This article is currently being reviewed. Please refer to the AML guidance and our webpage for up-to-date information on CDD and red flags.
Obtaining client due diligence (CDD) information can be a time consuming process which many fee earners see as taking away valuable time from fee earning. As MLRO it will generally be your role to set the internal parameters for what due diligence your fee earners are required to undertake.
By being fully aware of the options available and considering your client demographic and the work you undertake, you can structure your CDD requirements to effectively meet risk with the minimum disruption to client acceptance procedures.
CDD comprises of a number of steps, each of which is designed to mitigate different types of risk.
- Identify and verify your client. This is to prevent the risk of identity fraud and fraud generally, as well as to make it more difficult for criminals to distance themselves from connection with the proceeds of crime in the event of asset tracing by law enforcement agencies.
- Identify and on a risk-based approach verify the beneficial owners. Again this is to help your fee earners really understand who they are dealing with and to make it more difficult for criminals to distance themselves from connection with the proceeds of their crime.
- Understand the nature and purpose of the business relationship. This step is to help fee earners spot any potential warning signs inherent in the very structure or basis of the transaction or retainer proposed, or in the source of funding that will be used.
For those new to the MLRO role, you should already be inheriting a system for conducting due diligence within your firm. These may date from the introduction of the 2007 Money Laundering Regulations, or from the 2003 Money Laundering Regulations when the full legal profession was required to comply or even from 1991 when some lawyers were obliged to begin ascertaining their client's identity for certain financial transactions.
Take the time to review the system to ensure that you understand the requirements currently in place and to see if they are still appropriate to your firm's current activities and client demographic.
In many MLRO groups I still come across firms who say they always ask for a passport and two utility bills from every individual client, the passports of every company director, have no process in place for checking if clients are politically exposed persons and distrust e-verification.
They will often tell me that this is because it is what the law requires or even that it is what the Law Society guidance says they must do. Neither case is actually correct. These approaches are often procedures that the firm did not update in light of the 2007 regulations and the new practice note.
Take the time to look at chapter 4 of the Law Society practice note to see what is really recommended.
E-verification services have developed significantly in the last few years and may be an appropriate tool to help mitigate new or emerging risks for your firm.
Because not all clients present the same risk, it is not always the best use of fee-earning resource to insist on the same due diligence for every client. However, where you are allowing or requiring fee earners to deviate from standard procedures, make sure it is clear what they have to do and who will authorise that.
- It is possible to allow due diligence to be delayed where there is a low risk of money laundering and it is necessary to not interrupt the normal course of business; or if you are solely providing legal advice.
- It is possible to reduce the checks on beneficial owners and/or on the nature of the business relationship for certain entities, such as financial and credit institutions and public bodies.
Enhanced due diligence
In a number of cases you are required to undertake further due diligence, such as in the case of: