Anti money laundering controls

Contents

What are anti-money laundering controls?

Anti-money laundering controls are policies and procedures that you must put in place within your business in order to prevent activities related to money laundering and terrorist financing.

They include assessing the risks of your business being used by criminals to launder money; verifying customers’ identity; monitoring customers’ transactions and reporting suspicious activity to the Serious Organised Crime Agency (SOCA); keeping the right records; and ensuring you have appropriate internal management controls.

You will need to ensure your staff are aware of the Regulations and trained to carry out the necessary anti-money laundering controls.

When do I have to put them in place?

For existing businesses you need to have these procedures in place on 15 December 2007.

If you are a new business you need to have anti money laundering controls in place and be registered with HMRC before you start trading.

How do I put anti-money laundering controls in place?

Systems of controls and procedures will defer according to the size and complexity of each business and the risks involved.

HMRC will not dictate what risk-based measures should be in place for your business, it is for you and your senior managers to decide on a reasonable approach which balances the costs to your business and your customers with a realistic assessment of the risks involved.

Businesses should keep relevant documents relating to the risk assessment and management procedures and processes.

Remember you should write down your risk-based policy and procedures and keep these documents up to date. HMRC will ask for details of your policies and procedures.

So I need controls and procedures, but what should they cover?

Your business should establish and maintain appropriate and risk sensitive policies and procedures relating to:

  • customer due diligence measures and ongoing monitoring
  • reporting
  • record keeping
  • Internal control
  • risk assessment and management
  • the monitoring and management of compliance
  • the internal communication of such policies and procedures.

What is a risk-based approach?

A risk-based approach means directing resources in accordance with priorities so that the greatest risk receives the highest attention.

This has been introduced to:

  • allow public authorities and businesses to concentrate resources in the areas of greatest risk
  • to avoid a 'tick-box' approach which can focus on a rigid system of control rather than the actual risks, which are in practice different for each business.

By adopting a risk based approach businesses are able to ensure that measures to prevent money laundering and terrorist financing are appropriate to the level of risk identified.

Applied appropriately this approach should allow businesses to be more efficient and effective in their use of resources, and minimise burdens on their customers.

What is customer due diligence?

Customer due diligence is the term used in the Regulations for the steps that businesses must take to:

  • Identify the customer and verify their identity using documents, data or information obtained from a reliable and independent source.
  • Identify any beneficial owner who is not the customer. This is the individual (or individuals) behind the customer who ultimately own or control the customer or on whose behalf a transaction or activity is being conducted.
  • Where a business relationship is established, you will need to understand the purpose and intended nature of the relationship, for example details of customer’s business or the source of the funds.

You must also conduct ongoing monitoring to identify large, unusual or suspicious transactions.

Where can I find full information?

Full details of anti money laundering controls including more information about a risked based approach and customer due diligence can be found in: