anti-money laundering guidance notes january 2015 draft aml guidance member... · anti-money...

Anti-money Laundering

Guidance notes

January 2015

CILEx Draft AML Guidance Version 1.0 to HM Treasury 14 Jan 2015 2

Definitions:

Beneficial owners See chapter 4.14

Business relationship A business, professional or commercial relationship between a relevant person and a customer, which is expected by the relevant person at the time when contact is established to have an element of duration

Customer due diligence Chapter 4 provides details of what customer due diligence (CDD) means

Criminal conduct Conduct which constitutes an offence in any part of the UK or would constitute an offence in any part of the UK if it occurred there – see section 340(2) of POCA

Criminal property Property which is, or represents, a person‟s benefit from criminal conduct, where the alleged offender knows or suspects that it is such – see also the definition of property

Disclosure A report made to the NCA under the Proceeds of Crime Act 2002 – also referred to as a suspicious activity report (SAR)

Insolvency practitioner Any person who acts as an insolvency practitioner within the meaning of section 388 of the Insolvency Act 1986 (as amended) or article 3 of the Insolvency (Northern Ireland) Order 1989 (as amended)

Inter vivos trust A trust which takes effect when a person is alive

Legal professional privilege See chapter 6 and section 190 of the Legal Services Act 2007

Nominated officer A person nominated within the entity to make disclosures to the NCA under the Proceeds of Crime Act 2002 – referred to in this guidance as a money laundering reporting officer (MLRO)

Occasional transaction A transaction (carried out other than as part of a business relationship) amounting to €15,000 or more, whether the transaction is carried out in a single operation or several operations which appear to be linked

Ongoing monitoring See chapter 4.9

Overseas criminal conduct Conduct which occurs overseas that would be a criminal offence if it occurred


in the UK but does not include conduct which occurred overseas where it is known or believed on reasonable grounds that the relevant conduct occurred in a particular country or territory outside the UK, and such conduct was in fact not unlawful under the criminal law then applying in that country or territory. That exemption will not apply to overseas conduct if it would attract a maximum sentence in excess of 12 months‟ imprisonment were the conduct to have occurred in the UK. If the overseas conduct is such that it would constitute an offence under the Gaming Act 1968, the Lotteries and Amusements Act 1976 or section 23 or section 35 of the Financial Services and Markets Act 2000 (see section 102 of SOCPA), it will not be exempt

Politically exposed person (PEP) See chapter 4.6

Privileged circumstances See chapter 6.4

Property All property whether situated in the UK or abroad, including money, real and personal property, things in action, intangible property and an interest in land or a right in relation to any other property

Regulated sector Activities, professions and entities regulated for the purposes of AML/CTF obligations – see chapter 1

Tax adviser An entity or sole practitioner who, by way of business, provides advice about the tax affairs of another person, when providing such services

Terrorist property Money or other property which is likely to be used for the purposes of terrorism, the proceeds of the commission of acts of terrorism and the proceeds of acts carried out for the purposes of terrorism

Trust or company service provider An entity or sole practitioner who by way of business provides any of the following services to other persons –

forming companies or other legal persons;

acting or arranging for another person to act: o as a director or secretary of a

company; o as a partner of a partnership; or


o in a similar position in relation to other legal persons;

providing a registered office, business address, correspondence or administrative address or other related services for a company, partnership or any other legal person or arrangement;

acting, or arranging for another person to act, as – o a trustee of an express trust or

similar legal arrangement; or o a nominee shareholder for

another person other than a company listed on a regulated market when providing such services

Abbreviations: AML Anti-money laundering BO Beneficial Owner CDD Customer due diligence CILEx Charted Institute of Legal Executives CPS Crown Prosecution Service CTF Counter terrorist financing DWP Department of Work and Pensions EEA European Economic Area EDD Enhanced Due Diligence FATF Financial Action Task Force, an intergovernmental

body whose purpose is to develop and promote broad AML/CTF standards, both at national and international levels

FCA Financial Conduct Authority, the UK regulator of the financial services industry

GRO General Registry Office IBA International Bar Association ICO Information Commissioner ID Identification IPS ILEX Professional Standards JMLSG Joint Money Laundering Steering Group KYC Know Your Client LLP Limited Liability Partnership LPP Legal professional privilege MLR Money Laundering Regulations 2007 ML Money Laundering MLRO Money Laundering Reporting Officer NCA National Crime Agency, the UK‟s financial

Intelligence Unit (FIU)


POCA Proceeds of Crime Act 2002 PEPs Politically Exposed Persons RBA Risk Based Approach SAR Suspicious activity report SDD Simplified Due Diligence TACT Terrorism Act 2000 (Amendment) Regulations

2007 Terrorism Act Terrorism Act 2000 TF Terrorist Financing


Contents CHAPTER 1 – INTRODUCTION ................................................................................. 10

1.1 Purpose of the guidance................................................................................. 10

1.2 What is money laundering? ............................................................................ 10

1.3 Legal requirements ......................................................................................... 12

1.4 Guidance explanation and status ................................................................... 16

1.5 Terminology .................................................................................................... 16

CHAPTER 2 – THE RISK-BASED APPROACH ....................................................... 17

2.1 Introduction ..................................................................................................... 17

2.2 What is a risk-based approach (RBA)?.......................................................... 17

2.3 A risk based approach to customer due diligence (CDD) ............................. 17

2.4 How to assess the risk profile of the entity .................................................... 18

2.5 How to assess client risk ................................................................................ 19

2.6 Conducting the client risk assessment ........................................................... 20

CHAPTER 3 – SYSTEMS, POLICIES AND PROCEDURES .................................... 23

3.1 General comments and applicable law .......................................................... 23

3.2 The MLRO ....................................................................................................... 23

3.3 Policies and procedures ................................................................................. 24

3.4 What should be included? .............................................................................. 24

3.5 Risk assessment ............................................................................................. 25

3.6 Monitoring and compliance ............................................................................ 25

3.7 Customer due diligence (CDD) ...................................................................... 26

3.8 Reporting ......................................................................................................... 26

3.9 Record keeping ............................................................................................... 27

3.10 Communication and training ....................................................................... 29

CHAPTER 4 – CUSTOMER DUE DILIGENCE .......................................................... 30

4.1 Introduction ..................................................................................................... 30

4.2 What is CDD? ................................................................................................. 31

4.3 Identification and verification .......................................................................... 32

4.4 Methods of verification .................................................................................... 32

4.5 Simplified due diligence (SDD) ...................................................................... 35


4.6 Enhanced due diligence (EDD) ...................................................................... 36

4.7 Reliance and outsourcing ............................................................................... 40

4.8 Passporting clients between jurisdictions (international offices) ................... 41

4.9 Ongoing monitoring ........................................................................................ 42

4.10 When must CDD be undertaken? ............................................................... 43

4.11 CDD on clients ............................................................................................. 44

4.12 Natural persons ........................................................................................... 44

4.13 Other legal entities including companies, partnerships etc. ...................... 47

4.14 CDD on a beneficial owner ......................................................................... 54

4.15 FATF counter measures ............................................................................. 63

4.16 Financial restrictions .................................................................................... 63

CHAPTER 5 – MONEY LAUNDERING OFFENCES ................................................. 65

5.1 Introduction ..................................................................................................... 65

5.2 The mental elements ...................................................................................... 65

5.3 Knowledge ...................................................................................................... 66

5.4 Suspicion ......................................................................................................... 66

5.5 Reasonable grounds to suspect ..................................................................... 67

5.6 What are the warning signs? .......................................................................... 67

5.7 Principal money laundering offences ............................................................. 78

5.8 Defences to principal money laundering offences ......................................... 80

5.9 Authorised disclosures ................................................................................... 80

5.10 Failure to disclose offences – money laundering ....................................... 83

5.11 Defences to failure to disclose offences ..................................................... 84

5.12 Tipping off .................................................................................................... 85

5.13 Defences to tipping off ................................................................................ 86

5.14 Making enquiries of a client ........................................................................ 87

CHAPTER 6 – LEGAL PROFESSIONAL PRIVILEGE (LPP) ................................... 88

6.1 Legislation ....................................................................................................... 88

6.2 Duty of confidentiality ..................................................................................... 88

6.3 Legal professional privilege (LPP) ................................................................. 88

6.4 Privileged circumstances ................................................................................ 91

6.5 When to disclose ............................................................................................ 93

CHAPTER 7 – TERRORIST PROPERTY OFFENCES ............................................. 95


7.1 Legislation ....................................................................................................... 95

7.2 Defences to principal terrorist property offences ........................................... 96

7.3 Failure to disclose offences ............................................................................ 96

7.4 Defences to failure to disclose ....................................................................... 97

7.5 Tipping off ....................................................................................................... 97

7.6 Defences to tipping off .................................................................................... 98

7.7 Making enquiries of a client ............................................................................ 98

7.8 Sanctions regime ............................................................................................ 99

CHAPTER 8 – MAKING A SAR ................................................................................ 102

8.1 Introduction ................................................................................................... 102

8.2 Reporting obligations .................................................................................... 102

8.3 How to report ................................................................................................ 102

8.4 What information should be included? ......................................................... 103

8.5 Obtaining consent ......................................................................................... 103

8.6 Constructive trust issues .............................................................................. 104

8.7 Contacting the NCA ...................................................................................... 105

8.8 Confidentiality of SARs ................................................................................. 105

8.9 Feedback on SARs ....................................................................................... 105

CHAPTER 9 – TRAINING ......................................................................................... 106

9.1 Introduction ................................................................................................... 106

9.2 What form should training take? .................................................................. 106

9.3 Appropriate level of training .......................................................................... 107

CHAPTER 10 – ENFORCEMENT ............................................................................. 109

10.1 Introduction ................................................................................................ 109

10.2 Supervision under the regulations ............................................................ 109

10.3 Enforcement powers under the Money Laundering Regulations (MLR)

2007 110

10.4 Disciplinary action ..................................................................................... 110

10.5 Offences and penalties ............................................................................. 110

10.6 Joint liability ............................................................................................... 111

10.7 Prosecution authorities .............................................................................. 111

Annex 1 – Money Laundering Directives: A Summary .................................................. 112

Annex 2 – Practical examples of interests and powers of control ................................. 113


Annex 3 – Table of entity or arrangement types ............................................................ 117


CHAPTER 1 – INTRODUCTION 1.1 Purpose of the guidance This guidance is issued by CILEx and applies to all Approved Managers and other employees in an Authorised Entity (entity) regulated by ILEX Professional Standards (IPS). The guidance should be made available to all employees but those involved in anti-money laundering compliance should ensure that they are familiar with the contents. This guidance aims to help all Approved Managers and their employees comply with their obligations under the UK‟s anti money laundering and counter terrorist financing (AML/CTF) legislation. It has received HM Treasury approval, (see paragraph 1.4) and must be considered by a court, when deciding whether a person has committed an offence under the Proceeds of Crime Act 2002 (POCA) and the Terrorism Act 2000. The guidance cannot cover all situations which may be encountered by those working in an entity. Further assistance on specific issues is available by contacting [insert details, email and telephone number]. The focus of this guidance is on providing entities with a clear understanding of their AML/CTF obligations and money laundering (ML) and terrorist financing (TF) risks as required under the Financial Action Task Force (FATF) effectiveness methodology. Entities should ensure that in implementing systems and controls, they take a risk based approach (RBA), see chapter 2.2. Legal entities have a key role to play in society and are involved in the majority of business and financial transactions that take place every day in the UK. They are at risk of being used by money launderers. By implementing robust systems and controls to manage that risk, they should ensure that their services are not used to further a criminal purpose. All employees should be reminded of the need to act with integrity, uphold the rule of law and not be involved in criminal activity. Entities should familiarise themselves with the UK‟s National Risk Assessment and take account of the risks identified when implementing and reviewing their systems and ensure employees are aware of the risks which apply to their work and the entity. ML and TF are serious threats to society, endangering life, fuelling other criminal activity and resulting in lost revenue. 1.2 What is money laundering? The term “money laundering” means the process by which the proceeds of crime (criminal property) are laundered and the true ownership of that money is hidden, so that the money appears to come from a legitimate source. This is acknowledged to


be a global problem and most countries have enacted legislation to criminalise ML and TF. Criminal Property Criminal property is property which is or represents a person‟s benefit from criminal conduct and the alleged offender knows or suspects this is the case. The definition is important because it means that for the principal money laundering offences to be established, the alleged offender must know or suspect that the property is or represents the proceeds of crime. Criminal property can be in its original form for example, cash obtained by selling drugs, or it may have changed in character. An example would be a house bought with drugs cash which represents the benefit of criminal conduct even if part of the purchase price comes from legitimate funds. Criminal Conduct Criminal conduct is conduct which constitutes an offence in any part of the United Kingdom. The definition of criminal conduct is very broad. There must be a predicate offence, for example drug trafficking, theft, piracy or successful mortgage fraud. It is important to note that the definition of criminal conduct in the Proceeds of Crime Act 2002 (POCA) goes further than most other jurisdictions and incudes minor regulatory offences. As a result, criminal property includes savings from minor regulatory breaches, tax evasion and benefit fraud, which can then be laundered. It is not necessary for there to be a deliberate attempt to hide the origin of the criminal property in order to commit an offence. Individuals may become involved in ML unwittingly.

There are three phases to ML as follows:

Placement

Cash generated from crime e.g. drugs offences is placed in the financial system. This stage can be easy to detect because the proceeds of crime are most obvious. As banks and financial institutions have developed AML systems and controls, criminals look for other ways of placing cash within the financial system. Legal entities are at risk because they commonly deal with client money.

Layering

Once proceeds of crime are in the financial system, layering obscures their origins by passing the money through a number of different transactions. Buying and selling property is still a way of layering the proceeds of crime. Transactions may involve different entities such as companies and trusts, and can take place in multiple jurisdictions. Legal entities may well be involved in such transactions but it may be difficult to detect that there is criminal property


Integration

Once the origin of the funds/assets has been obscured, through placement and layering, the criminal can use the funds which now appear legitimate. They may be invested in legitimate business or used to buy property (both residential and commercial) or other investments, set up a trust or even settle litigation, among other activities. Integration is the most difficult stage of ML to detect. 1.3 Legal requirements As a member of the EU, the UK must implement the various Directives including those relating to ML and TF into national legislation. The current Money Laundering Directive (Third) was implemented through the Money Laundering Regulations 2007 (on 15 December 2007) and the Terrorism Act 2000 and Proceeds of Crime Act 2002 (Amendment) Regulations 2007 (the TACT and POCA Regulations 2007) on 26 December 2007. The three Directives are summarised in Annex 1, as it is important to understand the context of the legislation. The Directives are based on the recommendations of the Financial Action Task Force (FATF) (the global standard setter) and further details of the historical position are contained in Annex 1. (The Fourth Directive is expected to be adopted in early 2015 and the UK will implement the Directive primarily through new Regulations which are likely to come into force in the 1st half of 2016.) There are elements of the UK‟s legislation which are not included in the Directives to date, so everyone in an entity must understand how the UK legislation applies to them and to their work. Proceeds of Crime Act 2002 POCA came into force on 24 February 2003, and applies to everyone but some elements (e.g. the failure to report offences) only apply to persons providing services in the regulated sector. The legislation applies to all crimes, not only serious crimes. In addition, it does not matter whether the criminal property is £1 or £1 million, there is no de minimis or threshold. There must be a predicate offence which results in criminal property for there to be ML, so attempted fraud is not ML. POCA, as amended by the TACT and POCA Regulations 2007, establishes a number of ML offences, (which are considered in more detail in chapter 5) as follows:

three principal ML offences;

failure to report knowledge or suspicion of ML or reasonable grounds to know or suspect someone is engaged in ML;

tipping off offences;

prejudicing an investigation offences.


The defences are set out in chapter 5, including the defence of reporting to the money laundering reporting officer (MLRO) or the National Crime Agency (NCA). The maximum penalties are:

14 years‟ imprisonment and/or an unlimited fine for the main ML offences;

5 years‟ imprisonment and/or an unlimited fine for failure to report offences and prejudicing an investigation offences;

2 years‟ imprisonment and/or an unlimited fine for tipping off offences.

POCA provides the NCA and law enforcement agencies with a wide range of powers enabling them to investigate ML. The definition of the regulated sector is contained in schedule 9 of POCA (amended by the Proceeds of Crime Act 2002 (Business in the Regulated Sector and Supervisory Activities) Order 2007)) and in the Money Laundering Regulations 2007. Terrorism Act 2000 and Anti-terrorism, Crime and Security Act 2001 The Terrorism Act 2000, as amended, contains a number of offences about engaging in or facilitating terrorism, as well as raising or possessing funds for terrorist purposes. It also contains a list of proscribed organisations believed by the Secretary of State to be involved in terrorism. The Home Office is the primary source of information on proscribed organisations, including up-to-date information about aliases. The definition of terrorist property, involvement with which is an offence, includes resources of a proscribed organisation. The Terrorism Act applies to everyone although some offences only apply to those in the regulated sector. The TF offences are considered in more detail in chapter 7. The main criminal offences are:

four main terrorist property offences;

failure to report knowledge or suspicion of TF or reasonable grounds to know or suspect TF;

failure to report attempted TF;

tipping off offences;

prejudicing an investigation offences. The defences are set out in chapter 7, including the defence of reporting to the money laundering reporting officer (MLRO) or the National Crime Agency (NCA). The maximum penalties are as follows:

14 years‟ imprisonment and/or an unlimited fine for the principal TF offences;


5 years‟ imprisonment and/or an unlimited fine for failure to report offences and prejudicing an investigation offences;

2 years‟ imprisonment and/or an unlimited fine for tipping off offences.

