Abstract
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (‘MLR 2017’) came into force on 26 June 2017, further increasing anti-money laundering (AML) compliance obligations imposed upon financial institutions and others in the UK. Against this backdrop, this article will identify a growing trend of AML policy-making affecting the private sector; explore the correlation of legislative and regulatory measures taken in the UK with those in Europe and globally; and ask whether the measures represent a proportionate and effective response to the perceived threat of money laundering and terrorist financing to national security.
Introduction
Money laundering (the process by which the proceeds of crime, and the true ownership of those proceeds, are changed so that the proceeds appear to come from a legitimate source 1 ) is a relatively new criminal offence. It first made an appearance following the 1988 Vienna Convention 2 (the 1988 Convention) and shortly thereafter became the focus of the Financial Action Task Force (FATF), established in 1989 to set international anti-money laundering (AML) policy. 3 The evolution of money laundering legislation and regulation over the last 30 years is depicted in the AML timeline (the Timeline) below. This provides a very clear visual representation of the dramatic escalation of legislative and regulatory measures, from the 1988 Convention through to a series of FATF Recommendations 4 (the Recommendations), themselves prompting the enactment of European directives, national regulations and laws. As illustrated by the Timeline, AML policy has proven ‘a runaway success in terms of the extent of its diffusion’, 5 seemingly driven by the perception of an ever-expanding threat of terrorist financing and money laundering to national security 6 and shaped by the development of the growing body of European and international guidelines and directives. Despite such extensive legislation, justification for money laundering as a separate offence has not been clearly established. 7 At the same time, academics have drawn attention to apparent dubious legitimacy and effectiveness of AML policy 8 and to the speed with which the original Recommendations were determined, the first version of which were ‘written in less than half a year, with no ulterior ambition and very little academic preparation’. 9 Of further concern is the infiltration of AML policy into the private sector 10 by the enactment of AML regulations, requiring private actors to pass information about clients and transactions to law enforcement agencies as ‘state informants’. 11 These concerns over government and wider policy-making have not deterred the relentless regulatory response nor prevented a significant increase in AML compliance obligations being imposed upon financial institutions and others in the private sector. 12
This article aims to re-examine the proportionality and effectiveness of AML measures in the light of the latest legislative development in the UK, embodied in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017). 13 It will first identify the growth of AML policy-making in the UK as illustrated by the Timeline. It will then examine the MLR 2017 in the context of this trend. Next, the article will demonstrate how the MLR 2017 exacerbate concerns about the nature and impact of AML legislation. Finally, the article will ask why concerns continue to be ignored by policy-makers and whether the national political consensus 14 and international framework allow a proportionate and effective approach to AML policy-making in the UK.
Regulatory Expansion and the AML Timeline
The Timeline, which covers the period from 1980 to the present date, includes the names and dates of statutes enacted in the UK that together form the substantive basis of AML law in the UK. On top of this lie the four iterations of the money laundering regulations, each enacted in response to the four (to date) European money laundering directives. As is clear from the Timeline, the enactment of regulations at UK level and, in part, legislation follows at regular intervals behind the European money laundering directives, which in turn respond to the issuance of international FATF Recommendations. The international conventions, the top layer of the Timeline, represent the highest level of policy accord on an international level.
In order to capture clearly and contemporaneously the motivation behind the legislative and regulatory picture, the Timeline itself sits above a broad summary of, first, ‘ills’ which the AML regime purports in some way to address and, secondly, of ‘responses’ by which these aims are intended to be achieved. These show the beginnings of the AML regime as a response to the war on drugs of the 1980s, which prompted the confiscation of the proceeds of crime under the Drug Trafficking Offences Act 1986 as a means of preventing offenders from profiting from their crimes. Next, the Timeline shows the large-scale growth of the international and national AML regime during the 1990s as financial services took on a global aspect and legislation began to target the proceeds of crime from a much wider spectrum of offences. As the ‘ills’ expand, so does the response, this time seeking to control the activities of private sector ‘gatekeepers’ to financial services under the Money Laundering Regulations 1993 (MLR 1993) by measures such as know your client enquiries and suspicious activities reporting.
