1Firms must identify their customers and, where applicable, their beneficial owners, and then verify their identities. Firms must also understand the purpose and intended nature of the customer’s relationship with the firm and collect information about the customer and, where relevant, beneficial owner. This should be sufficient to obtain a complete picture of the risk associated with the business relationship and provide a meaningful basis for subsequent monitoring.
Firms should note that CDD measures also apply when contacting an existing customer as part of any legal duty in the course of a calendar year for the purpose of reviewing information which is relevant to the risk assessment of the customer, and relates to beneficial ownership of the customer.2
Firms should also note that CDD measures must also be applied when the relevant person has to contact an existing customer in order to fulfil any duty under the International Tax Compliance Regulations 2015.2
CDD measures must also include taking reasonable steps to understand the ownership and control structure of a customer where the customer is a legal person, trust, company, foundation or similar legal arrangement.2
Firms are required to keep written records in circumstances where all possible means of identifying the beneficial owner of a body corporate have been taken and the beneficial owner cannot be identified satisfactorily or at all. In circumstances where the beneficial owner of a body corporate cannot be identified, reasonable measures must be taken to verify the identity of the senior person in the body corporate responsible for managing it. In doing so, firms should keep written records made of the actions taken and any difficulties encountered.2
Firms are required to collect proof of company registration (or an excerpt from the register) before establishing a business relationship with certain legal entities including a company subject to the requirements of Part 21A of the Companies Act 2006, a limited liability partnership or an eligible Scottish partnership. Firms are required to report to Companies House discrepancies between this information and information which otherwise becomes available to them in the course of complying with the Money Laundering Regulations. Firms may wish to refer to further guidance from the Companies House. 2
In situations where the money laundering risk associated with the business relationship is increased, banks must carry out additional, enhanced due diligence (EDD). FCG 3.2.8G below considers enhanced due diligence.
Where a firm cannot apply customer due diligence measures, including where a firm cannot be satisfied that it knows who the beneficial owner is, it must not enter into, or continue, the business relationship.
Firms should note that an electronic identification process may be regarded as a reliable source for the purposes of CDD verification where that process is independent of the person whose identity is being verified, secure from fraud and misuse and capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact that person with that identity.2
Self-assessment questions:
-
• Does your firm apply customer due diligence procedures in a risk-sensitive way?
-
• Do your CDD processes provide you with a comprehensive understanding of the risk associated with individual business relationships?
-
• How does the firm identify the customer’s beneficial owner(s)? Are you satisfied that your firm takes risk-based and adequate steps to verify the beneficial owner’s identity in all cases? Do you understand the rationale for beneficial owners using complex corporate structures?
-
• Are procedures sufficiently flexible to cope with customers who cannot provide more common forms of identification (ID)?
Examples of good practice
|
Examples of poor practice
|
•
|
A firm which uses e.g. electronic verification checks or PEPs databases understands their capabilities and limitations.
|
•
|
Procedures are not risk-based: the firm applies the same CDD measures to products and customers of varying risk.
|
•
|
The firm can cater for customers who lack common forms of ID (such as the socially excluded, those in care, etc).
|
•
|
The firm has no method for tracking whether checks on customers are complete.
|
•
|
The firm understands and documents the ownership and control structures (including the reasons for any complex or opaque corporate structures) of customers and their beneficial owners.
|
•
|
The firm allows language difficulties or customer objections to get in the way of proper questioning to obtain necessary CDD information.
|
•
|
The firm obtains information about the purpose and nature of the business relationship sufficient to be satisfied that it understands the associated money laundering risk.
|
•
|
Staff do less CDD because a customer is referred by senior executives or influential people.
|
•
|
Staff who approve new or ongoing business relationships satisfy themselves that the firm has obtained adequate CDD information before doing so.
|
•
|
The firm has no procedures for dealing with situations requiring enhanced due diligence. This breaches the Money Laundering Regulations.
|
|
|
•
|
The firm fails to consider:
|
◦
|
any individuals who ultimately control more than 25% of shares or voting rights of a corporate customer;
|
◦
|
any individuals who exercise control over the management of a corporate customer; and
|
◦
|
any individuals who control the body corporate
|
when identifying and verifying the customer’s beneficial owners. This breaches the Money Laundering Regulations.
|
See regulations 5, 6, 27, 28, 30A, 31,2 33, 34 and 35 of the Money Laundering Regulations.