The Terrorism Act provides the NCA and law enforcement agencies with a wide range of powers enabling them to investigate TF. The Anti-terrorism, Crime and Security Act 2001 gives the authorities power to seize terrorist cash, to freeze terrorist assets and to direct businesses in the regulated sector to provide the authorities with specified information on customers and their (terrorism-related) activities. The definition of the regulated sector in the Terrorism Act was amended by the Terrorism Act 2002 (Business in the Regulated Sector and Supervisory Activities) Order 2007 to bring it into line with the Money Laundering Regulations 2007. The Money Laundering Regulations 2007 (MLR 2007) The MLR 2007 set out the regulatory obligations for all businesses undertaking activities in the regulated sector, including the systems and controls which must be in place, in order to prevent ML or TF. The aim of the MLR 2007 is to limit the use of professional services for ML by requiring professionals to know their clients (referred to as KYC) and monitor the use of their services by clients. The MLR 2007 (Regulation 3) apply to persons acting in the course of business carried on in the UK in the following areas:

credit institutions;

financial institutions;

auditors, insolvency practitioners, external accountants and tax advisers;

independent legal professionals;

trust or company service providers;

estate agents;

high value dealers;

casinos. Independent legal professional An independent legal professional includes an entity or a sole practitioner who “by way of business” provides legal or notarial services to other persons. The term “independent legal professional‟, does not include legal advisors employed by a public authority, or working in-house. The MLR 2007 only apply to certain legal activities where there is a high risk of ML. Consequently, they apply when entities participate in financial or real property transactions (referred to as the “regulated sector”) involving:


buying and selling of real property or business entities;

managing of client money, securities or other assets;

opening or management of bank, savings or securities accounts;

organisation of contributions necessary for the creation, operation or management of companies;

creation, operation or management of trusts, companies or similar structures.

An entity (or an employee or Approved Manager) will be participating in a transaction by assisting in the planning or execution of the transaction or otherwise acting for or on behalf of a client in the transaction. Managing client money is narrower than handling it. Opening or managing a bank account is likely to include opening a designated deposit account or trust account when acting for a client as a trustee, attorney or a deputy. It is therefore wider than simply opening a client account. According to HM Treasury, the following would not generally be viewed as participation in financial transactions:

payment on account of costs or payment of bill of costs;

provision of legal advice;

participation in litigation or a form of alternative dispute resolution;

will-writing, although any related taxation advice is covered;

work funded by the Legal Aid Agency.

If an entity is unsure whether the regulations apply to a particular type of work or to a particular activity, legal advice should be sought on the particular issues. Alternatively, an entity may wish to take a broad approach to compliance with the regulations, for example, by verifying the identity of all clients. Other regulated sector activities Some entities may be within the regulated sector in relation to other services offered, for example:

tax advice (entities must also consider the full range of related services, such as tax planning and tax compliance work);

trust or company service provider (being a trustee does not amount to being a trust and company service provider as the trust is not formed until the death of the testator);

insolvency practitioner;

any of the activities listed in annex 1 to the Banking Consolidation Directive (see schedule 1 of the MLR 2007), for example, portfolio management or safe custody services, (as a will is not a designated investment, entities storing wills will not be providing a safe custody service);

financial services (an entity that wishes to offer financial services will have to be regulated by the FCA as well as IPS).


1.4 Guidance explanation and status This guidance is issued by CILEx for the use and benefit of entities regulated by IPS. The guidance represents CILEx‟s view of good practice that can be followed by entities. There is no requirement to follow the guidance but if they do follow the guidance, entities will be able to demonstrate to IPS or another regulator or oversight body how they have tried to ensure compliance. The guidance is not intended to be a legal interpretation of the law on ML/TF and so you should have a good understanding of the relevant law and regulations. The guidance does not necessarily provide a defence to complaints of misconduct or inadequate professional service but the regulator, IPS advises that it will consider whether an entity has complied with this guidance when undertaking its role as a supervisory authority for the purpose of the MLR 2007 and as the regulator of professional conduct for CILEx members. Entities authorised and regulated by the FCA because they are undertaking mainstream regulated activities as defined by the Financial Services and Markets Act 2000, must comply with the FCA Handbook and consider the Joint Money Laundering Steering Group's guidance. Approval has been obtained from HM Treasury for this guidance in accordance with sections 330 (8) and 331 (7) of the Proceeds of Crime Act 2002, section 21 A (6) of the Terrorism Act 2000 and Regulation 45 (2) of the MLR 2007. As a result, the court must consider whether, when deciding whether a person has committed an offence under those provisions, the person has followed this guidance by taking all reasonable steps and exercising all due diligence to avoid committing the offence. Whilst care has been taken to ensure that this guidance is accurate, up to date and useful, CILEx will not accept any legal liability in relation to it. 1.5 Terminology In this guidance: “must” means that there is a specific requirement either in legislation or other mandatory provision. “should” denotes good practice or non-mandatory provision e.g. guidance. There may be other ways of complying with the legislative or regulatory requirements but an entity should be able to demonstrate to the regulator, IPS or oversight body why the course of action was appropriate in the circumstances. “may” provides entities with options for compliance and it will be for entities to decide which option is appropriate in the circumstances. The entity may have to justify their approach to the regulator or oversight body.


CHAPTER 2 – THE RISK-BASED APPROACH 2.1 Introduction All entities need to identify, manage and mitigate their risks, whether those risks are operational, strategic, financial or regulatory. In the AML context, the risks of being used by money launderers and terrorist financers are considerable. If an entity is used by launderers or terrorist financers, the consequences can be severe. The entity and Approved Managers/employees can face criminal and disciplinary sanctions and/or civil action and the entity‟s reputation can be damaged resulting in a loss of business. Approved Managers need to ensure that ML risks are assessed at entity level and at client level. Having identified the risks, the entity can then focus its resources on the areas of highest risk, by taking a risk based approach to ensure that its systems and controls are effective in the fight against ML and TF. 2.2 What is a risk-based approach (RBA)? The RBA is the foundation upon which the MLR 2007 are based. It allows entities to implement measures to mitigate the ML and TF risks identified by that entity. (The risks faced by each entity will differ, depending on the client base, the services offered etc. and therefore the controls will vary between entities). The benefits of an RBA are that an entity can ensure compliance costs are proportionate to the risks faced by the entity, the impact on clients is minimised, where possible, and the entity is more likely to have the flexibility to respond to emerging ML/TF risks. It is important to note that the RBA does not apply to reporting suspicious activity, because POCA and the Terrorism Act lay down specific legal requirements not to engage in suspicious activities and to make reports of such activities (see chapters 5 and 7 for further details). The RBA does apply to compliance with CDD obligations. If, despite your systems and controls, criminals still succeed in infiltrating your entity for the purpose of criminal activity, the evidence that you have, as part of your RBA, will enable you to justify your position on managing the risk, if questioned by law enforcement agencies, the courts or the supervisory authority. 2.3 A risk based approach to customer due diligence (CDD) The MLR 2007 provide for an RBA in relation to CDD obligations. That does not mean that it is not necessary to undertake CDD, in any situation. However, it does mean that, in low risk situations, the level of CDD undertaken does not need to be as extensive as in higher risk situations.


If you really “know your client” (KYC) and understand what you are being asked to do and why, you will be in a better position to assess whether there is something unusual and mitigate the risks accordingly. The starting point is to assess the type of client, business relationship, product or transaction and understand the risks involved. You can use a range of sources including for example, e-verification procedures to help you. The RBA also applies to ongoing monitoring allowing entities to assess the risks involved in a particular business relationship and determine the extent of the measures appropriate in view of the risks. 2.4 How to assess the risk profile of the entity Under Regulation 20, you must assess and manage the risk identified as being present in your entity. An entity should implement reasonable and considered controls to minimise the risks identified. Risk assessment and mitigation should be an ongoing process. The extent of the risk assessment will depend on the size of the entity, type of clients and the practice areas in which it engages. Regardless of size, the key is to ensure that the risks faced by the entity are identified, managed and mitigated. The factors that an entity is likely to consider include the following: Client demographic:

The client demographic will affect the risk of ML or TF. Factors which may vary the risk level include whether an entity: o acts for local clients with whom there is an established relationship; o acts for clients across the country, particularly those who are not met face to

face; o acts for foreign clients or clients with overseas connections including politically

exposed persons (PEPs) and those on the sanctions lists; o acts for clients affiliated with countries with poor AML controls, high levels of

corruption or where terrorist organisations operate; o acts for companies that have a complex ownership structure; o is easily able to obtain details of the beneficial owners of the client or not; o has a high turnover of clients or a stable existing client base; o practises in locations with high levels of acquisitive crime or for clients who

have convictions for acquisitive crimes, which increases the likelihood that the client may possess criminal property.

Entities should have a clear picture of their client database/demographic for a range of reasons but it will also enable them to assess the ML/TF risks involved.


Services and areas of law: Certain services and areas of law may provide opportunities to facilitate ML or TF. The following are examples:

complicated financial or property transactions or complex corporate structures;

assisting in setting up trusts or company structures, which can be used to obscure the true ownership of property;

payments made to or received from third parties or in cash;

transactions with a cross-border element.

The fact that a client or a retainer falls within a risk category does not mean that ML or TF is occurring but it is an indicator of risk or warning sign. The entity should ensure its internal controls are designed to manage the risks identified and take appropriate steps to mitigate them. 2.5 How to assess client risk By understanding the risks associated with a client and a retainer, an entity is able to determine what internal controls to apply and how to apply them in a proportionate and effective manner. The issues that an entity is likely to take into account include whether:

a client is within a high risk category;

the Customer Due Diligence (CDD) material for the client is reliable and allows the entity to identify the client and verify that identity;

there is sufficient information and clarity about the control and ownership structure of the client;

the retainer involves an area of law at higher risk of ML or TF;

the client is asking that funds are handled without an underlying legal transaction;

there are any aspects of the particular retainer which would increase or decrease the risks.

The risk assessment allows an entity to determine what internal controls are likely to meet the different risks posed, for example:

if the retainer is low risk, but there are concerns about verifying a client's identity, more resource may be used on verification whilst the transaction is monitored in the normal way;

if the retainer is high risk but you are satisfied you have verified the client's identity, you may require the fee earner to monitor the transaction more closely, rather than to seek further verification of identity.

It is important to note that a risk assessment does not end at client inception. It is an ongoing process, for the entity generally as well as for the individual client, business


relationship and retainer. The fee earners and support staff are best placed to assess risk at client level rather than sophisticated computer data analysis systems. The better an entity (through the fee earner) knows the client and understands the instructions, the better placed the entity will be to assess whether the transactions and source of funds etc. are consistent with the client‟s risk profile and to spot suspicious activities. 2.6 Conducting the client risk assessment An RBA starts with the identification and assessment of the risks that need to be managed. You are likely to start with an assessment of the risks of ML inherent in the legal service being provided, with the overlay being the assessment of the client, taking into account any geographical considerations relating to the client, or the transaction. The risk profile provides the basis for ongoing monitoring although for some clients, a comprehensive risk profile may only become evident once the business relationship has started. Monitoring of client activities and on-going reviews are a fundamental component of an RBA, enabling entities to identify if the risks associated with a client change. ML risks may be measured using various categories. The most commonly used risk criteria are: country or geographic risk; client risk; and transaction/services risk. The following paragraphs provide an indication of the various warning signs that may suggest a heightened risk of ML or TF: Country/geographic risk: Country risk, in conjunction with other risk factors, is relevant in assessing the risks posed by a particular client. Whilst a client may not be a national of a high risk country, they may have business interests in or relations with that country which may place the client in a higher risk category. Factors to take into account include:

countries subject to sanctions, embargoes or similar measures issued by, for example, the United Nations (UN) or the European Union (EU);

countries identified by credible sources, e.g. FATF, as having poor AML controls;

countries identified by credible sources as providing funding or support for terrorist activities; and

countries identified by credible sources as having significant levels of corruption, or other criminal activity.

There are a number of sources of further information including:

International Bar Association‟s summary of ML legislation at www.anti-moneylaundering.org;

Transparency International Corruptions Perceptions Index www.transparency.org.uk;

http://www.anti-moneylaundering.org/


FATF‟s list of countries with poor AML controls www.fatf-gafi.org

HM Treasury‟s statement www.gov.uk/government/publications/preventing-money-laundering.

Client risk: Determining the potential ML risks posed by a client is critical to protect the entity as well as to comply with the MLR 2007. The following characteristics of clients may indicate a higher risk of ML but this is not an exhaustive list:

an unexplained geographic distance between you and the client;

instructing different legal practices without a good explanation;

movement of funds between various geographic locations without a good explanation;

where there is no obvious commercial rationale for the client to undertake the transaction;

where the client is secretive, reluctant to provide CDD or documents or explanations;

where the source of wealth and/or source of funds is difficult to verify;

where the audit trail is difficult to follow or where there appear to have been multiple transactions which could be layering;

corporate clients unwilling or unprepared to give the names of their beneficial owners and controllers;

clients where it is difficult to identify the true owner or controlling interests of the client or assets;

clients involved in businesses which involve significant amounts of cash (and cash equivalent) either regularly or on an occasional basis e.g. money services businesses (e.g. remittance houses, currency exchange houses, bureaux de change), particularly if they are unregulated;

unregulated charities and other unregulated “not for profit” organisations (especially those operating on a “cross-border” basis);

use of intermediaries within the relationship who are not subject to adequate AML controls and who are not adequately supervised; and

clients who are PEPs or on sanctions lists.

Other sources of further information about red flags or warning signs include:

International Bar Association‟s publication “A Lawyer‟s Guide to Detecting and Preventing Money Laundering” (2014) http://www.anti-moneylaundering.org/AboutAML.aspx

FATF‟s typologies report (2013) “Money Laundering and Terrorist Financing Vulnerabilities of Legal Professionals” www.fatf-gafi.org

HM Treasury‟s statement www.gov.uk/government/publications/preventing-money-laundering.

Many clients, by their nature or through what is already known about them by the entity, carry a lower ML or TF risk. For example:

http://www.fatf-gafi.org/

https://www.gov.uk/government/publications/preventing-money-laundering

http://www.anti-moneylaundering.org/AboutAML.aspx



http://www.gov.uk/government/publications/preventing-money-laundering

http://www.gov.uk/government/publications/preventing-money-laundering


clients who are employed or with a regular source of income from a known source which supports the activity being undertaken;

clients with a long-term and active business relationship with you; and

clients represented by those whose appointment is subject to court approval or ratification (such as personal representatives or Court of Protection deputies).

Variables impacting upon risk: Your RBA is likely to take into account risk variables which increase or decrease the perceived risk posed by a particular client, including;

size of transaction – unusually large transactions, compared to what might reasonably be expected of the client may indicate that a client may need to be treated as higher risk. Conversely, low value transactions involving a client who would otherwise appear to be higher risk might allow you to treat the client as lower risk. You should, however, be conscious that low value transactions can be a common feature of TF;

regularity or duration of the relationship – long-standing relationships involving frequent client contact may present less risk from an ML perspective, provided you are satisfied that you know the client;

familiarity with a country – including knowledge of local laws, regulations and rules, as well as the structure and extent of regulatory oversight, as the result of your own operations within the country; or

use of intermediate corporate vehicles or structures – that have no apparent commercial or other rationale. The use of such vehicles or structures, without a credible explanation, increases the risk.

By applying an RBA, an entity will be able to target its resources at areas of higher risk. This should allow the entity to respond to emerging risks, in a swifter and more flexible manner. The Approved Managers should ensure that all employees are made aware of how they may be targeted and how to protect themselves as well as the entity. This should not be a one-off process but should be ongoing, involving regular reminders.


CHAPTER 3 – SYSTEMS, POLICIES AND PROCEDURES 3.1 General comments and applicable law Under Regulation 20 of the MLR 2007, businesses in the regulated sector must have certain systems and controls in place. If you are in the regulated sector, failure to have those systems in place is an offence, punishable by a fine or up to 2 years' imprisonment. You must demonstrate your compliance with the MLR 2007 to IPS, as the supervisory authority. Entities in the regulated sector must appoint an MLRO (or nominated officer) who will be responsible (together with the senior management and partners) for implementing and maintaining those systems and controls. Entities operating outside the regulated sector may decide that having similar systems may help the entity to comply with their obligations to report suspicious transactions under POCA and the Terrorism Act, which may include the appointment of a money laundering reporting officer (MLRO). There is no requirement to appoint an MLRO. 3.2 The MLRO All businesses within the regulated sector must, under Regulation 20(2)(d)(i), have an MLRO to whom reports are made under POCA and the Terrorism Act, and who will make reports or SARs to the NCA. If you are an individual who provides services in the regulated sector but do not employ any people or act in association with anyone else, there is no requirement to have an MLRO, by virtue of Regulation 20(3). Appointing the right person as the MLRO is critical. The MLRO must have sufficient seniority, responsibility and credibility together with the support of senior management to:

ensure that robust systems and controls are in place;

make decisions on reporting which can affect relations with clients and expose the entity to criminal, civil, regulatory and disciplinary sanctions;

allow them access to all client files and business information to be able to make appropriate decisions on the basis of all information held by the entity.

Entities authorised by the Financial Conduct Authority (FCA) will need to obtain the FCA's approval to the appointment of the MLRO as this is a controlled function under section 59 of the Financial Services and Markets Act 2000. The MLRO must ensure that when appropriate, the information or other matter leading to knowledge or suspicion, or reasonable grounds for knowledge or suspicion of ML is properly disclosed to the NCA. The obligations are considered in


more detail in chapters 5, 6, 7 and 8. The decision to report, or not to report, must not be subject to the consent of anyone else. The MLRO will also, when seeking consent, liaise with the NCA or law enforcement as to whether to proceed with a transaction or what information may be disclosed to clients or third parties. All entities should consider arrangements for temporary cover when the MLRO is absent and depending on the size and nature of the entity may appoint a deputy (or deputies) to whom some AML/CTF duties are delegated. 3.3 Policies and procedures To prevent ML and TF, an entity in the regulated sector must establish and maintain appropriate and risk sensitive policies and procedures in accordance with Regulation 20 relating to:

client due diligence (CDD) and ongoing monitoring;

reporting;

record-keeping;

internal controls;

assessment and management of risks of ML/TF;

monitoring, internal communication and management of compliance with the policy and procedures;

procedures to identify and scrutinise complex or unusually large transactions, unusual patterns of transactions and any other activity likely to be related to money laundering or terrorist financing;

ongoing training for all relevant employees (as required by Regulation 21).

