ResourcesPractical guidance and standards for financial crime compliance practitioners

The Wolfsberg Group c/o Basel Institute on Governance Steinenring 60 | 4051 Basel, Switzerland

13 June 2024

Via Electronic Submission Sanctions & Illicit Finance Team HM Treasury 1 Horse Guards Road Westminster SW1A 2HQ London, United Kingdom

Dear Sir or Madam

RE: Consultation on Improving the effectiveness of the Money Laundering Regulations

The Wolfsberg Group (the Group) welcomes the opportunity to comment on His Majesty’s Treasury (HMT) consultation relating to improving the effectiveness of the UK Money Laundering Regulations (MLRs).¹ The Group previously set out three key elements of an effective anti-money laundering and counter-terrorist financing (AML/CTF) programme in these publications: Statement on Effectiveness,² Developing an Effective AML/CTF Programme,³ and Auditing for Effectiveness.⁴ We welcomed HMT’s acknowledgement of our work on demonstrating effectiveness in the 2022 review of the UK’s AML/CTF supervisory regime. We are pleased to submit this response to the consultation as a follow-up to our response to Call for Evidence in 2021.⁵

Economic crime poses a significant threat to national security and prosperity.⁶ The Financial Action Task Force (FATF)⁷ and the UK’s Call for Evidence⁸ both recognise that, in the fight against money laundering and terrorist financing, it is essential that policy makers, law enforcement agencies (LEAs), supervisors and regulated FIs act as a shared, coordinated system, focusing resources on national priorities, and delivering against defined, measurable outcomes. The Group supports this vision.

The UK’s Call for Evidence in 2021 noted that a core principle of an effective AML/CTF framework is that “the totality of activity generated by compliance will be focussed towards the most significant threats to the UK system whilst reducing administrative burdens as far as possible.” The Group believes that the UK has made significant progress towards this principle through its Economic Crime Plan.⁹

The aim of the Group’s submission is to highlight the importance of the MLRs in empowering FIs to manage financial crime risk effectively. An effective AML/CTF framework includes, where appropriate, discontinuing low-impact compliance activity and redirecting resource to areas of higher value in detecting and preventing financial crime, as informed by national threat priorities. We encourage the UK to take bold and transformative action to create a legal and regulatory framework with defined outcomes. As we enter the fifth round of FATF Mutual Evaluations, we believe the UK has an opportunity to increase the effectiveness of the international fight against money laundering and terrorist financing by leading adoption of best practice and continuing to work with international partners across FATF’s global network.

In its response to HMT’s consultation on reform of the UK’s AML/CTF supervisory regime, the Group argued that consistency of supervision is critical across sectors providing the same or equivalent services.¹⁰ The Group encourages HMT to apply the principles of a level playing field when considering how best to reform the MLRs.

Our response focuses on Chapter 1 (‘Making customer due diligence more proportionate and effective’) and Chapter 2 (‘Strengthening system coordination’). A summary of our recommendations is below.

Summary of Recommendations: Chapter 1: Enhance the risk-based approach and empower FIs to focus resource on activity that delivers more tangible outcomes by:

• Replacing the requirement to conduct Enhanced Due Diligence (EDD) on customers established in countries on the Financial Action Task Force’s ‘grey list’ with a requirement to assess and respond to the holistic risk of each customer. [Q16-19]
• Extending the Financial Action Task Force’s principle on correspondent banking to pooled client accounts – such that Financial Institutions are not expected to conduct customer due diligence on the customers of their customer. [Q20-25]
• Replacing broadly articulated higher risk factors (such as ‘tobacco products’ and ‘cultural artefacts’) with a focus on responding to national threat priorities. [Q9-12]
• Replacing the requirement to conduct EDD on domestic (UK) Politically Exposed Persons with a requirement to assess and respond to the holistic risk of each customer.

