Global menu

Our global pages


FCA discontinues half of its investigations into criminal breaches of UK money laundering regulations since January 2020

  • United Kingdom
  • Financial services disputes and investigations
  • Fraud and financial crime
  • Litigation and dispute management


New figures from FCA reveal that half of its investigations into breaches of money laundering regulations have been discontinued since the beginning of 2020. We review the current criminal enforcement landscape and take a look at the numbers of investigations in more detail.


UK businesses in the regulated sector are required to comply with the Money Laundering Regulations 2017 (MLR 2017), stringent rules relating to the management of money laundering risk which govern the conduct of financial and credit institutions, lawyers, tax advisors, casinos, estate agents, and art intermediaries. The MLR 2017 contains a number of prescriptive requirements including obligations to: establish each client’s identity, and to verify that information through customer due diligence checks; risk assess individual clients and the firm’s business more generally; implement systems, policies, controls and procedures to address money laundering and terrorist financing risk and to apply them across the firm’s group structure; perform ongoing monitoring of client relationships and transactions; and provide training to staff and keep adequate records.

The requirements of the MLR 2017 are onerous and far-reaching, and a wide variety of AML compliance failings might conceivably be caught. A sizeable advisory industry has grown up around the regulations, with lawyers and consultants regularly being instructed to help firms to apply the rules to a commercial environment.

Compliance with the regulations is overseen by various bodies, according to area of regulated business. Chief amongst these is the Financial Conduct Authority (‘FCA’), responsible for the conduct supervision of UK regulated financial services firms, with HMRC, the Gambling Commission, the Law Society and a host of other accountancy and other professional body supervisors exercising oversight of their own respective sectors.

Civil or Criminal Enforcement?

The MLR 2017 and its predecessor regulation, the MLR 2007, both provide for both civil and criminal enforcement. This means the relevant regulator may open a criminal or a civil investigation into AML systems and controls issues, and that any finding or admission may be dealt with using criminal or civil sanctions.

The civil penalties for breaches are wide-ranging. Punitive fines may be imposed where significant breaches occur; a firm’s authorisations may be suspended or cancelled; individuals may be prohibited from carrying out various controlled functions; and findings and sanctions can be published, leading to reputational impact.

There are separate provisions for criminal enforcement. Regulation 86 of the MLR 2017 makes it a criminal offence for a person (legal or natural) to contravene a relevant requirement under the regulations, punishable by up to two years in prison, or a fine, or both. A person may avoid a conviction if he can show that he took all reasonable steps and exercised all due diligence to avoid committing the offence. Directors and officers who consent or connive in such breaches, or whose wilful neglect has contributed to infringements of the regulations, may be guilty of separate criminal offences, also punishable by imprisonment.

Deciding which avenue of investigation to pursue (criminal or civil), may sometimes be difficult at the outset. For that reason, some investigators, notably the FCA, make use of a ‘dual track’ approach. This is where the law enforcement agency retains the ability to treat relevant breaches as either incurring criminal or civil liability while its investigation progresses. Dual track investigations allow the regulator to keep all options open whilst examining potential shortcomings in AML systems and controls. Breaches that turn out to be difficult to prove to the criminal standard may nonetheless justify a civil penalty or regulatory action. Whilst the dual track approach may create separate issues over admissibility in a subsequent criminal case should the investigation reveal clear proof of criminal wrongdoing, it is nonetheless often regarded as a good way of allowing for assessment of all the evidence before determining the most appropriate regulatory response.

Criminal prosecutions

The threat of criminal prosecution has long been held over regulated businesses as the ultimate sanction for breaches. Yet, as we revealed last year, the prospect of being brought before a criminal court for breaches of the MLR is remote. No prosecutions have yet been initiated under the MLR 2017 by any regulator, and the MLR 2007 is very lightly used with just one prosecution in 2019. Looking further back, between 2007 and 2012 there was only one prosecution for a failure to comply with those regulations, and between 2013 and 2017 there was an average prosecution rate of approximately one a year.

The details of previous prosecutions for breaches of the MLR 2007 are difficult to establish. Repeated requests of HMRC, the CPS and the MOJ have been unsuccessful in revealing the nature of the infringements, the sector involved, the role of the person prosecuted or the rationale for the sentence applied. Nor have we been able to identify any published material which provides guidance as to when a matter is sufficiently serious to justify criminal enforcement action. In such circumstances, it is very difficult for regulated businesses to understand where the line may be drawn between criminal and civil cases.

Prior to 2015, the FCA generally preferred to use its regulatory enforcement powers than to investigate MLR breaches on a criminal basis. The civil standard of proof is easier to satisfy than the criminal standard, and regulatory investigations tend to be quicker, cheaper and less of a drain on resources. It is also worth noting that the fines imposed by way of civil penalty tend to be considerably higher than those imposed in criminal proceedings in financial crime cases.

However, the FCA has in the last few years signalled its resolve to use criminal powers to deal with the most egregious MLR breaches. The FCA Director of Enforcement, Mark Steward, speaking at GIR Live on 4 April 2019, addressed the revelation that there had been no prosecutions under the MLR 2017 during his tenure. His view was that time had come to

‘ [give] effect to the full intention of the Money-Laundering Regulations which provides for criminal prosecutions…This does not mean every investigation where we think there is a case to answer will or should be prosecuted in this way. I suspect criminal prosecutions, as opposed to civil or regulatory action, will be exceptional. However, we need to enliven the jurisdiction if we want to ensure it is not a white elephant and that is what we intend to do where we find strong evidence of egregiously poor systems and controls and what looks like actual money-laundering.’

Steward’s desire to ‘enliven the jurisdiction’ has not yet borne fruit in terms of FCA criminal prosecutions for breaches of the current regulations. But what about investigations? With this question in mind, we sought further information from the FCA as to its current criminal/civil investigation caseload through a Freedom of Information Act request.

Current investigations into criminal breaches

Noting that the FCA has delayed the publication of its annual report this year because of the coronavirus pandemic, [1] we started with last year’s figure of 88 open investigations into financial crime matters. [2]

The FCA’s figures reveal:

  • Only one single track criminal investigation into breaches of the MLR is now ongoing.
  • It is currently investigating six dual track investigations into breaches of the MLR
  • Five single and two dual track investigations into breaches of MLR have been discontinued since January 2020

Whatever the current figure for open investigations into financial crime matters, the FCA’s response makes plain that the vast majority of its investigations into potential breaches must be solely civil in nature. On the face of it, this appears to be consistent with Mark Steward’s observation that criminal prosecutions by the FCA of MLR breaches should be ‘exceptional’. But, looking more closely at the statistics, it is particularly interesting to note that the FCA appears to have discontinued half of its portfolio of criminal investigations into MLR breaches since the beginning of the year, and more than 80% of its single-track criminal investigations.

Whilst caution should be exercised in drawing conclusions from such small numbers, commentators may be surprised to note the direction of travel so recently after Mark Steward set out his stall on criminal investigations in early 2019. This may be evidence of the FCA’s gradual realisation that prosecuting breaches of the MLR to the criminal standard is very far from straightforward; that it is much quicker, easier and less expensive to pursue a civil outcome against regulated firms for breaches of MLR; and that, in view of the nature of many of the breaches under investigation, a civil/regulatory sanction is invariably the more proportionate outcome in any event.

Eversheds Sutherland’s FSDI team has a market-leading advisory presence in this area, having acted for clients in four of the seven discontinued investigations, and currently advising in two of the seven live single/dual track open investigations.





For more information, please contact: