Regulation 16 has been amended but none of the amendments are relevant.
1974 c. 6; section 1 was amended by section 43 of the Anti-terrorism, Crime and Security Act 2001 (c. 24).
EUR 2009/428. Annexes I and IV were amended by S.I. 2019/771 and 2022/410.
Regulation 19 has been amended but none of the amendments are relevant.
Regulation 22 was revoked by S.I. 2019/253. Regulation 24 was amended by S.I. 2019/1511.
Regulation 58 was amended by S.I. 2019/1511.
There are amendments to regulation 3 but none are relevant.
Regulation 20 has been amended by S.I. 2019/253 and 2019/1511.
Regulation 41(6) was inserted by section 211(1) of and paragraphs 410 and 415(1)(b) of Schedule 19 to the Data Protection Act 2018 (c. 12).
Regulation 45ZB was inserted by S.I. 2020/991.
Regulation 52A was inserted by S.I. 2019/1511. There are other amendments but none are relevant.
Regulation 74C was inserted by S.I. 2019/1511. There are other amendments but none are relevant.
Paragraph 5 of Schedule 6 has been amended but the amendment is not relevant.
In regulation 3 (general interpretation), after the definition of “PRA-authorised person” insert
After regulation 16 (risk assessment by the Treasury and Home Office)
The Treasury must make arrangements for a risk assessment to be undertaken to identify, assess, understand and mitigate the risks of proliferation financing affecting the United Kingdom (“the proliferation financing risk assessment”). The proliferation financing risk assessment must, among other things— identify, where appropriate, the sectors or areas of lower and greater risk of proliferation financing; provide the information and analysis necessary to enable it to be used for the purposes set out in paragraph (3). The Treasury must ensure that the proliferation financing risk assessment is used to— consider the appropriate allocation and prioritisation of resources to counter proliferation financing; consider whether the exclusions provided for in regulation 15 (exclusions) are being abused. The Treasury must prepare a report setting out, as appropriate, the findings of the proliferation financing risk assessment as soon as reasonably practicable after the proliferation financing risk assessment is completed. A copy of that report must be laid before Parliament and sent to the supervisory authorities. The Treasury must take appropriate steps to ensure that the proliferation financing risk assessment is kept up-to-date. The proliferation financing risk assessment may be included in the risk assessment made under regulation 16 (risk assessment by the Treasury and Home Office). The report referred to in paragraph (4) may be included within the joint report of the Treasury and Home Office referred to in regulation 16(6). In this regulation, “ In this regulation— “ “ “ “ “ “ “ “ “ “ “
After regulation 18 (risk assessment by relevant persons) insert—
A relevant person must take appropriate steps to identify and assess the risks of proliferation financing to which its business is subject. In carrying out the risk assessment required under paragraph (1), a relevant person must take into account— information in the report referred to in regulation 16A (risk assessment by the Treasury); and risk factors including factors relating to— its customers; the countries or geographic areas in which it operates; its products or services; its transactions; and its delivery channels. In deciding what steps are appropriate under paragraph (1), the relevant person must take into account the size and nature of its business. A relevant person must keep an up-to-date record in writing of all the steps it has taken under paragraph (1), unless its supervisory authority notifies it in writing that such a record is not required. A relevant person must provide the risk assessment it has prepared under paragraph (1), the information on which that risk assessment was based and any record required to be kept under paragraph (4), to its supervisory authority on request.
After regulation 19 (policies, controls and procedures)
A relevant person must— establish and maintain policies, controls and procedures to mitigate and manage effectively the risks of proliferation financing identified in any risk assessment undertaken by the relevant person under regulation 18A(1); regularly review and update the policies, controls and procedures established under sub-paragraph (a); maintain a record in writing of— the policies, controls and procedures established under sub-paragraph (a); any changes to those policies, controls and procedures made as a result of the review and update required by sub-paragraph (b); and the steps taken to communicate those policies, controls and procedures, or any changes to them, within the relevant person’s business. The policies, controls and procedures adopted by a relevant person under paragraph (1) must be— proportionate with regard to the size and nature of the relevant person’s business; and approved by its senior management. The policies, controls and procedures referred to in paragraph (1) must include— risk management practices; internal controls (see regulations 21 to 24) the monitoring and management of compliance with, and the internal communication of, such policies, controls and procedures. The policies, controls and procedures referred to in paragraph (1) must include policies, controls and procedures— which provide for the identification and scrutiny of— any case where— a transaction is complex or unusually large, or there is an unusual pattern of transactions; or the transaction or transactions have no apparent economic or legal purpose, and any other activity or situation which the relevant person regards as particularly likely by its nature to be related to proliferation financing; which specify the taking of additional measures, where appropriate, to prevent the use for proliferation financing of products and transactions which might favour anonymity; which ensure that when new products, new business practices (including new delivery mechanisms) or new technology are adopted by the relevant person, appropriate measures are taken in preparation for, and during, the adoption of such products, practices or technology to assess and if necessary mitigate any proliferation financing risks this new product, practice or technology may cause; which, in the case of a money service business that uses agents for the purpose of its business, ensure that appropriate measures are taken by the business to assess— whether an agent used by the business would satisfy the fit and proper test provided for in regulation 58 the extent of the risk that the agent may be used for proliferation financing. A relevant person must, where relevant, communicate the policies, controls and procedures which it establishes and maintains in accordance with this regulation to its branches and subsidiary undertakings which are located outside the United Kingdom.
In regulation 20(1)(a), for “regulation 19(1)” substitute
In regulation 21(7)—
after “regulation 19(1)” insert
in paragraph (10)(a), after “regulation 18(1)” insert
In the following provisions, for “money laundering and terrorist financing” substitute
regulation 3 (interpretation)
regulation 20(1)(b), (3), (4)(b) and (5) (policies, controls and procedures: group level)
regulation 21(2)(b)(ii)(aa) and (2)(b)(ii)(bb) (internal controls);
regulation 24(1)(a)(i), (2)(b)(i), (2)(b)(ii) and (3)(a)(iii) (training).
In the following provisions, for “money laundering or terrorist financing” substitute
regulation 21(7)(a);
regulation 24(1)(a)(ii);
regulation 41(1), (6)(a), (7) and (8) (data protection)
regulation 45ZB(11)(a), (11)(b) and (11)(d) (access to information on the register)
regulation 52A(3)(a)(i) (confidentiality)
regulation 74C(3)(c) (directions: cryptoasset businesses)
In Schedule 6 (meaning of “
after sub-paragraph (a)(i) insert—
regulation 18A (risk assessment by relevant persons in relation to proliferation financing);
after sub-paragraph (a)(ii) insert—
regulation 19A (policies, controls and procedures in relation to proliferation financing);