Click here for PDF
The MLD4 came into force on 26 June 2017. This was the date by which all member states were required to bring into force the laws, regulations and administrative provisions necessary to facilitate their compliance with MLD4.
The Money Laundering and Transfer of Funds (Information on the Payer) Regulations 2017 were the UK’s response to this call. The current Money Laundering Regulations 2007 are now revoked.
This study takes a quick look at the new customer due diligence (CDD) and simplified due diligence (SDD) requirements. The enhanced due diligence requirements (EDD) have also been amended but are outside the scope of this quick study.
We also take a look at the impact these new due diligence measures have on third parties which firms may seek to rely on.
Customer Due Diligence
Firms must ensure they take the following CDD measures:
- Identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source;
- Identifying beneficial owners and taking reasonable measures to verify their identity;
- Verifying that any person purporting to act on behalf of the customer is actually authorized to do so and then identifying and verifying the identity of that person;
- Assessing and, as appropriate, obtaining information on the purpose and intended nature of the business relationship;
- Conducting ongoing monitoring of the business relationship including scrutiny of transactions undertaken throughout the course of the relationship to ensure that the transactions are consistent with the firm’s knowledge of the customer, the business and risk profile (including where necessary the source of funds) and ensuring that the documents, data or information held are kept up to date.
In order to determine the extent of the CDD measures firms must consider the transaction or relationship on a risk-sensitive basis. As a minimum firms will need to consider the following factors:
- the purpose of an account or relationship;
- the level of assets to be deposited by a customer or the size of transactions undertaken;
- the regularity or duration of the business relationship.
Simplified Due Diligence
Decisions on when and how to carry out SDD will also now have to be justified on the basis of a risk assessment.
Where a firm identifies areas of lower money laundering and terrorist financing risk, it may apply SDD measures.
However, before applying SDD measures, the firm must establish by way of a clear risk assessment that the business relationship, customer or transaction presents a lower degree of risk.
The factors which should be considered by firms include:
- Customer risk factors
- Product, service, transaction or delivery channel risk factors
- Geographical risk factors
Relying on Third Parties
The ultimate responsibility for meeting the CDD requirements remains with the firm that relies on the third party and not with the third party itself. If therefore a firm wants to rely on a third party to carry out the CDD measures, they must ensure they obtain from the third party the necessary information required.
This includes taking adequate steps to ensure that on immediate request the third party provides them with the relevant copies of identity and verification data required to evidence compliance with the new regulations.
The Fifth Money Laundering Directive (MLD5)
This is already being considered and is expected to follow shortly. This is expected to build on and re-affirm the measures set out in MLD4.
We will be providing a fuller report on the new regulations and the Guidance developed by the Joint Money Laundering Steering Group (JMLSG) in our next newsletter.
Timothy Anson, London, Paralegal also contributed to this article.