The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017) provided a chance for the UK to implement not only the 4th Money Laundering Directive but also to bring the best practices up to speed. Huge changes in the way people do business have occurred in the previous decade.

Part of the changes were to make firms produce better and more comprehensive risk assessments (Section 18(1)) and there was a requirement for the supervisory authority under regulations 17(9) and 47 i.e., the Treasury, to provide an annual national risk assessment under Section 47 (Part 6 Chapter 1) of the MLR 2017.

Although firms implemented the MLR 2017 by changing their AML & CTF policies, despite the regulations themselves only being laid before parliament one working day prior to commencement (breaking the ’21 day rule’ for statutory instruments), many have failed in their regulatory duty since that date.

Policies may have been reviewed and re-approved by the board of directors, but what was that review and was it conducted within the Section 18 regulatory requirements?

There are two elements here that need addressing by firms. Firstly there is the risk assessment conducted with the annual National Risk Assessment (2018 Version Here) which is required under Section 18(2). Secondly, in Section 18(4) it states “A relevant person must keep an up-to-date record in writing of all the steps it has taken under paragraph”. Further to that the regulations also require that a written record of the firm wide risk assessment is maintained and that ‘Relevant Persons’ should be prepared to provide this to their supervisory authority if requested.

Therefore the exercise on an annual basis of risk assessing the areas of business that firms are exposed to has to be an active exercise, with full audit trail, accurate records of what has changed, how it is mitigated or managed and the rationale are required.

Summary: Risk Management has been encouraged and now, with the MLRs 2017 have been made compulsory for all UK relevant firms. The legislation is clear and the requirements are laid down for all to see. Compliance managers and directors are not always aware of these changes and if not independently appraised, they can proceed in ignorance, which can be costly in management time and money if challenged on these points.

The FCA have not been actively pursuing this area up to now, as they have been focusing on a number of other areas, but, if you are asked for your risk assessment records from the December 2017 and December 2018 changes in conjunction with the National Money Laundering Risk Assessment publications, a MLR 2017 Section 18(6) requirement, will you be found wanting?

Author: Lee Werrell Chartered FCSI – Compliance Consultant

Read: Are You Ready for the 6MLD?

We offer a complete solution with a range of cost effective, regulatory compliance and marketing products and solutions that are uniquely suited to supporting firms.

click to get started