ECSH85575 - Using the correct legislation and guidance

When considering whether you can impose a sanction, it is important to confirm that the breach being considered was a relevant requirement at the time you consider the breach to have occurred.   

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) came into force on 26 June 2017 and have been amended since then. It is important that you always view the latest version of  MLR 2017 available from legislation.gov.uk rather than a printed copy or version. Doing so enables you to view changes to MLR 2017 over time, along with the date each amendments was made so you can determine when a relevant requirement came into or out of force. The same principal applies to other legislation that you may impact on your case. You can find more information in ECSH20000, including key changes in MLR 2017.

The starting point is to be satisfied  that the business was, or is, within scope of MLR 2017, as set out in regulation 8 MLR 2017, and the date they were required to comply with the relevant requirements of MLR 2017, by referring to the ECSH82775. When gathering evidence, you must know if the guidance you are using was available to the business at the time of the breach. Knowing what guidance was available to the business at the time of any breach you have identified will also help you decide the appropriateness of any sanction you intend to impose for the breach.   

Changes to MLR guidance on GOV.UK are shown at Anti money laundering supervision: latest documents - GOV.UK (www.gov.uk).

Each topic within the list of guidance in Business tax: Anti money laundering supervision - detailed information - GOV.UK (www.gov.uk) show the date the guidance was first published, along with a summary of updates.

EC-S may also issue alerts regarding new or emerging risks. These may strengthen evidence that a business should have taken action but failed to do so. Communications are sent via IMI (formerly GovDelivery) emails to the email address provided by the business in their registration information.  It is therefore important to confirm the business is receiving IMI emails during a compliance check. If not, you need to establish the reasons for this and take any corrective action, for example, asking the business to update its email address and considering if a type 3 penalty for failing to update a material change is appropriate.

You can review copies of the external comms in the EC-S Knowledge Library Communications section.