Brexit and AML/CFT

What Does the Future Hold for the UK and the EU?

1. Introduction

The United Kingdom (UK) withdrew from the European Union (EU) on 1 January 2021. This has serious implications for anti-money laundering and counter-terrorist financing (AML/CFT) efforts. The EU was created to promote European integration and prevent future conflicts through economic dependency. And while the EU has become synonymous with free trade and the free movement of peoples, it has also evolved into an institution that aims to harmonize AML/CFT responses, legal cooperation, and intelligence sharing among its members. When the UK was a member of the EU, AML/CFT measures were deemed to be largely aligned, with the UK often among the first to apply EU AML/CFT directives. The uncertainty that characterized the transition period following Britain’s 2016 referendum has now ended. At long last, there is some clarity around how the frameworks for financial crime will evolve in the UK and the EU.

The UK and EU opted for a “minimalist” approach on the management of AML/CFT, with only broad agreement on following shared norms and cooperation. No formally defined or concrete mechanisms are in place to facilitate that cooperation between the UK and EU, which impacts client onboarding, sanctions implementation, intelligence sharing, and other law enforcement coordination. Despite the shared roots of the UK and EU regimes, there is surprisingly no recognition of AML/CFT equivalence, and this will have serious implications for businesses. The private and public sectors have managed the short-term risks and challenges this agreement has generated, but it is too soon to tell what the long-term effects will be. 

This report will explore these issues and prospects for the UK and the EU in financial crime regulation. It will first provide an overview of the Brexit deal and how it addressed financial crime prevention. It will then assess the immediate effects on compliance, law enforcement, and criminality. The next section will consider future impacts and whether businesses can expect divergence, convergence, or parallel development in the coming years. The report will conclude by providing an overview of what this will mean for businesses in the years to come.

2. The New Landscape

This section explores the Brexit deal in the context of AML/CFT.

2.1 Status Quo Ante

As a member of the EU, the UK signed up to nearly all of the EU Anti-Money Laundering directives (AMLDs). The AMLDs provide the minimum standards for AML/CFT across the EU to align with global standards set by the Financial Action Task Force (FATF). The AMLDs detail what national laws and regulations should cover, including the criminalization of money laundering and terrorist financing, national risk assessments, preventative measures for obliged entities, supervision, and international cooperation. Preventative measures include customer due diligence/know your customer (CDD/KYC), risk assessments, ongoing monitoring of the relationship and transactions, training, reporting of suspicious behavior, and record-keeping, all of which are key aspects of a firm’s AML/CFT program.

The final AMLD that the UK signed up to was 5AMLD, which was adopted in June 2018. During the domestic consultation process to transpose 5AMLD, the UK indicated that it had “played a significant role in the negotiation of 5AMLD and shares the objectives which it seeks to achieve on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.” This means that the UK is fully aligned with new requirements included under 5AMLD, such as the extension of requirements to art market participants, real estate lenders, virtual asset exchanges, and custodial wallet providers, among other measures. 

However, the UK did not sign up to implement 6AMLD, which was adopted in October 2018 in response to the Danske Bank scandal, which saw the laundering of EUR 200 billion. This means that while the UK meets EU requirements in areas such as due diligence and corporate transparency, it may diverge on new measures introduced by 6AMLD. This includes the criminalization of the 22 predicate offenses for money laundering (i.e., a criminal act whose proceeds can be prosecuted under any of the money laundering offenses) listed under 6AMLD, the offense of acquiring, possessing, or using criminally derived property, inciting or attempting any of the money laundering offenses and the corporate “failure to prevent” AML/CFT offense. Penalties for AML/CFT are also different: the UK’s maximum prison sentence for money laundering offenses is fourteen years; in the EU, the maximum prison sentence was only recently increased from one to four years.

