How BREXIT impacts KYC and AML compliance in the UK: new regulation challenges of 2021
Although the United Kingdom officially left the EU on the first of January 2021, the UK companies must still comply with European Anti-money Laundering and Know Your Customer regulations along with national laws. Sergei Sergejev is Head of Product at BASIS ID. In this article, he shares his views on changes in the UK’s regulatory framework and how BREXIT affects KYC and AML compliance both in Europe and the United Kingdom.
The post-Brexit AML: a fresh jurisdiction outlook
The United Kingdom is known as a country with some of the strictest and most advanced AML laws. Its robust framework is extremely focused on preventing money laundering and terrorist financing along with meeting the highest FATF’s standards and obligations. Even during the EU membership the UK wasn’t just implementing basic criteria of the European AML directives like many other states but was enhancing and in some cases supplementing those at the national level.
Now to supervise the conduction of the AML program, Land of the Rose has to rely exclusively on the parliamentary Proceeds of Crime Act (“POCA”) and its interpretations by regulators.
The UK’s Regulators
The Financial Conduct Authority (FCA) is the primary regulator of financial services in the UK. FCA supervises banks, FinTech, insurance, mobility, telecom, online entertainment and gaming industries, investing funds and all the other businesses involved in financial activities. It has the authority to audit companies’ AML compliance and investigate potential money laundering as well as terrorism financing.
FCA shares these duties with Her Majesty’s Revenue and Customs agency (HMRC ) which provides AML guidance and compliance requirements for KYC procedures. The National Crime Agency (NCA) and the Serious Fraud Office (SFO) are two other important UK law enforcement organisations. Their additional responsibilities are issuing warrants and arresting individuals that violate AML laws.
Requirements for AML compliance
The UK’s AML policy has several certain requirements. However, they are typically standard for this field in most of the countries within the FATF’s global network.
- The AML program should outline Know Your Customer procedures and customer due diligence measures which also must include PEP and sanctions list screenings.
- Companies are obliged to apply a risk-based approach when onboarding new customers.
- Each company is required to contract a Money Laundering Reporting Officer, whose main task is overseeing compliance program and reporting all suspicious activity directly to the National Crime Agency.
- Regulated companies must stay up to date with regulatory changes and provide proper training to their AML employees.
Will the AMLD6 still apply to the UK?
The UK government refused to implement the most recent European AML directive into national law. According to The Ministry of Justice reports, UK’s domestic legislation “is already largely compliant with the Directive’s measures, and in relation to the offences and sentences set out in the Directive, the UK already goes much further”.
There are some notable differences, though.
For instance, AMLD6 extends criminal liability for money laundering to corporations that fail to prevent it. Yet, UK legislation doesn’t consider it to be a criminal offence. The UK government has requested the UK Law Commission to review this aspect and decide whether UK law is “sufficiently equipped to tackle economic crime”. The outcome of this review may result in further alignment between the UK AML laws and the European AML regime.
Meanwhile, the majority of the UK companies have already adopted the AMLD6 into their framework to be able to continue business with the partners based in Europe.
Will the AMLD5 continue to be enforceable in the UK?
The Fifth AML Directive (AMLD5) came into force in the UK in January 2020. This directive has already been firmly transposed into national law and BREXIT does not immune UK companies from compliance with it. However, certain confusion and unclarity are remaining on this front too.
The most important concern hanging in the air is the obligation to create an Ultimate Beneficial Owner (UBO) register by the end of June 2021. So far, there is no clear guidance on what UK authorities will require in this regard, leaving almost no time to meet the new UBO rules.
Another concern that indicates a possible future amendment of AMLD5 in the UK’s legislation policy is the definition of the “third country entity” according to which the UK firms have to treat any country outside the UK as a “third country”. Same time, the UK itself has become a third country entity in the European Economic Area (EEA). This small paradox has intense consequences for all regulated businesses.
Both UK Money Laundering Regulations and EU AML directives 4-6 require the conduct of Enhanced Due Diligence (EDD) in third countries.
The loss of EU member state status has removed the UK’s access to simplified verification processes. From now on, the enhanced due diligence checks are required for establishing business relationships between the UK and European Economic Area. This means checking the legacy of the company’s ownership, structure, reputation etc more intensively than usually. This can potentially slow down existing processes and seriously harm the trade between the UK and EEA member states.
UK companies that onboard customers in the EU are obliged now to acquire a license in each EU state, where their customers are based along with following local laws and complying with regulations specific to those countries. Considering that national AML laws vary within the EU, UK businesses must ensure they can meet KYC procedures that are acceptable in a particular member state.
Altogether, Member states follow a combination of guidelines established under the Financial Action Task Force (FATF), AML Directives 1-6 and regional AML Acts.
British companies with a subsidiary or branches in the third countries with AML regulations “not as strict” as the UK’s must apply measures “equivalent” to those of the UK.
Data Privacy and GDPR
Despite the UK’s departure from the EU, the parameters of the General Data Protection Regulation (“GDPR”) will continue to be enforceable.
The agreed deal between the UK and the EU allows free flow of personal data for six months after the expiration of the transition period, which means — until the end of June 2021 only.
The UK expects the European Commission to issue an appropriate decision concerning this situation or at least guide on what actions should be taken.
Protecting the existing client experience is a top priority and any refresh of clients’ KYC data because of the UKs departure from the EU is absolutely critical. One thing is clear here — a cost-effective and client-friendly due diligence process should be 100% secure.
Trends for digital IDV services
Slowing down and complicating the verification process increases the risk of money laundering and terrorist financing. That is why businesses should implement the best possible risk-based approach in their verification procedures.
Both the UK and EU have agreed to “support international efforts”, with a particular emphasis on the FATF rules.
For this reason, the UK government has issued recommendations to perform electronic verifications rather than manual, document-based checks.
Digital verification is quicker and more cost-effective. It also causes less burden both for companies and their clients, besides being totally covid-secure as it doesn’t require face-to-face interactions. Switching to digital verification is the best way for businesses to maintain safe digital interactions and ensure compliance with all the latest legislation updates both in the UK and EU.
As a matter of fact, It is becoming a clear trend in the European Economic area. For example, German regulator BaFin insists on using Video-based solutions for remote identity verification. Also, many member states such as France, Spain, Portugal, Switzerland and the Nordic countries allow and promote hybrid KYC and AML Solutions.
BASIS ID experts also recommend automated digital identity verification to guarantee the best level of service and extra smooth experience to the end customers.
No matter what sanctions list or regulations the country follows in 2021, BASIS ID can assist businesses in complying with laws.
A distinctive feature of BASIS ID is the flexibility in providing solutions and integrating within various services and industry-specific solutions.
BASIS ID is a member of ZignSec group company and provides KYC and AML verification, along with risk and fraud management services worldwide. Being an innovator in the field of data analysis and personal data verification, BASIS ID helps companies of all sizes to manage their AML, KYC, and EDD processes.
Don’t hesitate to contact BASIS ID for more information or additional questions.
Most recent articles
Free trial requestApply now and get a free 14-day trial.
We guarantee full support during the trial period.