The new Money Laundering Regulations that come into effect on 15 December affect a significantly larger number of companies, and require them to do substantially more, than the 2003 rules that they replace. Despite a relatively long preparation time, business advisers report a last-minute upturn in calls for assistance with compliance, owing to the extent to which requirements have deepened and application has widened.

"The new rules extend the number of firms covered, and what they must do to comply. If you’re a compliance director, you have to take it seriously," says Malcolm Parker, international programme director for Dun & Bradstreet UK and Ireland, one of the organisations that has invested heavily in compiling the data companies need for rapid compliance.

Among the most significant changes:

More companies are routinely covered
The 2003 regulations were mainly confined to banks and other financial institutions, on the basis that theirs are the channels into which launderers are trying to channel their money. Other businesses could rely on banks to trap suspicious transactions not detected earlier.

Now the list of businesses directly covered by the regulations is considerably longer, covering almost every business service where large sums of money are supervised or financial arrangements are discussed – including accountants and auditors, tax advisers, insolvency practitioners, estate agents, independent financial advisers, fund trustees, and casino operators.

Every company must comply over certain transactions
Any high value cash deal - defined as over EUR15,000 (£10,800) - comes under the regulations, regardless of the sector in which it takes place. This sum can arise from "a transaction or several linked transactions," so a sequence of smaller cash deals by one individual or organisation must also be watched.

A company's rules must be able to pick out and probe unusually large transactions (even under this ceiling), unusual transaction patterns and transactions that don't appear to have a corresponding flow of legitimate goods or services, as well as checking the background of individuals and companies involved in transferring large sums.

Compliance is a more active process
In the early days, there was little need to go to more than one source for an identity check, and details supplied by clients themselves were often adequate to give the necessary clearance. Now the required action is much tougher, and businesses must be able to show that they have taken all reasonable action to detect any transactions that might constitute laundering. "Instead of ticking boxes, it’s now up to regulated firms to write rules-based policies based on the regulations and to redesign their procedures around those rules," says Dun & Bradstreet’s Parker.

Guidance drawn up for accountants by the Institute of Financial Accountants (IFA) illustrate the scope of the internal rulemaking now required: "Policies and procedures will need to deal with (a) Customer due diligence and ongoing monitoring (b) Reporting (c) Internal Control (d) Risk assessment and management and (e) How compliance is to be managed and monitored and how the policies and procedures are going to be communicated within your practice."

The law applies to corporate as well as individual clients
Checks must now be applied not only to individual clients, but to companies with which business is transacted, including partnerships. The law has been widened in response to money launderers' discovery that they could evade the earlier regulations by setting up a company. Regulated businesses must now make sure that the firm they are dealing with is genuinely registered, and deriving its revenue from legitimate activity.

This means checking not only the client company's registration and address details, but also the individual details of the main people behind it – all people holding more than 25% of the equity or voting rights, and anyone else who may have a controlling interest. To be safe, these need to be cross-validated against more than one independent source. There is also a need, D&B's Parker points out, to check companies and associated individuals against sanctions lists – as maintained by the US Treasury’s Office of Foreign Assets Control (OFAC), as well as by the Bank of England.

Records showing that checks were made must be kept for at least five years, and companies have a duty to communicate the law, and their procedures based on it, to all employees.

The penalties for non-compliance could be severe
Although a first offence is unlikely to mean criminal procedures against the managers involved, or punitive action against their company, the punishment for failing to impose sufficient anti-laundering safeguards are in principle severe. Anyone found complicit in conducting or facilitating the transfer of criminal proceeds can be imprisoned for up to 14 years and fined an unlimited amount.

The penalty for not alerting the authorities to money laundering when there are "reasonable grounds for suspicion" is up to 5 years in prison, and an unlimited fine. This penalty can also apply to someone found to have "tipped off" a suspected money launderer, or acted in any way that prejudices their prosecution and conviction.

These are on top of litigation for damages, and damage to reputation, that a company could suffer if shown not to have acted adequately to prevent people cashing in on proceeds of crime.

Red tape… with a silver lining
Where companies to which the new regulations apply have been slow to implement them ahead of next Friday, 'compliance fatigue' as well as negligence may be part of the explanation. This could be especially true of organisations in the financial and legal sectors, already grappling with the implementation of the Markets in Financial Instruments Directive (MiFID) which took effect last month.

But the procedures recommended for compliance with the anti-money-laundering regulations do not look dissimilar to those for MiFID and other recent codes, including those for fraud detection, accounting transparency and internal risk control. "If you know your client well and understand your instructions thoroughly, you will be better placed to assess risks and spot suspicious activities," notes the Law Society in its guidance note to solicitors about the new rules.

Companies have long been urged to know their customers, and more recently taught to assess their customer profitability. It’s a logical connected step to know that the profits are from legal and sustainable sources. You may have to pay a third party to get the necessary checks, but there could be other useful knowledge in return.