Prior to Brexit, the UK was also party to the EU sanctions regime. Effectively, any new sanctions programs and designations automatically applied in the UK and other members of the EU without the need for national laws and regulations to be developed. This includes the EU blocking statute, which “does not recognize the extraterritorial application of laws adopted by third countries.” It was adopted in 1996 in response to the US sanctions against Cuba, Iran, and Libya and currently applies to Cuba and Iran. It allows EU incorporated firms to seek compensation for any losses resulting from sanctions imposed by the US Office of Foreign Assets Control (OFAC). Firms have 30 days to inform the European Commission of any OFAC sanctions designation affecting their economic or financial interests. The UK introduced this protection for UK firms in The Protecting against the Effects of the Extraterritorial Application of Third Country Legislation (Amendment) (EU Exit) Regulations 2020, which became law on 1 January 2020.

The UK and EU were also intricately linked in areas related to law enforcement cooperation and intelligence sharing. A plethora of conventions, directives, statutes, and council decisions created the EU framework that facilitates investigations, criminal convictions, and asset seizures in the fight against illicit finance.

Areas covered by this legislative framework include: 

  • Mutual legal assistance 
  • Arrest warrants 
  • Freezing orders 
  • Confiscation orders 
  • The mutual recognition of orders relating to criminal matters 
  • The use of shared communications systems 
  • Cross-border surveillance 
  • The enforcement of court orders in other jurisdictions 
  • Cooperation between customs officials, covert investigative units, financial intelligence units (FIUs), and asset recovery officers that trace and identify proceeds of crime. 

These various legal instruments no longer apply to the UK.

2.2 The Deal

During the Brexit negotiations, there was a broad consensus that Brexit should cover AML and CFT. However, on more than one occasion, the EU lead negotiator Michael Barnier expressed disappointment at the “‘UK’s lack of ambition in a number of areas that may not be central to the negotiation, but which are nonetheless important and symbolic,’ for example, ‘the fight against money laundering.’”

The Political Declaration issued in October 2019 states that the future EU and UK relationship should include arrangements for cooperation in data sharing, law enforcement and judicial criminal matters, and AML/CFT. And while a very high-level agreement was made to “go beyond” FATF standards, particularly around beneficial ownership transparency and virtual assets, detail is lacking. The Withdrawal Agreement issued in October 2019 makes one reference to AML/CFT in the context of the UK and Spain working closely together to fight fraud, smuggling, and money laundering in Gibraltar. It contains further information on how relevant parties should exchange information and cooperate in ongoing judicial, criminal, and law enforcement proceedings “before the end of the transition period.” The agreement states that the UK would be able to use EU communications systems for up to three months after Brexit and reimburse the EU for costs. That transition period has now expired.

While the final Trade and Cooperation Agreement (Agreement) added a few more details, the tone remained that of broad agreement on standards with very few specifics. The part of the agreement dedicated to AML/CFT just contains a high-level agreement between the parties to “support international efforts” and recognizes “the need to cooperate” in preventing financial crime. The agreement states that the UK and the EU will “exchange relevant information” in line with their own domestic legal frameworks and  “maintain a comprehensive regime” that must be reviewed and enhanced in line with the FATF’s updates and timeline.

Where the final agreement does provide further information is on beneficial ownership transparency. Beneficial owners are defined as individuals or entities holding more than 25% ownership, and the agreement lays out the minimum details that must be gathered. These include:

  • Name
  • Month and year of birth
  • Country of residence
  • Nationality
  • Nature and extent of interests held or control exercised

In addition, legal entities in the UK and EU are required to maintain “adequate and up-to-date” information about beneficial owners. A commitment was also made to make basic information on beneficial ownership available via public registries, the application of which varies across the EU.

Several sections of the agreement relate to asset freezing and confiscation, and there is a commitment that the UK and the EU will share details with key authorities to facilitate coordination. However, references are made throughout to reliance on domestic law and processes as opposed to operating under the previously negotiated and effective terms set out in existing EU statutes, directives, regulations, etc., which could lead to delays. 

To promote coordination, the agreement established the Specialised Committee on Law Enforcement and Judicial Cooperation (SCLE&JC) on criminal matters. The SCLE&JC provides for “the prevention, investigation, detection, and prosecution of criminal offenses and the prevention of and fight against money laundering and financing of terrorism.” It is also a key body in addressing disputes arising from potential data breaches. There is evidence that the SCLE&JC has been notified as to how different member states will operate under the agreement subject to the principle of reciprocity.

The agreement also contains high-level commitments to working together and protecting human rights and freedoms as well as personal data. A further section details information sharing with Europol, with the UK no longer acting as a member but rather as a liaison partner.

2.3 Sanctions

The official exit of the United Kingdom from the EU on 1 January 2021 led to a divergence between the UK and EU in the sanctions space. The UK introduced new legislation to transfer EU sanctions programs into domestic law as part of the transition process.  This led to changes to the following UK sanctions lists:

  • United Kingdom HM Treasury Office of Financial Sanctions Implementation Consolidated List
  • HM Treasury Ukraine Sanctions

The updates consisted of the following changes:

  • Administrative changes to 2,172 entities, including changes in one of the following fields: Other Information, Group Type, Regime, Last Updated and Listed On.
  • Material changes to 1,250 entities of the 2,172 entities with administrative changes, such as updates on one or more of the following fields: Date of Birth, AKAs, Addresses, Identification Numbers, Nationalities, Functions, etc.
  • Removal of 131 entities designated under EU Sanctions Regulations that did not pass the legal test for sanctions in the UK. 

The UK also implemented the Sanctions and Anti-Money Laundering Act 2018 (SAMLA), giving the UK powers to issue its own sanctions regimes and update existing sanctions programs. The UK subsequently launched an autonomous, “Magnitsky-style” human rights sanctions regime in July 2020 and designated 49 entities and individuals. The EU adopted its own human rights sanctions program several months later in December 2020. 

Then, in April 2021, the UK introduced its Global Anti-Corruption Sanctions Regime to sanction the perpetrators of serious corruption, including bribery and misappropriation. There is currently no indication that the EU will adopt anti-corruption sanctions. 

Finally, the UK has indicated on a number of occasions that it will aim to coordinate sanctions actions with its allies, such as the US, Canada, Australia and the EU.

3. Immediate Effects

3.1 Compliance Impact

AML/CFT 

The ability of firms to manage their AML/CFT programs has affected three key areas, particularly for businesses with UK-EU interests. First, financial institutions (FIs) are no longer able to passport from the UK into the EU, and vice versa. This means that firms wishing to operate in the UK and EU have had to set up separate operations and submit multiple licensing applications. Many FIs had already spun off business into subsidiaries incorporated in EU jurisdictions ahead of the end of the transition period. This has doubled the amount of work necessary as firms must include evidence that their AML/CFT programs meet the criteria of both the UK’s laws and regulations and the laws and regulations of whichever EU country they are now operating in. This also affects overseas firms wishing to access the knowledge and experience contained in the City of London and break into EU markets. They now have a very difficult and potentially costly decision to make. Negotiations are ongoing around the ability of the City of London to gain access to the single market for financial services, but talks are fraught. 

A second area where the agreement is silent is on recognizing “equivalence” with regard to AML/CFT regimes. This makes the EU and UK “third countries“ to each other, which has serious implications around how firms set up and manage their AML/CFT programs. It was previously possible to assume that the CDD/KYC and other AML/CFT requirements were equivalent across all member states, as they had all had signed up to the EU AMLDs. For example, although there were unequal levels of implementation and a variety of approaches to what forms of identification could be accepted, firms were able to introduce clients from one jurisdiction to another in the EU with little difficulty. Firms now must do due diligence on overseas customers to both UK and local member state standards (and vice versa). This can be a challenge for UK businesses where EU jurisdictions might have more stringent requirements. Firms in Europe may also choose to require more stringent standards on UK-based customers than other EU countries and may not be able to rely on due diligence information carried out by a UK counterparty, even if they are a member of the same group of companies.   

It is worth noting that the notion of “equivalence” was flipped on its head when 4AMLD introduced a blacklist of non-equivalent high-risk third countries. These are non-EU countries deemed to have deficiencies in their national AML/CFT frameworks. That leads to the third point. The final Brexit agreement is scant on details around the need to harmonize lists of high-risk jurisdictions. That could lead to regulatory arbitrage for clients from countries rated low-risk in Europe and high-risk in the UK and vice versa. It will be less expensive to service a customer if their jurisdiction of operation is deemed to be lower risk. It will also affect customer relationships and make cross-selling activities between the EU and UK more challenging. 

Sanctions 

In the sanctions space, the introduction of separate UK sanctions regimes will make matters more complicated for businesses that have cross-border interests. While the differences may be small at the onset, the UK has already removed individuals that remain on the EU sanctions list and has introduced a new sanctions regime listing individuals and companies that are not on the EU list. 

Even when the UK and EU intend to sanction the same persons, differences have already been seen with regard to timing and specific measures. In September, the UK sanctioned Belarusian President Alexander Lukashenko, his son, and other senior figures for human rights violations in coordination with Canada. The EU followed suit one week later, introducing a Belarus sanctions program to sanction Lukashenko and his associates.

In time, however, EU firms may need to manage UK sanctions similar to how they manage OFAC sanctions as they apply to UK subsidiaries and employees of UK firms. Firms may also consider taking an EU+ approach, ensuring that additional UK targets are covered. In essence, while the EU and the UK have pledged to coordinate sanctions as much as possible and there are grounds of commonality, there are already indications that there will be significant variations as the UK regime develops. The UK will look to use the regime to express its “independence.” This means that businesses will need to keep a close eye on sanctions as new lists and regimes are issued and use technology to help them stay on top of these developments.

3.2  Law Enforcement Impact

The impact of Brexit on law enforcement cannot be understated. Although the SCLE&JC has been established to facilitate coordination, a number of notifications have been shared with the UK to clarify information sharing, language, extradition, and the application of dual criminality. For example, while the UK has indicated that it would extradite its citizens to the EU, various EU countries have stated they would not extradite their citizens to the UK.

Moreover, the UK is now a liaison partner of Europol, and the end of UK full membership has affected law enforcement matters and intelligence sharing in both the UK and EU. It was an open secret that “the UK uses Europol more than almost any other country,” carrying out approximately 250,000 searches of Europol databases each year. The UK previously had the largest Liaison Bureaus in Europol, led over half of Europol’s top priority and operational projects, and was a top-three contributor of intelligence. With the UK losing its full membership status with Europol, the EU has lost access to a major ally in the fight against crime, and the UK has lost access to the Europol Information System (EIS) on criminals, terrorists, and criminal objects (cars, guns, property) across the EU, which is key for live investigations. The UK is also no longer a member of Eurojust, which deals with judicial cooperation in criminal matters between EU agencies. 

With regard to intelligence sharing, the UK cannot access other key EU databases and messaging systems either. This includes the European Criminal Records Information System (ECRIS); the Schengen Information System (SIS II), which allows for sharing of information on national border control; the Secure Information Exchange Network Application (SIENA) for law enforcement agencies; and the Prum Decisions, which allow for the sharing of DNA, fingerprint and vehicle registration data, among other information. The UK is no longer able to directly input information into any of these systems. It has also lost access to the “real-time exchange of ‘alerts’ on persons and objects that are wanted, missing or otherwise of interest for law enforcement purposes.” Requests now have to be submitted relating only to ‘identified concrete criminal acts’ via the relevant law enforcement liaison authority for each jurisdiction, which could generate delays to an already time-intensive investigative process.

Further, the UK no longer has access to key enforcement tools, which notably include the European Arrest Warrant (EAW), European Investigation Orders (EIOs) and the ability to automatically enforce UK orders in EU jurisdictions and vice versa. Instead, the UK and EU will need to rely on pre-existing and new agreements. The UK SFO recently dropped proceedings against German and French nationals in a EURIBOR case because it did not meet the principle of dual criminality — where a country must show that a criminal act was an offense in the state pursuing criminal proceedings and the state where the individuals resided — in Germany and France after issuing arrest warrants.

Although the UK and EU Financial Intelligence Units remain linked via the Egmont Group, the interpersonal relationships that are built through working closely together may be disturbed in the future. A spirit of cooperation is likely to remain between EU and UK law enforcement agents. But the current framework will make it easier for transnational criminals to operate, most of whom will be heavily involved in money laundering. This may increase the reliance of law enforcement on financial institutions and obliged entities to fill that intelligence gap, potentially leading to more information requests and closer collaboration under public-private partnerships.

3.3 Financial and Economic Crime Impact

Predicate Crimes 

Throughout the transition period and post-Brexit, criminals have continued to commit predicate crimes for AML/CFT, although the COVID-19 pandemic continues to distort the overall picture. It is essential that firms understand the reputation of their clients, vendors, and suppliers and identify if they have been linked to any predicate offenses as part of the due diligence process.

The below predicate offenses were expected to flourish following Brexit due to the cross-border nature of such crimes:

  • Human trafficking and migrant smuggling

The border between Northern Ireland and the Republic of Ireland, which has previously been exploited by organized crime groups from Eastern Europe and Nigeria, has been flagged as a conduit for the trafficking of people and goods. 

  • Illicit trafficking in narcotics and psychotropic substances

Port disruptions and overstretched customs authorities were expected to be exploited by drug traffickers looking to sell their goods using UK-EU trade routes.

  • Trafficking in stolen goods and contraband 

The smuggling of any commodity where there is a price differentiation between the EU, Northern Ireland, and the UK, such as cigarettes and fuel, was expected to increase as well as the trafficking of stolen art and vehicles.

However, the border closures and stay-at-home orders implemented across Europe and the UK to combat COVID-19 have scuttled those predictions so far.  As countries begin to manage COVID-19 more effectively and borders begin to open, it’s possible that some European organized criminal groups may find it harder to operate in the UK because of tighter UK border/immigration controls. 

Other predicate crimes that have thrived due to Brexit uncertainty include:

  • Cybercrime

Scammers have already used the lack of certainty around Brexit to steal personal data and identities from the public via texts and social engineering. Online scams increased exponentially by 15 times as both the COVID-19 crisis and post-Brexit chaos were exploited by criminals.

  • Counterfeiting and piracy of products

The food industry recently warned that the UK could become a target for food fraud — that is, food with altered expiration dates, products made from illegally slaughtered animals, or products infected with bacteria due to not meeting production standards — with the UK leaving EU quality control and food standards regulation. This followed a joint Europol-Interpol operation that led to the seizure of USD 40 million in fake food and drink and the disruption of 19 organized crime groups.

  • Fraud

Criminals have also exploited COVID-19, leading to an exponential rise in fraud linked to government economic support schemes and the sale of personal protective equipment. With the uncertainty surrounding Brexit, fraudsters have successfully targeted businesses and individuals with unpaid warning scams, post-Brexit investment scams, and invalid passport scams where fraudsters indicate that a national passport will no longer be valid post-Brexit.

  • Corruption

In the UK, the National Crime Agency (NCA) warned that UK businesses could be “drawn into corrupt practices,” such as bribery, as they look to trade with non-EU countries after Brexit. The volatility in the price of goods linked to COVID-19 has also made it easier to hide bribes and to detect whether such payments have been made.

With the UK looking to set up freeports post-Brexit, there is the likelihood that they will attract those engaged in money laundering, corruption, tax, and organized crime. 

Illicit Financial Flows

On a global scale, Brexit has made the UK a slightly less attractive financial destination for illicit funds flowing through the international system. London, however, remains one of the world’s leading global financial centers and a natural point of attraction for oligarchs and others seeking to launder illicit cash. Brexit is highly unlikely to alter this unless, of course, UK AML/CFT and sanctions regimes become more focused over time on stopping oligarchs and others from bringing their money to the UK. 

An Italian prosecutor shared that the UK leaving the EU will harm effective judicial cooperation, making London a target for organized crime groups. This includes criminal groups such as the notorious ’Ndrangheta mafia, which has used London as an investment and money laundering base for the organization’s estimated GBP 44bn annual turnover and sees it as “its ticket to legitimacy.”

