On 11 August 2017 the Consultative Committee of Accounting Bodies (CCAB) issued their draft guidance reflecting the changes to the Regulations in ‘The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the 2017 Regulations)’.
Whilst the basic offences in connection with money laundering and terrorist financing haven’t changed, the detailed requirements in respect of anti-money laundering (AML) policies, procedures and due diligence have changed quite significantly.
Overall firms are required to:
- Monitor and manage their own compliance with the Regulations; (including regular independent AML reviews, which can be done externally, such as by us, or internally);
- Make sure they are always familiar with the requirements (thus implying subscription to some sort of updating service, or regular checks by the MLRO on what might have changed);
- Have systems and controls capable of:
- Assessing the risk associated with a customer;
- Performing customer due diligence;
- Monitoring existing customers;
- Keeping appropriate records;
- Enabling staff to make suspicious activity reports (SARs) internally (ie to MLRO);
- Train relevant staff so they understand their obligations;
- Have effective internal risk management systems and controls.
As before, there are specific additional responsibilities for the MLRO/senior management with regard to ensuring compliance with the Regulations. There is also a requirement for the name of the person with these responsibilities to be notified to the supervisory body (eg ICAEW/ACCA) within 14 days of their appointment.
Risk based approach
In these new requirements, there is much added emphasis to the risk-based approach, including the firm-level risk assessment, which is used to inform the policies and procedures needed. Such a risk assessment needs to include consideration of the risks associated with the client, the service provided, the geography, sector and delivery channel used. This risk assessment must be carried out at least annually, but with new risks considered as they arise. It must be documented and provided to the firm’s supervisory body on request.
Some of the more detailed specific additions require a firm to screen employees both before and during the appointment process, to consider their skills, knowledge, expertise, conduct and integrity. Hopefully, given the nature of firms of accountants, these checks are already done as part of the recruitment process, but they now have specific regulatory backing and so evidencing of such checks will be vital.
Customer Due Diligence
Whilst the basic principles of customer due diligence (CDD) have not changed, once again there is quite a bit of alteration in the detailed requirements. This includes specific situations in which enhanced due diligence (EDD) is required and some alteration to the basic information required for corporates. Of course you will probably also be aware of the fact that the definition of politically exposed persons (or PEPs) was extended to include UK PEPs as well as foreign nationals in the new Regulations, therefore requiring EDD. There are also some changes to who is classed as a beneficial owner, particular for trusts, where the settlor would now be included.