- Being a member
- CIMA Professional Development
- Members in Practice
- Members' Handbook
- Money laundering regulations
- Anti money laundering guidance
- Registering for supervision
- Registering with CIMA
- How supervision will take place
- HMRC and anti-money laundering supervision
- Customer due diligence
- PEPs and enhanced due diligence
- Keeping records
- Suspicious activity reporting to SOCA
- Forty recommendations of the Financial Action Task Force
- Risk based approach to anti-money laundering
- Reliance on other professionals' CDD
- Professional clearance letters
- TCSPs
- Regulation of TCSPs
- Phishing
- Legal professional privilege
- Practising accountants who leave CIMA
- Regulations for Channel Islands and Isle of Man
- Legislation in the Irish Republic
Customer due diligence
Customer due diligence measures are a key part of the anti-money laundering requirements. They ensure that businesses know exactly who their clients are, ensure that they do not accept clients unknowingly which are outside their normal risk tolerance, or whose business they will not understand with sufficient clarity to be able to form money laundering suspicions when appropriate. If a business does not understand its client’s regular business pattern of activity it will be very difficult to identify any abnormal business patterns or activities.
While recognising that many external accountants are sole traders with limited staff and time, the possibility of ID fraud makes it vitally important that you, being subject to the Money Laundering Regulations 2007, carefully observe the necessary procedures of Customer Due Diligence (CDD). Section 5 of the new CCAB Anti Money Laundering Guidance is a detailed guide to the situation.
In addition to your normal considerations before entering a business relationship, customer due diligence must be exercised on an ongoing basis during the relationship, as part of regular monitoring of money laundering risks or occasioned by the client undergoing significant changes; it’s not a ‘one-off’. You should therefore consider reviewing customer due diligence and other client information on a periodic basis, as well as in response to perceived risks. This approach must also be used for renewal of CDD relating to pre-existing clients.
Identification and verification of identity procedures should normally be completed before entering into a business relationship. This applies also to occasional transactions. ID procedures are also required at other times, for example when there is a suspicion of money laundering or terrorist financing, or where there are doubts about the sufficiency of identification information already held. And it’s not only a question of identifying the client, but also of finding information on the purpose and intended nature of the business relationship.
There are three basic types of CDD (formerly known as “know your customer” or KYC). These are normal, simplified and enhanced. Simplified due diligence is intended for use when for instance your client meets certain criteria. A business is not required to apply the customer due diligence measures laid out in Money Laundering Regulation 7, where the business has reasonable grounds for believing that a client falls into the relevant categories.
The main categories of relevance to those providing defined services and therefore only requiring Simplified Due Diligence are:
• credit or financial institutions subject to the provisions of the money laundering
directive or equivalent overseas requirements
• companies listed on a regulated EEA market or equivalent overseas requirements subject to specified disclosure obligations
• UK public authorities and certain public authorities in the EU and EEA (or otherwise appropriate check and balance procedures exist ensuring control of the authority’s activity – MLR 2007 Schedule 2 paragraph 2) may well be of relevance to those providing defined services.
A risk-based approach to customer due diligence will also identify situations which can present a higher risk of money laundering or terrorist financing. Regulation 14 sets out a general provision that enhanced due diligence must be applied in such situations and means that your business must obtain additional customer due diligence information about your client. Such clients would certainly include the category now known as ‘Politically exposed persons’ or PEPs; for instance, a person ‘…who is or has, at any time in the preceding year been entrusted with a prominent public function by a state other than the United Kingdom, a community institution or an international body’, or a family member or known close associate of such a person. Details of what are considered to be prominent public functions are shown in Schedule 2 of the Money Laundering Regulations 2007, paragraph 4(1)(a).
Businesses need to consider whether there are any particular steps they wish to specify for use in higher risk cases to increase the depth of customer due diligence, such as seeking out wider information from extensive internet and press searches concerning the potential client, its key counterparties, its sector and jurisdiction, or possibly using subscription databases which provide a quick way of accessing public domain information and in many cases provide links to persons or companies known to be associated with the potential client (see sections 5.54 to 5.55 of the CCAB guidance for information on electronic identification).
One major difficulty is the identification of true owners or beneficial owners. Information may be extremely difficult to obtain, if not impossible (for instance, the beneficial owners of a trust may not yet even be born). Businesses might, as appropriate to their risk assessment, check the names of new clients against lists of known terrorists and other sanctions information (the Bank of England maintains the UK list of these persons and businesses but recourse may be had to further lists such as those issued by the UN and the US Treasury Office of Foreign Assets Control or OFAC). Some electronic resources also include an automated check against this information as part of the product.
Section 5A of the CCAB guidance offers a useful list of prompts - questions that you should ask yourself before taking on a new client. Section 5B lists out examples of sources that can be used for verification of clients, both individuals and entities. There is a lot to absorb, but you will find these two sections very helpful in producing your own policies for CDD of your clients.