Economic Crime and Corporate Transparency Bill (First sitting) Debate
Full Debate: Read Full DebateAlison Thewliss
Main Page: Alison Thewliss (Scottish National Party - Glasgow Central)Department Debates - View all Alison Thewliss's debates with the Department for Business, Energy and Industrial Strategy
(2 years, 1 month ago)
Public Bill CommitteesQ
“We do not think these proposed changes support the Bill’s central aim of reducing the use of limited partnerships for money-laundering, since criminal users of limited partnerships will simply ignore them.”
That suggests to me that we are not going far enough. We are aiming to catch the people who are guilty of economic crime. Attached to that, somehow I cannot see any investor wanting anything other than to know that they are putting their money into a kosher investment. Even if you are just a pension fund putting your money into a scheme, it does not seem a bad idea to check that the person behind it is legitimate and not a drug or people smuggler.
Gurpreet Manku: Absolutely. We agree with you that it is not in our interests to have our limited partnership fund structure abused by criminals for all those reasons. We believe that the introduction of annual confirmation statements, the requirement to have authorised corporate service providers register limited partnerships and the power for HMRC to obtain accounts will deter criminals and prevent them from using the vehicle—we hope that they have stopped using it now given that these reforms are finally going through Parliament.
On how those points link to the evidence you quoted specifically, which was actually about some niche requirements on passive investors in a limited partner- ship fund, a worry there is that those investors might be deterred from using the UK limited partnership structure because they feel that their liabilities are being increased, that they are being asked to do the job of management and that criminal sanctions are attached to that. That part of our evidence applied not to the Bill as a whole but to those specific areas.
Q
Nick Van Benschoten: We think that the Bill’s provisions for Companies House reform definitely point in the right direction. The question for us is, “Are they going far enough and will they be implemented fast enough?” Companies House abuse is, as I am sure you are all aware, a significant problem that we in the regulated sector have been trying to compensate for, but we cannot. We need Companies House to act as a proactive gatekeeper.
On the verification measures, one of the key points is that they fall short of minimum industry standards. Verification of identity is necessary but not sufficient. A key thing we have noted is that the Bill does not provide for order-making powers to allow Companies House to verify the status of directors or beneficial owners, and for that sort of requirement on company information agents and so on. That seems an odd gap. We understand that it may be a matter of phasing or resourcing, which can be dealt with in the implementation, but not if we do not have the order-making powers in the bill.
I have spent 12 years arguing for Companies House reform in my various roles. I do not have another 12 years in me, to be frank. We need to make sure that the Bill gives the powers so that the debate can be had during implementation and, if necessary, a phased or risk-based approach. What I mean is that there is a real risk of nominee directors and abuse thereof. Companies House needs to be able to verify that and therefore bring other things within its realm of power, querying and amending the register.
The how is maybe another question for more detail, but a risk-based, reasonable approach is also minimum industry standards. We have not yet seen it, but I note that the international body FATF—the Financial Action Task Force—agreed last Friday that it was going to consult on best practice guidance on implementing new standards for company registers. These are the same reforms that the Government pushed for as part of their G7 presidency. It has been part of the change: the US is setting up a register; Switzerland is moving. The UK cannot fall behind these new standards, so it is important that the Committee takes cognisance of that.
Trust or company service providers is one of those cases where we know that there is an issue; the banking sector and other industry partners in the joint money laundering intelligence taskforce and another four along with the National Crime Agency did a study of the risks of abuse in the UK trust or company service provider sector. We found shortfalls. There was a remediation exercise agreed. I understand that the remediation exercise is still ongoing. It is one of those sectors where there are concerns. We are doing other work that I am not at liberty to discuss, but it is about that sector.
That means that Companies House needs to be careful and cautious. There need to be strict legal undertakings with proper penalties, not just that they have met the standard of verification but that they have done everything they should be doing as a regulated sector. There needs to be access to the evidence of these checks, and that evidence needs to be something that, on a risk basis if necessary, can be queried—not just the information in the register but the actual checks undergoing. There needs to be the ability for Companies House to take sample checks and do also risk-based reviews. That may be something we can come to later on in terms of the querying power. I am sorry for a long answer, but it is an important point.
