This is a question I get asked loads of times!
In fact, last week I had a client who has a policy of asking for ID for employees, and their client refused citing Data Protection concerns. I’m not planning to go into the data protection issues here, but instead whether you have to ask for it.
To get to the answer here, we need to start with the law.
The law requires, in connection with a client who is not a natural person (I prefer using the word human here!) that you need to obtain and verify certain information about entity. For a company that is
- company number,
- registered office,
- the law to which it is subject,
- its constitution,
- the full names of the board and senior persons responsible for it.
In addition, you need to identify and verify the ultimate beneficial owners.
So, do we need ID from directors, or people who instruct us on behalf of a company?
In the original 2003 Money Laundering Regulation it was a requirement to identify and verify at least 2 directors, but this was removed by the 2007 regulations. I’ve found despite this change many firms still have that process, whether as a legacy from the original regulations or as a risk management measure – so that they have proof a real person is connected with the company. After all, the whole point of passports and utility bills is so you can tell the police which door to knock on, to talk to about the entity.
I think many of the more recent queries I have had come from confusion arising from Money Laundering and Terrorist Financing Regulations, which introduced in 2017 Regulation 28(10).
(10) Where a person (“A”) purports to act on behalf of the customer, the relevant person must—
(a) verify that A is authorised to act on the customer’s behalf;
(b) identify A; and
(c) verify A’s identity on the basis of documents or information in either case obtained from a reliable source which is independent of both A and the customer.
There was concern when this first came in that an employee or director might be thought to be purporting to act on behalf of the client. Fortunately, the Legal Sector Affinity Group Guidance helps here:
Examples of someone purporting to represent might include:
- a parent on behalf of an adult child.
- an individual not employed by your client; or
- a situation where the instructing persons authority to instruct is not clear or does not make sense.
Someone employed by your client (depending on their position or seniority) or a director of your client may be considered as having apparent or ostensible authority to provide instructions on behalf of the client, though you may seek comfort of this on a risk sensitive basis. They should not be considered to be intermediaries, agents, or representatives. Where it is not clear or apparent what their authority to instruct on behalf of the client is, CDD should not be considered to be complete.
Accordingly, it is now much clearer in that “purports to act” is not intended to mean officers or employees of a company. That said, many firms still do carry out individual CDD on Directors and sometimes on employees instructing who are not directors, and whilst that is not required by the Regulations, it can be useful to provide an audit trail for the client in case you are challenged later on as to why you acted on instructions provided on behalf of the non-human client.