So here I am, back from my summer writing retreat, and normal blogging has resumed. It was quite a relief to be out of the country – in Switzerland, to be precise – and get away from all the Brexit debate. I find it very unsettling not knowing even when a decision will be made about what might happen – and it was not terribly comforting to hear that the Swiss, who had a similar referendum with a similar result (i.e. we don’t want immigration) three years ago but have done nothing about it because it would be too damaging to their economy, are now waiting to see how the UK squares this circle.
One thing I do know is that not knowing is something of a luxury that the regulated sector will not be able to afford for long. Bear with me while I try to explain my concern. MLD4 must be transposed into the national legislation of EU member states by 26 June 2017; the UK is partway through this process, with (I believe) a draft new set of ML Regulations all but ready to release when the referendum upset the apple-cart. One of the (simpler) requirements of MLD4 is that the definition of PEPs be extended to include domestic PEPs. Let’s assume that the UK does not get round to implementing MLD4 by 26 June 2017. (I’m assuming this because AML and MLD4 will have slipped way down the agenda now that UK politicians and civil servants are dealing with more fundamental issues.) On 27 June 2017, it will be expected that the UK – still being a member state of the EU at the point – has implemented all relevant legislation, including MLD4. If, say, a German bank contacts its UK branch, can/should/will it expect that that UK branch will have done a higher level of due diligence on, say, Nigel Farage (from 26 June 2017, a domestic PEP)? Should the UK branch of the German bank be putting in place systems to do this, even though the UK obligation will probably not be in force by then? Can the UK be fined by the EU if we miss the MLD4 deadline? (I think the answer to this last one is yes.) And would we pay such a fine, if we’re on our way out anyway?
I know it’s a rather silly example, but my concern is genuine: changes to in-house AML procedures take time, and the sensible MLRO will want to introduce, test and train on them before they are actually required by legal deadline – so should UK MLROs be anticipating MLD4’s requirements anyway? Or will the UK abandon the implementation of MLD4, and bring in its own version, which may differ? I know we’re not the only directive caught in the middle like this, but for practical purposes, for the sake of those whose (personal, legal) duty is to get AML right, we need clarification as soon as possible.