The new Money Laundering regulations came into force on 26th June 2017.
The new regulations will have an impact on all Practice Licence holders and the key points are summarized here:
Written AML Risk Assessments plus Written Policies and Procedures
The new regulations require much more compliance to be evidenced by way of written documentation. ICB practices are already required to assess the risk of their firm’s exposure to money laundering by using The ICB AML Online software. However, whilst policies and procedures may be in place to meet the requirements of the regulations, they may not be set out in writing. To help members with this, ICB already provides members with a Policies & Procedures template, which they are asked to complete, sign and retain for inspection by ICB or any other regulatory body, such as HMRC. This might be revised to reflect changes in the updated regulations but, if this is case, all members will be notified. But in the new regulations it becomes a legal requirement to have an up-to-date written risk assessment which feeds into the policies and procedures which must also be set out in a written document. ICB will work with members to develop a standard template that can be customised to suit your practice. ICB can request sight of these policies and procedures as part of its supervisory function. A written record of training that you and your staff have been given must also be kept and be available to ICB on request.
Changes to Client Due Diligence (CDD)
The new regulations give more detail on what is considered a high risk matter and the extra checks which are needed. The intention is to have a list of high risk countries as identified by the European Commission and if any transactions involve those countries, enhanced CDD and additional risk assessment will be compulsory. Written records will again be a key issue here. The regulations keep the core requirement that you must perform client due diligence before you establish a business relationship and also when you identify any factors relevant to your risk assessment that have changed. These may include:
- Your client’s identity has changed
- You have identified a transaction that isn’t consistent with your knowledge of your client
- The services you are providing to your client have changed, without obvious good reason
- You must still identify and verify the owner and the beneficial owner but the regulations state that you can’t rely solely on Companies House.
There are three key changes to the CDD requirements:
- You must now also complete CDD where you only perform company formation services, even if that service is a one-off service for that client.
- You must also identify and verify the identity of a person purporting to act on behalf of your client.
- You must obtain and verify the name of the body corporate, its registration number, its registered address, and principal place of business. You must also take reasonable measures to determine and verify the law to which it is subject, its constitution (set out in governing documents) and the names of the board of directors and its senior management.
Whilst the new regulations allow the use of Simplified Due Diligence (SDD), ICB feels that this is inappropriate and requires members to continue to carry our normal CDD in all cases except where Enhanced Due Diligence (EDD) is appropriate. This helps by removing from ICB members the onus of deciding when SDD can be used.
Reliance on third parties
If you are relying on a third party for CDD you must immediately obtain from the third party all the information needed to satisfy the requirements of the regulations regarding your client’s beneficial owner, or any person acting on behalf of the customer; and you must enter into written arrangements with the third party which enable you to obtain copies from the third party immediately on request copies of any identification and verification data and any other relevant documentation on the identity of the customer, customer’s beneficial owner, or any person acting on behalf of the customer.
Politically Exposed Persons (PEPs)
The previous regulations relating to foreign PEPs will be extended to UK PEPs. This is likely to mean that when taking on a UK based client it will be necessary to ask more about their occupation and family and business connections to be sure that all relevant individuals are identified.
From a practical perspective, ICB practices may want to reconsider the use of online checks to identify PEPs and should tell the MLRO about any existing clients who have connections with politics or government.
FCA have also published draft guidance on the treatment of PEPs.
There will be tougher rules on checking the beneficial owners of trusts. The definition of the beneficial owner has been expanded and will include the settlor, trustees, beneficiaries and anyone with control of the trust. Practices must verify beneficial ownership. Trustees will have to keep a record of the beneficial owners. A register of trusts will be maintained by HMRC.
The regulations now set out precisely what information must be obtained and verified in relation to companies and LLPs which must include:
- Company name and number
- Registered office and place of business
- All relevant governing documents
- Names of board members and senior management
This information can all be obtained through the online Companies House records.
As before, beneficial owners will have to be identified.
Additional responsibilities for MLROs and Senior Management
Firms, other than sole traders and firms with no more than 3 employees*, must now appoint a money laundering compliance principal (MLCP) and that individual must be on the board of directors (or equivalent management body), or a member of senior management, where appropriate to the size and nature of the business.
*More detailed guidance on all of these matters will be included in the revised CCAB guidance that ICB will share with members later in the summer. If you have any queries relating to these regulations please contact ICB on: