The EU's Fifth Directive on Anti Money Laundering (AMLD5) will have a major impact on the UK's trusts register, greatly widening the class of trusts that will need to be registered, and at the same time providing new scope for public access to information on the register.
The government has just opened a technical consultation into changes to the regulations that govern when trusts must be registered, what information must be included on the register, and who can access it. The closing date for responses is 21 February 2020, less than 20 days before the changes are required to be made under EU law.
While it is troubling to see yet another piece of rushed legislative reform, some comfort can be drawn from the consultation document. One issue which has been particularly concerning to advisers with international clients is the fact that, on a literal reading, AMLD5 gives carte blanche to any interested party to access information on the register about a trust, if that trust has a controlling interest in a non-EEA company. There is no 'legitimate interest' filter. This has fed fears that persons unknown could raid the trusts register to obtain highly sensitive information that could then be used for fraud, extortion, kidnapping or other crimes. It is relatively unusual for UK resident trusts to have controlling interests in non-EEA companies, but such interests are common with non-UK resident trusts, as companies in low-tax jurisdictions such as the Channel Islands are frequently used as vehicles for the holding of trust investments.
The consultation document refers to requests for information about registered trusts with controlling interests in non-EEA companies as 'third country entity requests'. It comments that 'Whilst anyone can make a third country entity request, the Directive states that the request may be refused where there are reasonable grounds to believe that the request is not in line with the objectives of the Directive.' It is not entirely clear that AMLD5 does, in fact, say this. Certainly, the impression given by AMLD5 is that a 'third country entity request' must be granted without assessment of its source or legitimacy, apart from in 'exceptional circumstances'.
In any event, this is not the approach that is proposed by the government. It is stated that any 'third country entity request' will be expected to include:
- Information on the applicant, including their name, address, contact number, any organisation they are requesting the information on behalf of and credentials for that organisation;
- Information on the trust data requested, including the name of the trust, any additional information to identify exactly what trust is referred to, the time period the beneficial ownership information is required for, any connection the requester or their organisation has to the trust, any association with vulnerable persons the requester is aware of;
- Any information to support the request, including the name of the corporate or other legal entity and how the trust holds a controlling interest in the corporate or other legal entity in question;
- Information on the intended use of the trust data, including how this intended use will help to detect or prevent money laundering or terrorist financing, whether there is an expectation this data will be shared with another third party, and whether and how the information may be made public; and
- A declaration on data handling.
The safeguards in relation to 'third country entity requests' will, it appears, actually be quite similar, in practice, to those applicable to other requests, i.e. where the trust does not have a controlling interest in a non-EEA company. It is noteworthy that a 'third country entity request' will need to be directed at a particular named trust, and that a person making such a request will need to specify the non-EEA company that is held - with the result that indiscriminate 'trawling' of the register will not be possible. Although there will be no express legitimate interest test for 'third country entity requests', any person making such a request will still need to justify their request for information. In practice, there will be a series of fairly high hurdles that any person making a 'third party entity request' will need to clear.
Moreover, the consultation document indicates that requests will be refused where:
- there would be a disproportionate risk to the beneficial owner due to the risk of fraud, kidnapping, blackmail, extortion, harassment, violence or intimidation; or
- there would be a disproportionate risk to a minor or other incapable person.
This is hugely reassuring. It suggests that a sensible balance is going to be struck between transparency and privacy; and that the government is making a serious effort to reconcile the EU's openly hostile attitude to trusts with the fact that these asset-holding arrangements are an essential, centuries-old feature of the UK's legal landscape.
The government is keen to ensure that the UK’s anti-money laundering and counter terrorist financing regime effectively deters such activity while remaining proportionate