A Comprehensive Guide to KYC and AML Regulations in the UK

The increasing number of financial crimes in the UK calls for stringent measures to safeguard the integrity of the financial sector. This is achieved through robust Know Your Customer (KYC) and Anti-money Laundering (AML) regulations. 

KYC regulations ensure that all firms deeply understand their clients’ identities, whilst AML laws provide a framework to detect and report suspicious transactions. Enforcing these rules will help the UK protect its financial system from exploitation and maintain its reputation as a global leader in combating financial crimes.

A Quick Recap of Fines Imposed by FCA  (December 2022)

Failure to abide by AML regulations can result in penalties. The FCA has imposed a total of £39,233,360 penalties in 2022. 

The following companies were penalised for financial offences in December 2022:

• TSB Bank Plc — £29,750,000
• Metro Bank Plc — £10,002,300
• Santander UK Plc — £107,793,300
• GFI Securities Limited, BGC Brokers LP, and GFI Brokers Limited — £4,775,200
• Pembrokeshire Mortgage Centre Limited— £2,354,331

The Main AML Regulates in the UK

Businesses operating in the UK are governed by several law enforcement agencies, including:

• The Financial Conduct Authority (FCA) is the main AML regulatory body in the UK. It primarily regulates financial institutions like banks, cryptocurrency companies, and other enterprises in the financial services sector. Additionally, it can investigate money laundering offences in all sectors of society. 
• The Serious Fraud Office (SFO), HM Revenue & Customs (HMRC), and the National Crime Agency (NCA) jointly enforce AML legislation in the UK.  They investigate financial offences together with the FCA.

Additionally, some regulators focus on a particular sector of the economy, such as the Gambling Commission, which monitors AML compliance in gaming establishments.

The Main AML Regulations in the UK

The UK’s AML requirements are based on several international and national laws. The key ones are as follows:

• “The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017” and its amendments mandate companies to fulfil different AML standards. The 5th AML Directive was added to the law in 2019 (the UK opted not to add the 6th AML Directive because most of it was already enacted by UK legislation).
• “The Financial Services and Markets Act 2000” (FSMA) is the main legislation body governing the financial sector in the UK. This law establishes the FCA as the primary AML regulator and outlines its obligations.
• “Proceeds of Crime Act 2002” covers crimes and related punishments. The Act also requires companies to report any suspicious activities.

Compliance with AML Requirements in the UK

AML compliance entails the prevention of financial crimes. Let’s dive deeper into how businesses can abide by AML regulations in the UK.

Risk-based Approach

The primary obligations of a Risk-based Approach (RBA) include:

• Accessing the risks of terrorist financing and money laundering 
• Establishing robust controls that mitigate the risk identified 
• Conducting effective Customer Due Diligence (CDD) checks in a risk-sensitive manner based on the type of client, corporate relationship, product, or transaction
• Considering events and commodities that carry a greater risk of money laundering, such as infrequent transactions with Politically Exposed Persons (PEPs).

Businesses must keep accurate records of these activities (what was done and the reason behind it).

Customer Due Diligence (CDD) Checks in the UK

The JMLSG guidance states that CDD involves identifying and validating clients and their beneficial owners. It also refers to evaluating and obtaining information regarding the intent and nature of the business connection or transaction.

A company conducts CDD when:

• A corporate relationship is developed
• An infrequent  transaction is to be done
• There’s a suspicion of financial crime, such as money laundering 
• The integrity of records or data gathered is questionable

As some businesses may believe, customer verification is not the final stage of CDD. In addition to verification, companies must select the appropriate due diligence method and deal with the consumer accordingly. Therefore, organisations can use simplified due diligence if the consumer poses a low risk. PEPs are a category of clients who pose a higher risk, hence Enhanced Due Diligence (EDD) processes must be performed.

AML Screening

Businesses should have efficient screening processes updated about their industry, size, and risk. It is advisable to crossmatch both genuine and legal individuals with several watchlists, including:

•  The financial sanctions list of the UK government
• The European Commission’s list of high-risk third countries
• The Treasury’s list of high-risk countries
•  Trade sanctions list

Although it’s not required by law, the FCA strongly suggests screening clients against these sanctions lists to prevent compliance violations.

Ongoing Monitoring 

Businesses should continuously monitor their client base to spot any unusual behaviour that needs further inquiry. This comprises:

• Transaction monitoring checks that transactions align with the company’s knowledge of the client, business, and the risk they may pose.
• Evaluating current records and maintaining the latest versions of any data or information collected through CDD.

Recording and Retention Requirements

• Businesses in the UK must keep records of customer conversations, transactions, Suspicious Activity Reports (SARs), details about existing business ties, offered services, and the outcomes of due diligence checks. 
• After the business relationship ends, copies of the documentation and information gathered during the due diligence must be stored for five years. 
• Companies must also keep track of irregular transactions for 5 years after the transaction.

Reporting

Businesses must report suspicious behaviour under the “Proceeds of Crime Act of 2002”. The National Crime Agency (NCA) requires that a designated officer file a SAR promptly as suspicion is raised. 

Organisational Structure

Businesses need to be aware of their organisational structure whilst addressing financial crime. 

• Nominated Officers and MLROs: Businesses must select an appointed officer. Companies subject to FCA regulation must also appoint a Money-Laundering Reporting Officer (MLRO).  A designated officer reports money laundering cases, whereas an MLRO manages the company’s AML compliance with FCA regulations. A staff person may serve as both an MLRO and a nominated officer.
• Employee Training and Screening: Companies must educate their staff on AML. Employees more likely to be involved in money laundering undergo a thorough screening.

How Can Shufti Help?

Shufti offers a globally trusted IDV suite, helping thriving businesses in the UK remain compliant with the KYC and AML regulations. Not only this, but Shufti’s IDV suite verifies identities within seconds and fights fraud whilst providing customers with a more incredible experience. AI-powered KYC and AML solutions prevent businesses from hefty fines and build a positive brand image. 

Still confused about how an IDV suite helps businesses operating in the UK comply with KYC and AML regulations.