HMRC Anti-Money Laundering Supervision annual assessment

1) Summary
1.1 Certain types of legitimate business services can be attractive to criminals, who exploit them to launder money or finance terrorism. Life is made easier for criminals when insufficient controls are in place. It is therefore essential that businesses put in place adequate measures to prevent criminals from using their services to launder money and finance terrorism.

1.2 HMRC is one of 25 Anti-Money Laundering (AML) supervisors in the UK. HMRC delivers its supervisory responsibility through its Anti-Money Laundering Supervisory (AMLS) teams. HMRC helps ensure that businesses comply with the current Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and have systems and processes in place to protect themselves and their services from being exploited for the purposes of money laundering and terrorist financing. HMRC currently supervises over 30,000 businesses across nine different sectors:

  • Money Service Businesses (MSBs)
  • Accountancy Service Providers (ASPs)
  • Trust or Company Service Providers (TCSPs)
  • Estate Agency Businesses (EABs)
  • Letting Agency Businesses (LABs)
  • Art Market Participants (AMPs)
  • High Value Dealers (HVDs)
  • Bill Payment Service Providers
  • IT and Digital Payment Service Providers

1.3 In the Economic Crime Plan 2019 to 2022, HMRC committed to delivering an enhanced risk-based approach to its supervision by March 2021 and to carrying out an annual self-assessment of its money laundering supervision. The aim would be to ensure that the department was compliant with the relevant Money Laundering Regulations and was meeting the standards set for Professional Body Supervisors, as set out in the Office for Professional Body Anti-Money Laundering Supervision (OPBAS) Sourcebook (January 2018) as far as appropriate.

1.4 The self-assessment identified that HMRC’s performance overall is currently broadly in line with both the relevant Money Laundering Regulations and with OPBAS Sourcebook advice on best practice. However, HMRC recognises that it can improve further. It has numerous programmes in hand to drive up performance and help it realise its vision to provide world class, risk-based supervision. This paper highlights many of these projects. It also includes an annex (Annex A) that provides a summary of key HMRC AMLS statistics, including interventions and outcomes, for the past five years. These statistics are referenced throughout the text, illustrating the trends in HMRC supervision over time.

1.5 In summary, the self-assessment team found that:

  • HMRC analyses the risks in each sector it supervises and allocates its resources on the basis of this analysis. It has written risk profiles for all its supervised businesses. The risk assessment process has recently been formalised and improved.
  • HMRC uses a range of supervisory tools to carry out that supervision, chosen on the basis of the risk assessment, including both desk-based and face to face interventions. HMRC is working to increase the number of supervisory interventions per year, both by increasing staff numbers and by improving productivity through better training and other improvements in supervisory processes.
  • HMRC supervisory registration processes are largely in line with the regulations. Where there are currently some failings, principally in being able to process registrations within 45-days, new processes have been put in place to improve performance, and there is evidence that these changes are already having a large impact. There are also new processes in place to make registrations and the policing the perimeter function more robust going forward (see section 4).
  • HMRC shares as much information as it can with both domestic and international supervisors. HMRC is, however, prevented in all but certain specified circumstances from sharing non-supervisory information with some supervisors as a result of taxpayer confidentiality laws. HMRC does however have multiple avenues through which to share information with law enforcement. It also has appropriate whistleblowing systems in place.
  • The regulations state that HMRC must make information about money laundering and terrorist financing available to businesses. HMRC does this via guidance, webinars, online training and emails to members, as well as through its engagement with trade bodies and speaking at conferences. It has taken steps to ensure that going forward it can promptly share information on new risks with supervised businesses.
  • HMRC has been adopting a tougher approach to sanctions for several years, in an effort to make sanctions more effective, proportionate and dissuasive, as required by the regulations. This approach has been supported by the newly published sanctions framework, which will help ensure staff are consistently applying and calculating sanctions.
  • Staff are provided with training to help them in their role. There are many projects underway to improve this training further, in particular to provide more practical, hands on courses.
  • Records of interventions are kept, and HMRC is driving up data reliability. There is a good quality assurance process in place, which is starting to improve performance.
  • HMRC supervisory fees are appropriate, and recent changes to the management structure should help ensure that there is a clearer allocation of responsibility in the AMLS team.

1.6 Taken together, the self-assessment team consider HMRC to be meetings its obligations under the regulations and as set out in the OPBAS Sourcebook. It is taking considerable steps to improve its supervision further. HMRC intends to review progress in a follow-up self-assessment over the course of the next 12 months. This self-assessment will also be published.

2) Governance
Regulation 102 states that HMRC may impose charges on applicants for supervision and on businesses supervised by them. The fee however cannot exceed the amount HMRC considers necessary to cover the cost of supervision. There are no other specific regulations on HMRC governance.

The OPBAS Sourcebook states that Professional Body Supervisors should:

  • clearly allocate responsibility for managing their AML supervisory activity
  • evidence that senior management is actively engaged with their approach to AML supervision
  • have appropriate reporting escalation arrangements promoting effective decision making
  • Fees

2.1 The regulations state that HMRC can charge fees for AML supervision, but that these fees must not exceed what they think is needed to meet their expenses. A review of fee income and expenses over the past five years has revealed that income has not exceeded spending.

2.2 In the Economic Crime Plan of 2019, HMRC committed to enhancing its supervisory effectiveness, and fees were increased that year in order to help HMRC meet the higher costs of supervision. A public consultation on the sustainability of the future fees model is expected to issue in the Spring.

Clear allocation of responsibility in the AMLS team
2.3 The AMLS team largely has effective managers. However, it is clear that performance is not consistent across the team, which has made it harder at times to make improvements to supervision. Previous efforts to help these managers improve were made more difficult by the operating structure in place at the time, which blurred accountability and left some staff overburdened. 2.4 In November 2019, senior management announced that the team would adopt a new operating model which should help address these issues. The new structure has already improved the allocation of responsibility in the team and therefore helped improve supervision. HMRC will continue to monitor the new operating model’s progress and impact.

Senior oversight
2.5 Management within the AMLS team is actively engaged with their approach to supervision, and issues are escalated up the chain as required. Senior management in HMRC are involved in significant decisions and issues relating to the AMLS team as appropriate. This includes HMRC’s Executive Committee when necessary, for example when reviewing the AMLS chapters in HMRC’s annual report.

Communication and culture within the AMLS team
2.6 Overall, communication within the team is good, and most staff report they are happy with the communications they receive. In order to ensure these messages are fully internalised by staff, the team has recently developed a plan to increase staff engagement with the content of internal communications. This plan is currently being implemented by the team.

2.7 The team has recently relaunched its internal knowledge library, which includes all business and operational knowledge. This should help ensure all staff have easy access to the information they need in their roles. Arrangements are in place to keep this library up to date.

2.8 In 2019, the team developed a new vision statement: “Working together to protect the UK against the risk of money laundering and terrorist financing, through world class supervision”. This vision statement has been rolled out across the team to guide their work, and efforts have been made to ensure that everyone understands the new ambition and direction of the organisation. Interviews with staff indicate that the vast majority are supportive of the vision statement.

3) Risk-based approach
Under Regulation 17 of the Money Laundering Regulations, supervisors are required to undertake a risk assessment, covering the international and domestic risks of money laundering and terrorist financing in the sectors they supervise. This assessment must be informed by certain documents, including the National Risk Assessment and European Commission Supranational report on Money Laundering. The supervisor must keep an up to date record in writing of the steps it has taken to make its assessment.

Supervisors must also have a written risk profile for each business in its sector and update these regularly in response to developments. Regulation 46 requires the supervisor to use the risk profiles they prepare to decide the frequency and intensity of onsite and offsite supervision.

Section 4 of the OPBAS Sourcebook also requires Professional Body Supervisors to:

  • adopt a risk-based approach, focusing efforts and resources on the highest risks
  • ensure measures to reduce money laundering are proportionate to the risks
  • regularly review the risks to their sector
  • support their members in the adoption of a risk-based approach
  • Sector risk assessments

3.1 HMRC has assessed the risks presented by each of its supervised sectors. HMRC’s assessments have been reviewed by the self-assessment team and are considered a good foundation for HMRC’s risk-based approach to supervision.

3.2 By April 2021, HMRC will have finalised more comprehensive and consistent written risk assessments of all its sectors. These documents set out in more detail HMRC’s assessment of risks in the sector, including their consideration of various reports such as the National Risk Assessment and EU Supranational Risk Assessment, as well as intelligence and staff experience in the sector. They clearly set out how risk is assessed both on the basis of probability, such as product, client or geographical risk factors, as well as on the potential impact of the risk due to the size of the business and/or links to other businesses. Interventions are carried out on both large and small businesses according to the risk.

3.3 The risk assessments also set out the preferred strategy to address these risks, covering the Promote, Prevent and Respond campaigns, in line with HMRC’s compliance strategy (see Annex B). HMRC has a process in place to ensure these assessments are reviewed at least every three months, if not sooner, and are kept up to date. Future iterations of these risk assessments are expected to become more detailed and specific as they are refined by new evidence.

Selection of cases for intervention
3.4 HMRC takes a three-step approach to identifying individual cases for intervention. The first step is to allocate HMRC’s supervisory resources between the different sectors on the basis of the relative risk posed by each sector, ensuring each sector is appropriately supervised. HMRC will continue to reflect on the balance of interventions between sectors, to ensure each sector is appropriately supervised, in accordance with the level of risk.

3.5 The second step involves each sector allocating these resources between different “campaigns”. These campaigns are focussed on the areas of perceived highest risk or intended as a “test and learn”, aimed at understanding risk better in different sub sectors, where there is an absence of information about money laundering and terrorist financing risks. HMRC also conducts a number of campaigns carried out across all sectors, for example acting on intelligence referrals received in the year; random sampling of businesses to test HMRC’s risking approach (compliance model testing); and follow up interventions for those who have received a warning or penalty previously.

3.6 The final step involves identifying the highest risk businesses that meet the campaign criteria. These businesses are identified on the basis of the written risk profiles for each business as well as other information. The self-assessment team are content that the final businesses selected are chosen on the basis of solid, risk based, evidence.

3.7 HMRC has recently improved these risk profiles so that they can more quickly identify the highest risk businesses and highlight those not otherwise captured in campaigns. The new risk profiles, which have been sense checked against other information, were finalised across all sectors in October 2020 and will inform campaigns going forward. HMRC will continue to refine and monitor its risk profiles to ensure that they remain appropriate.

Supporting businesses’ risk-based approach
3.8 HMRC supports businesses in taking a risk-based approach. The guidance published for each sector includes information on how to take a risk-based approach. This has been supported with webinars and e-learning products which are available on the website, as well as information on risks in their sector (see section 6). In addition, HMRC’s supervisory team staff are trained to support the business’ risk-based approach. Interviews with staff have confirmed that this is the case.

4) Supervision
Regulation 46 requires supervisors to effectively monitor their own sectors and use the risk profiles they prepare under Regulation 17 to decide the frequency and intensity of onsite and offsite supervision. The regulations require the supervisor to take appropriate measures to review the risk assessments carried out by businesses, and the adequacy of their policies, controls and procedures.

HMRC is subject to specific regulations linked to registration. In particular 54(2) states that HMRC must maintain a register of MSBs, TCSPs, HVDs and PSPs. Regulation 55 (3) states HMRC may maintain a register of the other sectors as well. HMRC may also publish these registers.

Regulation 57 covers the rights of the supervisory authority to require relevant persons to provide information to support their application for registration. Regulation 58 requires HMRC to carry out a Fit and Proper test on responsible persons involved in an MSB or TCSP. Regulation 59 sets out when HMRC can refuse registration, and states that the registration process must be completed within 45 days.