Chapter 2: Strengthen system coordination by:

• Articulating a shared, system-wide, objective for the AML/CTF regime that focuses on outcomes. [Q32-25]
• Continuing work under the Economic Crime Plan to establish national threat priorities through public-private partnerships and to deliver a legal and supervisory regime that empowers FIs to reduce, or even stop, risk management activities to align resources with those priorities. [Q32-25]
• Positioning the National Risk Assessment as a baseline for FIs’ risk assessments, supported by more agile national threat priorities. [Q32-25]
• Expanding the relevant authorities listed under regulation 50 to include Companies House and the Secretary of State responsible for Companies House.
• Delivering Companies House reform, making it world-leader in corporate transparency, with a key role in information sharing between Law Enforcement Authorities, supervisors, and the private sector. [Q29-31]
• Reviewing the effectiveness of beneficial ownership discrepancy reporting in the context of these reforms. [Q29-31]

Chapter 1: CDD: Focus on the RBA

FATF establishes the Risk-Based Approach (RBA) as the key pillar of an effective AML/CTF programme that optimises the detection or deterrence of money laundering and terrorist financing, as opposed to purely technical compliance with regulations that are not aligned to the actual risk they are designed to manage. The latter likely result in limited value in combatting money laundering and terrorist financing and produce unintended consequences. FATF’s 2021 stocktake recognises that “rules-based requirements increase inclusion barriers” and other unintended consequences,¹¹ such as overburdening legitimate customers with disproportionate requirements – ultimately hampering financial crime detection and prevention efforts. To be effective, laws and regulations must be outcomes-focused and be supported by appropriate policy, supervisory, and enforcement action.

Financial institutions (FIs) should be empowered to implement laws and regulations through a comprehensive and effective financial crime risk management programme in accordance with national threat priorities and the specific risks affecting each FI.

In our response to the Call for Evidence, we encouraged HMT to review rules-based requirements and empower FIs to redirect resources to activities that deliver more tangible outcomes. The Group therefore welcomes HMT’s focus on risk-based due diligence.¹²

High Risk Third Countries (Reg 33.3) [Questions 16-19]

The FATF list of jurisdictions under increased monitoring (often referred to as the ‘grey list’) identifies jurisdictions that are actively working with FATF to address their strategic AML/CTF deficiencies. FATF does not call for EDD on transactions and business relationships linked to these countries. Instead, FATF set an expectation that FIs take account of the grey list when applying a risk-based approach.

The Group agrees with the requirement for FIs to apply mandatory EDD on customers established in countries subject to a call for action (the ‘blacklist’). However, mandating EDD on all customers established in grey-listed countries, regardless of each customer’s risk profile, is disproportionate. Such an approach results in friction and disruption to existing customers for little discernible AML/CTF benefit and misdirects each FI’s resources away from more impactful activity. For example:

• It is disproportionate to require EDD on a customer ‘established’ in a grey-listed country when, having considered the nature of the client and all relevant risk factors such as product risk, the FI determines that customer does not pose a high risk. Not only does the mandatory EDD introduce friction and delay into customer journeys when initiating a business relationship, but the obligation to maintain such EDD can disrupt legitimate customers unnecessarily. An example of this would be retail customers resident in grey-listed countries but whose source of wealth and funds do not originate materially from economic activity in that country (e.g. retirees).
• The impact of grey listing on low-capacity countries, including those that pose a lower risk to the international financial system, has been reviewed independently.¹³ The Group adds the risk to financial inclusion posed by mandatory EDD and its incompatibility at scale with mobile digital onboarding common in low-capacity countries.¹⁴
• Of the 21 countries currently on FATF’s grey list, none is included in the UK’s National Risk Assessment (NRA) as posing a heightened threat of money laundering or terrorist financing. The result is that FIs apply significant levels of EDD, regardless of the assessed risk, on customers associated with countries that aren’t assessed as material threats by the UK government. This misdirects resource from the UK’s national threat priorities. Some countries identified in the NRA as posing a heightened risk, such as Russia, have never been on FATF’s grey list or otherwise classified as High Risk Third Countries. FIs currently take account of the risk posed by such countries through various controls, including holistic customer risk assessments that incorporate geographic risk highlighted in the NRA; this approach will continue and can be enhanced through national threat priorities (refer to our response to chapter 2, below).
• Requiring FIs to ‘uplift’ all existing customers established in grey-listed countries through EDD and requiring UK FIs’ branches and subsidiaries in grey-listed countries to apply mandatory EDD on all domestic customers irrespective of other risk factors, multiplies these adverse impacts. Branches and subsidiaries are required to apply the equivalent group level polices and controls as their UK headquarters pursuant to Regulation 20 of the MLRs. In the past, members of the Group have conducted multi-year EDD remediation programmes when, taking account of all relevant risk factors, enhanced measures were disproportionate. These programmes have misdirected significant resources from more targeted and impactful AML/CTF activity in the case of customers established in countries such as UAE, Gibraltar, and the Cayman Islands where customers typically fall across the full spectrum of risk. The consequence of this ‘uplift’ is even more acute when a country is removed from the FATF list within a calendar year, notably, where, as a result of the grey-listing, global FIs may have onboarded additional staff only to have to let them go after a short period of time.
• The obligation to conduct enhanced monitoring, even in situations that do not pose a higher risk, generates ’noise’ in FIs’ transaction monitoring systems – an increased number of alerts that require manual review with a relatively low conversion rate to SARs. This diverts resources from more effective monitoring activity (members note an increase in transaction monitoring alerts in relation to designated HRTCs of 15%-20%).

The current obligation to conduct EDD was transposed into the MLRs from the EU’s 5th Money Laundering Directive. In the latest AML rules package adopted by the European Council in May this year, the EU is moving away from mandating all EDD measures on customers and transactions established in grey-listed countries, acknowledging the importance of measures being “proportionate to the level of risk”.¹⁵ This is a positive step forward for the EU. However, further reform is required for due diligence to be proportionate to the risk and to minimise unintended consequences.

In the Group’s FAQs on country risk,¹⁶ we outline the importance of applying reasonable measures to “determine the overall level of financial crime risk in a country by assessing the threats and mitigants in that country which are relevant to FIs.” This includes ‘criminal indicators’ – data sets that FIs may consider when assessing the threat posed by each country to the global financial system. FIs already consider mutual evaluation reports as one aspect of their risk assessment processes. Under Regulation 33.6(c)(i)), FIs are accountable for incorporating the outcome of mutual evaluation reports in their risk assessment processes as one of several risk factors. However, mutual evaluation reports should not be, and are not considered to be, a sole or overriding factor.

Removing mandatory EDD on customers established in grey-listed countries, whilst requiring FIs to conduct their own risk assessments commensurate with the size and nature of their business, will drive a more effective response to money laundering and terrorist financing and will align the UK with FATF recommendation 19 and countries like Canada, the US, Japan, Hong Kong, and Singapore. Replacing mandatory EDD on customers established in FATF grey-listed countries with an obligation for FIs to respond to national threat priorities (refer to our comments on chapter two below) would position the UK as a global leader in responding to the risk of money laundering and terrorist financing posed by countries identified as having strategic deficiencies with their AML/CTF framework.¹⁷

Pooled Client Accounts (Reg 37.5) [Questions 20-25]

The UK’s NRA identified that “recent cases suggest that client accounts remain at risk of exploitation by criminals and that criminals are employing methodologies such as sham litigations and fraudulent investment schemes through client accounts”. However, the Group does not believe that requiring FIs to conduct due diligence on their customer’s customer is an effective response to this threat.

In its response to the Call for Evidence, the Group highlighted that requiring FIs to identify and verify the persons whose funds are held in a Pooled Client Account (PCA), even when the account holder is subject to UK money laundering supervision, makes FIs ‘de facto supervisors’. This results in low-impact compliance activity and creates unintended consequences. The same concerns apply when the holder of a PCA is in a sector not sufficiently high risk to be in scope of the MLRs.

