Implementing an Effective Anti-Money Laundering Policy | November 2007
By Jamie Curle, Dorsey & Whitney, London

The advent of new Money Laundering Regulations 2007 (the Regulations) in the UK will implement the EU’s Third Money Laundering Directive (the Directive). The Regulations, which will enter into force on 15 December 2007, require organisations falling with its scope to review and update their anti-money laundering (AML) procedures. Compliance can be a serious matter. The news has been recently filled with examples of high profile financial institutions in the US being found to have failed in their duties. Not only have those organisations suffered multi-million dollar fines, but their reputations have been potentially damaged as a result.

Being aware of the requirements of the Regulations and knowing how to implement them in your organisation is the best way to avoid breaching them and facing the risk of financial penalties and damage to your reputation. As the Regulations will apply to the UK entities of overseas companies active in the United Kingdom, they are of relevance to a vast number of international businesses.

The Money Laundering Regime
The Regulations will apply to credit institutions, financial institutions, auditors, insolvency practitioners, external accountants, tax advisers, independent legal professionals, trust or company service providers, estate agents, high value dealers and casinos. The Money Laundering Regulations 2003 required firms to put in place preventative measures and required them to

  • Know their customers, including conducting customer identification, verification and undertaking ongoing monitoring where applicable;
  • Maintain records of identity;
  • Train staff on the regulations; and
  • Report suspicions of money laundering or terrorist financing.

These remain in modified form but the Regulations introduce significant changes, which will require firms to also:

  • Vary customer due diligence according to the risk of money laundering or terrorist financing;
  • Carry out due diligence on beneficial owners; and
  • Carry out on-going due diligence.

Customer Due Diligence
The Regulations require firms in the regulated sector to have AML policies in place. A failure to have these in place will be punishable by a fine or up to two years’ imprisonment. Regulation 7 requires firms to carry out customer due diligence (CDD) when:

  • Establishing a business relationship;
  • Carrying out an occasional transaction;
  • There is a suspicion of money laundering or terrorist financing;
  • There is a doubt as to the veracity or adequacy of documents, data or information previously provided for the purpose of CDD.

Regulation 5 provides that CDD will entail:

  • Identifying the client and verifying their identity on the basis of documents, data or information obtained from a reliable and independent source;
  • Identifying where there is a beneficial owner who is not the customer, and taking adequate measures so that you are satisfied who the beneficial owner is. This will include understanding the ownership and control structure of a legal person, trust or similar arrangement; and
  • Obtaining information on the purpose and intended nature of the business arrangement.


Methods of identifying a customer or beneficial owner’s identity may include:

  • Obtaining or reviewing original documents;
  • Conducting electronic verification; or
  • Obtaining information from other regulated persons.

The table at the end of this article identifies the types of acceptable verification material by customer type. Where you are relying on a regulated person (for these purposes, an authorised credit or financial institution, or a regulated auditor, insolvency practitioner, external accountant, tax adviser or independent legal professional) to provide the verification material you will need:

  • The consent of the person on whom you are relying;
  • Agreement that they will provide you with the CDD material on request; and
  • The identity of their supervisor for money laundering purposes.

Simplified and enhanced due diligence
Regulation 13 permits “simplified due diligence”, which disapplies the requirement for CDD under Regulation 7 where you have reasonable grounds for believing that the customer falls within categories including the following:

  • The customer is a credit or financial institution subject to the requirements of the Directive;
  • The customer is a company whose securities are listed on a regulated market subject to specified disclosure obligations;
  • The customer is an independent legal professional; or
  • The customer is a public authority in the UK or which satisfies the requirements of Schedule 2 to the Regulations.

If there is a suspicion of money laundering or terrorist financing, Regulation 7 still applies so the required CDD outlined in Regulation 5 will still be necessary.

Simplified due diligence is also permitted for certain life insurance contracts, pensions, superannuation or similar schemes and certain low value electronic money transactions.

Regulation 14 requires “enhanced customer due diligence” and ongoing monitoring where:

  • The customer is not dealt with face-to-face;
  • The customer is a politically exposed person (or PEP, these include heads of state, heads of government, ministers and deputy or assistant ministers; members of parliament; members of supreme or constitutional courts; members of courts of auditors or of the boards of central banks; ambassadors, chargé d’affaires and high-ranking officers in the armed forces); or
  • There is any other situation which can present a higher risk of money laundering or terrorist financing.

