Guidance for the Accountancy Sector | Anti-Money Laundering
On 17 May 2022 the Consultative Committee of Accountancy Bodies (CCAB) published the final version of their anti-money laundering and counter-terrorist financing Guidance following its approval by HM Treasury. This note seeks to explain who is subject to the Guidance, and what it means for businesses.
The Guidance is the result of the amendment of the MLTF Regulations to reflect the Fifth Money Laundering Directive. Those regulations, and this Guidance, apply to any entity who, in the course of business in the UK, acts as an auditor, an external accountant, an insolvency practitioner, a tax advisor, or provides trust/company services.
The terms are very widely construed. Business is ‘within’ the UK irrespective of any international element, as long as there is some level of day-to-day management from within the UK. Any natural or legal entity is capable of being considered a business for these purposes, including a sole trader. Sole traders are only exempted from limited elements of the Guidance, the requirement to appoint a board member or member of senior management to oversee MLTF compliance being one such example.
One is acting as a ‘tax advisor’ when material aid, assistance or advice on someone’s tax affairs is provided directly, or indirectly. Critically a business may be considered to provide tax services even where those services are entirely automated or are provided virtually.
Accountants should note their services are not subject to such strict definition: they are not providing a defined service if they do not prepare or analyse any financial information for their clients. This means that providing software/information to a client may not be captured by the regulations. Whether an accountant is providing a defined service for the purposes of these guidelines is a question of the degree of human input and support provided. The Guidance provides examples to assist in determining when an accountancy service/product will be a ‘defined service’.
Accountants and tax professionals must follow this Guidance, it effectively has the force of law. Any court must take account of this Guidance when considering whether there has been a breach of the regulations, or an offence under proceeds of crime legislation.
Even where certain activities of a business are not strictly subject to this Guidance (e.g consultancy services), if that business decides not to follow elements of this Guidance in relation to those services, the business should document the rational for making such a decision. Overall, the guidance outlines what is considered best practice when it comes to MLTF and CDD, and businesses depart from this guidance at their peril.
The Guidance has strengthened a number of provisions from ‘should’ to ‘must’. In relation to employees, and changes in a business, the following is now mandatory:
- When offering any new service or product, a business must have procedures in place that ensure that those new services are assed for the risk of MLTF, and included in any ongoing firmwide risk assessment.
- Where introducing new business practices, including new technologies, consideration must be given to whether new controls, policies, or procedures are necessary to mitigate any MLTF risk.
- All employees whose work is relevant to MLTF compliance/detection must be ‘screened’. Particular consideration must be given to their skills, knowledge, expertise, conduct and integrity. This obligation applies both when the employee is appointed, and on a continuing basis.
The following is now mandatory in relation to client due diligence:
- A client must provide either the original document, or a copy that is certified. There is no definition of certified within the Guidance, but certification by a solicitor or a notary is likely to be acceptable.
- Where it is believed that a person is acting on behalf of another person, that other person must be identified.
- Where there is a delay in the completion of CDD, a business must gather enough information to form an understanding of the client’s identity and to understanding the risk of MLTF. While it is possible to begin a business relationship before completion of CDD, this will only be permissible where there is little risk of MLTF, and the Guidance is of the view that this will be a rare situation.
- While simplified due diligence is permissible with low-risk clients, the Guidance has expanded the list of circumstances where SDD must be set aside.
- Appropriate systems must be put in place to determine whether clients or their beneficial owners are Politically Exposed Persons, or family members/known close associates of a PEP.
- Business must have regard to any information published or provided by their AML supervisory authority when conducting any risk assessment or establishing whether a further risk assessment is required.
In addition, the timeframe to report any discrepancies in the People with Significant Control (PSC) register to Companies House has now been reduced from 30 days to 15 days. A welcome change for the accountancy sector will be the availability of the reasonable excuse defence for failing to make a SAR, bringing practitioners in line with the legal profession. The Guidance provides useful appendices tailored to the needs of insolvency and tax practitioners. These include case studies, and thorough explanations of what due diligence will be expected when dealing with certain types of client. A business that follows these examples to the letter is unlikely to fall foul of the Guidance.
The new Guidance does not radically alter the existing regulatory framework, rather, it strengthens certain requirements to make it clear that they are mandatory. A business that was fully compliant with the existing guidance is unlikely to have fallen outside of the regulatory framework as a result of these changes. To the extent that elements of the Guidance remain optional, businesses should only ignore those elements where there is a clear and documented rationale for doing so. Even when elements of a regulated business fall outside the scope of this Guidance, that business should be cautious about ignoring the Guidance, particularly as those areas may fall under the purview of other regulators.