UK approves updated AML guidance

UK ministers have approved new anti-money laundering guidance with special provisions on crypto-asset exchange providers, custodian wallet providers and pooled client accounts.

On 18 August ministers at HM Treasury, the UK’s finance department, approved the guidance prepared two months earlier by the Joint Money Laundering Steering Group (JMLSG), an industry body.

The guidance contains, in its Part II, an extensive new segment on crypto-related money laundering risks, after the UK’s money laundering regulations (MLR) began applying to crypto-asset exchange providers (CEPs) and custodian wallet providers (CWPs) in January, following amendments to the UK’s 2017 Money Laundering Regulations.

Both types of providers have been required to register with the UK’s Financial Conduct Authority (FCA) since then, with the deadline for doing so expiring in June.

It outlines crypto-providers’ know your customer (KYC) and due diligence requirements, as well as requiring them to have policies to mitigate their money laundering and terrorist financing risks.

The updated guidance notes that while Financial Action Task Force (FATF) guidance did not specifically categorise crypto service providers as inherently high-risk, there are some aspects of crypto activity that gave rise to money laundering – including anonymity, its cross-border, decentralised, digital nature, and the segmentation of transfers across different jurisdictions.

It recommended a trio of risk-mitigation measures, including transaction limits, time delays before certain transactions can be carried out, and requiring that the names on source and destination accounts must match where crypto-assets are exchanged with money.

The guidance also clarifies that some types of crypto-asset business, for instance where crypto-assets are exchanged for goods or services, are unlikely to come under the scope of the regulation. Businesses holding and storing cryptographic keys without being involved in their transfer will also fall outside.

Pooled client accounts

In a newly added Annex 5-V to part I of the guidance, the JMLSG also flags concerns that bank customers’ clients might use pooled client accounts (PCAs) for money laundering or terrorist-financing purposes – with or without the customer’s knowledge.

It advises banks to establish the types of clients whose funds are held in PCAs, the level of assets deposited and the size of transactions undertaken, as well as exposures to “industries and geographies” seen as vulnerable to money laundering, corruption and terrorist financing.

It says banks should consider whether their customers have applied robust and risk-sensitive client due diligence, and whether they are “unnecessarily and/or unreasonably reluctant” to provide information on a PCA.

For customers who present a risk of money laundering or terrorist financing, the guidance suggests enhanced ongoing monitoring, or restricting the funds held in a PCA to those held by clients posing a lower risk.

It also says banks should request their customers to improve their own practices to the point that they can provide information regarding the identity of owners of funds.

In a Baker McKenzie client note, the firm said that while the guidance did not have legal force, courts would take compliance with it into account in determining whether a crypto-asset business has committed money laundering offences, and the FCA would take it into account in determining whether its rules have been breached.

Get unlimited access to all Global Banking Regulation Review content