During the following decade, the war on drugs retains its place in the list of ‘ills’ underpinning the Timeline, but it is joined by a series of other threats, including the war on terror. The foundations of the current AML regime in the UK, including the Proceeds of Crime Act 2002 and the Terrorism Act 2000, were laid during this period, including a very wide definition of criminal conduct, and the second and third money laundering regulations were enacted in fairly quick succession, increasing obligations on the private sector. By the time the present day is reached, several further acts are included on the Timeline targeting specific ‘ills’ such as tax evasion, white collar crime and serious organised crime, and the response required by the regime is expanding simultaneously, demanding more and more transparency and accountability.
MLR 2017
The most significant recent development to AML legislation can be found in the MLR 2017, which implement the Fourth Money Laundering Directive (4MLD) 15 in the UK.
Increased Detail
While neither a measure of effectiveness nor proportionality, the increased length of the MLR 2017 is at least indicative of the increased scale and reach of the latest AML legislative developments. The Money Laundering Regulations 2007 (MLR 2007), themselves made up of 51 regulations, six schedules and 100 pages, have been replaced by the MLR 2017 at 110 regulations, seven schedules and 118 pages. Four of the sections are devoted to the Transfer of Funds (Information on the Payer) Regulations, which regulations were previously contained in separate legislation. The MLR 2017 note that ‘the Treasury are designated for the purposes of section 2(2) of the European Communities Act 1972 in relation to the prevention of money laundering and terrorist financing’ 16 compared to simply ‘in relation to measures relation to preventing this use of the financial system for the purpose of money laundering’ 17 as set out in the MLR 2007. Not only is the size of AML measures expanding, but so is the ambition behind them and the consequent burden being placed on those required to comply.
Increased Burden
While the basic requirements of the MLR 2017 largely build upon the foundations set by the MLR 2007, the detailed provisions contain several extensions to the obligations. In order to comply with the new MLR 2017, those within the regulated sector (which itself has remained largely unchanged) 18 must continue to carry out customer due diligence (CDD) measures, 19 make suspicious activity disclosures, 20 train staff, 21 keep records 22 and carry out risk assessments, 23 but the way in which they do and record this must change. As before, 24 contravention of a ‘relevant requirement’ under the MLR 2017 carries a hefty penalty of up to two years’ imprisonment, to a fine, or both, on indictment. 25
Risk Assessments
The MLR 2017 require several layers of risk assessments, stretching from individual firms and practitioners and reaching up to EU level and beyond. In the UK, the top layer involves a risk assessment to ‘identify, assess, understand and mitigate the risks of money laundering and terrorist financing affecting the United Kingdom’ 26 to be carried out by the Treasury and the Home Office. 27 This risk assessment is required to take account of the reports of the ‘Commission’ under Article 6.1 of 4MLD, 28 reaching yet further to ensure measures taken within the UK take account of risks identified at the EU level of ‘money laundering and terrorist financing affecting the internal market and relating to cross-border activities’. 29 Underneath the Treasury and Home Office risk assessment, each supervisory authority must undertake a risk assessment, considering ‘international and domestic risks of money laundering and terrorist financing to those relevant persons for which it is the supervisory authority…are subject’. 30 Finally, each relevant person 31 must ‘take appropriate steps to identify and assess the risks of money laundering and terrorist financing to which its business is subject’. 32
At each level, account must be taken of risk reports at the superior level. 33 The risk assessment obligations themselves are onerous, requiring identification of areas where enhanced CDD should be taken, and (where appropriate) what this would entail; identifying areas of lower and greater risk and considering whether the rules made by a supervisory authority in relation to its sector would be appropriate in the light of identified risks. 34 Relevant persons must consider factors relating to customers, geographic areas, products or services, transactions and delivery channels appropriate to its operations when undertaking risk assessments. 35
Customer Due Diligence
The CDD procedure under the MLR 2017 has many similarities with the procedure under the MLR 2007: as before, the requirements to identify the customer and to verify the customer’s identity remain. 36 The relevant person must also ‘assess, and where appropriate obtain information on, the purpose and intended nature of the business relationship or occasional transaction’. 37 Relevant persons have been familiar with CDD requirements in some form since the MLR 1993 and therefore can be expected to already have systems in place to meet these obligations. The MLR 2017 continue to distinguish among the three options of CDD, enhanced due diligence (EDD) and simplified due diligence (SDD). 38 More onerous is the need for the relevant person to determine the need for EDD or SDD based on specified factors, including the risk assessment of the relevant person or on the basis of information available from the risk assessment of the supervisory authority. 39 At the same time, some blanket provisions allowing for SDD 40 have been removed, and EDD has been extended to cover domestic PEPs. 41
Beneficial Ownership and Transparency