The OPBAS Sourcebook states that:

  • supervisors can select members for supervision based on who poses the greatest risk
  • supervisors should have a number of tools to use when monitoring how adequate members’ AML defences are
  • these tools should enable them to compare a member with its peers
  • supervisors should adopt a gatekeeper role when considering whether a member meets the ongoing requirements for continued participation in the profession
  • Interventions

4.1 HMRC takes a pro-active approach to supervision, based on the risks. As highlighted in section 3 above, available resources are allocated between the different sectors based on an agreed assessment of the comparative risks of each sector and sub-sector, ensuring that resources are focussed on those presenting the greatest risk.

4.2 HMRC conducts both onsite and offsite supervisory interventions in order to monitor compliance with the regulations. These interventions allow HMRC to compare the business’s money laundering and terrorist financing arrangements with the standards required by the regulations and with the arrangements of its peers. They inform HMRC’s judgement on the quality of the business’s controls.

4.3 The decision on whether an investigation should be face-to-face or a desk-based intervention is based on an assessment of the risk posed by the business, both on an individual basis as well as in the context of the sector or sub sector. Riskier persons are more likely to be subject to face-to-face intervention. However, some lower risk persons may also be subject to face-to-face intervention, if the type of business is less suited to a desk-based intervention. Likewise, if during the course of a desk-based intervention it seems clear to an officer that a face-to-face intervention is necessary, then the officer will go out to the business.

4.4 Both forms of investigation can involve, for example, discussions with senior management, review of documentation to evidence the business’s risk-based approach and dip sampling of transactions. DBI can use many of the same tools where practicable. Depending on the campaign, some desk-based interventions ask only for particular types of information, for example policies, controls and procedures, while others can amount to a full intervention. The intensity of these interventions, and their focus, varies depending on the risk presented by the business.

4.5 Questionnaires and ad hoc information requests are a routine part of registration, fit and proper activity and many desk-based interventions. The self-assessment team recommends that HMRC consider wider use of these supervisory tools in order to help it reach a higher proportion of its supervised population.

4.6 In 2019 to 2020, HMRC carried out 817 face-to-face interventions and 1,012 desk-based interventions (see Annex A).

4.7 The number of interventions in 2019 to 2020 was lower than in previous years and lower than planned. The fall can largely be explained by short term changes to the structure of staffing that year, as well as the type of cases undertaken. An emphasis on more complex cases required multiple interventions to the same business and extra staff time analysing and following up on findings. In contrast, in 2016 to 2017, HMRC undertook a large number of interventions of MSB agents, which focussed only on certain aspects of their business, and were therefore quicker to turn around than interventions in 2019 to 2020.

4.8 The number of interventions undertaken in 2020 to 2021 will be severely impacted by the COVID-19 pandemic, which has limited the number of onsite interventions possible. Almost all activity has been converted to desk-based interventions, with onsite interventions only occurring where critical to the risk. HMRC will continue to consider what level and type of intervention is appropriate, in accordance with government COVID-19 guidance.

4.9 HMRC has a process in place to ensure that only legitimate businesses, capable of meeting the Money Laundering Regulations, are admitted onto the register. Applicants are required to fill in a comprehensive questionnaire to assess the risk they pose. The application covers almost all the information suggested in 57(2). The information provided is cross checked with other sources of intelligence from within HMRC, other departments and law enforcement. Further information is requested from applicants where necessary to validate the details, and higher risk businesses are subject to more intensive checks.

4.10 Applicants are given 21 days to respond to requests for information, as required by the regulations. Applicants are advised on registration that they must immediately advise HMRC of any changes to the information provided in the application. They are reminded of this obligation at multiple intervals during their registration. In 2019 to 2020, HMRC issued approximately 30 sanctions to businesses who did not provide this information.

4.11 HMRC refused 1.7% of applications in 2019 to 2020. The reasons for refusal range from refusal to provide information required, to beneficial owners or managers being deemed not fit and proper because of suspicions they would not comply with the regulations. The current number of refusals is an increase on earlier years, reflecting changes to make the process more robust and keep applicants off the register if they are unlikely to comply with the regulations. Going forward, HMRC will continue to ensure the process is sufficiently robust and HMRC expect refusals to increase further.

Case study
In 2014, HMRC became aware that increasing numbers of criminals were attempting to register as High Value Dealers (HVDs) in an effort to provide themselves with a more legitimate appearance. HMRC consequently changed its verification and registration for HVDs in order to strengthen its ability to keep criminal businesses off the register. All HVD applications are now examined in more detail using a risk-based approach and to determine what further action needs to be taken. This can range from a letter or phone call for more information to a full intervention, dependent on the risks. HMRC has refined and improved this extended verification since its introduction and now also sees many businesses were attempting to register as an HVD due to a misunderstanding of the definition of an HVD. This additional success of the extended verification has contributed to a decline in the number of businesses registered as an HVD. Between 2014 to 2015 and 2019 to 2020, only 27% of applications made have become HVD registered.

4.12 HMRC is required by law to complete the application process within 45 days of registration. In 2019 to 2020, HMRC met the target in only 72% of cases.

4.13 HMRC has carried out a review of registration processes in order to speed up delivery and meet the 45-day target. The new processes are already yielding results, and in December 2020, 86% of applications were processed within the deadline. There are plans in place to further refine processes and HMRC aims to increase the volume of applications resolved within the deadline by the end of March 2021.

Fit and proper and approvals testing
4.14 HMRC carries out Fit and Proper person tests for MSB and TCSP relevant persons, as required by Regulation 58. HMRC has recently reformed its processes for Fit and Proper testing. The principal change involves putting the onus on the businesses themselves to demonstrate that they are Fit and Proper. Initial trials have suggested that the new process will reduce the time it takes to process these tests. The process has also been made more robust.

Maintaining a register
4.15 HMRC maintains a public register of all its sectors and uses this data to aid its supervision. The register is updated monthly. Suspensions and cancellations, however, are removed within two working days. HMRC published a new more user-friendly format of this register in August 2020.

Policing the perimeter
4.16 HMRC’s AMLS “policing the perimeter” teams are involved in identifying businesses that are trading while unregistered and work to bring these businesses onto the register or prevent them from trading. In the past, this strategy has not always had the attention it should. HMRC has now revamped and improved its policing the perimeter processes. It has also put more resource into the policing the perimeter team. The team is taking a much more pro-active approach to finding unregistered businesses using both HMRC and open source data. The changes to the sanctions framework (see section 7) should also help the team take a more robust approach to businesses trading while unregistered.

