FAQ's Money laundering Compliance

Here is a range of standard questions asked from those new to the compliance regime. For details of the services BTC offer visit our Money Laundering Compliance website (opens new window).

(a) What are the Money Laundering Regulations?

The ML Regulations are the UK's secondary legislation in the AML/CFT regime. they where first introduced in 1993 and the 2007 Regulations are just the latest version. The 2003 Regulations, effective 1 March 2004 bough the professional such as the accountant, estate agent or solicitor into the regulated sector. The Regulations are activity based so therefore does not discriminate between the qualified or the unqualified.

The Regulations are for firms to adopt policies and procedures to reduce the risk of money laundering taking place within their business. They are to help the individual fulfil their obligation to report suspicious activity under POCA.

The 2007 gives rise to compulsory registation and supervision for compliance for all firms in the regulated sector regardless of membership of professional associations. The 2007 regulations also give rise to the "risk based" approach under which firms assess their risks according to a number of criteria and operate their polices and procedures according to that risk assessed and then demonstarte that to their supervisor. 

(b) What is the Proceeds of Crime Act 2002 (PoCA)?

POCA is the UK's primary money laundering legislation. 

Chapter 7 sets aout the predicate offences of money laundering applicable to all, S327 Conceals, S328 Arrangement and S329 and Aquires.

Chapter 7 is also the area that concerns the professional in the regulated sector. It places a responsability on all employees in the regulated sector to report suspicious activity when they have "reasonable grounds to suspect" that money laundering is taking place. The responsability for compliance is placed upon the individual, not a firm. S330 is the offence of failing to report. 

There is no de-minimus limit on the perceived value of the crime to be reported. A £10 proceed is to be treated the same as a £10,000 proceeed. Tax evasion is given no special status as a crime and is to be treated the same as any other type of crime.

(c) What is an external accountant?

The CCAB Guidance on this point says:  "Regulation 3(7) defines external accountant as someone who provides accountancy services by way of business to other persons, when providing such services.

Accountancy services include the recording, review, analysis, calculation or reporting of financial information and covers professional bookkeeping services, preparing or signing accounts or certificates of financial information concerning a person’s or organisation’s financial affairs, and advising on tax.

Tax advice is widely interpreted and includes tax compliance services such as assisting in the completion and submission of tax or duty returns. Businesses assisting in the completion and submission of tax returns in relation to any tax will fall within the scope of the Regulations. Businesses providing advice relating to the liability of a particular commodity to a tax or duty or the amount of tax or duty due will also fall within the scope.

Therefore any bookkeeper, payroll bureau, accountancy service provider, tax advisor of any grade or level, qualified or unqualified will have obligations under POCA and if operating as a businesses will have an obligation to register for compliance supervision before commencing businesses.

(d) I am an accountancy service provider, who is my supervisor?

Professional Bodies

1. Association of Chartered Certified Accountants
2. Institute of Chartered Accountants in England and Wales
3. Institute of Chartered Accountants in Scotland
4. Institute of Chartered Accountants of Ireland
5. Association of Accounting Technicians
6. Association of International Accountants
7. Association of Taxation Technicians
8. Chartered Institute of Management accountants
9. Chartered Institute of Public Finance Accountants
10.Chartered Institute of Taxation
11.Insolvency Practitioners Association
12.Institute of Certified Bookkeepers
13.Institute of Financial Accountants
14.International Association of Bookkeepers

Members of the above professional bodies will be supervised for complaince under their relevant professional assurance scheme and subject to the relevant members disiplininary codes of prectice.

All other firms undertaking relevant activity by the way of business in the accountancy sector will register with HMRC for supervison www.hmrc.gov.uk/mlr

(e) I am an estate agent who is my supervisor?

The Office of Fair Trading (OFT) is the supervisory authority for estate agents who fall under S1 of the Estate Agents Act 1979. Enforcement and monitoring visits will be conducted by officers of TSS locally.

(f) What is my supervisor looking for me to do?

In simple terms there are four main things which all firms must do and be able to demonstrate compliance to a Supervisor, they are:-

1. Your firm must adopt appropriate policies and procedures for compliance for which the MLRO must implement into the systems of the firm.
2. Ensure that all staff have adequate training on understanding their roles and responsibilities under the UK’s AML regime, the offences for ML and procedures including client due diligence and reporting.
3. Conduct client due diligence (CDD) procedures on all clients no matter how long they have been clients, including those pre 1 March 2004 clients at an appropriate time, including risk assessment, identity and verification and ongoing monitoring. 
4. Implement a reporting regime for the reporting of Suspicious Activity Reports (SAR’s) to the Serious Organised Crime Agency (SOCA).  

