Important updates on sanctions and money laundering

What the UK Economic Crime Act and UAE grey listing means for business

There’s been a number of important changes to money laundering in recent weeks which will affect all businesses, but in particular regulated entities. Those are businesses such as law firms and estate agents which are required to adhere to money laundering rules and conduct actions such as due diligence on their customers.

UK Economic Crime Act becomes law

In the wake of the Russian invasion of Ukraine, the UK government rushed through the Economic Crime (Transparency and Enforcement) Act which became law on 15 March 2022. These measures include a new register of foreign owners of UK property. Entities who do not declare their beneficial owner will face restrictions in selling their property or face prison. Unexplained Wealth Orders (UWOs) are also being strengthened, with those who hold property in the UK in a trust will be considered an asset’s holder. Law enforcement will have more time to implement UWOs and be protected from litigation costs if the order is successfully challenged. 

Other key changes include:

  • Requirements on foreign legal entities seeking to sell their property during the six-month transition period to identify their true owners to Companies House 
  • Overseas entities must declare if any of their beneficial owners are under UK sanctions
  • New powers to enhance data sharing between HMRC and Companies House
  • Amending the ‘false filing’ offence into a two-tier offence. The first being an offence of providing false or misleading information ‘without reasonable excuse’ which can result in an unlimited fine. The second is an ‘aggravated’ offence of knowingly doing so which can result in a prison sentence
  • New measures will also increase fines for certain offences within the Act and reduce the transition period during which overseas entities must register with Companies House from 18 to 6 months

Increased penalties for sanctions violations

One vital change to know about is for sanctions compliance. Failure to comply with UK financial sanctions, such as those on Russia, can constitute a criminal offence and result in a fine or imprisonment. Under current sanctions law, the UK’s sanctions watchdog, the OFSI, cannot impose a monetary penalty unless the OFSI is satisfied the person who breached sanctions ‘knew’ or had ‘reasonable cause to suspect’ their conduct breached a sanction.

The Economic Crime Act replaced this knowledge requirement with a strict liability offence, meaning the person’s intent is irrelevant. If a sanction was breached, the OFSI can impose a monetary penalty. The knowledge aspect will remain a defence for a criminal case, meaning an individual or company can plead ignorance in court, but it will not be a defence against the OFSI’s ability to impose a civil fine.

Further, the OFSI can now ‘name and shame’ companies suspected of sanctions breaches, even if a fine has not been imposed.

Additionally, given the increase in scope of Unexplained Wealth Orders (UWO), any business holding assets of someone subject to a UWO could face increased scrutiny from authorities of their own due diligence and financial crime controls.

Finally, the Act allows ministers to ‘fast-track’ the imposition of sanctions. Meaning individuals or companies could face sanctions at short notice, requiring businesses to to rapidly adapt to new rounds of sanctions imposed by the UK, which will closely follow or may even supersede those imposed by the US and EU. In short, the Economic Crime Act makes sanctions compliance a top priority. 

UAE grey listed

Earlier in March, the FAFT grey listed the United Arab Emirates for money laundering deficiencies. The UK government updated its list of high risk countries on 17 March 2022 to include the UAE following the ruling from the FATF. 

This means regulated entities must apply enhanced due diligence measures and enhanced ongoing monitoring to any business relationship with a person established in a high-risk third country. This now includes the UAE.

This is particularly relevant for estate agents and solicitors dealing with property transactions with clients in Dubai. The city, along with Abu Dhabi, has become an attractive investment for Brits working abroad. The impact of the grey listing means additional checks will be required on a source of funds resulting from the sale of a property in Dubai for instance, or a customer seeking a mortgage to purchase a property there.

As well as solicitors, estate agents are regulated entities for money laundering and must take these rule changes seriously or risk significant fines or even imprisonment for breaching money laundering regulations.

Regulated entities should at minimum undertake a detailed AML risk assessment of the UAE and subject relevant clients and transactions to enhanced due diligence.

The global laundromat between Russia and the UAE

With tightening sanctions on Russia, oligarchs and members of the sanctioned regime are seeking ways to get their money and assets out of Russia and into ‘safer’ investments such as property in Dubai. Grey listing the UAE, while not directly related to Russian sanctions, does make it more difficult for sanctioned Russians to hide cash there.

The use of sanctioned money is by definition a money laundering offence. For example, an estate agency that helps a sanctioned individual purchase a property commits a money laundering offence, as well as a sanctions breach, by enabling a transaction of seized or frozen assets, or enriching an individual who is under international sanctions.

Firms operating with customers from the UAE should pay close attention to ultimate beneficial owners and the source of funds. A sanctioned individual may attempt to conceal their identity through shell companies or by having friends or family members conduct the transactions on their behalf. This is also a breach of sanctions as family members or known associates are normally covered by sanctions regimes. With the UAE now being a high-risk jurisdiction alongside the additional risk of sanctions, significant extra care should be taken when dealing with these matters.

What to do now

  • Renew practice wide and country risk assessments, particularly for Russia and UAE
  • Review client lists for those who require ongoing monitoring
  • Review CDD and EDD procedures, particularly for the UAE
  • Strengthen sanctions screening processes and ensure sanctions checks are regularly undertaken
  • Update sanctions training for all staff
  • Review sanctions policy template with our free updated version
How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.