5) Cooperation between supervisors
Regulation 50 requires supervisors to take steps as appropriate to cooperate with other supervisory authorities, the Treasury and law enforcement in relation to the development and implementation of policies to counter money laundering. It must also coordinate activities with them to counter money laundering and terrorist financing. It must also cooperate with overseas authorities to ensure effective supervision of relevant persons linked to both that jurisdiction and the UK.

The OPBAS Sourcebook states that Professional Body Supervisors should:

  • take part in existing information sharing arrangements
  • actively share intelligence with other supervisors and law enforcement about active misconduct investigations
  • participate in inter-organisational sharing arrangements such as SIS (Shared Intelligence Service) and FIN-NET (Financial Crime Information Network)
  • nominate a single point of contact to manage their obligations
  • have arrangements to handle disclosures from whistle blowers
  • Cooperation and coordination in the development and implementation of policy

5.1 HMRC works closely with HM Treasury to develop AML policies that enhance the proportionality and effectiveness of the anti-money laundering and counter-terrorist financing regime. It has also taken many steps to cooperate and coordinate with other supervisors and law enforcement.

5.2 HMRC is an active member of several supervisory groups focussed on sharing information about typologies and supervisory practices. These groups include the Anti-Money Laundering Supervisory Forum, the Accountants AML Supervisory Group, and the Legal Sector Affinity Group, in addition to Intelligence Sharing Expert Working Groups. It has shared policy and best practice within these forums and the chairs of these groups state HMRC is a valued member of each. HMRC will continue to ensure they engage with all relevant supervisory group discussions.

5.3 HMRC has also participated in joint days of action with supervisors and law enforcement, in order to help drive up compliance and better tackle money laundering.

Case study
HMRC coordinated an MSB week of action with the Metropolitan Police Service and the Financial Conduct Authority (FCA). This day of action involved visits to 42 businesses in a high-density area, including 5 unannounced full interventions. Leaflets were delivered to all 9,000 MSBs in London and emailed to all registered MSBs. The Metropolitan Police Service, supported by HMRC tax officials, executed 12 warrants concerning 5 MSBs.

The day of action resulted in four warning letters; one penalty; the seizure of £100,000; and the arrest of two individuals.

5.4 Further work is needed to better understand the full impact of these days of action across the supervised population and how they could be improved. HMRC’s AMLS team is in the process of recruiting a behavioural scientist to support this further analysis.

International cooperation
5.5 HMRC is similarly involved in international supervisory groups. In particular, HMRC is co-chair of the International Supervisors Forum, part of the Five Eyes group, which aims to share thematic risks and best practice with the US, Canada, Australia and New Zealand. It is developing MOUs with these countries to support information sharing.

5.6 To date, HMRC has not been involved in work with European Anti Money Laundering supervisory groups, as this has been largely governed by EU directives. The self-assessment team recommends that HMRC consider whether it would be useful to have more contact with supervisory authorities in EEA states.

5.7 HMRC’s network of over 40 embassy-based Fiscal Crime Liaison Officers provide further support to investigations and information sharing requests by building effective relationships with the authorities in different states. HMRC’s AMLS team makes use of this network and is exploring whether it would be useful to expand its international outreach.

Information sharing between supervisors
5.8 The self-assessment team sought feedback from other supervisors as to how well they thought HMRC shared information. On the whole, this feedback was fairly good.

5.9 Only four of the Professional Body Supervisors (ICAEW, IFA, ACCA and SRA) responded with feedback on the AMLS team and HMRC more generally. In respect of the supervisory team, the feedback was broadly positive. Where potential improvements were identified, these were around improving the efficiency of its processes, speeding up the delivery of bulk requests and checking that responses always include all the information requested. They were less content with the wider HMRC information sharing in respect of, for example, VAT numbers.

5.10 The FCA and Gambling Commission provided largely positive feedback, though the FCA did cite a few isolated issues relating to information sharing on non-supervisory issues.

5.11 Given the responses covered both supervisory information sharing and wider HMRC non-supervisory information sharing, the self-assessment team has looked at both issues separately.

Information sharing linked to supervisory activity
5.12 In 2019 to 2020, HMRC’s AMLS team responded to 785 requests for information from other Supervisors and Law enforcement. The large majority of these requests were handled appropriately and within a reasonable timeframe.

5.13 HMRC is working to improve this information sharing service further, to address the concerns of other supervisors. It has already made improvements to the bulk data sharing process. Going forward, HMRC will also provide supervisors with better information on the progression of requests and if requests cannot be progressed, explain why this is to the supervisor making the request.

5.14 HMRC has also been developing processes to ensure more information is pro-actively shared with other supervisors. This work is due to be completed by June 2021.

Information sharing- non supervisory information
5.15 HMRC is bound by the Commissioners for Revenue and Customs Act 2005. Section 18 of this Act clearly states that HMRC cannot disclose information about tax payers except in certain prescribed circumstances, for example where there are other enactments allowing disclosure, such as Money Laundering Regulation R. 52. Making any unlawful disclosure of HMRC information could constitute a criminal offence punishable by a fine, a prison sentence or both.

5.16 HMRC can share more information with the Gambling Commission and FCA, given enactments providing gateways with both which allow some additional information exchange. However, Professional Body Supervisors do not have any additional gateways which would allow HMRC to easily share non-supervisory information, except in limited circumstances.

5.17 Determining whether a request meets the bar for disclosure is a lengthy process, and can cause frustrations for Professional Body Supervisors, particularly if the request is ultimately declined. Despite some changes recently made to speed the process up, it is not expected that HMRC will be able to share more non-supervisory information, more promptly, in the future in the absence of legislative change.

Information sharing with law enforcement
5.18 HMRC has a number of different avenues through which information can be shared with law enforcement, given information sharing gateways are in place. In 2019 to 2020, HMRC responded to 24,000 requests for information from law enforcement. It is not clear how many of these were related to AML supervision, although work is underway to help capture this data.

