PART 6Money Laundering and Terrorist Financing: Supervision and Registration
CHAPTER 1Duties of supervisory authorities
Duties of supervisory authorities46
1
A supervisory authority must effectively monitor the relevant persons for which it is the supervisory authority (“its own sector”) and take necessary measures for the purpose of F3—
a
securing compliance by such persons with the requirements of these Regulations; and
b
securing that any application for which the supervisory authority grants approval under regulation 26 meets the requirements of regulation 26(7), whether or not the person making the application, or being approved, is a relevant person.
2
Each supervisory authority must—
a
adopt a risk-based approach to the exercise of its supervisory functions, informed by the risk assessments carried out by the authority under regulation 17;
b
ensure that its employees and officers have access both at its offices and elsewhere to relevant information on the domestic and international risks of money laundering and terrorist financing which affect its own sector;
c
base the frequency and intensity of its on-site and off-site supervision on the risk profiles prepared under regulation 17(4);
d
keep a record in writing of the actions it has taken in the course of its supervision, and of its reasons for deciding not to act in a particular case;
e
take effective measures to encourage its own sector to report F4actual or potential breaches of the provisions of these Regulations to it;
F5f
provide one or more secure communication channels for persons to report actual or potential breaches of these Regulations to it;
g
take reasonable measures to ensure that the identity of the reporting person is known only to the supervisory authority.
3
In determining its approach to the exercise of its supervisory functions the supervisory authority must—
F12a
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
b
take account of the degree of discretion permitted to relevant persons in taking measures to counter money laundering and terrorist financing.
4
In accordance with its risk-based approach, the supervisory authority must take appropriate measures to review—
a
the risk assessments carried out by relevant persons under regulation 18;
b
the adequacy of the policies, controls and procedures adopted by relevant persons under regulation 19 to 21 and 24, and the way in which those policies, controls and procedures have been implemented.
5
A supervisory authority which, in the course of carrying out any of its supervisory functions or otherwise, knows or suspects, or has reasonable grounds for knowing or suspecting, that a person is or has engaged in money laundering or terrorist financing must as soon as practicable inform the NCA.
6
A disclosure made under paragraph (5) is not to be taken to breach any restriction, however imposed, on the disclosure of information.
7
Where a disclosure under paragraph (5) is made in good faith, no civil liability arises in respect of the disclosure on the part of the person by whom, or on whose behalf, it is made.
8
The FCA, when carrying out its supervisory functions in relation to an auction platform—
a
must effectively monitor the auction platform's compliance with—
i
the customer due diligence requirements of F22regulation 17 of the UK auctioning regulations;
ii
the monitoring and record-keeping requirements of F23regulation 37 of those Regulations; and
iii
the notification requirements of F24regulation 38(4) and (5) of those Regulations; and
b
may monitor the auction platform's compliance with regulations 18 to 21 and 24 of these Regulations.
9
The functions of the FCA under these Regulations shall be treated for the purposes of Parts 1, 2 and 4 of Schedule 1ZA to FSMA M1 (the Financial Conduct Authority) as functions conferred on the FCA under that Act.
F1Annual reports by self-regulatory organisations46A
A self-regulatory organisation must publish or make arrangements to publish an annual report containing information about—
a
measures taken by the self-regulatory organisation to encourage the reporting of actual or potential breaches as referred to in regulation 46(2)(e);
b
the number of reports of actual or potential breaches received by that self-regulatory organisation as referred to in regulation 46(2)(e);
c
the number and description of measures carried out by the self-regulatory organisation to monitor, and enforce, compliance by relevant persons with their obligations under—
i
Part 3 (customer due diligence);
ii
iii
regulation 40 (record-keeping); and
iv
regulations 20 to 24 (policies and controls etc.).
Duties of supervisory authorities: information47
1
A supervisory authority must, in any way it considers appropriate, make up-to-date information on money laundering and terrorist financing available to those relevant persons which it supervises (“its own sector”).
