Do you have to collect CDD on employees of clients?

British passports (red)


This is a question I get asked loads of times!

In fact, last week I had a client who has a policy of asking for ID for employees, and their client refused citing Data Protection concerns. I’m not planning to go into the data protection issues here, but instead whether you have to ask for it.

To get to the answer here, we need to start with the law.

The law requires, in connection with a client who is not a natural person (I prefer using the word human here!) that you need to obtain and verify certain information about entity. For a company that is

  • name,
  • company number,
  • registered office,
  • the law to which it is subject,
  • its constitution,
  • the full names of the board and senior persons responsible for it.

In addition, you need to identify and verify the ultimate beneficial owners.

So, do we need ID from directors, or people who instruct us on behalf of a company?

In the original 2003 Money Laundering Regulation it was a requirement to identify and verify at least 2 directors, but this was removed by the 2007 regulations. I’ve found despite this change many firms still have that process, whether as a legacy from the original regulations or as a risk management measure – so that they have proof a real person is connected with the company. After all, the whole point of passports and utility bills is so you can tell the police which door to knock on, to talk to about the entity.

I think many of the more recent queries I have had come from confusion arising from Money Laundering and Terrorist Financing Regulations, which introduced in 2017 Regulation 28(10).

(10) Where a person (“A”) purports to act on behalf of the customer, the relevant person must—

(a) verify that A is authorised to act on the customer’s behalf;

(b) identify A; and

(c) verify A’s identity on the basis of documents or information in either case obtained from a reliable source which is independent of both A and the customer.

There was concern when this first came in that an employee or director might be thought to be purporting to act on behalf of the client. Fortunately, the Legal Sector Affinity Group Guidance helps here:

Section 6.6

Examples of someone purporting to represent might include:

  • a parent on behalf of an adult child.
  • an individual not employed by your client; or
  • a situation where the instructing persons authority to instruct is not clear or does not make sense.

Section 6.14.9

Someone employed by your client (depending on their position or seniority) or a director of your client may be considered as having apparent or ostensible authority to provide instructions on behalf of the client, though you may seek comfort of this on a risk sensitive basis. They should not be considered to be intermediaries, agents, or representatives. Where it is not clear or apparent what their authority to instruct on behalf of the client is, CDD should not be considered to be complete.

Accordingly, it is now much clearer in that “purports to act” is not intended to mean officers or employees of a company. That said, many firms still do carry out individual CDD on Directors and sometimes on employees instructing who are not directors, and whilst that is not required by the Regulations, it can be useful to provide an audit trail for the client in case you are challenged later on as to why you acted on instructions provided on behalf of the non-human client.


Get in touch

For more information about our AML services, please get in touch with one of our helpful experts.


Testimonial from Right Legal
"We have been using Teal to support our compliance frameworks, and every aspect of our experience with them has been fantastic. From the training to the audits, and especially the ‘Ask Teal’ helpline, nothing is too much trouble, and you get quick support from some of the industry’s best compliance experts. Just having them there to support our continued growth takes a huge weight off my mind. Highly recommend to firms of all size and structure!"
Get in touch
Testimonial from Constantine Law
"We rely on Teal Compliance to provide responsive, practical compliance services to Constantine Law (we do not have an in-house compliance officer/function). I would encourage all solicitor firms without their own resource to engage with Teal: they know what they are doing and they provide peace of mind regarding day-to-day compliance matters as well as responses to unforeseen (tricky) compliance matters. They have become an indispensable partner to Constantine Law in our growth journey."
Get in touch
Testimonial from Streathers Solicitors
"We have worked with Teal for several years. They have provided us with AML training and also helped us put together our firm-wide AML risk assessment and our updated AML policy, along with assisting us with various issues as and when they arose. We have always found them to be very helpful, friendly, responsive and knowledgeable, and are happy to recommend them."
Get in touch
Testimonial from Streathers Solicitors
"We have had a relationship with Teal for a number of years and they have provided a valuable resource to our compliance team. Teal combine the delivery of a personal and friendly service with city level expertise."
Get in touch
Previous slide
Next slide