Another area of concern is around bulk-cash smuggling. If bulk-cash smuggling in and out of the UK via the EU does become more difficult, more cash will possibly go directly to higher-risk jurisdictions in containerized traffic. Earlier this year, the UK’s NCA arrested eight people suspected of being part of a global cash courier network flying cash in and out of the UK in suitcases to launder more than GBP 50 million.

Finally, there could also be a move to try and launder more funds within the UK rather than overseas. This could suggest that businesses in the UK will need to keep a close eye out for potential rises in businesses apparently needing to deposit large amounts of cash. If this proves difficult, there could be a push by criminals towards finding ways to take more digital payments and/or use cryptocurrencies.

4. Future Impact

Brexit could have a significant impact on AML/CFT in the UK and the EU. The UK’s financial crime trajectory will be determined by the decisions it makes as it explores how to regulate its market away from the EU and looks to open freeports. The EU continues to work towards harmonizing frameworks and supervisory levels across different countries and is looking to introduce new strategies and regulations to manage financial crime risks. All signs currently point to minor divergences in how the EU and UK approach AML/ CFT and sanctions.

4.1. Brexit and the UK’s FinCrime Trajectory

Prior to Brexit, there was much talk about creating a “Singapore on Thames,” a low-tax and low-regulation haven in the UK. While there continue to be those advocating for and against this, what is clear is that the UK will look to tailor regulation to the UK market as talks on granting the City of London equivalence status and access to the EU market continue to stall. 

The UK has already laid out plans to develop eight freeports, which has raised eyebrows across the English Channel. Freeports have been linked to tax evasion, corruption, money laundering, and the smuggling of goods. A recent European Parliament report on freeports recommended phasing out freeports in the EU, leading EU parliamentarians to debate how to “avoid the creation of tax havens at its borders” post-Brexit. 5AMLD brought into scope the need to apply AML/CFT measures to freeports; however, UK legislation mentions freeports only in connection to an art market participant as an “operator of a freeport when it, or any other firm or sole practitioner, stores works of art in the freeport.”

Despite this, the UK remains committed to the global standards set out by FATF, has introduced corporate registry reform to promote transparency and continues to set up its National Economic Crime Centre (NECC), bringing together experts from law enforcement and the private sector to tackle illicit financial flows. The UK’s financial regulator, the Financial Conduct Authority, is promoting the use of technology to tackle illicit financial flows and hosting firms that focus on tackling fraud at its latest “Digital Sandbox.” This is a key point of difference with other EU regulators, many of whom do not yet have innovative sandboxes. The FCA is also increasingly focused on the accountability of individual staff members to reduce non-compliance — meaning that firms must have strong training programs in place — and recently launched criminal proceedings against NatWest for AML/CFT failures. 

The UK has long been a global leader in AML/CFT, and it remains to be seen whether it will continue to lead on financial crime matters. The UK’s Integrated Review of Security, Defence, Development and Foreign Policy (Integrated Review) has suggested an ongoing commitment, with illicit finance linked to its Open Societies agenda and economic crime, serious organized crime and economic statecraft all mentioned as key security issues for the UK. The Integrated Review also stated that the UK will look to further AML/CFT reforms focused on high-end property market laundering and suspicious activity reporting and to increase the number of financial investigators to tackle illicit financial flows. 

Moreover, the UK pledged to make an £84 million investment in boosting its response to threats from organized criminals to make the UK a “safe place to do business.” With regard to the EU, it is unlikely that the UK would seek grounds for AML/CFT regulatory arbitrage to differentiate itself from EU competitors. And as long as the UK and EU remain aligned to FATF, their AML/CFT frameworks will remain broadly aligned. Indeed, there is a good chance that the UK will actually be out in front of the EU with tougher measures, as it will be free to follow changes in FATF guidance in its own time, rather than following the current EU AMLD cycle (if it continues). 

