Home
Resources
CUBE RegNews: 1...

CUBE RegNews: 15th April

Eva Dauberton

Eva Dauberton

News Editor
Copy link Copy linkCopy to clipboard
Share on X Share on Facebook Share on Linkedin

Posted: 2024-04-15

HMT issues consultation on Money Laundering Regulations effectiveness  

HM Treasury (HMT) has released a consultation seeking to enhance the effectiveness of the Money Laundering, Terrorist Financing, and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). Simultaneously, HMT is conducting a survey to determine the cost of complying with the MLRs.  

 

Some context  

In 2022, the government conducted a review of the UK’s Anti-Money Laundering/Counter-Terrorism Financing (AML/CTF) regime and a post-implementation review of the MLRs. This review identified certain weaknesses in how regulated firms implement the regulations. These weaknesses include issues related to granting access to ‘pooled client accounts’, implementing Enhanced Due Diligence (EDD) requirements for customers or transactions originating from High-Risk Third Countries (HRTCs), and utilising Digital Identity.   

This consultation aims to address these shortcomings, and concerns raised by stakeholders.  

 

Key takeaways   

The consultation addresses several issues, which are divided into four core themes:  


  • Making customer due diligence (CDD) more proportionate and effective: This includes enhancing and simplifying CDD requirements, providing clarity to regulated firms on when to carry out ‘source of funds’ checks, supporting the use of digital identity for customer verification, assisting firms in timing CDD during bank insolvency, and improving access to Pooled Client Accounts for unregulated firms.  
  • Strengthening system coordination: These proposed changes aim to update the MLRs to ensure effective cooperation in light of new threats, technological advancements, and changes in legislation such as the Economic Crime and Corporate Transparency Act 2023.  
  • Clarifying the scope of the MLRs: This involves addressing the boundary of the AML/CTF regulation regime and updating the guidance to comply with broader regulatory and market changes post-Brexit. Specific issues include changing the thresholds in the MLRs from euros to pound sterling, addressing potential gaps in the regulation of Trust Company and Service Providers (TCSPs), and aligning registration and change in control measures for custodial wallet providers and cryptoasset exchange providers between the Financial Services and Markets Act 2000 and the MLRs.  
  • Reforming registration requirements for the Trust Registration Service (TRS): The proposed changes focus on reforming the TRS registration requirements to increase transparency for higher-risk trusts while reducing administrative burdens for low-risk trusts.  


Next steps  

The deadline for comments is 9 June 2024. Once the consultation has closed, the government will publish a response outlining the next steps, including draft legislation, if appropriate.  

 

Click here to read the full RegInsight on CUBE’s RegPlatform  


SEC Commissioner raises concerns about FinCEN proposed AML/CFT rules for investment advisers  

SEC Commissioner Hester M Peirce has raised concerns about the proposed AML/CFT Program and SAR Filing for Registered Investment Advisers (RIA) and Exempt Reporting Advisers (ERAs) by the Financial Crimes Enforcement Network (FinCEN). In her statement, she argued against the proposal, emphasising the potential negative impact on advisers’ costs and questioning the necessity of additional rules.  

  

Some context  

On 13 February 2024, FinCEN proposed a new rule targeting illicit finance and national security threats in the asset management industry. Investment advisers are not currently subjected to comprehensive anti-money laundering (AML) and countering the financing of terrorism (CFT) requirements like regulated institutions under the Bank Secrecy Act (BSA). Some advisers voluntarily implement AML/CFT programs, while others have not yet implemented any comprehensive measures.  

The proposed rule would expand the definition of “financial institution” under the BSA to include RIAs and ERAs.  

 

FinCEN has requested feedback on various aspects of the proposed rule by 15 April 2024.  

  

Key takeaways  

In her statement, Peirce presented arguments broadly against the proposal.  


  • The regulatory gap the rule aims to address “is more optical than substantive”  

She disputed the notion that RIAs and ERAs are vulnerable to financial criminals and hostile state actors due to the absence of minimum AML/CFT program standards and the non-obligation to report suspicious activity to FinCEN. Peirce argued that adviser-related activities are likely already regulated by covered financial institutions, reducing the need for additional regulations. She also questioned the validity of the statistics and examples provided to support imposing BSA obligations on RIAs and ERAs, citing a lack of context.   


  • Additional “already staggering” costs on RIAs  

Peirce expressed concerns about the significant costs already imposed on RIAs, resulting from “two years of SEC regulatory excesses, along with new mandates from other regulators.”  

Specifically, she mentioned the impact of these new rules on smaller advisers, particularly considering the proposed compliance date of twelve months, which she deems unreasonable.  

