Money Laundering Regulations exist to stop criminals turning the proceeds of crime into money that looks legitimate. If your business falls under the Regulations, you need controls in place โ and you need to be able to prove it.
What is Money Laundering?
Money laundering is a term used to describe an act of concealing money obtained using illegal methods โ theft, extortion, drugs trafficking and so on โ and converting it into money that appears to have originated from a legitimate source. In doing this, there will be no links or traces to any criminal or illegal activity.
Criminals need to find ways of reducing the traceability of what can be described as 'dirty' money. The UK's financial system is a prime target for this. Banks and financial institutions are used by criminals to try to 'lose' the paper trail. As most transactions are completed in cash, criminals have to find ways of turning 'dirty' money into 'clean' money.
Anti-Money Laundering Controls
Anti-money laundering controls are policies and procedures that you must put in place within your business to prevent activities related to money laundering and terrorist financing.
They include assessing the risk of your business being used by criminals to launder money; verifying customers' identity; monitoring customers' transactions and reporting suspicious activity to the National Crime Agency (NCA); keeping the right records; and ensuring you have appropriate internal management controls.
You will need to ensure your staff are aware of the Regulations and trained to carry out the necessary anti-money laundering controls.
AML Regulations
HM Revenue and Customs have their own dedicated section of their website concentrating on Anti Money Laundering Regulations and advice. The information here is a summary of some of that advice and guidance, but we'd recommend going direct to HMRC's Anti Money Laundering Regulations pages to make sure you have up-to-date information.
Back in December 2007, the Money Laundering Regulations 2007 came into force, put in place to help protect financial institutions, banks and others from criminal activity. Many different types of business fall under the Regulations, including accountants, estate agents, company formation agents, company service providers like mail forwarding companies, and anyone operating within the financial sector. If your business falls into one of these categories, you'll need to register under the Money Laundering Regulations โ with different governing bodies depending on the industry or nature of your business.
Who Supervises You
Depending on your sector, you'll register with one of the following.
Public Sector Supervisors
- HMRC (HM Revenue & Customs): Supervises high-value dealers, art market participants, trust or company service providers, and most independent estate and letting agents. Check GOV.UK guidance to see if you fall under their remit.
- Financial Conduct Authority: Supervises financial institutions, payment service providers, and cryptoasset businesses.
- Gambling Commission: Supervises casinos and betting operators.
Professional Body Supervisors
- Association of Accounting Technicians (AAT)
- Association of Chartered Certified Accountants
- Association of International Accountants
- Institute of Chartered Accountants in England and Wales (ICAEW)
- Institute of Chartered Accountants of Scotland (ICAS)
- Institute of Chartered Accountants in Ireland
- Chartered Institute of Management Accountants (CIMA)
- Chartered Institute of Taxation
- Institute of Accountants and Bookkeepers
- Institute of Certified Bookkeepers
- Association of Taxation Technicians (ATT)
- Institute of Financial Accountants
- Law Society / Solicitors Regulation Authority
- Law Society of Northern Ireland
- Law Society of Scotland
- Chartered Institute of Legal Executives (CILEx)
- Council for Licenced Conveyancers (CLC)
- Faculty of Advocates
- Faculty Office of the Archbishop of Canterbury
- General Council of the Bar / Bar Standards Board
- General Council of the Bar of Northern Ireland
Appointing a Money Laundering Reporting Officer
A Money Laundering Reporting Officer (MLRO) needs to be appointed as the first point of contact for employees who suspect fraudulent or money laundering activity.
Once money laundering activity has been reported, it's up to the MLRO to review the evidence and decide whether it needs to be escalated to a Suspicious Activity Report (SAR) to the National Crime Agency (NCA). Once escalated, the MLRO liaises with the NCA and follows their advice and instructions on next steps.
If your business is run by just yourself, then you are, by definition, the Money Laundering Reporting Officer โ you're the person directly responsible for reporting any suspicious transactions.
How Do I Put Anti-Money Laundering Controls in Place?
Systems of controls and procedures will change according to the size and complexity of each business and the risks involved.
