Last year saw the UK tighten its AML grip with a raft of new regulations. What will happen to AML in 2024?

The UK’s AML system is undergoing a significant overhaul aimed at tackling money laundering and terrorist financing. A series of new regulations are designed to close loopholes and enhance due diligence measures across various sectors.

Cryptoasset businesses under the microscope

One of the most significant changes is the introduction of the “Travel Rule” for cryptoasset firms. This rule, which is in line with recommendations from the Financial Action Task Force (FATF), requires businesses to share customer data with each other for transactions exceeding €1,000. This will make it more difficult for criminals to use cryptocurrencies to launder their illicit gains.

In addition, cryptoasset businesses are now subject to mandatory registration with the Financial Conduct Authority (FCA) before acquiring control of an existing business. This requirement will help to ensure that only fit and proper firms are operating in the sector.

Enhanced due diligence for high-risk clients and transactions

The new regulations also place a greater emphasis on enhanced due diligence (CDD) for high-risk clients and transactions. This includes transactions involving countries with weak AML controls, as well as those involving politically exposed persons (PEPs). Businesses will be required to conduct more thorough checks on these clients and transactions, in order to identify and mitigate the risk of money laundering.

Lowered risk for domestic PEPs

Amendments to the UK Money Laundering Regulations mean domestic PEPs (politically exposed persons) and their families and their associates can be treated as lower risk as a starting point. Meaning that in absence of any other risk factors, the due diligence applied to them can be less than that applied to a non-domestic PEP. Despite this change, it will likely have little practical effect, given that firms can already apply a risk based approach to assessing clients, including PEPs.

Tackling proliferation financing

This new regulation from September 2023 includes specific measures to combat proliferation financing, which is the financing of weapons of mass destruction (WMDs) and their delivery systems. Regulated businesses will be required to assess and manage their proliferation financing risk, and to report any suspicious activity to the authorities.

Increased supervisory powers

The FCA and HMRC have been given increased powers to supervise compliance with the new regulations. This includes the power to conduct onsite inspections, to request information from businesses, and to impose sanctions for non-compliance.

Impact on businesses

The raft of regulations in 2023 will have a significant impact on regulated entities. Affected businesses will need to review their AML policies and procedures to ensure that they comply with the new requirements. There may also be a need to invest additional resources to carry out enhanced due diligence and to meet their reporting obligations.

What’s coming in AML in 2024?

Regulators are tightening its grip on financial crime, with a surge in supervision cases, hefty fines, and a revamped arsenal of investigative tools. This year, businesses can expect intensified scrutiny, a tightening regulatory noose, and a growing emphasis on proactive intelligence gathering.

Supervision Surge: The FCA alone opened a staggering 613 financial crime supervision cases in 2022/23, a 65% jump from the previous year. This highlights the FCA’s heightened focus on identifying and rooting out illicit activity.

Penalties Bite: While enforcement cases decreased slightly, the size of penalties imposed reached new heights. A £107.8 million fine for AML control lapses at a single bank serves as a stark reminder of the financial consequences of non-compliance.

Investigations Drag On: The average FCA enforcement investigation now clocks in at a worrying 41 months, raising concerns about delays and disruptions for businesses. To expedite outcomes, the FCA is increasingly utilising “Own Initiative Requirements,” but these too can have significant ramifications.

Prevention is Key: Despite the enforcement muscle, the FCA emphasises the importance of prevention. Businesses should prioritise robust compliance systems and processes to avoid costly investigations and penalties. Regular health checks and audits are crucial under the UK’s AML regime.

Key AML Developments in 2024

Proactive Intelligence: The FCA expects financial services firms to act as eyes and ears for law enforcement, proactively disclosing suspicious activity to the National Crime Agency (NCA). The ECCT Act 2023 enhances the NCA’s information gathering powers, removing the need for a pre-existing suspicious activity report for issuing information orders.

Crypto Crackdown: Recognizing the potential for crypto assets in money laundering, the ECCT Act expands confiscation and recovery provisions to encompass them. Court orders can now compel service providers to manage clients’ crypto assets, with police gaining access to wallets and authorities seizing or even destroying assets.

Companies House Empowered: Companies House receives a boost in its ability to combat financial crime, with increased information requirements and enhanced investigation and enforcement powers. Expect closer cross-checking of data with other bodies and proactive information sharing with law enforcement in cases of suspicious activity.

Technological Solutions: AI and blockchain technologies are seen as valuable tools for combating financial crime. AI’s ability to analyse vast data sets and detect anomalies holds promise, while blockchain-based identity verification can streamline KYC processes. However, the FCA warns against neglecting staff training and relying solely on automation.

The message from the regulators is clear: AML compliance is non-negotiable. Businesses must prepare for intensified scrutiny, adapt to evolving regulations, and invest in robust compliance systems to navigate this increasingly complex landscape. Proactive intelligence gathering, a focus on cryptoassets, a more empowered Companies House, and the rise of technological solutions are just some of the trends shaping the future of financial crime prevention in 2024.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.