Money Laundering Regulations 2017

Written by Dawn Fisher on Thursday July 6, 2017

On Monday 26 June 2017, by the skin of its teeth, the UK enacted the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the MLRs 2017).

Dragging its heels, somewhat unusually for UK Plc, there were a few tweaks but no real surprises between the draft MLRs and the final version with five key changes made:

 Risk assessment and review

Regulation 19


The requirement to establish and maintain policies and procedures proportionate to the level of risk identified (following the risk assessment undertaken to satisfy obligations under Regulation 18).

The final version of the MLRs 2017 contains an additional, positive duty on regulated businesses to ‘regularly review and update’ such policies and controls inserted in Regulation 19(1)(b); including a requirement to maintain a written record of all changes made to the AML governance framework following such review and all ‘steps taken to communicate’ the changes to staff.   

Perhaps overkill to write down in law the requirement for ongoing review and written records but perhaps a sad indictment of smaller firms and the wider regulated sector and associated supervisors where this would not already be considered as a BAU requirement and good practice.


In the draft MLRs, Regulation 19 did not reference proportionality but the final version (Regulation 19(2)) is more explicit in recognition that all policies and procedures adopted by a regulated business must be ‘proportionate with regard to the size and nature’ of the business – mirroring a regulated firm’s requirements under SYSC 6.3.2 for the core regulated sector and perhaps providing comfort to the wider regulated sector that implementation of the MLRs 2017 will not be as onerous as feared – and further supporting the application of the risk-based approach rather than one size fits all.

Training records

Regulation 24 states a specific duty to maintain written records of training given to relevant employees, commonsense it may appear, but apparently this needed spelling out more explicitly in law.


Regulation 35(14) lists two further positions to be considered as PEPs: ambassadors and charges d’affaires keeping the MLRs 2017 in line with the definition of PEP as stated in 4MLD.

Transfer of funds and cooperation

Regulation 63 imposes a positive duty for effective monitoring of payment service providers (‘PSPs’), with the requirement for supervisors to take measures to secure PSP compliance with the regulation as it relates to funds transfer and for them to encourage PSPs to report breaches.

Regulation 63(d) imposes a positive duty for such a supervisory authority to ‘take such steps as it considers appropriate’ to ‘cooperate’ with other supervisors (further supporting the need for the supervisors’ supervisor:  OPBAS), the Treasury and law enforcement agencies in relation to developing policies to counter money laundering and terrorist financing, and beyond this to cooperate with overseas authorities. Such cooperation expressly recognises the sharing of information as key.

The question here being why single out a particular sector and impose a positive duty to cooperate with law enforcement?

So what next for the regulated sector?

Betting and Gaming

I think it fair to say, at least unless next year’s review reverses the situation, the betting and gaming industry has dodged a bullet with the exclusion of the wider B&G industry from the regulated sector and casinos remaining the focus of UK Plc’s AML/CFT efforts.

Estate Agents

Estate Agency has been in the spotlight following damning revelations and the actions of some individuals in 'From Russia with Cash' and the legislation is now in place to force the profession to divest itself of the view that estate agents are merely the middlemen who put buyers and sellers together, thus absolving them of any obligations under PoCA or the MLRs and to conduct due diligence on both buyers and sellers. It will be interesting to see if this additional compliance ‘burden’ is used to push up commission rates for vendors.

The Legal Profession

The Law Society and the SFA have made representation to HMRC for additional time to finalise a Practice Note (PN) against which to evaluate members standards stating they cannot take action in relation to breaches until the PN has been finalised.

In principle quite right – but, given the JMLSG has a much wider audience to reach and managed to issue its final guidance alongside the release of the new MLRs a little shoddy of the legal profession? Renowned for (at least initial) misunderstanding of the application of PoCA 2002 and being a part of the regulated that files the fewest number of SARS to the UK FIU it seems our legal beagles are still procrastinating which, given the focus on legal professionals as 'professional enablers' with respect to high-end laundering as identified in the UK National Threat Assessment, surely gives OPBAS something to focus their attention on when they become operational next year?

Given the changes between the draft and final versions of the MLRs 2017 are minimal and, given the timelines it was extremely unlikely we would have seen major changes, I fail to understand why the legal profession has not managed to mirror the efforts of the JMLSG.

FCA Regulates Financial Services Firms

Already well-versed in the risk-based approach and cognisant of terms such as SDD and EDD, most firms have been gearing up for the MLRs 2017 since the publication of 4MLD.

The inclusion of our glorious leaders as PEPs (treatment proportional per FCA (draft) guidance), the removal of automatic SDD and the requirement to take that case by case decision and justify the adoption of SDD and the removal of the EU equivalence list (amongst other changes) don’t really pose any show stoppers for our core financial services sector with the changes to Data Protection Regulation causing by far the biggest headache.

Personally, in relation to financial services, and I whilst I do no doubt there is still work to be done by many firms, I think the MLRs 2017 somewhat of an anti-climax and consider the biggest challenges for this part of the regulated sector to emanate out of Chapter 2 of the Criminal Finances Act 2017.

How can ICT help?

Money laundering continues to hold high profile with regulators and firms alike. Non-compliance with anti money laundering requirements can cause both significant reputational damage and penalties for organisations, meaning appropriate training for AML professionals is essential.

ICA's internationally recognised qualifications in anti money laundering are suitable for all levels of knowledge & experience.


Please leave a comment

You can leave the name empty should you wish to remain Anonymous.

You are replying to post:



Email *

Comment *

Search posts

View posts by Author