Q
Nick Van Benschoten: I do not have a view on that. I know that the Treasury will be consulting on reforming the AML supervisory regime. That is something we have been pushing for for quite a while. I know that Jersey, for example, has a very different model where it has most of the regulator sector under one bailiwick, and that includes company formation. That may be something that the Committee looks at in future, but it is not the UK model at the moment.
Our priority would be, rather than look at the cost-benefit narrative and machinery of government change, the co-ordination point. There need to be powers not just to request information but to get information from other supervisors. There needs to be the ability to pass information around the ecosystem, including the National Crime Agency and regulated sector people sharing intelligence. There are some provisions in the Bill at the moment where we think they could go further on that matter, but the key thing is that Companies House needs to be a data hub. On whether it has the responsibility or others, we have not taken a view on that yet, I am afraid.
Q
Nick Van Benschoten: I do not think they are unprecedentedly low. From a very quick survey, we found that Benin and Turkmenistan also have a low figure. I am not sure that is the company the UK wants to keep. There is a question about international competitiveness. It is important to note that in other EU countries with major financial centres it is in the £50 to £100 range. That does not seem an unreasonable amount for us.
Perhaps more importantly, we think Companies House needs to get resourced properly. You have to will the means, not just the ends. It is very important that Companies House fees are set at a reasonable level that would not deter an entrepreneur but would disrupt some of the bulk abuse we have seen, in which criminals set up hundreds and hundreds of shell companies. That is definitely a typology that we have seen.
Once there is enough money coming through main registration, there is then the question of whether Companies House will be granted any investment money out of the economic crime levy that is coming in next year. It is important that the levy is spent on things that actually improve the system, and that we do not just cross-subsidise, and that some of the opportunities also have a benefit for the economy—maybe for streamlining the onboarding of small companies, or for facilitating other access to regulated services.
Obviously, there is the question of what the Government will spend the levy on. We welcome the money that they have spent so far. There is an interesting proposal—by, I think, one of the Committee members’ all-party parliamentary groups—that the Government should match-fund the economic crime levy. Obviously, we in the regulator sector would love that. It is something for the Government to consider.
Q
Gurpreet Manku: To clarify, I think this is a really important Bill. We have been saying for a very long time that the provisions need to be implemented quickly. The issues that we have raised are really on points of detail. Raising an international private equity or venture capital fund is quite a complex process. We hope that the swift introduction of the provisions will deter criminals from using the vehicles that we are talking about. When the requirement was introduced for Scottish limited partnerships to go on the people with significant control register, it led to a dramatic drop-off in the use of such partnerships for nefarious purposes. We were not aware that English limited partnerships were being used in that way instead, and we were surprised that they were, because English limited partnerships do not have a legal personality, and so cannot hold assets and should not be able to set up a bank account; certainly, they cannot in this country. We were therefore surprised by the scale of abuse there.
The Government are sending a really strong signal by introducing these provisions, particularly the requirement to have an authorised corporate service provider submit documention and the measures around annual confirmation statements. That should deter criminals. Our version of the limited partnership fund structure has been emulated across the world, so there is a lot of competition, in the sense that international fund groups could set up a vehicle in the UK, the EU or the US. Our wish is for them to be here, because that drives other economic activity.
We have a huge domestic venture capital and growth capital funds industry that invests in small businesses around the country. Two thirds of our investment is outside London; 90% of investment goes to small and medium-sized enterprises. Our managers are small firms; they need a domestic vehicle that works and is trusted by international investors, including those from the US who invest heavily in our members. These vehicles are used by private equity and venture capital funds. They are also used by infrastructure, pension schemes and fund-to-fund investors. Notably, they are also used by the British Business Bank through its equity programmes. It is the largest venture capital and growth equity investor in the UK. It has a really important role in catalysing innovation and crowding in additional institutional investors. I am passionate about the need for a robust UK vehicle, and it has been really disappointing to see the abuse first in Scotland and then in England in recent years.
English limited partnerships and Scottish limited partnerships are popular because they are here. The UK law courts attract institutional investors, as does the fact that we have a large professional services community here. Because we have funds here, we also have the administration here, which means that we have good-quality jobs around the country; some of our members have hubs in Belfast and Southampton. I am passionate about ensuring that this vehicle works, and the rules that are being introduced will deter criminals; they will improve the robustness of the vehicle.
Our points are really points of detail, just to ensure that the limited liability status of investors is protected and that we can implement these reforms in a swift and easy manner.
