header image


Diligence and integrity risks in a recovering world – fraud, corruption and cybercrime explored through a new lens.

Download report

After almost 50 years of regulatory alignment between the United Kingdom and the European Union, the UK’s exit from the bloc presents significant challenges to compliance practitioners and their businesses in the realm of anti-money laundering (AML) and combatting the financing of terrorism (CFT).

Long-established, fundamental diligence processes may become inadequate overnight, opening companies up to regulatory scrutiny and legal liabilities. Moreover, criminal networks and other bad actors are doubtlessly already prepared to exploit emerging vulnerabilities, creating a risk of significant fraud, reputational damage, and other losses, even as most businesses adopt a “wait-and-see” attitude in the face of the political uncertainty surrounding the Brexit deal process. Brexit prognostication has rarely proved accurate, but there is sufficient information regarding the history and future of UK/EU approaches to AML and CTF to allow proactive practitioners and businesses to begin preparing for a range of outcomes.


The UK officially left the EU on 31 January 2020, and though the COVID-19 pandemic has since knocked Brexit off the front pages, negotiations surrounding the future relationship between the UK and the EU have continued, as has the countdown to the end of the Brexit transition period on 31 December 2020.

In the interim, the EU’s Fifth Anti-Money Laundering Directive (5AMLD), the latest in its periodic omnibus regulations intended to address evolving AML/CTF risks, came into effect on 10 January 2020. As an EU member state on that date, the UK was party to 5AMLD, which created various new legal requirements related to transparency in beneficial ownership, communication between compliance practitioners and the European Central Bank, identifying and defining politically exposed persons (PEPs), and quantifying risk in ‘third countries’, while also allowing financial intelligence units (FIUs) greater access to client information when required.




5AMLD had already been transposed into UK law via the Money Laundering and Terrorist Financing (Amendment) Regulations of December 2019, which amended the pre-existing Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations of June 2017. Indeed, the 2019 regulations went some way beyond the requirements of 5AMLD. British innovations upon the framework included extending the scope of persons subject to the 2017 Regulations to include crypto-asset exchange providers, high-value-property letters, and art dealers, as well as creating a registry of crypto-asset businesses.


The UK also created bank account “windows” – mechanisms for FIUs and national regulators to view a bank account’s contents and history – and increased the rigour of due diligence requirements by mandating that affected parties undertake reasonable measures to understand their clients’ ownership structures, and to verify the identities of counterparties and their relevant managers. This has required many organisations operating in the UK either to begin undertaking due diligence activities for the first time, or to expand their previous approaches to fulfil their new obligations with regard to ownership, structuring, and identity verification.


"Many organisations operating in the UK have had to either begin undertaking due diligence activities for the first time, or expand their previous approaches to fulfil new obligations."


As a result, we have observed an increase in demand for intelligence on corporate structures, the tracing of beneficial ownerships, and determining the ultimate controllers of their counterparties. As an example, we recently mapped out the complex corporate structure behind a new vendor to a major global retail chain, which revealed that the individuals behind the prospective vendor were notorious for defrauding similar companies.



As part of the EU-UK Withdrawal Agreement, the UK agreed to be bound by 5AMLD until the end of the Brexit transition period on the 31st December 2020. If there is a Brexit deal, one of the conditions will likely be the UK accepting 5AMLD permanently, which is already the default outcome in UK law. Even in the case of a No-Deal Brexit on 1 January, the 2019 Regulations will remain UK law and the UK will continue to apply 5AMLD, at least for the period until any replacement is formulated and passed through Parliament. However, it will also be subject to 5AMLD in new ways after a No-Deal Brexit, something to which European businesses, used to frictionless interaction with UK counterparties, might be unaccustomed. In particular, the 5AMLD-derived regulations in EU states will require EU parties to treat the UK as a ‘third country’, necessitating that they run enhanced due diligence on UK counterparties, rather than simple verification and document checks.


"In the event of a No-Deal Brexit, the 5AMLD-derived regulations in EU states will require EU parties to treat the UK as a ‘third country’."


If there is a No-Deal Brexit, the UK will have to decide whether to continue conforming to 5AMLD after the period agreed to in the Brexit transition period. More generally, post-Brexit UK policymakers will need to balance between the benefits to business with Europe of hewing to future EU AML/CTF legislation, and whatever advantages can be derived from the UK’s individual approach. Buccaneer Brexiteers and nervous European regulators alike have foreseen a future in which a low-tax, lightly regulated London – Singapore-on-Thames – engages its continental competitors in a destabilising regulatory “race to the bottom”.


No-Deal Brexit



The UK’s ultimate attitude will doubtless be a product of the politics of the coming months, but for now at least, British policymakers have not embraced the Singapore-on-Thames model, viewing further strengthening of transparency and the existing preventative frameworks as the best way to maintain the City of London’s competitive edge and repair some of the damage the UK’s haphazard internal approach to Brexit has done to its reputation as a safe and stable market, whether there is a Brexit deal or not. This has been visible in the British government’s reaction to the Sixth Anti-Money Laundering Directive (6AMLD), the successor to 5AMLD, which will come into effect on 3 December 2020 and must be implemented by EU financial institutions by 3 June 2021. Motivated by a number of recent terrorist attacks in Europe, 6AMLD introduces a package of CTF-focused improvements upon 5AMLD, including tougher prison sentences, a unified European definition of predicate offenses, and the extension of criminal liability for CTF to legal persons, such as companies.


"The EU and UK frameworks will continue to be united by the same core aims – ensuring security, preserving stability, and maintaining market and consumer confidence."


Now it is outside the EU, the UK is not required to integrate 6AMLD into its own laws. However, the UK’s government’s rationale for not doing so is not simply that it doesn’t have to, but that 6AMLD doesn’t go far enough in meeting the UK’s AML/CTF ambitions. Some aspects of 6AMLD – including a new offence of ‘aiding, abetting, inciting, or attempting’ money laundering, which many EU business leaders have criticised as onerous and unworkable – UK firms may be glad to avoid. But the majority of 6AMLD’s core features are redundant in the UK, having already been in place via UK domestic legislation for years before they were proposed in Brussels. It is a reminder that for all the heady visions of Singapore-on-Thames, regulatory divergence do not necessarily mean a “race to the bottom”. The UK has wider domestic and international priorities that will still inform its approach to AML/CTF regulation after Brexit, and the EU and UK frameworks will continue to be united by the same core aims – ensuring security, preserving stability, and maintaining market and consumer confidence – even if the post-Brexit UK adopts certain variations more amenable to its economic situation and business needs.


This will, however, mean a more complex regulatory landscape for businesses and practitioners to navigate, in which one-size-fits-all diligence strategies, which functioned effectively while the UK was an EU member-state, risk either undershooting new requirements or overdelivering in ways that cost unnecessary time and money.

In the short to medium term, confusion and delays in the implementation of whatever framework is ultimately decided upon may increase the risk of money laundering and other financial crime in the UK and EU. Compliance practitioners should be alert to bad actors seeking to exploit any period of uncertainty in the new year. While we await the final deal outcome, it is a good moment for organisations to map out a plan of action in the event of any regulatory divergence that emerges, and review processes to ensure they will continue to meet their needs across a range of outcomes.

To discuss this article or other industry developments, please reach out to one of our experts.

Felix Cook
Felix cook Associate Email Felix
Harriet Lord
Harriet lord Director Email Harriet


In our latest report, we examine a cyber incident from the perspective of several key stakeholders.

Download Report