Money laundering risk at estate agencies

In October 2015 HM Treasury and the Home Office conducted a National Risk Assessment of Money Laundering in the UK. The assessment found “significant concerns about the levels of [money laundering] compliance in the estate agency sector“. The money laundering risk within the sector was assessed to be medium. It was not assessed higher, despite the non-compliance, due to the fact that the capacity for estate agents to be used to launder money without the involvement of other professionals is limited as they do not handle funds. Below is a summary of the money laundering risks and obligation in the real estate sector.

The market

At the start of 2014, there were estimated to be over 20,000 businesses in the UK carrying out estate agent activities. More than 85% of these were micro-businesses, employing less than 10 employees. The combined annual turnover of businesses carrying out real estate activities on a fee or contract basis was over £16 billion. There were over 1 million residential property transactions in the UK in 2013, worth nearly £254 billion. The non-residential property market saw approximately 59,000 transactions, worth nearly £86 billion.

Beginning with the Second Money Laundering Directive, adopted in 2001, the anti-money laundering obligations of the Directive were extended to a number of non-financial services. Those services include independent legal professionals, accountants, estate agents and tax advisors.

The regulations apply to those carrying out services related to the purchase or sale of property. They do not currently apply to businesses which only provide letting agency or property management services.

Money laundering risks

There are a few key money laundering risks in the real estate profession:

Complicit and negligent professionals

Property is a favoured method for criminals to integrate the proceeds of crime into the legitimate economic and financial system, often after layering the proceeds using legal entities and arrangements. For many estate agents, even if effective due diligence is in place there may be challenges in law enforcement identifying the proceeds of crime.

Estate agents are required by law to identify their customer, generally the vendor. In addition, some estate agents may also conduct due diligence on the buyer, often for commercial reasons. The absence of robust CDD processes within some elements of the sector combined with low SARs reporting leads to low levels of information for law enforcement agencies to act on. Furthermore, there are complicit professional enablers intent on concealing the illicit nature of the client’s activities.

Lack of training and low compliance levels

HMRC and law enforcement agencies report that the standard of AML/CFT compliance in the real estate needs to be strengthened, and that firms often lack understanding of what is required of them under the regulations and POCA, including applying customer due diligence and submission of SARs. There a lack of understanding in the sector as to which entities are covered by the regulations, specifically that the regulations cover not only high street estate agents, but also commercial estate agents, land and property auctioneers, and relocation agents.

Training is another area that is lacking in the sector. Whilst robust training programmes exist in the financial and legal sectors, many estate agencies reported that they did not administer proper training. The VinciWorks suite of anti-money laundering courses for estate agents enables estate agencies to train their staff easily and effectively. The courses are customisable to include internal procedures and a full audit trail tracks course completions. The courses are based on UK legislation and the HMRC guidance on money laundering for estate agents.

Supervision

By law, HMRC are responsible for supervising the anti-money laundering activities of estate agencies. Firms do not always register or otherwise identify themselves for supervision, which presents challenges for them as a supervisor, and it is expected that there is a shortfall of estate agent businesses on the register. Among those estate agents that are registered, HMRC and law enforcement agencies report that the standard of AML/CFT compliance needs to be strengthened, and that firms often lack understanding of what is required of them under the regulations and POCA.

International exposure of the UK property market

4 The UK property market attracts significant amounts of foreign investment, particularly in London. In 2013, estate agents Knight Frank reported that, in London, foreign buyers made up 56 63% of new build transactions and 42% of prime market transactions. The UK property market is made more vulnerable because property can be purchased through off-shore holding companies which obscure the ownership and residency of those using the properties. Once the property is purchased it is a long and complicated process for law enforcement agencies to investigate, restrain, and recover criminal property.

Low levels of SARs reports

There are concerns over the number and quality of suspicious activities reports submitted by the sector. In 2013/14 there were 179 SARs submitted by the sector, a drop of 17% on 2012/13. This figure is low compared to other sectors.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.