4.2  The EU’s Next Steps

The EU is working to harmonize the region’s response to AML/CFT to prevent the use of the EU’s financial system for money laundering and terrorist financing (ML/TF) purposes. This follows numerous scandals that have rocked Europe, including the Danske Bank scandal and the EUR 3.5 million Wirecard scam. The EU is awaiting the final draft of its Action Plan for a comprehensive Union policy on preventing money laundering and terrorist financing. The EU has pledged to deliver a single rulebook, EU-level supervision under the umbrella of the European Banking Authority (EBA), effective implementation of existing rules, and a support and cooperation mechanism for financial intelligence units in 2021. The EBA has now taken a leading role in developing AML/CFT policy and, as of January 2020, became solely responsible for leading, coordinating, and monitoring AML/CFT efforts across the EU financial sector.

The EBA recently published its revised guidelines on how to assess ML/TF risks, in which it detailed how firms should carry out business-wide risk assessments and customer risk assessments. It includes­ guidance on implementing CDD measures, record-keeping, training, and reviewing effectiveness. The guidelines provide insight on enhanced due diligence linked to high-risk third countries and industry-specific recommendations on crowdfunding platforms, corporate finance, payment initiation services providers (PISPs), account information services providers (AISPs), and currency exchange offices. The guidelines include additional risk factors linked to terrorist financing, the identification of beneficial owners, and the use of new technologies to carry out CDD. Finally, it sets out clear regulatory expectations for business ML/TF risk assessments.

The EBA also issued its ML/TF supranational risk assessment, which included key proposals for different business sectors. The assessment flagged risks associated with virtual currencies, fintech and crowdfunding platforms, as well as those arising from weaknesses in CFT systems and controls, de-risking, supervisory divergence, divergent approaches to tackling tax evasion and the COVID-19 pandemic. The EBA is also due to review the list of obliged entities included in the scope of AML/CFT regulations. It has indicated that other types of virtual asset service providers, investment firms and investment funds may be brought into the scope of the AML/CFT framework, and further consultations are likely to take place. The single rulebook and risks document points away from the adoption of directives towards regulations. This will make standardization easier, but it will also create a need for significant remedial work across the EU for national legislators and businesses if the European Commission seeks to apply the higher (rather than minimum) standards across member states. The current changes indicate higher and more consistently applied EU standards, which, over the long term, will make matters easier for businesses working across EU jurisdictions.   

The EU also recently adopted a strategy on tackling organized crime and combating human trafficking and will launch proposals on sustainable corporate governance, including guidance on due diligence to address forced labor. Finally, the EU is in the process of developing the Regulation of Markets in Crypto-Assets (MiCA) to regulate crypto assets in a more consistent manner.

4.3  Implications for Businesses

Given the many changes taking place, there are a number of implications for businesses in the UK and the EU.

The UK

Businesses in the UK will question whether the Brexit settlement makes costs and risks more difficult to manage. Despite the anxieties over Brexit before it happened, the opening quarter of the separation has been less bumpy than many had foreseen. Due to the close business and economic ties between the UK and EU, numerous UK firms had already chosen to operate via European subsidiaries while continuing to comply with UK standards. This has smoothed over some compliance issues, even if additional costs have been incurred, with businesses reducing the scale of their operations in the UK. 

Some in the UK see an independent regulatory regime as an opportunity to encourage innovation in the private sector, advance financial intelligence sharing partnerships and increase the deployment of advanced regtech (as recently promoted by the City of London Corporation). The UK government has even explored introducing a financial crime levy on approximately 90,000 regulated businesses to raise GBP 100 million annually to support the government’s fight against economic crime. The levy is anticipated in 2022 or 2023, and if introduced, it would be the first of its kind across the world. 

Therefore, the “Singapore-on-Thames” metaphor might point not to reduced regulation but rather to increased support for technological innovation by financial services firms. Although this was not incompatible with EU membership, the UK’s departure could provide a kick-start for a country seeking to make its mark. 

What does this mean for my firm?

Firms that have not already done so, particularly those headquartered in the EU with UK operations and vice versa, should ensure that their AML/CFT frameworks and programs can monitor and incorporate regulatory changes in the EU and UK. This includes subscribing to UK and EU sanctions lists with their data providers. Firms should also integrate both UK and EU national risk assessments into their policies. Firms must look to specific countries and regions to identify best practices in AML/CFT — particularly as the world embraces technological innovation in AML/CFT — and data protection. Finally, regulated businesses in the UK may wish to begin to understand how the financial crime levy would work and assess any potential impact on future budgets.

