Anti Money Laundering toolkit - AAT Anti Money Laundering controls in your business ... foundations...

AAT is a registered charity. No. 1050724

Anti Money Laundering toolkit

AAT is a registered charity. No. 1050724 2

Contents Introduction .............................................................................................................................................................. 5

1. Policies and procedures within your firm .......................................................................................................... 7

1.1. Developing Anti Money Laundering controls in your business ............................................................ 7

2. Assessing risks within your firm ..................................................................................................................... 12

2.1. What does risk mean in this context? ................................................................................................ 12

2.2. Identifying threats ............................................................................................................................... 12

2.3. Identifying vulnerabilities .................................................................................................................... 12

2.4. Assessing risk .................................................................................................................................... 13

3. Client due diligence procedures ..................................................................................................................... 25

3.1. Introduction ........................................................................................................................................ 25

3.2. The account opening procedures ...................................................................................................... 26

3.3. The identity of a customer/client ........................................................................................................ 26

3.4. Beneficial owners ............................................................................................................................... 27

3.5. Nature and purpose of the intended business relationship ............................................................... 28

3.6. Know Your Client (KYC) Information ................................................................................................. 28

3.7. Politically exposed persons (PEPs) ................................................................................................... 29

3.8. Prohibited relationships...................................................................................................................... 31

3.9. Reliance on third parties .................................................................................................................... 31

3.10. Subcontractors ................................................................................................................................... 33

3.11. Documentary evidence used as verification of identity ...................................................................... 34

3.12. Electronic verification of identity ........................................................................................................ 36

3.13. Customer not present ........................................................................................................................ 37

3.14. Mitigation of impersonation risk ......................................................................................................... 37

3.15. Verification of individuals ................................................................................................................... 38

3.16. Verification of sole trader or partnership businesses ......................................................................... 39

3.17. Verification of private companies, LLPs and limited partnerships ..................................................... 39

3.18. Listed or regulated financial and credit institution entities ................................................................. 40

3.19. Government bodies ............................................................................................................................ 40

3.20. Pension schemes ............................................................................................................................... 41

3.21. Charities, church bodies and places of worship ................................................................................ 42

3.22. Other trusts, foundations and similar entities .................................................................................... 43

3.23. Clubs and societies ............................................................................................................................ 45

3.24. Clients in care homes or in receipt of pension ................................................................................... 46

3.25. Gender reassignment ........................................................................................................................ 46

3.26. Students and young people ............................................................................................................... 47

3.27. Certification and annotation ............................................................................................................... 47

3.28. Non-compliance through client refusal .............................................................................................. 48

3.29. Insolvency cases ................................................................................................................................ 48


3.30. Ongoing monitoring of client relationships ......................................................................................... 49

4. The post SAR regime ..................................................................................................................................... 51

4.1. The key points .................................................................................................................................... 51

4.2. Continuing work in connection with a reported matter ....................................................................... 51

4.3. Requests for further information ........................................................................................................ 52

5. Staff training and record keeping ................................................................................................................... 55

5.1. Staff awareness and training – general legal obligations .................................................................. 55

5.2. Who should be trained? ..................................................................................................................... 55

5.3. What should training cover? .............................................................................................................. 55

5.4. How often should training be given? .................................................................................................. 56

5.5. Record keeping - general legal requirements .................................................................................... 56

5.6. The records that must be kept ........................................................................................................... 56

5.7. Persons who are relied on by another person to apply any customer due diligence measures ....... 56

5.8. Businesses which rely on another person to apply customer due diligence measures .................... 57

5.9. How long should records be kept? .................................................................................................... 57

5.10. In what format must the records be kept? ......................................................................................... 57

5.11. Penalties for failure to keep records .................................................................................................. 58

6. Business and Firms Management Policies and Procedures for reporting suspicious activity (SAR’s) .......... 59

6.1. Internal reporting ................................................................................................................................ 59

6.2. Suspicious activity reporting to the National Crime Agency (NCA) ................................................... 60

6.3. The meaning of knowledge, suspicion and reasonable grounds for knowledge or suspicion........... 60

6.4. Internal reporting procedures ............................................................................................................. 61

6.5. Making external reports to NCA ......................................................................................................... 61

6.6. Types of report ................................................................................................................................... 63

6.7. Confidentiality protections .................................................................................................................. 64

6.8. Non-POCA reporting .......................................................................................................................... 64

6.9. Guarding the confidentiality of a SAR ................................................................................................ 64

6.10. Tipping off .......................................................................................................................................... 65

6.11. Recognising money laundering ......................................................................................................... 65

6.12. Suspicion indicators ........................................................................................................................... 67

7. Tax practitioner’s specific guidance ............................................................................................................... 68

7.1. Tax practitioners, MLR 2007 and POCA ........................................................................................... 68

7.2. Overview of the tax sector ................................................................................................................. 68

7.3. What are the money laundering risks in the tax sector? .................................................................... 68

7.4. Tax offences ...................................................................................................................................... 69

7.5. Reluctance to correct past errors ....................................................................................................... 70

7.6. Intention to underpay tax ................................................................................................................... 70

7.7. Tax evasion ........................................................................................................................................ 71

7.8. Indirect tax ......................................................................................................................................... 72

7.9. Other offences applicable in VAT ...................................................................................................... 73

7.10. The privilege reporting exemption ..................................................................................................... 74

7.11. Examples of when the privilege reporting exemption might apply .................................................... 75

7.12. Examples of when the privilege reporting exemption is unlikely to apply .......................................... 76


8. Money Laundering and disclosures to HMRC ................................................................................................ 77

8.1. A questions and answers guidance note ........................................................................................... 77

9. NCA guidance ................................................................................................................................................ 80

9.1. Introduction ........................................................................................................................................ 80

9.2. What is a SAR? .................................................................................................................................. 80

9.3. Reason for suspicion ......................................................................................................................... 80

9.4. When do I submit a SAR? ................................................................................................................. 80

9.5. Is the information contained in the SAR I submit held securely? ...................................................... 80

9.6. May I inform a client/customer that I have made a report? ............................................................... 81

9.7. What is consent in relation to SARs? ................................................................................................ 81

9.8. How do I register with SAR Online? .................................................................................................. 81

9.9. How to report SARs ........................................................................................................................... 81

9.10. Basic structure of a SAR .................................................................................................................... 82

9.11. Completing all SAR information fields ............................................................................................... 84

9.12. Obtaining a defence against money laundering or terrorist financing ............................................... 88

9.13. General guidance ............................................................................................................................... 91

9.14. Contact details ................................................................................................................................... 92

9.15. Good practice tips .............................................................................................................................. 92

9.16. SAR glossary codes (as of September 2016) ................................................................................... 94

10. Checklist of legislation and information .......................................................................................................... 95

11. Supervision ..................................................................................................................................................... 96

11.1. Introduction ........................................................................................................................................ 96

11.2. AAT frequently asked questions about review visits ......................................................................... 97

11.3. Overview of the supervisory visit ....................................................................................................... 99

11.4. Specific failings and breaches of the MLR ........................................................................................ 99

11.5. MLRO checklist for a compliance visit and sample forms ............................................................... 101

11.6. AML - Client account opening form (individuals) ............................................................................. 102

11.7. AML - Client account opening form (companies) ............................................................................ 103

11.8. Completion Checklist – Highlight areas of risk ................................................................................ 104

11.9. Completion Checklist – Highlight areas of risk ................................................................................ 105

11.10. Client due diligence – risk assessment ............................................................................................ 106

11.11. Staff training record .......................................................................................................................... 107

11.12. Summary of SARs ........................................................................................................................... 108


Introduction

This toolkit is designed to help AAT Licensed members comply with the MLR 2007, Proceeds of

Crime Act 2002 (as amended) and Terrorism Act 2000 (as amended).

The toolkit is not a substitute for the law relating to money laundering. It has been designed to provide

a practical reference material for AAT licensed members. The information contained within has been

sourced with acknowledgments from relevant industry guidance and best practice including the Joint

Money Laundering Steering Group guidance (JMLSG), the CCAB guidance and HMRC MLR

guidance.

You should refer to this toolkit for practical tips on how to apply relevant sections of the legislation and

the money laundering guidance issued by AAT or other relevant professional bodies from time to

time.

As the law on money laundering and terrorist finance is fast changing, it is important that you keep

your knowledge up to date by attending regular training and accessing relevant industry guidance

resources. If you have any questions related to this document or to the AAT’s money laundering

supervision, please email us at [email protected] or call 020 7397 3014 to speak to

someone from the Professional Standards team.

Who should use this toolkit?

You will find this toolkit useful if you are a licensed member providing accountancy or bookkeeping

services.

The key UK legislation relating to money laundering is contained in:

The Proceeds of Crime Act 2002 (POCA) (as amended)

The Terrorism Act 2000 (TA) (as amended)

The Serious Organised Crime and Police Act 2005

The MLR 2007 (the Regulations)

Disclaimer

Although all reasonable care have been taken to ensure that the content of this toolkit is accurate and

reflects the law and industry best practice at the time of writing, members should always consider the

individual circumstances of the money laundering risks they or their businesses face. This toolkit does

not constitute legal advice and in certain circumstances, it may be necessary for members to seek

expert legal advice when assessing the risk of money laundering to their business. Compliance with

this toolkit is not a defence to the offences created under the Proceeds of Crime Act 2002 or any

other legislation.

AAT will accept no liability for loss caused to any person or entity as a result of acting or refraining to

act in accordance with any material in this toolkit. The risk assessment and other templates in this

toolkit are generic and given only as examples, you should consider the suitability of any templates for

your own business before using them. If you decide to use any of the templates, it is important that

you adapt such templates to your individual circumstance.

This edition

This is the December 2016 edition of the toolkit. You are responsible for updating your toolkit with changes

to guidance. AAT will make updates, which will be accessible via the MyAAT login on our website,

aat.org.uk

http://www.aat.org.uk/


Commonly used abbreviations

AML Anti Money Laundering

CDD Customer Due Diligence or Client Due Diligence

CTF Counter Terrorism Financing

EEA European Economic Area

FATF Financial Action Task Force on Money Laundering

HMRC Her Majesty’s Revenue and Customs

HMT Her Majesty’s Treasury

JMLSG Joint Money Laundering Steering Group

MLRO Money Laundering Reporting Officer

MLR MLR 2007

NCA National Crime Agency

PEPs Politically Exposed Persons

POCA Proceeds of Crime Act 2002

SAR Suspicious Activity Report to NCA

TA Terrorism Act 2000


1. Policies and procedures within your firm

1.1. Developing Anti Money Laundering controls in your business

The MLR 2007 (MLR 2007) require all bookkeeping and accountancy firms and businesses to

establish and maintain appropriate systems of internal control and communication in order to prevent

activities related to money laundering and terrorist financing. In simple terms this means that as

licensed members, you must ensure that you put policies and procedures in place that will alert your

staff and subcontractors in the firm (where relevant) to the possibility that criminals may be attempting

to use your services to launder money or fund terrorism. This creates a framework by which they can

take appropriate action to prevent or report it, safeguarding you and your firm from committing the

offence of money laundering. It also sends out a clear message to existing and prospective clients

that you are aware of, and will not tolerate abuse of your business.

You must ensure that your policies and procedures are capable of identifying unusual or suspicious

transactions or customer activity, and quickly reporting the details to the Money Laundering Reporting

Officer (MLRO), who is responsible for making a disclosure to the NCA under the terms of the

Proceeds of Crime Act 2002 (POCA) or the Terrorism Act 2000 (TA). If you are a sole trader, you will

automatically assume this responsibility.

The nature and extent of the policies and procedures you need will depend on a variety of factors,

including:

the nature, scale and complexity of your business

the type of products, customers, and activities involved

the diversity of operations, including geographical diversity

distribution channels

the volume and size of transactions.

These factors will inform the level of risk your business is exposed to. It is important that you assess

and understand the risks of your firm being used for money laundering. The MLR 2007 requires you

to adopt a “risk based approach” to your compliance approach. This means that you should focus

your attention towards your highest risk business areas and customers, and not put unnecessary

barriers up for those customers and areas which indicate low to no risk of money laundering or

terrorist financing. Risk is explained more in part 2 of this toolkit.

1.2. What policies and procedures do you need?

You must be able to demonstrate that you have:

identified and clarified senior management responsibilities, including who the firm’s MLRO is

where there is more than one partner, or person working for the business

a system of identifying and reporting on money laundering and terrorist financing risks and

suspicions (this is relevant to firms with employees specifically)

regular training of employees on the legal and regulatory responsibilities for money laundering

and terrorist financing controls and measures

written Anti Money Laundering/Counter Terrorist Financing AML/CTF risk management

policies and procedures

measures to ensure that you and your staff are alert to and addressing money laundering and

terrorist financing risks in the day to day operation of the business.


1.3. Ongoing quality control

You must carry out regular assessments of the adequacy of your policies and procedures to ensure

that they continue to manage the money laundering and terrorist financing risks effectively and are

compliant with the MLR 2007. You must therefore ensure that appropriate monitoring processes and

procedures are established and maintained to regularly review and test the effectiveness of your

policies and procedures.

This is consistent with the requirements of Practice Assurance Standard 4 on Quality Control.

You must test the effectiveness of the checks they make and also the areas and indicators of risk that

they have identified. A review should include consideration of the following areas:

Are there any areas of weakness in the business where appropriate risk-sensitive checks are

not being carried out in accordance with the MLR 2007 requirements and the business’s

policies and procedures?

Are correct records kept in respect of evidence of ID taken and other customer due diligence

checks?

Are there any new products, services or procedures that require risk assessment, appropriate

due diligence checks and internal controls putting in place?

You may find the sample Anti Money Laundering policy below useful in designing a compliance

management policy for your business.


1.4. SAMPLE - Anti Money Laundering policy

[INSERT FIRM NAME] Anti Money Laundering and Counter Terrorist Financing policy

statement

This policy sets out [INSERT FIRM NAME]’s commitment to understanding and minimising our risks in

relation to money laundering and terrorist financing so our services are not abused to legitimize the

proceeds of crime. Our commitment to this strengthens our goals of achieving good ethical business

and trading standards.

Our aim, by having robust policies and procedures and the creation of a compliance culture within the

firm, is to prevent money laundering and terrorist financing.

In order to achieve this we have undertaken the following:

1. Appointment of the nominated person/money laundering reporting office (MLRO)

The firm’s MLRO is:

………………………………….………………………………………………………………

Contact details

Internal phone extension …………………………………………………………..

Mobile phone number …………………………………………………………..

Email address …………………………………………………………..

The MLRO is available to discuss any matters relating to the firms policies and procedures relating to the MLR and helping you understand your obligations.

In the absence or sickness of the MLRO the following deputy/assistant MLRO has been appointed.

The firm’s deputy/ assistant MLRO is:

………………………………….………………………………………………………………

Contact details

Internal phone extension …………………………………………………………..

Mobile phone number …………………………………………………………..

Email address …………………………………………………………..


2. Establishment of internal procedures appropriate to the MLR to prevent money laundering and terrorist financing.

We have established appropriate and risk-sensitive policies and procedures relating to:

customer due diligence

reporting

record-keeping

internal control

risk assessment and management

compliance management; and

communication.

3. Establishment of internal training requirements so all individuals within the firm understand their responsibilities within the firms’ policy and procedures and their wider responsibilities under the UK’s Anti Money Laundering strategy.

To this end we will ensure all individuals within the firm are trained at regular intervals for:

awareness of the relevant legislation and any changes

understanding of their roles and responsibilities under the Anti Money Laundering regime

updates on particular threats and alerts for the firm or the profession

how to recognise potential suspicious activity

how to report suspicious activity

the firm’s exposure to risk

the firm’s client due diligence policies and procedures.

4. Record retention

We will retain the following records for five years after ceasing to act for a client:

client’s risk assessments

client ‘s identity and verification

client’s ongoing monitoring

staff training

internal reporting

external reporting.

5. Reporting suspicions

The firm through the MLRO has established procedures for assessing internal suspicious activity

reports and on the decision making process for external reporting. We have established

procedures for making suspicious activity reports to the National Crime Agency (NCA) and for the

secure retention and storage of internal and external reports.

6. Aiding law enforcement

The firm through the MLRO has established procedures for aiding any law enforcement agencies

who obtain money laundering investigation orders against our clients. These procedures relate to

the collation and secure retention of the information required and systems to ensure that

confidentiality of the client is maintained were necessary.


7. Staff and subcontractor commitment to the firms’ policy and procedures

It is important that our staff and subcontractors understand the compliance culture and the roles

and responsibilities placed upon them. Penalties imposed including fines and imprisonment can

apply to individuals as well as the firm.

So we must all:

ensure we understand the firms policy and procedures contained in this document, and ask

the MLRO if unsure

ensure that during the course of our work for the firm we don’t turn a blind eye to the obvious.

If we have doubts over the legitimacy of a transaction or event then we must follow

procedures to discuss the situation or make an internal suspicious activity report. It is only by

following these procedures we are protected from the possible penalties contained within the

legislation

remember not to speculate as to whether a crime has been committed. In order for a report to

be made there must be reasonable suspicion that a crime has been committed, the client

intended for a crime to be committed and there are proceeds of that crime. An innocent error

is not a crime, there has to be an element of intent

remember that we are not required to be an investigator that is the role of law enforcement,

neither are we judge nor jury

remember that ‘tipping off’ is an offence under the legislation. We must not discuss what we

may or may not report with the client and don’t make reports the topic of general conversation

within the office.


2.1. What does risk mean in this context?

You will see references throughout the MLR 2007 to “on a risk sensitive basis”.

Risk in this context is the possibility that your firm will be used by criminals to disguise the proceeds of

crime and present them as being from a legitimate source. These risks will materialise when an

external threat is able to exploit vulnerability within your firm’s infrastructure to achieve its intended

outcome.

Your policies and procedures should safeguard your firm from this happening, but this will only be the

case when you have fully reviewed and assessed where these threats might arise from and where

your firm may be vulnerable to such exploitation. You must focus resources to higher risks, and avoid

placing unnecessary burdens on lower risk clients. This manages compliance costs and burdens to

both your business and your clients.

Not every business will have the same approach to risk. Smaller businesses are more likely to have a

lower appetite for risk because of the limited resources available to manage risk. Larger firms will

have access to more resources to address risks, and may therefore take on riskier business. The

purpose of the MLR 2007 is to prevent criminals from accessing financial services, but an unintended

consequence has been that firms have been “de-risking”. De-risking means that instead of managing

high risk clients, firms refuse to deal with those they class as high risk in the name of “AML

compliance”. This is not a requirement of the regulations.

2.2. Identifying threats

The threats your firm faces will depend on many factors, including your clients and how your source

them, the services you offer and how they intend to use them, and the geographic spread of your

client base.

An example of a threat might be a criminal seeking to disguise the criminal origins of their piles of

cash by buying a business (let’s take for example a chip shop).

You may find Table 1 on page 16 helpful in assessing the level of risk posed by your clients. In

addition to this overview, you must assess the risk of each of your clients individually.

2.3. Identifying vulnerabilities

Vulnerabilities are characteristics of your firm which can be exploited by the threat to launder the

proceeds of crime.

Let’s use as an example a junior member of the team who provides administrative support accepting

a new client to your firm. Two vulnerabilities potentially arise from this. Firstly, because they are a

junior member of the team, they lack the experience to know how to on-board a new client. The

second vulnerability is that because their role is administrative, they have not received AML training,

and do not understand the obligations on the firm in respect of AML compliance.

You may find Table 3 on page 18 helpful in assessing where your business is most likely to be used

by criminals.

2. Assessing risks within your firm


2.4. Assessing risk

In order to evaluate the severity of a risk, you need to think about the impact of that risk if it occurs,

and the likelihood of it occurring in your firm.

2.4.1. Measuring impact

We recommend that you can use five categories of impact as follows:

Limited Minor Moderate Major Catastrophic

1 2 3 4 5

Each category of impact is accompanied by a score. You will see as the impact increases, the

number gets higher.

You will need to put criteria in place in order to decide how to measure whether something fits into

each of the categories. This will entirely depend on the approach you take to assessing your risks, but

here is an example of how that might look, with examples of how the assessment might look at each

end of the scale:

Limited Minor Moderate Major Catastrophic

Value of

transaction or

service

Very limited value,

and not systemic

Unlimited funds

systemically

laundered

Reputation No impact on

reputation

Business fails as a

result of publicity

Reach Isolated to your firm Systemic abuse of the

regulated sector (e.g.

lawyers, banks,

insurers and money

service businesses all

used).

Resources Minimum resources

required to address

risk

Resource

requirements far

exceed the firm’s

ability to manage the

risk


2.4.2. Measuring likelihood

Your resource will be most efficiently expended on those risks which are likely to materialise more

often. Therefore you need to evaluate how often these risks could materialise. This process is

measuring the likelihood.

You could use the following categories to measure your likelihood:

Rare Unlikely Possible Probable Highly probable

Measure of occurrence

<5% 6-20% 21-40% 41-60% >60%

Score 1 2 3 4 5

There are a number of different factors you can feed into your likelihood assessment which will stem

from a combination of factors. The assessment of your clients you have undertaken in Table 1 will

help you to identify the percentage of your client base that a particular risk might be triggered by.

For example, the threat of a criminal buying a high volume cash business to launder his funds. If 22%

of your client base is made up of cash based businesses, then you may conclude that on the face of

it, it is “possible” that your business could be used for money laundering. This would then generate a

score of 3 for the purposes of your risk assessment.

2.4.3. Concluding the overall level of risk

The overall risk score is calculated using the following formula:

Likelihood x Impact²

You need to weight the score towards the impact because this ensures that your resource is targeted

at activity which presents the highest risk to your firm. If you do not do this, you will find that a highly

probable risk with minor consequences commands exactly the same score (and therefore response)

as one which is rare, but with severe consequences. The following table demonstrates how you can

use these scores to identify the overall level of risk:

5-HIGHLY PROBABLE 5 20 45 80 125

4-PROBABLE 4 16 36 64 100

3-POSSIBLE 3 12 27 48 75

2- UNLIKELY 2 8 18 32 50

1- RARE 1 4 9 16 25

1- Limited 2- Minor 3- Moderate 4- Major 5- Catastrophic


Each score is categorised with a colour. The colour that your risk score comes out at translates into a

response to that risk as follows:

Risk outcome Response required

RED HIGH

Score of above 50 Take urgent action to manage the risk

AMBER MEDIUM/HIGH

Score 20-49 Take action to manage the risk

YELLOW MEDIUM/LOW

Score 5-19 Monitor this risk

GREEN LOW

Score 1-4 Tolerate this risk

2.4.4. The client risk assessment

Although your firm’s risk register will reflect your firm’s general risk profile and management policies

for mitigation of those risks, you can assess individual clients by comparing their characteristics and

transactions with those listed in the risk register. This will promote consistency of treatment of clients

throughout your client base. You will need to assess individual clients and record such assessment

but this does not have to be very detailed or difficult. The adaptation or mirroring of a single row from

the risk register is likely to be adequate for those who pose one of these risks, or a simpler adaptation

for those of lower or normal risk.


Table 1

Practice - client business profile

Date of review:

Individuals Sole-traders Partnerships Limited companies Other

% of client base

Number with 64/8 agent authority

Number of client relationships less than two years old

How are clients introduced into the business?

% introduction by: recommendation

% introduction by: advertising

% introduction by: passing trade

% introduction by: other sources

Total

Additional client profile information

Number of remote/non-face to face clients (if any)

Number of PEPs as clients (if any)

Any clients outside normal profiles?

Number of clients with significant cash businesses?


Table 2

Practice - client services profile

Date of review:

Number of clients Individuals Sole-traders Partnerships Limited companies Other

Bookkeeping services

Accounts production

Management accounting

Payroll services

VAT advice and return services

WFTC and other benefit applications

Company secretarial

SA/CT etc. tax return completion

CGT, IHT and other taxation planning and/or consultancy

Other works


Table 3

Risk: that your client is not who they say they are

Risk indicator Characteristics Initial risk Your policies and procedures Resultant risk

Customer Identification in general regarding ID theft or impersonation

The customer must provide proof of identity when conducting a one off transaction of €15,000 or more or in a series of linked transactions or when establishing a business relationship.

