Regulatory Compliance

I was recently at an event speaking about AML legislation. As my attentive audience sat eagerly taking notes, one delegate raised her hand to ask about client verification, and the how’s of doing it correctly. Silence struck the room quite quickly as the realisation hit all the delegates – this was something they needed to consider and manage effectively to avoid AML penalties. It sounds straight forward but get it wrong or miss something and the penalties to your business can be steep.

The easiest, cost effective option, by which to verify your clients is E- verification.  Nowadays, E-verification is a viable option used by many corporate firms that are looking to streamline an already complex process, and can be used as a tool to verify identification provided.  Having said that, it’s important to remember that additional, non- electronic checks, may need to be conducted, simply to prove that the person in front of you is who they say they are!

Using E-verification is becoming increasingly important, especially as the new regulations stipulate domestic PEP checks are required.  The market is bombarded with variations of what is available, some offering standard checks and others offering basic packages with add-on’s depending on your firm’s risk appetite. To be sure you’ve covered it all, when choosing an AML provider, follow the tips below to enable you to choose the best provider.

An address verification service:

Verify the address that has been provided to you and confirm this is current

Document validation check:

Validate the passport or driving licence and confirm this is a Government issued document and not a fraudulent copy.

Mortality check:

Confirm the person exists and is not deceased, as you may be dealing with someone who is an impersonator adopting a different identity.

Politically exposed screening:

Any match, be it a domestic or an international PEP, associated persons or family, requires an enhanced due diligence check to be carried out, along with the assessment of any risks involved with appropriate internal MLRO approval.

Sanctions screening:

Check your match is an exact match by comparing the photograph provided (where available) to identity documents and that dates of births are consistent.

Negative news check:

Are there any CCJ’s registered or is your client linked to any fraud or bribery allegations or convictions?

Bank details validation/verification check:

Where bank details have been provided, check these are legitimate as any errors may cause further delay in rectifying issues with the bank later.

When running e-verification checks it would be good practice to ask your provider to confirm searches do not:

• Affect the credit rating of the individual/corporate rating and;
• There is an audit trail of all searches ran and;
• The storage of such data is compliant with General Data Protection Regulation (“GDPR”)

As I have said, E-verification does not, on its own, fulfil the requirements of client due diligence. You should also consider:

What is the intended business relationship:

Don’t be afraid to confirm with the client the details of the work you are proposing to do for them and whether this is a one-off transaction or an ongoing business relationship.

Are source of funds consistent with the business:

Is a UK or an international bank used to process the transaction and where is the money due to come from?

Additional requirements

Consider any requirements for lenders to see physical identity documents to combat identify fraud.

Get in touch

To find out more about the AML services we have to offer, contact one of our experts today.

 

Writing a blog about becoming compliant with The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 is tricky. So much of what you will need to do will depend on the individual risk factors your firm faces. However, here are some things you should think about doing now.

1. Risk Assessment

You need to complete a risk assessment of your firm. I would look at the following areas, and establish the risk of your firm being targeted for money laundering:

• Who your clients are
• Where your clients, or their funds are coming from
• The services you are providing to your clients
• How you provide services to your clients
• Size and nature of your business

2. Policy review and amends

Once you have arrived at your risk assessment, you should review your policy. Make sure you amend reference to the 2007 regulations at the very least. It is likely that if you had assessed a client profile as needing enhanced due diligence, it will still be. However do review regulation 33 to see whether any changes are needed. You may find that you do not have to change the requirement to apply enhanced due diligence, although the process is very likely to change.

3. CDD Process

There are a number of practical changes you are likely to need to make to your CDD process

• You will need to expand the list of information you obtain regarding a corporate client to include information about its constitution, possible from review of the articles of association. This could add considerable time to the process.
• You will need to consider the impact of the change in the definition of beneficial owners in relation to trust which is now much wider.
• There the client is owned by a beneficial owner, you will also have to take reasonable measures to verify the identity of the beneficial owner so that you are satisfied you know who the beneficial owner is. Previously verification was only required on a risk sensitive basis.
• Review your process to identify if your client is a politically exposed person. Under the 2017 regulations a PEP includes domestic PEPs, and the definition has changed to include the governing bodies of political parties, and the boards of international organisations (think FIFA etc). You will need to ensure that a PEP is treated as such until 12 months after they have left post.

4. Internal Controls

First job is to decide whether your firm is of the size and nature where the controls detailed in regulation 21 should apply. You will have considered this as part of your risk assessment. I think having regard to the risk from the type of work you do; the visibility you have of the client and their source of funds will be factors you should consider. If you feel you are of the size and nature, you will need to

• Appoint a member of senior management to be responsible for compliance with the regulations
• Carry our screening of employees when they join the firm and ongoing, as to their skills and knowledge to carry out their functions effectively, and their conduct and integrity. You may already be doing this for some employees, such as conveyancers under the CQS requirements
• Establish an independent audit function. Provided that this function can assess the effectiveness of the policies, controls and procedures in place, make recommendations for improvements, and have those improvements implemented, it does not appear that it needs to be an external function.

5. Operational Issues

a.      Training

All relevant people will need to be trained on AML/CTF and the Data Protection aspect of the Regulations. Given the changes, you may need to look at training sooner rather than later.

 

b.      Record Keeping and Data Protection

• You need to make sure you keep records you obtain for AML for 5 years from the end of the business relationship
• After that time, you will need to destroy it unless you are required to keep it by Law, for Court Proceedings, or if the client consents. You will need to obtain this consent from the client
• You will also need to provide the client with Data Protection information as prescribed by the regulations

 

c.      Dealing with Bank queries on Pooled Client Account

Under the 2007 regulations, Banks could treat the PCA as a low risk product, as long as the firm produced upon request information about the identity of the persons on whose behalf monies are held.

The new Regulations say instead that a bank may apply SDD provided that the

• Holder of the bank account presents a low degree of risk, and
• Information on the identity of the person on whose behalf monies are held in the PCA are available on request.

In my experience, very few firms have the relevant permission from the client to be able to share this information. You will need to ensure that you have explained to the client, that if the bank requests information about who you hold funds for, you will be required to provide that information, and that you have the client’s consent to do so.

Clearly there will be a lot of work to do over the coming months.

Get in touch

At Teal Compliance, we make complying easy with a range of AML services. To access support for your firm, simply get in touch with us today.