Insight,

5MLD: Have You Updated Your AML Policies and Procedures?

On 10 January 2020, the Fifth Money Laundering Directive (5MLD) was implemented in the UK via The Money Laundering and Terrorist Financing (Amendment) Regulations 2019 [http://www.legislation.gov.uk/uksi/2019/1511/contents/made].  While not as profound a set of changes as came in with 4MLD, by now regulated financial institutions should have updated their customer due diligence (CDD) procedures in the following areas:

A. NO MORE SIMPLIFIED DUE DILIGENCE

All customers that are bodies corporate must be identified and identification as an authorised firm or listed on a regulated market is no longer sufficient.  Identification involves gathering information on management and beneficial owners, and there are new requirements in relation to the latter that go beyond 4MLD's reasonable efforts standards that firms dealing with customers with complex or opaque ownership structures will need to consider from a procedural point of view. 

B. CDD FOR NEW RELATIONSHIPS WITH COMPANIES, TRUSTS OR OTHER LEGAL ENTITIES SUBJECT TO BENEFICIAL OWNERSHIP REGISTRATION REQUIREMENT

Proof of registration on the relevant register must be obtained and retained.  Firms that deal with trusts will need to deal with issues that arise as a result of the Trust Registration Service register's non-public status.

C. REPORTING DISCREPANCIES

Firms are now required to report discrepancies between beneficial ownership information they have on file and information on beneficial ownership they obtain from register searches.  Again, policies and procedures should include internal notification and reporting systems.  

D. ENHANCED DUE DILIGENCE

Six enhanced due diligence measures are now prescribed in the legislation and must be applied when a transaction involves a customer established in a high risk country, or the transaction is one that involves one or more of three stipulated risk features.  None of these requirements will cause radical change for firms, but there are subtle differences from the predecessor legislation, and the new stipulated measures will have to be reflected in written policies.

E. REFRESHING CDD

In addition to the existing requirement to refresh CDD on an appropriate risk-sensitive basis, firms will now be required to refresh on the occurrence of either of two bases involving extraneous legal requirements.  Again, policies on the obligation to refresh should be updated.

LATEST THINKING
Insight
This article was written by Barri Mendelsohn and Greg Stonefield.

20 January 2022

Insight
This article was written by Mark Schaub and Atticus Zhao

08 November 2021

Publication
The growth of the digital economy has led governments around the world to seek to regulate cybersecurity and privacy of individuals. The digital economy has eroded national boundaries, accentuated possible risks to infrastructure and allows for personal information to be collected on a scale undreamt of and to be used in ways few understand. China's authorities tackled cybersecurity with the PRC Cybersecurity Law (Cybersecurity Law) which came into effect on 1 June 2017. This law also touched upon privacy concerns and marked that regulating of the digital economy and cyberspace was a serious objective. On 1 September 2021, China Data Security Law came effect. The focus of this law is the protection and security of critical data in relation to national security and the public interest. China's new Personal Information Protection Law (PIPL) which comes into effect on 1st November 2021 deals in a much more comprehensive manner with individual data. The Cybersecurity Law, the Data Security Law, PIPL and a plethora of other regulations need to be considered as a whole when international companies operate in or with China. However, as we explain in this article PIPL will likely cause much more concern for international businesses as 1) it is coming soon; 2) it applies much more broadly; 3) it establishes very legitimate rights for individuals vis a vis their personal data but such rights will need to be reflected in business processes; 4) the penalties have real teeth; and 5) one can expect very active enforcement due to a mix of motivated regulators and concerned individuals being empowered to take action. In this article we seek to provide an overview as to how PIPL will hold companies accountable and also what measures we believe need to be taken.

15 September 2021