New Government guidance for regulated firms on AML and customer information sharing
Guidance published this month by the UK Government is designed to support firms in the UK financial sector to share customer information more easily in the pursuit of the prevention and detection of economic crime.
Link to article
Key facts:
- The UK Government has issued guidance for anti-money laundering regulated firms on the voluntary information sharing measures contained in the Economic Crime and Corporate Transparency Act 2023 (the “Act”).
- The guidance should help support anti-money laundering regulated firms use the information sharing provisions in the Act, which allow for ‘direct’ and ‘indirect’ information sharing to prevent, detect and facilitate the investigation of economic crime.
- The guidance contains information on the legislation’s policy intent and the direct and indirect information sharing provisions and offers some practical considerations for regulated firms on cross-sector information sharing, law enforcement reporting, data protection compliance, technical solutions and customer redress.
- Other legal obligations arise when firms share information. For instance, firms must not forget the data protection regime, potential reporting requirements under the Proceeds of Crime Act, and other regulatory obligations under the FCA’s Principles of Businesses. Where appropriate, they should also consider fraud referrals to Action Fraud and other relevant agencies.
Key takeaways:
- Under the Act, and so long as certain conditions are met, a firm in the AML regulated sector can share information with another firm to prevent, detect and investigate economic crime without risking civil liability for possible breaches of confidentiality.
- The new information sharing provisions have been introduced by the government to ensure that information is shared as often as possible. The hope is that regulated firms will form a “network view” of the economic risk, thereby being in a better position to take preventative action and disrupt illegal activity.
- Suspicious activity and fraud reporting accuracy may be improved because regulated firms will have richer information sources.
- The government encourages the use of direct and indirect information sharing between all businesses in the AML regulated sector. Direct information sharing enables a firm in the regulated sector to share information with another firm directly, or via a third-party platform or mechanism. Indirect sharing can happen through businesses in the financial sector, crypto asset exchanges and others. The guidance states that a third-party intermediary may also provide customer information analysis and data to firms.
- The measures in the Act are limited to UK-based information sharing. The disapplication of civil liability in the legislation would therefore not apply to sharing information outside of the jurisdiction.
- Technical solutions for information sharing are not specified in the guidance, but it offers some practical suggestions such as the use of application programming interfaces, undertaking pilot exercises, and developing single point of contact lists within and across sectors.
- Cross-sector sharing is supported and regulated firms are advised to align typologies of economic crime where possible, between sectors.
- The guidance states that regulated firms, statutory and non-statutory PBSs and trade bodies are advised to consider how they can apply the overarching principles in the guidance to publish their own sector specific advice.
- Firms are advised to undertake assurance reviews and risk assessments to mitigate GDPR risk, to keep an audit trail of information shared to assist customers with possible complaints and redress, signpost complaints processes and treat the consumer appropriately during a complaint.
Link to article