You must ensure that all these policies & procedures, evidence of identity and account opening procedures, internal & external reports and any other AML procedural matters are documented correctly and records kept for a minimum of 5 years. 

(g) I am just starting out in business in the regulated sector, what should I do?

Your first requirement before commencing work is to be registered for compliance supervision with an appropriate supervisor. To commence in business without the appropriate registration means you are committing a criminal offence. The penalty for this is up to a maximum of £5,000 if the breach was a failure to take reasonable steps. However this can be increased if the breach was deliberate.

(h) What are the Specific Breaches of the Money Laundering Regulations?

The specific failings and breaches are;

• Regulation 7 – Failure to apply appropriate risk-sensitive customer due diligence measures
• Regulation 8 – Failure to apply appropriate and risk-sensitive ongoing monitoring of a business relationship
• Regulation 9 – Failure to comply with the requirements in timing of verification of identity of clients and any beneficial owner
• Regulation 11 – Continuing with transaction/business relationship where unable to apply customer due diligence measures
• Regulation 14 – Failure to apply enhanced client due diligence and ongoing monitoring where required
• Regulation 19 – Failure to keep the required records
• Regulation 20 – Failure to establish, maintain, monitor and manage the required risk based policies and procedures
• Regulation 21 – Failure to take appropriate measures to provide the required training
• Regulations 26, 27(4), 33 – Failure to comply with registration requirements specified by the commissioners

These breaches may attract civil or criminal procedures from your supervisor

(i) What is Customer Due Diligence?

Customer Due Diligence (CDD) is a key part of the anti-money laundering requirements. They ensure that businesses know who their clients are, what their clients business are and do. They help ensure that you do not accept clients unknowingly which are outside your normal risk tolerance, or whose business you will not understand with sufficient clarity to be able to form money laundering suspicions where appropriate. If businesses do not understand its client's regular business pattern of activity it would be very difficult to identify any abnormal or suspicious activity.

The 2007 Regulations provide an outline of the required components of CDD which is undertaken on a risk sensitive basis. Regulated firms need to ensure that these are integrated into client acceptance procedures and for the continuing monitoring of the business relationship. The three basic components are;-

(1) Identifying the client and verifying the identity of the client by obtaining evidence from documents, data or information obtained from indepenant and reliable sources.

(2) Identifying the beneficial owner(s) of a client, if there is one, so that the identity of the individual(s) who is the ultimate owner or controller is known and then verify their identities on a risk sensitive basis. Specific steps must be taken is ensure that the ownership and control structure is understood. 

(3) Information on the purpose and intended nature of the business relationship

(j) Characteristics and evidence of identity

The identity of an individual has a number of aspects: e.g., his/her given
name (which of course may change), date of birth, place of birth. Other facts
about an individual accumulate over time (the so-called electronic
“footprint”): e.g., family circumstances and addresses, employment and
business career, contacts with the authorities or with other financial sector
firms, physical appearance.

Evidence of identity can take a number of forms. In respect of individuals,
much weight is placed on so-called ‘identity documents’, such as passports
and photocard driving licences, and these are often the easiest way of
being reasonably satisfied as to someone’s identity. It is, however,
possible to be reasonably satisfied as to a customer’s identity based on
other forms of confirmation, including, in appropriate circumstances,
written assurances from persons or organisations that have dealt with the
customer for some time.

Evidence of identity can be in documentary or electronic form. An
appropriate record of the steps taken, and copies of, or references to, the
evidence obtained, to identify the customer must be kept.

(k) Ongoing Monitoring – What are the practical implementations for existing clients?

Do the requirements to carry out ongoing monitoring of customer due diligence measures and client’s business relationships mean that you must obtain a passport and utility bill from your existing clients or that you must investigate all the business affairs of your clients?

For many existing clients which date from 1 March 2004 you will have obtained verification of their identity under the 2003 regulations. For those clients you will need to consider whether the information you hold is sufficient, based on your risk assessment of the client , to demonstrate your have taken appropriate steps to verify the identity of your client and whether anything has changed in the period to render that information out of date. For clients whose situation, address, name and business has not changed since you last considered their identity we would suggest you need do no more than commit your risk assessment and review to the file.

For clients where the situation has changed or who predate 2004 you may well have obtained official verification of matters such as name and address through correspondence with government offices, bank statements and similar official channels. It is suggested that you undertake these checks during the planning for the next engagement for the client.

The key issues are:

• Have you undertaken a risk assessment of the client ?
• Do you have information which supports your verification of the client’s identity and which is consistent with your risk assessment?
• Can you demonstrate what you have done if asked to evidence your customer due diligence measures?