The Money Laundering and Terrorist Financing (Amendment) Regulations 2019

Amendment of Part 3: customer due diligence

5.—(1) In regulation 27 (customer due diligence)—

(a)in paragraph (2)—

(i)before “a high value dealer”, insert “a letting agent,”;

(ii)after “a high value dealer”, insert “an art market participant, a cryptoasset exchange provider of the kind referred to in paragraph (7D)”;

(b)after paragraph (7) insert—

“(7A) A letting agent must also apply customer due diligence measures in relation to any transaction which consists of the conclusion of an agreement for the letting of land (within the meaning given in regulation 13(7))—

(i)for a term of a month or more, and

(ii)at a rent which during at least part of the term is, or is equivalent to, a monthly rent of 10,000 euros or more.

(7B) The letting agent must apply customer due diligence measures under paragraph (7A) in relation to both the person by whom the land is being let, and the person who is renting the land.

(7C) An art market participant must also apply customer due diligence measures—

(a)in relation to any trade in a work of art (within the meaning given in regulation 14), when the firm or sole practitioner carries out, or acts in respect of, any such transaction, or series of linked transactions, whose value amounts to 10,000 euros or more;

(b)in relation to the storage of a work of art (within the meaning given in regulation 14), when it is the operator of a freeport and the value of the works of art so stored for a person, or series of linked persons, amounts to 10,000 euros or more.

(7D) A cryptoasset exchange provider of the kind who operates a machine which utilises automated processes to exchange cryptoassets for money, or money for cryptoassets, must also apply customer due diligence measures in relation to any such transaction carried out using that machine (and for the purposes of this paragraph “money” and “cryptoasset” have the same meanings as they have in regulation 14A(1)).”;

(c)in paragraph (8), before sub-paragraph (a) insert—

“(za)when the relevant person has any legal duty in the course of the calendar year to contact an existing customer for the purpose of reviewing any information which—

(i)is relevant to the relevant person’s risk assessment for that customer, and

(ii)relates to the beneficial ownership of the customer, including information which enables the relevant person to understand the ownership or control structure of a legal person, trust, foundation or similar arrangement who is the beneficial owner of the customer;

(zb)when the relevant person has to contact an existing customer in order to fulfil any duty under the International Tax Compliance Regulations 2015(1);”.

(2) In regulation 28 (customer due diligence measures)—

(a)after paragraph (3) insert—

“(3A) Where the customer is a legal person, trust, company, foundation or similar legal arrangement the relevant person must take reasonable measures to understand the ownership and control structure of that legal person, trust, company, foundation or similar legal arrangement.”;

(b)for paragraph (8) substitute—

“(8) If paragraph (7) applies, the relevant person must—

(a)keep records in writing of all the actions it has taken to identify the beneficial owner of the body corporate;

(b)take reasonable measures to verify the identity of the senior person in the body corporate responsible for managing it, and keep records in writing of—

(i)all the actions the relevant person has taken in doing so, and

(ii)any difficulties the relevant person has encountered in doing so.”;

(c)after paragraph (18) insert—

“(19) For the purposes of this regulation, information may be regarded as obtained from a reliable source which is independent of the person whose identity is being verified where—

(a)it is obtained by means of an electronic identification process, including by using electronic identification means or by using a trust service (within the meanings of those terms in Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23rd July 2014 on electronic identification and trust services for electronic transactions in the internal market(2)); and

(b)that process is secure from fraud and misuse and capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity.”.

(3) After regulation 30 (timing of verification) insert—

“Requirement to report discrepancies in registers

30A.—(1) Before establishing a business relationship with—

(a)a company which is subject to the requirements of Part 21A of the Companies Act 2006 (information about people with significant control)(3),

(b)an unregistered company which is subject to the requirements of the Unregistered Companies Regulations 2009(4),

(c)a limited liability partnership which is subject to the requirements of the Limited Liability Partnerships (Application of Companies Act 2006) Regulations 2009(5), or

(d)an eligible Scottish partnership which is subject to the requirements of the Scottish Partnerships (Register of People with Significant Control) Regulations 2017(6),

a relevant person must collect proof of registration or an excerpt of the register from the company, the unregistered company or the limited liability partnership (as the case may be) or from the registrar (in the case of an eligible Scottish partnership).

(2) The relevant person must report to the registrar any discrepancy the relevant person finds between information relating to the beneficial ownership of the customer—

(a)which the relevant person collects under paragraph (1); and

(b)which otherwise becomes available to the relevant person in the course of carrying out its duties under these Regulations.

(3) The relevant person is not required under paragraph (2) to report information which that person would be entitled to refuse to provide on grounds of legal professional privilege in the High Court (or in Scotland, on the ground of confidentiality of communications in the Court of Session).

(4) The registrar must take such action as the registrar considers appropriate to investigate and, if necessary, resolve the discrepancy in a timely manner.