By implementing effective policies and procedures, the entity should ensure that there is a consistent approach, employees know what they must do and entities can demonstrate to IPS as the regulator and to oversight bodies that they have systems and controls to ensure compliance. 3.4 What should be included? The entity‟s formal written policies and procedures should be tailored to the nature and size of the practice and should be reviewed on a regular basis. It is good practice to include:

a statement of the culture and values to be adopted and communicated within the entity to prevent ML and TF;

a statement of commitment to ensure that the legislation is not used to unreasonably deny access to legal services;

allocation of responsibilities to specific persons and functions;

a summary of the entity‟s approach to assessing and managing its ML and TF risks;

a commitment to the entity knowing its clients appropriately - both at acceptance and throughout the business relationship - by taking appropriate steps to verify the clients‟ identity and understand the purpose and intended


nature of the business relationship with the entity, as well as ongoing monitoring;

a summary of the entity‟s procedures for carrying out appropriate identification and monitoring checks on the basis of their RBA;

a commitment to ensuring that employees are properly trained and made aware of the law and their obligations;

recognition of the importance of employees promptly reporting their suspicions internally;

a commitment to establishing procedures to implement these requirements; and

a summary of the appropriate monitoring arrangements in place to ensure that the entity‟s policies and procedures are being complied with.

3.5 Risk assessment The AML/CTF risk assessment (see chapter 2) should form part of the entity‟s overall risk management framework. The approach taken by the entity will depend on its size and the complexity of the business, its business model, its clients and the degree of involvement of senior management and compliance employees in day-to-day activities. Issues which are likely to be covered in the risk assessment include:

the current risk profile of the entity;

how AML/CTF risks will be assessed, what the processes are for re-assessment and updating of the risk profile, including the frequency;

the internal controls which will be used to mitigate the risks;

who has authority to make risk-based decisions about compliance on individual files;

how the effectiveness of the systems and controls will be monitored and reviewed.

3.6 Monitoring and compliance Monitoring compliance will enable an entity to assess whether the policies and procedures are effective in preventing ML and TF within your entity. The scale of the monitoring will depend on the size and nature of the practice, bearing in mind the entity‟s risk profile. There is no “one size fits all” approach but entities should assess what will be workable, proportionate and effective for their business model and culture. Issues which may be covered include:

procedures to monitor compliance, which may involve:

checks on CDD;

random file audits;

file checklists to be completed before opening or closing a file;


the MLRO‟s log of queries and reports or SARs;

reports to be provided by the MLRO to senior management on compliance;

how to escalate non-compliance and rectify non-compliance, when identified;

how lessons learnt will be communicated to employees and added into the entity‟s risk profile.

3.7 Customer due diligence (CDD) Entities within the regulated sector must have a system to ensure compliance with the CDD requirements which need to be applied to specific clients. Chapter 4 provides more details on the different types of clients and the types of CDD to be obtained. An entity may wish to record its risk appetite and tolerances to be able to demonstrate to the supervisor that the CDD measures are appropriate. CDD policies and procedures are likely to include:

when CDD is to be undertaken;

what CDD information is to be obtained to verify identity (either specifically or a range of options with details of who can exercise discretion on the level of verification to be undertaken in any particular case);

when simplified due diligence (SDD) may occur;

how to undertake enhanced due diligence (EDD);

how to establish if your client is a PEP;

the circumstances in which a delay in obtaining CDD is permitted;

how to conduct CDD on existing clients;

what ongoing monitoring is required; and

what CDD information to be recorded and where it will be held.

3.8 Reporting Entities must have effective systems to ensure that employees understand when they must make an internal report and how to make an internal report under POCA and the Terrorism Act. The issues are considered in more detail in chapters 5, 6, 7 and 8. The requirement for such a system does not apply to sole practitioners who have no other employees, whether employed under a contract of services or a contract for services. The systems are likely to include:

the circumstances in which an internal report is likely to be required;

how and when information is to be provided to the MLRO/deputies;

resources which can be used to resolve difficult issues around making a SAR;

how and when a SAR is to be made to the NCA;

how to manage a client when a SAR is made whilst waiting for consent;

when the tipping off offence applies;

when the prejudicing an investigation offence is relevant.


3.9 Record keeping Regulation 19 requires entities in the regulated sector to keep CDD material and supporting evidence and records in respect of the relevant business relationship or occasional transaction. Failure to keep the records is a breach of Regulation 45 and can result in prosecution even if there has not been any ML. The policies and procedures should make it clear what records are to be kept, the form in which they should be kept, for how long they should be kept and where they should be kept or archived. The main types of records likely to be retained are;

CDD material or references to it (for 5 years after the business relationship ends or the occasional transaction is completed);

supporting evidence and records (for 5 years after the date on which the transaction is completed);

reports, internal and external.

Issues to consider when deciding how to retain and store CDD material may include

whether to:

hold CDD material separately from the client file for each retainer, as different departments may need access;

take photocopies of CDD material and retain it in hard copy with a statement that the original has been seen or certified as a true likeness;

scan the CDD material and hold it electronically;

keep electronic copies or hard copies of the results of any electronic verification checks; and

record reference details of the CDD material seen.

The MLR 2007 allow for the option of merely recording reference details which may be particularly useful when taking instructions from clients at their home or other locations away from your office. The types of details to record are likely to include:

any reference numbers on documents or letters;

any relevant dates, such as issue, expiry or writing;

details of the issuer or writer; and

all identity details recorded on the document.

Regulation 17 allows an entity to be relied upon by another person for the completion of CDD measures, (see paragraph 4.7 for further details). Where you are relied on by another person, you must keep the relevant documents for 5 years from the date on which they relied on you. Under Regulation 5(c), you must understand the purpose and intended nature of the business relationship which is, in effect, a risk assessment of the client. As this forms part of the CDD measures, a record should be retained, to demonstrate compliance.


In addition, the record will help to demonstrate to IPS that you have applied an RBA in a reasonable and proportionate manner. The record does not need to be in significant detail, however, a note on the CDD file stating the type of work, the nature of the instructions and whether the risk is high, medium or low and why you considered you had sufficient CDD information is likely to be a reasonable record. Contemporaneous notes are always better than justifications provided later. An example may be:

'This is a low risk client providing medium risk instructions with no beneficial owners. Standard CDD material was obtained and medium level ongoing monitoring is to be undertaken.'

You must keep all original documents or copies admissible in court proceedings. Records of a particular transaction, either as an occasional transaction or within a business relationship, must be kept for 5 years after the date on which the transaction is completed. It is recommended that comprehensive records of suspicions and reports (both internal and external) are kept by the MLRO and the entity, because a suspicious activity report (SAR) is a defence to an offence. Such records may include notes of:

discussions with the MLRO (including advice sought and received);

ongoing monitoring undertaken and concerns raised by employees;

why the concerns did not amount to a suspicion;

if there was a suspicion, why a SAR was not made to the NCA (e.g. because the information was received in privileged circumstances), enabling the MLRO to justify his position to law enforcement;

copies of any SARs made and any updates to the SAR;

conversations with the NCA, law enforcement or insurers regarding SARs made.

Entities should ensure that records are not inappropriately disclosed to the client (or third parties) for example, if there is a risk that by doing so, the entity might commit offences of tipping off and/or prejudicing an investigation. The prudent approach is to maintain a separate file, either for the client or for the department where there are regulatory or reporting issues, rather than including information on the client file. Under the Data Protection Act 1998 (which applies to you and the NCA), clients or others are permitted to make subject access requests in relation to data held about them. Such requests could include any SAR made to the NCA. Section 29 of the Data Protection Act 1998 states that you need not provide personal data where by doing so, the disclosure would be likely to prejudice the prevention or detection of crime, or the apprehension or prosecution of offenders. HM Treasury and the Information Commissioner (ICO) have issued guidance on when the section 29 exemption would apply, where granting a subject access request would amount to tipping off. This may extend to suspicions only reported internally within your entity:


https://ico.org.uk/media/for-organisations/documents/1065/subject-access-code-of-practice.pdf. If you decide the section 29 exemption applies, it would be prudent to document your decision making process, to be able to respond to any enquiries by the ICO. 3.10 Communication and training Employees are the most effective defence against an entity being used by launderers and terrorist financers. Under Regulation 21, an entity must provide relevant employees with appropriate training on their legal obligations and information on how to recognise and deal with ML and TF risks. Regulation 20 requires you to communicate your AML/CTF policies and procedures to your employees. If employees are not provided with appropriate training and fail to report knowledge or suspicion of ML, they have a defence under section 330(7) of POCA provided they did not know or suspect ML. A lack of training is not a defence to TF charges. Failure to train employees leaves the entity, the Approved Managers and the MLRO open to prosecution under the MLR 2007 for failing to train employees properly, as well as to disciplinary sanction from IPS. For further guidance on training see chapter 9.

https://ico.org.uk/media/for-organisations/documents/1065/subject-access-code-of-practice.pdf

https://ico.org.uk/media/for-organisations/documents/1065/subject-access-code-of-practice.pdf


CHAPTER 4 – CUSTOMER DUE DILIGENCE 4.1 Introduction Standard CDD (see paragraph 4.3)

Simplified due diligence (SDD) (see paragraph 4.5)

Enhanced due diligence (EDD) (see paragraph 4.6)

Identify client and

verify identity

Identify beneficial

owner (BO) (if not

the client)

Assess the risk of

the client and

transaction

Obtain

evidence

client is

eligible for

SDD

No need for

risk

assessment

or details of

BO

If ML is

suspected,

obtain CDD

and

undertake

ongoing

monitoring

Reason for EDD

PEP

Non face to face

Higher risks of

ML/TF

PEPs – obtain

senior management

approval, details of

source of wealth,

enhanced ongoing

monitoring

Non face to face

Obtain more ID or supplementary

measures or first payment from a UK

bank account

Higher risk

Identify current high risk

jurisdictions

Conduct enhanced ongoing monitoring

Verify the

beneficial owner

on a risk sensitive

basis


You must undertake customer due diligence (CDD) under the MLR 2007 if you are undertaking work in the regulated sector. By knowing your client and understanding the rationale for their instructions, you and your employees are more likely to identify suspicious transactions. The importance of “knowing your client” (KYC) for ML prevention purposes needs to be emphasised within your entity. Employees need to understand, not only why they need to know the true identity of the client, but also why they need to know enough about the type of activities expected in relation to that client. It needs to be clear why they need to understand these issues at the start of a retainer in order to know what might constitute suspicious activity. Relevant employees must be alert to any change in the pattern of a client‟s transactions or circumstances that might give rise to concern or suspicion that there may be ML or TF. For work outside the regulated sector, you are not required to conduct CDD, but many businesses apply the CDD requirements to all clients. An alternative approach is to ensure that when an existing client instructs the entity to undertake regulated work, CDD is obtained at that point. 4.2 What is CDD? It is important to understand what the MLR 2007 require in terms of CDD. The key elements are in Regulation 5, which defines CDD measures as follows:

identifying the client and verifying their identity on the basis of documents, data or information obtained from a reliable and independent source;

identifying, where there is a beneficial owner who is not the client, the beneficial owner and taking adequate measures, on a risk-sensitive basis, to verify his identity so that you are satisfied that you know who the beneficial owner is. This includes understanding the ownership and control structure of a legal person, trust or similar arrangement;

obtaining information on the purpose and intended nature of the business relationship.

Under Regulation 7, you must apply CDD measures when:

establishing a business relationship;

carrying out an occasional transaction over €15,000 (either in a single transaction or in several operations which appear to be linked);

you suspect money laundering or terrorist financing;

you doubt the veracity or adequacy of documents, data or information previously obtained for the purpose of CDD.

You do not need to conduct CDD where you carry out an occasional transaction under €15,000 (approximately £12,000) unless there is a risk of money laundering. The distinction between occasional transactions and long-lasting business relationships is relevant to the timing of CDD and the storage of records.


If an occasional transaction might increase in value or develop into a business relationship, it will be sensible to conduct CDD early in the retainer to determine whether you need more information. If there is a change in the relationship, you must ensure that you obtained any further CDD or information and comply with the MLR 2007. Regulation 7 is subject to a number of other regulations, the relevant ones are Regulation 9 (timing of verification), Regulation 13 (simplified due diligence (SDD), Regulation 14 (enhanced due diligence (EDD)) and Regulation 17 (reliance). Entities and their employees need to understand the details of these regulations and how they affect the extent of the CDD that needs to be undertaken. 4.3 Identification and verification It is important to understand the difference between identification and verification. Identification is simply knowing who the client is e.g. John Smith. The key characteristics for an individual are name (which may change), residential address (which may change) and date of birth. Other relevant facts about an individual may include family circumstances and addresses, employment and business career, and physical appearance. The key characteristics for a corporate client are its constitution, its business and its legal and ownership structure. Verification is the process of verifying the identity of the client against documents, data or information obtained from a reliable and independent source. Whilst you cannot avoid conducting CDD, you can use the RBA to determine the extent and quality of information required and the steps to be taken to meet the requirements. Regulation 7(3) allows entities to decide the extent of CDD measures on a risk-sensitive basis depending on the type of client, business relationship, product or transaction. You can then show IPS that you took appropriate measures in view of the risks of ML or TF. The requirement to obtain information on the “purpose and intended nature” only applies when there is a business relationship. However, in order to scope your retainer and draft your terms of business/engagement letter, it is good practice to obtain enough information so that you fully understand the client‟s instructions and why. It will also be sensible to understand whether there are credit or reputational risks associated with the client. 4.4 Methods of verification You can complete verification on the basis of documents, data and information which comes from a reliable and independent source so there are a number of ways to verify a client's identity including:


obtaining or seeing original documents;

undertaking an electronic verification check;

obtaining information from other regulated persons.

Independent source: For individuals, “identity documents”, such as passports and driving licences, are often the best way of being reasonably satisfied as to someone‟s identity, as they provide independent and reliable verification. It is, however, possible to be reasonably satisfied as to a client‟s identity based on other forms of confirmation, including, in appropriate circumstances, written or otherwise documented assurances from persons (or organisations) who have dealt with the client for some time. When deciding whether you have obtained sufficient information, it is worth bearing in mind the cumulative weight of information you have about the client together with the risk levels identified for both the client and the retainer. For beneficial owners, you can use a wider range of sources when taking adequate measures, on a risk-sensitive basis to verify the identity of the beneficial owner and understand the ownership and control structure of the client. Often only the client or their representatives can provide you with such information. You should apply the requirements in a risk-based manner to a level at which you are satisfied that you know who the beneficial owner is. When checking documents, you should not ignore obvious forgeries, but there is no requirement to be an expert in forged documents. Entities will want to take reasonable steps to protect themselves from being used by fraudsters or for identity theft, by understanding the types of risk and the possible solutions. If you accept a client from another legal professional, you must still satisfy yourself that you have verified identity. If the evidence of identity is on the file, it may be sufficient to review it and assess whether any further confirmation is required, e.g. because the client has changed address. Regulation 17 (see chapter 4.7) may assist you in some situations. There may be other circumstances in which it is simply more prudent to ask the client to provide evidence of identity to you. Electronic verification (e-verification): There is an increasing interest in using electronic verification which can provide a degree of reassurance and help to identify clients who are PEPs or on sanctions lists. However, an e-verification check will only confirm that someone exists, not that your client is that person. You may wish to assess the risk implications of the particular retainer, corroborate the e-verification check with other CDD material and stay alert to the possibility of impersonation fraud.


It is important to consider the following when choosing an electronic verification service provider:

are they registered with the ICO to process personal data under the Data Protection Act 1998;

will the e-verification check link the client to both current and previous circumstances using a range of positive information sources;

do they access negative information sources, such as databases on identity fraud and deceased persons;

do they access a wide range of 'alert' data sources;

do they have transparent processes so you know what checks are carried out, the results of the checks, and how much certainty they give on the identity of the subject;

will the provider allow you to capture and store the information used to verify an identity.

There is no requirement to obtain consent from your client to use electronic verification, but you do need to tell the client that the check will take place. Entities should assess whether electronic verification is an appropriate measure in a given set of circumstances. In some cases, it may be appropriate to obtain further evidence of identity. The Council for Mortgage Lenders advise that electronic verification products may not be suitable for fraud prevention purposes, such as verifying that a person‟s signature is genuine. (Entities should ensure that they always keep up to date with any changes to the CML Handbook.) Existing clients: Regulation 7(2) states you must apply CDD measures to an existing customer at other appropriate times and on a risk-sensitive basis. The exemption for customers with whom you had a business relationship prior to 1 March 2004 was repealed on 15 December 2007. It is unlikely that entities will have existing clients from before 15 December 2007. Any new clients will be identified as required by the MLR 2007. Where an entity does have existing clients, the following factors may trigger a need for CDD:

a gap in retainers of 3 years or more;

a client instructing you on a higher risk retainer;

where you develop a suspicion of ML or TF in the retainer;

an existing high risk client.

You must under Regulation 8 conduct ongoing monitoring of a business relationship to identify any suspicious activity. When conducting CDD on existing clients or a subsidiary of an existing client, you may consider information already held by your entity which would verify their identity


or publicly available information to confirm the information you hold, rather than approaching the client to provide that information. It may be appropriate for a fee earner or partner who has known the client for a long time to certify that they know the client (including address) and place that certification on the file. It is worth considering what the position will be if the fee earner or partner person leaves the entity and cannot be contacted to confirm the information. 4.5 Simplified due diligence (SDD) Regulation 13 allows regulated persons to undertake simplified due diligence in certain circumstances. SDD means you simply have to obtain evidence that the client (or products provided) is eligible for simplified due diligence. You do not need to obtain information on the nature and purpose of the business relationship or on beneficial owners. You will need, however, to conduct CDD and ongoing monitoring where you suspect ML or TF. The following clients and products qualify for SDD:

a credit or financial institution which is subject to the requirements of the Third Directive;

a credit or financial institution in a non-EEA state which is supervised for compliance with requirements equivalent to the Third Directive;

companies listed on a regulated EEA state market or a non-EEA market which are subject to disclosure obligations specified in Regulation 2;

beneficial owners of pooled accounts held by a notary or independent legal professional, i.e. financial services businesses are not required to apply CDD to the third party beneficial owners of omnibus accounts held by legal professionals, provided the information on the identity of the beneficial owners is available upon request;

UK public authorities;

a non-UK public authority which: o is entrusted with public functions pursuant to the treaty on the EU or the

Treaties on the European Communities, or Community secondary legislation; o has a publicly available, transparent and certain identity; o has activities and accounting practices which are transparent; o is accountable to a community institution, the authorities of an EEA state or is

otherwise subject to appropriate check and balance procedures;

certain insurance policies, pensions or electronic money products;

products where: o they are based on a written contract; o related transactions are carried out through a credit institution which is

regulated under the Third Directive or subject to equivalent requirements; o they are not anonymous; o they are within relevant maximum thresholds; o realisation for the benefit of a third party is limited;


o investment in assets or claims is only realisable in the long term, cannot be used as collateral and there cannot be accelerated payments, surrender clauses or early termination.