5.19 HMRC also has an extensive network of embedded staff sitting with police forces across the United Kingdom. In England and Wales, they sit in each of the nine Regional Organised Crime Units, as well as in Police Scotland, the Police Service of Northern Ireland, the City of London Police and the Metropolitan Police Service. Many of the Regional Organised Crime Units include Economic Crime Units staffed by police financial investigators and HMRC embedded officers interact with them frequently to facilitate the two-way exchange of intelligence.

5.20 Regional Organised Crime Unit embedded officers are able to provide real-time, urgent answers and consider requests where there is an immediate operational imperative. HMRC is working to ensure that all money laundering information requests come through embedded officers or existing information sharing gateways.

Participation in FIN-NET and SIS
5.21 The Sourcebook states that supervisors should participate in both the Financial Crime Information Network (FIN-NET) and Shared Intelligence Service, wherever possible. However, due to the restrictions imposed by the Commissioners for Revenue and Customs Act 2005, neither can legally be used to exchange information about businesses supervised by HMRC.

5.22 Although HMRC cannot share information about specific businesses at FIN-NET meetings, it can share information about themes and trends, as it does at other AML supervisor meetings. In order to discuss these issues and help build relationships with other members, HMRC has decided to re-join FIN-NET from February 2021, for a trial period.

5.23 Regulation 46 (2) requires a supervisor to encourage its members to take effective measures to encourage its own sector to report breaches of the provisions of the regulations to it.

5.24 HMRC has a dedicated whistleblowing system that allows individuals to report suspicious activity either via an online form or via a hotline. Dedicated teams in HMRC deal with this intelligence and have sophisticated systems in place to ensure the anonymity of whistle blowers.

5.25 HMRC promotes the use of the whistleblowing system in its communications to members and is considering other ways this information could be promoted.

6) Information and guidance for supervised businesses
Regulation 17 states that information from the risk assessment should be made public if it would assist relevant persons in carrying out their own risk assessments.

Regulation 47 states that supervisors must make up to date information on money laundering and terrorist financing available to relevant persons in any way it decides is appropriate. This information must include a description of the indicators that may suggest a transfer of criminal funds is taking place and a description of the circumstances where there is a high risk of money laundering and terrorist financing. This information must draw on a number of specified sources.

The OPBAS Sourcebook states that Professional Body Supervisors must:

  • provide information to members about the money laundering risks faced by their membership, consider how best to pass this information on, and consider how best to balance giving practical assistance with the need to protect sensitive information and intelligence
  • give guidance to members on how to meet their high-level obligations in AML

6.1 HMRC has published guidance for each of its main sectors, which sets out clearly how businesses can meet their obligations under the Money Laundering Regulations. The guidance includes an extensive list of the money laundering and terrorist financing risks that businesses might face. These risks are based on the relevant documents set out in Regulation 47 (3), as well as other international sources, law enforcement advice and HMRC experience in supervising the sector. The guidance is updated when necessary to reflect changes in legislation.

6.2 There is often a delay between changes in the regulations and the guidance being updated. These delays are not always down to factors within HMRC’s control, however HMRC is working with HMT to ensure that guidance is published more quickly in the future.

6.3 HMRC has provided a range of additional educational products to help industry comply with the Money Laundering Regulations. These include webinars, e-learning, email alerts, participation at events such as conferences, articles in national and trade press and information on GOV.UK.

6.4 HMRC’s AMLS team carried out 3 webinars in 2019 to 2020, each attended live by 144 people on average. Since 2015, it has delivered 26 webinars. These webinars have been viewed nearly 26,000 times.

6.5 In addition, HMRC has developed 2 digital online guides to help EABs and MSBs further understand what they need to do to comply with the regulations. This includes guidance on how to conduct customer due diligence and how to report suspicious activity.

6.6 In 2019 to 2020, HMRC emailed registered businesses on changes to the legislation, changes to guidance and information on the MSB week of action. It also sent an email on a change to a risk indicator. Businesses engage with these email alerts, as evidenced by an open rate almost 20% higher than the civil service benchmark.

6.7 Work is underway to help increase the impact of HMRC Promote activity, including through the recruitment of a behavioural scientist.

6.8 HMRC has a dedicated team that responds to queries from businesses on a wide range of supervisory issues, from advice on compliance with the Money Laundering Regulations to information regarding the processing of applications. Statistics relating to these queries are disseminated monthly, in order to ensure that leads are aware of any emerging trends and can act to address them.

Risk alerts
6.9 As stated above, all HMRC guidance includes a chapter on the money laundering risks to businesses. HMRC also sends emails to businesses advising them of new money laundering risks. However, HMRC has not previously had a systematic process in place to ensure all new and emerging risks are shared with businesses. A new process has been established, and, going forward, it is expected that new and emerging risks, including those identified by other government departments and law enforcement, will be shared more promptly with registered businesses.

6.10 In addition, HMRC has developed a new standalone risk document for each sector, which should help highlight risks for business and be easier to update quickly. Five of these documents have been published on GOV.UK. The document covering the final sector, AMPs, will be published by the end of April 2021. These documents will be updated when necessary.

7) Enforcement
Regulation 46(1) requires a supervisor to take necessary measures for the purpose of securing compliance.

Part 8 and Part 9 of the Money Laundering Regulations set out the powers that enable HMRC to enforce compliance with the regulations. The regulations state that HMRC’s civil penalties must be effective, proportionate and dissuasive. Enforcement action may take the form of financial penalties, either on the business or a person knowingly concerned in the contravention of the regulations. Enforcement can also include censure statements; cancellation or suspension of registration of the business; the suspension or prohibition of management or a criminal prosecution. The regulations set out the criteria that must be taken into account when calculating a penalty.

The regulations state that information about this penalty should be published, unless HMRC considers that it would be disproportionate to publish this information. HMRC must give businesses notice of their intent to publish this information.

