KYC & AML Regulations in the UK: An Ultimate Guide

Financial crimes have been around since the invention of money. Some argue that their origins are even further back in history, with the advent of trade. Likely true, one can imagine the instances of fraud involved in trading rotten fruits, soured wine, or sick livestock. During those times, such activities that were carried out intentionally, in fact, were considered a financial crime. Once fiat currency emerged, things got even trickier and more complicated.

Fast forward to the 21st century, financial crimes are still a prevalent and ongoing challenge for banks, financial institutions, and individuals. However, to take action against fraudsters, regulatory authorities are emerging with KYC & AML regulations while fintech companies are introducing new preventive solutions such as identity verification systems. As technology is empowering authorities to take advantage of powerful security systems, on the other side, the same technology is making criminals more sophisticated to carry out offenses including money laundering, terrorism financing, account takeovers, document forgeries, and evade legal scrutiny. Financial institutions are also expected to play their role in the fight against crime by meeting regulatory obligations while integrating AI-powered KYC suits. Considering the significance of financial compliance, the global cost of compliance in the financial sector is estimated to be around $180.9 billion per year.

Financial Crime Outlook in the UK: 2022 and Beyond

Nevertheless, nearly two years after the onset of the Covid-19 pandemic, the United Kingdom has already gained 43% of the global total foreign-exchange turnover, making the country one of the world’s leading international financial services hubs. The country stands at the top as a global financial participant leading it to be what some would call the “dirty money” capital of the world. In addition to combating crimes, the businesses operating in the country are also finding it hard to balance evolving complex global KYC & AML regulations and deliver better customer experience while reducing operational costs. This has created a stressful environment to operate in, yet getting compliance wrong is not an option. In this regard, 12 out of the country’s top 50 financial service providers were fined in 2019 for non-compliance with AML, KYC, and other state regulations. The total fines were approximately $8.4B.

That being said, the numbers don’t speak in favour of the country as the National Crime Agency has stated that recurring crimes cost the major financial institutions a whopping EUR 100 Billion loss annually. 

FCA Fines Ghana International Bank £5.8m Over AML Controls 

The FCA has fined Ghana International Bank Plc (GIB) £5,829,900 for poor Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) controls over its correspondent banking activities. The firm provided financial services to overseas banks. This helped them to offer services and products they would not be able to do, including carrying out payments in foreign currencies and across borders.

The financial conduct authority obligates banks to perform extra checks on their customers to eliminate the risk of money laundering, terrorist financing, and various other financial crimes. The firm has also been held questionable between 1st January and 31 December 2016 for not adequately performing the additional checks required before establishing relationships with the overseas banks. The bank also lacked adequate Anti-Money Laundering (AML) controls to curb the instance of money laundering and other financial crimes in real-time. In addition to this, GIB also failed to undertake annual reviews of the information it held on the banks it had a relationship with, failed to give staff adequate training on how to scrutinise transactions properly and did not establish appropriate policies and procedures for staff.

FCA Fines Gatehouse Bank £1.5m for Poor Anti-Money Laundering Checks

The Financial Conduct Authority (FCA) has fined Gatehouse Bank Plc £1,584,100 for significant weakness in its financial crime systems and controls. Between June 2014 and July 2017, Gatehouse failed to conduct sufficient checks on its customers based in countries with a higher risk of money laundering and terrorist financing. Gatehouse also failed to undertake the correct checks when some of the customers were classed as Politically Exposed Persons (PEPs). In one instance, Gatehouse Bank set up an account for a company based in Kuwait to aggregate customer funds. Gatehouse Bank did not require the company to collect information about customers’ sources of funds or wealth, which was required under Gatehouse’s Anti-Money Laundering (AML) policies. As a result, over a two-year period, Gatehouse accepted US$62,000,000 into the account without properly vetting the funds for financial crime risks. This example illustrates the risks of failing to have proper systems and controls.

Prominent KYC and AML Regulators Operational in the UK

The country’s response to financial crime is a collaborative effort. Policy ownership lies with the central government, led by the HM Treasury and Home Office, with some specific areas of policy-making managed by other government departments. The Scottish Government is responsible for making fraud preventive policies in Scotland. In Northern Ireland, the Department of Justice is the entity held accountable for overseeing criminal justice policies.  

The NCA’s Combatting Kleptocracy Cell was established in July 2022, which plays a viable role in responding to economic crimes. The department is majorly focused on investigating corrupt elites and Politically Exposed Persons (PEPs) laundering their assets within the UK. In addition to this, NCA’s  National Economic Crime Centre (NECC) was also established to deliver a step-change in response to combating serious and organised crimes. The centre brings together law enforcement authorities and other departments, including the Serious Fraud Office (SFO), HM Revenue and Customs (HMRC), Financial Conduct Authority (FCA), and  Crown Prosecution Service (CPS) under a mutual understanding to overcome the risk of economic crimes. 