One of the most significant features of the MLR 2017 is the expansion of provisions relating to transparency and disclosure. Relevant persons must undertake due diligence to identify the beneficial owner 42 of bodies corporate or partnerships 43 and trusts and similar arrangements and others. 44 Due diligence involves identifying the beneficial owner and then taking ‘reasonable measures to verify the identity so that the relevant person is satisfied that it knows who the beneficial owner is’ 45 and taking ‘reasonable measures’ to understand the ownership and control structure of a legal person, trust, company, foundation or similar legal arrangement. 46 These requirements correspond with recent legislation, prompted by 4MLD, requiring companies and limited liability partnerships to keep an up-to-date register of people with significant control and file information publicly with Companies House within 14 days of changes. 47
In addition to requiring relevant persons to identify and verify beneficial owners, 48 the MLR 2017 impose obligations on corporate bodies 49 to comply with requests from relevant persons to provide information 50 identifying matters such as name, board of directors, legal and beneficial owners 51 and ‘the senior person responsible for its operations’. 52 Given that the board of directors and legal and beneficial owners must already be identified, 53 it is difficult to comprehend who else would fall within this category, and this seems to be something of a fishing expedition. Corporate bodies must also notify the relevant person of any change to information or identity of individuals within 14 days of becoming aware of such change 54 and provide all or part of the identifying information supplied to a law enforcement authority on request 55 within a reasonable period. 56 Similar obligations are imposed upon trustees. 57
To supplement the beneficial ownership obligations on trustees, 58 HMRC 59 is required to maintain a register of ‘beneficial owners of taxable relevant trusts’ 60 and ‘potential beneficiaries of taxable relevant trusts’, 61 with trustees obliged to provide HMRC with specified information in relation to the trust, certain individuals, legal entities and beneficial owners, 62 initially by 31 January 2018 63 and then by 31 January following specified tax years. 64 The information to be provided and maintained on the HMRC register contains not only basic details of the trust such as its name and the date on which it was set up 65 but also the full name of any advisers being paid to provide legal, financial or tax advice to the trustees in relation to the trust. 66 The information on the register must be available for inspection by any law enforcement authority, 67 and HMRC must ensure that the NCA 68 are able to use the information to respond promptly to requests for information made by certain authorities and financial intelligence units within the European Economic Area but outside of the UK. 69
Ownership and Management
The MLR 2017 extend their reach firmly into the upper echelons of the private sector actors by requiring that any beneficial owner, officer or manager and sole practitioners of a relevant firm 70 should be approved by a supervisory authority on application. 71 It is questionable whether this level of control is required given that a supervisory authority must grant approval unless the applicant has been convicted of certain specified offences involving perjury, dishonesty or tax, 72 and it is likely that relevant firms will already take care to ensure the fitness for the office of those persons. 73 In addition to seeking to control who may undertake certain professions, the MLR 2017 impose obligations on senior managers to approve the policies, controls and procedures of a relevant person 74 and require that they (or a member of the board) should be responsible for compliance by a regulated person with the provisions of the MLR 2017. 75 Senior managers are also given responsibility for approving a business relationship with a PEP. 76
Information Gathering and Disclosure
Provisions are inserted throughout the MLR 2017 to support the gathering and sharing of information by ensuring the availability of written information and prompt disclosure up and down the compliance chain. For example, a relevant person’s policies, controls and procedures regarding the mitigation and effective management of risks of money laundering and terrorist financing must be maintained in writing, in addition to any changes to them, and steps taken to communicate them or any changes within the relevant person’s business. 77 Even a relevant person’s risk assessment, the information upon which it is based, and an up-to-date written record of steps taken to carry out the risk assessment must be provided to its supervisory authority on request. 78
The MLR 2017 seek to ensure that information regarding business relationships will be available on request by a full and rapid response to enquiries to financial investigators or law enforcement authorities (among others). 79 A written record of training must be kept, 80 and where disclosure of information to a law enforcement agency is required, specific provisions are made to ensure that the provision of information does not give rise to liability for the body corporate, 81 relevant person or supervisory authority. 82
In support of these measures, the Criminal Finances Act 2017 amends the Proceeds of Crime Act 2002 to extend the moratorium period for response to consent suspicious activity reports from 31 days to up to 186 days. 83 While the intention behind this policy is to provide law enforcement agencies sufficient time to respond to intelligence provided by the private sector, 84 the potential impact on the private sector is assessed to be limited to the delays caused to legitimate transactions. 85
Regulatory Growth and Development
While concepts within the MLR 2017 are not new to those already well-versed in AML compliance, the steady and significant expansion of obligations is of concern.