Medium/ High

CCAB guidance states that for risk mitigation purposes, customers wishing to use accounting and tax services should prove their identity before a transaction can be completed even when the value of the transaction is lower than the threshold, there is a high expectation of an element of duration with the client.

ID and verification procedures must also be made when the customer becomes a regular customer therefore wishes to establish a business relationship.

Medium/ Low

New client refusal to provide evidence of identity

Client may refuse to provide any evidence of identity; this may give rise to an opportunity of ID theft or impersonation.

High

If the customer cannot produce or fulfil the appropriate identity procedures, the transaction must not be completed. Inform the client of the importance of the CDD process and the requirement of law for this to be undertaken.

If continued refusal consider if suspicion indicators merits a note or report to the MLRO.

Low

New client is unable to provide normal evidence of identity

Age may be a factor, possibly too young for verification documents or no longer requires them for example, maybe no passport or driving licence or client could be new to an area so not as yet obtaining a utility bill.

Medium/ High

Verification of ID can be by ‘document, data or information’. Consider alternative verification documents or method for example, an electronic search, television licence etc.

Medium/ Low

New client has not been met face to face before commencement

Lifestyle choices have many people now working away from home, on shift patterns, or on contract in or for medical reasons. Additionally, in the increasingly internet age firms are sourcing new business online.

High

Obtain medical evidence as extra evidence for verification purposes, such as confirmation from GP or known related person.

Obtain evidence of the business interests, arrange to visit the business premises.

Try to arrange a future face to face meeting.

Carry out firms enhanced CDD management policies.

Arrange a meeting via videoconferencing, such as Skype.

Medium/ Low


Table 4

Risk: your client’s source(s) of funds are the proceeds of crime and/or might be used to fund terrorism


Customer whose business handles large amounts of cash routinely

Cash based or those businesses have handle large volumes of cash can used to disguise source of funds or to simply evade tax by under declaration of income.

High

Effective risk-based customer due diligence measures based upon the increased risks in relation to large or frequent cash transactions in line with general policies on customer due diligence.

Understanding of the clients business and the nature of transactions undertaken, aiding understanding of the source of funds and expected gross margins from the type of business.

Medium/ High

Unusual cash transactions

Unusually cash transactions or transfers using intermediaries or regular smaller transactions just below a £5,000 limit so as to avoid MLR procedures in regulated firms elsewhere.

High

Effective risk-based customer due diligence measures based upon the increased risks in relation to large or frequent cash transactions in line with general policies on customer due diligence.

Understanding of the clients business and the nature of transactions undertaken, aiding understanding of how unusual transactions can arise.

Medium/ High

Acting for acquaintances, relatives and friends

Possible compromise of objectivity and an unwillingness to enquire or report suspicious activity.

Medium/ Low

Focus on maintaining objectivity of the firm. Where possible ensure where there may be a possible conflict that works are supervised by an independent member of staff.

Low

Client account transactions

Request from client for receipt or payment of monies into the clients account that is not in connection with your services.

High Management policy of only accepting funds arising from

transactions connected to the firms services. Alert management/ MLRO of any such requests.

Low

Clients with complex business ownership and control structures which may conceal underlying beneficiaries

Nominees may be being used or registered office or service addresses serving no economic purpose.

Share classes and structures may disguise true control.

High

Effective risk-based customer due diligence measures based upon the increased risks of complex ownership and control structures with general policies on customer due diligence.

Possible searches of the company registry for information such as latest annual return, appointments or statement of capital and persons with a controlling interest.

Ensuring the identity of beneficial owners is verified according to the risk assessed.

Medium/ Low


Table 4 continued

Risk: your client’s source(s) of funds are the proceeds of crime and/or might be used to fund terrorism


Clients who are PEPs

Prominent public positions can create a risk of exposure to bribery and corruption.

Circumstances such as location, nationality, passport type (diplomatic) or large cash transactions may indicate PEP status.

High

Carry out enhanced CDD management policies, ensure enhanced ongoing monitoring of where necessary establish the source and/ or destination of funds.

Obtain senior management approval before commencement.

Medium/High


Table 5

Risk: you are delivering services beyond your understanding of the client’s circumstances


Customer whose business is based in, or conducts business and cash transactions through, a higher risk jurisdiction of corruption or organised crime

Currency smugglers will look to move products into countries with no exchange control and lax AML legislation.

Transactions linked to customers connected with countries that are known to have lax AML controls may lead to bribery or be used to disguise true source.

High

Monitor business outlets and/or customer transactions based in geographical areas with a significant risk of money laundering or terrorist financing activity.

Enhanced risk assessments will include the OECD report for tax standards and HM Treasury Consolidated List of Financial of Financial Sanctions Targets.

Enhanced ongoing monitoring, establish where possible the source of funds.

Medium/ Low

Customer whose business is based in, or has nominees or beneficial owners in jurisdictions known as ‘off shore tax havens’

Possible use for ‘off shore’ tax avoidance schemes or tax evasion.

Use of nominees to disguise true beneficial owners.

High

Effective risk-based customer due diligence measures based upon the increased risks of complex ownership and control structures with general policies on customer due diligence.

Possible searches of the company registry for information such as latest annual return, appointments or statement of capital. Ensuring the identity of beneficial owners is verified according to the risk assessed.

Enhanced risk assessments will include the OECD report for tax standards.

High

Clients who are not local to the business

Can be advantageous since local knowledge of the client and his business may be minimal.

Medium/ High

Establish the source of introduction of the client to the business.

Medium/ Low

Clients whose business model creates situations where the source of funds cannot be easily verified

Examples such as second hand cars, house clearance etc. generates cash from hard to verify sources.

The buying and selling of goods through the internet or mail order.

Medium/ High

Understanding of the clients business and the nature of transactions he undertakes, aiding understanding of the source of funds and expected gross margins from the type of business.

Medium/ Low


Table 5 continued

Risk: you are delivering services beyond your understanding of the client’s circumstances


Incomplete records

Figures do not reconcile and incomplete records not allowing the full picture to be seen.

High

Ascertain the reason for the missing records. Persuade the client to regularise or improve the quality of record keeping, possibly employ the services of a bookkeeper. Remind the client of his responsibility to keep full records.

Medium/ Low


Table 6

Risk: changes in client behaviour masks criminality


Complex, unusual patterns of transactions or uncharacteristic transactions

Unusual transactions not consistent or in keeping the clients known business or personal activities.

High

Understanding of the clients business and the nature of transactions undertaken, aiding understanding of how unusual transactions can arise.

Where necessary enquire after the client about the nature or the transaction(s), to gain understanding.

Low

A sudden increase in business turnover from an existing client

Large increase in the turnover of a business or income may be used to disguise source.

Medium/ High

Understanding of the clients business and the nature of transactions undertaken, aiding understanding of how an increase in transactions can arise.

Where necessary enquire after the client about the nature or the transaction(s), to gain understanding of the growth of his business and where necessary enquire as to the source of the growth.

Low

A sudden appearance of significant personal assets for a taxation client

Such as cash balances at a bank, interest or dividends being declared on previously unknown sources outside of the clients normal profile.

High

Where necessary enquire after the client about the nature and source of the initial investment to establish consistency with the client’s circumstances.

If explanation is not plausible consider making a suspicious activity report.

Medium/ Low

Cash introduced into business

Cash balances introduced into the business bank or cash account or cash purchases made against insufficient cash balance. May indicate under declaration of cash income or cash from illegitimate sources.

High

Enquire after the client over the source of the cash, establish the plausibility of explanation.

Where explanation down to poor or incomplete record keeping persuade the client to regularise or improve the quality of record keeping, possibly employ the services of a bookkeeper. Remind the client of his responsibility to keep full records.

If explanation is not plausible consider making a suspicious activity report.

Medium/ Low


Table 6 continued

Risk: changes in client behaviour masks criminality


Payroll - ghost employees

Non-payment of tax and NI or creating of employees for bogus expense for deduction from illegitimate income sources. Usually perpetrated by employer, difficult to detect. Possible duplication of recipient bank details.

Medium/ High

Be aware of possible exploitation.

Obtain P45 or signed P46 for all employees Low

Payroll – known employees not paid through PAYE scheme

Possible ‘cash in hand’ which results in non-payment of tax and NI.

Possible secondary employment of employee escaping tax and NI.

Medium/ High

Be aware of possible exploitation.

Enquire of client of the PAYE scheme and as to the clients understanding of its operation.

Persuade to formalise where necessary.

Obtain P45 or signed P46 for all employees.

Low


3.1. Introduction

The purpose of CDD is to ensure that you know who your client is (including anyone who might hold a

controlling interest, but not be obvious as your client), and can trust that they are using your services

for legitimate reasons.

As you will have read in the risk assessment section, you should take a risk-based approach to focus

resources on higher risk areas. You must assess the risks facing your firm as discussed in section 2

before you can gauge the appropriate level of CDD to apply.

CDD measures must be carried out:

when establishing a business relationship

when carrying out an occasional transaction

where there is a suspicion of money laundering or terrorist financing

where there are doubts concerning the veracity of previous identification information.

You must apply CDD measures to all clients, both at the start of an engagement and then on an

ongoing basis.

When establishing a business relationship, you must:

identify and verify the client’s identity using documents, data or information from reliable and

independent sources

identify the beneficial owner of the client (where applicable), including understanding the

ownership and control structure of the client and verifying, according to risk, the identity of the

beneficial owner(s)

obtain information on the purpose and intended nature of the business relationship.

Best practice would indicate that verification is completed before a transaction is completed.

During a business relationship, you must monitor client activity on an ongoing basis. This includes

scrutiny of transactions, identifying the source of funds and other elements of knowledge collected in

the course of your engagement, to ensure the new information is consistent with your understanding of

the client. It is important that you document consideration of this as evidence of your ongoing

monitoring. In our experience, firms are found not to be compliant with their obligations.

Businesses can use a variety of tools and methods to conduct customer due diligence; the onus is on

them to satisfy themselves and to be able to demonstrate to their supervisory body the

appropriateness of their approach.

3. Client due diligence procedures


3.2. The account opening procedures

As a regulated firm it is important that you establish set procedures which include an appropriate level

of due diligence required for account opening and ongoing monitoring requirements.

In simple stepped terms the client account opening and monitoring procedures will encompass:

mandatory risk assessment

identity and verification

identifying beneficial owners

nature and purpose of the business relationship

know your client (KYC) and know their business (KTB)

letter of engagement

ongoing monitoring.

Other areas and circumstance that may cause more complex policies to be drawn are:

customer not being present

timing of verification

politically exposed persons

prohibited relationships

reliance on third parties

non-compliance.

3.3. The identity of a customer/client

Identity is a core control of financial systems being a legal and regulatory requirement and at the heart

of internationally recognised Anti Money Laundering control. Therefore, establishing the identity of

those you want to do business with is an apparently simple process but which has to be applied in a

complex context.

In reality, it means establishing that your customer for business, both personal and non-personal, is

that particular person or entity they claim to be. This is different from the KYC checks which are the

process of obtaining further information from a particular customer, such as information regarding his

business or financial arrangements.

The process of establishing someone’s identity is a case of how it is done rather than should it be

done. This is not unique to the regulated sector but is a part of all aspects of modern society helping

to prevent fraud and crime in many different circumstances, from obtaining credit from retailers or

mobile phone operators to obtaining proof to protect against underage drinking and gambling. In ever

more increasing numbers new clients may come from a non-face to face basis, such as telephone, or

internet enquiries.

Your client understanding the need to establish identity is crucial, and they should appreciate that it is

in their best interests and is not an unnecessary or burdensome imposition. Therefore your identity

and verification procedures need to be appropriate and proportionate and as customer friendly as

possible.

Your firm’s procedures and subsequent staff training need to be designed to achieve this outcome.

Remember, there may be times when, as a part of on-going monitoring requirements, you may seek

to re-verify the client. To achieve this means you need to have effective communication with your

client of the reasoning why establishing identity is important and what it normally involves. Many

clients are now well versed in the needs for establishing identity.


With the above in mind, establishing a client’s identity needs to be done:

competently – by applying the firm’s set procedures

thoughtfully - for example, checking the client does not differ vastly from a photograph in an

identity document

accurately – for example, ensuring addresses and dates of birth are recorded correctly

usefully – by ensuring photocopies are legible.

In developing your risk-based policies to the management of establishing identity, the following

considerations apply:

the law requires your firm to obtain satisfactory evidence of identity in certain circumstances,

but the regulations do not stipulate the detail of what this involves

the regulations allow the use of documents, data or information obtained from a reliable and

independent source

therefore ‘satisfactory evidence’ is any reliable and independent evidence which is reasonably

capable of establishing that the applicant is who he claims to be, not just paper based

the law sets a minimum standard which can be used for lower risk or normal risk clients

extended scope is required where circumstances indicate a higher risk of money laundering,

there is no maximum standard

the onus under the law is for the firm to be satisfied as to the identity of the client

the firm must be able to demonstrate satisfactory evidence of identity to his supervisory

authority and that the extent is appropriate in view of the risk s ascertained.

3.4. Beneficial owners

The MLR set out in some detail the meaning of ‘beneficial owner’ in terms of bodies corporate,

partnerships, trusts and other legal entities/arrangements as well as special provisions regarding

estates of deceased persons and a catch all provision that, where not otherwise specified, the

beneficial owner is the person who ultimately owns or controls the client on whose behalf a

transaction is being conducted. The provisions regarding beneficial ownership are set out in

Regulation 6 MLR and are extracted from the CCAB guidance notes summarised below:

Bodies corporate – beneficial owner means any individual who, in respect of anybody other

than a company whose securities are listed on a regulated investment market, owns or

controls, directly or indirectly including through bearer share holdings, more than 25% of the

shares or voting rights in the body or who otherwise exercises control over the management

of the body.

Partnerships (other than limited liability partnerships established under the Limited Liability

Partnerships Act 2000) - beneficial owner means any individual who ultimately is entitled to or

controls (directly or indirectly) more than 25% of the capital or profits of the partnership or

more than 25% of the voting rights in the partnership or who otherwise exercises control over

the management of the partnership.

Trusts - beneficial owner means any individual who is entitled to a specified interest in at

least 25% of the capital of the trust property, or where a trust is not set up entirely for the

benefit of persons with a specified interest, the class of persons in whose main interest the

trust is set up or operates or any individual who has control (a trust controller) over the trust.

Where a class of persons is identified, it is not a requirement for all members of that class to

be identified.


Other entities and arrangements (meaning an entity or arrangement which administers and

distributes funds) – where the individuals who benefit from the entity or arrangement have

been determined, beneficial owner means any individual who benefits from at least 25% of

the property of the entity or arrangements. Where those benefiting have yet to be determined,

beneficial owner means the class of persons in whose main interest the entity or arrangement

is set up or operates or an individual who exercises control over at least 25% of the property

of the entity or arrangement. Where a class of persons is identified, it is not a requirement for all

members of that class to be identified. Note that where an individual is the beneficial owner of a

body corporate which benefits from, or exercises control over, the property of an entity or

arrangement, the individual is to be regarded as having that benefit or control and so is classed

as the beneficial owner.

Estates of deceased persons – the beneficial owner is considered to be the executor or

administrator of the estate (full detail is shown in Regulation 6(8)).

The focus on identifying and, where appropriate, verifying the identity of beneficial owners is not only

an important element of the required customer due diligence information, but is also an important

factor in an effective risk-based approach to client acceptance. Businesses will need to be diligent in

their enquiries in this field, taking into account that information may sometimes not be readily available

from public record sources. This will necessitate a flexible approach to information gathering which

will often involve direct enquiry of clients and their other advisers and professional service providers

as well as undertaking public record searches in the UK and overseas.

3.5. Nature and purpose of the intended business relationship

A firm must understand the purpose and intended nature of the business relationship or transaction.

In most instances, for the accountant, this will be self-evident, but in a few cases, the firm may have to

obtain information in this regard.

3.6. Know Your Client (KYC) Information

In all cases, even where clients qualify for simplified due diligence under the terms of the MLR, or

where they are considered low risk for other reasons, to assist in effective ongoing monitoring,

businesses should gather knowledge about the client to allow understanding of:

who the client is

who owns (including ultimate beneficial owners)

who controls it

the purpose and intended nature of the business relationship

the nature of the client

the client’s source of funds

the client’s business and economic purpose.

The above points are a part of the ‘know your client’ information or KYC. Good KYC information may

be used where the accumulation of the knowledge may be sufficient to prove the identity of a client

without requiring some of the additional documents, data or information under the enhanced due

diligence procedures. The length of time the client has been known and depth of knowledge of his

circumstances are good elements under KYC helping to reduce risk to one that is normal or lower.


In practice the following questions would be suitable when aligned to the full JMLSG guidance on a

client’s identity and an individual’s electronic footprint.

1. Your full name? (forename, middle, surname and title)

2. Your current address?

3. How long have you lived there?

4. What is your previous address? (if under 12 months)

5. Date of birth?

6. Marital status? For example, married, divorced, widowed.

7. Dependants including children and their ages?

8. National Insurance Number?

9. Inland Revenue UTR number?

10. The nature of the business relationship? For example, accounts and/or tax return completion,

advice on business start-up etc.

11. The nature, type and geographical locations of the clients business and its interests?

12. Previous/current employments or business interests?

13. Is the client or has the client been a director or secretary of a company now or any time in the

past six years?

14. Nature of any investments such as shares, bank savings accounts etc. and the source of the

funds?

15. Details of any assets held which may give a rise to capital gains in the future and the source of

the funds?

16. Have you ever been under HMRC enquiry and what was the outcome?

The above questions should be standard and are reasonably required for tax return completion. The

following are harder to ask and can be sourced by other electronic means:

1. Has the individual been subject to bankruptcy proceedings, an individual voluntary arrangement

or county court judgements?

2. Has the individual been disqualified as a director?

3. Contact with FCA regulated firms such as banks, building society’s etc.

3.7. Politically exposed persons (PEPs)

In the MLR we are specifically required on a risk sensitive basis to find out if we have a PEP as a

potential client. Our guidance notes also require us on a risk sensitive basis to ensure we are not

dealing with firms or individuals on the Bank of England Sanctions listings.

The question is how do we, the small firm, know if we even have a PEP or somebody on a sanctions

list?

What is a PEP?

The following definition is taken directly from the Third EU Directive and is transposed directly into the

UK MLR:

“Politically exposed persons” means natural persons ‘…who is or has, at any time in the preceding

year been entrusted with a prominent public function by a state other than the United Kingdom, a

community institution or an international body’ or a family member or known close associate of such a

person.’

It is not just the person but also spouses, children and their spouses, their parents, people in a

relationship with and business partners of that person who are listed. Whereas the Regulations

exclude the UK, you should consider whether to include UK (domestic) PEPs in your firm’s definition.


Under the MLR, clients who are politically exposed persons must always be subject to enhanced due

diligence measures including enhanced ongoing monitoring.

Individuals who have, or have had, a high political profile, or hold, or have held, public office, can pose

a higher money laundering risk to firms as their position makes them vulnerable to corruption. This risk

also extends to members of their immediate families and to known close associates. PEP status itself

does not, of course, incriminate individuals or entities. It may, however, put a customer into a higher

risk category.

Although under the definition of a PEP an individual ceases to be so regarded after he has left office

for one year, firms are encouraged to apply a risk-based approach in determining whether they should

cease carrying out appropriate enhanced monitoring of his transactions or activity at the end of this

period. In many cases, a longer period might be appropriate, in order to ensure that the higher risks

associated with the individual’s previous position have adequately abated.

Public functions exercised at levels lower than national should normally not be considered prominent.

However, when their political exposure is comparable to that of similar positions at national level, firms

should consider, on a risk-based approach, whether persons exercising those public functions should

be considered as PEPs. Prominent public functions include:

heads of state, heads of government, ministers and deputy or assistant ministers

members of parliaments

members of supreme courts, of constitutional courts or of other high-level judicial bodies

whose decisions are not generally subject to further appeal, except in exceptional

circumstances

members of courts of auditors or of the boards of central banks

ambassadors, charges d’affaires and high-ranking officers in the armed forces; and

(other than in respect of relevant positions at community and international level)

members of the administrative, management or supervisory boards of state-owned

enterprises.

Persons known to be close associates include:

any individual who is known to have joint beneficial ownership of a legal entity or legal

arrangement, or any other close business relations, with a person who is a PEP

any individual who has sole beneficial ownership of a legal entity or legal arrangement which

is known to have been set up for the benefit of a person who is a PEP. For the purpose of

deciding whether a person is a known close associate of a PEP, the firm must have regard to

any information which is in its possession, or which is publicly known. Having to obtain

knowledge of such a relationship does not presuppose an active research by the firm.

Firms are required, on a risk-sensitive basis, to:

have appropriate risk-based procedures to determine whether a customer is a PEP

obtain appropriate senior management approval for establishing a business relationship with

such a customer

take adequate measures to establish the source of wealth and source of funds which are

involved in the business relationship or occasional transaction

conduct enhanced ongoing monitoring of the business relationship.


The nature and scope of a particular firm’s business will generally determine whether the existence of

PEPs in their customer base is an issue for the firm, and whether or not the firm needs to screen all

customers for this purpose. In the context of this risk analysis, it would be appropriate if the firm’s

resources were focused in particular on products and transactions that are characterised by a high risk

of money laundering.

3.8. Prohibited relationships

The MLR set out circumstances which constitute prohibited relationships. In Regulation 16,

correspondent banking relationships with shell banks, or a bank known to permit use of its accounts by

a shell bank are prohibited. In addition, setting up of anonymous accounts in the UK is prohibited, and

customer due diligence must be applied to any existing accounts continuing in existence after 15

December 2007 before such an account is used.

All businesses must pay special attention to services or, where relevant, products or transactions that

might allow anonymity and take measures to prevent their use in money laundering or terrorist activity.

Businesses must include any such product or transaction within those requiring enhanced due

diligence.

In addition, businesses must comply with any prohibition issued by HM Treasury in respect of any

person, or State to which the Financial Action Task Force has decided to apply counter-measures.

Directions may be given not to enter into business relationships, carry out occasional transactions or

proceed with any such arrangements already in progress.

The obligations under the UK financial sanctions regime apply to all firms, and not just to banks. The

Consolidated List is the definitive list as regards the obligations under UK law. Depending on the

geographical area in which firms, or their customers, do business, however, firms need to be aware of

the scope and focus of relevant financial sanctions regimes. All the names that firms operating in the

UK legally have to know about are on the HM Treasury’s financial sanctions list. All firms to whom this

guidance applies, therefore, whether or not they are FCA-regulated or subject to the ML Regulations,

will need either:

for manual checking: to register with the HM Treasury update service (directly or via a third

party, such as a trade association)

if checking is automated: to ensure that relevant software includes checks against the

relevant list and that this list is up to date.

In simpler terms, those clients and/or services we deem to be of a higher risk, along with PEPs and

remote clients will require more detailed research.

3.9. Reliance on third parties

Businesses may rely on third parties, subject to the third parties’ consent, to complete all or part of

customer due diligence as set out below but they should be cautious in relying on third parties as they

will remain liable for any failure to comply notwithstanding their reliance on a third party (Regulation 17

of MLR). Businesses should consider requiring copies of relevant information and documentation from

the third parties, in order that they may satisfy themselves the information is sufficient.


The persons that may be relied upon are:

3.9.1. In the UK

A credit or financial institution which is authorised by the FCA.

