In recent years, regulators have adjusted their priorities to strengthen their AML/CTF frameworks. As the world becomes even more digital, legal acts related to virtual currencies, digital art, and crypto-related services have moved to the forefront. To keep up with this rapidly transforming regulatory landscape, let’s observe how global AML/CTF rules will change in 2022.
The United Kingdom
In March 2021, the Financial Conduct Authority (FCA) included crypto companies on its list of businesses required to submit financial crime reports. Accordingly, crypto-asset companies must submit these reports annually (within 60 business days after their first accounting reference date). Since March is just around the corner, companies need to prepare for the formal submission date.
This requirement generally applies to any business falling under the Money Laundering Regulations (MLRs), such as:
- building societies;
- crypto-asset businesses.
The FCA’s extension of annual financial crime reporting obligations has increased the number of obligated companies to 7,000. The affected regulated companies include, but are not limited to:
- electronic money institutions;
- crypto-asset exchange providers;
- custodian wallet providers;
- multilateral trading facilities;
- organized trading facilities.
Accordingly, these new reporting requirements will allow the FCA to get firm-specific information about financial crime from a wider set of business sectors.
What is required?
Crypto asset companies are required to provide the following information in their reports:
- Operating jurisdictions, including:
- jurisdictions where the company operates at the end of the reporting period;
- jurisdictions that the company considers ‘high-risk.’
- Customer information, including:
- the total number of customer relationships with PEPs and other high-risk individuals;
- the number of the customer relationships in particular geographical areas;
- the number of customer relationships that were terminated due to financial crime during the reporting period;
- Compliance information, including:
- the number of Suspicious Activity Reports (SARs) submitted internally to the MLRO and disclosed to the National Crime Agency (NCA);
- the number of investigative court orders received;
- the number of the relationships which have been terminated for financial crime reasons;
- the total full-time equivalent (FTE) of UK staff with financial crime roles.
- Sanctions-specific information, such as:
- information about the automated system(s) the company uses to conduct screening across relevant sanctions lists;
- information about actual sanction matches detected in the reporting period;
- information about repeat customer sanctions screening.
Also, the company should express its opinion about the top three most prevalent frauds, including:
- fraud typology;
- suspected perpetrators;
- primary victims.
Crypto companies should submit their reports through the appropriate online systems available on the FCA’s website, such as RegData.
Deadline. The U.K.’s Financial Conduct Authority (FCA) expects to receive the first reports within 60 business days of each company’s accounting reference date. The directives come into force on March 30th, 2022.
The potential 2022 amendments to the Money Laundering Regulations (MLR) will mark significant revisions to the primary AML law in the UK.
The amendments could affect a range of sectors, including digital art traders. Meanwhile, the following low ML/TF risk industries could possibly be excluded:
- account information service providers;
- bill payment service providers;
- telecom, digital, and IT payment service providers.
Account information service providers and payment initiation service providers may also be excluded from the regulated sector if they only provide account information or payment initiation services.
Generally, the UK financial institutions and individuals involved in transactions—such as lawyers, accountants, and estate agents—will have to follow updated AML Regulations.
What will change?
The proposed amendments are related to the art sector, which has been extensively targeted by money launderers. Here are the changes and amendments to expect:
- The current definition for ‘Art Market Participants’ in Regulation 14 of the MLRs is expected to be amended.
- The role of artists who sell their artworks will be reconsidered because there is no significant evidence of high ML/TF risk.
In addition, there will be clarificatory changes to describe how the AML/CTF regime operates, which will cover the:
- powers that AML/CFT supervisors have regarding Suspicious Activity Reports (SARs);
- types of activities essential to credit and financial institutions.
Consultation on these amendments lasted until October 2021. Secondary legislation is expected from March 20 until June 21st, 2022.
- adopting adequate AML/CFT policies;
- designating an AML/CFT compliance officer;
- establishing AML/CFT training programs;
- implementing independent compliance testing;
- performing customer due diligence.
