Call for evidence: UK AML regulatory and…
We responded to HM Treasury's call for evidence on the effectiveness of the UK's anti-money laundering regulatory and supervisory regime.
Customer due diligence (CDD) is a process of checks to help identify your client and make sure they are who they say they are.
You’re in a better position to identify potential money laundering if you know your client and understand the reasoning behind the instructions they give you.
CDD allows you and your firm to assess the money laundering and terrorism financing risks a client, and the work they wish you undertake, may expose you to.
This guide introduces the different levels of CDD and when these need to be carried out.
There’s more information on CDD in chapter 4 of the Legal Sector Affinity Group's Anti-money laundering (AML) guidance for the legal sector.
Under regulation 27 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) you must carry out CDD measures when:
If you’re required to carry out CDD measures, you must:
The way you comply with the requirement to take CDD measures may differ from case to case.
Regulation 31 provides that if you cannot complete CDD you cannot establish a business relationship with a client.
You cannot avoid conducting CDD, but you can use a risk-based approach to determine the extent and quality of information required and the steps to be taken to meet the requirements.
Under regulation 28(12), when carrying out CDD you must reflect on:
When assessing the level of risk, factors you must take into account include:
You also need to be able to demonstrate to the Solicitors Regulation Authority (SRA) that you’ve applied the AML requirements appropriately.
You may demonstrate your compliance to the SRA through:
Where your client is a corporate body, you must obtain and verify:
Unless the corporate body is a company listed on a regulated market, you must take reasonable measures to determine and verify:
Corporate bodies (other than companies listed on a regulated market) are required under the MLR 2017 to provide you with the information outlined above when you enter into a transaction or form a business relationship with them. This should assist you in carrying out your CDD checks.
Under regulation 28(11) you must carry out ongoing monitoring of business relationships. Ongoing monitoring is defined as:
When the business relationship or occasional transaction has ended, you must keep records of CDD documents and supporting evidence for five years.
After five years, you must delete personal data unless:
You’ll need to amend your systems and procedures to make sure that, unless an exemption applies, such personal data is deleted.
As well as CDD measures, regulation 33(1) sets out a list of circumstances in which enhanced due diligence (EDD) measures must be applied. It includes any transaction or business relationship involving:
Regulation 33(6) also sets out a list of factors that you must consider when assessing whether there’s a higher risk of money laundering present. However, the presence of one or more of these factors does not automatically mean that it’s a higher risk situation.
Even where a client is not based in a high-risk third country you must still consider the individual money laundering and terrorist financing risks posed by that client and matter.
Under the MLR 2017, EDD measures must include, as a minimum:
Regulation 33(5) gives a non-exhaustive list of ways you can conduct EDD including:
Additional material may include the use of e-verification either to confirm the validity of the passport provided or to see if the person has a credit or electoral history at the address they’ve provided.
Article 9.2 of the Fourth EU Money Laundering Directive (Fourth Directive) allows the European Commission to identify 'high-risk third countries'.
These countries are identified as having strategic deficiencies in their national AML and counter-financing of terrorism regimes that pose significant threats to the financial system of the EU.
You must apply EDD measures in any transaction or business relationship with a person established in a high-risk third country.
This requirement does not apply if the:
When deciding whether it’s appropriate to apply EDD consider geographic risk factors, such as whether the country in which the client or transaction is based:
To effectively manage the money laundering risks that your firm faces, you should also:
A PEP is someone who's been appointed by a community institution, an international body, or a state, including the UK, to a high-profile position within the last 12 months.
Under AML regulations, the main aim of applying additional scrutiny to work involving PEPs is to mitigate the risk that the proceeds of bribery and corruption may be laundered, or assets otherwise stripped from their country.
The MLR 2017 states that not meeting a client in person poses a higher risk of money laundering.
You’re required to conduct EDD on these clients, because:
Regulation 37 of the MLR 2017 allows you to carry out simplified due diligence (SDD) where you’re satisfied that the business relationship or transaction presents a low risk of money laundering or terrorist financing.
However, the presence of one or more of the factors in regulation 37(3) does not necessarily mean that a given situation is lower risk.
When assessing whether there’s a lower risk of money laundering or terrorist financing, you must consider whether the customer is:
You must also consider the:
Financial services firms are not required to apply CDD to the third-party beneficial owners of pooled accounts held by legal professionals, provided the:
The Legal Sector Affinity Group’s Anti-money laundering guidance for the legal sector
Risk assessments – our guidance on conducting risk assessments
Politically exposed persons – our guidance on dealing with PEPs
While every effort has been made to ensure the accuracy of the information in this article, it does not constitute legal advice and cannot be relied upon as such. The Law Society does not accept any responsibility for liabilities arising as a result of reliance upon the information given.
Call the Practice Advice Service on 020 7320 5675 or email email@example.com.
The Practice Advice Service is staffed Monday to Friday from 9am to 5pm.