An auditor, insolvency practitioner, external accountant, tax advisor or independent legal

professional who is supervised for the purposes of the MLR by one of the following

professional bodies:

- Association of Chartered Certified Accountants

- Council for Licensed Conveyancers

- Faculty of Advocates

- General Council of the Bar

- General Council of the Bar of Northern Ireland

- Institute of Chartered Accountants in England and Wales

- Institute of Chartered Accountants in Ireland

- Institute of Chartered Accountants of Scotland

- Law Society

- Law Society of Scotland

- Law Society of Northern Ireland.

3.9.2. In EEA states

A credit or financial institution, auditor, insolvency practitioner, external accountant, tax advisor

or independent legal professional who is:

- subject to mandatory professional registration recognised by law

- supervised for compliance with the requirements of the third money laundering directive.

3.9.3. In a non-EEA state

A credit or financial institution (or equivalent institution), auditor, insolvency practitioner,

external accountant, tax advisor or independent legal professional who is:

- subject to mandatory professional registration recognised by law

- subject to requirements equivalent to those laid down in the money laundering directive

- supervised for compliance in a manner equivalent to the standards set out in section 2 of

chapter V of the third money laundering directive.

Before reliance may be placed on one of those specified above, the other individual or business must

agree to reliance being placed. If consent is obtained, the individual or business consenting to the

reliance must take great care to ensure they have adequate systems in place both to respond to the

request and to keep proper records.

An individual or business consenting to be relied upon must, if requested, make available to the

person relying as soon as is reasonably practicable:

any information obtained about the client (and any beneficial owner) when applying customer

due diligence measures

copies of any identification and verification data and other documents on the identity of the

client (and any beneficial owner) obtained when applying customer due diligence measures.


Before placing reliance, an individual or business seeking to rely must take steps to ensure the person

being relied upon will provide the required information. Any individual or business consenting to be

relied upon must ensure the records of customer due diligence which become the subject of reliance

are retained for five years from the date on which reliance commences.

Failure to comply with the requirements in relation to reliance in respect of responding to requests for

information, having been relied upon, relying upon a person without having ensured they will provide

the information required on request or failing to keep the records required after reliance has been

allowed are all criminal offences as set out in Regulation 45 MLR.

Whilst reliance may be a useful and efficient feature of a customer due diligence system between

parties who are able to build a relationship of trust, it should not be entered into lightly. Individuals and

businesses need to consider carefully whether they wish to be relied upon and before so consenting

ensure:

their client (and any other third party whose information would be disclosed) has no objection

to their information being passed to the person seeking reliance

that they have in place the necessary record-keeping systems.

3.10. Subcontractors

Subcontractors providing accountancy services may in certain circumstances be exempt from

registering for supervision for compliance with the MLR and may rely on their clients CDD procedures

where:

Their customers are solely accountancy service providers that are supervised by HMRC or other

professional body listed in schedule 3, part 1 of the MLR (see paragraph 3.9.1 above), providing:

they do not contract directly with the customer of the supervised firm (end client)

they are included within the scope of the AML procedures of the supervised firm(s), including

suspicion reporting procedures and appropriate training; and

both businesses provide evidence in the form of a written contract to confirm that the

arrangement covers compliance with all the AML requirements in respect of the entire

customer relationship.


3.11. Documentary evidence used as verification of identity

The purpose of verification of identity is to confirm and prove the information collected in so far as it

relates to the identity of the client. Recourse to documents from independent sources is important. The

amount of reliance that can be placed upon, and thus the strength of, particular forms of evidence can

vary.

The following are illustrative of the differing of strengths of various forms of documentary evidence

starting with the highest:

documents issued by a government department or agency or a court

documents issued by other public sector bodies or local authorities

documents issued by businesses regulated by the Financial Conduct Authority or overseas

equivalent

documents issued by professionals regulated for Anti Money Laundering purposes by the

bodies listed in Schedule 3 of the MLR or overseas equivalents

documents issued by other bodies.

In the case of individuals, documents from highly rated sources that contain photo identification as well

as written details, such as passport and photo card driving licence, are a particularly strong source of

verification of identity.

Care should be taken as regard Director Details filed at Companies House; their policy is one of

‘documents in good faith’ therefore no checks are done on the details of names and addresses

supplied, other than registered office. There are many instances of incorrect, out of date,

accommodation and fraudulent addresses being filed.

The section ‘documents issued by other bodies’, includes items such as utilities bills. This section is

more about documents upon request, where no formal checks are done as to regard the identity of the

person paying the bill. Best practice would indicate accepting, instead of utility bills, where possible

documents issued by FCA regulated firms such as bank and credit card statements, mortgage account

details etc. These firms have robust Anti Money Laundering systems so greater confidence can be

given as to the identity of clients from these documents.


Therefore sources for documentary evidence can be categorised as follows:

List 1: Evidence of identity

1. Acceptable photo identity

Valid passport.

Valid photo card driving licence (full or provisional).

National identity card (non-UK nationals issued by EEA member states and Switzerland).

Firearms certificate or shotgun licence.

Identity card issued by the Electoral Office for Northern Ireland.

2. Acceptable non-photo evidence of identity

Documents issued by a government department, incorporating the person’s name and residential

address or their date of birth. For example:

a current UK full driving licence old version (not provisional licences)

television licence

evidence of entitlement to a state or local authority funded benefit (including housing benefit

and council tax benefit), tax credit, pension, educational or other grant

documents issued by HMRC, such as PAYE coding notices and statements of account (NB:

employer issued documents such as P60s are not acceptable)

end of year tax deduction certificates.

List 2: Evidence of address or date of birth

Instrument of a court appointment (such as a grant of probate, bankruptcy).

Current council tax demand letter or statement.

Current (within the last three months) bank statements, or credit/debit card statements issued

by a regulated financial sector firm in the UK, EU or JMSLG equivalent jurisdiction (but not

those printed off the internet).

A file note of a visit by a member of the firm to the address concerned (“home visit”).

An electoral register search showing residence in the current or most recent electoral year.

A recent (last available) utility bill (gas, water, electricity, telephone – not mobile ‘phone bills);

it must be a bill or statement of account (not correspondence).

Valid photo card driving licence (full or provisional).

A current UK full driving licence old version (not provisional licences).

Evidence of entitlement to a state or local authority funded benefit (including housing benefit

and council tax benefit), tax credit, pension, educational or other grant.

Documents issued by HMRC, such as PAYE coding notices and statements of account (NB:

employer issued documents such as P60s are not acceptable).

A firearms/shotgun certificate.

A solicitor’s letter confirming recent house purchase or land registry confirmation (you must

also verify the previous address.

There is no requirement under the regulations to keep copies of evidence obtained but best

practice would state that where possible photocopies should be taken. If this is not possible, such

as on a home visit then a note of the full details of the reference number of the document should

be taken for filing as part of the account opening procedures. This is useful in the case of home

visits.


3.12. Electronic verification of identity

Historically, confirming a client’s identity relied upon the client producing documents such a passport,

bank statement, utility bill etc. This approach continues and is appropriate for some firms and clients

alike. However, the regulated sector as a whole is increasing the use of electronic verification, which

means confirming identity, either alone or in tandem with documentary evidence, via third party

providers who mainly draw upon the information of a credit reference agency.

Electronic verification does not make the verification process necessarily more robust but it has many

advantages.

it represents a straightforward way of accessing several corroborative sources, such as

electoral roll, banking and credit information etc. form multiple data sets

clients do not need to provide documents unless the firm deems it necessary

record keeping is easier and cheaper

it reduces the need for the customer to send important information by post or have the

inconvenience of having to make a specific journey to your premises for verification purposes

for the firm and the client it can be cheaper than obtaining paper documents

electronic searches can be delivered within the broader context of other related checks such

as PEPs and sanctions searches.

There are now a number of subscription services that give access to databases of information on

identity. Many of these services can be accessed on-line and are often used by businesses to replace

or supplement paper verification checks.

The increased benefit of an electronically searched report is that it encompasses those elements of a

client’s electronic identity footprint across ‘time’. It not only performs the identity verification, it aids

with the risk assessment and bolsters your information for KYC.

Nature of electronic checks

For an electronic check to provide satisfactory evidence of identity on its own, it must use data from

multiple sources collected over a period of time, or incorporate checks that assess the strength of the

information supplied. An electronic check that accesses data from a single source (for example, a

single check against the electoral roll) is not enough on its own to provide satisfactory evidence of

identity.

A number of commercial agencies which access many data sources are accessible on line to

businesses and can provide a comprehensive level of verification. Such agencies use databases of

both positive and negative information, and many also access data sources that can identify high-risk

conditions, for example, known identity frauds or inclusion on a sanctions list.


Criteria for use of an electronic provider

Before using a commercial agency for electronic verification, businesses should be satisfied that

information supplied by the data provider is sufficiently extensive, reliable and accurate. This

judgement may be assisted by considering whether the provider meets all the following criteria:

it is recognised through registration with the Information Commissioners Office to store

personal data

it uses a range of positive information sources that can be called upon to link the customer to

both current and previous circumstances

it accesses negative information sources such as databases relating to identity fraud and

deceased persons

it accesses a wide range of alert data sources

it has transparent processes that enable the firm to know what checks were carried out, what

the results of these checks were, and what they mean in terms of how much certainty they

give as to the identity of the subject.

In addition, a commercial agency should have processes that allow the enquirer to capture and store

the information they used to check and verify an identity.

3.13. Customer not present

Regulation 14 (2) MLR requires that where the customer has not been physically present for

identification purposes, copy documents or electronic searches can be used, though specific and

adequate measures must be taken to compensate for the higher risk, for example by applying one or

more of the following measures for mitigation of identity theft or impersonation fraud.

3.14. Mitigation of impersonation risk

Where identity is verified electronically, or copy documents are used, a firm should apply an additional

verification check to manage the risk of impersonation fraud. The additional check may consist of

robust anti-fraud checks that the firm routinely undertakes as part of its existing procedures, or may

include:

requiring the first payment to be carried out through an account in the customer’s name with a

UK or EU regulated credit institution or one from an equivalent jurisdiction

verifying additional aspects of the customer’s identity, or of his electronic ‘footprint’

telephone contact with the customer prior to opening the account on a home or business

number which has been verified (electronically or otherwise), or a “welcome call” to the

customer before transactions are permitted, using it to verify additional aspects of personal

identity information that have been previously provided during the setting up of the account

communicating with the customer at an address that has been verified (such communication

may take the form of a direct mailing of account opening documentation to him, which, in full

or in part, might be required to be returned completed or acknowledged without alteration)

internet sign-on following verification procedures where the customer uses security codes,

tokens, and/or other passwords which have been set up during account opening and provided

by mail (or secure delivery) to the named individual at an independently verified address

other card or account activation procedures

requiring copy documents to be certified by an appropriate person.


3.15. Verification of individuals

Individuals would include:

company directors including non-executive directors

company secretary

beneficial owners

major shareholders

members of LLPs

partners

trustees

self employed

sole traders

personal tax clients.

The basic criteria for establishing an individual’s identity is:

full name

date of birth

nationality

current residential address.

In the UK, the absence of a single official identity document has meant establishing the identity has

been a cumulative process; no single document is regarded as sufficient to verify a person’s identity

and the name and address should be verified separately. Utility bills being used are amongst the

easiest to forge, especially with the increase of electronic billing; therefore their value for establishing

identity has greatly diminished.

In addition, as society becomes more mobile, people change addresses more frequently, this also

diminishes the value of verification of addresses. The JMLSG now considers if you are relying upon

documents for verification, it is better to rely upon a single document, either a passport or a driving

licence, because 93% of the population will have one or the other. Both contain photographs and

dates of birth. For those who have neither or require a higher level of verification they can be replaced

or supplemented by electronic means.

The rules for verification can be simply defined in the following matrix:

The major question is - Has the client been met face to face or pose a higher risk of money

laundering?

If yes and is of a low or normal risk – obtain:

Documentary evidence

Proof of identity – photo identity, that is, passport/DL or National identity Card; or

Proof of identity – non-photographic identity and proof of address or date of birth.

Or electronic verification

Obtain an electronic verification report based on normal risk which has a minimum of two

corroborative pieces of evidence confirming identity, address and/or date of birth.


No and/or is of a higher risk

Obtain:

Documentary evidence

Proof of identity – photo identity and a minimum of one additional piece of evidence, which

may be an electronic search.

Proof of identity – non-photo identity, proof of address or date of birth plus: a minimum of one

additional piece of evidence, which may be an electronic search or a combination of search

and documents giving a minimum of three pieces of corroborative evidence.

Enquire of the client for circumstances that may indicate PEP status or undertake OFAC (The

Office of Foreign Assets Control) and PEP’s type data or electronic searches through search

engines and or subscription databases.

Or

Electronic verification

Obtain an electronic verification report based on the higher risk of a minimum of three pieces

of corroborative evidence and includes negative data set searches as standard, such as

PEPs and UK sanctions.

NB: A visit to the client’s home can act as information and would provide evidence proof of the clients

address.

3.16. Verification of sole trader or partnership businesses

Evidence should be taken as per individuals as per 3.15. For evidence of trading for further KYC

purposes the following corroborative checks can be undertaken:

visit to the business premises (if applicable)

examination and copy of a recent utility/general bill in the firms name

internet search for website and/or other information available such as trade bodies.

3.17. Verification of private companies, LLPs and limited partnerships

Has a representative been met face to face?

Yes and normal risk when acting for the officers/shareholders/members

Obtain:

a company search from a national companies registry (or equivalent information obtained

through a commercial provider of registry information); or

certified copies taken from original documents evidencing details of incorporation or

registration, registered office and list of directors and shareholders/members.

Officer/shareholders will be verified as per the standards for individuals.


No and/or higher risk, when not acting for the officers/shareholders/members

Obtain:

select individual(s) and entities that is/are capable of exercising significant influence over the

entity either as an appointed director or as a shadow director or equivalent - identify or verify

it/them according to whether a legal or natural person according to the risk assessed

select any shareholder/member in the entity holding more than 25% of the equity (rights to

income, capital or voting), or where no holding over 25%, the larger holdings and identify

it/them according to whether a legal or natural person

verify those identified in accordance to your risk assessed for the business applying the

standard of individual verification

if the identified entity is a further legal structure, repeat the steps above until the appropriate

ultimate beneficial owners have been identified and verified.

For evidence of trading for further KYC purposes the following corroborative checks can be

undertaken:

visit to the business premises (if applicable)

examination and copy of a recent utility/general bill in the firms name

internet search for website and/ or other information available.

3.18. Listed or regulated financial and credit institution entities

Obtain either a printout from the relevant regulator’s or exchange’s web site (and annotate), or obtain

direct written confirmation from the regulator or exchange, confirming the regulated or listed status of

the entity (ensure basic details of name, address, any membership or registration details, and any

disciplinary details where applicable are provided).

If the entity is a money service business, verify HMRC registered number for MLR compliance (obtain

certified copy of certificate, verify online or call HMRC National Advice Service on 0800 010 9000 Opt.

3.).

Additional verification steps are not generally considered necessary in such cases as these entities in

the UK qualify for application of simplified due diligence.

3.19. Government bodies

Obtain and annotate evidence to confirm the body’s:

main place of operation

the government or supra-national agency controlling it (government and supra-national

agency web sites are a useful source of information)

for housing associations, the printout must contain its registered number, registered company

number (where appropriate) and registered address.


Useful, trusted sites include:

UK Government information portal - http://www.direct.gov.uk/Homepage/fs/en

Housing Association Register - http://www.housingcorp.gov.uk

EU official site - http://www.europa.eu.int/

United Nations list of main bodies - http://www.un.org/aboutun/mainbodies.htm

USA government information portal -

http://www.firstgov.gov/Agencies/Federal/All_Agencies/index.shtml

Additional verification steps are not generally considered necessary in such cases as these entities in

the UK qualify for application of simplified due diligence.

3.20. Pension schemes

UK pension schemes can take a number of legal forms. Some may be companies limited by

guarantee; some may take the form of trusts; others may be unincorporated associations. Many

obtain HMRC approval in order to achieve tax-exempt status.

3.20.1. Obtain standard evidence

Where a pension scheme has HMRC approval, a firm’s identification and verification obligations may

be met by confirming the scheme’s approval.

In other cases, a pension scheme should be treated for AML/CTF purposes, and standard evidence

obtained, according to its legal form.

3.20.2. Signatories

For operational purposes, the firm is likely to have a list of those authorised to give instructions for the

movement of funds or assets, along with an appropriate instrument authorising one or more directors

(or equivalent) to give the firm such instructions. The identities of individual signatories need only be

verified on a risk-based approach.

3.20.3. Variation from the standard

The identity of the principal employer should be verified in accordance with the guidance given for

companies and the source of funding recorded to ensure that a complete audit trail exists if the

employer is wound up.

3.20.4. Payment of benefits

Any payment of benefits by, or on behalf of, the trustees of an occupational pension scheme will not

require verification of identity of the recipient. (The transaction will either not be relevant financial

business or will be within the scope of the exemption for policies of insurance in respect of

occupational pension schemes.)

Where individual members of an occupational pension scheme are to be given personal investment

advice, their identities must be verified. However, where the identity of the trustees and principal

employer have been satisfactorily verified (and the information is still current), it may be appropriate

for the employer to provide confirmation of identities of individual employees.

http://www.direct.gov.uk/Homepage/fs/en

http://www.housingcorp.gov.uk/

http://www.europa.eu.int/

http://www.un.org/aboutun/mainbodies.htm




3.21. Charities, church bodies and places of worship

Charities have their status because of their purposes, and can take a number of legal forms. Some

may be companies limited by guarantee; some may take the form of trusts; others may be

unincorporated associations.


Businesses should take appropriate steps to be reasonably satisfied that the person the firm is

dealing with is properly authorised by the customer.

3.21.2. Registered charities – England and Wales, and Scotland

The Charity Commission is required to hold a central register of charities in England and Wales and

allocates a registered number to each. The Office of the Scottish Charity Regulator carries out a

similar function for Scottish charities. When dealing with an application which includes the name of a

registered charity, the Charity Commission or the Office of the Scottish Charity Regulator can confirm

the registered number of the charity and the name and address of the regulator’s correspondent for

the charity concerned.

Details of all registered charities can be accessed on the Charity Commission website (www.charity-

commission.gov.uk), the Office of the Scottish Charity Regulator website (www.oscr.org.uk), or a

check can be made by telephone to the respective regulator’s enquiry line (see www.jmlsg.org.uk).

Firms should be aware that simply being registered is not in itself a guarantee of the bona fides of an

organisation, although it does indicate that it is subject to some ongoing regulation.

3.21.3. Charities in Northern Ireland

Applications from, or on behalf of, charities in Northern Ireland should be dealt with in accordance

with procedures for private companies, if they are limited by guarantee, and for clubs and societies

see the section for clubs and societies. Verification of the charitable status can normally be obtained

through HMRC.

3.21.4. Church bodies and places of worship - Registered Places of Worship Act 1855

Places of worship (other than the Church of England, which is a registered charity) are in general

exempted by law from registering as charities and may not therefore have a registered number.

Instead, they can apply for a certified building of worship from the General Register Office (GRO). For

tax purposes, however, they may notify HMRC of their charitable status; verification of their status

may therefore be obtained through HMRC. Their identity may be verified by reference to the GRO

certificate, or, where appropriate, through the headquarters or regional organisation of the

denomination, or religion.

3.21.5. Schools and colleges

Where an independent school or college is a registered charity, it should be treated in accordance

with the guidance for charities. Any such body which is not registered as a charity should be treated in

accordance with the guidance for private companies.



The identities of unregistered charities or church bodies, whether in the UK or elsewhere, cannot be

verified by reference to registers maintained by independent bodies. Applications from, or on behalf

of, unregistered charities should therefore be dealt with in accordance with the procedures for private

companies, for trusts, or for clubs and societies. Firms should take particular note of those paragraphs

addressing customers where the money laundering or terrorist financing risk is greater in relation to

particular customers, and if it should be followed in these circumstances.

In assessing the risks presented by different charities, a firm might need to make appropriate

distinction between those with a limited geographical remit, and those with unlimited geographical

scope, such as medical and emergency relief charities.

If they have a defined area of benefit, charities are only able to expend their funds within that defined

area. If this area is an overseas country or jurisdiction, the charity can quite properly be transferring

funds to that country or jurisdiction. It would be less clear why the organisation should be transferring

funds to a third country (which may, within the general context of the firm’s risk assessment have a

lower profile) and this would therefore be unusual. Such activity would lead to the charity being

regarded as higher risk.

Non-profit organisations have been known to be abused, to divert funds to terrorist financing and

other criminal activities. FATF published a paper ‘Combating the abuse of non-profit organisations.

International Best Practices’ in October 2002 (available at www.fatf-gafi.org), in support of Special

Recommendation VIII. In November 2005, the European Commission adopted a Recommendation to

member states containing a Framework for a code of conduct for non-profit organisations. The

Recommendation is available at www.jmlsg.org.uk

3.22. Other trusts, foundations and similar entities

There is a wide variety of trusts, ranging from large, nationally and internationally active organisations

subject to a high degree of public interest and quasi-accountability, through trusts set up under

testamentary arrangements, to small, local trusts funded by small, individual donations from local

communities, serving local needs. It is important, in putting proportionate AML/CTF processes into

place, and in carrying out their risk assessments, that firms take account of the different money

laundering or terrorist financing risks that trusts of different sizes, areas of activity and nature of

business being conducted, present.

Most trusts are not separate legal entities but should nevertheless be regarded as the customer for

AML/CTF purposes, and should be identified as described in the following paragraphs. The trustees

fall within the definition of ‘controllers’ under the ML Regulations.


In respect of trusts, the firm should obtain the following information:

full name of the trust

nature and purpose of the trust (for example, discretionary, testamentary, bare)

country of establishment

names of all trustees

names of any beneficial owners

name and address of any protector or controller.


The identity of the trust must be verified using reliable and independent documents, data or

information. This may require sight of relevant extracts from the trust deed. The firm must take

measures to understand the ownership and control structure of the customer.

3.22.2. Beneficial owners and controllers

The firm must take adequate and risk-based measures to verify the identities of beneficial owners so

that the firm is satisfied that it knows who they are. In the case of trusts, the ML Regulations include

persons having control over the trust within the definition of a beneficial owner.

The firm should verify the identities of the trustees (or equivalent) as controllers. Full customer

verification measures should be undertaken in respect of those who have authority to operate an

account or to give the firm instructions concerning the use or transfer of funds or assets. The identity

of other trustees must be verified, but the extent and manner of verification should be risk-based.

Where a trustee is itself a regulated entity (or a nominee company owned and controlled by a

regulated entity), or a company listed on a regulated market, or other type of entity, the identification

and verification procedures that should be carried out should reflect the standard approach for such

an entity.

Firms should take appropriate steps to be reasonably satisfied that the person the firm is dealing with

is properly authorised by the customer. Some consideration should be given as to whether documents

relied upon are forged. In addition, if they are in a foreign language, appropriate steps should be

taken to be reasonably satisfied that the documents in fact provide evidence of the customer’s

identity.


For situations presenting a lower money laundering or terrorist financing risk, the standard evidence

will be sufficient. However, less transparent and more complex structures, with numerous layers, may

pose a higher money laundering or terrorist financing risk. Also, some trusts established in

jurisdictions with favourable tax regimes have in the past been associated with tax evasion and

money laundering. In respect of trusts in the latter category, the firm’s risk assessment may lead it to

require additional information on the purpose, funding and beneficiaries of the trust.

Firms should make appropriate distinction between those trusts that serve a limited purpose (such as

inheritance tax planning) or have a limited range of activities and those where the activities and

connections are more sophisticated, or are geographically based and/or with financial links to other

countries.

Where a situation is assessed as carrying a higher risk of money laundering or terrorist financing, the

firm may need to carry out a higher level of verification:

either by searching an appropriate register maintained in the country of establishment

or by obtaining a summary of the instrument establishing the trust.

Other information that might be appropriate to ascertain for higher risk situations includes:

donor/settlor/grantor of the funds (except where there are large numbers of small donors)

domicile of business/activity

nature of business/activity

location of business/activity (operating address).

Following its assessment of the money laundering risk presented by the trust, the firm may decide to

verify the identities of additional trustees, and/or of the settlor(s).


3.22.4. Non-UK trusts and foundations

The guidance in the above paragraphs applies equally to UK based trusts and non-UK based trusts.

On a risk-based approach, a firm will need to consider whether the geographical location of the trust

gives rise to additional concerns, and if so, what they should do.

A foundation (“Stiftung”) is described in the FATF October 2006 Report on the Misuse of Corporate

Vehicles as follows:

“A foundation (based on the Roman law universitas rerum) is the civil law equivalent to a common law

trust in that it may be used for similar purposes. A foundation traditionally requires property dedicated

to a particular purpose. Typically the income derived from the principal assets (as opposed to the

assets themselves) is used to fulfil the statutory purpose.

A foundation is a legal entity and as such may engage in and conduct business. A foundation is

controlled by a board of directors and has no owners. In most jurisdictions a foundation’s purpose

must be public. However there are jurisdictions in which foundations may be created for private

purposes. Normally, foundations are highly regulated and transparent.”

Foundations feature in a number of EEA member state and other civil law jurisdictions including,

notably, Liechtenstein and Panama. The term is also used in the UK and USA in a looser sense,

usually to refer to a charitable organisation of some sort.

The nature of a civil law foundation should normally be well understood by firms, or their subsidiaries

or branches, operating in the jurisdiction under whose laws the foundation has been set up. Where a

foundation seeks banking or other financial services outside its home jurisdiction, firms will need to be

satisfied that there are legitimate reasons for doing so and to establish the statutory requirements

within the specific home jurisdiction for setting up a foundation. So far as possible, comparable

information should be obtained as indicated in paragraph 3.22.1 for trusts, including the identity of the

founder and beneficiaries (who may include the founder), whose identity should be verified as

necessary on similar risk-based principles.

Where the founder’s identity is withheld, firms will need to exercise caution and have regard to the

standing of any intermediary and the extent of assurances that may be obtained from them to disclose

information on any parties concerned with the foundation in response to judicial demand in the firm’s

own jurisdiction. Liechtenstein foundations, for example, are generally established on a fiduciary basis

through a licensed trust company to preserve the anonymity of the founder, but the trust companies

are themselves subject to AML laws.

Whilst firms may conclude on the basis of their due diligence that the request for facilities is

acceptable, they should bear in mind that terms like ‘foundation’, ‘stiftung’, ‘anstalt’ are liable to be

hijacked by prime bank instrument fraudsters to add spurious credibility to bogus investment

schemes.

3.23. Clubs and societies

Where an application is made on behalf of a club or society, firms should make appropriate distinction

between those that serve a limited social or regional purpose and those where the activities and

connections are more sophisticated, or are geographically based and/or with financial links to other

countries.



For many clubs and societies, the money laundering or terrorist financing risk will be low. The

following information should be obtained about the customer:

full name of the club/society

legal status of the club/society

purpose of the club/society

names of all officers.

The firm should verify the identities of the officers who have authority to operate an account or to give

the firm instructions concerning the use or transfer of funds or assets.

Firms should take appropriate steps to be reasonably satisfied that the person the firm is dealing with

is properly authorised by the customer.

Some consideration should be given as to whether documents relied upon are forged. In addition, if

they are in a foreign language, appropriate steps should be taken to be reasonably satisfied that the

documents in fact provide evidence of the customer’s identity.


Where the money laundering or terrorist financing risk is considered to be at its lowest, the firm may

be able to use the source of funds as evidence of the customer’s identity (see JMLSG 2007 5.3.80 to

5.3.85).

The firm’s risk assessment may lead it to conclude that the money laundering or terrorist financing risk

is higher, and that it should require additional information on the purpose, funding and beneficiaries of

the club or society. This might include seeing a copy of the constitution (or equivalent) of the club or

society.

Following its assessment of the money laundering or terrorist financing risk presented by the

club/society, the firm may decide to verify the identities of additional officers.

3.24. Clients in care homes or in receipt of pension

An entitlement letter from the DWP, or a letter from the DWP confirming that the person is in receipt of

a pension, could provide evidence of identity. If this is not available, or is inappropriate, a letter from

an appropriate person, for example, the matron of a care home, may provide the necessary evidence.

It is also worth remembering that this person may have financial records such as a bank account and

will still be registered on the electoral roll so an electronic verification report would often suffice

without imposition upon other parties.

3.25. Gender reassignment

A firm should satisfy itself (for example, on the basis of documentary medical evidence) that the

gender transfer of a customer is genuine (as with a change of name). Such cases usually involve

transferring a credit history to a reassigned gender. This may involve data protection, not money

laundering issues. The consent of the person involved may be necessary. However an electronic

verification report with the alias added would normally verify the client successfully.


3.26. Students and young people

When offering services to students or other young people, the standard identification requirement for

individuals should be followed as far as possible. In practice, it is likely that many students, and other

young people, will have a passport, and possibly a driving licence.

Where the standard requirement would not be relevant, however, or where the customer cannot

satisfactorily meet this, other evidence could be obtained by obtaining appropriate confirmation(s)

from the applicant’s workplace, school, college, university or care institution (see DFES website

www.dfes.gov.uk/providersregister/). Any confirmatory letter should be on appropriately headed

notepaper; in assessing the strength of such confirmation, firms should have regard to the period of

existence of the educational or other institution involved, and whether it is subject to some form of

regulatory oversight.

All international students, other than those from EEA countries or Switzerland, undergo rigorous

checks by the immigration services at home and abroad in order to be satisfied as to their identity and

bona fides before they are given leave to enter or remain in the UK as a student or prospective

student. Applicants must meet the requirements of the Student Immigration Rules and must provide

documentation which demonstrates that they intend to study, and have been accepted, on a course of

study at a bona fide institution. This includes the provision of a course admission letter from the

education institution. If they cannot provide the documents they will not be given leave to enter or

remain in the UK.

Often, a business relationship in respect of a minor will be established by a family member or

guardian. In cases where the adult establishing the relationship does not already have an existing

relationship with the firm, the identity of that adult should be verified and, in addition, the firm should

see one of the following in the name of the child:

birth certificate

passport

NHS Medical Card

child benefit documentation

Child Tax Credit documentation

National Insurance Card (for those aged 16 and over).

3.27. Certification and annotation

3.27.1. Certification

Businesses may wish to consider whether copies of original documents and copies of certified copies

of original documents should be certified as true copies to demonstrate their provenance. Businesses

may wish to create standard stamps or labels to apply to documents, which can then simply be filled

in with name, signature and date. Businesses should have regard to the standing of the person

certifying and may wish to consider specifying from whom certification may be accepted, for instance,

businesses may decide to restrict acceptance to those documents certified by a person in the

permitted categories for reliance (Regulation 17 of the MLR) which are broadly a credit or financial

institution authorised by the FCA, a professionally qualified auditor, external accountant, insolvency

practitioner or tax adviser or their equivalent in EU countries and other countries which have

equivalent law and provided in all cases that the person is subject to supervision as to his compliance

with those requirements.

http://www.dfes.gov.uk/providersregister/)

http://www.dfes.gov.uk/providersregister/)


3.27.2. Annotation

This is to be used when the document is as good as an original but is not the original itself. This

particularly applies to printouts from the Internet, such as downloads from Companies House,

regulator, stock exchange or government websites, or similar trustworthy business information

sources. Each document so obtained should bear written evidence showing who printed it, when,

from where and should be signed by the relevant person.

3.28. Non-compliance through client refusal

If a prospective client refuses to provide evidence of identity or other information properly requested

as part of customer due diligence, the business relationship or occasional transaction must not

proceed any further and any existing relationship with the client must be terminated (but see

sections on insolvency cases). Consideration must be given as to whether a report needs to be

made to NCA under POCA or TA2000.

Where the appointment is of either a lawyer or relevant professional advisor in the course of

ascertaining the legal position for the client, or performing duties of the task of defending or

representing the client in or concerning legal proceedings (including advice on instigating or

avoiding proceedings) the requirement to cease acting and consider reporting to NCA does not

apply although customer due diligence information will still need to be collected. Businesses are

advised to consider the position very carefully before applying this exception to ensure that the type

of work and their professional status fall within the definitions set out in regulations 11(2) and (3).

3.29. Insolvency cases

The CCAB advises us in sections 5.56 to 5.59 the following is best practice in insolvency cases:

5.56 In the context of insolvency work, the person or entity entering into the business relationship is

considered to be the insolvent. Insolvency practitioners are also referred to the Guidance provided by

R3 (www.r3.org.uk - The Association of Business Recovery Professionals, better known as ‘R3’

(rescue, recovery, renewal)).

5.57 An Insolvency practitioner should obtain verification of the identity of the person entity over which

he is appointed. Acceptable evidence of verification may include a court order, a court endorsed

appointment, or an appointment made by a debenture holder or creditors meeting supported by a

company search or similar. It is not always possible or necessary to obtain identification evidence

direct from individuals or individual shareholders or directors in an appointment in respect of a

company as their co-operation may not be forthcoming.

5.58 It is important for an officeholder to be sure about the identity of the person or entity over which he

is taking appointment given the urgency of the situation and the necessity not to delay when this might

risk dissipation of assets and erosion of value. However, completion of other KYC elements of

customer due diligence may not be possible prior to appointment and should be completed as soon as

practicable after appointment (if possible, usually within 5 working days).

5.59 Insolvency practitioners post appointment have a very different relationship with the insolvent

client than that with a normal audit or advisory client and has access to a very wide range of

information which alters the need for traditional pre-appointment KYC. However, particular focus is

needed before, and immediately after, appointment on considering the way the business has been

operated and assessing the risk of assets being tainted by crime in which case it may well be

necessary, but not as a matter of routine in every case, to apply to NCA for a consent to perform the

normal range of duties of collection, realisation and distribution of assets.


3.30. Ongoing monitoring of client relationships

3.30.1. The requirement to monitor customers’ activities

Businesses must conduct ongoing monitoring of their business relationships with their customers.

Regulation 8 states that ongoing monitoring of business relationships means:

scrutiny of transactions, (including, where necessary, the source of funds) to ensure that the

transactions are consistent with the business’s knowledge of the customer, his business and

risk profile

ensuring that the documents, data or information held evidencing the customer’s identity are

kept up to date.

The extent to which scrutiny of transactions and knowledge of customer enquiries are undertaken

should be determined using the risk-based approach and must be applied in accordance with the risks

that are assessed to be present in relation to the customer, products, transactions, delivery channels

and geographical locations involved.

Monitoring customer activity helps to identify unusual activity. If unusual events cannot be rationally

explained, they may involve money laundering or terrorist financing. Monitoring customer activity and

transactions throughout a relationship helps give greater assurance that the business is not being

used for the purposes of money laundering or terrorist financing.

3.30.2. What is monitoring?

The basic requirements of a monitoring system are that:

it flags up transactions and/or activities for further examination

these reports are reviewed promptly by the right person(s)

appropriate action is taken on the findings of any further examination.

Monitoring can be either:

in real time, in that transactions and/or activities can be reviewed as they take place or are

about to take place. Real time can be applied in a bookkeeping or payroll bureau setting

where regular real time transactions are undertaken

after the event, through some independent review of the transactions and/or activities that a

customer has undertaken, this can be the year end accounts preparation and production, the

submission of a quarterly VAT return or the preparation and submission of an annual tax

return.

Monitoring may be done in response to specific types of transactions, to the profile of the customer, or

by comparing their activity or profile with that of a similar peer group of customers, or through a

combination of these approaches. In practical terms this means we can use our knowledge of, for

example, gross profit margins in say public houses in the area to use as a bench mark, or by

reference to national statistics. Or we could just be looking for a transaction that is out of character with

that type of business.

In designing monitoring arrangements, it is important that appropriate account is taken of the

frequency, volume and size of transactions carried out by customers, and the risks that are present

in respect of the customer and the product.


Monitoring is not a mechanical process and does not necessarily require sophisticated electronic

systems. The scope and complexity of the process will be influenced by the firm’s business

activities, and whether the firm is large or small. The key elements of any system are having up-to-

date customer information, on the basis of which it will be possible to spot the unusual, and asking

pertinent questions to elicit the reasons for unusual transactions or activities in order to judge

whether they may represent something suspicious.

3.30.3. Manual or automated?

A monitoring system may be manual, or may be automated to the extent that a standard suite of

exception reports are produced. One or other of these approaches may suit most firms. In the

relatively few firms where there are major issues of volume, or where there are other factors that

make a basic exception report regime inappropriate, a more sophisticated automated system may

be necessary.

In relation to a business’s monitoring needs, an automated system may add value to manual

systems and controls, provided that the parameters determining the outputs of the system are

appropriate. Relevant managers must understand the workings and rationale of an automated

system, and should understand the reasons for its output of alerts, as they may be asked to explain

this to its regulator.

The effectiveness of a monitoring system, automated or manual, in identifying unusual activity will

depend on the quality of the parameters which determine what alerts it makes, and the ability of

staff to assess and act as appropriate on these outputs.

3.30.4. Staff awareness

It is essential to recognise the importance of staff awareness. Such factors as intuition, direct

exposure to a customer face to face or on the telephone, and the ability, through practical

experience, to recognise transactions that do not seem to make sense for that customer cannot be

automated.

3.30.5. Customer information

MLR Regulation 8(2)(b) states that monitoring must involve keeping the documents data or

information obtained for the purpose of applying customer due diligence measures up to date. This

obligation also applies where a business has relied on another relevant business to apply CDD

measures under Regulation 17.


4. The post SAR regime

4.1. The key points

Once a SAR has been submitted, the business needs to consider whether or not the content

of the SAR requires any change to, or even cessation in, any related client relationship.

In addition, careful consideration needs to be given to reconciling the need to fulfil

professional duties, whilst avoiding the risks of tipping off.

A SAR may be followed by requests for further information from law enforcement or

prosecuting agencies, both informal and by means of relevant orders. Businesses need to

have in place procedures for checking the validity of requests and for ensuring a proper

response is made.

4.2. Continuing work in connection with a reported matter

4.2.1. Client relationships

Businesses do not have to stop working after submission of a SAR unless consent has been

requested, in which case all or part of client work may well require to be suspended until consent is

received. In cases where consent has been requested and refused, the work which was the subject of

the request will need to be suspended.

However, even where consent was not required, where a SAR involves a client as a suspect,

businesses may wish to consider whether the behaviour observed is such that for professional

reasons the business no longer wishes to act.

Generally, if following a report of suspicion a business wishes for its own commercial or ethical

reasons to exit a relationship, there is nothing to prevent this provided the way the exit is

communicated does not constitute tipping off. This also applies to the prejudicing an investigation

offence outlined below.

If a decision is made to terminate a client relationship, a business should follow its normal procedures

in this regard, whilst always bearing in mind the need to avoid tipping off.

4.2.2. Balancing professional work and POCA requirements

Normal commercial enquiries to understand a transaction carried out in the course of an engagement

will not generally lead to tipping off, although care should be exercised to avoid either making a

disclosure prohibited under ss333A-333D, POCA or making accusations or suggesting that any

person is guilty of an offence. It is important to confine enquiries to those required in the ordinary

course of business and not attempt to investigate a matter unless that is within the scope of the

professional work commissioned.

Continuation of work may require discussion with client senior management of matters relating to

suspicions formed. This may be of particular importance in audit relationships. Care must be taken to

select appropriate, and non-complicit, members of senior management for such discussion whilst

always bearing in mind the need to avoid tipping off.

In more complex circumstances, consultation with law enforcement may be necessary before

enquiries are continued, but in most cases a common sense approach will resolve the issue. Note

that neither the NCA nor law enforcement may give consent to tipping off, but discussions with them

are still valuable.


Businesses may wish to consult the MLRO or other suitable specialist (for example a solicitor)

regularly if there are tipping off concerns, and in particular it is important that before any document

referring to the subject matter of a report is released to a third party the MLRO is consulted and, in

extreme cases, law enforcement.

MLROs may on occasion need advice to assist them in formulating their instructions to the business.

Legal advice may be sought from a suitably skilled and knowledgeable professional legal adviser, and

recourse may also be had to helplines and support services provided by professional bodies.

Discussion with the NCA and law enforcement may well be valuable, but MLROs should bear in mind

these authorities are not able to advise, and nor are they entitled to dictate how professional

relationships should be conducted.

4.3. Requests for further information

4.3.1. Requests from NCA or law enforcement agencies

The NCA or a Law Enforcement Authority may contact a business (usually the MLRO) or an individual

to ask for further information about a SAR which has submitted. Before responding, it is

recommended that a verification process is undertaken to ensure the person making contact is a bona

fide member of NCA/ law enforcement. This may be most simply achieved by taking a caller’s name

and agency/force details, and then calling the main switchboard of the agency/ force to be put through

to the person.

To the extent that the request is simply aimed at clarifying the content of a SAR, businesses/

individuals may respond without the need for any further process.

However, if the request is for production of documents or provision of information additional to the

SAR, it is recommended that businesses/individuals require the relevant agency to use its powers of

compulsion before they respond. This is not intended to be non-cooperative, and indeed

businesses/individuals are recommended to engage in constructive dialogue with NCA/law

enforcement, including as to the content and drafting of the request, but is intended to protect

businesses/individuals from allegations that they breached confidentiality. Client or other third party

consent is not required in cases of compulsion, and nor should it be sought due to the risk of tipping

off.

Before responding to orders for production of information, businesses/individuals should ensure they

understand:

the authority under which the request is made

the extent of the information requested

the required timing and manner of the production of information

what information should be excluded for example, that subject to legal privilege. If in any

doubt, businesses/individuals should seek legal advice. Businesses should document their

consideration of the issues.

None of the notices or orders will require the production of information that is subject to legal privilege

or legal professional privilege. Terms used in the various relevant Acts of Parliament and the way the

terms are defined vary slightly and it may be appropriate to take legal advice if unsure. The interaction

of the privilege reporting exemption with the carve-outs for privileged material in the notices and

orders outlined below is not clear, and has yet to be tested. This is a complex area of law.


If individuals or businesses are unsure as to whether certain documents fall within the privileged

category or not, they should not include these documents in initial disclosure and, before the expiry of

the time allowed for disclosure, should inform the person to whom the information is to be provided

that they believe they have material subject to privilege and request that, if they think it necessary to

gain access to this material, the relevant agency appoint independent counsel to opine as to whether

the material is disclosable, or not. The opinion of counsel may then be complied with.

Before passing across information to an officer, businesses should require the person identify

themselves by, for example, showing a warrant card and a copy of the relevant order, or businesses

may attend the premises of the relevant agency to hand over the information.

Orders for production of information may be received under a variety of legislation. In each case,

production may be required in hard copy even where stored on a computer, or in electronic form

where stored as such. Those which most commonly flow from SARs include the following:

production orders under the provisions of POCA 2002

disclosure notices under SOCPA 2005

S2 notices issued by the Serious Fraud Office under the provisions of the Criminal Justice

Act 1987.

4.3.2. Production orders

Production Orders are made under s354, POCA, and are made only by a judge in respect of a

confiscation investigation, or a money laundering investigation. The maximum period for compliance

will be seven days starting with the day on which the order is made unless the judge thinks a shorter

period should be applied.

To the extent that the request is simply aimed at clarifying the content of a SAR, businesses/

individuals may respond without the need for any further process.

However, if the request is for production of documents or provision of information additional to the

SAR, it is recommended that businesses/individuals require the relevant agency to use its powers of

compulsion before they respond. This is not intended to be non-cooperative, and indeed

businesses/individuals are recommended to engage in constructive dialogue with NCA/law

enforcement, including as to the content and drafting of the request, but is intended to protect

businesses/individuals from allegations that they breached confidentiality. Client or other third party

consent is not required in cases of compulsion, and nor should it be sought due to the risk of tipping

off.

4.3.3. Disclosure notices under SOCPA

A disclosure notice may be issued by an investigating authority (the Director of Public Prosecutions,

the Director of Revenue and Customs Prosecutions and the Lord Advocate or their permitted

delegates under s60, SOCPA) in respect of certain offences only. These are broadly those listed in

Schedule 2 (Schedule 4 in Scotland) to POCA, offences under ss15-18, TA 2000, certain duty

offences, false accounting (s17, Theft Act 1968 in England and Wales) and certain matters

concerning attempts at/conspiracy to commit certain offences. S61, SOCPA should be referred to in

the case of any such notice being received to check it is in respect of a qualifying offence. ss 62-65,

SOCPA then set out the procedures in respect of the issue of the notice, and the response to it.

The provisions of the notice will govern the extent of the information to be provided, and the timing,

place and manner of disclosure. There is no requirement to produce documents or answer questions

where the matter is subject to legal professional privilege, or legal privilege (as defined in s412,

POCA). For the interaction of this provision with the privilege reporting exemption, see section7.10.


Failure, without reasonable excuse, to comply is a criminal offence and penalties of up to two years

imprisonment and/or an unlimited fine may be levied.

4.3.4. S2 notices issued by the Serious Fraud Office under the Fraud Act 2006

Under the Fraud Act 2006, staff authorised by the Director of the Serious Fraud Office have powers to

require a person to answer questions, provide information or produce documents for the purposes of

an investigation. Written notice is given where the Serious Fraud Office exercise these powers. In

urgent cases, the Serious Fraud Office may require immediate compliance with a notice, but

frequently will give a period of time for compliance. There is no requirement to produce documents

which are privileged, being material which a person would be entitled to refuse to produce on grounds

of privilege in the High Court. Failure to comply is a criminal offence punishable with imprisonment for

up to six months and/or a fine not exceeding level 5 on the standard scale.

4.3.5. Requests arising from a change of professional advisor (professional enquiries)

Requests regarding identification information

In such a case the disclosure request may be made under the provisions of Regulation 17, reliance,

or the new adviser may simply want copies of identification evidence, in order to assist it in satisfying

its own identification procedures. Businesses should not release confidential information without the

client's consent. If reliance is being placed on the business, it should follow the guidance in relation to

record keeping.

In general, it is recommended that such requests are declined as the tipping off offence in the

regulated sector greatly restricts the ability to make such disclosures. However, to the extent that the

request is within the provisions of s333C, POCA information may be provided (but there is no

obligation to do so).

Requests for information regarding suspicious activity

In general, it is recommended that such requests are declined as the tipping off offence in the

regulated sector greatly restricts the ability to make such disclosures. However, to the extent that the

request is within the provisions of s333C, POCA (section 2.19 of this Guidance) information may be

provided (but there is no obligation to do so).


5. Staff training and record keeping

5.1. Staff awareness and training – general legal obligations

MLR Regulation 21 requires businesses to take appropriate measures so that all relevant employees

are:

made aware of the law relating to money laundering or terrorist financing

regularly given training in how to recognise and deal with transactions and other activities

which may be related to money laundering or terrorist financing.

5.2. Who should be trained?

Employees should be trained in what they need to do to carry out their particular roles in the

organisation. All customer facing/processing staff will require training in relation to recognising and

handling suspicious transactions. Nominated Officers/MLROs, senior managers and others involved

in ongoing monitoring of business relationships and other internal control procedures will need

different training, tailored to their particular functions.

A sole trader, by default, will be deemed to be the nominated officer of the firm, and as such is

required by the regulations to have the requisite level of knowledge and training to be able to fulfil this

function. Therefore, licensed members who are sole practitioners should automatically include money

laundering as part of their continuing professional development (CPD) programme.

5.3. What should training cover?

Businesses must ensure that relevant employees are made aware of their responsibilities under the

Proceeds of Crime Act and the Terrorism Act to report knowledge or suspicion to the Nominated

Officer (MLRO) and the requirements under MLR for the business to apply customer due diligence

measures.

Training to enable employees to recognise and deal with suspicious transactions should include:

the identity and responsibilities of the MLRO

the potential effect on the firm, its employees personally and its clients of any breach of the

law

the risks of money laundering and terrorist financing that the business faces

the vulnerabilities of the business’s products and services

the policies and procedures that have been put in place to reduce and manage the risks

CDD measures, and, where relevant, procedures for monitoring customers’ transactions

how to recognise potential suspicious activity

the procedures for making a report to the MLRO

the circumstances when consent is to be sought and the procedure to follow

reference to industry guidance and other sources of information, for example, NCA, FATF,

CCAB etc.


5.4. How often should training be given?

Businesses should ensure that the frequency of training is sufficient to maintain the knowledge and

competence of staff to apply customer due diligence measures appropriately and in accordance with

the business’s risk assessments of the products or services they offer. The CCAB recommend this

should be on an annual basis.

It is important, as part of ongoing staff training, to make staff aware of changing behaviour and

practices amongst money launderers and those financing terrorism. A range of information on this can

be found on the internet and through the media, for example, the website of the Financial Action Task

Force. Training methods and assessment should be determined by the individual business according

to the size and complexity of the business.

5.5. Record keeping - general legal requirements

The purpose of MLR Regulation 19 on record-keeping is to require a business to be able to

demonstrate its compliance with the MLR, through keeping evidence and records of due diligence

checks made and information held on customers and transactions. These records may be crucial in

any subsequent investigation by NCA, the police or HMRC. They will enable the business to produce

a sound defence against any suspicion of involvement in money laundering or terrorist financing, or

charges of failure to comply with the Regulations.

5.6. The records that must be kept

The records that must be kept are:

a copy of, or the references to, the evidence of the customer’s identity obtained under the

customer due diligence requirements in the regulations

the supporting evidence and records in respect of the business relationships and occasional

transactions which are the subject of customer due diligence measures or ongoing

monitoring.

In relation to the evidence of a customer’s identity, businesses must keep the following records:

a copy of the identification documents accepted and verification evidence obtained

references to the evidence of customer’s identity.

Transaction and business relationship records (for example, account files, working papers, relevant

business correspondence, including electronic mail, daily log books, receipts, cheques etc.) should be

maintained in a form from which a satisfactory audit trail may be compiled, and which may establish a

financial profile of any suspect account or customer.

5.7. Persons who are relied on by another person to apply any customer due

diligence measures

Where a person is relied on by another business to apply customer due diligence measures on their

behalf under the arrangements set out in this guidance, he must keep the records specified above for

five years beginning from the date on which he is relied on in relation to any business relationship or

transaction.


A person who is relied on must, if requested by the person relying on him within the time specified

above:

as soon as reasonably practicable make available to the person who is relying on him any

information about the customer (and any beneficial owner) which he obtained when applying

customer due diligence measures

as soon as reasonably practicable forward to the person who is relying on him copies of any

identification and verification data and any other relevant documents on the identity of the

customer (and any beneficial owner) which he obtained when applying the measure.

5.8. Businesses which rely on another person to apply customer due

diligence measures

Where a business relies on another person to apply any customer due diligence measures on their

behalf, it must take steps to ensure that the third party will, if requested within the time specified above:

as soon as reasonable practicable make available to him any information about the customer

(and any beneficial owner) which the third party obtained when applying customer due

diligence measures

as soon as reasonably practicable forward to him copies of any identification and verification

data and other relevant documents on the identity of the customer (and any beneficial owner)

which the third party obtained when applying those measures.

These requirements do not apply where the business applies customer due diligence measures by

means of an outsourcing service provider or agent, although, because the business is responsible for

applying CDD and storing its records, it would be prudent for it to be in a position to ensure that it

receives or can quickly access customer identification records where any of these services (or records

storage) are outsourced.

5.9. How long should records be kept?

Evidence of customer’s identity records must be kept for five years beginning on the date on which

the occasional transaction is completed or the business relationship ends.

Records of transactions (whether undertaken as occasional transactions or part of a business

relationship) must be kept for five years beginning on the date on which the transaction is completed.

All other records must be kept for five years beginning on the date on which the business relationship

ends.

5.10. In what format must the records be kept?

Most businesses want to keep to a minimum the volume and density of records which need to be kept

whilst still complying with the regulations. Records may therefore be kept:

by way of original documents

by way of good photocopies of original documents

on microfiche

scanned form

computerised or electronic form.


5.11. Penalties for failure to keep records

Where the record keeping obligations under the MLR are not observed, a business or person is open

to financial penalties or potentially prosecution including imprisonment for up to two years.


6. Business and Firms Management Policies and

Procedures for reporting suspicious activity (SAR’s)

6.1. Internal reporting

The key points to note in relation to reporting are:

Suspicious activity reports submitted by the regulated sector are an important source of

information used by NCA in meeting its harm reduction agenda, and by law enforcement

more generally.

Businesses are required to have procedures which provide for the nomination of a person

(MLRO) to receive disclosures (internal reports) under Part 7 of POCA and which require that

everyone in the business complies with Part 7 of POCA in terms of reporting knowledge,

suspicion or reasonable grounds for knowledge or suspicion of money laundering.

Failure to report in accordance with Part 7 of POCA where the relevant information or other

matter has been obtained through the course of work in the regulated sector is a criminal

offence which can be committed by any individual (s330, POCA), or by the MLRO (s331,

POCA). There is a similar offence for MLROs outside the regulated sector in s332, POCA.

An individual other than the MLRO fulfils his reporting obligations by making an internal report

to his MLRO.

The MLRO is responsible for assessing internal reports, making further inquiries if need be

(either within the business or using public domain information), and, if appropriate, filing SARs

with NCA.

Where a relevant professional advisor forms knowledge or suspicion or reasonable grounds

for such in ‘privileged circumstances’ no report should be made to NCA unless this ‘privilege

reporting exemption’ is overridden by the crime/ fraud exception i.e. where the information or

other matter is communicated to the relevant professional advisor with the intent of furthering

a criminal purpose (Section 7.42 to 7.46).

When reports are properly made they are ‘protected’ under s337, POCA in that nothing in

them shall be taken to breach any restriction on the disclosure of information, however

imposed.

A person who considers he may have engaged or is about to engage in money laundering,

should make an ‘authorised’ disclosure (s338, POCA). Such a disclosure, provided it is made

(and NCA's consent to the act is obtained) before the act is carried out, or is made as soon as

possible on the initiative of that person after the act is done and with good reason being

shown for the delay, may provide a defence against charges of money laundering. When

properly made such reports shall not be taken to breach any restriction on the disclosure of

information, however imposed.

Consent may be sought from NCA under s335, POCA (and confirmed to the business by the

MLRO under s336 POCA) to carry out activity that would otherwise be money laundering

under ss327-329 POCA. If granted, the consent provides complete protection against charges

of money laundering but only in respect of the activity covered by the consent.


TA 2000 provides for broadly equivalent provisions regarding the reporting of knowledge,

suspicion or reasonable grounds for such of terrorist financing. The definition of ‘terrorist

property’ is set out in s14, TA 2000 and the terrorist offences and provisions regarding

reporting, consent and tipping off are set out in ss15-21A.

6.2. Suspicious activity reporting to the National Crime Agency (NCA)

6.2.1. General legal and regulatory obligations

Under Part 7 of the Proceeds of Crime Act and Part 3 of the Terrorism Act, businesses in the

regulated sectors and their employees are required to disclose information to the National Crime

Agency (NCA) in circumstances where they:

know or suspect

have reasonable grounds for knowing or suspecting

that another person is engaged in money laundering or terrorist financing.

MLR regulation 20(2) requires that businesses in the regulated sectors must have policies and

procedures under which:

an individual in the organisation is appointed as a Nominated Officer (NO) who is responsible

for receiving disclosures of information concerning suspicions of money laundering, made

under the requirements of Part 7 of the Proceeds of Crime Act and Part 3 of the Terrorism Act

2000

employees report suspicious activity to the Nominated Officer

the nominated officer considers disclosures in the light of any relevant information which is

available to the business and determines whether it gives rise to knowledge or suspicion or

reasonable grounds for knowledge or suspicion of money laundering or terrorist financing.

In some businesses, the nominated officer is referred to as the MLRO.

“In the organisation” means from within the same business, business group, or corporate structure.

Sole proprietors, who have no members of staff, do not need to appoint a Nominated Officer because

they are directly responsible for making disclosures under POCA and TA.

The failure of any person to disclose such information is an offence under Part 7 of the POCA or Part

3 of the TA.

6.3. The meaning of knowledge, suspicion and reasonable grounds for

knowledge or suspicion

For the purposes of the POCA and the TA, knowledge means knowledge of money laundering activity

based on information that came to the member of staff or Nominated Officer in the course of the

business in the regulated sector.

Suspicion is an opinion held that is based on information or circumstances but without certainty or

proof. Unusual transactions are not necessarily suspicious, however, MLR 2007 regulation 20

requires that unusual transactions and any other activity that is regarded as particularly likely by its

nature to be related to money laundering or terrorist must be identified and scrutinised, which could

result in suspicion requiring disclosure.


Reasonable grounds for knowledge or suspicion arise where the facts or circumstances, if viewed

objectively, would lead to an expectation that a reasonable person working in the relevant business

would know or suspect that someone was engaged in money laundering or terrorist financing.

6.4. Internal reporting procedures

All relevant businesses must maintain internal procedures which ensure employees report suspicious

activity to the MLRO.

A report must be made as soon as a decision is made that there are reasonable grounds to suspect

money laundering. Suspicion may arise before or after a transaction takes place.

Before deciding to make a report to NCA, the MLRO will need access to all the business’s relevant

records. The business must therefore, take reasonable steps to ensure its Nominated Officer has

access to such information. This may include:

the financial circumstances of the client or a person on whose behalf the client is acting

the features of the transaction.

In addition, the MLRO should:

consider the level of identity information held on the client and any information held on his

personal circumstances that might be available to the business

review other transaction patterns and volumes through the account and any other accounts in

the same name.

The MLRO should also take into consideration any additional risks where the client is located

outside the UK, particularly if the client is located in a high-risk jurisdiction.

If the MLRO decides not to make a report to NCA, the reasons for not doing so should be clearly

documented or recorded electronically, and retained with the internal suspicion report.

6.5. Making external reports to NCA

Once an MLRO has concluded that a report is required, it should be prepared and submitted

promptly to NCA.

The requirement set out in POCA as to timing of reports is that a report should be made ‘as soon as

is practicable’ after the information required is received. In practical terms, the interval between

receiving an internal report and making a SAR will vary quite widely. Some matters may be

disposed of very rapidly where all the information required to make a SAR is received with the first

contact, and where this occurs a quick turnaround should be achieved. It is particularly important to

work rapidly in matters where consent is required, or where ‘money laundering in action’ is

suspected, that is, another is engaged in current criminal activity which may provide law

enforcement with opportunities to intervene. In other cases, where not all the required information is

immediately to hand, or where there is material uncertainty as to whether the matter is repor table or

not, the MLRO may reasonably chose to await further expected developments, and/or seek further

information before making a reporting decision.


NCA’s preferred methods of submitting reports are:

SAR online system, using internet transfer

Hard copy NCA forms (obtainable on the internet or by post on request to NCA) to be typed

and submitted by post or fax.

It is recommended that individuals and businesses have regard to guidance on how to make reports

published from time to time by NCA.

SAR online gives increased security because of encryption; the other added benefit is that an

acknowledgement of receipt will be sent to you confirming receipt of the SAR. This will not be done if

the SAR is submitted by post or fax. This aids with being able to ‘demonstrate to a supervisor’

elements of compliance.

In preparing SARs, MLROs should seek to present information in a way that it clear and succinct. In

particular:

the full name of the reporting business must be provided and the internal reference for the

report should be provided in each case

all available CDD information - identification information held by the business (name, address,

date of birth, registration numbers etc.) must be presented in the appropriate subject fields,

and not simply incorporated into the ‘reason for suspicion’ text

where it assists in explaining the matter being reported, it may be appropriate to include a

number of subjects in the report, providing such identification information as is known in the

manner above for each of them

for each subject their role, as far as it is known, in the matter should be made clear and the

options of flagging each subject as suspect/victim/unknown used as appropriate

where bank account/transaction details are available and relevant, these should be included

in the appropriate fields

the activity observed should be explained clearly in the reasons for suspicion field, without

using jargon or terms which might not be readily understood by non-accountants and, as far

as known, giving details of when events occurred

features of the activity which are unusual or are considered to denote either a predicate

offence to money laundering, or money laundering, should be highlighted as such

such information held as to the whereabouts of any laundered property should be given

the information given in the reasons for suspicion field should be succinct

the report should be submitted without any supporting documents and accordingly should be

able to stand alone to explain the suspicion through provision of the information comprising

the required disclosure.

If the MLRO so wishes, he may make use of the SAR Glossary of Codes provided by NCA and

incorporate the relevant terms in his report, this is provided the annex of this section.

An important role for the MLRO on receipt of an internal report and on making a SAR is to advise

engagement teams on how to continue their work and interact with the client to balance professional

responsibilities, risk to the business and responsibilities under POCA.

http://www.legislation.gov.uk/ukpga/2002/29/part/7

http://www.nationalcrimeagency.gov.uk/about-us/what-we-do/economic-crime/ukfiu/how-to-report-sars


6.6. Types of report

Reports made in accordance with the provisions of POCA are made under either s337 (protected

disclosures) or s338 (authorised disclosures).

6.6.1. The protected disclosure

A protected disclosure is any report made by a person providing the required disclosure, based on

information or other matter coming to their attention in the course of their trade, profession, business or

employment, where this information has led to knowledge or suspicion (or reasonable grounds for

such) that another person is engaged in money laundering.

A protected disclosure may be made by any person forming a money laundering suspicion, at work or

carrying out professional activities, whether or not acting within the regulated sector. This means that

any individual or business, or other organisation (such as a charity) meeting these conditions may

make a voluntary report to NCA in the public interest and benefit from the protections contained in s337

POCA against allegations of breach of confidentiality. In the regulated sector, such reports are

compulsory (save where an exemption such as the privilege reporting exemption applies).

6.6.2. The authorised disclosure (consent)

An authorised disclosure is a report made by a person who makes the disclosure:

before he has carried out a prohibited act (that is, done something which would constitute a

money laundering offence under ss327-329 POCA); or

whilst he is doing the prohibited act, or after he has done such an act provided that when he

started to do the act he didn’t realise that it was money laundering (that is, did not realise that

criminal property was involved) and made the report on his own initiative as soon as he knew

or suspected criminal property was involved; or

after he has done the prohibited act, provided that there was good reason for not reporting

before he committed the act, and he made the report on his own initiative as soon as it was

practicable to make it. There is no guidance in POCA as to what might constitute “good

reason”, but this is likely to be applied narrowly.

6.6.3. Key points for consent

If a business or an individual believes an activity they are going to undertake would constitute

a money laundering offence under ss327-329 POCA then they must make an authorised

disclosure under s338, POCA (or have a reasonable excuse for not having made such a

report).

If the authorised report was made before the money laundering activity took place, the

reporter must receive an appropriate consent (s335, POCA) before proceeding with the

activity or an offence will be committed.

On receipt of the appropriate consent under s335, POCA, an MLRO may then provide this

consent to the business under the provisions of s336, POCA.

Once a consent request is made, this may be granted by NCA or given by default once seven

working days starting the working day after submission of the consent request (the ‘notice

period’) has elapsed, or consent may be refused.


If consent is refused during the seven working day notice period, a moratorium period of 31

days starts on the day notice of refusal is received during which the activity may not be

undertaken unless and until the moratorium period expires.

Once the moratorium has expired, then if no restraining action has been taken by law

enforcement, the activity in question may be continued.

6.7. Confidentiality protections

Any report properly made under the provisions of ss337 and 338, POCA cannot be taken to breach

any restriction on disclosure of information however this is imposed. This means considerations of

client or other duties of confidentiality must not impede reporting, unless the privilege reporting

exemption applies where different considerations apply. Such protection does not exist for reports

which are made founded only on speculation or made defensively founded on generalities or “just in

case”.

6.8. Non-POCA reporting

Businesses and individuals should have regard to other obligations they may have, such as reporting

responsibilities under the Statements of Auditing Standards, statutory regulatory returns, and reports of

misconduct of fellow members of professional bodies. In all cases, the risk of tipping off must be

considered and avoided.

6.9. Guarding the confidentiality of a SAR

If clients or third parties become aware that an individual or business has made a SAR, this can have

adverse effects on client relationships and may ultimately endanger the security of staff members.

Maintaining the confidentiality of SARs is important to NCA. Access to SAR information is now

provided to end-users in law enforcement and similar agencies by NCA only on condition that

undertakings are taken as to compliance with Home Office guidance on preserving the confidentiality

of SARs. (Home Office Circular 53 / 2005 ‘Money Laundering: The Confidentiality And Sensitivity Of

Suspicious Activity Reports (SARs) And The Identity Of Those Who Make Them’).

The key elements of SAR confidentiality can be summarised as follows:

secure reporting systems – SAR online

secure information handling – the ELMER central computer system

directions of the Home Office circular

trained and security vetted NCA staff

all accredited financial investigators trained to the same high standard for the use of a SAR

training and security for judges and clerks of court for the handling and use of a SAR

partnership agreements with end users such as money web

ARA trained and accredited financial intelligence officers

HM Inspector of Constabulary inspection programme

NCA annual report to ministers.

The above has led to a very secure SAR reporting system. NCA has provided a reporting line for

concerns over breach of confidentiality by end-users. Businesses should also report any suspected

breach of SAR confidentiality to AAT.

Whilst it is reasonable for the regulated sector to expect NCA to make strenuous efforts to protect the

confidentiality of those who make SARs, reporters should also take such steps as are available to them

to protect the confidentiality of individuals and businesses and the information reported.

http://www.nationalcrimeagency.gov.uk/contact-us/reporting-suspicious-activity-sar


In making reports, MLROs should disclose information relevant to the suspicion or knowledge of money

laundering and information necessary to allow the reader to gain a proper understanding of the matters

reported. It is recommended that reporters:

refrain from including other confidential information where this is not required for compliance

with obligations under POCA

show the name of the business, individual, or MLRO submitting the report only once in the

source ID field but nowhere else in the report

do not include names of personnel who made internal reports to the MLRO

only include parties as subjects where this information is necessary for an understanding of

the report, or to meet the standards of the required disclosure

highlight clearly in the reasons for suspicion/disclosure field any particular concern the

reporter has about safety (in physical, reputation or other terms).

Whilst it is reasonable for an MLRO to answer questions from a NCA officer or a law enforcement officer

aimed simply at clarifying the content of a SAR, any further disclosure to NCA or law enforcement or

prosecuting agencies should normally only be undertaken in response to the exercise of a power to

obtain information contained in relevant legislation, or in compliance with professional guidance on the

balance of confidentiality and making disclosures in the public interest. This provides protection for the

MLRO and the business against any allegation of breach of confidentiality.

6.10. Tipping off

It is a criminal offence under POCA Part 7 for anyone, following a disclosure to a Nominated Officer or to

NCA, to do or say anything that might either ‘tip off’ another person that a disclosure has been made or

prejudice an investigation. The Terrorism Acts contain similar offences.

This means that businesses must not tell a client:

that a transaction was/is being delayed because consent from NCA has been requested

that details of their transactions or activities will be/have been reported to NCA

that they are being investigated by law enforcement under Chapter 8 POCA.

Reasonable enquiries of a client concerning the background to a business or transaction, as part of

client due diligence checks will not give rise to a tipping-off offence. The offence of tipping off can only

occur once a SARs is made.

6.11. Recognising money laundering

6.11.1. The key elements

The Anti Money Laundering requirements only relate to criminal matters; that are those which attract

criminal penalties. Other acts may be unlawful, but not criminal. This distinction is particularly important

in areas of work where an array of penalties on both civil and criminal levels exists. An example of this is

in relation to infringement of the requirements of the Companies Act where there is a mixture of issues

attracting civil penalties and those attracting criminal penalties.

In most cases of suspicion, the reporter will have in mind a particular type of underlying criminal

conduct. However, on occasion a transaction or activity may so obviously lack any normal economic

rationale or business purpose as to lead to a suspicion that it may be linked to money laundering in the

absence of any other credible explanation. Individuals should not hesitate to exercise professional

scepticism and judgement and should report such matters if appropriate.


For a matter to be money laundering there must not only be criminal conduct, but also proceeds or

criminal property. These terms are described below.

6.11.2. Criminal conduct

Criminal conduct is that which constitutes an offence in any part of the UK or would do if it was

committed in the UK. However, businesses and individuals should note that under the provisions of the

overseas conduct exception (s330(7)(A) POCA) there are limited exceptions to the requirement to report

conduct occurring overseas.

Since UK law defines money laundering so widely, any criminal conduct which has resulted in any form

of criminal property will also constitute money laundering. It is not expected that individuals will become

expert in the very wide range of underlying or predicate criminal offences which lead to money

laundering but they will be expected to recognise those that fall within the professional competence of

their role but should use professional scepticism, judgement and independence as appropriate to

identify offences.

If a person knowingly engages in criminal activity but does not successfully benefit from it, he may have

committed some other offence (often fraud) but not money laundering. If an activity does not result in

criminal property it cannot constitute a money laundering offence. Consequently, there is no obligation

to file a money laundering report. However, businesses and individuals may wish to report the matter to

the Police, or may have other reporting duties.

6.11.3. Criminal property

Criminal property is the benefit derived from a person’s criminal activity. Note that criminal property (or

‘proceeds’) can take any form. For example, cost savings from ignoring mandatory health and safety

regulations (amounting to a criminal offence) savings as a result of tax evasion, and other less obvious

financial benefits can also constitute criminal property. Where criminal property is used to acquire further

assets these further assets themselves become criminal property. It is important to note that there is no

de minimis level and thus criminal property is not identified by its value.

POCA defines criminal property in s340(3)(b), POCA as ‘property is criminal property if it constitutes a

person’s benefit from criminal conduct and the alleged offender knows or suspects, that it constitutes or

represents such a benefit’.

6.11.4. Intent

S 340(3)(b) of POCA means that an offender must know or suspect that property is criminal. Conduct

which is an innocent error or mistake may be criminal where it constitutes a strict liability offence but will

not also be money laundering.

If an individual or business knows or believes that a client is acting in error, the individual may approach

the client and explain the situation and legal risks to him. However, once the criminality of the conduct is

explained to the client, he must bring his conduct (including his past conduct) promptly within the law to

avoid a money laundering offence being committed. Where there is uncertainty about the legal issues,

outside the competence of the individual, clients should be referred to an appropriate specialist or

professional legal adviser.

Note that if there are reasonable grounds to suspect that a client knew or suspected that his/ its actions

were criminal, a report must be made. Even if the client does not have the relevant intent, but

businesses or individuals are aware that there is criminal property, consideration needs to be given to

whether a report has to be made under s 338, POCA to avoid an offence under S’s 327-329, POCA.


6.12. Suspicion indicators

The following lists are not exhaustive but set out some of the main indications that a transaction is

suspicious:

6.12.1. New clients and ‘one-off’ transactions

Checking identity is proving difficult.

The client is reluctant to provide details of their identity.

A cash transaction is unusually large.

The cash is in used notes and/or small denominations.

The client requests currency in large denomination notes.

The client will not disclose the source of cash.

The explanation for the business and/or the amounts involved are not credible.

A series of transactions are structured just below the regulatory threshold for due diligence

identity checks.

The client has made an unusual request for collection or delivery.

Transactions having no apparent purpose or which make no obvious financial sense, or which

seem to involve unnecessary complexity.

Unnecessary routing of funds through third-parties.

6.12.2. Regular and established clients

The transaction is different from the normal business of the client.

The size or frequency of the transaction is not consistent with the normal activities of the

client.

The pattern of transactions has changed since the business relationship was established.

Money transfers to high-risk jurisdictions without reasonable explanation, which are not

consistent with the client’s usual foreign business dealings.

Sudden increases in the frequency/value of transactions of a particular client without

reasonable explanation.

6.12.3. Examples where client identification issues have potential to indicate suspicious

activity

The client refuses or appears reluctant to provide information requested.