Who’s affectedThis rule affects certain persons involved in non-financed purchases of commercial and residential real estate in the country, including:
- attorneys, law firms, and other client-facing participants;
- persons who are carrying out both residential and commercial real estate transactions.
- real estate lawyers and law firms;
- real estate agents/brokers/settlement agents;
- title insurance companies;
- title and escrow agents and companies;
- real estate investment companies;
- real estate development companies;
- real estate property management companies;
- real estate auctions houses;
- investment advisers;
- private money lenders;
- money service businesses.
What’s next?FinCEN is suggesting potential regulations and seeking comments regarding:
- the potential scope of proposed regulations;
- the persons who will be subjected to the requirements;
- the geographical area that will be subjected to the provisions;
- information that is to be collected, reported, and stored;
- specific vs. general recordkeeping and reporting requirements;
- purchases by certain entities.
New Eurosystem PISA framework covering electronic payment instruments, schemes, and arrangements will be applied
The PISA framework is the Eurosystem’s oversight framework for electronic payment instruments, payment schemes, and payment arrangements. Its aim is to make the EU’s future payments ecosystem safer and more efficient by complementing:
- the control of individual payment systems;
- the supervision of payment service providers.
The Eurosystem already controls individual payment system operators. These operators won’t be assessed against the PISA framework if all significant risks for a payment scheme/arrangement have already been evaluated.
In general, the framework will influence:
- governance bodies of schemes and arrangements;
- participating payment service providers;
- technical service providers or other third parties.
The framework applies in the same way to all payment schemes and arrangements (unless otherwise excluded). Excluded parties are encouraged to apply the principles of the framework voluntarily.
What will change?
The Eurosystem will use an improved PISA framework to control companies enabling and supporting the use of:
- payment cards;
- direct debits;
- credit transfers;
- digital tokens;
- electronic wallets.
The framework will also regulate the following activities:
- the acceptance of crypto assets by merchants;
- the movement of crypto assets (receiving funds, paying with crypto) through an e-wallet.
Additionally, this framework will complement upcoming EU regulations on crypto assets and international standards for global stablecoins.
The framework doesn’t directly address channels of electronic payments such as personal computers, mobile devices, payment terminals, etc.
Deadline. The European Central Bank (ECB) Governing Council approved the framework on November 15th, 2021, and it shall become applicable on November 15th, 2022. New schemes/arrangements should implement the PISA framework within one year of being notified that they fall within the framework’s scope.
After two years of discussions, the Swiss Parliament adopted the revised version of AMLA, taking into account the recommendations of the FATF’s country report and aiming to strengthen the integrity of the Swiss financial center.
AMLA applies to financial intermediaries and dealers that accept payments in cash. Persons facing these potentially changing requirements include:
- Financial intermediaries as defined in Article 2 of AMLA (banks, fund management companies, investment companies, etc.).
- Natural persons and legal entities selling goods (dealers), if they accept more than CHF100,000 (108,945 US Dollars) in cash via a commercial transaction.
Intermediaries might expect an increase in their compliance workload due to additional verification obligations in high money-laundering risk situations.
What will change?
The revisions cover a broad set of requirements, including the role of advisors within the scope of AMLA. Here are the particular changes brought by the revised Swiss AML Act:
- Beneficial owner identity verification. Under the existing requirements, financial intermediaries have to identify the beneficial owner. The revised AMLA will additionally require them to verify information received about the beneficial owner with the appropriate level of due diligence. The form and depth of the review are not specified, but it’s stated that simply requesting a copy of an ID isn’t enough to verify the beneficial owner.
- Duty to regularly update customer data. Currently, AMLA requires financial intermediaries to repeat identification and verification processes only if doubts arise in the business relationship. The revised AMLA requires that customer data be checked and updated regularly. This will be obligatory for all business relationships regardless of risk level, with differences only in terms of the scope and frequency of the revisions.
- Reasonable grounds for suspicious activity reporting (SAR). Under the current rules, financial intermediaries often immediately file a Suspicious Activity Report (SAR) even in cases of simple suspicion (in particular because failure to submit a SAR may lead to fines up to CHF 500,000 (($544,703 US)) and/or bans on professional activity). That has led to high numbers of SARs that the Money Laundering Reporting Office of Switzerland (MROS) can hardly process. Under the new rules, financial intermediaries should obtain concrete indications that assets involved in the business relationship could be used in money laundering. If there are such indications, the financial intermediary must investigate the case.
- MROS will no longer have to process SARs within 20 working days. Instead, the financial intermediary will have the right to terminate the reported business relationship if the MROS does not inform the entity that the report will be transferred to law enforcement agencies within 40 working days.
- Associations with a high risk of ML/TF are to be added to the commercial register. Currently, most associations are not required to be registered. From now on, associations presenting a high risk of ML/TF are to be registered. These include associations that collect and distribute assets abroad for charitable, religious, cultural, educational, or social purposes. In such cases, information related to the association’s purpose, board members, authorized signatories, auditors, or address will be made publicly available upon entry to ensure transparency.
Deadline. The amended Swiss AMLA, including its implementing secondary legislation, comes into force by mid-2022.
Last December, the Estonian government approved draft legislation that tightens regulation of Virtual Asset Service Providers (VASPs). The new legislation brings VASPs in line with payment service providers but doesn’t directly affect individuals who use private wallets from owning crypto. Therefore, it’s time for regulated crypto businesses to get prepared.
The amendments are aimed at Virtual Assets Service Providers (VASPs) operating in Estonia, including:
- crypto exchanges;
The definition of ‘VASP’ will include decentralized platforms, ICOs, and other services if the amendments enter into force. It’s worth mentioning that VASPs should get a license from the Financial Intelligence Unit (FIU) to operate in Estonia.
You can learn more about complying with the new Estonian AML Act in our article on How the New Estonian AML Act Affects Virtual Currencies.
What will change?
Below are the significant changes that virtual currency services will face when the amendments come into force.
- Licensing (authorization) requirements. The following changes should be taken into account if your company operates in Estonia:
- The minimum capital requirement will be raised from €12,000 to €350,000 for transfer services and set at €125,000 for wallet services, exchanges, ICOs, and similar platforms;
- The fee for a VASP license (state fee) will be increased from €3,300 to €10,000.
2. License application requirements. The documents/information that will be required in addition to the VASP license application include:
Detailed financial information (assets and share capital size, documents evidencing payment and size, applicant’s opening balance sheet, an overview of income, expenses, profit, and cash flows and prerequisites for these, etc.);
- Business plan, including a description of organizational and management structure;
- Information about IT systems and other technological tools to be used for identification and monitoring of transactions, customers, and their beneficial owners;
- Information about the number of shares and votes owned by each shareholder, partner, or member;
- Information about persons who own a qualifying holding in the applicant and other information.
The Financial Intelligence Unit decides whether to grant a virtual currency service provider a license within 60 days after receiving all required documents and information.
Although only companies operating in Estonia or connected to Estonia can apply for a VASP license, the current rules allow the resale of licensed companies to third parties.
The draft act doesn’t include information about the withdrawal of existing licenses. It could mean that VASPs will lose active operational licenses only if they fail to comply with new requirements before March 2022.
3. VASPs are required to follow the FATF Travel Rule. The FATF’s Recommendation 16 on Wire Transfers, aka “Travel Rule,” requires VASPs, financial institutions, and regulated companies in member countries to exchange identifying information about the originator and beneficiary of transactions above €1,000 with counterparties.
Deadline. If the Act passes, virtual currency service providers will have to bring their operations and documents into compliance by March 18th, 2022.
To sum up, legislative authorities worldwide will continue focusing on digital currency protection and electronic payment instruments in 2022. This will include new industries, such as the digital art trade. Therefore, businesses—especially those operating globally—should be aware of requirements and stay compliant.
Sumsub continues to track all the regulatory changes and will keep you updated.