By PJ Di Giammarino, CEO JWG and Chair RegTech Council
- 10 January marked the first day of 5MLD in the EU with new UK procedures announced
- JWG has been out in front of tough new UBO data quality requirements
- RegTech offers exciting opportunities to reduce operational pain and increase safety
- The RegTech Council is convening a working group on 30 Jan to discuss a market-wide initiative
- You are invited to hear the ICO and FCA discuss future plans at our annual conference on 7 Feb in London
On Friday, 10 January the 5th Money laundering directive (5MLD) obligations came into force which means data collection and risk assessment rules are now front and centre for the industry.
Thousands of compliance and operations staff are scrambling to adapt to new technical requirements. RegTech, the lifeblood of compliance, presents an exciting opportunity to help.
5MLD in the UK
As we wrote shortly after the Directive became law in April 2018, bad activity is made possible by our inability to track networks which exploit the financial system. The new law will help put in place a network to defeat a network, but not overnight.
As ever, we can expect this directive to be implemented across Europe in a staggered fashion. In the UK, the statutory instrument was passed by the new government 2 days before Christmas and the FCA duly updated its website before the New Year.
The new law changes the game by requiring the network to report to the registrar any discrepancy they find between information relating to the beneficial ownership of the customer and the registrar. The law gives the power to the registrar to “take such action as they consider appropriate to investigate, and if necessary, resolve the discrepancy in a timely manner.”
The new system in the UK was announced on the Companies House website the day it went live – much to the chagrin of the compliance specialists who have been looking for answers about how to do this for months.
Financial institutions, auditors, accountants, tax advisors and other obliged entities, must report a material discrepancy via a new portal for new business relationships set-up from 10 January 2020. The report should be filed ‘as soon as reasonably possible,’ Bulk updates on a periodic basis is not permitted as this would delay updates to the register.
Companies House will investigate each discrepancy and if it is valid, they will contact the company to ask for their comments and request that they resolve the discrepancy. The company will not be informed that a discrepancy report has been made and Companies House will tell the obliged entity the outcome of our investigation. In short, the network must exchange more information on the status of the actors in the financial system on a more frequent basis.
The AML UBO RegTech opportunity
For nearly 2 years, JWG’s dedicated RegTech Special Interest Groups (SIGs) have brought the industry together to discuss how to best fulfil this obligation by leveraging the latest technology.
Through the RegTech Council, we have worked directly with regulators and participated in the FCA’s global AML and Financial Crime TechSprint over the summer, to put forward a user case on universal beneficial ownership (UBO) with the hope that new technology could be proven to meet the needs of Article 30 of the 5MLD – the one Companies House has just implemented.
This summer, team Citadel was the winning solution in the TechSprint out of ten teams. The group came together to develop a method that banks could use to share information on 4 million UK companies in a safe and sensible manner. Citadel’s vision is to use homomorphic encryption, fuzzy logic and machine learning to identify discrepancies between firms’ datasets which are held in different places on the same customer. Once these differences are identified and judged to be materially significant, Citadel could then work with Companies’ House via an API to reconcile information.
This would drastically reduce the number of times the registrar is notified of a discrepancy report. The FCA website notes that this same approach is currently being taken in the UK medical system for even more sensitive data. Citadel [video]
Next steps for an industry
Following the TechSprint, JWG has been working with all parties to define a path toward digitization of the UBO management process.
On 30 Jan we will discuss the aims of a collaborative project which will work across regulator and regulated to align on UBO policy, system requirements, RegTech/data policies and the need for a test lab:
- Align on UBO policy objectives. Agree the objectives necessary to prevent massive amounts of non-productive and distracting, low value work at a fraction of the cost and time each firm currently spends independently
- Mutualise interpretation of implementation requirements. Agree a common policy for identification, transmission and acknowledgement of customer status
- Define common system FRD. Reduce the time to market and lower operational risk by building a reference functional requirements definition
- Shape reference UBO RegTech policy. Work with legal/ ICO to define appropriate AI and Data policies
- Establish a test lab. Provide infrastructure and data to support an end-to-end testing at a fraction of the cost
The conversation will not end there, 5MLD also requires that we support interconnection between registries (31a) for discrepancy reporting and how proof of registration will work. We could also extend the discussion to address trusts (31.5) and bank account register (BAR – 32a).
If you are dealing with 5MLD UBO issues, please let us know if you’d like to register for a workshop with the FCA and Companies house in Canary Wharf on 30 Jan. Please email email@example.com.
On 7 February at our RegTech 2.0 conference in London we will have a rich debate between public and private sectors about how to win in the decade ahead.
If you would like to join over 50 regulatory, banking and technology institutions already registered including the Bank of England, FCA, ICO and many more, please register here: http://regtechconference.co.uk/ or contact Corrina.firstname.lastname@example.org