For further details on the requirements for qualification for SDD, see Regulation 13 and Schedule 2 of the MLR 2007. 4.6 Enhanced due diligence (EDD) Regulation 14 requires regulated persons to apply EDD on a risk-sensitive basis where:

the client is not physically present for identification purposes (i.e. non face to face);

the client is a PEP;

there is any other situation which can present a higher risk of ML or TF.

The MLR 2007 do not define EDD in the last option. In applying the RBA to the situation, you should consider whether it is appropriate to:

seek further verification of the client or beneficial owner‟s identity;

obtain more detail on the ownership and control structure of the client;

request further information on the purpose of the retainer or the source of the fund; and/or

conduct enhanced ongoing monitoring. Non face to face clients Where a client is a natural person and they are not physically present for identification purposes, you must undertake EDD. A client who is not a natural person can never be physically present for identification purposes and will only ever be represented by an agent. The fact that you do not have face to face meetings with the agents of an entity or arrangement does not automatically require that EDD is undertaken. You should consider the risks associated with the retainer and the client, assess how standard CDD measures are meeting those risks and decide whether further CDD measures are required. Regulation 14 (2) provides examples of additional measures that can be taken to compensate for the higher risk of non face to face transactions, although the list is not exhaustive:

using additional documents, data or information to establish identity. This may involve using electronic verification to confirm documents provided, or using two or three documents from different sources to confirm the information;

using supplementary measures to verify or certify the documents supplied or obtain confirmatory certification by a credit or financial institution which is subject to the Third Directive. You may consider electronic verification to confirm the


documents provided. Alternatively consider obtaining certified copies of documents, e.g. when dealing with foreign passports or identity cards, check the requirements for that country with the relevant embassy or consulate. With all other documents, you may consider whether the certifying person is regulated under the MLR 2007 or is otherwise a professional person subject to some degree of regulation or fit and proper person test, who can easily be independently contacted to verify their certification of the documents. Such persons include bank managers, accountants, or local GPs. You may also consider accepting documents certified by the Post Office-provided Identity Checking Service;

ensuring the first payment in the retainer is through an account opened in the client's name with a credit institution. EU regulation 1781/2006 says credit institutions must provide the payer‟s name, address and account number with all electronic fund transfers. It came into force on 1 January 2007 and is directly applicable to all member states. This can be used to further verify your client's identity.

Further details: EU Regulation 1781/2006: Regulation on information on the payer accompanying transfers of funds - European Commission Part II – Joint Money Laundering Steering Group (JMLSG) guidance: http://www.jmlsg.org.uk/industry-guidance/article/guidance If such information is not included on the electronic fund transfer, discuss this with the relevant financial or credit institution. If the institution refuses to give you written confirmation of the details, you may consider raising the issue with the FCA. You should take other steps to verify your client's identity. Politically Exposed Persons (PEPs) You must take the following steps to deal with the heightened risk posed by a client who is a PEP:

obtain senior management approval to establish a business relationship with a PEP. This may be the Compliance Manager or the MLRO;

take adequate measures to establish the source of wealth and source of funds which are involved in the business relationship or occasional transaction;

conduct enhanced ongoing monitoring of the business relationship.

You are not required at present to investigate whether beneficial owners of a client are PEPs but that will change with the Fourth Directive. However, where you have a beneficial owner whom you know is a PEP, you should consider on a risk-based approach what extra measures, if any, you need to take when dealing with that client. Merely doing work for a non-UK public authority does not mean that you are in a business relationship with a PEP but make sure you consider the risks associated with that authority and take appropriate steps to address those risks.

http://ec.europa.eu/finance/payments/transfers/index_en.htm

http://ec.europa.eu/finance/payments/transfers/index_en.htm

http://www.jmlsg.org.uk/industry-guidance/article/guidance


A PEP is a person who is entrusted (or has at any time in the preceding year been entrusted), with one of the following prominent public functions by a community institution, an international body, or a state other than the UK:

heads of state, heads of government, ministers and deputy or assistant ministers;

members of parliament;

members of supreme courts, of constitutional courts, or of other high-level judicial bodies whose decisions are not generally subject to further appeal, except in exceptional circumstances;

members of courts of auditors or of the boards of central banks;

ambassadors, chargés d'affaires and high-ranking officers in the Armed Forces;

members of the administrative, management or supervisory bodies of state-owned enterprises.

Middle ranking and junior officials are not PEPs. In addition to the primary PEPs listed above, a PEP also includes:

family members of a PEP – spouse, partner, children and their spouses or partners and parents;

known close associates of a PEP – persons with whom joint beneficial ownership of a legal entity or legal arrangement is held, with whom there are close business relationships, or who is a sole beneficial owner of a legal entity or arrangement set up by the primary PEP (to decide whether someone is a known close associate, you only need to have regard to information which is in your possession or is publicly known).

The regulations only apply to persons appointed by governments and authorities outside the UK, but it may be appropriate, on an RBA to apply some or all of the EDD requirements to a person appointed in the UK, who would have been a PEP had they been appointed outside the UK. The requirements will change under the Fourth Directive, both in terms of length of time (18 months) and because the UK will be included so domestic PEPs will be subject to EDD once the Fourth Directive is implemented. You are not required to conduct extensive investigations to establish whether a person is a PEP but you can ask the client if they are a PEP or a relative and should consider information in your possession or publicly known. To assess your PEP risk profile, you should consider your existing client base, taking into account the general demographic of your client base including the countries with which clients have connections. You should also take into account the numbers of clients whom you know are currently PEPs. If the risk of your acquiring a PEP as a client is low, you may simply wish to ask clients whether they fall within any of the PEP categories. If they say no, you may


reasonably assume that individual is not a PEP, unless there is something which makes you think they may be a PEP. Where you have a higher risk of having PEPs as clients or you have reason to suspect that a person may actually be a PEP contrary to earlier information, you should consider conducting some form of electronic verification. You may find that a web-based search engine will be sufficient for these purposes, or you may decide that it is more appropriate to conduct electronic checks through a reputable electronic verification provider, with access to international databases. The range of PEPs is wide and constantly changing, so electronic verification is unlikely to provide 100 per cent certainty. You should remain alert to situations suggesting the client is a PEP, for example:

receipt of funds from a government account;

correspondence on official letterhead from the client or a related person;

general conversation with the client or person related to the retainer linking the person to a PEP;

news reports which actually come to your attention suggesting your client is a PEP or linked to a PEP.

Where you suspect a client is a PEP but do not have evidence, you may consider on a risk-sensitive basis applying aspects of the EDD procedures. In terms of obtaining senior management approval, the regulations do not define senior management, so it is a matter for your entity to decide who that is e.g. the MLRO or the managing partner or members of the management board or a combination. It is recommended that you advise those responsible for monitoring risk that a business relationship with a PEP has begun, to assist in their overall monitoring of the entity's risk profile and compliance. You should take adequate measures to understand the source of funds and source of wealth. This may simply involve asking questions of the client about their source of wealth and the source of the funds to be used with each retainer. Information about a PEP‟s salary and source of wealth may be publicly available on a register of their interests. You must conduct enhanced ongoing monitoring of the relationship. You should ensure that funds paid into your client account come from the account nominated by the client and are for an amount which is consistent with the client's known wealth. You should ask further questions if you are concerned. High risk of Money Laundering You must undertake EDD in any other situation “which by its nature can present a higher risk” of ML or TF. Regulation 14 (1)(a) does not provide any further


information as to what that might mean. However, you should keep up to date with the FATF list of high risk jurisdictions: http://www.fatf-gafi.org/topics/high-riskandnon-cooperativejurisdictions/ You must undertake enhanced ongoing monitoring in relation to high risk situations identified. The risk assessment on the client will help to identify higher risk situations. 4.7 Reliance and outsourcing Under Regulation 17, you can rely on another regulated person (as defined in Regulation 17) to conduct CDD for you. However, it is important to be aware of the limitations of the “reliance” provision. In particular, even if you rely on another person and obtain consent, you remain liable for any failure to apply CDD measures. You must have:

the consent of the person on whom you rely;

agreement that they will provide you with the CDD material upon request;

the identity of their supervisor for ML purposes. You may wish to check the register of members for that supervisor. Alternatively, if you have reasonable grounds to believe them, it may be sufficient to accept their personal assurance of the identity of the supervisor.

It may not always be appropriate to rely on another person to undertake your CDD checks and you should consider reliance as a risk in itself. However, where you decide it is appropriate, it is best practice to ask what CDD enquiries have been undertaken to ensure that the regulated person actually complies with the regulations, because you remain liable for non-compliance. This is particularly important if you are relying on a person outside the UK who may be subject to less stringent AML controls. You should be satisfied that the CDD has been conducted to a standard compatible with the Third Directive, taking into account the ability to use different sources of verification and jurisdiction specific factors. It should be noted that reliance does not include:

accepting information from others to verify a client's identity when meeting your own CDD obligations;

electronic verification, which is outsourcing.

Regulation 17 sets out those on whom you can rely as follows; UK:

a credit or financial institution which is an authorised person (i.e. regulated by the FCA);

a consumer credit financial institution;

a person in the following professions who is supervised by a supervisory authority listed in Part 1 of Schedule 3 of the MLR 2007:

o auditor;

Comment [ALM1]: This is pending the proposed changes to Regulation 17 which do not appear to have been implemented as yet

http://www.fatf-gafi.org/topics/high-riskandnon-cooperativejurisdictions/


o insolvency practitioner; o external accountant; o tax adviser; o independent legal professional.

EEA:

a credit or financial institution;

auditor, or EEA equivalent;

insolvency practitioner, or EEA equivalent;

external accountant;

tax adviser;

independent legal professional

provided that they are both:

o subject to mandatory professional registration recognised by law; and o supervised for compliance with the requirements laid down in the Third

Directive in accordance with section 2 of Chapter V of the Directive.

Although the Third Directive has now been implemented by Member States, there are inconsistencies, so entities are advised to check on the International Bar Association's website http://www.anti-moneylaundering.org/ for details about how the Directive has been implemented in that country Other countries outside of the EEA:

a credit or financial institution, or equivalent;

an auditor, or equivalent;

an insolvency practitioner, or equivalent;

an external accountant;

a tax adviser; or

an independent legal professional

provided they are:

o subject to mandatory professional registration recognised by law; o subject to requirements equivalent to those laid down in the Third Directive; o supervised for compliance with those requirements in a manner equivalent to

section 2 of Chapter V of the Directive.

4.8 Passporting clients between jurisdictions (international offices) If your entity has a branch or affiliated office ('international offices') in another jurisdiction and clients use the services of a number of international offices, it is not seen as proportionate for a client to be required to provide original identification material to each office.

http://www.anti-moneylaundering.org/


In such circumstances, you may decide to have a central international database of CDD material on clients to which you refer. You should review the CDD material to be satisfied that CDD has been completed in accordance with the Third Directive. If further information is required, make sure it is obtained and added to the central database. Entities may simply ensure that the CDD approval controls for the database are sufficiently robust to ensure that all CDD has been obtained. In some cases, you may wish to rely on the international office simply to provide written confirmation that CDD requirements have been undertaken for the client. This will only be reliance if the other entity can be relied on under Regulation 17 and the CDD is obtained in compliance with Regulation 17. Finally, if you do not have a central database you may decide to undertake your own CDD measures in respect of the client, but ask the international office to provide copies of the verification material, instead of asking the client directly. This will be outsourcing as opposed to reliance. Care should be taken in relation to PEPs, as a client who is not a PEP in their own country, will be a PEP in other countries. (This will change under the Fourth Directive, as domestic PEPs will be introduced.) As a result, you will need systems to check if a person passported into your office becomes a PEP and, if so, undertake EDD (see chapter 4.6). 4.9 Ongoing monitoring Having undertaken the CDD at the start of the retainer, including the risk assessment, all employees not only need to understand the need for ongoing monitoring but what it is and what is not required. Regulation 8 requires that ongoing monitoring of a business relationship is undertaken on a risk-sensitive and appropriate basis. Ongoing monitoring means:

scrutiny of transactions undertaken during the course of the relationship, (including where necessary, the source of funds), so that the transactions are consistent with your knowledge of the client, their business and the risk profile; and

keeping the documents, data or information obtained for the purpose of applying CDD up-to-date. (Personal data must also be kept up-to-date, where necessary, under the Data Protection Act 1998).

There is no requirement to:

repeat the whole CDD process every few years;

undertake random audits of files;

suspend or terminate a business relationship until you have updated data, information or documents, provided you remain satisfied you know who your


client is and keep under review any request for further verification material or processes to obtain that material;

use sophisticated computer analysis packages to review each new retainer for anomalies.

Ongoing monitoring will usually be conducted by the fee earner (and support staff) acting on the transaction. It means staying alert to circumstances which may suggest ML, TF or the provision of false CDD material. An example may be where a small family home is bought for a couple who also instruct you to prepare their wills. A subsequent instruction to purchase a holiday home is likely to cause you to ask about the source of funds, especially if the purchase seems inconsistent with the earlier disclosure of their financial circumstances, even though you are already satisfied about their identity. If you are suspicious that there is ML as a result of further enquiries, you should discuss the issues with your MLRO. So that CDD material is kept up-to-date, you are likely to review it:

when taking new instructions from a client, especially if there has been a gap of more than three years since the last instruction;

when information is received about a change in identity details.

You may consider issues such as:

the risk profile of the client and the specific retainer;

whether material is held on other files e.g. a conveyancing file which would confirm changes in identity;

whether electronic verification may help to find out if your client‟s identity details have changed, or to verify any changes.

4.10 When must CDD be undertaken? Under Regulation 9, you must verify your client's identity (and where necessary, that of any beneficial owner), before you establish a business relationship or carry out an occasional transaction but verification may be completed during the establishment of a business relationship, but not an occasional transaction, where:

it is necessary not to interrupt the normal conduct of business, and

there is little risk of ML or TF occurring,

provided that it is completed as soon as practicable after the initial contact. In deciding in what circumstances to allow work to be undertaken before verification is completed, it will be sensible to take into account your risk profile and the areas of work e.g. conveyancing, which are inevitably higher risk. Allowing funds or property to be transferred, or final agreements to be signed before completion of full verification, would be unwise.


Evidence of identity is not required for transactions under €15,000 or two or more linked transactions which involve less than €15,000 in total unless there is a suspicion about ML or TF. There may be occasions when the delay in obtaining CDD gives rise to concerns and ultimately a suspicion, which needs to be reported to the NCA. It will be sensible to consider what the reason is for the delay in providing CDD before reporting in accordance with the law and the NCA guidance. If you are unable to conduct verification of the client (and beneficial owners), then Regulation 11 will apply. This provides that if you are unable to complete CDD in accordance with Part 2 of the MLR 2007, you must not:

carry out a transaction with or for the client through a bank account;

establish a business relationship or carry out an occasional transaction.

As a result, you must:

terminate any existing business relationship;

consider whether you are required to make a SAR to the NCA.

However, it is important to note that Regulation 11(2) provides that the prohibition in Regulation 11(1) does not apply where:

'A lawyer or other professional adviser is in the course of ascertaining the legal position for their client or performing their task of defending or representing their client in, or concerning legal proceedings, including advice on instituting or avoiding proceedings.'

Consequently, the obligation to stop acting and consider making a SAR to the NCA when you cannot complete CDD, does not apply if you are providing legal advice or preparing for or engaging in litigation or alternative dispute resolution. As this exception does not apply to transactional work, care does need to be taken when considering the distinction between advice and litigation work and transactional work. 4.11 CDD on clients Your entity will make its own assessments as to what evidence is appropriate to verify the identity of your clients. You must keep records of your CDD material. If you are unable to produce the records to law enforcement or IPS, the assumption will be that you did not obtain any evidence. Examples are given below. 4.12 Natural persons A natural person's identity consists of a number of characteristics, including name, current and past addresses, date of birth, place of birth, physical appearance, employment and financial history and family circumstances.


Evidence of identity can include:

identity documents such as passports and photo-card driving licences;

other forms of confirmation, including assurances from persons within the regulated sector or those in your entity who have dealt with the person over a reasonable period of time.

Where the client is being seen face to face, producing a valid passport or photo-card identification should enable most clients to meet the identification requirements. If you cannot obtain such documents, you may assess the reliability of other sources and the risks associated with the client and the retainer. Electronic verification may be sufficient verification on its own provided the e-verification provider uses multiple sources of data in the verification process (see chapter 4.4). Where you are reasonably satisfied that an individual is nationally or internationally known, a record of identification may include a file note of why you are satisfied about identity, usually including an address and perhaps news items, including a photograph.

Types of documents for UK based clients Current signed passport Birth certificate

Current photo-card driver's licence Current EEA member state identity card

Current identity card issued by the Electoral Office for Northern Ireland

Residence permit issued by the Home Office

Firearms certificate or shotgun licence Council tax bill

Photographic registration cards for self-employed individuals and partnerships in the construction industry

Utility bill or statement, or a certificate from a utilities supplier confirming an arrangement to pay services on pre-payment terms

Benefit book or original notification letter from the DWP confirming the right to benefits

Bank, building society or credit union statement or passbook containing current address

A cheque or electronic transfer drawn on an account in the name of the client with a credit or financial institution regulated for the purposes of ML

Entry in a local or national telephone directory confirming name and address

Confirmation from an electoral register that a person of that name lives at that address

A recent original mortgage statement from a recognised lender

Lawyer‟s letter confirming recent house purchase or land registry confirmation of address

Local council or housing association rent card or tenancy agreement

HMRC self-assessment statement or tax demand

House or motor insurance certificate

Record of any home visit made Statement from a member of the entity or other person in the regulated sector who has known the client for a number of years confirming their identity - bear in mind you may be unable to contact this person to give an assurance supporting that statement at a later date


The above sources may help in verifying identity. It is seen as good practice to have either:

one government document which verifies either name and address or name and date of birth; or

a government document which verifies the client's full name and another supporting document which verifies their name and their address or date of birth.

Non - UK based clients: If your client is not resident in the UK, but you meet the client, you are likely to be able to see the person's passport or national identity card. If you have concerns that the identity document might not be genuine, contact the relevant embassy or consulate. You can obtain the client's address from:

an official overseas source;

a reputable directory;

a person regulated for ML purposes in the country in which the person is resident who confirms that the client is known to them and lives or works at the overseas address provided by the client.

If documents are in a foreign language, you must take appropriate steps to be reasonably satisfied that the documents do provide evidence of the client's identity. Where you do not meet the client, the regulations require that you must undertake enhanced due diligence measures, see chapter 4.6. Clients unable to produce standard documentation: Some clients cannot provide standard verification documents. It is important that people are not denied access to legal services for legitimate transactions. The aim of the MLR 2007 is to mitigate the risk of legal services being used for the purposes of ML. You should assess whether the inability to provide you with standard verification is consistent with the client's profile and circumstances or whether you may become suspicious about potential ML or TF. If you decide that a client has a good reason for not meeting the standard verification requirements, you may accept a letter from an appropriate person who knows the individual and can verify the client's identity.


Clients unable to produce standard documents

Clients in care homes may be able to provide a letter from the manager

Clients without a permanent residence might be able to provide a letter from a householder named on a current council tax bill or a hostel manager, confirming temporary residence

A refugee might be able to provide a letter from the Home Office confirming refugee status and granting permission to work, or a Home Office travel document for refugees

An asylum seeker might be able to provide their registration card and any other identity documentation they hold, or a letter of assurance as to identity from a community member such as a priest, GP, or local councillor who has knowledge of the client

A student or minor may be able to provide a birth certificate and confirmation of their parent's address or confirmation of address from their school, college or university

A person with mental health problems or mental incapacity might know medical workers, hostel staff, social workers, deputies or guardians appointed by the court who can locate identification documents or confirm the client's identity

Professionals: Where other professionals use your services, it is suggested you consult their professional directory to confirm their name and business address. There is no need then to confirm the person's home address. You may consult directories for foreign professionals, which will be sufficient if you are satisfied it is a bona fide directory, e.g. one produced and maintained by their professional body and you can either understand the information, or translate it. A copy of the information should be retained to demonstrate compliance. 4.13 Other legal entities including companies, partnerships etc. The CDD requirements for legal entities such as companies, partnerships etc. can be complicated. You need to understand who the client is and whether it is a legal entity in its own right. You will also need to ensure that you determine who the beneficial owners are, see paragraph 4.14. Partnerships, limited partnerships and LLPs: A partnership is not a separate legal entity, so you must obtain information on the constituent individuals. Where partnerships or unincorporated businesses are:

well-known, reputable organisations;


with long histories in their industries; and

with substantial public information about them, their principals and controllers,

it should be sufficient to obtain the name, registered address (if any), trading address and nature of business. For small partnerships and unincorporated businesses with few partners, they should be treated as private individuals and their identities verified. For larger partnerships, they should be treated as private companies. For partnerships of regulated professionals, it will be sufficient to confirm its existence and trading address from a reputable professional directory or search facility with the relevant professional body. If that information is not available, you must obtain evidence about the identity of at least the partner instructing you and one other partner plus evidence of the entity‟s trading address. For a UK LLP, you should obtain information in accordance with the requirements for companies set out below. Companies: As a company is a legal entity in its own right, which conducts its business through representatives, you must identify and verify the existence of the company. You should consider whether the person instructing you on behalf of the company has the authority to do so, particularly in relation to fees. A company's identity consists of its constitution, its business and its legal ownership structure. The key identification particulars are the company's name and its business address, although the registration number and names of directors may also be relevant identification particulars. Where a company is a well-known household name, you may consider that the risks of Ml or TF are low and apply CDD measures in a manner proportionate to that risk. If you are instructed by the subsidiary of an existing client, you may be able to refer to the CDD already obtained for the existing client, as long as the existing client has been identified in accordance with the MLR 2007 and you have sufficient information about it to confirm it is a subsidiary. You will also need to establish the identity of beneficial owners where simplified diligence (see chapter 4.5) does not apply. Public companies listed in the UK: SDD applies where a company is either:

listed and its securities are admitted to trading on a regulated market, or

a majority-owned and consolidated subsidiary of such a company.


The regulated market in the UK is the London Stock Exchange. The alternative investment market (AIM) is not a regulated market but you may take the view that the listing process for AIM provides equivalent reassurance about the identity of the company. For a listed company, this evidence may simply be confirmation of the company's listing on the regulated market: see table at Annex 3. For a subsidiary of a listed company you will also require evidence of the parent/subsidiary relationship, for example, the subsidiary's last filed annual return, a note in the parent's or subsidiary's last audited accounts or information from a reputable electronic verification service provider or online registry. Where further CDD is required for a listed company (i.e. when it is not on a regulated market) obtain relevant particulars of the company's identity, as set out at Annex 3. You must still conduct ongoing monitoring of the business relationship with a publicly-listed company to enable you to spot suspicious activity. Private and unlisted companies in the UK: Private companies are generally subject to a lower level of public disclosure than public companies. In general, however, the structure, ownership, purposes and activities of many private companies will be clear and understandable. The standard identifiers for private companies are:

full name;

business/registered address;

names of two directors, or equivalent;

nature of business.

Further sources for verifying such companies are set out at Annex 3. Public overseas companies: Simplified due diligence (SDD) applies when a company or its subsidiary is listed on a regulated market subject to specified disclosure obligations.

Specified disclosure obligations are disclosure requirements consistent with specified articles of:

The Prospectus Directive [2003/71/EC];

The Transparency Obligations directive [2004/109/EC];

The Market Abuse directive [2003/6/EC].

If a regulated market is located within the EEA, under an RBA you may wish simply to record the steps taken to find out the status of the market.


Evidence of the company's listed status should be obtained in a similar way to that for UK public companies. Companies whose listing does not fall within the above requirements should be identified in accordance with the provisions for private companies. The European Commission has published a list of countries considered to have equivalent AML/CTF systems. In addition, the Joint Money Laundering Steering Group (JMLSG) has published guidance on equivalence. Details are as follows:

• European Commission‟s list: http://ec.europa.eu/internal_market/company/docs/financial-crime/3rd-country-equivalence-list_en.pdf

• JMSLG‟s guidance: http://www.jmlsg.org.uk/industry-guidance/article/jmlsg-guidance-current

• List of regulated markets in the EU: http://ec.europa.eu/finance/securities/isd/index_en.htm

Private and unlisted overseas companies: It can be difficult to obtain CDD material for private and unlisted companies, particularly in terms of beneficial ownership. You should apply the RBA, looking at the risks associated with the client generally, the risks of the retainer and the risks that arise due to the country in which the client is incorporated. ML risks are likely to be lower where the company is incorporated (or operating) in an EEA state or a country which is a member of FATF. Entities should ensure they are familiar with the FATF list of high risk countries, in this context http://www.fatf-gafi.org/. The company's identity should be established in the same way as for UK private and unlisted companies. Where you do not obtain original documentation, you may wish to consider on a risk-sensitive basis having the documents certified by a person in the regulated sector or another professional whose identity can be checked by referring to a professional directory. Trusts: A trust is not a separate legal entity. You need to understand whether your client is the settlor, the trustee(s) or occasionally the beneficiaries. UK common law trusts are used extensively in everyday situations and often pose limited risk. However, there may be greater risks if:

the client wishes to use a trust when it is not clear that there is reason to do so;

the trust is established in a jurisdiction which has limited AML/CTF regulation.

http://ec.europa.eu/internal_market/company/docs/financial-crime/3rd-country-equivalence-list_en.pdf

http://ec.europa.eu/internal_market/company/docs/financial-crime/3rd-country-equivalence-list_en.pdf

http://www.jmlsg.org.uk/industry-guidance/article/jmlsg-guidance-current

http://ec.europa.eu/finance/securities/isd/index_en.htm



In a higher risk situation, you should assess whether to conduct further CDD or enhanced monitoring. This could include:

conducting CDD on all the trustees, or on the settlor even after the creation of the trust;

asking about the purpose of the trust and the source of the funds used to create it;

obtaining the trust deed or searching an appropriate register maintained in the country of establishment.

Your client, whether they are the trustee(s), settlor or beneficiaries, must be identified in accordance with their relevant category, (i.e. natural person, company etc.) as set out at Annex 3. Where the trustee is another regulated person, you may rely on their listing with their supervisory body. You must consider beneficial ownership issues (see chapter 4.14) where you are acting for the trustee(s). Foundations: A foundation is the civil law equivalent of a common law trust used in many EEA countries. You will wish to understand why your client is instructing a legal professional outside the jurisdiction in which the foundation was established, what the statutory requirements are for the establishment of the foundation and obtain similar information as for a trust. Where the foundation's founder is anonymous, you will wish to understand the reasons for that anonymity. You are likely to determine whether any intermediary or agent is regulated for AML/CTF and whether they can help to verify the identity of relevant persons involved with the foundation. Foundations can also be a loose term for charitable institutions in the UK and the USA. If that is the case, they must be verified in accordance with the procedures for verifying charities. Charities: There are a number of forms of charities. There are broadly five types in the UK:

small;

registered;

unregistered;

excepted, such as churches;

exempt, such as museums and universities.

For registered charities, you must take a record of their full name, registration number and place of business. Details of registered charities can be obtained from:


the Charity Commission of England and Wales at https://www.gov.uk/government/organisations/charity-commission

the Office of the Scottish Charity Regulator at http://www.oscr.org.uk/

There may be charity regulators in other countries which maintain a list of registered charities, which may assist in verifying the identity of an overseas charity. Currently in Northern Ireland there is no charity regulator. For all other types of charities, you should establish the business structure of the charity and apply the relevant CDD measures for that business structure as set out at Annex 3. You can also obtain confirmation of their charitable status from HMRC. In applying the RBA to charities, it is worth considering whether it is a well-known entity or not. The more obscure the charity, the more information you are likely to require e.g. the constitutional documents of the charity. It will also be prudent to consult the HM Treasury‟s consolidated sanctions list (see also chapter 7.8) to ensure the charity is not a designated person, due to the increased interest in some charities etc. from terrorist organisations. Clubs and associations: Many of these bear a low ML risk, but this will depend on the scope of their purposes, activities and geographical spread. The following information may be relevant to the identity of the club or association:

full name;

legal status;

purpose;

any registered address;

names of all office holders.

Documents which may verify the existence of the club or association are set out at Annex 3. Pension funds Regulation 13 (7)(c) provides that SDD is permitted where:

'A pension, superannuation or similar scheme which provides retirement benefits to employees, where contributions are made by an employer or by way of deduction from an employee's wages and the scheme rules do not permit the assignment of a member's interest under the scheme (other than an assignment permitted by section 44 of the Welfare Reform and Pensions Act 1999 (disapplication of restrictions on alienation) or section 91(5)(a) of the Pensions Act 1995 (inalienability of occupational pension)).'

https://www.gov.uk/government/organisations/charity-commission

http://www.oscr.org.uk/


You only need evidence that the product is such a scheme and so qualifies for SDD, as set out at Annex 3. Pension funds or superannuation schemes outside the above definition need to be subject to CDD according to their specific business structure. For information on how to conduct CDD on other funds please see the JMLSG guidance http://www.jmlsg.org.uk/industry-guidance/article/jmlsg-guidance-current. Government agencies and councils: The ML and TF risks associated with public authorities will vary significantly depending on the nature of the retainer and the home jurisdiction of the public authority. It may be simple to establish that the entity exists, but where there is a heightened risk of corruption or misappropriation of government monies, enhanced monitoring of retainers should be considered. The following information may be relevant when establishing a public sector entity's identity:

full name of the entity;

nature and status of the entity;

address of the entity;

name of the home state authority;

name of the directors or equivalent. SDD applies to UK public authorities and to some non-UK public authorities as set out at Annex 3 (see also chapter 4.5). Where SDD does not apply, you may obtain information verifying the existence of the public sector entity from official government websites or a listing in a national or local telephone directory. Deceased persons' estates When acting for the executor(s) or administrators of an estate, you should establish their identity using the procedures for natural persons or companies set out above. When acting for more than one executor or administrator, you should verify the identity of at least two of them. You are likely to obtain copies of the death certificate, grant of probate or letters of administration. Regulation 6(8) provides that during the administration of the estate, the beneficial owner means:

the executor, original or by representation, or

the administrator for the time being of a deceased person.

This definition is wide enough to cover foreign deceased estates that are in the course of administration.

http://www.jmlsg.org.uk/industry-guidance/article/jmlsg-guidance-current


If a will trust is created, and the trustees are different from the executors, the procedures in relation to trusts will need to be followed when the will trust comes into operation. Churches and places of worship: Places of worship may either register as a charity or can apply for registration as a certified building of worship from the General Register Office (GRO) which will issue a certificate. Their charitable tax status will also be registered with HMRC. Identification details for the church or place of worship should be verified as for a charity and through the headquarters or regional organisation of the denomination or religion. For UK charities, you can check identification details with the GRO certificate or through an enquiry to HMRC. Schools and colleges: Schools and colleges may be a registered charity, a private company, an unincorporated association or a government entity and should be verified in accordance with the relevant category. The Department of Business, Innovation and Skills maintains lists of approved educational facilities which may assist in verifying the existence of the school or college http://www.education.gov.uk/edubase/home.xhtml;jsessionid=809E52636B3762DF60FDA3A345C0A32F

4.14 CDD on a beneficial owner When conducting CDD on a client, you will need to identify any beneficial owners within the meaning of Regulation 6. It is important to note that this definition goes further than the traditional understanding of the meaning of a beneficial owner. In order to identify the beneficial owner, you will obtain at least their name and record any other identifying details readily available, for example, publicly available records or asking the client for relevant information or using other sources. In deciding which identity verification measures are required, you should consider the client's risk profile, the business structure(s) involved and the proposed transaction. The key is to understand the ownership and control structure of the client. It will be best to take a prudent approach, monitoring changes in instructions or transactions which suggest that someone is trying to undertake or manipulate a retainer for criminal means. A tick box approach is unlikely to be sufficient for the RBA and is unlikely to constitute an effective system. Only in rare cases will you need to verify a beneficial owner to the same level as you would for a client.

http://www.education.gov.uk/edubase/home.xhtml;jsessionid=809E52636B3762DF60FDA3A345C0A32F

http://www.education.gov.uk/edubase/home.xhtml;jsessionid=809E52636B3762DF60FDA3A345C0A32F


Appropriate verification measures, where required, may include:

a certificate from your client confirming the identity of the beneficial owner;

a copy of the trust deed, partnership agreement or other such document;

shareholder details from an online registry;

the passport of, or electronic verification on, the individual;

other reliable, publicly available information.

Assessing the risk When assessing the risk of a particular case, you may consider issues such as:

the reason your client is acting on behalf of someone else;

how well you know your client;

whether your client is a regulated person;

the type of business structure involved in the transaction;

the country in which the business structure is based;

the AML/CTF requirements in the country in which the business structure is based;

why this business structure is being used in this transaction;

how soon property or funds will be provided to the beneficial owner.

When conducting CDD on beneficial owners within a corporate entity or arrangement, you must:

understand the ownership and control structure of the client as required by Regulation 5(b);

identify the specific individuals listed in Regulation 6.

The level of understanding you are required to have depends on the complexity of the structure and the risks associated with the transaction. It may be enough to consider the trust or partnership deed and discuss the issues with the client or obtain a company structure chart or their annual report. You must understand in what capacity your client is instructing you so as to ensure that you are identifying the correct beneficial owners. Agency Regulation 6(9) says a beneficial owner generally means any individual who ultimately owns or controls the client or on whose behalf a transaction or activity is being conducted. In these cases, it is assumed the client is himself or herself the beneficial owner, unless there are indications e.g. features of the transaction, which suggest they are acting on behalf of someone else. There is no requirement to proactively search for beneficial owners, but you do need to ask questions if it appears the client is not the beneficial owner.


Examples where a natural person may be acting on behalf of someone else include;

acting under a power of attorney. The power of attorney itself may be sufficient to verify the beneficial owner's identity;

acting as a deputy, administrator or insolvency practitioner. The relevant court order may be sufficient to verify the beneficial owner's identity;

a broker or other agent appointed to conduct a transaction. A signed letter of appointment may be sufficient to verify the beneficial owner's identity.

You should be alert to the risk that purported agency relationships are being used to facilitate fraud. Understanding the reason for the agency relationship, instead of simply accepting documentary evidence at face value, will help to mitigate the risk. Where a client or retainer is higher risk, you may wish to obtain further verification of the beneficial owner's identity in the same way as for natural persons. Companies It is important to understand who the beneficial owners are of a body corporate, because of the risk of companies being used for ML or TF. Regulation 6(1) defines the beneficial owner of a body corporate as:

Any individual who: o as respects anybody other than a company whose securities are listed on a

regulated market, ultimately owns or controls (whether through direct or indirect ownership or control, including through bearer share holdings) more than 25 per cent of the shares or voting rights in the body; or

o as respects any body corporate, otherwise exercises control over the management of the body.

This regulation does not apply to a company listed on a regulated market. It does apply to UK limited liability partnerships. Shareholdings You should make reasonable and proportionate enquiries to find out whether beneficial owners exist and verify their identity, where appropriate, as determined by your risk analysis. Your enquiries may include:

obtaining assurances from the client about the existence and identity of relevant beneficial owners;

obtaining assurances from other regulated persons more closely involved with the client, especially in other jurisdictions, about the existence and identity of relevant beneficial owners;

conducting searches on the relevant online registry;

obtaining information from a reputable electronic verification service.


