Ukraine invasion causes UK government to ramp up sanctions and money laundering regulations

Actions against Russia will impact UK businesses and compliance

As a result of the Russian invasion of Ukraine, the UK government has brought forward the Economic Crime (Transparency and Enforcement) Bill which includes a new register of foreign owners of UK property. Entities who do not declare their beneficial owner will face restrictions in selling their property or face prison. Unexplained Wealth Orders (UWOs) are also being strengthened, with those who hold property in the UK in a trust will be considered an asset’s holder. Law enforcement will have more time to implement UWOs and be protected from litigation costs if the order is successfully challenged. 

At present there is a significant distinction between the treatment of UK entities which purchase property and their overseas counterparts. Since 2016, UK registered companies have been required to provide information to Companies House about their ultimate owners and controllers through a ‘Persons with Significant Control’ (PSC) register. However entities registered overseas are not required to do so.

This has proved attractive to oligarchs and money launderers as it allows them the opportunity to invest significant sums of money in the UK economy without raising alarm from law enforcement. There are billions of pounds of suspicious wealth stored in UK real estate, with 95,000 properties in England and Wales owned by overseas companies. Of those, 85,000 are registered in countries where the beneficial owners are not published. 

This new legislation has been promised since 2016, and a draft bill was published in 2018, but the government stopped short of making it law. The new legislation will require the ultimate beneficial owners of non-UK registered entities who have purchased property in England and Wales in the last 20 years, and since December 2014 in Scotland, to identify themselves or face restrictions on the onward sale of the property, or imprisonment.

Further changes are under consultation with the announcement of a new White Paper on corporate transparency and register reform. Business secretary Kwasi Kwarteng announced on 28 February, discussion on a package of new measures that will reform Companies House to be a custodian of accurate and detailed information on UK corporate structure. Anyone forming a company in the UK will need to verify their identity with Companies House, which will have the power to challenge dubious information. The Business Secretary also announced the government will be legislating for reform of limited partnerships, introducing new powers to seize crypto-assets, and other reforms to help businesses share information on suspected money laundering. 

The government is also making it easier for the Office for Financial Sanctions Implementation (OFSI) to penalise sanctions offenders. The foreign secretary, Liz Truss, promised “a rolling programme of sanctions” as officials compiled the evidence to justify their assets being frozen in the UK. The OFSI will be more easily able to impose significant fines and disclose the names of organisations that have breached sanctions, but not been fined. 

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.