2
The information referred to in paragraph (1) must include the following—
a
information on the money laundering and terrorist financing practices considered by the supervisory authority to apply to its own sector;
b
a description of indications which may suggest that a transfer of criminal funds is taking place in its own sector;
c
a description of the circumstances in which the supervisory authority considers that there is a high risk of money laundering or terrorist financing.
3
The information referred to in paragraph (1) must also include information from the following sources which the supervisory authority considers is relevant to its own sector—
F13a
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F13b
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F13c
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F13d
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F13e
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
f
the report prepared by the Treasury and the Home Office under regulation 16(6);
g
any relevant information made available by the Treasury and the Home Office under regulation 16(8);
h
any relevant information published by the Director General of the NCA under section 4(9) (operations) or 6 (duty to publish information) of the Crime and Courts Act 2013 M2.
Duties of the FCA: guidance on politically exposed persons48
1
The FCA must give guidance under section 139A of FSMA (power of the FCA to give guidance) M3 to relevant persons, who are subject to rules made by the FCA, in relation to the enhanced customer due diligence measures required under regulation 35 in respect of politically exposed persons (“PEPs”), their family members and known close associates (within the meanings given in regulation 35(12)).
2
The guidance referred to in paragraph (1) must include guidance on the following matters—
a
taking into account regulation 35(14), what functions are, and are not, to be taken to be “prominent public functions” for the purposes of determining whether an individual is a PEP;
b
which persons should be treated as coming within the definitions of—
i
a family member of a PEP; or
ii
a known close associate of a PEP;
c
what constitutes “appropriate risk-management systems and procedures” for the purposes of regulation 35(1);
d
what account is to be taken of the jurisdiction in which the prominent public function arises (taking into consideration the controls against money-laundering and terrorist financing in different jurisdictions);
e
how the level of risk associated with a particular individual is to be assessed for the purposes of regulation 35(3), and what approach is to be taken in relation to a PEP, or a family member or known close associate of a PEP, if the PEP, family member or close associate is assessed as presenting a low level of risk;
f
who should be treated as coming within the meaning of “senior management” for the purposes of regulation 35(5) and (8);
g
the situations in which it would be appropriate for the senior management approval mentioned in regulation 35(5) to be given by an individual who is not a member of the board of directors (or, if there is no such board, a member of the equivalent management body) of a business;
h
what constitutes “adequate measures” and “reasonable measures” for the purposes of paragraphs (5) and (6) respectively of regulation 35;
i
the extent to which information on public registers may be taken into account for the purposes of regulation 35(5) and (6);
j
what sort of monitoring and scrutiny is required for the purposes of regulation 35(5) and (8);
k
what measures are required in relation to persons who have ceased to be PEPs to comply with regulation 35(9); and
l
how to address risks of money laundering or terrorist financing where a PEP, a family member of a PEP or a known close associate of a PEP, is—
i
the beneficial owner of a customer;
ii
a beneficiary of a contract of long-term insurance;
iii
the beneficial owner of a beneficiary of a contract of long-term insurance.
Duties of self-regulatory organisations49
1
Self-regulatory organisations must make arrangements to ensure that—
a
their supervisory functions are exercised independently of any of their other functions which do not relate to disciplinary matters;
b
sensitive information relating to the supervisory functions is appropriately handled within the organisation;
c
they employ only persons with appropriate qualifications, integrity and professional skills to carry out the supervisory functions;
d
contravention of a relevant requirement by a relevant person they are responsible for supervising renders that person liable to effective, proportionate and dissuasive disciplinary measures under their rules;
F6e
potential conflicts of interest within the organisation are appropriately handled.
2
Self-regulatory organisations must—
a
provide adequate resources to carry out the supervisory functions;
b
appoint a person to monitor and manage the organisation's compliance with its duties under these Regulations.
3
The person appointed under paragraph (2)(b) is to be responsible—
a
for liaison with—
i
another supervisory authority or a registering authority (within the meaning of regulation 53);
ii
any law enforcement authority; and
iii
any overseas authority (within the meaning of regulation 50(4))
b
for ensuring that the self-regulatory organisation responds fully and rapidly to any request from an authority referred to in paragraph (a)(i) or (ii) for information about any person it supervises, whether that request concerns an application by that person for registration or any other matter.
Duty to co-operate50
1
A supervisory authority must take such steps as it considers appropriate—
a
to co-operate with other supervisory authorities, the Treasury and law enforcement authorities in relation to the development and implementation of policies to counter money laundering and terrorist financing;
b
to co-ordinate activities to counter money laundering and terrorist financing with other supervisory authorities and law enforcement authorities;
F17c
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F181A
A supervisory authority may take such steps as it considers appropriate to co-operate with overseas authorities—
a
for the purposes of these Regulations, and
b
to ensure the effective supervision of a relevant person to which paragraph (2) applies.
2
This paragraph applies to a relevant person established—
a
in the United Kingdom, which has its head office in another country; or
b
in another country but which has its head office in the United Kingdom.
3
Co-operation may include the sharing of information which the supervisory authority is not prevented from disclosing F7, provided that—
a
any confidential information disclosed to the authority in question will be subject to an obligation of confidentiality equivalent to that provided for in regulation 52A;
b
where the information disclosed has been received from F19a third country, it is only disclosed—
i
with the express consent of the competent authority or other institution which provided the information; and
ii
where appropriate, for the purposes for which the information was originally provided.
4
For the purposes of this regulation “overseas authority” means—
a
an authority responsible for any of the functions provided for in the fourth money laundering directive in an EEA state F14... in which the relevant person is established or has its head office; and
b
where the relevant person is established or has its head office in F15another country which is not an EEA state, an authority in that country which has equivalent functions to any of the functions provided for in the fourth money laundering directive.
F165
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Regulatory information51
1
A supervisory authority within regulation 7 must collect such information as it considers necessary for the purpose of performing its supervisory functions, including the information specified in Schedule 4.
2
A supervisory authority within regulation 7 must on request provide the Treasury with such information collected under paragraph (1) as may be specified by the Treasury, for the purpose of enabling the Treasury to F20perform its functions under these Regulations.
F82A
The Treasury may disclose to the FCA information provided by the supervisory authorities under paragraph (2), provided that the disclosure is made for purposes connected with the effective exercise of—
a
the functions of the Treasury under these Regulations in relation to self-regulatory organisations or under the Oversight of Professional Body Anti-Money Laundering and Counter Terrorist Financing Supervision Regulations 2017 M7 (“the Professional Body Regulations”); or
b
the functions of the FCA under the Professional Body Regulations.
3
The Treasury must publish an annual consolidated review of the information provided by the supervisory authorities under paragraph (2).
4
A disclosure made under paragraph (2) F9or (2A) is not to be taken to breach any restriction, however imposed, on the disclosure of information.
5
Where a disclosure under paragraph (2) F10or (2A) is made in good faith, no civil liability arises in respect of the disclosure on the part of the person by whom, or on whose behalf, it is made.
Disclosure by supervisory authorities F25and other relevant authorities52
1
F26... A supervisory authority may disclose to a relevant authority information it holds relevant to its supervisory functions, provided the disclosure is made for purposes connected with the effective exercise of—
a
the functions of the relevant authority under these Regulations F27or any other functions related to money laundering, terrorist financing or the integrity of the international financial system;
b
the functions of the law enforcement authority; or
c
in the case of an overseas authority, the functions provided for in the fourth money laundering directive, or equivalent functions.
F281A
A relevant authority referred to in paragraph (5)(b), (c), (e) or (f) may disclose to a supervisory authority or another relevant authority referred to in paragraph (5) information it holds, provided the disclosure is made for purposes connected with—
a
the effective exercise of the functions of the supervisory authority or other relevant authority under these Regulations; or
b
money laundering, terrorist financing or the integrity of the international financial system.
1B
Nothing in paragraph (1A) affects the powers of a relevant authority referred to in paragraph (5)(b), (c), (e) or (f) to disclose information to a supervisory authority or other relevant authority apart from this regulation.
