Money laundering for payment providers and art market participants

Upcoming changes to the UK’s anti-money laundering regime – Part 1

In July 2021, HM Treasury launched a new AML consultation entitled ‘Amendments to the Money Laundering Terrorist Financing and Transfer of Funds Regulations 2017’. This consultation outlined ways in which the government intended to amend the UK’s money laundering regulations (MLRs) with several time-sensitive updates. The planned updates are required to ensure that the UK continues to meet international AML standards, whilst also clarifying how the UK’s anti-money laundering and counter-terrorist financing (AML/CTF) regime works. 

The changes to the MLRs have been made through draft secondary legislation entitled ‘the Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022’. Most of the measures in this SI will come into force on 1 September 2022, subject to parliamentary approval

In this series of blog posts, we take a closer look at what these changes will mean for anti-money laundering compliance.

Account Information Service Providers (ASIPs) and Payment Initiation Service Providers (PISPs)

The government has decided to take AISPs out of the regulated sector but keep PISPs in for now. This is due to a high number of stakeholder responses which raise concerns that PISPs, unlike AISPs, are involved in payment chains and therefore may represent a higher risk of being used as a tool for economic crime in a broader sense (i.e. fraud).

Bill Payment Service Providers (BPSPs) and Telecoms, Digital and IT Payment Service Providers (TDITPSPs)

Removing these businesses from the scope of MLRs could result in a heightened risk of fraud. In the consultation, there were no significant drawbacks to keeping these businesses within the scope of the MLRs since early analysis suggested it was highly unlikely that any business in the UK truly operates as a BPSP.

The government has decided for the time being to keep BPSPs and TDITPSPs in the scope of MLRs. 

Art Market Participants

The government has decided to amend the definition of an AMP in Regulation 14(1)(d) to explicitly exclude from scope artists who sell their own works of art over the EUR 10,000 threshold. This exemption will apply whether the artist sells their works of art as an individual or through a company or partnership where they are a shareholder or partner. HMRC will keep this under review.

There was also a question about whether to expand the definition of AMPs in MLRs to digital art, Non-Fungible Tokens (NFTs), antiques and antiquities. The government said they will take these and related questions into consideration in the course of further work to consider possible future changes to the definition.

VinciWorks’ AML and SRA training and solutions

SRA compliance solution – personalised training and centralised reporting

SRA compliance solutions

Get your entire firm on board with the SRA compliance process with our complete SRA compliance solution. The SRA puts a significant burden on firms to train their staff on the Standards and Regulations in addition to managing compliance registers and processes such as annual declarations, undertakings, diversity surveys and more. Our SRA compliance suite allows firms to comply with every requirement of the SRA through personalised SRA training and centralised SRA reporting.

Anti-money laundering training and client onboarding solution

Our anti-money laundering training is interactive and customisable for any business and any user, anywhere. Our courses are packed with realistic scenarios, real-life case studies and every customisation option you can think of. We have everything from in-depth induction training to refresher courses and five-minute knowledge checks. 

Our AML client onboarding solution offers one central platform to complete client risk assessments, due diligence and ongoing monitoring. Using Omnitrack, our centralised, flexible tracking and reporting tool, our AML solution enhances both the risk assessment and document collection aspects of client onboarding.

If you are interested in any of our solutions, complete the short form below and a member of our team will get in touch.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.