Where a customer is not physically present for identification purposes you will have to take appropriate measures to compensate for the increased risk, including:

  • Establishing identity by additional documents, data or information;
  • Taking supplementary measures to verify or certify the documents provided, or require confirmatory certification from a credit or financial institution subject to the Directive;
  • Ensure that the first payment is made through an account opened with a credit institution and in the customer’s name.

Where the customer is a PEP you will need to take the following steps to deal with the heightened risk as follows:

  • Have approval from senior management for establishing the business relationship;
  • Take adequate measures to establish the source of wealth and source of funds involved in the business relationship/transaction; and
  • Conduct enhanced ongoing monitoring of the business relationship.

The Regulations do not provide any guidance as to the measures to be applied to the final category but you should, applying a risk-based approach, consider whether it is appropriate to seek further verification of the customer’s or beneficial owner’s identity, obtain more detail on the ownership and control structure of the customer, requesting further information on the ownership and control structure of the customer and/or conducting enhanced ongoing monitoring.

NOTE: Your AML policy will need to outline the CDD measures required for categories of customers and may include the following elements:

  • Instructions on when CDD should be conducted;
  • The information required to verify customer identity;
  • Directions on when simplified due diligence should occur;
  • The steps to be undertaken for enhanced due diligence; and
  • The process for ascertaining whether a customer is politically exposed.

The risk-based approach
Regulation 7(3) requires that CDD be carried out on a risk-sensitive basis depending on the type of customer, business relationship, product or transaction. Although you will not be able to avoid conducting CDD, you will be able to use a risk-based approach to determine the quality and the extent of the verification material required for CDD. Factors that you may consider in determining the risk presented by a specific client or retainer include:

  • Whether the customer is in a high risk category;
  • The quality of CDD material available; and
  • Whether the retainer involves elements which increase the prospects of money laundering or terrorist financing.

NOTE: Your anti-money laundering policy should record the risk level attributed to a file and why the CDD information was considered sufficient.

Ongoing Monitoring
Regulation 8 requires you to conduct ongoing monitoring of a business relationship on a risk-sensitive and appropriate basis. Ongoing monitoring requires scrutiny of transactions to be undertaken throughout the course of a relationship (including, where necessary, the source of funds) to ensure that transactions are consistent with your knowledge of the customer, his business and risk profile and to keep up to date the information obtained for the purposes of CDD.

You should stay alert to suspicious circumstances, which may suggest money laundering, terrorist financing or the provision of false CDD material, throughout the course of a business relationship. You should also consider updating CDD material when taking new instructions from a client and when you receive information of a change in customer identity details.

Record Keeping
Regulation 19 requires CDD material to be kept for five years from the end of an occasional transaction or business relationship.

NOTE: Your anti-money laundering policy should outline what records are to be kept, the form in which they are to be kept and the period of retention.

Nominated Officers and Disclosure
Regulation 20 (2)(d)(i) requires all firms in the regulated sector to have a nominated officer to receive disclosures under the Proceeds of Crime Act (POCA) and Terrorism Act and to make disclosures to the Serious Organised Crime Agency (SOCA). Businesses not within the regulated sector should also consider having a nominated officer in place.

The nominated officer will need to be of sufficient seniority to make decisions on reporting and also to enable them to have access to the firm’s client files and business information. The officer will need to ensure that the information, or other matters giving rise to knowledge or suspicions of money laundering, are reported where appropriate. His judgment in this regard must not be subject to the consent of anyone else within the firm.

NOTE: Your anti-money laundering policy will need to set out the requirements for making a disclosure under POCA and the Terrorism Act, which should include:

  • The circumstances in which a disclosure is required;
  • The circumstances in which information is to be provided to the nominated officer;
  • How and when a disclosure is to be made to SOCA; and
  • The importance of not tipping off .

Training
Regulation 20 requires firms to communicate their anti-money laundering policies to staff. Regulation 21 requires firms to provide staff with appropriate training on their legal obligations and on how to deal with money laundering and terrorist financing risks.

Verification of Customer Identity Table - Identifying the types of acceptable verification material by customer type.

Jamie Curle is Special Counsel in Dorsey & Whitney's London Advocacy Group and specialises in civil fraud and asset recovery, banking and financial services litigation and cross-border disputes.

Contact Details:
Tel: + 44 (0)20 7826 4573
Email: curle.james@dorsey.com

 
 
©2010 Dorsey & Whitney LLP >> Help Form >> Contact Us >> Privacy