Q
Gurpreet Manku: We have not looked into that. I do know that Ireland has set up a new funds limited partnership, so that could be part of the reason for their growth—but that was very recent, so I do not know why that has happened. Again, it is quite worrying if people are just moving around, exploiting different structures.
Q
Q
Nigel Kirby: The omission was referred to by Nick Van Benschoten: the civil liability protection. In the UK, we have real trust and confidence built up in voluntary information sharing with the National Crime Agency under section 7 of the Crime and Courts Act 2013. That has been the basis of our voluntary sharing, and we have built confidence in it over seven years.
The legislation has two limbs to civil liability protection—I will have to read my notes to make sure I do not make a mistake. The first limb is
“an obligation of confidence owed by the person making the disclosure”—
that limb is also included in this Bill. The second limb that we rely on is
“any other restriction on the disclosure of information (however imposed)”—
that limb is not included in the Bill.
Our position is that the Bill should align with the existing legislation that we are comfortable with. We would have more comfort in sharing and be more incentivised to share if we had the same protections as we have when we share with the National Crime Agency. The further observation is that there is not just one precedent; another piece of legislation, the Criminal Finances Act 2017—under section 11, I think—had sharing provisions with the purpose, in effect, of bringing better disclosures to the NCA. It had exactly the same two civil liability limbs, written in the same way. We believe that the second limb would be hugely helpful in doing things.
You might want to come back, but the other dependency that is key for us is that the Bill is drafted as an interlink with the GDPR, as you well know. That is wise, and one of the protections—that it has that link with the GDPR—but because the Bill has that interlink, the provisions in the GDPR are really important. I am aware that there is a draft Bill that has not yet been laid before Parliament and, again, we—my colleagues in UK Finance—have worked on that Bill. Absolutely key for us in the draft Bill is a legitimate interest for sharing, because that Bill sets out legitimate interests.
At the moment, the GDPR cites only fraud as a legitimate interest, and no other crimes. To be able to make the measure in this Bill work, we need the revised GDPR to have the “prevention, investigation” and “detection” of crime—what the GDPR says at the moment—to be for all crime as a key part, so we can make the interlink. Otherwise, we are restricted only to fraud, but do not include wider economic crime.
Q
Nigel Kirby: Your question is specifically about fraud and what we can do in that space. I suggest that tackling fraud is a shared responsibility. When you look at a typical fraud, you have the payment platform, as you mention; you have a sending bank and a receiving bank, and you have the victim. To tackle it, we need to look at the whole ecosystem, as Nick said, and have an approach that works. I am not convinced that there are things that one can put into the Bill for that—it is the wider point of the whole ecosystem coming together for any fraud strategy moving forward, how we tackle that and how we incentivise the right behaviours for tackling fraud in future.
Q
Nigel Kirby: When looking at enacting new legislation, I would go back to the purpose. Putting my NCA hat on, rather than from a Lloyds perspective, I was involved in two pieces of quite significant legislative change: the introduction of asset forfeiture orders in the Global Finance Act, and the change in the sanctions penalty from two years to seven years. That was done very much on an operational need basis. As an organisation, we were able to put out the operational perspective of the gap—the fact that we could not use certain powers because, in the sanctions case, of the length of the sentence. There was a big gap in the ability to seize assets from a civil regime.
In whatever we look at, it is important that we understand that gap from an operational perspective. It is clear and compelling that by having new legislation, that gap gets filled. The other point is that there is the resource and the ability to use the legislation when it comes forward.
Q
Nigel Kirby: I would leave those to UK Finance; it is not my area of expertise. Our nominated office in Lloyds feeds into UK Finance so we get the whole industry.
Q
Nigel Kirby: I can link this to your question on safeguards. Coming from a law enforcement background, I believe that safeguards for members of the public are really important in this space, and I am used to following those. GDPR does not stop us from doing some things. It provides a set of safeguards for what we do.
When you look at what the Bill does on safeguards—I am trying to answer both questions—it makes it very clear that we share this information when certain conditions apply, such as exit or restriction, or we need the relevant actions, which would be the prevention and detection investigations for economic crime. Those safeguards are built into the Economic Crime and Corporate Transparency Bill.