86
Speculation about the pace of expansion of the money laundering regime is not new: following the publication of the 2003 FATF Forty Recommendations,
87
which themselves prompted the MLR 2007 (see the Timeline), Reuter and Truman express doubts and concerns about the desirability, ‘that the global AML regime will continue to expand at its recent pace’.
88
They go further to question the cost and effectiveness of the expansion of the AML regime: ‘…it is reasonable to ask just how much can be expected of governments and the private sector. Constructing a zero-tolerance regime that was consistent with the smooth flow of finance would be costly and politically unacceptable. At the margin, the broadly defined costs of extending the regime are not likely to be worth the modest reduction in money laundering and small contributions to ultimate goals to which such an extension would contribute.’
89
Following the MLR 2007, Harvey suggested that ‘the amount of regulation cannot continue to grow exponentially’, 92 however, as there is no sign of either a halt or a deceleration of the pace of growth, there appears, a decade later, to be continued reliance on the ‘sheer hope that such blanket approach will in some way prove effective’. 93
Proportionality
Van Duyne et al. argue for a role for proportionality in regulatory policies relating to AML.
94
At the same time, there is no shortage of supportive rhetoric from policy-makers and standard-setters at the UK, European and international level: 4MLD itself contains several references to proportionality, including an acknowledgement that: the objectives of protecting society from crime and protecting the stability and integrity of the [European] Union’s financial system should be balanced against the need to create a regulatory environment that allows companies to grow their businesses without incurring disproportionate compliance costs.
95
Layers
The layers of compliance serve to diminish the effect of the rhetoric of proportionality by the time the end user is reached. As is clear from the Timeline, there is a gap of several years between the publication of FATF Recommendations to national implementation of the latest standards via money laundering regulations within the regulated sector, and in the meantime, the policies must travel down the chain via the EU, national government and the relevant supervisory bodies. Perhaps as a result of this time and distance between policy determination and regulated sector end users, at the initial inception of the policy, there is no real incentive for FATF to focus on proportionate implementation of standards and policies, as its high-level objectives focus upon threats to ‘the international financial system’. 97 At the next level on the Timeline, the EU aspires to proportionality through its directives, 98 but it is also driven to address the risks identified in its EU-level supranational risk assessment. 99 Down one further layer, at national level, the ability of the UK government to be proportionate in its response is determined in large part by the evaluation of its compliance by FATF, 100 which, subjective and variable, 101 is impossible to predict. At supervisory level, 102 proportionality is tempered by an obligation to ensure compliance, 103 and among the regulated sector is virtually impossible to achieve as a consequence of being at the lowest level, bearing the ultimate burden of discretion further discussed below.
So the ‘operationalisation’ of the concept of proportionality may require examination of policy, element by element,
104
but this exercise is complicated by the journey each element must make from initial high-level determination to practical implementation. In the case of restrictions on ownership and management of a relevant firm
105
outlined above, for example, the high-level language is seemingly straightforward and uncontroversial, requiring a supervisor to: …take the necessary measures to prevent criminals or their associates from being professionally accredited, or holding or being the beneficial owner of a significant or controlling interest or holding a management function, e.g. through evaluating persons on the basis of a ‘fit and proper’ test…
106
…Member States shall ensure that competent authorities take the necessary measures to prevent criminals convicted in relevant areas or their associates from holding a management function in or being the beneficial owners of those obliged entities.
108
No person may be the beneficial owner, officer of manager of a firm…unless that person has been approved…by the supervisory authority…
109
Discretion
Given that, under the MLR 2017, it is among the private sector actors that discretion under the MLR 2017 must predominantly be exercised, 113 it becomes paramount that it is predominantly the private sector players who must comply with regulation or face reprimand, censure or imprisonment.
