesses must also report any suspicious financial activity. Any “failure to disclose” is punishable by unlimited fines, up to five years in prison, or both.

The Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLR 2017) set out duties for regulated businesses.

Of all the anti-money laundering legislation in the UK, these regulations will affect daily operations the most. Under MLR 2017, regulated businesses must adopt a “risk-based” approach to financial services. Any high-risk transactions or clients must be handled carefully, with the appropriate level of due diligence applied.

Anti-money laundering duties were extended in 2019 when MLR was amended to match the EU’s Money Laundering Directive. The 2019 amendments brought more sectors under the regulations and enhanced due diligence procedures. They also made it necessary for businesses to respond more quickly to information requests from authorities.

MLR 2017 applies to businesses and professionals who handle large financial transactions because of the potential for money laundering.

• Financial institutions, such as banks, building societies and credit unions
• Accountants, auditors and tax advisors
• Solicitors and notaries who handle conveyancing or manage client funds
• Estate agents and lettings agents
• High value dealers who accept cash payments of €10,000 or more (UK legislation uses Euros to ensure consistency with EU regulations, even post-Brexit)
• Businesses that set up, operate or manage companies and trusts
• Certain fintech companies, such as cryptocurrency exchanges (since the 2019 amendments)

Alongside professionals who work in a regulated business, certain individuals must also comply with MLR 2017:

• Sole practitioners who operate in a regulated sector, such as accountants or financial advisors
• Politically exposed persons (PEPs) who hold prominent public positions or roles, as well as their close associates

As mentioned, MLR 2017 requires businesses to adopt a “risk-based” approach to prevent money laundering.

In practice, you need to examine your customers and the services you offer, and safeguards need to be put in place to manage money laundering risks.

Compliance is dependent on clear anti-money laundering (AML) policies and procedures. These policies should outline how risks will be identified, managed and mitigated in your day-to-day operations.

Your AML policy should also include details on how customer due diligence will be performed, how suspicious activities will be reported and the internal processes for monitoring compliance.

A risk assessment will help you identify the high-risk transactions and clients that need close monitoring. It should cover three broad areas:

• Customers
• Products and services
• Delivery channels

You’re not just looking for suspicious activity. A risk assessment is proactive; it should anticipate where money laundering is likely to happen so you can take measures to prevent it.

For example, customers based in countries with weaker regulatory frameworks are automatically higher risk. This status means they should be subject to enhanced due diligence.

Customer due diligence is effectively getting to know your customer, which lends its second name, KYC.  This process starts during customer onboarding and continues throughout the business relationship.

There are three levels of due diligence:

• Simplified due diligence for the lowest-risk customers, such as reputable banks or publicly traded companies.
• Standard due diligence is slightly more intensive for customers who aren’t high-risk but lack the credentials necessary to qualify for simplified due diligence.
• Enhanced due diligence (EDD) is necessary for high-risk customers. EDD checks are the most rigorous of the three and should include detailed information gathering and in-depth identity verification. Senior management must also approve customers subject to EDD before any transaction can take place.

Under MLR 2017, businesses must maintain records of their compliance activities. These records include customer identification documents, transaction histories and risk assessments.

The minimum retention period is five years from the end of the customer relationship. Keeping these records is vital to prove regulatory compliance and to act as evidence in case of audits or investigations by authorities.

Compliance with MLR 2017 depends heavily on well-trained employees. Staff must fully understand the risks of money laundering, the red flags to watch for and the processes to report suspicious activity.

Training enables employees to act independently and identify the high-risk transactions and customers that need to be handled carefully. Trained employees will also be better positioned to implement the procedures and safeguards required under MLR 2017.

If you suspect money laundering, you’re legally required to report it through a Suspicious Activity Report (SAR) to the National Crime Agency. This duty applies even if the transaction is not completed.

Reports should include details of the suspicion and any relevant supporting evidence. But be warned, you cannot alert the customer – this is known as “tipping off” and is a criminal offence.

For those unfamiliar with money laundering regulations, our online Anti-Money Laundering Training offers an excellent introduction to MLR 2017. It explains when the regulations apply and outlines how to meet compliance requirements in day-to-day operations.

You’ll gain a clear understanding of MLR 2017, including key processes like customer due diligence, risk assessments and reporting suspicious activity. Whatever your sector, this course equips you with the knowledge needed to meet your legal obligations and protect your business from money laundering.