The revamped Money Laundering Regulations 2017 in 2020: five key changes

The revamped Money Laundering Regulations 2017 in 2020: Five key changes

Speed read: Amendments to the Money Laundering Regulations 2017, introduced by the Money Laundering Regulations 2019, entered into force on 10 January 2020. The fundamentals of AML policy development, risk assessment and Customer Due Diligence remain unchanged but the amendments are striking. Those newly subject to AML regulation and the duty to report include art market participants, certain letting agents and select crypto entities. The definition of ‘tax advice’ has also expanded which will see more slipping into the regulated sector. Anita Clifford discusses the implications and highlights the five main changes for regulated persons in 2020 which businesses in the UK or with a UK interest should note.

The beginning of the new decade coincides with revisions to the UK’s anti-money laundering architecture. The Money Laundering and Terrorist Financing (Amendment) Regulations 2019 (MLR 2019), subject to minor exceptions,[1] entered into force on Friday, 10 January 2020. Those who have long been in the regulated sector will be pleased to know that the fundamentals of performing a risk assessment at the firm and client levels and risk-proportionate Customer Due Diligence (CDD) as required by the MLR 2017, in force since 26 June 2017, remain undisturbed. But MLR 2019, which transposes the EU’s Fifth Anti Money Laundering Directive, contains important amendments. Firms well used to AML regulation will need to consider whether their policies and procedures are sufficient whereas other businesses slipping into the regulated sector from 10 January 2020 will find themselves navigating AML waters for the first time. This piece highlights five key changes introduced by MLR 2019.

Art market participants, letting agents and certain crypto businesses are now AML regulated

The ‘regulated sector’ net has been broadened, meaning that some will find themselves caught for the first time and obliged to perform a firm-wide AML risk assessment, develop proportionate AML policies and processes as well as conduct proportionate CDD before entering a business relationship with a client and report suspicious activity. Although larger firms may be well-prepared for the changes, the expansion of the regulated sector and the consequential need to understand for the first time the detail of the AML requirements can be challenging for sole practitioners and smaller and/or family run businesses. New to the regulated sector are:

  • letting agents where they let land (which includes part of a building or other structure) for a term of at least one month at a monthly rent of at least 10,000 euros[2]
  • ‘art market participants’, referring to firms or sole practitioners involved in the buying and selling of art amounting to at least 10,000 euros[3]
  • firms or sole practitioners involved in arrangements for exchanging money for cryptoassets (‘cryptoasset exchange providers’)
  • firms or sole practitioners involved in providing services for the safekeeping of cryptoassets (‘custodian wallet providers’)

All cryptoasset exchange providers and custodian wallet providers must be registered with the FCA, with the entity, beneficial owners and officers satisfying a fit and proper test.[4]

Expansion of ‘tax advice’

The definition of ‘tax advice’ has considerably widened which will bring even more professionals into the regulated sector depending on the nature of the instruction. Previously, tax advice captured ‘advice about the tax affairs of other persons’. The focus was on a person directly advising on a person’s tax affairs or position. Now, the definition of ‘tax advice’ is

“material aid, or assistance or advice, in connection with the tax affairs of other persons, whether provided directly or through a third party”.[5]

The inclusion of ‘in connection’ is significant although the term is notoriously elastic, an issue which AML practitioners all too often meet when seeking to apply the definition of ‘criminal property’ (by or in connection with criminal conduct) in section 340 Proceeds of Crime Act  2002 upon which the offences of money laundering are hinged. On one view, the implication of the widened definition of tax advice is that a person such as a solicitor or barrister who may not have a tax practice but whose advice to a client or through an intermediary will inevitably have a bearing on or connection with a person’s tax matters could now find themselves performing regulated work. In these circumstances, it would be prudent to assume the AML obligations apply and to conduct a client risk assessment, proportionate CDD and ongoing monitoring.

Positive obligation to take steps to understand ownership and control structure of all trusts, companies and legal arrangements

Pursuant to Regulation 28(3) of MLR 2017, regulated entities are obliged to gather specific information on corporate clients, extending to identifying the beneficial owner and gathering information on the board, constitution and place of business. Hitherto, only where a customer happens to be beneficially owned by a legal person or legal arrangement must reasonable measures be taken to understand the ‘ownership and control structure’ of that owner: Regulation 28(4)(c) MLR 2017. Under MLR 2019, the requirement has expanded. Now, CDD on any company, trust or legal arrangement of any sort, whether or not beneficially owned by a legal entity, requires reasonable steps to be taken to understand ownership and control. Those steps should be recorded.[6]

New duty to report beneficial ownership discrepancies to company registrar

Conducting CDD on corporate entities inevitably leads to regulated persons amassing considerable information about a company, including its beneficial owners. Drawing professionals ever further into the investigation fold, a regulated person is now under a duty to disclose to the company registrar any identified discrepancy.[7] This includes in relation to the Persons of Significant Control register. In turn, the registrar is obliged to investigate any disclosure.

Prescribed components of Enhanced CDD

When unveiled, MLR 2017 was billed as being more comprehensive than its predecessor but less prescriptive in its approach to AML. One consequence, however, has been uncertainty over how much and what kind of ‘extra’ CDD to apply to situations of enhanced money laundering and terrorist financing risk. MLR 2019 now prescribes what is required at a minimum although the requirements are likely to reflect practice already occurring. When Enhanced CDD is performed, it must always involve:

  • obtaining additional information on the customer and on the customer’s beneficial owner;
  • obtaining additional information on the intended nature of the business relationship;
  • obtaining information on the source of funds and source of wealth of the customer and of the customer’s beneficial owner;
  • obtaining information on the reasons for the transactions;
  • obtaining the approval of senior management for establishing or continuing the business relationship;
  • conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination.


MLR 2019 widens the regulated sector noticeably and introduces new AML duties which, like the others, are backed by civil and criminal sanction. Strikingly absent at the moment is new guidance from HMRC and other AML supervisors which takes into account the updates to the regulatory framework. For those new to the regulated sector, this is unfortunate as the detail of the duties is likely to be challenging, especially for smaller businesses. Further, whether new to the regulated sector or not, the expanded definition of ‘tax advice’ requires careful consideration by sole practitioners and firms whose services may affect, directly or indirectly, tax affairs. In these circumstances, although the amendments are in force from 10 January 2020 and there is no relaxation of the duty to comply, supervisors will in practice need to allow time for businesses to adjust. The question is just how much time will be judged to be reasonable before compliance action is taken.


[1] Regulation 5(5)(c) which relates to CDD for anonymous prepaid cards enters in to force on 10 July 2020. Regulation 6 and regulation 12(b) enter in to force on 10 September 2020.

[2] Regulation 4 MLR 2019, amending Regulation 13 MLR 2017.

[3] Regulation 4 MLR 2019, amending Regulation 14 MLR 2017.

[4] Regulation 7 MLR 2019 inserting Regulation 58A MLR 2017.

[5] Regulation 4 MLR 2019, amending Regulation 11(d) MLR 2017.

[6] Regulation 5, inserting Regulation 28(3A) MLR 2017.

[7] Regulation 5 MLR2019, inserting new Regulation 30A MLR 2017.