Discretion is found, for example, in the steps to be undertaken to determine beneficial ownership using ‘reasonable measures’. The requirement to take ‘reasonable measures’ gives rise to some ambiguity about exactly what steps a relevant person would be required to undertake to comply with this provision, in particular given that reliance on public registers is deemed inadequate. 114 While some discretion for the relevant person helps to avoid rigid obligations, it brings with it an onerous burden on the relevant person in determining whether or not they would be deemed compliant with the provision. This could lead to a relevant person refusing to act where a beneficial owner cannot be identified, though in fact the act allows the relevant person to treat the senior person in the body corporate responsible for managing it as its beneficial owner. 115 Similarly, a relevant person might feel obliged to take protective measures by undertaking the onerous task of documenting thoroughly steps taken to identify a beneficial owner and reasons why this has not been possible. As previously mentioned, discretionary provisions also impose an element of policing upon the regulated sector, for example, in determining whether information disclosed by clients is correct or otherwise which may or may not be effective. In such cases, there is no reason to suppose that corporate bodies would necessarily provide more accurate information to a regulated person upon request than to a public register.
The MLR 2017 also include a requirement for a relevant person to take account of its risk assessment (discussed above) and its assessment of the risk of the particular case 116 on the basis of a range of factors. These include, among others, the ‘purpose of the account, transaction or business relationship’, 117 the level of assets to be deposited or size of the transaction 118 and the regularity and duration of the business relationship. 119 This assessment, while seemingly logical, is another imposition on the relevant persons, who are, in addition to undertaking the CDD checks 120 and keeping records, 121 required to exercise judgment as to the level of enquiry required, with the threat of non-compliance in the background.
It is easy to see that proportionality via ‘discretion’ would appeal to policy-makers at each level and yet feel less than satisfactory to end users who find themselves with no one below to whom the decision may be transferred. As was true for the MLR 2007, the MLR 2017 may be breached by failure to comply with its terms without any regard to whether money laundering has or has not taken place. The inevitable consequence of this is that relevant persons must strive to achieve compliance at all costs and are unlikely to welcome any discretion contained within the legislation. Where there is discretion, the relevant person will look to its sector guidance, and where that guidance is unavailable (for example, as a result of delays 122 ), unclear or ambiguous, a relevant person could be forgiven for erring on the side of caution, perhaps reflected in the steep increase in ‘DAML SARS’ 123 recorded by the NCA. 124 As global AML spending on compliance grows at a rate of almost 9% per annum 125 and regulatory censure for failure to comply with AML regulations receives press coverage, 126 it seems unlikely that the private sector feels confident in proportionality when it comes to the exercise of discretion.
It is difficult to reconcile proportionality with a political climate determined to combat threats of terrorism, transnational crime and money laundering to national and international security, and that is relentless in its rhetoric and ability to set targets, assess risks and draft regulatory standards for compliance. Above the lowest level of the chain, there is little incentive to achieve a proportionate response to a vague, indeterminable threat, yet plenty of incentive to identify risks and demonstrate compliance. At the lowest level, the regulated sector is much further detached from the array of ills which inspire policy-making, and the motivation behind the regulated sector response is much more likely to be driven by cost and compliance.
Effectiveness
Underpinning the vague concept of ‘proportionality’ is the equally evasive measure of effectiveness. 127 The FATF Recommendations are scattered with references to effectiveness, with little attempt to define its meaning, including (among others) effective use of resources and efforts; 128 effective management of risk; 129 effective mechanisms for cooperation; 130 effective and proportionate measures; 131 and effective, proportionate and dissuasive sanctions. 132 Given that the legislative and regulatory response illustrated in the Timeline corresponds to the underlying ‘ills’, a correlation between these in measuring effectiveness could be expected. However, the measurement of the effectiveness of AML policies is ‘inherently difficult’, 133 not least because of the difficulty in evaluating the underlying threats in the first instance or the scale of laundering itself. 134 Fundamental barriers to a holistic evaluation of the effectiveness of the AML response notwithstanding, challenges to the operational effectiveness of the provisions contained in MLR 2017 within the private sector remain evident 135 and are explored below.
