If your business is regulated by the Money Laundering Regulations you have certain day-to-day responsibilities. These include carrying out 'customer due diligence' measures to check that your customers are who they say they are.
You must also put in place internal controls and monitoring systems. The nature of these controls will depend on the size and complexity of your business, including the number of customers you have and the number and type of products and services you provide.
On this page:
Customer due diligence means taking steps to identify your customers and checking they are who they say they are. In practice this means obtaining the following from a customer:
The best way to do this is to ask for a government issued document like a passport, along with utility bills, bank statements and other official documents. Other sources of customer information include the electoral register and information held by credit reference agencies such as Experian and Equifax.
In situations where it's relevant, you also need to identify the 'beneficial owner'. This may be because someone else is acting on behalf of another person in a particular transaction. Or it may be because you need to establish the ownership structure of a company, partnership or trust.
As a general rule, the beneficial owner is the person who's behind the customer and who owns or controls the customer. Or it's the person on whose behalf a transaction or activity is carried out.
If you have doubts about a customer's identity, you mustn't continue to deal with them until you're sure.
You must apply customer due diligence measures:
A business relationship is one that you enter into with a customer where both of you expect that the relationship will be ongoing. It can be a formal or an informal arrangement.
When you establish a new business relationship you need to obtain information on:
The type of information that you need to obtain may include:
You need to keep up-to-date information on your customers so that you can:
Changes of circumstance may include:
You must carry out customer due diligence measures when your business carries out occasional transactions. These are transactions where the value is 15,000 Euros (or the equivalent in sterling) or more, that aren't carried out within an ongoing business relationship. This applies whether it's a single transaction or linked transactions.
Linked transactions are individual transactions of less than 15,000 Euros that have been deliberately broken down into separate, smaller transactions to avoid customer due diligence checks. Your business must have systems in place to detect potentially linked transactions.
Once a potentially linked transaction has been identified, you need to decide if it has been deliberately split. Some issues to consider are:
In certain circumstances, you also have to carry out customer due diligence measures for occasional transactions that are worth less than 15,000 Euros. For example, you must do this when the nature of a transaction means that there's a higher risk of money laundering.
In some situations you must carry out 'enhanced due diligence'. These situations are:
The enhanced due diligence measures for customers who aren't physically present and other higher risk situations are broadly the same and include:
The enhanced due diligence measures when you deal with a politically exposed person are:
Where your customer is a money transmitter or currency exchange office you should seriously consider applying enhanced due diligence. This situation presents a higher risk of money laundering or terrorist financing because the money you receive will be a “bulk transfer” representing a collection of underlying transactions placed with your customer. The extent of enhanced due diligence measures you apply should be based on the risk and circumstances of each case.
At the very least you must get the number of underlying transactions of each bulk transfer made to you by your customer. This information will allow you to check that the number and average value of transactions is consistent with the level of business you anticipated when you began your business relationship. It will also give you an indication of risk, particularly where either the number of underlying transactions or the average transaction value is significantly above what you expected. In such cases you must establish and record why it is different. Where you consider there is a risk you must undertake checks to ensure that your customer is carrying out due diligence (and if a money transmitter is involved obtain 'Complete Information on the Payer'). This will include checking the relevant records for specific transactions.
Where your customer is a money transmission business you should check that they are registered/authorised with the Financial Conduct Authority (FCA). Businesses carrying out money transmission that are not registered with, or authorised by, the FCA cannot lawfully provide payment services in the UK. If your customer is not properly registered you should decline the transaction.
A financial corridor is a term used in describing remittances to high risk jurisdictions that may be sent through other countries. For example, money for some high risk jurisdictions such as Pakistan can go through the United Arab Emirates (UAE) before being finally sent to Pakistan. UAE in this instance is being used as a financial corridor. Since the transactions from UK to UAE and then from UAE would be treated as separate transactions, establishing the ultimate beneficiary of the transaction is made more difficult for Money Service Businesses in the UK. Therefore these transactions should be treated in the same way as transmissions to high risk jurisdictions. Since there is a risk that this process is being used to hide the identity of the ultimate beneficiary, we would expect you to treat these transactions as higher risk and to check carefully to ensure you prevent any potential money laundering.
It is not possible to provide businesses with a definitive list of ‘high risk’ jurisdictions which may be more likely to receive funds through a financial corridor as these will change frequently. However, where you operate with high risk jurisdictions, for example Pakistan, you should seriously consider enhanced due diligence where you establish that the ultimate beneficiary is based in a different region from the receiving Money Service Business. You should do this by reviewing the countries where individuals or entities are based, as indicated by the sanctions list which can be found on the HM Treasury website (Opens new window).
To help you decide what you consider as high risk you should also regularly check the Financial Action Task Force (FATF) website which has an up to date list of high risk and non cooperative jurisdictions. Go to High-risk and non-cooperative jurisdictions (Opens new window).
You should consider enhanced due diligence on transmissions to jurisdictions which you judge may be a risk and/or are more likely to receive funds through a financial corridor, even if they are not listed on FATF. You should do this especially where the transaction is:
Where the transaction is for charitable purposes you should get details of the charity and carry out relevant checks to verify their charitable status. If it is a UK based charity, this can be done by checking that it is registered with the Charity Commission and that the person requesting the transfer is an official of the charity, such as a trustee.
You must make sure that your business has adequate internal controls and monitoring systems. These should alert you and other relevant people in your business if criminals try to use your business for money laundering. Once you've been made aware of a potential threat, you can take steps to prevent it and report any suspicious activity.
Your controls should include:
A policy statement is a document that includes your anti-money laundering policy and the procedures your business will take to prevent money laundering. The document provides a framework for how your business will deal with the threat of money laundering. It should name relevant individuals and set out their responsibilities. Even if your business is small, it's a useful tool for focusing your mind and those of your employees, if you have them, to make them constantly aware of the risks.
The exact contents of your policy statement will depend on the nature of your business. But it's likely to include:
It's very important that you keep a record of all customer due diligence measures that you carry out, including customer identification documents that you've obtained. By keeping comprehensive records you'll be able to show that your business has complied with the Money Laundering Regulations. This is crucial to protect your business if there's an investigation into one of your customers.
The types of record you keep may include:
You can keep your records in any of the following formats:
You must keep your records for five years beginning on either:
There's comprehensive sector specific guidance on your responsibilities under the Money Laundering Regulations. Follow the links below for HM Revenue & Customs leaflets on 'Money Service Businesses', 'High Value Dealers' and 'Trust or Company Service Providers'.
If your business is an 'Accountancy Service Provider' you can get more information from the Consultative Committee of Accountancy Bodies leaflet 'Anti-money laundering guidance for the accountancy sector'