There appears to be inconsistencies in the information provided by the client.

The client’s area of residence is inconsistent with other profile details such as employment.

An address appears vague or unusual.

The supporting documentation does not add validity to the other information provided by the

client.

The client is in a hurry to rush his activity through, with promises to provide the information

later.

6.12.4. Examples of activities that might suggest to staff that there could be potential terrorist

activity

The client is unable to satisfactorily explain the source of income or capital.

Frequent address changes.

Media reports on suspected or arrested terrorists.


7. Tax practitioner’s specific guidance

7.1. Tax practitioners, MLR 2007 and POCA

The following is guidance issued by the HMRC, CIOT, ATT, ICAEW, ACCA and CIMA and is

applicable to understanding reporting requirements of many activities we undertake.

A tax practitioner should be aware of HMRC’s responsibility under MLR 2007 to regulate trust and

company service providers, which may impinge upon the work they undertake for their clients.

However if the tax practitioner is supervised by another supervisory authority for other tax and

accounting services, that supervisory authority can act as supervisor for the trust and company

service work.

Whilst this supplementary guidance focuses on tax offences a tax practitioner should be aware of the

potential need to report to NCA (or to his firm’s MLRO where he is not a sole practitioner) knowledge

or suspicion of proceeds derived from any crime which he encounters in the course of his work as a

tax practitioner.

In particular, a tax practitioner should also take proper care, under Section 328 POCA to ensure he

does not become concerned in an arrangement which he knows or suspects facilitates (by whatever

means) the acquisition, retention, use or control of criminal property by or on behalf of another person

when assisting clients.

7.2. Overview of the tax sector

Tax work covers a broad range of activities from routine compliance work to complex tax

planning.

Tax compliance involves the processing and submission of returns to the tax authorities.

Tax planning looks at advising on and structuring tax affairs in a tax efficient manner. This can

sometimes involve the use of trusts, offshore entities and tax favourable regimes.

7.3. What are the money laundering risks in the tax sector?

The money laundering risk areas that a tax practitioner may encounter in practice include the following:

a) Where a client’s actions in respect of his tax affairs create proceeds of crime, for example:

a client’s refusal to correct errors (both for the past and on an ongoing basis)

a client’s deliberate under declaration of profits/income/gain or deliberate overstatement of

expenses/losses.

b) Where during the course of dealing with a client’s tax affairs it becomes apparent that the

client is holding proceeds of crime derived from criminal activity which may or may not be tax

related.

The tax practitioner needs to be alert to the risk of assisting or facilitating the laundering of proceeds

of crime whether through the evasion of taxes or otherwise. For example, where a client puts

significant importance on maintaining the anonymity of beneficiaries or owners or in keeping

confidential the structure of a complex plan ostensibly intended to minimise legally a tax liability, then

the possibility that the funds involved are derived from the proceeds of crime should be kept in mind.


7.4. Tax offences

7.4.1. Introduction

There are a number of tax offences which can give rise to the proceeds of crime and SARs. These

are discussed further below. When a tax practitioner has identified proceeds of crime he (or his firm’s

MLRO where he is not a sole practitioner) should consider carefully whether the privilege reporting

exemption applies before submitting a SAR.

A tax practitioner is not required to be an expert in criminal law but he would be expected to be aware

of the boundaries between deliberate understatement or other tax evasion and simple cases of error

or genuine differences in the interpretation of tax law and be able to identify conduct in relation to

direct and indirect tax which is punishable by the criminal law. There will be no question of criminality

where the client has adopted in good faith, honestly and without misstatement a technical position

with which HMRC disagrees.

The main areas where offences may arise in direct tax are:

tax evasion, including making false returns (including supporting documents), accounts or

financial statements or deliberate failure to submit returns

deliberate refusal to correct known errors; and less commonly

failure to obtain consent under s765 ICTA.

7.4.2. Taxes Management Act 1970 (TMA) tax ‘offences’

The TMA provides a civil penalty regime covering both fraudulent and negligent conduct. It is only

fraudulent or dishonest conduct which is reportable under POCA. The money laundering legislation is

only concerned with the proceeds of criminal conduct. Therefore, it is only that conduct which the law

treats as criminal offences which can lead to money laundering issues.

Where conduct may attract a civil penalty under the TMA but may also, on the particular facts, amount

to criminal conduct then the conduct is criminal. By way of example, only, knowingly assisting in the

preparation of an incorrect return etc. could give rise to a civil penalty under s99.

TMA, but the conduct concerned would typically amount to a criminal offence (such as false

accounting or cheating HMRC) as well. Any case where fraudulent conduct is suspected should be

reported unless the privilege reporting exemption applies.

7.4.3. Prosecution policy – the need to report

In the tax environment, there are many circumstances in which the tax authorities have a long and

established practice of dealing with matters on a civil basis. A policy view is taken that this is a more

cost effective approach and that the interest and penalties that can be charged on a civil basis

constitute sufficient restitution and deterrent.

This is the case across direct tax and VAT where criminal prosecutions are very much the exception.

However, the practices or anticipated practices of HMRC are irrelevant to the reporting obligations

under POCA. If a tax practitioner suspects that a criminal offence may have been committed, and that

there may be or may have been proceeds, whether actual or prospective proceeds, then unless the

privilege reporting exemption applies (see 7.9 below), he is obliged to report to NCA (or to his firm’s

MLRO where he is not a sole practitioner) irrespective of the fact that a criminal prosecution may in

the member’s view be highly unlikely in practice.


7.5. Reluctance to correct past errors

7.5.1. Innocent or negligent error – direct tax

It is not uncommon for tax practitioners to become aware of errors in or omissions from clients’ tax

returns or any calculations or statements appertaining to any liability (in current or in past years). If the

tax practitioner has no cause to doubt that these came about as a result of innocent mistake or

negligence then he will not have formed a suspicion. However, in some cases, the tax practitioner

may form a suspicion that the original irregularity was criminal in nature and should make a report

unless the privilege reporting exemption applies.

7.5.2. Innocent or negligent error – indirect tax

In the case of indirect tax, see section 7.7 below on handling the original error.

7.5.3. Unwillingness or refusal to disclose to the tax authorities

Where a client indicates that he is unwilling or refuses to disclose the matter to HMRC in order to

avoid paying the tax due, the client appears to have formed criminal intent and hence the reporting

obligation arises unless the privilege reporting exemption applies (see section 7.10 below). A tax

practitioner will need to be careful in applying the privilege exemption when the client has expressed

clear intention to evade taxes. The tax practitioner should also consider whether he can continue to

act and consult his professional body’s guidance on such matters. This paragraph applies equally to

potential clients for whom the tax practitioner has declined to act.

7.5.4. Adjusting subsequent returns

Where the law permits the correction of small errors by subsequent tax adjustments, and the original

error was not attributable to any criminal conduct, and then the adjustment itself will not give rise to

the need to report, since no crime will have been committed. However, it should be noted that the

legislation does apply to any conduct which constitutes the laundering of the proceeds of any criminal

offence however small the amount involved.

7.6. Intention to underpay tax

A client may suggest that he will in the future underpay tax which would be tax evasion and a money

laundering offence when it occurs.

A tax practitioner can and should apply his professional body’s normal ethical guidance to persuade

the client to comply with the law. Should the client’s intention in this regard still remain in doubt, the

tax practitioner should consider carefully whether he can commence or continue to act and if in doubt

should seek specialist legal advice.

A SAR report may well be required in such cases once there are proceeds of crime, depending upon

the facts and circumstances and whether the privilege reporting exemption applies. A tax practitioner

will need to be careful in applying the privilege exemption when the client has expressed clear

intention to evade taxes.


7.7. Tax evasion

7.7.1. General

Where a tax practitioner knows or suspects, or has reasonable grounds for knowing or suspecting,

that a client or other party is engaged in tax evasion in the UK or overseas, this will clearly amount to

one or more of a number of possible criminal offences, such as theft, obtaining pecuniary advantage

by deception, false accounting, cheating the public revenue, the offence of fraudulent evasion of

income tax under s 144 Finance Act 2000 or a range of specific indirect tax offences. Unless the

privilege reporting exemption applies a tax practitioner should report the matter to NCA (or to his

firm’s MLRO where he is not a sole practitioner) immediately.

If the suspected evasion is of taxes outside the UK, in circumstances which would be a criminal

offence if the conduct occurred in the UK, this should also be reported immediately unless known to

be lawful under the criminal law applying in that country. As in other cases, this is unless the privilege

reporting exemption applies. There are other very limited exceptions regarding the reporting of

overseas criminal conduct.

As in other cases, this is unless the privilege reporting exemption applies. There are other very limited

exceptions regarding the reporting of overseas criminal conduct:

The conduct giving rise to the criminal property was reasonably believed to have taken place

outside of the UK, and the conduct was in fact lawful under the criminal law of the place

where it occurred, and the maximum sentence if the conduct had occurred in the UK would

have been less than 12 months (except in the case of an act which would be an offence

under the Gaming Act 1968, the Lotteries and Amusements Act 1976 or under ss23 or 25,

FSMA, which will fall within the exemption even if the relevant sentence would be in excess of

12 months).

It should be noted that the tests relating to overseas conduct (set out in SI 2006 No1070) are

complex and onerous. These are very stringent tests, and as such individuals and businesses

need to be cautious in their application.

A tax practitioner can and should apply the principles set out in his professional body’s normal ethical

guidance to persuade the client to act properly. A tax practitioner will need to consider carefully

whether he can continue to act if the client refuses to make a full disclosure to HMRC.

7.7.2. Civil Investigation of Fraud (CIF) procedures

In circumstances where a potential or current client asks a member to act in the making of a CIF

disclosure to HMRC a suspicion of tax evasion will often, but not always, arise.

A tax practitioner should be aware that notification to HMRC may, in certain circumstances under

S328 PoCA, be a substitute for a report to NCA. However, regard should be given to issues that may

arise concerning consent, privilege and any other unreported related matters. Where it is appropriate

a report must also be made to NCA as soon as the tax practitioner has knowledge or suspicion or

reasonable grounds for knowledge or suspicion that tax has intentionally not been paid, when due.

The tax practitioner (or his firm’s MLRO where he is not a sole practitioner) should consider carefully

whether the privilege reporting exemption applies before submitting a SAR.

There may be occasions where the tax practitioner does not hold sufficient information to make a

detailed disclosure of his client’s tax evasion to HMRC at the same time as he (or his firm’s MLRO

where he is not a sole practitioner) submits a SAR to NCA. However the tax practitioner will be keen

to protect his client’s position by notifying HMRC of the tax evasion before NCA does so that the case


may be regarded as a voluntary disclosure. The practicalities of this situation are covered in a

Question and Answer note agreed with HMRC attached as section 8.

7.7.3. Failure to obtain Treasury consent – s765 ICTA

This section is relevant to members who deal with transactions by companies with international

aspects - those transactions that may require consent relate to the creation or issuing or transferring

of shares or debentures.

Under s766 ICTA 1988 companies, their officers and advisers may be guilty of criminal offences if a

transaction requiring special consent under s765 (1) takes place without such consent. The person

needs to know that the actions were unlawful under s765 (1) in order to be guilty of a criminal offence

(s766 (1)). In practice this is of limited assistance in cases of innocent oversight because s766 (2)

puts the burden of proof as to the person's state of knowledge on to the individual in the case of

directors.

The next question is whether there are proceeds. If a client has undertaken a tax planning transaction

for which Treasury consent was needed and would have been unlikely to have been granted, the tax

not paid as a result of the planning would constitute proceeds from the crime. In other circumstances

there may be no proceeds, but this will need to be considered on the facts. Where there are

proceeds, the tax practitioner should finally consider whether the alleged offender knew or suspected

that the proceeds arose from criminal conduct. The tax practitioner would usually advise the client that

a criminal offence may have occurred, so that the client would then have the requisite knowledge.

When a tax practitioner realises that there has or may have been a breach of s765 ICTA, he (or his

firm’s MLRO where he is not a sole practitioner) will need to consider making a SAR based on the

factors discussed above. He should also bear in mind whether the privilege reporting exemption

applies (see section 12 below and section 7 of the CCAB guidance). The tax practitioner should also

consider what other action is appropriate, for example, advising the client to notify HMRC.

7.8. Indirect tax

7.8.1. Overview

Where indirect tax is concerned, innocent or negligent errors may be criminal offences as strict liability

is imposed by such as S167(3) CEMA which provides:

‘If any person –

a) makes or signs, or causes to be made or signed, or delivers or causes to be delivered to the

Commissioners or any officer, any declaration, notice, certificate or other document

whatsoever; or

b) makes any statement in answer to any question put to him by an officer which he is required

by or under any enactment to answer, being a document or statement produced or made for

any purpose of any assigned matter, which is untrue in any material particular then without

prejudice to subsection (4) below he shall be liable on summary conviction to a penalty of level

4 on the standard scale’.

"Assigned matter" is defined in section 1 of CEMA as meaning "any matter in relation to which the

Commissioners are for the time being required in pursuance of any enactment to perform any duties".

This broadly makes most errors, however innocent, criminal offences in VAT and all other indirect

taxes. The fact that VAT matters are in practice handled under the civil penalties regime in most

circumstances is irrelevant to the fact that there is an offence under s167(3) CEMA.


However an innocent or negligent error will not fall to be classed as money laundering where the

person making the error was not aware/did not suspect that they had committed a criminal offence.

Property is only criminal property for the purposes of POCA if it not only constitutes or represents

benefit from criminal conduct, but the ‘alleged offender knows or suspects that it constitutes or

represents such a benefit’ (s340(3)POCA). A client who has knowledge of s167 CEMA will ‘know or

suspect’ that they are in receipt of funds once they become aware of the error or mistake so the

normal SAR regime applies. There is no presumption that the client is aware of the strict liability

offence in s167(3) and a practitioner does not have to investigate the client's knowledge, but should

make a judgement based on his knowledge of the client. If a practitioner believes a report is

necessary but that the client made an error or innocent mistake they should consider making

reference to this opinion in any SAR they make.

Where the practitioner suspects that the irregularity may have amounted to tax evasion or tax fraud,

the need to make a SAR should be considered on the usual basis and in the same way as for direct

tax. There are large numbers of specific criminal offences in the indirect taxes legislation, however in

essence they all amount to variations on tax evasion and involve some intent to avoid paying the

correct amount of tax.

Unwillingness or refusal to correct indirect tax errors should be treated as set out in 7.4.3 above.

7.8.2. Other offences applicable across indirect tax

There is a range of crimes in the Customs and Excise legislation, covering such areas as:

the bribing of a Commissioner, officer or appointed or authorised person;

the obstructing of an officer performing any duty, or similar conduct;

production, signing etc. of untrue documents and statements;

the counterfeiting or falsifying of documents;

obstructing, or failing to assist in, the inspection of a computer;

the breaching of conditions applied in respect of relief from VAT conferred on specified

classes of persons, such as members of visiting forces; and

the failure to furnish a supplementary declaration under the Intrastat procedure.

In addition there is the common law offence of Cheating the Public Revenue.

There are a number of other offences relating to particular indirect taxes and excise duties, such as

stamp duty and stamp duty land tax, alcohol, tobacco products and mineral oil duties, betting and

gaming duty, aggregates levy etc. The legislation in respect of these duties, taxes and levies provides

the offences specific to them.

As VAT is the indirect tax most commonly advised upon by tax practitioner’s further details about

specific offences applicable to VAT is given in 7.8 below.

7.9. Other offences applicable in VAT

7.9.1. Fraudulent evasion of VAT (s 72(1) VATA)

A person who is knowingly concerned in, or is taking steps with a view to, the fraudulent evasion of

VAT by him or any other person is liable under this offence. A person's conduct may amount to

fraudulent evasion under this provision if he understates payments due to the Commissioners for a

prescribed accounting period. In certain circumstances the over claiming of VAT may also result in

fraudulent evasion. If proceeds arose from such conduct, this would also constitute money laundering.


7.9.2. Production, furnishing or sending of false documents and statements (s72 (3) VATA)

This involves the production, furnishing or sending of a false document with the intent to deceive. In

addition, it includes knowingly or recklessly making a false statement. If proceeds arose from such

conduct, this would also constitute money laundering.

7.9.3. Conduct which must have involved an offence (s72 (8) VATA)

Where a person's conduct during any specified period must have involved the commission by him of

one or more of the offences listed above, then, regardless of whether the specifics of the offence(s)

are known, he is guilty of an offence. The purpose of this provision is to cover cases where it can be

proved that an offence has been committed during a period spanning a number of prescribed

accounting periods, but it is not clear to what extent it was committed in any particular prescribed

accounting period within the total period concerned. It is only one offence, even if it covers more than

one period. If proceeds arose from such conduct, this would also constitute money laundering.

7.9.4. The possession and dealing in goods on which VAT has been evaded (s72 (10) VATA)

A person commits an offence, and is liable to penalties, if, having reason to believe that tax has been

or will be evaded on them, he acquires possession of any goods; deals with any goods; or accepts

the supply of any services. If proceeds arose from such conduct, this would also constitute money

laundering.

7.9.5. Supplying of goods or service without providing security (s72 (11) VATA)

A person who is required, under VAT Act 1994 Schedule 11 para 4(2), to give security for the further

payment of VAT as a prerequisite for making taxable supplies and who makes those supplies without

the provision of security, has committed an offence. If proceeds arose from such conduct, this would

also constitute money laundering.

7.10. The privilege reporting exemption

A tax practitioner should be aware that the privilege reporting exemption does not apply to

‘information or other matter which is communicated or given with the intention of furthering a criminal

purpose’.

A tax practitioner should read this section in conjunction with paragraphs 7.26 – 7.46 of the CCAB

guidance which covers the privilege reporting exemption in detail.

In summary a tax practitioner who is a professional legal adviser or a ‘relevant professional adviser’

who suspects or has reasonable grounds for knowing or suspecting that another person is engaged in

money laundering is exempted from making a money laundering report where the knowledge or

suspicion comes to him in ‘privileged circumstances’.

Relevant professional adviser is defined in s 330(14) POCA as:

‘an accountant, auditor or tax adviser who is a member of a professional body which is

established for accountants, auditors or tax advisers (as the case may be): and which makes

provision for:

a) testing of competence of those seeking admission to membership of such a body as a

condition for such admission

b) imposing and maintaining professional and ethical standards for its members as well as

imposing sanctions for non-compliance with those standards.’


The legislation does not list the professional bodies which meet the criteria but the CCAB bodies, the

Chartered Institute of Taxation and the Association of Taxation Technicians meet the criteria and

hence their members may be considered to be ‘relevant professional advisers’. You should seek

expert legal advice is you are considering relying on this exemption.

A privileged circumstance is defined at s330 (10) POCA as:

‘Information or other matter comes to a professional legal adviser or other relevant professional

adviser in privileged circumstances if it is communicated or given to him:

a) by (or by a representative of) a client of his in connection with the giving by the adviser of

legal advice to the client

b) by (or by a representative of) a person seeking legal advice from the adviser

c) by a person in connection with legal proceedings or contemplated legal proceedings.

Examples of when the privilege reporting exemption might apply and is unlikely to apply are provided

below.

7.11. Examples of when the privilege reporting exemption might apply

For the privilege reporting exemption to apply the information must come to a legal professional

adviser or a relevant professional adviser in privileged circumstances. Whether the privilege reporting

exemption applies will depend on the specific facts of the case. These examples are intended as

general guidance only and are not a substitute for seeking legal advice in cases of doubt.

Examples include:

advice on taxation matters, where the tax adviser is giving advice on the interpretation or

application of any element of tax law and in the process is assisting a client to understand his

tax position

advice on the legal aspects of a take-over bid, for example on points under the Companies

Act legislation

advice on duties of directors under the Companies Act

advice to directors on legal issues relating to the Insolvency Act 1986, e.g., on the legal

aspects of wrongful trading

advice on employment law

advice on how to order or structure a client’s tax affairs in a tax efficient manner

advice on disclosure obligations to the tax authorities, including advice given in the context of

compliance work on reporting requirements and situations where previously there may have

been failure to disclose

Suspicions derived from pre-existing documents may be covered by the reporting exemption

where those documents come to the tax practitioner in privileged circumstances. For

example, if a client asked for tax advice on settling past tax under declarations and provided

copies of bank statements or invoices or past tax returns in order that the tax adviser could

advise, that information could be regarded as having come to the adviser in privileged

circumstances.

7.11.1. Examples where relevant professional advisers might fall within privileged

circumstances as regards litigation privilege include:

assisting a client by taking witness statements from him or from third parties in respect of

litigation

representing a client, as permitted, at a tax tribunal

when instructed as an expert witness by a solicitor on behalf of a client in respect of litigation.


7.12. Examples of when the privilege reporting exemption is unlikely to apply

It should be noted that conducting audit work does not of itself give rise to privileged circumstances

for this purpose, as the relevant professional adviser is neither providing legal advice, nor is he

instructed in respect of litigation. Nor do routine book-keeping, accounts preparation or tax

compliance assignments, though privileged circumstances may arise if the client requests or the

adviser gives legal advice on an informal basis during the course of such an assignment.

Examples include:

Information uncovered during tax compliance work, for example spotting that personal

expenditure had been claimed as a business expense in a previous year

Information uncovered during a tax due diligence assignment or other agreed upon

procedures exercise which is for the purposes of producing an evaluation report or an

assurance based opinion (other than an audit) to the client or a third party

Information provided by or communications received direct from any third party particularly if

no advice has been sought in respect of the underlying detailed content by the client. For

example, receipt of information or communications when acting as the client’s tax agent

Information received about the client’s or a third party’s affair which is outside the scope of the

tax services in respect of which the adviser has been engaged.


8. Money Laundering and disclosures to HMRC

8.1. A questions and answers guidance note

This note is an updated version of a note originally agreed between HMRC, the Association of

Taxation Technicians and the Chartered Institute of Taxation to provide guidance about the practical

effect of the money laundering legislation on disclosures of tax evasion by tax practitioners.

8.1.1. Will the money laundering requirements make any difference to HMRC’s willingness to

use Code of Practice 9 or in local offices their willingness to come to a settlement

without prosecution?

HMRC have confirmed that the money laundering requirements will not affect enquiries under

Code of Practice 9 or local office procedures.

8.1.2. Which government departments should I as a tax practitioner inform when I am

approached by an individual who tells me that he wants to make a full disclosure of

undeclared taxable income and/or gains?

Traditionally, you as a tax practitioner, having taken instructions and collected all necessary

information from your client, will have informed the relevant office within HMRC, depending on

the circumstances.

But if you have reasonable grounds for knowing or suspecting that your client has intentionally

evaded tax then the money laundering laws will also apply. You or your Money Laundering

Reporting Officer (MLRO) if you have one will be obliged also to make a report to the NCA in

the specified form unless the privilege reporting exemption applies. Where you have a MLRO,

you must notify him or her and they will in turn consider whether a report should be made to

the NCA.

8.1.3. Should I make a report to the NCA when I receive a CoP 9 enquiry letter from HMRC?

It is your knowledge or suspicion that counts rather than HMRC’s suspicion. You should make

up your own mind whether such a letter gives you grounds for making a report applying the

criteria in Section 330 POCA 2002, i.e. do you know or suspect, or have reasonable grounds

for knowing or suspecting, that the client is engaged in money laundering.

8.1.4. When should I make a report to the NCA?

The money laundering legislation says that the NCA must be told ‘as soon as is practicable

after the information or other matter’ that gave rise to the knowledge or suspicion was

received.

8.1.5. It is possible that the potential client may not instruct me at all. Will HMRC monitor me

as the tax practitioner named in the NCA report to see if a disclosure emerges, and if so

for how long?

HMRC recognize that the potential client may go elsewhere (or nowhere) for advice. They

have said they have no intention of monitoring reputable practitioners after THE NCA reports

have been submitted.


8.1.6. Once I have told THE NCA, what happens next assuming no other agency is involved?

The NCA will pass reports to a special intelligence unit within HMRC in the first instance. The

unit will consider whether it is suitable for investigation towards criminal prosecution. If it is

not, the case will either be considered for enquiry under a Civil Code of Practice or be referred

to HMRC’s Centre for Research and Intelligence in Llanishen, Cardiff. Where it is considered

appropriate to pass intelligence on to relevant staff in taxpayer-facing offices neither the fact

that the intelligence has come from THE NCA, nor the identity of the original source of the

intelligence, is disclosed.

8.1.7. Does the need to report to the NCA before I am ready to tell HMRC affect the timing of

my providing information to HMRC about my client’s undeclared income and or gains?

Although I have made a report to the NCA when approached by a potential client with a

tax disclosure to make, I may not immediately be able to approach HMRC because I will

have to be formally instructed and the approach to HMRC approved by the client.

Collecting and collating the information will inevitably take time especially where

several individuals or entities are involved. How long will HMRC regard as a reasonable

period before the approach is made while leaving the option of using CoP 9 open?

HMRC have confirmed that a delay would not jeopardise the CoP 9 approach where it would

otherwise be available provided that the taxpayer is taking active steps to regularise their

affairs. Doing nothing involves the risk that a CoP 9 enquiry may not be available and that

prosecution may follow; or at least that penalty abatements are at risk.

One option, having obtained the client’s permission, is to put down a marker by writing to

HMRC, saying you have been instructed by a named client to act for them in coming to a

settlement about undeclared income or gains. You would also provide a date by which you

expect to be able to let HMRC have these details.

8.1.8. To which HMRC office should I send the marker letter?

Under these circumstances all letters should be sent to: Centre for Research and Intelligence,

Ty Glas Road, Llanishen, Cardiff, CF4 5YF.

8.1.9. How long a time period for providing the information would HMRC consider reasonable

in my ‘marker’ notification?

It will depend on the circumstances of each case but HMRC have indicated that they will take

a reasonable approach.

Your estimated timetable will obviously depend on your assessment of the likely complexity of

your client’s affairs.

8.1.10. What happens if I miss my self-imposed deadline set out in my marker letter?

HMRC appreciate that the information may be difficult to obtain. You should obviously inform

HMRC if you wish to extend your self-imposed deadline. You will need to update HMRC from

time to time to reassure them that the client is taking active steps to help you move matters

forward.


8.1.11. What is the position where HMRC already had concerns about a taxpayer and the

money laundering notification is the trigger for the raid or the launch of an

investigation? HMRC may not be prepared to wait, possibly due to concerns that

documents might be destroyed. Would a CoP 9 enquiry still be a possibility for my client

if the normal conditions are met (for example if the raid does not indicate that my client

is unsuitable for a CoP 9 enquiry)?

HMRC have informed us that receipt of a report from the NCA or your ‘marker’ notification will

not necessarily make them deviate from their proposed course of action. HMRC will look at

the NCA report in context of all other information available to them regarding a case when

prioritizing the cases for investigation.

8.1.12. Will HMRC wait for a reasonable period of time before launching an enquiry on receipt

of a report from THE NCA?

In the majority of cases, given the time it would take for the NCA to pass information to HMRC

and for HMRC to consider what action to take, the time lag between the report to the NCA

and the making of a voluntary disclosure to HMRC may not be an issue in practice. You

should monitor the receipt of acknowledgements to track progress. If you are concerned you

could consider the use of a marker letter as discussed above.


9. NCA guidance

9.1. Introduction

This part of the toolkit deals with the requirements of NCA. All the information contained here is either

from the NCA website or its published documents. The NCA website SARs introduction page contains

clear and precise instructions for the filing of SARs.

The explanatory notes and frequently asked questions sections give a good basic insight to the

Governments expectations of the POCA and the MLR 2007.

NCA prefers reports to be submitted on line, but do also accept them in hard copy format. For those

who may not have good access to the internet, or prefer paper or indeed may want to practice first.

These can be downloaded from the NCA website.

9.2. What is a SAR?

A SAR is a Suspicious Activity Report, a piece of information which alerts law enforcement that

certain client/customer activity is in some way suspicious and might indicate money laundering or

terrorist financing.

9.3. Reason for suspicion

Submitting a SAR provides law enforcement with valuable information on potential criminality. It also

protects you, your organisation and UK financial institutions from the risk of laundering the proceeds

of crime.

By submitting a SAR to the NCA, you will be complying with any potential obligations you have under

the Proceeds of Crime Act 2002 (POCA).

9.4. When do I submit a SAR?

As soon as you ‘know’ or ‘suspect’ that a person is engaged in money laundering or dealing in

criminal property, you must submit a SAR.

You may commit an offence if:

you have ‘knowledge’ or ‘suspicion’ of money laundering activity or criminal property

do something to assist another in dealing with it

and fail to make a SAR.

Submitting a SAR provides a defence against committing a money laundering offence.

9.5. Is the information contained in the SAR I submit held securely?

All users of SARs adhere to specific guidelines to protect the confidentiality of SARs. Once a SAR is

received by the NCA, it is held on a secure database. This database has strictly limited access to

appropriate law enforcement and government agency staff.

The information is always held in the strictest confidence.


If, in the unlikely event you are made aware that any confidentiality may have been breached, you

should contact the NCA immediately. This should be done on Freephone 0800 234 6657.

9.6. May I inform a client/customer that I have made a report?

You must not say anything to your client/customer which leads to an investigation being prejudiced.

Once you have submitted your SAR you should remember your obligations not to make any

disclosures which might constitute an offence of tipping off. This comes under section 333A of POCA

or section 21D of TACT 2000. The NCA does not provide or approve standard wording for you to use

in such circumstances. It is therefore recommended that you give careful consideration to how you

will handle your relationship with the subject once you have submitted the SAR. This is particularly if

the subject is a client or customer of your business. You may wish to discuss with your supervisor or

professional body if you are unsure.

9.7. What is consent in relation to SARs?

Persons and businesses generally, and not just those in the regulated sectors, may avail themselves

of a defence against money laundering charges. This can be done by seeking, via a SAR, the consent

of the NCA UK Financial Intelligence Unit (UKFIU). This consent is to conduct a transaction or

undertake other activity about which they have concerns. The legislation gives the NCA seven

working says to respond. Where the NCA refuses consent, the transaction or activity must not

proceed for a further 31 calendar days. Or, if earlier, until further notified by the NCA.

9.8. How do I register with SAR Online?

You will require a unique email address in order to register for this service, and you can register by

internet at the above address.

9.9. How to report SARs

9.9.1. Electronic SAR reporting (SAR Online)

SAR Online is designed to allow SARs to be constructed and submitted in a secure manner.

SAR Online is available via a link in the top right hand corner of the NCA website or at

www.ukciu.gov.uk/saronline.aspx

To register, new users require an active email account, which becomes the user’s SAR

Online user identification.

No two users can use the same email address.

It is recommended that the registering user be an official responsible for

Anti Money Laundering (AML) compliance within the organisation (this could be the Money

Laundering Reporting Officer [MLRO], Nominated Officer or similar).

Ensure that you register yourself correctly i.e. aligned to the correct sector and

regulator/supervisor.

http://www.ukciu.gov.uk/saronline.aspx


9.9.2. Advantages of SAR Online

Free and secure system.

Negates the need for paper-based reporting.

Once a report is submitted, an acknowledgement with a unique reference is sent via email.

Reports can be made 24/7, provided the reporter has an email account and internet access.

Help text is available on every page.

Pop-up tips are available on some pages.

SARs can be marked as private to an individual user.

Shared viewing/editing is available where appropriate.

A Frequently Asked Questions (FAQ) document is available.

A link providing background information on financial reporting is available via the SAR Online

home page.

9.9.3. Manual SAR reporting

If you are not reporting electronically, you can download the following NCA forms for manual

reporting:

Appendix 1 - Source registration document

Appendix 2 - Disclosure report

Appendix 3 - Subject details Appendix 4 - Additional details

Appendix 5 - Transaction details

Appendix 6 - Reason for disclosure

Appendix 7 - Reason for disclosure continuation

Alternatively you can obtain copies of the forms by contacting NCA SAR Control on 020 7238 8282

selecting option 2. Details of how to complete this form will be enclosed with the forms.

All hardcopy reports should be sent to: NCA, PO Box 8000, London SE11 5EN. Alternatively, you can

fax a copy of the report to 020 7238 8286.

9.10. Basic structure of a SAR

As much information as possible should be completed in the data fields.

SARs should contain all available Customer Due Diligence (CDD) information.

Dates of birth are a vital field for identifying individuals correctly.

In addition to the ‘reason for suspicion’, fully populate all of the other information fields.

Use the word ‘UNKNOWN’ to make it clear if you do not know the information for a particular

SAR field. Do not use * (asterisk), ? (question mark), . (dot) or leave blank – only use

‘UNKNOWN’. Using such characters hinders UKFIU/LEA analysis, as it is unclear whether the

reporter has entered them in error.

Completing fields of information in a SAR not only assists in ensuring that any research or

development of SARs is accurate from the offset, but also ensures that further subject matching is

accurate.

http://www.nationalcrimeagency.gov.uk/publications/41-ukfiu-appendix-1-source-registration-document

http://www.nationalcrimeagency.gov.uk/publications/36-ukfiu-appendix-2-disclosure-report-detail

http://www.nationalcrimeagency.gov.uk/publications/37-ukfiu-appendix-3-subject-details

http://www.nationalcrimeagency.gov.uk/publications/38-ukfiu-appendix-4-additional-details

http://www.nationalcrimeagency.gov.uk/publications/39-ukfiu-appendix-5-transaction-details

http://www.nationalcrimeagency.gov.uk/publications/40-ukfiu-appendix-6-reason-for-disclosure

http://www.nationalcrimeagency.gov.uk/publications/35-ukfiu-appendix-7-reason-for-disclosure-continuation


Missing or inaccurate information:

limits analysis opportunities

has a negative impact on identifying the subjects correctly

reduces the overall effectiveness of the SAR.

9.10.1. Be clear and concise

The explicit rationale behind the reason for suspicion and the context of why the SAR is being

submitted should be clearly communicated in simple English.

Structure your report in a logical format including all relevant information.

Briefly summarise your suspicion.

Provide a chronological sequence of events.

Keep the content clear, concise and simple.

Avoid acronyms and jargon – they may not be understood by the recipient and are open to

misinterpretation.

If describing a service provided or technical aspect of your work, please provide a brief

synopsis in your SAR to aid the reader.

Do not write the SAR in capital letters – this makes it very difficult to read.

If including a large amount of information/text, break it up into more manageable – and

readable – paragraphs.

Very long SARs which are text heavy are difficult to digest.

Use punctuation.

Separate bank account/transaction information and use the standard sort code account and

format as 012345 12345678.

9.10.2. Reason for suspicion

The suspicion element is the rationale behind why a SAR was submitted and therefore should be

explicit.

In the ‘reason for suspicion’ field (limited to 8,000 characters, approximately 1,500 words) try to

answer:

Who is involved?

How are they involved?

What is the criminal/terrorist property?

What is the value of the criminal/terrorist property (estimated as necessary)?

Where is the criminal/terrorist property? (e.g. a casino in London, a property in Hampshire

etc.)

When did the circumstances arise?

When are the circumstances planned to happen?

How did the circumstances arise?

Why you are suspicious or have knowledge.

Suspicion is a very important factor when seeking a request against a money laundering offence; it is

also important from an analytical point of view.

The bulk of analysis focuses upon the free text searching of keywords in this field. Whilst it is

acknowledged that no fields are currently mandatory this field should be completed providing accurate

details.


While the NCA appreciates it is more time-consuming, it is important that details are completed within

the appropriate SAR Online fields and not solely placed within the ‘reason for suspicion’ field. This is

very important as it enables NCA’s systems to link the same entities submitted by a variety of

reporters, especially bank account details.

Step 1 – start with a SAR glossary code (see below at 9.16 ) at the beginning of your text.

Step 2 – initially provide a brief summary to highlight the key element of your suspicions, e.g.:

XXPROPXX I am submitting this SAR as the client is purchasing a property and I have concerns

relating to the origin of the funds coming from overseas relations. The circumstances of my money

laundering suspicions are that …

XXD9XX XXD7XX The customer is linked to adverse media and is believed to be engaged in

disguising, converting, concealing and transferring funds from the proceeds of crime and corruption.

He is an international PEP.1 The circumstances of my money laundering suspicions are that …

Step 3 – consider if there is any other useful information to add.

Step 4 – the ‘reason for suspicion’ should conclude with the intended action e.g. exiting relationship,

monitoring the customer, continuing the relationship etc.

9.11. Completing all SAR information fields

Alongside completing the ‘reason for suspicion’ you should complete as fully as possible all the

information known from your due diligence into the other SAR fields.

The amount of information you have may depend on your relationship with the reported subject.

If you do not know the information please populate the field with ‘UNKNOWN’.

9.11.1. Individuals

Include the following identifying information:

Full name/s

Date of birth

Nationality

Address – including postcode (use the format SW1A 1NT).

If you have the following information include it in context with your suspicion:

Identification document details (including relevant reference or document numbers) e.g.

passport, driving licence, National Insurance number

Car details (registration number)

Telephone numbers (clearly marked home, business, mobile etc.)

Full details of bank accounts or other financial details (including account numbers etc.) Use

the standard format sort code account format as 012345 12345678

Occupation.

Providing details of the main subject’s occupation assists with:

judgments about the origin of funds

whether the subject is using professional knowledge to facilitate money laundering, including

identifying whether there are opportunities to engage with regulators and supervisors.


It is appreciated that you may not always have the full details concerning all of the entities involved,

especially where you are reporting on subjects that are not your usual clients/customers/suppliers.

9.11.2. Businesses, trusts and other entities, incorporated and unincorporated

The amount of information you have may depend on your relationship to the reported subject. Where

details are not known then the relevant field should include the phrase ‘UNKNOWN’.

9.11.3. Incorporated

Include all identifying information such as:

full legal name

designation e.g. Limited, LLP, SA, GmbH, SARL

trading name

registered number

VAT and/or tax reference number

country of incorporation

details of beneficial ownership.

If relevant to your suspicion also provide details of:

the individuals/entities that are the directors (or equivalent)

the individuals who own/control/exercise control over the management of the entity.

9.11.4. Unincorporated


full name

designation e.g. Limited, SA, GmbH

trading name

registered number

VAT and/or tax reference number

country of incorporation.

If relevant to your suspicion also provide details of all partners/principals who own/control/exercise

control over the management of the entity.

9.11.5. Trusts


full name of the trust

address

nature and type of the trust.

If relevant to your suspicion also provide details of all trustees, settlors, protectors and known

beneficiaries.


9.11.6. Addresses

The UKFIU uses postcodes to allocate SARs to the appropriate LEAs. Such allocations offer

opportunities to take action and/or build an intelligence picture. Postcodes and international

addresses are also a crucial element in analysis of trends, in particular in identifying hotspots of

activity.

The postcode and full address of the main subject should always be included where known.

Use the format SW1A 1NT.

Clarify the status of the address i.e. current, previous, residential, business, trading,

registered office etc.

Where the details of a victim are known, in particular a vulnerable person, the postcode and

full address should also be included in the ‘additional address’ field.

In all international address cases, whether it be a suspect, associates or the subject and/or a

victim, always ensure that at least the country field is populated. Provide as much detailed

information as possible.

9.11.7. Financial transactions

When the suspicion being reported relates to a financial transaction:

include the relevant details of the beneficiary/remitter of the funds

include, if known, the destination/originating bank details e.g. sort code, correspondent bank

details (this is very important as it could identify the offender)

accurately record the date on which the transaction has occurred/will occur

clarify the type of transaction e.g.:

- online payment/receipt

- debit or credit card

- ATM withdrawal

- cheque

- electronic transfer (BACS/CHAPS)

- cash

explain why any transactions included are considered to be suspicious

(if relevant to your business) include the subject’s financial details (account numbers) and

details of associates

summarise cash amounts at the end of the report.

If you are suspicious because the activity deviates from the normal activity for that customer/business

sector, briefly explain how the activity differs.

If the beneficiary/remitter of the transaction is believed to be complicit in the suspicious activity then

consider providing their details as an associate subject.

If the activity does not involve a financial transaction please explain the suspicious activity that has

occurred/will occur.

On SAR Online there are fields for documenting specific financial transactions. It is important that you

use these, formatted correctly e.g. using the standard format sort code account format 012345

12345678.


Inconsistent recording and formatting of bank account/sort code numbers often cause search

problems for the UKFIU/LEAs.

9.11.8. Source type field

Source type refers to the sector which the submitting reporter is from. This field helps analysts provide

strategic and tactical assessments which are mutually beneficial to all stakeholders in the SARs

regime.

Reporters classifying themselves as ‘other’ or ‘unknown’ when they actually fit into existing source

types devalue any sector breakdowns. There have also been cases of reporters wrongly classifying

themselves.

Where the regulator is clearly known, the reporter should ensure this is included to allow the SAR to

be attributed to the correct sector.

9.11.9. Subject of a previous SAR

If the reported subject (e.g. client/customer) has been the subject of a previous SAR submitted by

your organisation:

include the previous SAR reference number provided to you by the UKFIU

do not include any internal reference numbers which you may use yourselves

remember that under POCA and TACT, each SAR you submit on the same individual must

contain a suspicion and all the relevant details. This is even if you have included the

reference number for a previously submitted SAR.

The absence of previously submitted SAR reference numbers risks the connection between SARs

being missed.

9.11.10. SAR glossary codes

The use of SAR glossary codes is considered good practice and allows the UKFIU and wider law

enforcement to:

conduct analysis to identify money laundering trends

identify high risk cases for development

take immediate action where necessary.

When submitting a SAR, the relevant glossary code should be included in the ‘reason for suspicion’

text space.

It is acceptable to have a SAR with several codes; if in doubt as to whether a particular code applies,

always work on the basis that it is better to include one than not.

It is possible that a glossary code does not match the set of circumstances faced by the reporter, so in

some cases it is acceptable that no codes are populated into the ‘reason for suspicion’ text space.

A copy of the glossary codes can be found below at 9.16; however, the UKFIU would urge reporters

to regularly check the NCA website to see if they have been updated.


Examples of the kind of text to use when no codes apply might be:

No code applies. The report is submitted for the following reason: As per the customer’s

records, their estimated annual income is approximately GBK 250K and they are receiving

regular benefits therefore the credit of GBP 250K is well outside their expected profile and

affordability. The circumstances of my money laundering suspicions are that…

No code applies. This SAR relates to a regular customer attending our premises and

gambling large values. Our records show they are unemployed so we are concerned about

the source of funds. The circumstances of my money laundering suspicions are that…

9.11.11. Attachments

Do not send attachments with your SAR – all the relevant information should be within the SAR.

If further information is available which you are willing to share with an LEA then reference to this and

who to contact may be recorded in the SAR.

9.11.12. Alerts and keywords

The Alerts process is a recognised and established way by which the NCA communicates with the

UK's private sector. These are written communications that warn of a specific risk/threat/problem. All

Alerts contain a keyword or a glossary code. If you submit a SAR as a result of the information

contained in an Alert please include the keyword within the free text field.

SAR glossary codes are different to NCA Alert codes. SAR glossary codes are always prefixed and

suffixed with ‘XX’, whereas Alert codes use ‘FF’ or ‘AA’. If appropriate, the NCA Alert code should be

used in addition to the relevant SAR glossary code/s in the body of your SAR text.

9.11.13. Court orders and law enforcement enquiries

In some instances, you may be served with/have notice of a court order (such as a production order)

made in respect of a particular individual/entity. This may act as a catalyst for you to review the

activity which you conduct/have conducted in relation to that individual/entity.

If, following such a review, you feel there is an obligation to submit a SAR or request a DAML, then

the SAR/DAML request should reflect your suspicions in the context of your engagement with the

subject.

9.12. Obtaining a defence against money laundering or terrorist financing

The NCA can provide a reporter with a defence against the principal money laundering or terrorist

financing offences, for a specified future activity. The relevant power is contained in s335 of POCA

(seeking ‘appropriate consent’) and s21ZA of TACT (seeking ‘prior consent’).

Should you wish to avail yourself of a defence, you should refer to the UKFIU document ‘Requesting

a defence under POCA and TACT’ on the NCA website; this provides information on the process.

When using SAR Online, ensure you tick the box marked ‘consent’ when completing your

SAR. This applies to requesting a defence under either Act.

Clearly specify the activity for which a defence is required.

The UKFIU’s DAML Team deals with these requests under POCA or TACT. Should you have any

queries email [email protected]


In addition to the required information, requests for a DAML must:

be for a specified activity (or specified series of activities)

should not be open-ended (such as seeking a defence in relation to “handling all business

dealings” concerning the subject or account).

Please note: a defence under s335 or s21ZA:

does not imply NCA approval of the proposed act(s), persons, corporate entities or

circumstances contained within your disclosure

should not be taken as a statement that the property in question does or does not represent

criminal property

does not absolve you of your professional duties of conduct or regulatory requirements

does not provide you with a defence against other criminal offences relating to the proposed

act

does not oblige or mandate you to undertake the proposed act

does not override the private law rights of any person who may be entitled to the property

specified in the disclosure.

The below is an example of the kind of text to use when requesting a defence:

XXS99XX This SAR seeks a defence to a money laundering offence in relation to our

suspicion of money laundering. The circumstances are…

9.12.1. Closure of cases

POCA sets out that the NCA must exercise its functions under the Act in the way which it considers is

best calculated to contribute to the reduction of crime. Where a reporter displays conduct – such as

failing to undertake basic regulatory obligations and this conduct could be condoned or encouraged

by receiving a ‘granted’ DAML response from the NCA, the UKFIU will consider closing the case.

The UKFIU may also refer poor quality SARs to the relevant AML supervisor for their attention and

appropriate action.

Where your case is closed you will need to resubmit any request for it to be considered again.

The UKFIU DAML Team cannot interpret, assume or infer what money laundering offence the

reporter believes they may be committing.

If one or more of the below criteria is missing from a SAR the UKFIU will be unable to assess your

request and the case will be closed:

a) The information or other matter which gives the basis for the reporter’s knowledge or

suspicion

b) A description of the property that the reporter knows, suspects or believes is criminal property

c) A description of the prohibited act that the reporter wants a DAML to carry out

d) The identity of the person(s) the reporter knows or suspects is involved in

e) money laundering

f) The whereabouts of the property that the reporter knows or suspects is criminal property

g) If (d) and/or (e) are missing, any information the reporter has which they believe or it is

reasonable to expect them to believe may assist in identifying (d) and/or (e).

d), (e) and (f) are mandatory if the knowledge or suspicion has come to the reporter in the course of

business in the regulated sector.


Remember:

All requests should explicitly state what activity the reporter is carrying out, and for which the

NCA is being asked to provide the reporter with a defence to the money laundering offence

for that specified future activity.

Best practice is to avoid using terms such as “we wish consent to proceed” or “we wish

consent to act for our clients”.

Be specific about the work you are undertaking for your customer/client which you believe you

will require a defence to money laundering for e.g.:

- “to buy/sell the property at (address) for (value amount)”

- “to disburse the funds between the following people …”

- “to buy/sell the (named company)”

- “to draw up contracts between party X and party Y, transfer the ownership of the (named

company) to party Y, and transfer the (value of funds) to party X which is all part of the

arrangement”

- “to release the funds in account A to person B”.

9.12.2. Threshold variations – POCA only

S339A of POCA makes provision for deposit taking institutions only to process individual transactions

or activity on an account that do not exceed £250, and where there is a suspicion of money

laundering – without the need to request a defence under s335 to a principal money laundering

offence. The £250 is known as a ‘threshold’ amount.

The reporter should still consider making a disclosure in respect of the initial opening of an account.

Or, if different, the time when the deposit-taking body first suspects that the property is criminal

property.

If the proposed activity exceeds £250, permission to vary the ‘threshold’ amount can be requested

from the NCA.

If you are submitting a SAR with a threshold variation request, submit the SAR in the normal way with

the usual information, but additionally specify:

the threshold amount sought

the account it relates to

details of the frequency, nature and value of the activity to which the threshold will relate.

If a threshold is already in place and you wish to seek a further variation to the amounts and/or

accounts to which it refers, then the reasons for the variation will need to be set out in an additional

SAR and submitted to the NCA.

Please note:

A threshold variation request is not the same thing as a request for a defence to a principal money

laundering offence, and there are no statutory timescales for dealing with them. The NCA uses the

DAML Team to progress these responses and they are processed alongside, but do not take priority

over, requests for a defence. In order to facilitate a threshold request, and to ensure it reaches the

right destination in the UKFIU, tick the ‘consent’ box on the SAR, but make sure the report contains

the word threshold in the ‘reason for suspicion’.


9.13. General guidance

9.13.1. Submission of SARs

The UKFIU is aware that some reporters send SARs to law enforcement in parallel or send copies of

SARs in advance of submitting to the UKFIU.

You are required under POCA and TACT to submit to the UKFIU. In order to meet your reporting

obligations you should not submit to another law enforcement body.

SARs are allocated by the UKFIU to law enforcement based on different parameters. Therefore

parallel sending SARs to law enforcement can result in duplication of effort outside the control of the

UKFIU and can, in some instances, potentially undermine confidentiality of the SAR and compromise

law enforcement activities.

If you are engaged with law enforcement in advance of submitting a SAR you should note this in your

report – but avoid naming specific law enforcement officers in the SAR.

9.13.2. Reporting requirements on international standards

The decision to submit a SAR under POCA or TACT is entirely for the reporter to make on a case by

case basis. Given the increased risk associated with some countries and the information available on

listed individuals/entities and their associates, it may be prudent to consider whether you have an

obligation to submit a SAR to the NCA, where possible money laundering or terrorist financing activity

may be taking place.

It is a separate obligation to that of reporting the individual to HM Treasury. A DAML only provides a

reporter with a defence against a prohibited act, i.e. one of the money laundering offences under

POCA or TACT. It does not provide a defence for a breach/circumvention of sanctions.

Remember:

SARs should not be used as a communication channel e.g. as a means of obtaining advice.

SARs are only for reporting suspicious activity to the NCA. If you need general guidance

about money laundering or the SARs regime in particular, contact your designated MLRO or

your regulatory body.

The UKFIU has no mandate to advise reporters on the approach or actions they should take

to mitigate particular risks or to advise that property is/isn’t the proceeds of crime or terrorist

financing.

Where information is known, every effort should be made to complete all relevant fields

accurately.

Ensuring the information you submit is accurate will assist with law enforcement’s processing

of the SARs more efficiently – check spellings of names, make sure you have the correct

postcode, account details etc.

If you do not know details of a specific entity e.g. address, date of birth, etc. please enter the

word ‘UNKNOWN’ rather than leaving the field blank or populating it with characters such as *

(asterisks), ? (question marks), . (dots) or other.

Do not put reporting officers’ details in a SAR.


9.14. Contact details

NCA UK Financial Intelligence Unit

For information or assistance with submitting SARs or SAR Online enquiries, the UKFIU can be

contacted as follows:

Tel: +44 (0)20 7238 8282

Press ‘2’ – general SAR enquiries Press ‘3’ – SAR Online helpdesk

When contacting the UKFIU please have available your SAR reference number. General UKFIU

matters may be emailed to [email protected]

All DAML request queries are only dealt with via email. Should you have any queries email

[email protected]

9.15. Good practice tips

Always

identify as clearly as possible the suspected benefit from criminal conduct (the ‘criminal

property’) including, where possible, the amount of benefit

identify the reason(s) for suspecting that property is criminal property

identify the proposed prohibited act/s you seek to undertake involving the criminal property

identify the other party/parties involved in dealing with the criminal property, including their

dates of birth and addresses where appropriate (such information should be held routinely by

reporters in the regulated sector to comply with the requirements of the MLR)

describe fully the reasons for suspicion in relation to money laundering. As a basic guide,

wherever you can, try to answer the following six basic questions to make the SAR as useful

as possible: Who? What? Where? When? Why? How?

9.15.1. If your SAR relates to the purchase/sale of a property include:

the full address of the property and postcode

the value of the property

the date of activity

how the activity will take place or has taken place

the full identity, where known, of the other party/parties involved in dealing with the property,

including, in particular, if they are providing professional services e.g. solicitor, estate agent,

accountant or company formation agent etc.


9.15.2. If your SAR relates to a vulnerable person:

describe fully the vulnerabilities that you believe suggest the person cannot protect

him/herself against exploitation e.g. do your concerns relate to what appears to be mental,

physical or learning disability, or an illness related condition?

describe if law enforcement or other agencies are aware of the circumstances (if so, include

that organisation’s reference numbers, details of the officer contacted etc.)

9.15.3. If your SAR relates to a professional enabler:

describe the services being provided e.g. “the professional services being provided are…”

(e.g. accountancy insolvency, audit, company formation, property conveyance, legal services

etc.) include:

- the date of activity

- how the activity will take place or has taken place

- full identity, where known, of the other party/parties involved in, including in particular,

the type of professional services being provided e.g. solicitor, estate agent, accountant or

company formation agent etc.

describe if suspicion relating to the services being provided appear to be wittingly or

unwittingly facilitating the money laundering described

describe the indicators suggesting complicit criminal behaviour or negligent behaviour of the

professional(s) involved.


9.16. SAR glossary codes (as of September 2016)

XXS99XX Request for a defence under POCA

Tick ‘Consent’ and submit under TACT

Request for a defence under TACT

XXPRFXX Relates to person(s) providing professional services or specialist knowledge that wittingly or unwittingly facilitates money laundering

XXTBMLXX Trade-based money laundering

XXPROPXX Relates to purchases of real estate property

XXTEOSXX Tax evasion overseas

XXTEUKXX Tax evasion UK-based

XXF1XX Proceeds from benefit fraud

XXF2XX Excise evasion (duty on alcohol, tobacco, fuel etc.)

XXF3XX Corporate tax evasion (tax evasion by businesses, corporations)

XXF4XX Personal tax evasion (tax evasion by individuals e.g. income tax)

XXF5XX VAT fraud e.g. carousel – Missing Trader Intra-Community (MTIC) fraud

XXF9XX Frauds against private sector

XXD9XX Bribery and corruption

XXD7XX International PEPs

XXD8XX Domestic PEPs

XXV2XX Risk to vulnerable adults

XXV3XX Risk to children – including sexual exploitation and abuse

XXFIREXX Firearms

XXOICXX Organised immigration crime

XXDRUXX Illegal supply of drugs

XXPCPXX Counter-proliferation


10. Checklist of legislation and information

This section of the toolkit contains a list of useful resources that have been referenced in previous sections with a link to relevant web pages where they can be

downloaded. Most of these legislations are regularly amended and businesses should ensure that they are referencing the most up to date versions.

Legislation/publication Relevance Website

The Proceeds of Crime Act 2002 (as amended by the Crime and Courts Act 2013 and the Serious Crime Act 2015)

Creates specific money laundering offences

http://www.legislation.gov.uk/ukpga/2002/29/contents

Terrorism Act 2000 Creates specific terrorist property offences

http://www.legislation.gov.uk/ukpga/2000/11/contents/enacted

The Terrorism Act 2000 and Proceeds of Crime Act 2002 (as amended by the Anti-Terrorism, Crime and Security Act 2001, the Terrorism Act 2006 and the Terrorism Act 2000 and Proceeds of Crime Act 2002 (Amendment) Regulations 2007).

Amendments to PoCA 2002 and TA 2000

http://www.legislation.gov.uk/uksi/2007/3398/contents/made

MLR 2007 Requirement for systems and controls to manage money laundering risks

http://www.legislation.gov.uk/uksi/2007/2157/contents/made

Fraud Act 2006 Creates specific fraud offences and definitions


Bribery Act 2010 Creates bribery and corruption offences


HM Treasury statement on Money Laundering Controls in Overseas Jurisdictions

HM Treasury guidance on dealing with money laundering in overseas jurisdictions

http://www.hm- treasury.gov.uk/d/money_ laundering_controls_0710.pdf

OECD Progress Report on Implementing Internationally Agreed Tax Standards

List of countries that have committed to internationally agreed tax standards

http://www.oecd.org/tax/transparency/

Promoting Transparency and exchange of information for tax purpose

Information on international efforts to promote tax transparency

http://www.oecd.org/dataoecd/26/28/44431965.pdf

http://www.legislation.gov.uk/ukpga/2000/11/co

http://www.legislation.gov.uk/uksi/2007/3398/co

http://www.legislation.gov.uk/uksi/2007/2157/co



http://www.oecd.org/dataoecd/26/28/44431965


11. Supervision

11.1. Introduction

A major change introduced by the Regulations is that all relevant persons (sole traders and

firms in the regulated sector) must be supervised in their compliance with the MLR. Therefore,

all relevant persons must have a supervisory authority, which may issue guidance and must

monitor their policies and procedures.

For AAT licensed members supervision for the MLR will form part of the wider practice assurance

reviews. Supplied within this section are various checklists to aid your compliance of the

Regulations required during a review. Whereas there is no set guidance of the style or content

of forms and supporting documentation we have also provided some suggested templates for

your own use.

This section builds into a good starting point on a supervisory review, being able to demonstrate

to your supervisor basic procedures you have in place to enable you to comply.

11.1.1. Policies relating to the election of supervisory authority

The Regulations require you (if you are a sole trader) or firm (if you are in group practice) to be

supervised for compliance with the Regulations by a recognised supervisory authority (SA). SAs

are listed in Schedule 3 of the Regulations, and include:

Association of Accounting Technicians (AAT)

Association of Chartered Certified Accountants (ACCA)

Institute of Chartered Accountants England and Wales (ICAEW)

Institute of Chartered Accountants in Ireland (ICAI)

Institute of Chartered Accountants of Scotland (ICAS)

Association of International Accountants (AIA)

Association of Taxation Technicians (ATT)

Chartered Institute of Management Accountants (CIMA)

Chartered Institute of Public Finance and Accountancy (CIPFA)

Chartered Institute of Taxation (CIOT)

Insolvency Practitioners Association (IPA)

Institute of Certified Bookkeepers (ICB)

Institute of Financial Accountants (IFA)

International Association of Bookkeepers (IAB)

Supervisory authorities must effectively monitor their members and take necessary measures

for the purpose of securing their compliance with the Regulations. Where a relevant person is a

member of more than one supervisory body, the bodies may decide between them which will

supervise that person, or otherwise cooperate in their performance of their functions under the

Regulations.

If, in the course of carrying out any of its functions under the Regulations, a supervisory

authority knows or suspects that a person is or has engaged in money laundering or terrorist

financing, it must promptly inform the NCA.


The Regulations provide that anyone in practice will be guilty of a criminal offence if they are

not registered for supervision with a relevant body.

The regulations provide that a SA is automatically the SA for its members. This means that sole

traders and firms with concurrent memberships of such bodies have more than one SA.

However, the regulations also provide that SAs may agree that one of them will act as sole

supervisor in such circumstances.

In AAT’s view, a particular body can be an appropriate sole SA for an AAT member only if it is

identified with the entire scope of the member’s practice. For example, while AAT would be an

appropriate SA for a bookkeeper, it would be inappropriate for a bookkeeping body to act as sole

SA for an AAT member whose services exceed bookkeeping. Likewise, it would be

inappropriate for AAT to supervise a practice involving audit, insolvency or designated

professional body work.

11.1.2. Supervisory review

The purpose of any supervisory review or other contact is to make sure that you are complying

with Anti Money Laundering legislation and taking advantage of the simplified procedures

provided within the Regulations. AAT combines this with practice assurance reviews. Please

refer to AAT licensing for more information.

11.2. AAT frequently asked questions about review visits

11.2.1. How are practice assurance reviews conducted?

Reviews may be conducted on the telephone or in person.

11.2.2. Who can receive a practice assurance review?

All licensed members may receive a practice assurance review.

11.2.3. Why have I been selected for a practice assurance review?

We undertake our review activities to understand and support our members’

compliance with the Code of Professional Ethics and AAT’s Regulations and policies.

We select the majority of members for a review using our risk model to identify firms

and members we consider may benefit from the review process. A number of members

are selected randomly for a practice assurance review; it does not mean that we think

something is wrong with your firm.

AAT recognises that a practice assurance review may lead to some interference with

the daily running of your business. In undertaking our review activities, we take care to

ensure that we keep any disruptions to your daily business to a minimum and we

comply with the Regulators Compliance Code 2007 as it affects our statutory

supervision function (Money Laundering supervision). We will ensure that our actions

are proportionate to the effective discharge of our regulatory duties and transparent.

If you have any questions about the selection process or any aspect of the review

process, please do not hesitate to contact us at [email protected]

https://www.aat.org.uk/about-aat/professional-standards/aat-licensing


11.2.4. What is the purpose of the practice assurance review?

The main purposes of a practice assurance review are:

to ensure that you are compliant with legal obligations and with AAT’s regulations

and policies

to help and support you to develop your practice

to share best practice recommendations with you

to assess your practice against the standards we expect in the licensed areas

to review your Anti Money Laundering procedures.

11.2.5. Who will review my firm?

The practice assurance review will be carried out by an appropriately qualified and

experienced representative of AAT on terms approved by Council, who may be

accompanied by a member of the secretariat or Licensing Panel or another

representative. You will receive notice of the representative’s details and any

accompanying party in advance of the visit.

11.2.6. What happens after the practice assurance review?

At the end of the review there will be an opportunity for you to discuss with our

representative any issues arising from the review visit or telephone review.

After the review our representative will produce a report for us to consider. A copy will

be sent to you. The report will summarise the action he or she took during the review or

telephone review, including any documents reviewed and issues discussed with you.

The report will contain our representative’s observations and comments.

When we have considered the report and received your comments, we will write to you

and if appropriate put in place an action plan setting out any remedial actions that is

required. Where an action plan has been prepared for your practice, you will be

required to demonstrate satisfactory remedial work you have undertaken to comply with

such action plan. You should note that failure to satisfactorily comply with the terms of

an action plan without reasonable justification may result in disciplinary action been

taken against you.

We will also identify areas of good practice within your firm and any best practice

recommendations from our representatives.


11.2.7. Will there be a follow-up review?

In some cases, a follow up review may become necessary where a member does not

satisfactorily demonstrate compliance with an action plan. This may be in the form of a

desk based review, telephone review or visit. AAT will only arrange a follow-up review

visit where serious cases of non-compliance have been identified during the initial

review. In such cases, the member being reviewed may be asked to pay the costs (the

AAT representative’s fees only and not travelling expenses) of a follow-up visit. In such

cases, the same procedures as for the initial visit will apply.

11.3. Overview of the supervisory visit

The length of a visit will depend on the size and complexity of your business and the type of

client/customer you provide services for. The visit may also be influenced by your firms’ record of

compliance with Anti MLR.

11.3.1. Approach of supervisors

The purpose of the Regulations is to ensure businesses employ a range of measures and

controls to reduce the risks that, the business, or its clients, could be used by money launderers

or terrorists.

The ultimate purpose of the controls is to deter and detect money laundering activity and report

any suspicions to NCA. The role of the business is effectively to police their customers and

clients. The supervisors’ role is to ensure that the controls businesses have in place meet the

requirements of the Regulations.

11.4. Specific failings and breaches of the MLR

The following are specific breaches or failings which may occur if you do not implement any or

adequate policies and procedures. The following list is taken from the HMRC Guidance:

Regulation 7 - failure to apply appropriate and risk-sensitive customer due diligence

measures

Regulation 8 - failure to apply appropriate and risk-sensitive ongoing monitoring of a

business relationship

Regulation 9 - failure to comply with the requirements on timing of verification of identity

of clients and any beneficial owner

Regulation 11 - continuing with transaction/business relationship where unable to apply

customer due diligence measures

Regulation 14 - failure to apply enhanced customer due diligence and ongoing

monitoring where required

Regulation 18 - failing to follow a direction made by HM Treasury under this regulation

(directions where FATF applies counter-measures)

Regulation 19 - failure to keep the required records


Regulation 20 - failure to establish, maintain, monitor and manage the required risk

based policies and procedures

Regulation 21 - failure to take appropriate measures to provide the required training

Regulations 26, 27(4), 33 - failure to comply with registration requirements specified by

the Commissioners

These breaches will then fall into five more simplified groups of related breaches:

11.4.1. Fundamental requirements

These are fundamental requirements for having effective Anti Money Laundering controls in

place. Where there has been a failure of these Regulations it is also highly likely that there will

also have been a failure to apply customer due diligence to a minimum standard.

Regulation 20 - failure to establish, maintain, monitor and manage the required policies

and procedures to identify the risk of money laundering and terrorist financing and

apply appropriate controls to mitigate the risk and identify suspicious activity.

Regulation 19 - failure to keep the required records.

11.4.2. Fundamental customer due diligence measures

Regulation 7 - failure to apply appropriate and risk-sensitive customer due diligence

measures and being able to demonstrate this to us.

Regulation 8 - failure to conduct appropriate and risk-sensitive ongoing monitoring of a

business relationship.

Regulation 14 - failure to apply enhanced customer due diligence and conduct ongoing

monitoring where required.

11.4.3. Other customer due diligence measures

Regulation 9 - failure to comply with the requirements on timing of verification of identity

of clients and any beneficial owner(s).

Regulation 11 - continuing with transaction/business relationship where unable to apply

customer due diligence measures.

11.4.4. Registration breaches

Breaches of Regulation 26, 27(4) and 33. An AAT licensed member may fall foul of

these requirements by, for example, notifying changes of circumstances to a licensing

renewal application.

11.4.5. Other breaches

Regulation 21 - failure to take appropriate measures to provide the required training.

Regulation 18 - failing to follow a direction made by H M Treasury under this regulation

(directions where FATF applies counter-measures). If FATF have decided to apply

counter-measures to a specific individual they will be included on the H M Treasury

Sanctions List. A breach of this regulation could be highly indicative of involvement in

money laundering.


11.5. MLRO checklist for a compliance visit and sample forms

Have you carried out a review of business as regards the regulations?

Yes No

Have you got an up to date written policy on money laundering issues?

Yes No

Are all staff aware of this policy?

Yes No

Is this policy easily accessible by staff?

Yes No

Are all staff aware of their individual responsibilities under the MLR?

Yes No

Have staff received money laundering training recently?

Yes No

Will staff receive regular training?

Yes No

Are staff aware of what poses a higher risk to your business?

Yes No

Is a risk assessment carried out on all works at regular intervals?

Yes No

Do you have procedures for enhanced customer due diligence?

Yes No

Do you have procedures for identifying PEP?

Yes No

Do you have procedures for verifying non face to face clients?

Yes No

Do you have procedures for verifying all beneficial owners?

Yes No

Do you have procedures for performing risk assessment and where necessary verification and enhanced verification on clients pre 1 March 2004?

Yes No

Do you have account opening procedures set up?

Yes No

Are staff aware and trained in these procedures?

Yes No

Do you retain copies of evidence of verification?

Yes No

Is your letter of engagement adequate?

Yes No

Are staff sufficiently trained in identifying suspicious activities?

Yes No

Are staff suitably aware of the offence of tipping off?

Yes No

Are staff suitably aware of the internal procedures for reporting suspicious transactions?

Yes No

Are NCA reports filed for all suspicious transactions?

Yes No

Are systems in place to allow you to respond to production orders and deal with law enforcement?

Yes No


11.6. AML - Client account opening form (individuals)

Account reference:

Identity

Full name DOB

Address Place of birth

NI number

Telephone

Postcode

Verification (documents or data - attach copies)

Document type Number




Electronic search reference:

Verification information (for example, record of home visit)

Review/ update information

Acceptance procedures

Permanent file completed Y/N

Risk assessment performed Y/N

Enhanced due diligence required Y/N

Extra verification/certification obtained Y/N

Verification complete Y/N

Professional clearance letter sent Y/N Reply received Y/N

Letter of engagement sent Y/N Signed copy received Y/N

MLRO authorisation to proceed Y/N

Signed by the MLRO: Date:


11.7. AML - Client account opening form (companies)

Account reference:

Identity

Name Company number

Registered

office address

Place of registration

Date of incorporation

Telephone

Postcode

Verification (attach copies)

Company registry search Y/N

Credit search Y/N

Copy of Certificate of Incorporation Y/N

Copy of Articles of Association Y/N

Latest Annual Return and Statement of Capital Y/N

Other information

Review/ update information

Acceptance procedures

Permanent file completed Y/N

Risk assessment performed Y/N

Officers verification complete Y/N

Beneficial owners verification complete Y/N

Professional clearance letter sent Y/N Reply received Y/N

Letter of engagement sent Y/N Signed copy received Y/N

MLRO authorisation to proceed Y/N

Signed by the MLRO: Date:


11.8. Completion Checklist – Highlight areas of risk

Prepared by: Date:

Client:

This checklist should be tailored for individual firm and client requirements

Reference Comments

Individual (including shareholders)

Confirm identity of individual (including shareholders) e.g. copy of passport, driving licence

Verify address e.g. copy of utility bill

Revised letter of engagement issued incorporating MLR 2003

Discussion with client in respect of nature of business

Credit reference check

Source of reference

Any outstanding tax matters/ payments

Company, Partnership, sole trader (the business)

Identify who has ultimate control

Source of reference

Company search carried out

Copy of latest report and accounts

A copy of the certificate of incorporation/Partnership agreement

Credit reference check


Any outstanding tax matters or payments

Trusts/Pension Schemes

Identify all major parties including principal employer

Source of reference

Scheme’s Trust documents have been reviewed



Charity

Confirm charities registered number with Charity Commission

Source of reference

Trust deed/registration details


Revised letter of engagement issued with MLR 2003

I am of the opinion that sufficient information has been obtained to confirm the client’s identification.

Partner: Date:

MLRO: Date:

The above is for guidance only and should not be used as a complete list.


11.9. Completion Checklist – Highlight areas of risk

Prepared by:

Date:

Client:

Risk Reference Comments

Does the client want to use the firm’s client account as a bank account?

Is it a cash based business?

Is there a lack of independent audit evidence?

Is there a lack of evidence of trade?

Is it an overseas client?

Is there a complex group structure?

Has there been a change in business activity?

Is there intra-group trading?

Has there been dramatic increases in turnover?

Does the client have high turnovers/volume from small business locations?

Were there any transactions in the year without an immediate or obvious purpose?

Does the client require a client account denominated in a foreign currency?

Does the client have a history of persistent and unlikely ‘errors’ in tax returns?

The above should be used for guidance only and is not a complete list.

The member responsible for the client should review this form once complete.


11.10. Client due diligence – risk assessment

Client reference

Date of assessment

Overview of services to be undertaken

Risk opportunity

Characteristics

Initial risk

Management policy

Resultant risk

Risk assessment review Date of update


11.11. Staff training record

Staff member Name of training Name of training Name of training Name of training

Name of staff member Date training took place Date training took place Date training took place Date training took place

Example

Staff member New starter training Internal policy updates AML webinar External policy updates

John Smith 15 December 2015 8 January 2016 17 March 2016 24 June 2016


11.12. Summary of SARs

MLR STRICTLY CONFIDENTIAL

Reference

number

Staff member Date of

internal

report

Report to NCA and

summary of reasons

Date of

NCA report

Date of

permission to

proceed received

Seven

days

expiry

Moratorium

period expiry

date


The Association of Accounting Technicians 140 Aldersgate Street London EC1A 4HY t: +44 (0)20 7397 3000 f: +44 (0)20 7397 3009 e: [email protected] aat.org.uk

Anti Money Laundering toolkit - AAT Anti Money Laundering controls in your business ... foundations...

Documents

Transcript of Anti Money Laundering toolkit - AAT Anti Money Laundering controls in your business ... foundations...