In GDPR you already have safeguards in place. The first safeguard is: do we have a legitimate interest to share? That is precisely my point, Minister, about our needing to have legitimate interests to share—prevent all crime, not just fraud. Then you have a necessity limb to this. Is what we want to share targeted? Is it proportionate? Is there a less intrusive way? From a law enforcement perspective, we look at whether our actions are proportionate and collateral intrusion. There is a balancing act sitting there as a third limb, on ensuring that the legitimate interest of the public is not unduly overridden. I actually support the fact that there are safeguards in GDPR; I think that is the right thing to have. I support the fact that we need to meet those to be able to share information, but in doing so in that particular space, we need to be able to have sufficient breadth to be able to share across all economic crime and not just fraud.
Q
Arianna Trozze: I would echo Andy’s point about the difficulty of tracing certain cryptoassets and investigating certain chains and things like that, and how this is evolving rapidly in competition with the existing providers and the blockchain services themselves. It gets more and more difficult to investigate as time goes on. You need more and more capacity building and investigative tools. At the same time, the crypto companies and the blockchain companies are seeking to develop their technologies in ways that will evade that detection, so it is a constant race between the two sides to be able to effectively investigate and prosecute these crimes.
Q
Arianna Trozze: One of the key ways that legislation can future-proof itself in the face of this rapidly developing technology is via the definitions. I think that the definition of cryptoasset in the Economic Crime and Corporate Transparency Bill is sufficient to do that. Probably most importantly, the inclusion of cryptographically secured contractual rights means that the definition will cover smart contracts, which is really the technology that underpins all the major advances in the space of, for example, decentralised finance and non-fungible tokens that have taken place, and that we expect to continue to develop in the coming years. Furthermore, the ability to amend those definitions via secondary legislation is clearly a positive, because in the event that something slips through the cracks and develops in a way that we cannot anticipate, it will make it more efficient to change them.
Q
Arianna Trozze: Because they are very clear that they include cryptoassets, it really makes the rules clear for everyone in the industry. Consumers then know as well what rights they have. My view is that it obviously cannot do everything, but the fact that there are provisions for victim compensation goes a long way to also protecting consumers. Obviously, it does not prevent the crimes from occurring, but it helps them to recover the losses.
Q
Arianna Trozze: I cannot really speak to that. I am very sorry about that.
Andy Gould: I cannot either—sorry. I have not looked at that.
Q
Andy Gould: Probably the most obvious area would be around ransomware, which is if you are an organisation and you get hacked and attacked and then lose access to all your files or systems, and then get a demand from a cyber-criminal saying, “Okay, if you want to get access back, you have to pay”—basically, an extortion demand. That extortion demand will virtually always be in cryptocurrency, because there is a view that that is harder to trace.
Depending on the kind of cryptocurrency, the traceability varies. Effectively, a lot of the technology that sits behind cryptocurrencies is based within what is described as the blockchain. Arianna is much better at explaining this than me, but the blockchain is effectively a public ledger, if we are talking about Bitcoin or something like that. We can see all the transactions. It is like your bank account or NatWest or any other bank doing its transactions in the public space—everybody can look at them. It is effectively decentralised and very public, so there are real benefits in that. The anonymity comes from not knowing who is sending what or who is who, in terms of the bank accounts—the wallet equivalent.
That provides opportunities to follow the money, but, although you might be able to see where the money goes, you will not necessarily know who has sent it or who has received it. There are other investigations you would need to do that. And there are tools—mixing services or exchanges—that will jumble it all up and then send it elsewhere, and you will not be able to see what has come in compared with what is going out. That is why criminals like to use it—because, as they see it, it covers their tracks effectively.
Arianna Trozze: One way to make it a bit clearer is to situate cryptocurrency money laundering in the traditional phases of money laundering. When we talk about money laundering, we tend to talk about three specific phases—placement, layering and integration. In the crypto space, placement may look like someone depositing their Government-issue currency into a cryptocurrency exchange, and exchanging it for cryptoassets, or potentially using what is called a fiat on-ramp to buy cryptoassets using their fiat currency. They may also use something like an over-the-counter broker, which may allow them to buy cryptoassets using cash.
