HMRC issues £3.2 million in money laundering penalties

Hundreds of businesses across the UK have been fined 

Between July 1 and December 31, 2022, 240 businesses were fined by HM Revenue and Customs (HMRC) for breaching Money Laundering Regulations (MLR) aimed at preventing criminals from exploiting illicit cash. The move, which was announced in a press release issued by HMRC, demonstrates that the government is taking financial crime seriously.

HMRC is a supervisory body for MLR. The government department supervises tens of thousands of businesses across the UK and helps these firms protect themselves from criminals who seek to launder cash or finance terrorism. 

HMRC says its work with other enforcement agencies and government departments to tackle economic crime and crack down on breaches is part of its effort to drive non-compliant firms out of business. 

“Money laundering is not a victimless crime. We are here to help businesses protect themselves from criminal attacks and will continue to tackle the minority of businesses which do not comply with the Money Laundering Regulations. Serious and organised crime costs the UK billions of pounds every year and our anti-money laundering supervision is a vital tool in combatting that,” said Nick Sharp, HMRC’s deputy director of economic crime, fraud investigation service.

London-based Xpress Money Services Ltd was hit with a £1.4 million fine for failing to carry out risk assessments, not having appropriate anti-money laundering (AML) controls, and failing to conduct proper due diligence checks. Businesses that do not follow AML regulations can be fined and even lose their licence to operate in the UK.  

Financial service businesses can be exploited by criminals to launder the proceeds of crime. A robust risk assessment and policies, controls and procedures can help prevent this.

The government continues to work to reduce money laundering in the financial services sector. This past March, it published The Economic Crime Plan 2023 to 2026, which builds on its existing work to reduce money laundering in this sector.

HMRC has a range of enforcement powers that it can use for businesses that do not comply with the Money Laundering Regulations, including civil penalties, criminal proceedings and removal from the register. Any of these sanctions can be used in combination. HMRC can:

  • issue a financial penalty
  • issue a censuring statement
  • impose a prohibition on management of a relevant business upon a person
  • suspend a registration
  • cancel a registration
  • decide a relevant person in a business is no longer fit and proper, which will lead to either a prohibition on management, or suspension or cancellation of the business’ registration
  • obtain a court injunction
  • refer a case for criminal investigation and potential prosecution

Relevant links:

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.