2
Information disclosed to a relevant authority under paragraph (1) F29or (1A) may not be further disclosed by that authority, except—
a
in accordance with paragraph (1) F29or (1A);
b
by the FCA to the PRA, where the information concerns a PRA-authorised person or a person who has a qualifying relationship with a PRA-authorised person;
c
in the case of an overseas authority, in accordance with any conditions imposed on further disclosure of that information by the supervisory authority which disclosed that information to the overseas authority;
d
with a view to the institution of, or otherwise for the purposes of, any criminal or other enforcement proceedings; or
e
as otherwise required by law.
3
A disclosure made under paragraph (1) F30or (1A) is not to be taken to breach any restriction, however imposed, on the disclosure of information.
4
Where a disclosure under paragraph (1) F31or (1A) is made in good faith, no civil liability arises in respect of the disclosure on the part of the person by whom, or on whose behalf, it is made.
5
For the purposes of this regulation, “relevant authority” means—
a
another supervisory authority;
b
the Treasury;
c
any law enforcement authority;
d
an overseas authority, within the meaning of regulation 50(4);
F32e
the Secretary of State for purposes connected with the effective exercise of his or her functions under enactments relating to companies, audit and insolvency;
f
the registrar of companies within the meaning of section 1060(3) of the Companies Act 2006F33.
F2Obligation of confidentiality52A
1
No person working for a relevant supervisory authority, or acting on behalf of a relevant supervisory authority (or who has worked or acted for a relevant supervisory authority) may, except in accordance with this regulation, disclose any confidential information received in the course of their duties under these Regulations.
2
Information referred to in paragraph (1) may be disclosed in summary or aggregate form, provided that no credit institution or financial institution is identifiable from the information disclosed.
3
A relevant supervisory authority may F35disclose confidential information received pursuant to these Regulations—
a
in the discharge of its duties under these Regulations or under other legislation relating to—
i
F34money laundering, terrorist financing or proliferation financing;
ii
prudential regulation; or
iii
the supervision of credit institutions and financial institutions;
b
in an appeal against a decision of a supervisory authority;
c
in court proceedings initiated by a relevant supervisory authority in the exercise of the duties referred to in sub-paragraph (a), or otherwise relating to the authority’s discharge of those duties;
F11d
where the Commissioners are the supervisory authority, in accordance with sections 17 and 18 of the Commissioners for Revenue and Customs Act 2005;
F36e
in accordance with regulation 52.
4
This regulation does not prevent the exchange of information between—
a
any authority in the United Kingdom responsible for the supervision of a credit institution or a financial institution in accordance with these Regulations or other law relating to credit institutions or financial institutions (a “UK authority”) and another UK authority;
F21b
a UK authority and a competent authority in a third country supervising any credit or financial institution in accordance with—
i
the fourth money laundering directive or other legislative acts relating to credit institutions or financial institutions;
ii
laws imposing requirements on credit institutions or financial institutions which have an equivalent effect to those laid down in the fourth money laundering directive.
5
Confidential information may only be exchanged under paragraph (4) if the authority to which the information is provided agrees to hold it subject to an obligation of confidentiality equivalent to that set out in paragraph (1).
6
Nothing in this regulation affects the disclosure of confidential information in accordance with regulations made under section 349 (exceptions from section 348) of FSMA M6.
7
For the purposes of this regulation, a “relevant supervisory authority” is a supervisory authority which is responsible for the supervision of credit institutions or financial institutions.
Obligation of confidentiality: offence52B
1
Any person who discloses information in contravention of regulation 52A is guilty of an offence.
2
A person guilty of an offence under paragraph (1) is liable—
a
on summary conviction—
i
in England and Wales, to imprisonment for a term not exceeding three months, to a fine or to both,
ii
in Scotland or Northern Ireland, to imprisonment for a term not exceeding three months, to a fine not exceeding the statutory maximum or to both;
b
on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both.
3
In proceedings for an offence under this regulation, it is a defence for the accused to prove—
a
that the accused did not know and had no reason to suspect that the information was confidential information; and
b
that the accused took all reasonable precautions and exercised all due diligence to avoid committing the offence.