Timing and Uncertainty
As described above, one of the foundations of the MLR 2017 is the undertaking of layer upon layer of risk assessments, which each depends on risk assessments at the superior levels. These risk assessments are fundamental to the operation of the regulations, for example, in enabling regulated persons to determine whether CDD, SDD or EDD should be undertaken in respect of an individual client. While the European-level supranational risk assessment was first released on its due date, 26 June 2017, 136 this was also the date for the implementation of the EU directive in member states. The UK’s Treasury and Home Office national risk assessment was issued in October 2017, ahead of its due date of 26 June 2018 137 (the first anniversary of the coming into force of the MLR 2017). In consequence, those further down the risk assessment chain have been unable to undertake the responsive risk assessments required, and upon which compliance with MLR 2017 depends, until significantly after the implementation date of the MLR 2017.
With delays to the publication of risk assessments come delays to sector-specific guidance, which help the regulated sector to understand and interpret their obligations under MLR 2017. This is of particular importance where provisions of MLR 2017 deviate from provisions of preceding legislation. For example, when undertaking CDD, persons within the regulated sector must now identify customers and verify their identity ‘on the basis of documents or information in either case obtained from a reliable source which is independent of the person whose identity is being verified’ 138 rather than ‘on the basis of documents, data or information obtained from a reliable and independent source’. 139 While the change of wording is slight, a change to the manner in which CDD must be undertaken would be fundamental to compliance within the regulated sector and timely guidance is imperative to enable regulated persons to comply in the manner intended.
Ongoing Monitoring
Achieving the level of analysis and monitoring required by MLR 2017 within the regulated sector presents further operational challenges for the regulated sector. For example, the supervisory authorities themselves must ‘develop and record in writing risk profiles for each relevant person in its own sector’. 140 These risk profiles can be generic based on relevant persons sharing similar characteristics and facing similar risks of money laundering and terrorist financing. 141 However, the supervisory authorities must have a good understanding of all businesses within its sector in order to make this determination, and ongoing monitoring is required to ensure the risk assessment is still appropriate, with an individual risk profile being required should circumstances change. 142 With a total of 25 supervisory authorities 143 (in addition to the new Office for Professional Body Anti-Money Laundering Supervision since 1 February 2018), ‘over 23,000 businesses in the UK carrying out accounting, bookkeeping and auditing activities, and tax consultancy’ 144 ; and ‘over 14,000 businesses in the UK carrying out legal services’ 145 in addition to money service businesses, trust or company services providers, banks, estate agents, high-value dealers, retail betting and casinos, it is reasonable to doubt whether supervisory authorities have the capacity to effectively undertake such detailed monitoring of the regulated sector. At a more fundamental level, the very basis of risk assessment may also be called into doubt, which calls into question the foundation upon which the MLR 2017 is constructed. 146
Resources
An additional barrier to operational effectiveness arises from the difficulty in resourcing compliance with the provisions of MLR 2017, which requires information to be gathered and documented. For example, an obligation to undertake risk assessments by a relevant person 147 is supplemented by an obligation to keep an up-to-date record in writing of the steps taken, 148 and the risk assessment, and the information on which it was based, must be provided to its supervisory authority on request. 149 For large firms with deep pockets and well-established compliance functions, this may be achievable and even already in place. For smaller members of the regulated sector, and in particular sole practitioners, this is likely to require a significant amount of time and attention to be withdrawn from day-to-day business. The requirement to document processes and procedures, in addition to being onerous, may also contribute to the tickbox culture to prove compliance and avoid culpability without proving the effectiveness of measures taken. 150
Arbitrary Designations
There are several examples of apparently arbitrary designations of measures and standards under MLR 2017. For example, EDD must be carried out in respect of any business relationship or transaction with a person established in a high-risk third country, 151 which means a country identified by the European Commission as a high-risk third country. 152 Further, the assessment of geographical risk factors identifies, among other things, ‘countries identified by credible sources’, 153 as ‘not having effective systems to counter money laundering or terrorist financing’ 154 ; ‘having significant levels of corruption or other criminal activity…’ 155 ; and ‘not implementing requirements to counter money laundering and terrorist financing that are consistent with the recommendations published by the Financial Action Task force in February 2012 and updated in October 2016’. 156 The incorporation of such arbitrary standards and measures into MLR 2017 raises questions of effectiveness because designations may change due to political bias, FATF mutual evaluation or other unpredictable events. Responding to this will require effective communication and regular updates up and down the compliance chain.