 

In closing, Peirce stated that if FinCEN proceeds with the proposal, they should be open to suggestions from commenters on how to narrow down the scope of the rules to align with the actual and demonstrable risks.  

 

Click here to read the full RegInsight on CUBE’s RegPlatform  

 

EBA speech on cyber resilience and financial innovation  

In a speech delivered to the Annual Assembly of the Spanish Banking Association, José Manuel Campa, Chairperson of the European Banking Authority (EBA), discussed the need for prudential regulation to set the appropriate boundaries to assess the effect on banks of innovative technological enhancements and reliance on third-party FinTech and Big Tech providers.  

 

Risks from digitalisation of financial services  

Campa’s speech focused on three areas:  

  • The increased threats of cyber incidents and cyber-attacks, including in the context of increased geopolitical tensions.  
  • The high level of operational interconnectedness between financial entities and ICT third-party providers (including the high level of concentration risk).  
  • The introduction by financial entities of new technologies and new cooperative arrangements in the provision of their services.  


Noting that cyber incidents will become more likely as complexity and interconnections increase, Campa reminded the audience that recent EBA research showed that cyber risk and data security continue to be by far the major drivers of operational risk for banks. The same research indicated that many more banks had become victims of cyber-attacks, but many of these attacks did not lead to any major ICT-related incidents.  

 

Campa briefly discussed the Digital Operational Resilience Act (DORA), which came into force in January 2023 and harmonised the rules around ICT risk management, testing, and reporting. He outlined some of the responses to DORA technical standard consultations, which raised several concerns.  

  • Smaller and non-complex entities have been exempted from the application of some requirements.  
  • The classification approach and criteria for major incidents have been simplified and streamlined to limit the burden on financial entities.  
  • Consistency of the requirements across different sectors has been addressed.  

 

Campa also covered DORA’s oversight requirements of critical ICT third-party service providers (CTPPs), noting two aspects:  

  • The identification of the third-party providers to be designated as critical, which will rely on the register of information that firms are required to complete.  
  • The oversight framework’s cooperative feature and the need to ensure that requests to CTPP do not overlap or dupe each other are avoided.  

 

Campa stressed the importance of information sharing among firms and the European Supervisory Authorities (ESAs) to ensure DORA’s success. He then turned to some of the other initiatives the EBA is working on.  

 

Tokenisation, Crypto and DeFi  

Campa noted recent EBA research showed 62% of respondent banks are exploring, developing, experimenting with, or using DLT, and around 50% are specifically exploring the tokenisation of traditional financial assets, including deposit tokenisation. Hence, the EBA is continuing to work on the risks, opportunities, and regulatory requirements needed.   

 

Artificial intelligence/machine learning  

Campa added that “a substantial majority of EU banks using these applications in a range of business processes such as customer profiling, fraud, money laundering and terrorist financing detection, and creditworthiness assessments”, adding that the EBA will be carrying out a comprehensive mapping of existing and upcoming prudential and consumer protection requirements on the use of AI in the banking sector, primarily focusing on creditworthiness assessment of natural persons. The goal – to identify where additional guidance may be regarding supervisory expectations of AI – will form part of the report expected to be published in 2025.  

 

Value chain evolution  

Finally, Campa turned to technology-facilitated value chain evolutions, noting that EBA will soon examine the distribution of “white-labelled” banking products to identify specific risks regarding consumer protection, money laundering, and supervisory visibility. He added that EBA continues to examine other areas, including the digital euro and open finance and RegTech and SupTech developments.  

 

Click here to read the full RegInsight on CUBE’s RegPlatform  


NCA cracks down on notorious Ponzi scheme   

The UK National Crime Agency (NCA) has apprehended a senior staff member of a scam company as part of a joint effort with law enforcement agencies to crack down on the notorious and elaborate Ponzi scheme known as JuicyFields.  


From early 2020 to 2022, over 500,000 people from various countries registered on JuicyFields’ websites and were offered enticing investment opportunities in the cultivation, harvesting, and distribution of medicinal cannabis through crowdsourcing. In July 2022, those behind the scheme suddenly removed company profiles from social media platforms and prevented users from accessing their accounts, effectively freezing cash withdrawals.  A staggering €645 million is believed to have been invested in the platform, with the possibility of even higher unreported damages.  


Tom Barford, the NCA Branch Commander, stated, “Criminals like those behind JuicyFields are highly skilled at finding new and more sophisticated ways to exploit their victims. In this case, people from all over the world were enticed by the promise of high returns with minimal or no risk, only to suffer devastating losses.”  


Click here to read the full RegInsight on CUBE’s RegPlatform