Where the holder of the requisite level of shareholding of a company is another company, you should apply the RBA to decide whether (and if so what) further enquiries need to be undertaken. A proportionate and risk based approach It would be disproportionate to conduct independent searches across multiple entities at multiple layers of a corporate chain to find out if, by accumulating very small interests in different entities, a person finally achieves more than a 25 per cent interest in the client company. It is sufficient to be satisfied that you understand the ownership and control structure of the client company. Voting rights are only those which are currently exercisable and attributed to the company's issued equity share capital. Companies with capital in the form of bearer shares Such companies pose a higher ML risk because it is often difficult to identify their beneficial owners. Such companies are often incorporated in jurisdictions with lower AML/CTF regulations which may also pose a greater risk. There are increasing efforts to reduce the availability of bearer shares but where they exist, you should adopt procedures to establish the identities of the shareholders and material beneficial owners of such shares and ensure you are notified whenever there is a change of shareholder and/or beneficial owner. This may be achieved by:

requiring that the shares be held by a regulated person;

obtaining an assurance that either such a regulated person or the holder of the shares will notify you of any change of records relating to the shares.

Control A corporate entity can also be subject to control by persons other than shareholders. Control may rest with those who have power to manage funds or transactions without requiring specific authority to do so and who would be in a position to override internal procedures and control mechanisms. You should remain alert to anyone with such powers whilst you are obtaining a general understanding of the ownership and control structure of the corporate entity. Further enquiries are not likely to be necessary. You should monitor situations during the retainer if control structures seem to be bypassed and make further enquiries at that time. Partnerships Regulation 6(2) provides that, in the case of a partnership (but not a limited liability partnership) the following individuals are beneficial owners:

any individual ultimately entitled to or who controls, (whether directly or indirectly), more than 25 per cent of the capital or profits of the partnership or more than 25 per cent of the voting rights in the partnership, or

any individual who otherwise exercises control over the management of the partnership.


Relevant points to consider in relation to the Regulation are:

the property of the entity includes its capital and its profits;

control involves the ability to manage the use of funds or transactions outside of the normal management structure and control mechanisms.

You should make reasonable and proportionate enquiries to determine whether beneficial owners exist and, where relevant, verify their identity using the RBA. You may undertake enquiries and verification by:

obtaining assurances from the client about the existence and identity of relevant beneficial owners;

obtaining assurances from other regulated persons more closely involved with the client, particularly in other jurisdictions, about the existence and identity of relevant beneficial owners;

reviewing the documentation setting up the partnership e.g. the partnership agreement.

Trusts Regulation 6(3) sets out three types of beneficial owners of a trust;

Part A: individual with specified interest – those with at least a 25 per cent specified interest in trust capital;

Part B: class of persons to benefit – those in whose main interest the trust operates;

Part C: individuals who control a trust.

You must identify persons within all relevant categories. Non-individual beneficiaries Although generally the beneficiaries of a trust will be individuals, they may be a company, entity or an arrangement, such as a charity. Regulation 6(5) requires you to apply Regulation 6(1) to a beneficiary company to determine their beneficial owners. This means that:

for all companies, you should assess whether anyone exercises control over the beneficiary company outside of the normal management structures. If so, identify them as a beneficial owner of the client trust. You may ask the client if they are aware of any such person, as this information would not be on a publicly available register and it will not usually be proportionate for you to have direct dealings with the beneficiary company;

where the beneficiary company is a private or unlisted company, you should consider whether they have shareholders with more than a 25 per cent interest


in the beneficiary company. A simple search on Companies House or equivalent online registry should be enough;

if you find such a shareholder, you should note their identity as a beneficial owner of the client trust. You will have already verified the identity through the company register check. Where there is a tiered structure, e.g. where, through its shareholding in such a shareholder, another company has more than a 25 per cent interest in the beneficiary company, ask the client why there is a tiered structure and make a risk-based decision, considering the risk of the client generally and the whole retainer, as to whether:

further identity enquiries are required;

you simply identify the second company as the beneficial owner of the client trust and then conduct closer monitoring of any transactions;

you have a suspicion which is disclosed to the NCA and consider withdrawing from the retainer.

The further you look for a beneficial owner within a beneficial owner, the smaller the interest and therefore it is harder to exercise control and to launder money or finance terrorism. This is relevant in terms of what will be proportionate CDD. If you do not find an individual within either of the above categories, then simply list the beneficiary company as the beneficial owner of the client trust. Regulation 6(5)(a) does not apply to beneficiaries that are non-corporate entities or another trust. You should still identify them as a beneficial owner of the client trust and consider whether you need to know more about them. Individual with specified interest (Part A) A person has a specified interest if they have a vested interest of the requisite level in possession or remainder or reversion, defeasible or indefeasible. Vested interest This is an interest not subject to any conditions precedent. It is held by the beneficiary completely and inalienably, even if it is still under the control of the trustees at that time. Contingent interest This interest is subject to the satisfaction of one or more conditions precedent, such as attaining a specified age or surviving a specified person. Failure to satisfy all conditions precedent results in the failure of the interest. Interest in possession This interest is the right to enjoy the use or possession of the fund and under the regulations relates solely to an interest in the capital of the fund. Interest in remainder This is the beneficiary's right to the capital of the fund which is postponed to one or more prior interests in possession in the income of the fund.


Interest in reversion This is the right of the settlor to receive any part of the fund at the end of the trust. It occurs in cases including when the trust fails because all of the beneficiaries die or a life interest terminates and there are no remainder beneficiaries. Defeasible interest An interest is defeasible if it can be terminated in whole or in part, without the consent of the beneficiary, by the happening of an event, such as the failure of a condition subsequent or the exercise by the trustees of a power to terminate or vary the interest. Indefeasible interest An interest is indefeasible if it cannot be terminated in whole or in part without the consent of the beneficiary by the happening of any event. Defeasible and indefeasible interests are included so that you consider the beneficiaries who are going to get the property as at the time you are instructed and conduct CDD on them. Class of persons to benefit (Part B) Part B of the definition in Regulation 6(3) covers any trust that includes persons who do not fit within Part A. Within Part B, you must identify the class of persons in whose main interest the trust operates, for example, the grandchildren of X or charity Y. All discretionary trusts will fall within Part B. If a trust has one or more persons who are individuals with a 25 per cent specified interest, as well as other beneficiaries, identify the individuals who fit within the first part of the definition, then consider the rest of the beneficiaries as a class under Part B. When considering in whose main interest a trust is set up or operates and there are several classes of beneficiary, you must consider which class is most likely to receive most of the trust property:

where the trust is for the issue of X, then the class is the issue of X as there is only one class;

where a trust is for the children of X, if they all die, for the grandchildren of X and if they all die, for charity Y, then the class is likely to be the children of X as it is unlikely that they will all die before the funds are dispersed;

where a discretionary trust allows for payments to the widow, the children, their spouses and civil partners, the grandchildren and their spouses and civil partners, then all interests are equal and all classes will need to be identified.

If you are in doubt as to which class has the main interest, you should identify all classes.


It is important to note that interests in parts of the trust property can change significantly between retainers, particularly with discretionary trusts. Therefore it is good practice to ask the trustees to provide an update on any changes when you receive new instructions in relation to a discretionary trust. Control of the trust (Part C) Control is defined as a power, either:

exercisable alone;

jointly with another person;

with the consent of another person,

under the trust instrument or by law to either:

o dispose of, advance, lend, invest, pay or apply trust property o vary the trusts; o add or remove a person as a beneficiary or to a class of beneficiaries o appoint or remove trustees; o direct, withhold consent to or veto the exercise of a power such as is

mentioned in the options above.

The definition of control can include beneficiaries acting collectively where they have the power to take or to direct action. Regulation 6(5)(b) specifically excludes from the definition of control:

the power exercisable collectively at common law to vary or extinguish a trust by all of the beneficiaries – see Saunders v Vautier [1841] EWHC Ch J82;

the power of members of a pension fund to influence the investment of the fund's assets;

the power to consent to advancement implied to a person with a life interest under section 32(1)(c) of the Trustee Act 1925;

the powers of beneficiaries to require the appointment or retirement of trustees under Trusts of Land and Appointment of Trustees Act 1996.

Identifying trust beneficial owners in practice You are only required to make reasonable and proportionate enquiries to establish whether beneficial owners exist and, where relevant, verify their identity. If you are unsure whether a beneficiary or other person is a beneficial owner, you may consider taking legal advice from an expert in trust law, or identify the beneficial owner and consider whether verification is required. Enquires and verification may be undertaken by:

obtaining assurances from trustees about the existence and identity of beneficial owners;


obtaining assurances from other regulated persons more closely involved with the client, particularly in other jurisdictions, about the existence and identity of beneficial owners;

reviewing the trust deed;

obtaining information from a reputable electronic verification service on details of identified beneficiaries.

Practical examples of how various interests and powers of control may appear may be found at Annex 2. Other arrangements and legal entities Regulation 6(6) provides that where you are dealing with a client who is not a natural person, a corporate entity or a trust, the following individuals are beneficial owners:

where the individuals who benefit from the entity or arrangement have been determined, any individual who benefits from at least 25 per cent of the property of the entity or arrangement;

where the individuals who benefit from the entity or arrangement have yet to be determined, the class or persons in whose main interest the entity or arrangement is set up or operates;

any individual who exercises control over at least 25 per cent of the property of the entity or arrangement.

Unincorporated associations and foundations are examples of entities and arrangements likely to fall within this regulation. When applying Regulation 6(6), relevant points to consider are:

the property of the entity includes its capital and its profits;

determined benefits are those to which an individual is currently entitled;

contingent benefits or where no determination has been made should be dealt with as a class, as benefit has yet to be determined;

a class of persons need only be identified by way of description;

an entity or arrangement is set up for, or operates in, the main interest of the persons who are likely to get most of the property;

control involves the ability to manage the use of funds or transactions outside the normal management structure and control mechanisms;

where you find a body corporate with the requisite interest outlined above, you will need to make further proportionate enquiries as to the beneficial owner of the body corporate.

You should make reasonable and proportionate enquiries to establish whether beneficial owners exist and, where relevant, verify their identity using the RBA. Enquires and verification may be undertaken by:

asking the client and receiving assurances about the existence and identity of beneficial owners;


asking other regulated persons more closely involved with the client (particularly in other jurisdictions) and receiving assurances about the existence and identity of beneficial owners;

reviewing the documentation setting up the entity or arrangement such as its constitution or rules.

4.15 FATF counter measures Your CDD measures should, following an RBA, be able to determine whether your client is subject to the restrictions or directions listed below. Restrictions are imposed in situations where there are higher risks of ML or TF. You should also be able to determine whether key beneficial owners or the intended recipient of funds from a transaction undertaken by you are subject to the restrictions or directions listed below. You should assess each case on its merits. Examples of higher risk situations may include transactions with:

complex corporate entities in jurisdictions where there is a high risk of TF;

PEPs from jurisdictions which are subject to sanctions.

The Treasury‟s Financial Sanctions Unit maintains a consolidated list of financial restrictions in force in the UK. You can subscribe to this list, register for updates and obtain further information on financial restrictions at the following link: https://www.gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets Where a country becomes subject to countermeasures (when significant restrictions are imposed on the country and individuals connected with it), it will be added to the FATF high risk countries list http://www.fatf-gafi.org/. You should keep up to date with that list in any event which is updated in February, June and October. Schedule 7 of the Counter-Terrorism Act (2008) states that when the client is from a country subject to FATF counter measures, HM Treasury may instruct you to avoid:

entering into a business relationship;

carrying out an occasional transaction;

proceeding further with a business relationship or occasional transaction.

4.16 Financial restrictions The UK government imposes financial restrictions on persons and entities following their designation by the UN and/or EU. The UK also operates a domestic counter-terrorism regime, where the government decides to impose financial restrictions on certain persons and entities. Statutory instruments are issued for each financial restriction in force. An order will be made freezing the assets of a person or entity, where a financial restriction is

https://www.gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets

https://www.gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets



imposed. It is unlawful to make payments to or allow payments to be made to that designated person or entity. Such persons and entities will be on HM Treasury‟s consolidated sanctions list. Reference should also be made to paragraph 7.8 below. It is important that the entity and its employees understand the sanctions regime and ensure that systems are in place to check whether a person is a designated person, before sending money to or receiving money from that person, because of the criminal offences involved.


CHAPTER 5 – MONEY LAUNDERING OFFENCES

5.1 Introduction The Proceeds of Crime Act 2002 (POCA), which came into force on 24 February 2003, created a single set of ML offences in the UK. The legislation applies to all crimes, not only serious crimes. In addition, it does not matter whether the criminal property is £1 or £1 million. There is no de minimis or threshold. POCA applies to everyone in the UK although some offences only apply to those in the regulated sector and to MLROs. It creates a disclosure regime, which makes it an offence not to disclose knowledge or suspicion of ML, but also permits persons to be given consent in certain circumstances to carry out activities which would otherwise constitute ML. It is important that all employees within the entity are trained properly and regularly on the law not only because of the reputational impact but because of the severe criminal sanctions. If an employee is concerned about potential ML, they should comply with the entity‟s policies and procedures which will usually require them to discuss their concerns with the MLRO. Approved Managers should ensure that everyone in the entity understands the seriousness of the legislation and the wide ranging impact it has, as well as how it can affect those involved in the provision of legal services. 5.2 The mental elements It is important to understand the mental elements which apply to the offences under Part 7 of POCA:

knowledge;

suspicion;

reasonable grounds for suspicion.

Of the three mental elements in the actual offences, the third one only applies to the “regulated sector” offences such as the failure to report an offence. In the foreign conduct defence to the ML offences, there is also the element of belief on reasonable grounds. A person will have a defence to a principal offence if they know or believe on reasonable grounds that the criminal conduct involved was exempt overseas criminal conduct. In relation to the principal offences of ML, the prosecution must prove that the property involved is criminal property, i.e. obtained through criminal conduct and that, at the time of the alleged offence, you knew or suspected that it was criminal property.

Comment [ALM2]: For the online version, hyperlinks can be inserted to the definitions

Comment [ALM3]: The definition is overseas criminal conduct so I have italicised it – either you can simply put a hyperlink or italicise the definitions as well to make them obvious


The failure to disclose offences (which apply where you are working in the regulated sector (see chapter 1.3.)) require that you must disclose/report if you have knowledge, suspicion or reasonable grounds for suspicion that someone is engaged in ML, subject to the defences. If you are not in the regulated sector, you only need to consider making a SAR if you have actual, subjective knowledge or suspicion. These terms for the mental elements in the offences are not terms of art; they are not defined within POCA and should be given their everyday meaning. However, case law has provided some guidance on how they should be interpreted. 5.3 Knowledge Having knowledge means actually knowing something to be true. In a criminal court, it must be proven that the individual knew that a person was engaged in ML. 5.4 Suspicion Suspicion is personal and subjective and falls short of proof based on firm evidence. The case of R v Da Silva [2006] EWCA Crim 1654 (which was reinforced by Shah v HSBC Private Bank (UK) Limited [2012] EWHC 1283) provides general guidance as follows:

It seems to us that the essential element in the word “suspect” and its affiliates, in this context, is that the defendant must think that there is a possibility, which is more than fanciful, that the relevant facts exist. A vague feeling of unease would not suffice. But the statute does not require the suspicion to be „clear‟ or „firmly grounded and targeted on specific facts‟ or „based on reasonable grounds‟ ”. Longmore LJ

A transaction which appears unusual is not necessarily suspicious. So, if a transaction appears unusual, it will usually be a basis for further enquiry, which may in turn require judgement as to whether it is suspicious, e.g. if, after making enquiries, the facts do not seem normal or make commercial sense. Asking questions, e.g. of the client if you have a cause for concern, is not tipping off. A transaction or activity may not be suspicious at the time but, if you become suspicious later, perhaps because of further information, then the obligation to report is likely to arise. An employee who considers a transaction or activity to be suspicious would not be expected either to know or to establish the exact nature of any underlying criminal offence, or that the particular funds or property were definitely those arising from a crime or terrorist financing. If the employee is concerned or suspicious, they should talk to the MLRO. Failure to do so may leave the employee open to the commission of an offence. There does not need to be evidence of ML to have suspicion.


There are a number of standard warning signs which may give cause for concern, which are considered in more detail below. Other sources of information are at paragraph 5.6. If you suspect another party to the transaction is engaged in ML, but you think your client is innocent, you may have to consider referring your client for specialist legal advice if there is a risk that they may commit one of the principal offences. 5.5 Reasonable grounds to suspect The test of „reasonable grounds” which applies to those in the regulated sector is the same as for the mental element of suspicion, except that it is an objective test. The question is “were there factual circumstances from which an honest and reasonable person, working in the regulated sector should have inferred knowledge or formed the suspicion that another was engaged in ML”? 5.6 What are the warning signs? This section highlights a number of warning signs to help you decide whether you have a cause for concern or the basis for a suspicion. Launderers are always developing new techniques so no list of examples can be comprehensive but there are a number of types of warning signs as follows;

the client,

choice of legal professional,

nature of retainer,

source of funds,

suspect territories. If you know your client, not only in terms of obtaining the CDD material but also understanding the broader picture of why the client is instructing you, you are more likely to recognise the warning signs of ML or TF. You should not jump to conclusions but should consider the information available and discuss your concerns with the MLRO. It is important that employees are regularly reminded of the warning signs and changing behaviour and practices amongst money launderers and those financing terrorism. The key documents for the legal sector on the warning signs of ML and TF are:

International Bar Association‟s publication “A Lawyer‟s Guide to Detecting and Preventing Money Laundering” (2014) at http://www.anti-moneylaundering.org/AboutAML.aspx

FATF‟s typologies report (2013) about the vulnerabilities of legal professionals at http://www.fatf-gafi.org/topics/methodsandtrends/documents/mltf-vulnerabilities-legal-professionals.html



http://www.fatf-gafi.org/topics/methodsandtrends/documents/mltf-vulnerabilities-legal-professionals.html

http://www.fatf-gafi.org/topics/methodsandtrends/documents/mltf-vulnerabilities-legal-professionals.html


Sufficient training must be given to all relevant employees to enable them to recognise or spot potential ML or TF. Examples may be:

activities which have no apparent purpose, or which make no obvious economic sense (including where a person makes an unusual loss), or which involve apparently unnecessary complexity;

the use of non-resident accounts, companies or structures in circumstances where the client‟s needs do not appear to support such economic requirements;

where the activities being undertaken by the client, or the size or pattern of transactions is, without reasonable explanation, out of the ordinary range of services normally requested or is inconsistent with the experience of the employee in relation to the particular client.