The Future of the Timeline
While the MLR 2017 undoubtedly represent a continuation of the trend over the last 30 years of extending and developing AML regulation in the UK, whether it is possible, or even considered desirable by policy-makers, to halt or reverse the trend apparent from the Timeline seems doubtful. The recent UK government’s policy paper on the UK’s exit from, and new partnership with, the EU refers to serious organised crime as a transnational threat, requiring a cross-border response and cooperation with European partners, 157 and commits to fostering a high-quality, stable and predictable regulatory environment. 158 In its annual plan for 2017–18, the National Crime Agency identifies high-end money laundering as one of its six national priorities for response as agreed by the National Strategic Tasking and Coordination Group. 159 The Home Office and HM Treasury’s Action Plan for AML and counterterrorist finance clearly states its aim to ‘protect the security and prosperity of our citizens, and the integrity of our world-leading financial system’, identifying priorities that depend upon a ‘new way of working with the private sector’ that relies upon ‘joint action’ and ‘radically more’ information sharing. 160 It seems in this respect that ‘fear-driven policy-making’, based on rhetoric without restraint or clarity, 161 is likely to continue unabated.
Alongside the perceived threats posed by money laundering and terrorist financing, the role of FATF in contributing to regulatory expansion must also be considered. The ad hoc FATF structure and its Recommendations are backed up by its mutual country evaluations, which result in peer pressure being exerted to enforce compliance with standards. 162 The UK will face its team of assessors, examining both ‘technical compliance’ (whether the necessary laws, regulations or other required measures are in force and effect and whether the supporting AML/Combating the Financing of Terrorism (CFT) institutional framework is in place) and ‘effectiveness’ (whether the AML/CFT systems are working and the extent to which the country is achieving the defined set of outcomes) 163 during 2018. 164 Gallant evidences the ‘considerable influence’ conferred on FATF with reference to the direct impact the mutual evaluation of Canada in 2008 has had on its ‘money laundering apparatus’. 165 There are already indications that the mutual evaluation of the UK will result in a response by the UK government to avoid falling foul of the FATF standards: the National Risk Assessment 2015 itself was prepared to meet the obligations of the UK under the FATF Recommendations, 166 aiming to ‘identify, understand and assess the money laundering and terrorist financing risks faced by the UK’. 167 The latest National Risk Assessment refers directly to the foundation of measures taken in the UK in anticipation of the mutual evaluation, 168 which suggests an appetite for future additions to the Timeline.
Conclusion
This article has made use of a Timeline to visualise the growth of AML measures being taken in the UK, across the EU and internationally, and to understand the driving forces behind those measures. It has sought to illustrate how the regulatory process is affected by the distance between policy-makers and end users and the time taken for decisions and policies to travel down the chain. It has also attempted to highlight how the many variables, uncertainties, layers and discretionary elements of this process affect the effectiveness of AML legislation and regulation and place a disproportionate burden on the private sector. The Timeline illustrates the legislative and regulatory result of attempting to respond to the ever-expanding series of ills and threats, with the costs and burden of compliance falling squarely on the shoulders of the private sector. 169 While the compliance industry and related costs are booming in consequence, 170 great effort is required to ensure proportionality and effectiveness to avoid bolstering a compliance industry without substance. This is not to suggest that threats should be ignored, but to ensure that threats are rational and understood 171 in order to achieve a response that is realistic, effective and proportionate. At present, it seems that proportionality and effectiveness are real concerns predominantly for private sector end users and that they can all too easily be swept aside by high-level momentum and exaggerated fears that together trigger the next regulatory response. 172 The layer upon layer of risk assessments required by MLR 2017 will inevitably reveal risks, 173 and the temptation will remain to tighten regulations and rules to combat these risks, 174 particularly in the light of the pressure to demonstrate compliance with international standards. The real challenge for policy-makers is ensuring the response to the perceived threat is proportionate and effective at an operational level. However, if there is no political will, at the UK, EU or international level, to slow the pace of change, the relentless regulatory response demonstrated by the Timeline is likely to continue, with little regard to effectiveness or proportionality, and it may fall to the regulated sector, where the costs and burden of compliance are felt most heavily, to resist.
Footnotes
Declaration of Conflicting Interests
The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.
Funding
The author(s) received no financial support for the research, authorship, and/or publication of this article.