The EU

Businesses in the EU may wonder whether it is worth continuing to operate in the UK, though many will do so to retain access to one of the world’s top financial centers. For European firms that decide to retain UK branches and subsidiaries, they will need to ensure that local laws and regulations continue to be complied with. 

Rhetoric from the European Commission suggests a clear recognition that the EU is behind on AML/CFT, especially after other European banking scandals, and needs to take action. It is only a matter of time before corporate failures to prevent offenses are used by regulators. Developments not only point towards increased regulatory requirements but also a more positive and innovative attitude. Although not immediately translating into a drive to embrace regtech, the implications of a higher-standard approach across the EU will guide firms towards finding efficient and effective ways to manage risks. 

The most obvious way forward will be to adopt new technologies. Indeed, innovative approaches can already be seen at national levels. A great example of this is Transaction Monitoring Netherlands (TMNL), a consortium of banks working together to pool data and use more advanced technologies to monitor transactions for financial crime on a national level. It is quite possible that countries such as the Netherlands will accelerate the pace of change in the EU on these issues — in which case, businesses need to be ready. 

What does this mean for my firm?

Any firms operating within the EU and the UK should ensure that their AML/CFT frameworks and programs can monitor and incorporate regulatory changes in both the EU and UK, including sanctions updates. Firms operating in the EU will need to ensure that they have effective AML/CFT policies and processes in place. They should also secure commitments from senior management to ensure that they can prevent offenses wherever possible. Firms will need to carry out a gap analysis to understand areas for improvement to comply with the Risk Factor Guidelines.

5. Conclusion

As the UK and Europe forge their new relationship after the discord surrounding Brexit, there is likely to be an increased divergence in AML/CFT and sanctions regimes between the UK and the EU. The shape of financial crime risk will also evolve, but not massively, given that so much of its current character is shaped by wider globalization trends. Much about the EU and UK approach to AML/CFT remains extremely close. However, currently, there is very little to indicate that the EU and UK will once again recognize a mutual equivalence of their AML/CFT regimes. The lack of recognition of equivalence will create friction and additional cross-border paperwork, but it will not make dramatic changes to compliance on either side of the divide. 

In the short term, the UK will likely stay broadly aligned with the EU. As long as both the EU and UK remain key partners in FATF, approaches are likely to remain broadly the same — indeed, the areas of divergence are more likely to be about how high standards are. The key exception is in the area of sanctions, where the UK has launched a separate anti-corruption sanctions regime. There have already been differences — not only in who has been sanctioned but also in the timing of sanctions designations. Further variances between the sanctions lists will be driven by the UK’s willingness to work with non-EU partners, including the US, Canada and Australia, in coordinating sanctions designation. In time, the UK will likely introduce measures that they would have previously had a hard time bringing forward within the EU environment. 

Due to the minimal scope of the Brexit agreement, there will be other areas where future negotiations under this (and other) UK governments will continue. However, that will not distract the UK from seeking to take distinctive approaches on issues that affect its national security and economic interests. The UK may also look to expand its influence in the fight against financial crime in other parts of the world as part of its economic crime agenda, particularly in existing and emerging major financial centers such as New York, Singapore, Hong Kong, Dubai and Kenya. The opportunity for regulatory arbitrage may arise, but it is anticipated that regulators and law enforcement agencies will need to define new ways of working for the common good. However, there may be differing opinions on how to manage financial crime risks in new areas for consideration, such as funds flowing into the UK property market, emerging technologies, freeports and decentralized finance (DeFi). Measures in the UK are likely to be as least as tough — if not more so — than those in the EU. If the UK and EU remain committed to FATF’s agenda, and the EU becomes more standardized in its approach, there are reasonable grounds to believe that the two regimes will remain commensurate. Currently, all signs point towards a positive future, where both the UK and EU continue to take financial crime seriously and seek innovative ways to manage risks.

SPEAK TO OUR EXPERTS

Request a Demo

Request demo of our compliance tools to ensure your business is protected.

Request a Demo