The client: The following are potential warning signs about clients. It is not an exhaustive list:

clients who are reluctant to meet face to face;

clients who are secretive;

a client who is a PEP or a designated person on the sanctions list;

clients who have no obvious reason to instruct you e.g. they live outside your area;

clients who are reluctant or vague in relation to identity documents;

there are inconsistencies with the client‟s explanations or information;

there are discrepancies in names or amounts or last minute changes in instructions;

the client deposits funds into your client account but then the transaction is aborted for no obvious reason or one that is not credible;

the client asks you to send money to an unexpected account or to a third party for no obvious reason or without a credible explanation;

the client asks you to provide a banking service.

Client accounts may be misused, so you should only use them to hold client money where there is an underlying legal transaction. Money launderers will seek to route „dirty‟ money through a client account in order to „clean‟ it, either by asking for the money to be returned or by purchasing a clean asset with the funds. The use of cash can be a warning sign and entities should have a cash policy which sets a limit. The circulation of client account details should be restricted to minimise the risk of cash being paid directly into your client account at a bank. You may decide to make it clear that electronic transfer of funds is expected. If a cash deposit is received, you should consider whether there is a risk of ML taking place and whether it is a circumstance requiring a SAR to the NCA. If you need to provide client account details, you should ask the client where the funds will be coming from. Will it be an account in their name in the UK or abroad? Consider whether you are prepared to accept funds from any source about which you have concerns or about which you have little or insufficient information?


In some circumstances, cleared funds will be essential for transactions and clients may want to provide cash to meet a completion deadline. It will be sensible to assess the risk in these cases and ask questions if necessary. Choice of legal professional: The following are potential warning signs about the choice of legal professional:

there is no obvious reason to instruct your entity;

the client has instructed a number of other legal professionals;

another entity has refused to act or terminated the retainer;

the client is prepared to pay higher fees than usual;

this is not your area of expertise.

Nature of retainer Understanding what you are being asked to do and why, will help to protect you and the entity from being used by money launderers or terrorist financers. The following are potential warning signs: • the transaction itself is unusual; • the client‟s instructions are unusual; • there are complicated ownership structures; • there is an absence of documentation; • there are unexplained changes of instructions; • there are back-to-back property transactions; • transactions are abandoned; • disputes or litigation are settled too easily (this may indicate sham litigation); • loss making retainers where the loss could be avoided; • monies which seems to be being transferred to avoid the attention of a trustee in

bankruptcy, HMRC or law enforcement; • settlements paid in cash, or paid directly between parties e.g. cash passed

directly between buyers and sellers without adequate explanation, which could indicate there is mortgage fraud or tax evasion;

• unusual patterns of transactions which have no apparent economic purpose; • complex or unusually large transactions; • the transaction seems to be inconsistent with the client‟s apparent financial

position or usual pattern of activities; • the transaction involves a non-profit or charitable organisation for which there

appears to be no logical economic purpose or where there appears to be no link between the stated activity of the organisation and the other parties in the transaction.

Source of funds: Understanding source of funds can be a major challenge and employees should ask questions and seek further information to determine whether there appear to be


concerns or whether funds received from clients are from credible sources. For example,

it is reasonable for monies to be received from a company if the client is a director of that company and has the authority to use company money for the transaction, or

the money comes from the sale of another property or an inheritance, although you are likely to ask to see evidence. If funding is from a source other than the client, you may need to make further enquiries, especially if the client has not provided you with any advance warning about the source of funds etc. before depositing them into the account. If you decide to accept funds from a third party, perhaps because time is short, you should ask how and why the third party is helping with the funding. You may wish to seek identification (ID) information. You do not have to make enquiries into every source of funding from other parties. However, you must always be alert to warning signs and in some cases will need to get more information about the third party. Entities should consider the risks for their business and the extent to which they will wish to make further enquiries. The following may be warning signs, although this list is not exhaustive:

the client is reluctant to provide an explanation of the source of the funds or is unable to evidence the source;

the client‟s occupation is inconsistent with the funds at his or her disposal;

the client seeks to conduct transactions in cash;

the client seeks to lodge cash or bank drafts with your account „pending‟ decisions as to which transaction to pursue;

the client conducts a transaction for an amount that is unusual compared to amounts of past transactions;

the client asks you to hold or transmit large sums of money or other assets when this type of activity is unusual for the client.

Suspect territories: Although most countries have some AML legislation, the effectiveness of a country‟s AML controls can vary significantly. Consequently, employees and entities should be familiar with countries which are higher risk, for example:

countries known for highly secretive banking and corporate law;

countries where illicit drug production or exporting may be prevalent;

countries with poor or ineffective AML controls;

countries known or suspected to facilitate ML activities;

countries which appear on the FATF list, see paragraph 4.15;

countries which appear on the Transparency Corruptions Perceptions Index http://www.transparency.org/research/cpi/overview;

http://www.transparency.org/research/cpi/overview


countries or regimes which are subject to sanctions.

Risks associated with work types: In addition to the general warning signs, there are warning signs connected with particular areas of work. Property work Property work (residential and commercial) is a high risk area so you should understand who will own the property and why, how the purchase will be funded and by whom, what the value of the property is, whether there is a lender involved and whether there are concerns about tax issues, e.g. Stamp Duty Land Tax. Those involved in all types of property work should be familiar with examples of warning signs:

there is a last minute change in the name of the purchaser;

a third party is providing funding but the property is being registered in someone else‟s name;

large payments from private funds, particularly where the client has a low income;

the client is buying the property in the name of a nominee without an obvious explanation;

the price is too high or too low or there are discrepancies between the real price and the price on the contract;

the client is unable to provide a clear explanation or documentation about source of funds;

there are direct payments between buyers and sellers.

Who is the owner? You should understand who is buying the property and why, particularly if there are sudden or unexplained changes in ownership or a property will be owned by a nominee company or there have been multiple owners. A form of laundering, which is known as flipping, involves a property purchase where someone else's identity may be used. The property is then sold for a much higher price to the same owner by using another identity and the proceeds of crime are mixed with mortgage funds. The process may be repeated several times. Where a third party is providing the funding, but the property is registered in someone else's name, you should ask questions to understand the reason for the arrangement. There may be legitimate reasons such as a family arrangement but it is important to consider whether you are being misled about the true ownership of the property. Funding issues Understanding how the purchase is to be funded enables you to assess the risks involved in the transaction. Properties are often bought with a combination of


deposit, mortgage and/or equity from an existing property and information regarding the source of funds will assist in risk assessment. If the details change, for example, because a mortgage offer is withdrawn, you will expect the client to update you as to how the purchase will now be funded. If there is no mortgage involved, then there may be a higher risk of the transaction being fraudulent. However in most transactions there will be an element of private funding. You may be concerned if there are large payments from private funds, particularly if your client has a low income or if there are payments from a number of individuals or sources. If you are concerned, you can ask your client for more information as to the source of funds and assess whether the explanation appears credible. You may also consider whether the beneficial owners were involved in the transaction. Where a third party is helping with the purchase, e.g. relatives helping first-time buyers, you should consider what steps to take to protect your entity. You may decide to undertake CDD measures in relation to those third parties, particularly where you are receiving funds directly. You may wish to consider what you know about:

your client,

the third party,

their relationship,

the proportion of funding being provided by the third party. Where there is a lender involved, bear in mind that you are normally required to advise lenders if buyers are obtaining additional monies from third parties. It is important to bear in mind that there is no guarantee that payments made through the banking system are clean. You should satisfy yourself about the source of funds on the basis of your own enquiries about the source of funds. Direct payments If you suspect that there has been a direct payment between the seller and buyer, you should consider whether the documentation will include the true purchase price or whether there are any reasons for concern (for example, an attempt to involve you in tax evasion). Other issues of concern will include:

where a client tells you that money is changing hands directly when this is not the case, perhaps to encourage a mortgage lender to lend more than they would otherwise. In such a situation, you should consider your duties to the lender.;

where you discover or suspect the cash has changed hands directly, perhaps at an auction. Banking the cash into your client account is likely to present a problem as it will be difficult to check the source of funds. As auction houses are


regulated, they may be able to assist or you may decide to decline the request, which may mean you cease acting.

Valuations A sale price which is too high or too low can be an indicator of ML. If there is no independent valuation and you become aware of a significant discrepancy between the sale price and what would normally be regarded as a reasonable price, you should consider asking further questions. Property sold below the market value to an associate, whilst the original owner maintains beneficial ownership, can be a way of obscuring title to the property. Lender issues Mortgage fraud continues to be a very real risk and entities should ensure that their employees are properly trained on how to spot mortgage fraud and how to deal with the ethical issues that arise if a client is making misrepresentation to a mortgagee. However, unless an improperly obtained mortgage advance has been received, there will not be any criminal property to be laundered. If you are acting in a re-mortgage and discover or suspect that a previous mortgage has been improperly obtained, you may need to advise the lender, particularly if the re-mortgage is with the same lender. It may be necessary to make a SAR to the NCA as there is, or may be, criminal property but reference should be made to chapter 8. This guidance does not consider the detailed position in relation to mortgage fraud. However, issues to consider include;

if a deliberate misrepresentation on the mortgage application has been made, whether the crime/fraud exemption to legal professional privilege will apply;

how the tipping off offences apply in relation to any discussions with the lender client or the insurer and whether any discussions are likely to prejudice any investigation;

to what extent the defence to tipping off applies if you are seeking to dissuade your client from engaging in an ML offence, reference is made to chapter 5.13.

Tax issues Abuse of the Stamp Duty Land Tax procedure may have ML implications, either because the purchase price is incorrectly recorded or because the fixtures and fittings are valued unrealistically so that the purchase price is below one of the thresholds. Tax evasion of any type, whether committed by your client or the other party can result in you committing a section 328 offence. If you are given instructions which may result in tax evasion, you should consider your ethical obligations.


Company and commercial work: Companies can be used to obscure the origin of assets and are therefore at risk of being used for ML and TF. Approved Managers and employees working with companies and in commercial transactions should stay alert in relation to existing as well as new clients throughout the retainer. The examples considered below are designed to highlight potential issues but it is not an exhaustive list. If you understand who your client is, what they are instructing you to do and why, you will be in a better position to assess the risks involved in a particular retainer and decide what steps to take to mitigate the risks. Formation of new companies A new company can be misused for ML or TF, so it is important to be alert to possible signs. If the company has been formed in a foreign jurisdiction, you should consider obtaining further information as to why this is the case. If that country has less stringent AML controls, you are likely to make particularly careful checks. It may be better to refuse to act if you are in doubt. Holding funds If you are asked to hold funds for other parties in commercial transactions e.g. as stakeholder or as escrow agent, you should consider the checks you wish to make about the funds you intend to hold before the monies are received and whether it would be appropriate to obtain CDD information about those on whose behalf you hold funds. If it is proposed that you collect funds from a number of individuals, for investment purposes or otherwise, you should consider whether this is likely to lead to widespread circulation of your client account details and payments being received from unknown sources, with the consequent risks. Private equity You may be involved in any of the following;

the formation of a private equity fund;

the start-up phase of the private equity business where individuals or companies seek to establish a private equity firm (and perhaps become authorised to undertake regulated activities under the Financial and Services Markets Act 2000);

ongoing legal issues in relation to a private equity fund;

execution of transactions on behalf of a member of a private equity firm's group of companies, (a private equity sponsor) which will normally involve a vehicle company acting on its behalf (a new company or newco).

Key points to consider are:


who is the client?:

when you are forming a private equity fund, your client is likely to be the private equity sponsor or an independent sponsor. It would be rare that you are advising the fund itself and unless you are instructed directly by an investor, you will not be advising the investors in the fund. You will therefore identify who your client is and apply the CDD measures accordingly;

if the client is a newco, you will need the documentation showing the creation of the company and identify the beneficial owners;

in start-up phase situations, as you will be approached by individuals or companies seeking to become established or authorised, your client will be the individuals or company and you would conduct CDD accordingly.

Private equity work will usually be considered as low risk due to the following:

private equity firms in the UK are also covered by the MLR 2007 and are regulated by the FCA;

investors in private equity funds are generally large institutions, some of which will also be regulated under the MLR 2007. They will tend to have long established relationships with the private equity firm usually resulting in a well-known investor base;

where the private equity sponsor or fund manager is regulated in the UK, EEA or a comparable jurisdiction by a financial services regulator, it is likely to have followed CDD processes before the investors are accepted as investors;

the investment is generally illiquid and the return of capital is unpredictable;

the terms of the fund documentation generally strictly control the transfer of interests and the return of funds to investors.

The risk assessment of the client may be altered by factors such as:

whether the private equity sponsor or an investor is located in a jurisdiction which does not have equivalent AML controls to those contained in the Third Directive;

whether the private investor is either an individual or an investment vehicle itself (a private equity fund of funds);

if the private equity sponsor is seeking to raise funds for the first time. The JMLSG has prepared detailed advice on CDD measures for private equity businesses in part II of its guidance which you may wish to consider, including the points to consider when undertaking CDD measures in relation to private equity work. In addition, the JMLSG has issued guidance which considers the area of collective investment schemes, the risk factors and the issues to consider when undertaking CDD.


Private Client Work: Trust and probate work is at risk of being used by money launderers and terrorist financers. Charities can also be misused, particularly by terrorist financers. Administration of estates Although a deceased person's estate is unlikely to be actively used by criminals as a way of laundering the proceeds of crime, the administration of estates is still a regulated activity. Consequently those working in this area of law need to be alert to the potential risks. There is no blanket requirement if you are acting either as an executor or for executors that you should be satisfied about the history of all of the money contained in the estate being administered, but you should be aware of the factors which can increase money laundering risks. Issues to bear in mind are:

if the assets have been earned in a foreign jurisdiction, the definition of criminal conduct in POCA and the provisions relating to overseas criminal conduct;

if assets have been earned or are located in a suspect territory, whether you need to make further checks about the source of the funds.

Given the wide nature of the section 329 offence, an ML offence may be committed at an early point in the administration. The section 328 offence may also be relevant. Being alert from the outset and monitoring throughout the administration so that any SAR can be considered as soon as knowledge or suspicion is formed should avoid problems of delayed consent. A key benefit of the judgement in Bowman v Fels [2005] EWCA Civ 226 is that if a SAR is made, you can continue to work on the matter provided you do not transfer funds or take any other irrevocable step. An example of how the estate may include criminal property is if the deceased improperly claimed welfare benefits or evaded the proper payment of tax. Details of the financial thresholds for benefits can be obtained from https://www.gov.uk/government/organisations/department-for-work-pensions or https://www.gov.uk/government/organisations/hm-revenue-customs. If the beneficiaries are not intending to pay the correct amount of tax or avoiding some other financial charge, although this may not constitute ML because there is no criminal property, you should still consider your ethical obligations. Grant of probate Where the deceased or their business interests were based in a suspect territory, you should remain alert to warning signs. If the deceased was from another jurisdiction and a legal professional is dealing with the matter in that country, it may be helpful to ask that legal professional about the

https://www.gov.uk/government/organisations/department-for-work-pensions

https://www.gov.uk/government/organisations/hm-revenue-customs


deceased to gain some assurances that there are no suspicious circumstances about the estate. Any tax payable may depend on the jurisdiction concerned. Trust work: Trusts can be used as an ML vehicle and trust work is a regulated activity. The main risk period is when the trust is set up because if the funds go into the trust clean, it is only by them being used for criminal purposes that they can form the proceeds of crime. When creating a trust, you should be aware of the general ML warning signs and assess whether the purpose of the trust could be to launder criminal property. The more information you have about the purpose of the trust, including why any unusual structure or jurisdiction has been used is likely to help allay your concerns. Similarly information about the provider of the funds and those who have control of the funds, as required by the MLR 2007, is likely to assist. Whether you act as a trustee yourself or for trustees, the nature of the work may already require information which will help in assessing ML risks, e.g. the location of assets and identity of the trustees. The involvement of a suspect jurisdiction particularly those with strict banking secrecy and confidentiality requirements or without equivalent AML controls may increase the risk profile. If you think an ML offence has or may have been committed that relates to money or property which already forms part of the trust property, you should consider whether your instructions involve you in a section 328 offence in which case you should consider the options for making a SAR. Charities: As with trusts, although the majority of charities are used for legitimate reasons, they can be used as ML/TF vehicles. If you are acting for a charity, you should consider its purpose and the organisations with which it is aligned. If you are receiving money on behalf of the charity from an individual or company donor or bequest from an estate, you should be alert to unusual circumstances including large sums of money. HM Treasury's sanctions list should be consulted because of the growing concern about the use of charities to support terrorist funding. See also chapter 7.8 of this guidance. Powers of attorney/deputyship: Where acting as or on behalf of a deputy or attorney, you should remain alert to ML risks.