We refer to the Group’s response to the 2023 consultation on UK Supervisory Reform, which highlighted the unintended consequences of FIs’ perception that they may be held accountable for their regulated customers’ compliance failings:

“FIs should be able to take comfort from a robust supervisory regime within which their customers operate. Supervisory expectation, or perceived expectation, that FIs must assess and monitor the controls and reputation of customers that are themselves subject to AML/CTF supervision (over and above correspondent banking requirements under FATF Recommendation 13) results in FIs becoming de facto supervisors. In this role, FIs must spend considerable resource monitoring customers that are themselves subject to AML/CTF requirements and may even be supervised by the same authority as the FI. It may also result in the customer losing access to financial services following an FI’s assessment of its ability to manage money laundering and terrorist financing risk. Recognised challenges such as access to Pooled Client Accounts (PCAs) can be addressed by enhancing the effectiveness of the supervisory regime and explicitly permitting FIs to rely on that regime when assessing customer risk and conducting due diligence.”

The Group highlights the challenge posed by simplified due diligence (SDD) being the only exemption in the MLRs from FIs having to ‘conduct customer due diligence on the customers of their customer’. Obstacles to adopting SDD are to be reviewed as part of FATF’s review of Recommendation 1. In the case of PCAs, factors that may dissuade FIs from classifying a customer as low risk include the heightened risks of PCAs identified in the NRA and the work to enhance the effectiveness of statutory and professional body supervision under the Economic Crime Plan (e.g. The Office of Professional Body Supervision 2022/23 Report found weaknesses with PBS supervision).¹⁸ Even if the exemption from having to verify the identity of persons whose funds are held in a PCA is broadened to customers who are not subject to the MLRs, the same challenge of limiting the exemption to SDD remains.

The Group believes that parallels should be drawn between PCAs and correspondent banking relationships where FATF, in response to concerns about de-risking, confirmed that “FATF Recommendations do not require financial institutions to conduct customer due diligence on the customers of their customer.”¹⁹

To ensure a level playing field and to minimise unintended consequences on legitimate business, it is critical that the AML/CTF regime is consistent across sectors that provide the same or equivalent services. Where FIs’ customers are subject to the MLRs, we recommend that FIs are no longer required to act as de facto supervisors. For sectors that are not sufficiently high risk to be subject to the MLRs, FIs should be able to take that fact into account when assessing and responding to the risk. In both cases, FIs should remain accountable for assessing the risk of their customers, obtaining the purpose and intended nature of the business relationship, obtaining sufficient information on the PCA to support effective monitoring, and applying additional, risk-based, measures in higher risk situations.

Recommendation:

• The Group recommends that the MLRs are amended in line with the following principles:
  • FIs are accountable for applying reasonable, risk-based, due diligence on the customer’s PCA, including anticipated account activity, purpose of the account, markets served, and the description of the class of persons whose funds are held in the PCA.
  • The customer is accountable for providing identifying information on the persons whose funds are held in the PCA to the FI upon request.
  • FIs must apply enhanced measures in high risk situations as outlined in the Joint Money Laundering Steering Group guidance (Part 1 Annex 5-V), such as taking action to reduce the risk.

Mandatory Risk Factors (Reg 33.6(b)) [Questions 9-12]

In its response to the Call for Evidence, the Group highlighted that mandating broadly articulated higher risk factors such as ‘tobacco products’ and ‘cultural artefacts’ in regulation poses a risk of making them a rigid expectation, rather than part of a considered risk-based approach. Such a list is also, by nature, both limited and non-responsive to evolving threat, thereby driving low-impact compliance activity.

In line with the Group’s paper on Effectiveness Through Collaboration,²⁰ which set out, inter alia, “AML/CTF frameworks that provide highly useful information to relevant government agencies are those informed by law enforcement and tailored to national AML/CTF law enforcement priorities”, the Group believes that the starting point for an effective AML/CTF programme is an understanding of related threats identified through public private partnerships (PPPs) between the private sector, LEAs, government, and supervisors, and articulated through the NRA and national threat priorities. FIs should remain accountable for assessing their risk exposure and developing reasonable risk mitigating measures proportionate to size, business model, and geographic scope of their business. To illustrate:

• “where there is a transaction related to… tobacco products” is too broadly articulated. The NRA highlights the “coordinated and systematic smuggling” which is a more nuanced view of where the heightened risk of tobacco has been identified and thus facilitates a more proportionate approach by FIs that minimises unintended consequences and customer friction
• The reference in Regulation 33(6)(b) to ‘ivory’ should be removed, with high-impact activity instead being driven through PPPs on the illegal wildlife trade more broadly and initiatives such as United for Wildlife²¹ and collaboration with the United Nations Office on Drugs and Crime²².
• The reference in Regulation 33(6)(b) to ‘defence’ does not distinguish between sub-sectors or geographies. The Group believes it would be more impactful to remove the generic risk factor and instead focus activities on PPPs (such as the February 2022 JMLIT case study highlighted in the Economic Crime Plan²³) and on the specific risks identified in the UK’s NRA on proliferation financing.²⁴ The Group also stresses the importance of firms in the defence sector having robust controls to comply with applicable sanctions regimes and, as with PCAs (above), recommends that FIs should not be required to act as de facto supervisors.

Recommendation:

• The list of generic risk factors should be removed from the MLRs. Removing the list will empower FIs to respond to evolving threats whilst future-proofing the MLRs, noting the ongoing work on system-wide prioritisation under the Economic Crime Plan.

Domestic Politically Exposed Persons (Reg 35) Although out of scope of this consultation, the Group refers HMT to its Statement²⁵ and Guidance²⁶ on Politically Exposed Persons (PEPs) and our response to the Call for Evidence that highlighted mandatory EDD on domestic (UK) PEPs in the absence of related national threat priorities as “likely to result in disproportionately limited AML/CTF benefit and unintended consequences for customers”. The Group recognises the clear risk of PEPs abusing their positions for private gain and using the financial system to launder the proceeds of this abuse. However, as recognised by the MLRs, not all PEPs pose the same level of risk. The Group believes that PEP rules are most effective when they empower FIs to focus enhanced measures on the risk of grand corruption, informed by the NRA and national threat priorities.

The UK’s NRA highlights that “a considerable threat to the UK arises from overseas PEPs laundering their illicit gains through the UK”. As such, the Group recommends that the MLRs are amended to empower FIs to focus resources on that threat by removing the requirement to apply EDD on all domestic (UK) PEPs. For domestic PEPs, FIs should be required to consider political exposure as part of a holistic customer risk assessment and to apply EDD in high-risk situations. By doing so, the UK will align with FATF Recommendation 12 and countries such as Singapore and Australia. There are significant benefits to this approach:

• EDD will continue to be appropriate where a domestic PEP, family member, or close associate is assessed as posing a heighted financial crime risk.
• This will, in turn, create capacity within FIs to focus on shared national threat priorities, ultimately enhancing their ability to provide highly useful information to LEAs.
• The approach also addresses a potential conflict created by Regulation 20, which can be interpreted to require overseas branches and subsidiaries of UK FIs to treat their UK PEP customer (who are foreign PEPs when banking overseas) as presenting a lower level of risk than domestic (non-UK) PEPs (in the absence of heightened risk factors).

Recommendation:

• Amend Regulation 35 to require FIs to apply EDD measures listed in Regulation 35(5) only on domestic (UK) PEPs, family members and close associates that pose a high risk.
• FIs remaining accountable for having in place appropriate risk-management systems and procedures to determine whether a customer or beneficial owner of a customer is a PEP, a family member or close associate, domestic or otherwise (as per Regulation 35(1)), and for assessing the level for risk associated with that customer (as per Regulation 35(3)(a)).

Chapter 2: Strengthening System Coordination

National Risk Assessment and System Prioritisation [Questions 32-35]

FIs play a critical role in supporting LEAs and relevant government agencies keep their communities safe from harm through the provision of relevant information. The second element of the Group’s Statement on Effectiveness is that FIs provide “highly useful information to relevant government agencies in defined priority areas” – information that results in detection, prevention, and disruption of money laundering and terrorist financing and the seizure and/or confiscation of criminal assets.²⁷ Actionable national threat priorities developed through PPPs are critical enablers of an effective AML/CTF system. The Group believes that:

• NRAs drive the risk-based approach by providing a ‘point in time’ assessment of risk at a strategic level. They provide FIs with an understanding of financial crime risk and set a baseline for FIs to conduct their own risk assessments. However, as NRAs are updated on a multi-year cycle, they are not sufficiently agile to address emerging threats or to drive an operational-level, coordinated, public-private response to evolving priority threats. The operational response should be addressed by the UK Government’s work on System Prioritisation (as set out in the Economic Crime Plan), which will be informed by national threat priorities. [Q35].
• The frequency of updating national threat priorities should consider the lead time required by FIs to respond, notably determining resource allocation and AML/CTF programme design aspects, as well as the need for supervisors to adjust their risk-focused approach to supervision.
• The Group does not believe it is necessary for the MLRs to be prescriptive on how FIs should complete and use their own risk assessments. Instead, legislation should set the framework within which FIs and supervisory authorities define and execute their risk-based approach. This approach should be informed by, respond to, and assessed against, both NRAs and national threat priorities, as they relate to each FIs’ customers and activities. [Q32].
• The MLRs already require FIs to conduct enterprise-wide and customer risk assessments, further details of which are best set out in sector-specific, statutory, guidance. It is, however, important for policy makers, FIs, and supervisors to have a shared view on the purpose, uses, and limitations of NRAs and the role of national threat priorities, as well as how NRAs are integrated into FIs’ risk frameworks.
• Prioritisation must be transformative and not additive. It is critical that FIs can reduce, or even stop, certain activities to redirect resource to national threat priorities. The Group believes that this can be achieved by:
  • A clear articulation in the MLRs of a shared, high-level objective that focuses on outcomes over processes,²⁸ including referencing the NRA as an appropriate component of each FI’s risk-based approach;
  • A shared understanding of how threats can translate to risk and controls within each regulated sector (for example, through PPPs, FIs have been able to apply data analytics, rather than traditional transaction monitoring, to typologies to identify criminal networks). This approach has resulted in highly useful intelligence being submitted to LEAs.
  • Recognition that not all risks identified in the NRA or national threat priorities are equally applicable to all FIs and that FIs’ control frameworks can still deliver effective outcomes when focusing on some, or different, threats, as per each FI’s own enterprise wide risk assessment.
  • A supervisory regime that empowers and encourages FIs to reallocate resources to higher-value activity by focusing on the quality and usefulness of the information shared with LEAs rather than the existence of the information or purely technical compliance.²⁹ FIs should be accountable for demonstrating the effectiveness of their control environment, including the provision of highly useful information to LEAs in defined priority areas.³⁰

There is no ‘one size fits all’ approach to conduct an NRA, although FATF provides high level concepts and guidance.³¹ The Group believes that the UK has an opportunity to work with international partners at FATF to standardise and increase the effectiveness of NRAs. Methodologies typically involve a combination of quantitative techniques (e.g. analysing statistical data and financial indicators to identify potential risks) and qualitative analysis (e.g. expert opinions, intelligence reports, and case studies) to assess risks. Looking across the NRAs published by the UK, Netherlands, Singapore, US, and Italy, there are some key concepts that can be drawn out for a better outcome:

