The FATF’s assessment of the UK’s compliance with international AML standards

The Financial Action Task Force (FATF) has reviewed the UK’s progress towards compliance with money laundering and counter-terrorist financing recommendations. The FATF has a series of measures it expects countries to have in place around AML, and the FATF undertakes detailed reviews of the country’s progress every few years in an assessment known as mutual evaluation reports (MER).

The UK last had an ‘on-site visit’ from the FATF in 2018, known as the 4th round MER, but in May 2022, the FATF issued a follow-up report assessing the UK’s progress.

Correspondent banking

The UK was previously rated as only partially compliant on Recommendation 13 (R.13), based on the lack of application of enhanced due diligence (EDD) measures for correspondent banking within the EEA. EDD measures were only applied for cross-border correspondent banking to respondent institutions outside of the EEA.

Given the FATF’s partially compliant assessment, the UK has amended the Money Laundering Regulations to change the definition of third country to any jurisdiction outside of the UK. This means mandatory EDD measures apply to correspondent banking and similar relationships with all countries outside of the UK, and so the FATF now rates the UK as compliant on R.13.

Financial intelligence units

The UK was rated partially compliant for R.29, regarding financial intelligence units (FIUs), in the 4th round MER. This was due to FATF concerns about the independence and under-resourcing of the UK’s FIU, part of the National Crime Agency (NCA).

The FATF was concerned the UK FIU had only limited ability to conduct operational and strategic analysis and it wasn’t clear if it could seek all the information it needed from reporting entities in order to perform its analysis.

In this recent follow-up assessment, the FATF noted that some progress has been made to expand the UK FIU’s ability to conduct operational analysis. A SARs Reform Programme was implemented with an expansion of the UK FIU, alongside new technology. The expansion went from 81 staff to 141 staff, however the FATF previously noted the staffing numbers should be at least 200 over fifteen years ago in the 3rd round MER.

This comes alongside a huge growth in the number of SARs filed, over 270,000 in the last three years. Plus, the UK FIU’s new IT systems are not yet fully operational. They have just begun working with the National Data Exploitation Capability (NDEC) to better analyse SAR data, but this is also not fully operational either. 

Despite the positive developments, the FATF still considers the UK only partially compliant for R.29 given the staffing and IT issues. 

Cooperation and coordination

The FATF amended R.2 to require data protection and privacy considerations in the cooperation and coordination between relevant authorities. In the 4th round MER, the UK was rated as compliant for R.2. 

The UK data protection and money laundering authorities cooperate and coordinate in the development of policy to ensure the compatibility of AML and data protection requirements. The FATF has rated the UK as still compliant with R.2.

Crypto 

The FATF updated R.15 to include obligations related to virtual assets (VA) and virtual asset service providers (VASP). The revised recommendations added requirements on identifying, assessing and understanding money laundering risks associated with virtual assets. There was also a requirement for VASPs to be licensed or registered, requirements for countries to apply adequate risk-based AML supervision, and for that supervision to be conducted by competent authorities.

In the 4th round MER, the UK was rated largely compliant on R.15, as it lacked a legally binding requirement on financial institutions to asses the risks of new products and business products and delivery mechanisms, despite having non-binding guidance. 

Since the MER, the UK has amended the Money Laundering Regulations on policies, controls and procedures so financial institutions are now explicitly required to assess the risks of new products and new business practices.

The UK also met many of the revised requirements of R.15. The UK identifies and assesses money laundering risks related to cryptoasset exchange providers, wallet providers and so forth, and requires them to register with the FCA. They also have to understand and mitigate their AML risks.

The UK has also begun supervising crypto providers for compliance, and has taken active steps to identify natural or legal persons which carry out VASP activities without approval or permission. There are sanctions for those who breach the regulations and VASPs have the same sanctions obligations as other regulated persons. 

The FATF did identify some gaps in R.15 compliance. There’s an ambiguity in the law around whether UK law covers transfers of virtual assets, however the UK is exploring legislative change in this area.

The UK also does not apply the travel rule for visual assets, and hasn’t assessed the risks of safeguarding of virtual asset activities. Therefore, the FATF cannot determine whether the UK’s supervision of crypto is risk-based. Due to these gaps and other gaps around equivalence of EU-based firms for the purposes of reliance (R.17), internal controls (R.18) and the imposition of countermeasures (R.19), the UK is still rated largely compliant for R.15.

VinciWorks’ AML compliance suite

VinciWorks strives to make its AML compliance more than simply a tick-box exercise. Our AML courses are packed with realistic scenarios, real-life case studies and every customisation option you can think of. We have everything from in-depth induction training to refresher courses and five-minute knowledge checks.

Further, law firms, accountancy firms and financial corporations are required to conduct risk assessments, client due diligence (CDD) and ongoing monitoring of their clients. The precise processes for CDD and risk assessments are often complex and vary greatly, depending on industry and jurisdiction. Organisations using static forms to onboard clients can often struggle to implement systems which adequately incorporate all the interconnected requirements of these two vital AML components.

Omnitrack’s AML onboarding solution enhances both the risk assessment and document collection aspects of client onboarding. Our template workflows adapt to the specific risks posed by each client, based on factors such as jurisdiction, type of entity and industry.