Financial Conduct Authority (FCA)

The Financial Conduct Authority (FCA) is one of the major regulatory authorities working in the UK, responsible for regulating the financial industry of the country but works independently of the UK’s government. Financial firms, including stock exchanges, investment corporations, e-money exchanges, payment institutions, credit companies, asset managers, and banks are obliged to meet FCA’s regulations, such as implementing a risk-based approach like the one FATF recommends. 

The primary objective of the FCA is to detect, fight and curb financial crimes, making the UK free from money laundering and terrorist financing activities. According to the financial watchdog, every institute dealing in financial transactions needs to hire an entity called a Money Laundering Reporting Officer (MLRO) who can focus on Anti-Money Laundering (AML) activities to detect any suspicious activities that need an urgent response. Among all obligations, the most crucial factor in meeting FCA’s standards is conducting a risk assessment to categorise clients according to the risk of crime they possess.

Her Majesty’s Revenue and Customs (HMRC)

Her Majesty’s Revenue and Customs (HMRC), the UK government’s financial regulatory authority, specialises in tax-related crimes. HMRC is mainly responsible for tax collection and protecting the country’s border against illicit activities such as money laundering, terrorist financing, and drug trafficking. In addition to these responsibilities, the financial watchdog also collaborates with the Financial Conduct Authority (FCA) to conduct money laundering investigations. HMRC also places several obligations on businesses, particularly financial firms including authenticating the customers’ real identities and verifying the source of financial transactions to fight and deter the risk of money laundering. Moreover, the financial institutions under HMRC obligations must also maintain records of customers’ personally identifiable information and transactions.

National Crime Agency (NCA)

The UK’s National Crime Agency (NCA) is at the forefront when it comes to combating large-scale organised crime. Senior officers at the NCA are responsible for identifying and keeping track of major criminals. To ensure risk-free operation, the regulatory watchdog points out changes in financial crime patterns and imposes strict sanctions and penalties to curb criminal activities. The NCA has successfully fought money laundering and terrorist financing, among other financial crimes, since 2013. For instance, the authority closely monitors businesses and financial institutions that deal with large amounts of transactions. In case of suspicion, the NCA prosecutes companies and seizes assets to secure the UK’s economic landscape.

NCA also works jointly with international authorities as well as other UK agencies internally to mitigate the threats of money laundering and terrorist financing effectively. The agency also plans to arrange training sessions for AML compliance personnel to ensure the implementation of robust techniques for detecting the illicit flow of cash.

KYC & AML Regulations – UK Edition 

The Financial Conduct Authority (FCA) is one of the leading financial service regulators in the UK, which works tirelessly to oversee the country’s financial firms’ compliance with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations. Various other financial watchdogs share responsibilities with FCA to investigate the proceeds of crimes including money laundering offenses. In addition, they also issue detailed guidance on AML in the UK, including the requirements for customer due diligence, enhanced due diligence, and transaction monitoring.

UK AML regulations are outlined in the following legislations:

European Union (EU) Anti-Money Laundering Regulations

The European Anti-Money Laundering and Terrorist Financing Directives are systematically designed to safeguard financial institutions from sophisticated fraudsters who exploit the economic systems to carry out money laundering and terrorism financing activities. The EU aims to develop universal AML regulations for all its Member States to help businesses fight money laundering in the EU Single Market. 

EU’s 1AMLD, 2AMLD, 3AMLD, and 4AMLD

The European Commission (EC) established its first AML Directive (1AMLD) in 1991 to combat money laundering. Under this, essential Anti-Money Laundering (AML) standards were formed to counter terrorist financing (CTF). The obligations included customer identity verification, record keeping, suspicious activity reporting, transaction monitoring, and several other Customer Due Diligence (CDD) measures that all EU Member States had to follow along with their individual national laws. 

The EC introduced its Second Directive (2AMLD) in 2001 and the Third Directive (3AMLD) in 2006 while extending its scope, making Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) checks mandatory for lawyers, notaries, accountants, casinos, and real estate agents.

 In 2017, the European Commission came up with its fourth Anti-Money Laundering Directive (4AMLD), which further expanded the scope of AML/CFT regulation and made it mandatory for gambling businesses, all financial institutions, and several other designated non-financial businesses, as well as professions.

EU 5AMLD and 6AMLD

In 2020, the EC introduced its Fifth Anti-Money Laundering Directive (5AMLD), bringing a legal definition for the cryptocurrency industry. Under this directive, both virtual currencies and virtual currency service providers fall under existing AML & CFT regulations. In this directive, new requirements for pre-paid cards and high-valued goods were also formed, along with several updates in due diligence standards for high-risk countries.

However, as the world began to experience digitisation and regular cybercrime news became normal, the EC set out various proposals to strengthen the EU’s Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) regulations. In this regard, the regulatory authority emerged with the Sixth Version of AML regulation, providing a cohesive definition of money laundering across all EU Member Countries while mitigating the shortcomings in their local legislative frameworks. 

The 6AMLD also added “aiding and abetting” to the list of activities prone to money laundering risks. In addition to this, the 6AMLD also broadened its scope for criminal liability for money laundering to legal persons (companies and partnerships) in situations where they fail to meet obligations. To enforce the regulations, regulatory authorities have also increased the sentence for proceeds of crimes to a minimum of 4 years imprisonment. 