The OPBAS Sourcebook says that Professional Body Supervisors should:

  • be ready and able to take appropriate action where members have failed to meet their obligations
  • have sufficient information gathering and investigative powers to effectively monitor and assess compliance
  • seek to remove the benefits of non-compliance and deter future non compliance
  • make enforcement action related to AML non-compliance public

HMRC use of Money Laundering Regulations sanctions
7.1 Following a review in 2018, HMRC decided that it needed to adopt a more robust approach to supervision. HMRC subsequently began work to ensure that the sanctions applied were commensurate with the breach. Part of this new approach includes increasing the value of financial penalties where necessary and making more use of the wide range of sanctions available, including:

  • censuring statements
  • temporary or permanent management prohibition
  • registration suspension or cancellation, and
  • criminal prosecution for breaches of the Money Laundering Regulations

7.2 HMRC considers which sanction is appropriate based on the facts of each case, and aims to ensure they are effective, proportionate and dissuasive, as required by Regulation 76.

Financial penalties
7.3 In 2015 to 2016, HMRC issued 1,153 supervisory fines, averaging £500. The vast majority of these (1,140) were registration penalties. By 2019 to 2020, the number of fines had fallen to 31, however the quantum of the penalties had increased substantially to £290,000 on average.

7.4 The significant drop in the number of penalties issued can almost entirely be explained by the decision in 2017 to 2018 to temporarily pause issuing registration penalties. These registration penalties were largely low in value, though easy to issue, and were not thought effective or dissuasive. It was felt staff resource would be better spent focussing on meeting the statutory obligation to complete all registrations within 45 days, as well as focussing on the larger penalties for more systemic breaches, which are considered to be more effective. Given changes to the sanctions framework (see below), which should make these penalties more effective, proportionate and dissuasive going forward, it is expected that HMRC will resume issuing more registration penalties shortly, where appropriate.

7.5 The average value of penalties hides considerable disparity between the sectors. In 2019 to 2020 the MSB and EAB sectors received larger penalties, including one MSB penalty of £7.8 million and an EAB penalty of £1 million. The HVD and TCSP sectors also saw an increase in the average penalty issued over the period, albeit on a smaller scale, reflecting their smaller size. Only ASP penalties did not increase significantly in this period. This was because these businesses are generally very small.

Temporary or permanent management prohibition
7.6 HMRC has previously been clear that this sanction should not be used lightly, given that it would deprive someone of earning their living in a regulated sector. This could explain why this sanction has not seen significant use historically, though the number of management prohibitions is now increasing.

Registration suspension and cancellation
7.7 HMRC has also previously been cautious when making use of this sanction. However, the use of this sanction has increased in recent years, to 89 cancellations being imposed in 2019 to 2020 for compliance breaches.

Censuring statements
7.8 HMRC has not yet issued a censuring statement in relation to a breach of the Money Laundering Regulations.

Criminal prosecutions
7.9 HMRC’s AMLS team refers cases for criminal prosecution where necessary.

Case study
HMRC identified a variety of failures under the Money Laundering Regulations at an MSB, Touma Foreign Exchange Limited, so took the following actions, in order to address the risk of money laundering and terrorist financing through the business and penalise it for its significant failures.

HMRC issued Touma a penalty of £7,832,155 for breaches under the Money Laundering Regulations for failing to carry out risk assessments; not having the correct policies controls and procedures; failing to adequately train staff; failing to undertake adequate customer due diligence; and failure to keep adequate records. HMRC also charged a £1,500 penalty administration charge.

HMRC also prohibited a shadow director from running a relevant business under the Money Laundering Regulations for five years and cancelled Touma’s registration with immediate effect.

7.10 HMRC’s supervisory sanctions procedures are in line with the regulations. In particular, businesses can ask for an independent review of any sanction decision. This is carried out by an independent Appeals and Review Team in Solicitors Office in HMRC. The business can also appeal directly to the First Tier Tribunal if they prefer. From 2015 to 2016, to 2019 to 2020, 105 cases out of 119 remained unchanged following the review stage. Over the same period, HMRC was successful in 12 out 15 cases taken to tribunal.

New sanctions framework
7.11 As seen above, HMRC has been levying higher penalties and made more use of the full range of supervisory sanctions since 2018. However, to help make the new approach easier to apply, HMRC published a new sanctions framework in August 2020.

7.12 The new framework should further ensure that financial penalties are consistently commensurate with the breach and that the full range of sanctions are regularly applied as appropriate, including temporary or permanent management prohibition; registration suspension and cancellation; and censuring statements. The self-assessment team therefore consider that the new framework will further ensure more effective and dissuasive sanctions, while maintaining proportionality.

Consistency of sanctions
7.13 HMRC sanctions are quality checked before issue by a panel of senior staff members. The panel’s aim is to ensure that the sanctions proposed are effective, proportionate and dissuasive and that the evidence relied upon in coming to the decision on the sanction is rigorously tested to ensure that it complies with the Money Laundering Regulations and published guidance. HMRC has recently revised the Sanctions Panel in order to make the process easier and quicker for staff to navigate, while still maintaining all the necessary safeguards and upholding high standards. It is expected that the changes, together with the new sanctions framework, should result in efficiency savings and more penalties being issued going forward.

Publication of sanctions
7.14 Since 2018, HMRC has regularly published details of sanctions online. HMRC gives businesses notice that the details of the sanction will be published and gives them the opportunity to make representations against publication. If publication is deemed likely to have a disproportionate impact on an individual or business, then the sanctions can either be published without revealing the individual’s identity or deferred until publication is no longer disproportionate. If a business appeals a sanction, then HMRC aims to make that clear on the published list within two days.

