- Being a member
- CIMA Professional Development
- Members in Practice
- Members' Handbook
- Money laundering regulations
- Anti money laundering guidance
- Registering for supervision
- Registering with CIMA
- How supervision will take place
- HMRC and anti-money laundering supervision
- Customer due diligence
- PEPs and enhanced due diligence
- Keeping records
- Suspicious activity reporting to SOCA
- Forty recommendations of the Financial Action Task Force
- Risk based approach to anti-money laundering
- Reliance on other professionals' CDD
- Professional clearance letters
- TCSPs
- Regulation of TCSPs
- Phishing
- Legal professional privilege
- Practising accountants who leave CIMA
- Regulations for Channel Islands and Isle of Man
- Legislation in the Irish Republic
Keeping records
The United Kingdom Money Laundering Regulations became effective on 15 December 2007. They are clearer than previous regulations on matters like record keeping, internal procedures and training requirements. CIMA's Members in Practice are included in these regulations as 'external accountants', and CIMA will be their supervisory authority.
How long?
Regulation 19 states that you must keep records for at least five years beginning on the date on which the business relationship ends, or, in the case of occasional transactions, for five years beginning on the date on which the transaction is completed.
The period of five years will sometimes go beyond your retirement, and if you have only wound up your business (rather than sold it, or your share in it) or simply ceased to trade, you remain responsible for maintaining those files. In the event of the business continuing under new ownership, the new proprietor must accept responsibility for maintaining the relevant files, and this should clearly be part of the contract of sale.
Failure to retain records
Failure to maintain records or to retain them could result in your prosecution for prejudicing an investigation under the Proceeds of Crime Act 2002 (section 342). Paragraph 2 of this section reads:
'The person commits an offence if:
(a) he makes a disclosure which is likely to prejudice the investigation, or
(b) he falsifies, conceals, destroys or otherwise disposes of, or causes or permits the falsification, concealment, destruction or disposal of, documents which are relevant to the investigation.'
The penalties for this offence are considerable, and may include both a prison sentence and a substantial fine.
What must I keep?
The required records are (Regulation 19):
- a copy of, or the references to, the evidence of the customer's identity obtained at the start of the business relationship (Regulations 7, 8, 10, 14 and 16(4) refer)
- the supporting evidence and records (consisting of the original documents or copies admissible in court proceedings) in respect of the business relationship and occasional transactions which are the subject of customer due diligence.
This implies that you should keep annotated copies of passport pages or other identity documents, evidence of domicile and if appropriate of any company involved.
Regulation 20 goes on to require you, as a relevant person, to:
- establish adequate, risk-sensitive and appropriate policies and procedures relating to:
- customer due diligence
- reporting
- record-keeping
- internal control
- risk assessment and management
- compliance management; and
- communication
in order to forestall and prevent operations related to money laundering or terrorist financing.
You are also required to pay attention to any activity which you regard as particularly likely, by its nature, to be related to money laundering or terrorist financing; in particular you should be alert to complex or unusually large transactions and any unusual patterns of transactions, which appear to have no economic or obvious lawful purpose. It may be difficult to interpret some records provided by clients, and if in doubt you should always question the client to verify the business in which he is involved, and keep a record of your conversation.
Internal reporting procedures
MLR 20 deals with your own internal reporting procedures. It says that a relevant person must maintain internal reporting procedures which require that:
(a) a person in his organisation is nominated to receive disclosures under Part 7 of the Proceeds of Crime Act 2002; and
(b) anyone in his organisation to whom information or other matter comes in the course of business as a result of which he knows or suspects or has reasonable grounds for knowing or suspecting that a person is engaged in money laundering must comply with Part 7 (of the Proceeds of Crime Act 2002).
This does not apply where the relevant person is an individual who neither employs nor acts in association with any other person. In simple terms, if you work on your own, you do not need to appoint a separate money laundering reporting officer (MLRO), but otherwise anyone working for or with you has a legal duty to report suspicious activity to the appointed MLRO.
Training
Under Regulation 20, an external accountant (as a relevant person) must take appropriate measures so that all relevant employees of his are
(a) made aware of the law relating to money laundering and terrorist finance; and
(b) regularly given training in how to recognise and deal with transactions which may be related to money laundering or terrorist financing.
These last provisions are vital if you are to ensure that your clients are effectively monitored and your business adequately protected from involvement in crime. If you are a CIMA member, you should ensure that you include anti-money laundering training, whether self-taught or through attendance on a course, in your own continuing professional development programme.