Moreover, the EU’s Anti-Money Laundering Authority (AMLA) was also part of the July Package, which will further fill gaps in legislative framework and financial systems that criminals currently use to launder illicit earnings. However, the package is still in the legislative stage, assuming a compromise agreement in Q4 2022 and a publication at the end of this year or beginning of 2023. The member countries can expect new rules to be applied by 2026. However, the AMLA is expected to be operational by 2024.

Proceeds of Crime Act

Proceeds of Crime Act (POCA) is the UK’s primary Anti-Money Laundering (AML) regulation introduced in 2002 which defined several offenses that constitute money laundering. These activities fuel and facilitate money laundering and the distribution of its criminal proceedings. Under this Act, financial institutions, particularly banks, need to incorporate adequate AML controls that must be sophisticated enough to detect money laundering activities, including identifying irregular transaction patterns, customer/enhanced due diligence, and an array of reporting obligations. 

The Terrorism Act

While the Proceeds of Crime Act (POCA) majorly focuses on money laundering offenses, the Terrorism Act is legislated to impose counter-terrorist financing regulations on financial firms and banks, which also includes almost the same obligations such as customer due diligence, transaction monitoring, and suspicious activity reporting requirements. However, this Act was introduced in 2000 for the first time in the UK but was amended by the Anti-Terrorism, Crime and Security Act 2001, the Terrorism Act 2006, and the Terrorism Act 2000 and Proceeds of Crime Act 2002 (Amendment) Regulations 2007.

Anti-Terrorism, Crime and Security Act 2001

In December 2001, the UK’s parliament approved the Anti-Terrorism Crime and Security Act 2001 (ATCSA), Part 4 of which gave authority to the Home Secretary to command the indefinite custody of foreign terrorist suspects. In addition, the only right of appeal for those detained under Part 4 was by way of the Special Immigration Appeals Commission (SIAC), established by the Special Immigration Appeals Commission Act 1997 following the Chahal judgement of the European Court of Human Rights [1996] ECHR 54. Due to the use of sensitive intelligence materials (such as evidence from covert surveillance), the evidence against detainees was partly open (which the detainee would view and which his or her lawyers would be able to challenge) and partly closed (which the detainee and his lawyers would be prohibited from seeing). Instead of being able to challenge the closed evidence, the detainee would be represented by a special advocate who would argue the case on his behalf in the closed proceedings but would not be allowed to communicate with the detainee.

Money Laundering, Terrorist Financing, and Transfer of Funds Regulations (MLRs) 2017

The United Kingdom’s government introduced the Money Laundering, Terrorist Financing, and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) in June 2017 which emerged with several obligations for private sector businesses that are more prone to money laundering activities. The aim of this law is to restrict criminals from using professional services to launder their illicit gains by mandating the private sector take a risk-based approach. Companies are required to develop in-house identity verification mechanisms to verify their customers while monitoring their transactions to detect suspicious activities.

The Economic Crime and Corporate Transparency Bill

On 15 March 2022, the Economic Crimes (Transparency and Enforcement) Bill received Royal Assent becoming the Economic Crime (Transparency and Enforcement) Act 2022. The Act has been in the making for some time and can be traced back to 2016 when Prime Minister, David Cameron, warned offshore companies in an anti-corruption summit that they are obliged to disclose the beneficial ownership of UK properties. However, the bill was placed on a back burner following Mr. Cameron’s speech. The events in Ukraine re-ignited a desire to push through the Bill and it was fast-tracked through Parliament.

Economic Crime and Corporate Transparency (ECCT) Bill further imposed on kleptocrats, sophisticated criminals, and terrorists who abuse the country’s economy. The aim is to make the UK a trusted and well reputable place where legit businesses can operate without becoming part of money laundering schemes. In addition to this, ECCT also reforms to eliminate the risk of abusing limited partnerships, additional powers to seize cryptocurrencies seamlessly, and reforms to support information sharing to fight money laundering & economic crimes. By doing this, law enforcement authorities will have the power to gather information while removing regulatory burdens on businesses.

How Shufti Can Help Businesses Meet Compliance

It’s crystal clear that Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance is essential for curbing the risk of financial crimes. Most customers and businesses agree that effective laws and regulations are vital for their growth. However, executing these procedures manually becomes a major problem as criminals find ways to exploit human entities. These practices need to be replaced with automated solutions that can guard entities against identity theft and inaccurate processing. In addition, the KYC check & AML screening procedures, in particular, must be robust and affordable while having increased accuracy and security.

Shufti is a UK-headquartered IDV provider that offers a robust AI-powered AML screening solution for diverse businesses enabling them to remain compliant with industry-specific regulations. Companies can effortlessly identify suspicious and high-risk customers by cross-checking them against 1700+ watchlists to comply with global due diligence standards. Get 99% accurate results in a matter of seconds while balancing security and customer experience in real time.

Discover how businesses can comply with UK’s AML regulations.