Then, the layering process follows, which is kind of what Andy was talking about, in terms of trying to obfuscate the origin and trail of funds. There are a lot of different tactics that the criminals can use to do that. As Andy mentioned, they may use mixing services, to try to break the chain. They may create thousands of different cryptocurrency wallets and accounts and transfer the funds among them in order to make it more difficult to trace. They may exchange them for various different types of cryptoassets, including privacy coins, which we, again, have a lot of trouble chasing, although there have been advancements in that regard. Finally, they may move to completely different blockchains, using what are called blockchain bridges, and that further makes it more difficult to trace—as Andy mentioned before, different providers have different capabilities and different expertise in terms of which chains they specialise in and which assets they are able to trace. That is something else that they may do to hide that trail of funds.
Finally, we have the integration process, which is criminals using those now-cleaned funds for mainstream economic activity. We know that sometimes they may seek to keep those funds in cryptoassets in an attempt to further their gains, speculatively investing in the market; or they may, again, use one of these exchanges or what is called a fiat off-ramp to transfer their cryptoassets back into pounds or any other currency.
Q
Arianna Trozze: I see both sides of that argument. Obviously, if assets are transferred into cash and then the original assets significantly gain value, and if the person with the assets were then found not to be a person of crime, the Government would be on the hook for the change in value of those assets. There are two sides to the argument but, as Andy mentioned, the storage is quite risky and very expensive. I ultimately agree, but I see both sides of the argument.
Q
Andy Gould: It is quite commercially sensitive, but it could be a large sum—we are talking hundreds of thousands of pounds.
Okay, we have come to the end of this session. Thank you very much for joining us.
Examination of Witness
Jonathan Hall KC gave evidence.
I think the number of the page you are looking for is in the amendment document on page 47 and it is new schedule 1. I think that is what you were referring to, Mr Hall. I am going to move on anyway.
Q
Jonathan Hall: In the counter-terrorism world, there is an open question about quite how much this blockchain technology will be used by terrorists. There is quite a lot of excitement about the possibility of its use, but the jury is slightly out about how much it is, in fact, being used. I cannot speculate why that would be. Counter-terrorism is a well-resourced part of police business, so I would expect that there would be specialists who would be willing to stay because they are quite highly motivated; outside counter-terrorism, I do not know. I was very struck by the point about the £200,000 transfer fee.
Q
Jonathan Hall: Do you mean the Russia-Ukraine aspect?
Q
Jonathan Hall: It is quite a bit step to convert it to fiat currency, or pounds, because you are then interfering with the bet that person has placed on the value of the currency going up. I do not know what the figure is in terms of storage. I am interested, too, in the question of potential police liability. I am thinking about the Sanctions and Anti-Money Laundering Act 2018. As you know, before the Government brought in the suite of changes that allowed urgent sanctions, they were very careful to narrow down the potential liability that the Government might have in relation to sanctions, if they were challenged. I have not given it attention, but maybe it is worth having a look at whether there are equivalent protections for the police. The seizures can be very high in this field—they can measure many millions—so the potential liability of the police could be quite high. We would not want the police to be too disincentivised by the risk that they would be on the hook for damages, if everything goes wrong.
In terms of the balance, it may be that ultimately one or other party—the person from whom the assets are seized, or the police—is going to suffer some sort of loss. The key thing is to make sure that people have access to the courts. The courts will have to generate their own sort of expertise and case law over when you should convert a currency. I can imagine that someone will come to the magistrates court saying, “My assets have been frozen. Now is the time for converting them from Bitcoin into Ethereum”, and the court says, “What? How do I determine that?” There will need to be a body of expertise. This is a minor point, but it is something that I support: one of the intentions is to allow quite a wide range of law enforcement personnel to be responsible for the court proceedings, precisely so that you can develop a cadre of people who have got that sort of expertise.
Q
Jonathan Hall: I do not want to say. The key thing is that I am not a Scottish lawyer, and I am not going to try and opine on whether there is a legitimate use of them. The key thing is basic enforcement. You made the point that there are zombie companies. Well, someone in Companies House needs to follow these things up. I am sure they will, but the resourcing of Companies House is where I would put my money.
Q
Jonathan Hall: It is a serious problem. I would say that the reason we have not faced the wave of mass casualty terrorist attacks in the UK, in contrast to America, is the lack of readily available firearms. That is the key thing. It is why the growth of the extreme right wing and all these ideologies that inspire mass killings, the obsession with Columbine and so on, have not resulted in mass shootings. From a national security perspective, the real concern is the alignment—if it happens—between terrorist organisations and those in organised crime, who do have the capacity to source firearms. That is a really important point.