Sharing is caring: UK government issues guidance on sharing information within corporate groups for AML purposes

The UK government published a statement on 12 May 2020 that provides guidance to international corporate groups on sharing information across borders to assist in anti-money laundering (AML) and counter-terrorist financing (CTF) efforts.

Summarised briefly, this is a reminder from the UK government that it considers information-sharing to be crucial to effectively combatting financial crime and that the Financial Action Task Force (FATF) has previously published guidance on the practice, which it approves. Companies are actively encouraged to ensure they share information across borders for AML/CTF purposes. We commented recently on the warning by FATF that Covid-19 and the response to it is leading to increased money laundering and terrorist financing risks. This announcement does not relate to this specifically, but shows how high on the international agenda AML and CTF continues to be.

The UK government has reviewed FATF’s guidance and endorses it, commenting that it “affirms the value of well-governed information-sharing”.

Specifically, the statement provides that companies should seek to share information across borders as effectively as possible because:

• information sharing on a group-wide basis enables global risk assessments, which corporate groups should undertake;
• group-wide policies should result in better mitigation of risks, for example by enabling better monitoring; and
• by sharing information within a group, regulated entities should be better able to perform customer due diligence and file higher quality suspicious activity reports.

Some practical steps companies might take arising out of this statement include conducting reviews to ensure that:

• effective information-sharing mechanisms and procedures are in place that are targeted at improving group-wide AML/CTF;
• the foreign operations of UK-based groups meet UK requirements for AML/CTF controls, to the extent the laws and regulations of those foreign jurisdictions permit; and
• any data shared from the UK is done in compliance with GDPR and the Data Protection Act 2018. Separate guidance has been issued by the Information Commissioner’s Office on this subject.