7.15 HMRC published details of cancelled and suspended registrations for the first time in January 2021.

8) Staff competence and training
Regulation 46 (2)(b) requires a professional body supervisor to ensure its employees have access, both at its offices and elsewhere, to relevant information on the domestic and international risks of money laundering and terrorist financing which affect its sector. In addition, the OPBAS Sourcebook says that supervisors should:

  • take steps to ensure that staff are equipped to take decisions on whether members policies, controls and procedures are appropriate
  • judge each case on its merits
  • provide ongoing professional development and consider if formal AML qualifications are necessary

8.1 HMRC supervisory staff are provided with extensive training when they join. HMRC has several bespoke learning routeways in place for most of these staff to help them navigate their training. The compliance routeway provides an introduction to compliance and includes courses on AML related topics such as audit, compliance and risk management functions as well as softer skills. However, most staff interviewed for the self-assessment stated that not all routeway courses felt directly relevant to supervisory work, and there was little that was specific to AML supervision. HMRC are currently developing more relevant, specific courses. The first of these new courses was made available in December 2020.

8.2 Formal training does not stop once staff have completed the routeway. They can also access further training as needed through the course of their career in HMRC, and measures have been put in place to more easily facilitate this.

On-the-job training
8.3 Compliance staff training also includes a significant element of on-the-job training, as staff are paired for interventions with more experienced members of staff. They are also assigned a Practical Training Officer, an experienced member of staff who can help guide them through cases. Line managers also help inexperienced staff through their cases. In addition, HMRC has recently increased the number of dedicated experts on each sector, which staff can call on for assistance where necessary. Most staff report that they are happy with the support given.

8.4 HMRC has consolidated written policies and procedures for some operational supervisory activity, known as desk instructions, to help them understand their roles. These desk instructions are updated regularly. The instructions are easy to find in the revamped knowledge library. This can be used to help support staff in their roles, at the beginning of their careers, as they are relatively high level.

Capability matrix
8.5 While most staff have engaged well with training, a minority have not been given the support they need. As there is limited data available in respect of training, it is often not clear to senior management at present how staff are progressing.

8.6 The new target operating model should help with this problem by providing better accountability and understanding by line management of training needs. HMRC is also developing a capability matrix for all AMLS staff to help address this problem. They are producing expected training profiles for each role, aligned with departmental standards for the HMG counter fraud profession, then asking managers to assess their staff against this profile. This will make it easier for managers to have conversations with staff about their training needs and provide visibility to senior management about where the gaps are and whether these gaps are being addressed. It will also help senior management better plan the allocation of resource to projects. The compliance capability matrix will be completed by June 2021.

Staff numbers
8.7 HMRC is keen to increase the number of interventions that can be undertaken. Following an increase to fees in 2019 to 2020, HMRC plans to sharply increase the number of staff available and trained for interventions by 15% by April 2021. COVID-19 and wider HMRC recruitment issues have slowed the hiring process, however once these issues are resolved, it is expected that the number of staff and therefore interventions will increase.

9) Record keeping and quality assurance
Regulation 46 of the Money Laundering Regulations requires a supervisor to keep written records of the actions it has taken in its AML supervision, documenting the reasons for action, including decisions where it has not acted.

The OPBAS Sourcebook states that supervisors should:

  • maintain records of significant decisions related to AML supervision, documenting the reasons for action. The documentation should be sufficiently thorough to allow ex-post understanding of the justification behind the decision
  • document their supervisory action to ensure an adequate record is maintained
  • subject their supervisory work and decision making to quality assurance testing in addition to managerial oversight

Record keeping
9.1 HMRC maintains records of each step in the delivery of a case, copies of all correspondence with the businesses, notes of calls and meetings, as well as a detailed record of the outcomes of interventions. HMRC records all the key details on the outcome of a case, including where no action was taken.

9.2 However, consistent data recording and quality has been identified as an issue. Improvements have been requested and progress on improving data is being closely monitored by the senior management team. It is expected that this work will deliver more reliable data by the end of March 2021.

Quality Assurance
9.3 HMRC has Quality Assurance checks at most stages of the Anti-Money Laundering supervisory cycle. The self-assessment team has focussed on the compliance Quality Assurance processes, given the vital role this plays in ensuring judgements and the standard of scrutiny are consistent. Each manager is meant to quality assure the work of their staff, however, there was some evidence that this was not being completed to a sufficiently high standard. Although this has not had an impact on sanctions issued, given the sanctions panel process, the lack of consistent Quality Assurance by managers has caused delays in that process. Since February 2020, compliance managers have reviewed each other’s Quality Assurance to ensure consistency in how the case is worked, data entry and outcomes across the teams. Quality Assurance standards are improving as result of these reviews, leading to improvements in the team.

ANNEX A – data tables
Summaries of key HMRC AMLS statistics, including interventions and outcomes, for the past five years.

Numbers of registered businesses

Accountancy Service Providers13,04013,27513,39512,21016,865
Estate Agency Businesses9,3239,90710,0897,99913,116
Money Service Businesses2,0971,8681,7881,3201,497
Trust or Company Service Providers2,6582,7351,7471,3781,629
High Value Dealers885737647347461
Bill Payment Service Providers596587240311
IT and Digital Payment Service Providers222833125173
Art Market Participants [1]36
Businesses carrying out TCSP activity [2]1,745867625817
Total registered businesses [3]28,08428,61527,78623,61932,827
1) Art Market Participants not under HMRC AMLS Supervision until 2019-20
2) Number of other businesses carrying out TCSP activity recorded from 2016-17
3) From 2019-20 the total number takes into account multi-sector registered businesses, therefore sector breakdowns will exceed total. In 2018-19 businesses that had not paid fees or renewed applications were excluded from the total of registered business

Numbers of premises

Accountancy Service Providers13,29213,63813,76212,38517,436
Estate Agency Businesses16,14716,73217,10815,06319,920
Money Service Businesses45,16845,27742,25137,19935,509
Trust or Company Service Providers3,6223,7182,6372,2562,781
High Value Dealers2,2702,3021,9731,3381,258
Bill Payment Service Providers6575100262328
IT and Digital Payment Service Providers232939154195
Art Market Participants [1]53
Total premises [2]80,58781,77177,87068,65777,480
1) Art Market Participants not under HMRC AMLS Supervision until 2019-20
2) From 2019-20 the total number takes into account multi-sector registered businesses, therefore sector breakdowns will exceed total.