(5) A discrepancy which is reported to the registrar under paragraph (2) is material excluded from public inspection for the purposes of section 1087 of the Companies Act 2006 (material not available for public inspection), including for the purposes of that section as applied—

(a)to unregistered companies by paragraph 20 of Schedule 1 to the Unregistered Companies Regulations 2009;

(b)to limited liability partnerships by regulation 66 of the Limited Liability Partnerships (Application of Companies Act 2006) Regulations 2009; and

(c)to eligible Scottish partnerships by regulation 61 of the Scottish Partnerships (Register of People with Significant Control) Regulations 2017.

(6) A reference to the registrar in this regulation is to the registrar of companies within the meaning of section 1060(3) of the Companies Act 2006.”.

(4) In regulation 33 (duty to apply enhanced customer due diligence)—

(a)in paragraph (1)(b)—

(i)omit “or transaction”;

(ii)at the end insert “or in relation to any relevant transaction where either of the parties to the transaction is established in a high-risk third country”;

(b)for paragraph (1)(f) substitute—

“(f)in any case where—

(i)a transaction is complex or unusually large,

(ii)there is an unusual pattern of transactions, or

(iii)the transaction or transactions have no apparent economic or legal purpose, and”;

(c)for paragraph (3) substitute—

“(3) For the purposes of paragraph (1)(b)—

(a)a “high-risk third country” means a country which has been identified by the European Commission in delegated acts adopted under Article 9.2 of the fourth money laundering directive as a high-risk third country;

(b)a “relevant transaction” means a transaction in relation to which the relevant person is required to apply customer due diligence measures under regulation 27;

(c)being “established in” a country means—

(i)in the case of a legal person, being incorporated in or having its principal place of business in that country, or, in the case of a financial institution or a credit institution, having its principal regulatory authority in that country; and

(ii)in the case of an individual, being resident in that country, but not merely having been born in that country.”;

(d)after paragraph (3) insert—

“(3A) The enhanced due diligence measures taken by a relevant person for the purpose of paragraph (1)(b) must include—

(a)obtaining additional information on the customer and on the customer’s beneficial owner;

(b)obtaining additional information on the intended nature of the business relationship;

(c)obtaining information on the source of funds and source of wealth of the customer and of the customer’s beneficial owner;

(d)obtaining information on the reasons for the transactions;

(e)obtaining the approval of senior management for establishing or continuing the business relationship;

(f)conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination.”;

(e)after paragraph (4) insert—

“(4A) Where the customer—

(a)is the beneficiary of a life insurance policy,

(b)is a legal person or a legal arrangement, and

(c)presents a high risk of money laundering or terrorist financing for any other reason,

a relevant person who is a credit or financial institution must take reasonable measures to identify and verify the identity of the beneficial owners of that beneficiary before any payment is made under the policy.”;

(f)in paragraph (6)—

(i)after sub-paragraph (a)(vi) insert—

“(vii)the customer is the beneficiary of a life insurance policy;

(viii)the customer is a third country national who is applying for residence rights in or citizenship of an EEA state in exchange for transfers of capital, purchase of a property, government bonds or investment in corporate entities in that EEA state;”;

(ii)in sub-paragraph (b)(iii), for “electronic signatures” substitute “an electronic identification process which meets the conditions set out in regulation 28(19)”;

(iii)after sub-paragraph (b)(vi) insert—

“(vii)there is a transaction related to oil, arms, precious metals, tobacco products, cultural artefacts, ivory or other items related to protected species, or other items of archaeological, historical, cultural or religious significance or of rare scientific value;”;

(iv)in sub-paragraph (c)(vi), for “October 2016” substitute “June 2019”.

(5) In regulation 38 (electronic money)—

(a)in paragraph (1)—

(i)in sub-paragraph (a), for the words from “250 euros” to the end, substitute “150 euros”;

(ii)in sub-paragraph (b), for “250 euros”, substitute “150 euros”;

(b)in paragraph (2), for “where the amount redeemed exceeds 100 euros” substitute—

“where —

(a)the amount redeemed exceeds 50 euros; or

(b)in the case of remote payment transactions, the amount redeemed exceeds 50 euros per transaction.”;

(c)after paragraph (4) insert—

“(4A) Credit institutions and financial institutions, acting as acquirers for payment using an anonymous prepaid card issued in a third country, shall only accept payment where—

(a)the anonymous prepaid card is subject to requirements in national legislation having an equivalent effect to those laid down in this regulation; and

(b)the anonymous prepaid card satisfies those requirements.”;

(d)for paragraph (5) substitute—

“(5) For the purposes of this regulation—

(a)“acquirer” means a payment service provider contracting with a payee to accept and process card-based payment transactions, which result in a transfer of funds to the payee;

(b)“payment instrument” has the meaning given by regulation 2(1) of the Electronic Money Regulations 2011(7);

(c)“remote payment transaction” has the meaning given by regulation 2 of the Payment Services Regulations 2017(8).”.