Tim Kendal

Tim Kendal

Barrister

The Money Laundering Regulations 2007 require Customer Due Diligence (CDD) to be performed. Since a number of financial institutions have fallen foul of these requirements I’ve summarised the main requirements in this post.

Regulation 3: To whom do the Regulations apply?

The Regulations apply to the following persons acting in the course of business carried on by them in the United Kingdom:

  • credit institutions
  • financial institutions
  • auditors, insolvency practitioners, external accountants and tax advisers
  • independent legal professionals
  • trust or company service providers
  • estate agents
  • high-value dealers
  • casinos.

Regulation 5: Initial steps to be taken

  • Identify the customer
  • Verify the customer’s identity on basis of documents, data and information from a reliable and independent source
  • When not the customer, identify the beneficial owner and take “adequate measures” to verify his identity or the identity of any legal person/trust/arrangement in order to understand the ownership of that person/trust/arrangement
  • Obtain information on purpose and intended nature of the business relationship

Regulation 9: Timing of CDD

Verification of identity of bank account holder may take place after the account is opened provided adequate steps in place to ensure that, before the verification has been completed:

  1. The account is not closed
  2. No transactions carried out by/on behalf of the account holder (including any payment from the account to the account holder).

Regulation 11: Ceasing transactions when unable to apply CDD

  • Do not carry out transaction with or for the customer through a bank account
  • Do not establish a business relationship or carry out an occasional transaction with the customer
  • Terminate any existing business relationship with the customer
  • Consider whether requirement to make a disclosure pursuant to Part 7 of POCA or Part 3 Terrorism Act 2000

Regulation 14: Perform Enhanced Due Diligence on a Risk Sensitive Basis

Customer Not Present:

  • Establish identity by additional documents, data or information
  • Supplementary measures to verify/certify supplied documents
  • Require confirmatory certification by credit/financial institution itself subject to the Money Laundering Directive
  • Ensure first payment through an account opened in customer’s name with a credit institution

Politically Exposed Persons (PEP):

  • Obtain approval from senior management for establishing the business relationship
  • Adequate measures to establish source of wealth and source of funds involved in the proposed business relationship/occasional transaction
  • Where business relationship entered into conduct enhanced monitoring of the relationship

Regulation 20: Establish and maintain appropriate and risk-sensitive policies and procedures

  • CDD measures and ongoing monitoring
  • Reporting
  • Record-keeping
  • Internal control
  • Risk assessment and management

Monitor and manage compliance with the internal communication of such policies and procedures in order to:

  • Identify complex or unusually large transactions
  • Identify unusual patterns of transactions which have no apparent economic or visible lawful purpose
  • Identify any other activity which the relevant person regards as particularly likely by its nature to be related to money laundering or terrorist financing
  • Prevent the use of products and transactions, for money laundering or terrorist financing, that might favour anonymity
  • Identify PEPs.

Sanctions

  • Two types of sanction are available resulting from a breach of the Regulations
  • Regulation 42 provides the power to impose civil penalties and Regulation 45 provides the means by which criminal proceedings may be instituted. A conviction on indictment is punishable by fine and a maximum of two years’ imprisonment.

Additional Considerations For FCA regulated entities

Firms regulated by the FCA should also bear in mind that, where the Money Laundering Regulations (MLR) apply to them, they must also comply with SYSC 3.2.6.

Share This