• Capacity and capability: Ensure sufficient allocation of resources to conduct comprehensive and regular risk assessments. Invest in training and development programmes to enhance the expertise of professionals involved in the assessment process.
• Stakeholder collaboration: NRAs that do not recognise the full spectrum of money laundering and terrorist financing risk posed by different sectors and countries do not deliver effective outcomes. Such NRAs can result in unintended consequences, including barriers to accessing financial services (for example, by dissuading FIs from applying appropriate risk-based due diligence on sectors homogenously identified as posing a heightened risk). It is important to establish effective coordination mechanisms among government agencies, LEAs, FIs, and other relevant stakeholders to articulate the full spectrum of risk across sectors, geographies, and products. Collaboration helps avoid generalisations that result in disruption to legitimate economic activity and misdirection of resources. Collaboration should involve regular communication and information sharing between parties to help identify emerging risks, enhance data quality, and improve the overall assessment process.
• Data management: Improve data collection, analysis, and sharing capabilities to ensure accurate, transparent, and reliable information for risk assessments, including through PPPs. The quality of data is crucial, and validation through cross checking with another source should be performed to verify the integrity of the data.
• Regular reviews and updates: Conduct periodic reviews and updates of the assessment methodologies to adapt to changing money laundering risks. Either avoid including information likely to become out of date before the next update or signpost such activity to FIs and supervisors. The framework should be flexible enough to allow for adjustments based on new typologies, emerging technologies, and regulatory changes. However, operational level detail should only be included in more dynamic national threat priorities.

Recommendation:

• The MLRs do not need to be prescriptive on how FIs should complete and use their own risk assessments. Instead, the Group believes that the effectiveness of the UK’s response to money laundering and terrorist financing can be enhanced by:
  • Articulating in legislation a shared, system-wide, objective that focuses on outcomes.
  • Establishing national threat priorities through PPPs and a legal and supervisory regime that empowers FIs to reduce, or even stop, low impact activities to align resources with national threat priorities.
  • Positioning the NRA as a baseline for risk assessment, supported by more agile national threat priorities that drive an operational-level, coordinated, public-private response to evolving priority threats.

Companies House: [Questions 29-31]

In the Group’s response to HMT’s consultation on AML supervisory reform we outlined the critical role of information sharing between the registrar, supervisory authorities (including a Single Professional Services Supervisor (SPSS)), LEAs and FIs. Effective data sharing would help make Companies House a world-leader in corporate transparency, delivering on FATF’s objective of adequate, accurate and up-to-date beneficial ownership (BO) information. We note that the U.S. Treasury’s 2024 National Strategy for Combatting Terrorist and other Illicit Finance³² includes maximising the operational value of the beneficial ownership database and recommends that this approach be considered by the UK. The Group encourages the UK to continue delivery under the Economic Crime Plan of public>public, public>private, and private>private information sharing, enriched through a new financial crime intelligence capability within Companies House. An effective approach would include:

• Third Party Verifiers: An SPSS would play an important role by collaborating with Companies House to conduct risk-based assurance on verifiers, by applying a robust registration process and effective risk-based supervision, and by ensuring that compliance failures are flagged on the register and with FIs that use the register. SPSS supervision of Trust and Company Service Providers (TCSPs) should clearly focus on effective outcomes rather than an exercise in technical compliance. This would create an environment where the gathering and reporting of information, as well the processes around ensuring its accuracy and adequacy, are all aligned with the objective of reducing money laundering and terrorist financing.
• Data Analysis: An SPSS would be well positioned to work in partnership with Companies House to conduct proactive data analysis to identify known and emerging typologies and take appropriate action. It is through analysis of accurate, adequate, and up-to-date company data (not just data on BOs) that LEAs and registrars can identify known threat typologies on how company structures are abused. These typologies can be communicated to TCSPs through secure channels and enhanced through effective PPPs. Remedial action must be taken when systemic control failings are identified in a TCSP, supported by a registrar having querying and corrective powers (including deleting companies from the register). The Group therefore agrees that Regulation 50 should be amended, as per Q29.
• Discrepancy Reporting: The Group believes that enhancements to beneficial ownership registers, including Companies House, to ensure that FIs can efficiently access adequate, verified, and up-to-date BO information upon which they can rely, would enable more effective financial crime risk management as per the Wolfsberg Factors. The Group encourages the UK to review the effectiveness of BO discrepancy reporting in the context of these reforms. While discrepancy reporting by regulated entities can highlight material discrepancies, it does not provide verification of the accuracy of the information held by Companies House. The Group believes that discrepancies would be minimal if the information was verified at submission and registered companies are properly engaged to keep their information up-to-date. Discrepancy reporting must therefore be focused on reporting substantive discrepancies. At present, discrepancy reporting obligations across several jurisdictions are diverting resources from higher impact AML/CTF activity, with disproportionate effort being dedicated to establishing which customers are subject to reporting obligations and to identifying and reporting minor errors that do not lead to material financial crime risk outcomes. Early data on Companies House discrepancy reporting identified one third of 35,000 reports not to be valid (for example, minor discrepancies in spellings of names, and differences in interpretation of the nature of the control exercised by an identified beneficial owner).³³ Discrepancy reporting also puts FIs in the role of de facto supervisor – checking whether their customers have complied with their own legal obligations, regardless of the level of risk. Wider feedback from members indicates that substantial investment in discrepancy reporting processes has not led to the provision of highly useful information to LEAs, a key pillar of an effective AML/CTF regime as noted in the Group’s June 2021 statement. These measures would also facilitate legitimate business by removing the need for companies to provide updated KYC information separately to all regulated FIs with which they have a business relationship.

Recommendation:

• Expand the relevant authorities listed under regulation 50 to include Companies House and the Secretary of State responsible for Companies House.
• Deliver Companies House reform, ensuring sufficient capacity and capability for Companies House to be a world-leader in corporate transparency and a key participant in PPPs.
• Review the effectiveness of BO discrepancy reporting in the context of these reforms.

Conclusion

The Group appreciates the opportunity to contribute to the HMT consultation on enhancing the effectiveness of the Money Laundering Regulations. Our recommendations are designed to bolster the UK's fight against money laundering and terrorist financing through proportionate, threat-focused measures against international illicit finance and can be summarised as follows:

• We advocate removing the mandatory EDD requirement for customers from FATF grey-list countries, while retaining necessary EDD measures for customers established in countries subject to a FATF Call for Action. This adjustment ensures that resources are focused where the threat is most significant. This measure would be enhanced by delivering system-wide threat priorities as outlined in the Economic Crime Plan.
• We recommend removing the prescriptive list of generic risk factors from the MLRs. This will allow FIs the flexibility to adapt to evolving threats and align their efforts with national priorities, as identified through ongoing public-private partnerships and the NRA.
• We recommend modifying the approach to domestic (UK) PEPs to reduce unnecessary burdens while maintaining a risk-based approach. Removing the mandatory EDD requirement for domestic (UK) PEPs, their family members, and close associates will reduce customer friction and allow FIs to focus their resources more effectively and devote necessary attention to PEPs and other customers posing increased risk.
• We support changes to the MLRs relating to PCAs, whereby FIs would not be expected to become de facto supervisors. We believe FIs should be empowered to apply reasonable risk-based measures to such accounts, rather than obliged to undertake significant levels of due diligence into their customers’ customers.
• We recommend reviewing the approach to UK’s Companies House and advocate for the establishment of a SPSS to oversee risk-based assurance and data analysis, ensuring the accuracy and adequacy of beneficial ownership information. Additionally, we recommend refining BO discrepancy reporting to focus on substantive discrepancies, thus enabling more effective financial crime risk management and facilitating legitimate business operations.
• Lastly, we propose that the legislation clearly articulate shared, system-wide objectives focused on outcomes. This, coupled with agile threat prioritisation and a supportive legal and supervisory framework, will enable a coordinated public-private response to dynamic threats.

The Group appreciates the opportunity to provide comments in response to this Consultation, if you have any questions about this submission or wish to discuss any of the elements in greater detail please contact the undersigned via info@wolfsberg-group.org.

Yours sincerely

Alan Ketley Executive Secretary The Wolfsberg Group