Compliance consistency: 5 takeaways from Treasury’s AML/CFT regulatory regime review

With money laundering and terrorism financing continuing to pose a significant threat to the UK, the review of the UK’s AML/CFT regulatory and supervisory regime (the Review) by Treasury was welcomed by many.

The Review released on 24 June 2022 was based on a Call for Evidence put out by the government to regulated firms and supervisory bodies back in July 2021. The Review was split into three primary sections:

• How exactly to define the effectiveness of the Money Laundering Regulations (relooking at the objectives of the MLRs, how to measure success, and how the MLRs respond to ongoing risks in the money laundering landscape)
• Driving effectiveness (looking at the risk-based approach, the use of technology, the performance of supervisory bodies, and industry guidance)
• Assessing the AML/CFT supervision regime (enforcement, supervisory gaps, and possibilities for reform). 

In this guide, we’ll cover some of our key takeaways from the report, from the appropriate use of technology to the need for improved clarity on the risk-based approach.

1. There is a disconnect between the obligations set out in the MLRs and day-to-day AML processes & compliance in regulated firms

To no one’s surprise, one of the themes that came through was the need for regulated firms to be more consistently compliant with the current requirements. This is important – if the MLR’s tires are being kicked and found to be in good order, that’s one thing. But if the rules and obligations they set out are not being consistently implemented and followed by regulated firms, these sectors remain vulnerable. 

The Review noted that some respondents felt that the supervisors’ understanding of firms’ risk was poor, and so their ability to accurately assess a firms’ risk-based approach was limited. Additionally, they felt front-line supervisory staff took a tick-box approach to compliance. On the supervisors side, respondents felt that it was the firms’ understanding of risk that needed to improve.

This points to a lack of understanding in the system, and a lack of clear communication about risk, what it looks like, and how it can be tailored to a specific firm’s context – both on the part of regulated firms and on the part of supervisors who audit them. 

2. There’s no pleasing everyone: there remains a tension between wanting flexibility vs prescriptive requirements 

The MLR’s fundamental tenet of a risk-based approach to anti-money laundering policies proved problematic in different ways to different regulated firms. Some felt that the MLRs contained too many mandatory or prescriptive provisions (which they saw as not fundamentally ‘risk-based’), and that those prescriptive provisions encouraged a ‘tick-box’ mindset. 

On the other hand, a common response from smaller firms, or firms without experience in AML,  favoured a more prescriptive approach because they lacked the resources and knowledge to make those decisions.  

Finding the right balance is likely to be difficult here – while smaller firms advocated for simpler rules based on small-sized firms, this was determined to be additional and unnecessary complexity to the MLRs. That said, more guidance for these firms (including advice on how to make the most of technology, which we’ll cover below) will likely come down the line in the coming years.  

3. Firms have not fully realised the value of new AML technology 

The review highlighted that technology can undoubtedly help streamline AML compliance processes, but this has not been fully realised yet by regulated firms.  

Accountants, property managers and finance managers across the professional services industry have not acknowledged the degree to which digital applications are now a must-have when it comes to staying on top of compliance and keeping employees in check. By not utilising technology, firms are ignoring the potential of tech-led AML controls to identify suspicious clients and activity. So long as firms hold onto resource-intensive compliance processes, this will remain a centre of inefficiency.  

The hesitancy is understandable: numerous respondents to the Call for Evidence requested additional information and clarification on whether electronic identity verification tools complied with AML regulations. Further, the absence of internationally agreed identity verification standards acted as a barrier to adoption (particularly when it came to cross-border transactions).

However, the Review indicated that the government will engage with stakeholders to consider if and how they might provide additional guidance to adopting AML technology. This might look like amendments in the future to the MLRs to ensure greater clarity on electronic identity processes. 

4. The government is reluctant to create a tech accreditation scheme, but we think it’s a necessary idea 

The government is reluctant to create a specific accreditation scheme for AML technology in the UK, citing concerns that it would inhibit flexibility and distort the market.  

We understand those concerns and the desire to future-proof the MLRs, but we agree with the view of the respondents in the Call for Evidence who felt that more work was needed to actively encourage the adoption of new technologies. While the government is hesitant to develop a fully fledged accreditation scheme for technology providers in the AML space, it’s a must-have for removing barriers to adoption in those who are holding back and increasing trust and confidence in those solutions.  

5. Supervisors and policy makers need to be more accountable and give more MLR guidance to regulated firms 

The Review made it clear that there was some work to be done to make supervisors more effective at supervising regulated firms. 

In particular, the high number of supervisory bodies was pointed out as a potential centre of inefficiency. The UK has 25 supervisory bodies (compared to 13-14 in other countries). This can increase the risk of inconsistency, poor information sharing, and regulatory arbitrage.

Data from the latest OPBAS report supported this, noting that only a third of supervisors were effective in developing and recording in writing adequate risk profiles for their sector, and a similar proportion effectively reviewing and appraising firms that they were responsible for. 

The government looked at length at the options for reform here, such as consolidating supervisory bodies, creating a ‘supervisor of supervisors’.  The Review made it clear that reform was needed, but the scale and type of reform to solve the problems identified was not yet clear. 

The bottom line 

The Review highlighted the current lack of understanding in the AML regime, as well as a lack of clear communication about risk between different actors in the system. With a clear disconnect between firms and regulatory bodies, there is a need for better guidance over AML regulation and turning policy into practice.  

Equally, greater awareness and clarity about the role of  technology in the AML process is needed. Technology has so much potential in supporting AML compliance processes, but this has not been fully realised. In the future, the government needs to provide better and more transparent advice for engaging and implementing AML technology to make clear the benefits of its adoption. If firms want to truly achieve a culture of compliance, this will be crucial.