HMRC won't dictate what risk-based measures should be in place for your business โ it's for you and your senior managers to decide on a reasonable approach that balances the costs to your business and your customers against a realistic assessment of the risks involved.
Businesses should keep relevant documents relating to the risk assessment and management procedures and processes.
Remember to write down your risk-based policy and procedures and keep these documents up to date โ this is called a policy document. HMRC will ask for details of your policies and procedures. We can provide you with a policy document for less than the cost of a couple of hours of many solicitors' time. For more information, see our Money Laundering Policy Document.
Your business should establish and maintain appropriate, risk-sensitive policies and procedures covering:
- โCustomer due diligence measures and ongoing monitoring
- โReporting
- โRecord keeping
- โInternal control
- โRisk assessment and management
- โThe monitoring and management of compliance
- โThe internal communication of such policies and procedures
What is a Risk-Based Approach?
A risk-based approach means directing resources in accordance with priorities, so that the greatest risk receives the highest attention.
This approach was introduced to:
- Allow public authorities and businesses to concentrate resources in the areas of greatest risk.
- Avoid a 'tick-box' approach, which can focus on a rigid system of control rather than the actual risks โ which are, in practice, different for each business.
- By adopting a risk-based approach, businesses can ensure that measures to prevent money laundering and terrorist financing are appropriate to the level of risk identified.
Applied appropriately, this approach should allow businesses to be more efficient and effective in their use of resources, and minimise burdens on their customers.
What is Customer Due Diligence?
Customer due diligence is the term used in the Regulations for the steps businesses must take to:
- Identify the customer and verify their identity using documents, data or information obtained from a reliable and independent source. Mobunti can provide online identity checking services for verifying identities without requiring photocopies of documents.
- Identify any beneficial owner who is not the customer โ the individual (or individuals) behind the customer who ultimately own or control them, or on whose behalf a transaction or activity is being conducted. Incorporation documents and the people involved in a company can be retrieved from Companies House. Be aware that since October 2008, the Companies Act requires that only the shareholder name is reported on the Confirmation Statement, not their address โ so you'll need to interact directly with your customer to obtain contact details for any checks you feel are appropriate.
- Where a business relationship is established, understand the purpose and intended nature of that relationship โ for example, details of the customer's business or the source of funds.
- Conduct ongoing monitoring to identify large, unusual or suspicious transactions.
It's imperative that you keep records of all methods used when carrying out due diligence checks on your customers, including hard copies of any documents requested. Keep as much information as possible to show that you have fully complied with the money laundering regulations. Should there ever be a need to investigate one of your customers, or you have an audit from your governing body, it's extremely important that you have as much information as possible to demonstrate your compliance with the Regulations.
Choosing a Verification Agency
HM Treasury says that before using a commercial agency for electronic verification, firms should be satisfied that the information supplied by the data provider is sufficiently extensive, reliable and accurate. This judgement may be assisted by checking whether the provider meets the following criteria.
- โIt is recognised through registration with the Information Commissioner's Office to store personal data.
- โIt uses a range of positive information sources that can be called upon to link an applicant to both current and previous circumstances.
- โIt accesses negative information sources, such as databases relating to identity fraud and deceased persons.
- โIt accesses a wide range of alert data sources.
- โIt has transparent processes that let the firm know what checks were carried out, what the results were, and what they mean in terms of how much certainty they give as to the identity of the subject.
In addition, a commercial agency should have processes that allow the enquirer to capture and store the information they used to verify an identity.
We're registered with the ICO
We are registered with the Information Commissioner's Office, meeting the recognised standard for storing personal data responsibly.
Our data sources
Our standard KYC checks connect to LexisNexis, Equifax and Experian for positive responses, plus mortality screening files, financial data within UK credit files, international sanction files, the Politically Exposed Person database (global and domestic), and the Smartdepart GoneAway file for alert and negative data sources. Our Selfie based and ACSP checks are carried out through TrustID who use similar services
A permanent record
We store the generated PDF document within our system and email it to you, or provide it via the API. We'd urge you to store the PDF alongside your client account details, so you have a permanent record of what was checked and when.