POCA: A Guide for FCA-Regulated Firms

The Proceeds of Crime Act 2002 (POCA) is the foundational UK legislation criminalising money laundering and providing the legal framework within which regulated firms report suspicions and seek consent to proceed with transactions. Understanding POCA is essential for every compliance professional, MLRO and finance director at an FCA-regulated firm.

What Is POCA?

The Proceeds of Crime Act 2002 is the primary UK legislation criminalising money laundering and establishing the framework through which suspicious activity is reported and, in certain cases, consent sought to proceed with transactions. POCA is separate from but closely related to the Money Laundering Regulations 2017 (MLR 2017): the MLR 2017 set out the procedural obligations firms must follow to detect and prevent money laundering; POCA defines the offences that result when those procedures fail.

The Three Principal Laundering Offences

POCA creates three principal money laundering offences, each carrying a maximum sentence of 14 years’ imprisonment. Concealing (Section 327): concealing, disguising, converting, transferring or removing criminal property from the UK. Arrangements (Section 328): entering into or becoming concerned in an arrangement that facilitates the acquisition, retention, use or control of criminal property by another person. Acquisition, use and possession (Section 329): acquiring, using or possessing criminal property. Each offence can be committed by any person — not just regulated firms or their staff — and there is no requirement for the person to have been involved in the predicate crime that generated the criminal property.

The Consent Regime and DAML Requests

POCA provides a defence to the principal laundering offences where the person has made an authorised disclosure to the National Crime Agency (NCA) and received consent — or where the required waiting period has elapsed without the NCA refusing consent. A DAML (Defence Against Money Laundering) is a request to the NCA for consent to proceed with a transaction that the requester suspects or knows involves the proceeds of crime. The NCA has seven working days to refuse consent; if it does not respond within that period, the requester is deemed to have consent and can proceed. Where the NCA refuses consent, a further 31-day moratorium period applies during which it can take further action.

Tipping Off

Section 333A POCA creates a tipping off offence — making it a criminal offence to disclose to a person that a DAML has been submitted in relation to them, or that an investigation into their activities is being carried out, where that disclosure is likely to prejudice any investigation. Tipping off is one of the most operationally challenging aspects of POCA for regulated firms: it means that once a suspicious activity report (SAR) or DAML has been filed, the firm cannot inform the subject of the report without risking criminal liability.

Failure to Disclose

Section 330 POCA creates a failure to disclose offence for persons in the regulated sector — making it a criminal offence to fail to make a disclosure to the relevant authority (in most cases the NCA via the MLRO) where there are reasonable grounds to suspect that another person is engaged in money laundering and the information came to the person in the course of their business in the regulated sector. This offence specifically applies to regulated firms and their staff, and is the primary mechanism through which POCA imposes obligations on compliance professionals and relationship managers.

POCA and the Money Laundering Regulations

The MLR 2017 and POCA operate in tandem. The MLR 2017 require firms to have CDD procedures, transaction monitoring, and suspicious activity reporting frameworks — the processes that generate the information that leads to a SAR or DAML under POCA. POCA provides the legal framework within which those reports are made and consent is sought. A firm with adequate MLR 2017 compliance is well-positioned to meet its POCA obligations; a firm without effective transaction monitoring or CDD may generate POCA liability before it generates a regulatory breach.

The MLRO and Compliance Function

The MLRO (SMF17) is the designated officer within a regulated firm responsible for receiving internal disclosures of suspicious activity, assessing them against the POCA framework, and filing SARs or DAMLs with the NCA where appropriate. The MLRO’s judgment on whether a transaction crosses the POCA threshold — requiring a DAML before proceeding — is one of the most consequential decisions in financial crime compliance. A DAML filed unnecessarily disrupts the client relationship; a DAML not filed when required creates criminal exposure for the firm and potentially for the individual who approved the transaction. Experienced MLROs with sound judgment on this line are among the most valued financial crime compliance hires.

FCA Supervision and Enforcement

The FCA supervises firms’ compliance with the AML framework and, as part of that supervision, assesses whether firms have adequate systems and controls to identify and report suspicious activity under POCA. The FCA has taken enforcement action against firms that failed to file SARs in circumstances where reasonable suspicion existed — treating the failure as both an MLR 2017 control failure and evidence of POCA risk. Under the SMCR, the MLRO (SMF17) carries personal accountability for the adequacy of the firm’s suspicious activity reporting framework.

Key References

• Proceeds of Crime Act 2002
• NCA — UK Financial Intelligence Unit