Closed interventions

Desk Based Reviews (Closed Desk Based Interventions)6313232731311,012
Visits (Closed Face to Face Interventions)1,2171,5641,3231,265817
Policing the Perimeter cases closed [1]219
Total closed interventions1,8481,8871,5961,3962,048
1) Recorded as face-to-face or desk-based interventions between 2015-16 and 2018-19, then recorded as Policing the Perimeter cases from 2019-20

Intervention outcomes

Penalty values

Accountancy Service Providers£100,276.00£161,557.00£127,641.00£79,662.26£9,408.00
Estate Agency Businesses£268,471.00£633,220.50£489,124.00£349,705.54£1,072,010.00
Money Service Businesses£68,822.00£115,306.25£1,374,999.00£380,652.00£7,834,655.00
Trust or Company Service Providers£55,201.00£130,975.00£21,909.00£595.83£77,282.00
High Value Dealers£65,662.00£141,120.00£244,983.00£415,821.24£77,678.00
Bill Payment Service Providers£0.00£0.00£0.00£0.00£0.00
IT and Digital Payment Service Providers£0.00£0.00£0.00£0.00£0.00
Art Market Participants [1]£0.00
Total Penalty Values [2]£558,436.00£1,182,179.16£2,258,656.00£1,226,436.87£9,066,033.00
1) Art Market Participants only started to report from 2019-20 onwards
2) 2019-20 Penalty data includes Policing the Perimeter, Authorisations, face-to-face and Remote Compliance. There may be a timing difference in earlier data – from the issue of Penalty warning and post Sanctions/ Tribunal/Appeals

Numbers of financial penalties

Accountancy Service Providers3483242454316
Estate Agency Businesses656451327452
Money Service Businesses22382752
Trust or Company Service Providers112462138
High Value Dealers154235173
Bill Payment Service Providers00000
IT and Digital Payment Service Providers00000
Art Market Participants [1]0
Total penalty numbers [2]1,15390165511331
1) Art Market Participants only started to report from 2019-20 onwards
2) 2019-20 Penalty data includes Policing the Perimeter, Authorisations, face-to-face and Remote Compliance. There may be a timing difference in earlier data – from the issue of Penalty warning and post Sanctions/ Tribunal/Appeals

Numbers of non-financial penalties

Suspensions [1]3
Cancellations [2]589
Publishing Details of the Non-Compliant [3]1515
Prohibitions of Management (Regulation 78) [4]11
Public Censure [5]00
Warning letters438113128298406
Advice Letters339139125227517
Action Plans [6]240
1) Our first suspension was in 2019-20
2) Started to report cancellations from 2018-19 onwards
3) Published from 2018-19 onwards
4) This power was introduced in June 2017
5) This power was introduced in June 2017
6) From 2016-17, Action Plans were incorporated with warning letters, along with the table of failures, and were not recorded separately

Compliance ratings from interventions

Onsite visits/desk-based results (also known as face-to-face compliance closed interventions).

Compliant Rating – cases resulting in closure letter10936016795288
Generally Compliant – cases resulting in advice letter222110161227517
Not Compliant Rating – cases resulting in any sanctions including Warning Letter163485295350439
Informal action following onsite visits – Advice Letter or Closure LetterData not published / not availableData not published / not available161322805
Formal action following onsite visits – Any sanction imposed upon a business, including Warning Letters & Action PlansData not published / not availableData not published / not available295350439
Referral to another agency following an onsite or desk-based visit5214555

Referrals to Law Enforcement

Total Referrals to Law Enforcement5210132
Note: Total compliance ratings do not match total interventions – Agent/Branch cases/missing or ceased traders etc.

Times exercised other powers under Part 9

Regulation 66 Information requirements issued81623
Regulation 67 Requests to other foreign authorities001
Requests to foreign authorities under regulation 68201
Regulation 69 entry without a warrant063
Regulation 70 entry under a warrant000
Data not recorded prior to 2017-18
Data provided as a total breakdown not as a sector breakdown

Applications to register

Applications received close to year-end will be included in following year’s totals (some applications are withdrawn or are subject to scrutiny).

Application to register4,8994,3145,6917,56010,462
Approved application to register3,0822,7443,3888,38410,564
New applications cleared within 45 days [1]72.34%72.14%
Actions taken for non-compliance as a result of application to register (Regulation 60) [2]000
Refusals (Regulation 59)1566122184410822134
Refusals (Regulation 26) [3]96613272027
1)Pre 2018-19, AMLS data reporting did not allow us to differentiate between processing times for new applications and renewals
2) Not recorded prior to 2017-18
3) Commenced from 2017-18

Responses to Other Supervisory Bodies

Responses to Other Supervisory Bodies & LEAs Requests785

Customer engagement

GOV.UK web traffic

GOV.UK Guidance page views305,826532,565745,794506,331485,428
GOV.UK Publications page views119,073126,926115,49162,40188,349
GOV.UK Manuals views [1]4,958
GOV.UK Topics views [1]55,926
Total GOV.UK page views424,899659,491861,285588,877634,661
1) GOV.UK Manuals and Topics were only available from 2019-20


Emails to customers: Welcome email sent (not discounting the number undelivered)3,3622,7923,38815,83912,051
Emails to customers: Alerts/Information sent (not discounting the number undelivered)13,664131,772230,79715,697196,093
Emails to customers: Renewal Reminders sent (not discounting the number undelivered) [1]42,61633,584
1) Data unavailable – no renewal reminders sent online until 2018-19


Participation during session1,8898982,6321,055431
Total access recording1,9103,77710,0584,2275,869

Supervisory staff numbers and income

Staff numbers156.75200.86197.49205.47265.5
Annual income£9,660,880.00£10,650,337.85£11,802,850.00£11,451,933.00£16,375,975.00

ANNEX B – Promote, Prevent, Respond
HMRC bases all its compliance activity on the ‘Promote, Prevent, Respond’ approach:

  • Promote compliance by designing it into systems and processes, helping businesses get things right from the very start
  • Prevent non-compliance by using available data to spot errors and issues, provide support, and block criminal applications
  • Respond by identifying and targeting the areas where there is the highest risk – and using tough measures to tackle those who do not comply with the rules

Article credit: