Preferred new AML measures will cost industry more, HM Treasury confirms

An Impact Assessment (IA) published by HM Treasury identifies additional costs for industry that the UK government department says will come with the preferred policy option for tightening up anti-money laundering regulations.

The IA references amendments to legislation proposed to meet Financial Action Task Force (FATF) standards as well as "gaps identified in the supervision regime".

In its summary of analysis and evidence, HM Treasury says it can identify two direct costs for industry from the preferred policy option of amending regulations now rather than waiting.

"There are only two of the measures in the SI where there has been sufficient available evidence to monetise the estimated costs. These measures are:

• Further information-gathering powers in relation to Annex 1 firms - this change will require transitional costs (£5.1 million) and annual costs (£2.5 million) of compliance for Annex I institutions, and transitional cost (£neg) to the Financial Conduct Authority as the AML/CTF supervisor for these businesses.
• Implementation of the "Travel Rule" for cryptoassets - there will be costs to regulated businesses of complying with the Travel Rule, including transition costs (£6.6 million), such as training, setting-up of systems and processes, and purchase of compliance solutions, and the ongoing costs (£0.9 million) of required technology. There will also be ongoing compliance staffing costs, but we have been unable to quantify these costs." 

The FATF Recommendation 16 on wire transfers, also known as the Travel Rule, states that:

• "Countries should ensure that financial institutions include required and accurate originator information, and required beneficiary information, on wire transfers and related messages, and that the information remains with the wire transfer or related message throughout the payment chain.
• Countries should ensure that financial institutions monitor wire transfers for the purpose of detecting those which lack required originator and/or beneficiary information, and take appropriate measures.
• Countries should ensure that, in the context of processing wire transfers, financial institutions take freezing action and should prohibit conducting transactions with designated persons and entities, as per the obligations set out in the relevant United Nations Security Council resolutions, such as resolution 1267 (1999) and its successor resolutions, and resolution 1373(2001), relating to the prevention and suppression of terrorism and terrorist financing."

In a June 2022 update from the FATF on the implementation of its recommendations on virtual assets (VAs) and virtual asset service providers (VASPs), it noted that:

• "The vast majority of jurisdictions have not yet fully implemented FATF's R.15/IN.15 requirements (which set the global AML/CFT Standards for VAs and VASPs). Of the 53 jurisdictions that have been assessed by the FATF's Global Network since June 2021, the majority still require major or moderate improvements on R.15, with improvements particularly needed on assessing ML/TF risks, and the application of AML/CFT preventative measures.
• Over the last year, jurisdictions have made only limited progress in introducing FATF's Travel Rule (which is a key FATF requirement that enables private sector to comply with sanctions requirements and to detect suspicious transactions). As of March 2022, while 29 out of 98 responding jurisdictions reported having passed Travel Rule legislation, only 11 jurisdictions have started enforcement and supervisory measures. While around a quarter of responding jurisdictions are now in the process of passing the relevant legislation, around one-third (36 out of 98) have not yet started introducing the Travel Rule. This gap leaves VAs and VASPs vulnerable to misuse, and demonstrates the urgent need for jurisdictions to accelerate implementation and enforcement."

The FATF aknowledges that implementing the Travel Rule gives rise to challenges at the individual jurisdiction level. However, it points out that since its recommendations were published, use of VAs has grown globally, and the lack of implementation of new regulations is facilitating, for example, ongoing ransomware attacks, in which cybercriminals use VAs and VASPs are used to move funds.