As an attorney, you may learn financial information about the donor relating to, for example, wrongful receipt of benefits or non-payment of tax in which case you will need to consider whether to make a SAR to the NCA. Where the Office of the Public Guardian is involved, you should consider whether they need to be informed. Informing them is unlikely to be tipping off or to prejudice an investigation. If you discover or suspect that a donee has already completed an improper financial transaction that may amount to ML, a SAR to the NCA may be required depending on whether legal professional privilege applies. There may be circumstances where legal advice is required e.g. if the background to the information is a family dispute and it is difficult to determine whether you have a suspicion. 5.7 Principal money laundering offences For there to be an ML offence, there must have been a predicate offence to generate the criminal property. If there is no criminal property, there can be no ML so attempted fraud, for example, cannot result in ML. The principal ML offences apply to ML activity which occurred on or after 24 February 2003 when POCA came into force. When considering the principal ML offences, you should be aware that it is also an offence to conspire or attempt to launder the proceeds of crime, or to counsel, aid, abet or procure ML. Section 327 – concealing A person commits an offence if he conceals, disguises, converts, or transfers criminal property, or removes criminal property from England and Wales, Scotland or Northern Ireland. Concealing or disguising criminal property includes concealing or disguising its nature, source, location, disposition, movement, ownership or any rights connected with it. Section 328 - arrangements A person commits an offence if he enters into, or becomes concerned in an arrangement which he knows or suspects facilitates the acquisition, retention, use or control of criminal property by or on behalf of another person. „Arrangement‟ is not defined in Part 7 of POCA. The arrangement must exist and have practical effects relating to the acquisition, retention, use or control of property. An agreement to make an arrangement will not always be an arrangement. The test is whether the arrangement does, in fact, in the present and not the future, have the


effect of facilitating the acquisition, retention, use or control of criminal property by or on behalf of another person. Bowman v Fels [2005] EWCA Civ 226 provided clarity as to what is an arrangement and held that section 328 does not cover or affect the ordinary conduct of litigation by legal professionals, including any step taken in litigation, from the issue of proceedings and the securing of injunctive relief or a freezing order, up to its final disposal by judgment. There are a number of points to note:

the view is that dividing assets in accordance with the judgement, including the handling of the assets which are criminal property, is not an arrangement;

the view is that settlements, negotiations, out of court settlements, alternative dispute resolution and tribunal representation are not “arrangements”.

It is, however, important to note that the property will generally remain criminal property and it may be necessary to refer your client for specialist advice about possible offences they may commit once they come into possession of the criminal property after completion of the settlement. The recovery of property by a victim of an acquisitive offence will not be an offence under either section 328 or section 329 of the Act. Sham litigation The decision in Bowman v Fels made it clear that sham litigation created for the purposes of ML remains within the ambit of section 328. Sham litigation arises where an acquisitive criminal offence is committed and litigation or a settlement negotiation is intentionally fabricated to launder the proceeds of that separate crime. There are a number of known debt recovery methodologies which fraudsters are attempting to use in the legal sector to defraud legal professionals. A sham can also arise if a whole claim or category of loss is fabricated to launder the criminal property. In this case, ML for the purposes of POCA cannot occur until after execution of the judgment or completion of the settlement. Entering into or becoming concerned in an arrangement Following the decision in Bowman v Fels, (in which the Law Society had intervened together with the Bar Council and NCIS (now the NCA), guidance was issued as to the key points of the decision and how they impacted the legal profession as follows:

to enter into an arrangement is to become a party to it;

to become concerned in an arrangement suggests a wider practical involvement such as taking steps to put the arrangement into effect;

both entering into, and becoming concerned in, describe an act that is the starting point of an involvement in an existing arrangement;


although the court did not directly consider the conduct of transactional work, its approach to what constitutes an arrangement under section 328 provides some assistance in interpreting how that section applies in those circumstances;

that Bowman v Fels supports a restricted understanding of the concept of entering into or becoming concerned in an arrangement, in relation to transactional work. In particular: o entering into or becoming concerned in an arrangement involves an act done

at a particular time; o an offence is only committed once the arrangement is actually made; and o preparatory or intermediate steps in transactional work which does not itself

involve the acquisition, retention, use or control of property will not constitute the making of an arrangement under section 328.

If you are conducting transactional work and become suspicious, you should consider:

whether an arrangement exists and, if so, whether you have entered into or become concerned in it or may do so in the future;

if no arrangement exists, whether one may come into existence in the future in which you may become concerned.

Section 329 - acquisition, use or possession A person commits an offence if he acquires, uses or has possession of criminal property. 5.8 Defences to principal money laundering offences You will have a defence to a principal ML offence if:

you make an authorised disclosure prior to the offence being committed and you obtain appropriate consent (the consent defence);

you intended to make an authorised disclosure but had a reasonable excuse for not doing so (the reasonable excuse defence).

In relation to section 329, you will also have a defence if you received adequate consideration for the criminal property (the adequate consideration defence). 5.9 Authorised disclosures Section 338 authorises you to make a disclosure (or SAR) regarding suspicion of ML as a defence to the principal ML offences. It specifically provides that you can make an authorised disclosure (which will not breach confidentiality) either:

before ML has occurred;

whilst it is occurring but as soon as you suspect;

after it has occurred, if you had good reason for not disclosing earlier and make the disclosure as soon as practicable.


You should make your report to your MLRO who will consider it and decide whether to make a SAR to the NCA. If your entity does not have an MLRO, you should make the SAR directly to the NCA. Appropriate consent If you suspect that a retainer in which you are acting will involve dealing with criminal property (e.g. selling a property), you can make an authorised disclosure to the NCA via your MLRO and seek consent to undertake the “prohibited act” i.e. the further steps in the retainer which would constitute an ML offence. For further information as to how to make an authorised disclosure to the NCA and the process by which consent is obtained, see chapter 8. Reasonable excuse defence This defence applies where a person intended to make an authorised disclosure before doing a “prohibited act”, but had a reasonable excuse for not making a SAR. Reasonable excuse has not been defined by the courts, but the scope of the reasonable excuse defence is important for legal professional privilege. You will have a defence against a principal ML offence if you make an authorised disclosure. However, you are prevented from making a SAR if your knowledge or suspicion is based on privileged information and legal professional privilege (see chapter 6) is not excluded by the crime/fraud exception. CILEx shares the view of the Law Society that, in such circumstances, you will have a reasonable excuse for not making an authorised disclosure and will not commit an ML offence. There may be other circumstances in which you believe that you have a “reasonable excuse” but particularly as these are likely to be narrow, you should ensure that you clearly document your reasons for not reporting. If you suspect part way through It is not unusual for a transactional matter to appear legitimate early in the retainer, but then to develop in such a way that the fee earner or entity becomes suspicious at a later stage. It may be that you decide that certain steps have already taken place which you now suspect facilitated ML. Alternatively you may be concerned that further steps are to be taken which you suspect will facilitate further ML. Section 338(2A) provides that you may make an authorised disclosure in these circumstances if:

the disclosure is made while you are doing the prohibited act;


you began to do the act at a time when, because you did not then know or suspect that the property constituted or represented a person‟s benefit from criminal conduct, the act was not a prohibited act; and

you make a disclosure on your own initiative as soon as practicable after you first know or suspect that the property constitutes criminal property.

In such circumstances, you are likely to consider the position carefully and you may decide to take legal advice before making a SAR seeking consent for the remainder of the transaction to proceed. It will be prudent to document fully the chain of events and why you came to know or suspect that criminal property was involved and why you did not report before. Adequate consideration defence This defence applies if there was adequate consideration for acquiring, using and possessing the criminal property, unless you know or suspect that those goods or services may help another to carry out criminal conduct. The Crown Prosecution Service guidance for prosecutors says the defence applies where professional advisors, such as Chartered Legal Executives, solicitors or accountants, receive money for or on account of costs, whether from the client or from another person on the client's behalf. Disbursements are also covered. The fees charged must be reasonable, and the defence is not available if the value of the work is significantly less than the money received. The transfer of funds from client to office account, or vice versa, is covered by the defence. Returning the balance of an account to a client may constitute an ML offence if you know or suspect the money is criminal property. In that case, you must make an authorised disclosure (SAR) and obtain consent to transfer the money. Reaching a matrimonial settlement or an agreement on a retiring partner's interest in a business does not constitute adequate consideration for receipt of criminal property, as in both cases the parties would only be entitled to a share of the legitimately acquired assets of the marriage or the business. This is particularly important where your client would be receiving the property as part of a settlement which would be exempted from section 328 due to the case of Bowman v Fels. Particular care should be taken with such issues. The defence is more likely to cover situations where:

a third party seeks to enforce an arm‟s length debt and, unknown to them, is given criminal property in payment for that debt;

a person provides goods or services as part of a legitimate arm‟s length transaction but unknown to them is paid from a bank account which contains the proceeds of crime.


5.10 Failure to disclose offences – money laundering The failure to disclose provisions in sections 330, 331 and 332 apply where the information on which the knowledge or suspicion is based came to a person in the regulated sector on or after 24 February 2003, or where a person in the regulated sector has reasonable grounds for knowledge or suspicion on or after that date. In all three sections, the phrase „knows or suspects‟ refers to actual knowledge or suspicion, which is a subjective test. However, MLROs and employees in the regulated sector will also commit an offence if they fail to report when they have reasonable grounds for knowledge or suspicion, which is an objective test. On this basis, they may be guilty of the offence under section 330 if they should have known or suspected ML. MLROs may also be guilty of an offence under section 331. For all failure to disclose offences, you must either:

know the identity of the money launderer or the whereabouts of the laundered property, or

believe the information on which your suspicion was based may assist in identifying the money launderer or the whereabouts of the laundered property.

Section 330 – failure to disclose: regulated sector A person commits an offence if:

they know or suspect, or have reasonable grounds for knowing or suspecting, that another person is engaged in ML; and

the information on which their suspicion is based comes to them in the course of business in the regulated sector; and

they fail to disclose that knowledge or suspicion, or reasonable grounds for suspicion, as soon as practicable to an MLRO (nominated officer) or the NCA.

Section 331 – failure to disclose: nominated officer (MLRO) in the regulated sector An MLRO (nominated officer) in the regulated sector commits a separate offence if, as a result of an internal disclosure received by him or her under section 330, the MLRO knows or suspects, or has reasonable grounds for knowing or suspecting, that another person is engaged in ML and they fail to disclose/report as soon as practicable to the NCA. Section 332 – failure to disclose: nominated officer (MLRO) in the non-regulated sector An organisation which does not carry out relevant activities and so is not in the regulated sector, may decide on an RBA to set up internal disclosure systems and appoint a person as MLRO (nominated officer) to receive internal disclosures.


An MLRO in the non-regulated sector commits an offence if, as a result of a disclosure, they know or suspect that another person is engaged in ML and fails to make a SAR as soon as practicable to the NCA. For this offence, the test is a subjective one: did you know or suspect, as opposed to the objective test of “reasonable grounds to know or suspect”? 5.11 Defences to failure to disclose offences There are three defences to the failure to disclose offences:

you have a reasonable excuse;

you are a professional legal adviser or a relevant professional adviser and the information came to you in privileged circumstances;

you did not receive appropriate training from your employer.

The first defence applies to all three failure to disclose offences but the other two defences are only available to persons in the regulated sector who are not MLROs. All of the failure to disclose sections also make it clear that the offence will not be committed if the property involved in the suspected ML is derived from exempted overseas criminal conduct. Reasonable excuse If there is a reasonable excuse for not making a disclosure, no offence is committed, but there is no judicial guidance on what might constitute a reasonable excuse. However, as with “reasonable excuse” under the principal ML offences, where common law legal professional privilege has not been expressly excluded, following the reasoning in Bowman v Fels, the view is that the decision not to make a SAR because the information is subject to legal professional privilege would be a reasonable excuse. You should carefully document any reasons for not making a SAR under this section in order to protect yourself and the entity. Privileged circumstances No offence is committed if the information or other matter giving rise to suspicion comes to a professional legal adviser or relevant professional advisor in privileged circumstances. It should be noted that receipt of information in privileged circumstances is not the same as legal professional privilege. „Privileged circumstances‟ is a creation of POCA designed to comply with the exemptions from reporting set out in the European directives. Privileged circumstances means information communicated:

Comment [ALM4]: See earlier comment about definitions


by a client, or a representative of a client, in connection with the giving of legal advice to the client; or

by a client, or by a representative of a client, seeking legal advice from you; or

by a person in connection with legal proceedings or contemplated legal proceedings.

The exemption will not apply if information is communicated or given to you with the intention of furthering a criminal purpose. Entities are advised to familiarise themselves with the Crown Prosecution Service (CPS) guidance in the situation where a genuine, but mistaken belief is formed that the privileged circumstances exemption applies: http://www.cps.gov.uk/legal/p_to_r/proceeds_of_crime_money_laundering/ . Chapter 6 provides further guidance on privileged circumstances. Lack of training Employees within the regulated sector, who have no knowledge or suspicion of ML, even though there were reasonable grounds for suspicion, have a defence if they have not received training from their employers. Employers may be prosecuted under Regulation 21 for a breach of the MLR 2007 if they fail to train relevant employees. 5.12 Tipping off The offences of tipping off for ML are contained in the Proceeds of Crime Act 2002 as amended by the Terrorism Act 2000 and Proceeds of Crime Act 2002 (Amendment) Regulations 2007 (TACT and POCA Regulations 2007). There are also tipping off offences for terrorist property in the Terrorism Act 2000, as amended by the TACT and POCA Regulations 2007. There are two tipping off offences in section 333A of POCA which only apply to businesses in the regulated sector:

Section 333A(1) – disclosing a suspicious activity report (SAR). It is an offence to disclose to a third party that a SAR has been made by any person to the police, HMRC, the NCA or an MLRO (nominated officer), if that disclosure might prejudice any investigation that might be carried out as a result of the SAR. This offence can only be committed: o after a disclosure to the NCA; o if you know or suspect that by disclosing this information, you are likely to

prejudice any investigation related to that SAR; o the information upon which the disclosure is based came to you in the course

of business in the regulated sector.

Section 333A(3) – disclosing an investigation. It is an offence to disclose that an investigation into a ML offence is being contemplated or carried out if that

http://www.cps.gov.uk/legal/p_to_r/proceeds_of_crime_money_laundering/


disclosure is likely to prejudice that investigation. The offence can only be committed if the information on which the disclosure is based came to the person in the course of business in the regulated sector. The key point is that you can commit this offence, even where you are unaware that a SAR was submitted.

Prejudicing an investigation – outside the regulated sector Section 342(1) contains an offence of prejudicing an ML, confiscation, or civil recovery investigation, if the person making the disclosure knows or suspects that an investigation is being, or is about to be conducted. Section 342(1) was amended by paragraph 8 of the TACT and POCA Regulations 2007. It only applies to those outside the regulated sector. There is, however, an offence under section 342(2) relating to the falsification etc. of documents or permitting the falsification or destruction etc. which applies to everyone in the entity, regardless of the type of work in which they are engaged. You only commit this offence if you knew or suspected that the disclosure would, or would be likely to prejudice any investigation. 5.13 Defences to tipping off The following disclosures are permitted:

section 333B - disclosures within an undertaking or group, including disclosures to a professional legal adviser or relevant professional adviser;

section 333C - disclosures between institutions, including disclosures from a professional legal adviser to another professional legal adviser;

section 333D - disclosures to your supervisory authority (IPS/CILEx);

section 333D (2) - disclosures made by professional legal advisers to their clients for the purpose of dissuading them from engaging in criminal conduct.

A person does not commit the main tipping off offence if they do not know or suspect that a disclosure is likely to prejudice an investigation. Section 333B – disclosures within an undertaking or group etc. It is not an offence if an employee, officer or partner of your entity discloses that a SAR has been made if it is to an employee, officer or partner of the same undertaking. You will not commit a tipping off offence if a disclosure is made to another legal professional either:

within a different undertaking, if both parties carry on business in an EEA state;

in a country or territory that imposes ML requirements equivalent to the EU and both parties share common ownership, management or control.


Section 333C – disclosures between institutions etc. You will not commit a tipping off offence if all of the following criteria are met:

the disclosure is made to another legal professional in an EEA state, or one with an equivalent AML regime;

the disclosure relates to a client or former client of both parties, or a transaction involving them both, or the provision of a service involving them both;

the disclosure is made for the purpose of preventing an ML offence;

both parties have equivalent professional duties of confidentiality and protection of personal data.

Section 333D(2) – limited exception for professional legal advisers You will not commit a tipping off offence if the disclosure is to a client and it is made for the purpose of dissuading the client from engaging in conduct amounting to an offence. This exception and the tipping off offence in section 333A apply to those carrying on activities in the regulated sector. Section 342(4) – professional legal adviser exemption It is a defence to a section 342(1) offence that a disclosure is made by a legal adviser to a client, or a client‟s representative, in connection with the giving of legal advice or to any person in connection with legal proceedings or contemplated legal proceedings. Such a disclosure will not be exempt if it is made with the intention of furthering a criminal purpose (section 342(5)). 5.14 Making enquiries of a client You should make preliminary enquiries of your client, or a third party, to obtain further information to help you to decide whether you have a suspicion. You may also need to raise questions during a retainer to clarify such issues. There is nothing in POCA which prevents you making normal enquiries about your client's instructions, and the proposed retainer, in order to remove, if possible, any concerns and enable you to decide whether to take on or continue the retainer. These enquiries will only be tipping off if you disclose that a SAR has been made or that an ML investigation is being carried out or contemplated. The offence of tipping off only applies to the regulated sector. It is not tipping-off to include a paragraph about your obligations under the ML legislation in your standard client care letter.


CHAPTER 6 – LEGAL PROFESSIONAL PRIVILEGE (LPP) 6.1 Legislation Under section 190 of the Legal Services Act 2007, you are under a duty to keep the affairs of your clients confidential, and the circumstances in which you are able to disclose client communications are strictly limited. However, sections 327 - 329, 330 and 332 of POCA contain provisions for disclosure of information to be made to the NCA. You have a duty of full disclosure to your clients. However, sections 333A and 342 of POCA prohibit disclosure of information in circumstances where a SAR has been made and/or where it would prejudice an existing or proposed investigation. This chapter is relevant if you are considering whether to make a SAR under POCA. This chapter should be read in conjunction with chapter 5. The issue of LPP is complex and if you (or the entity) are in any doubt, you should seek legal advice on your own position. 6.2 Duty of confidentiality The duty of confidentiality applies to all matters revealed to you or the entity, from whatever source, by the client or someone acting on the client's behalf. Approved Managers must ensure that all employees within the entity understand this duty. In exceptional circumstances, the duty of confidentiality may be overridden but certain communications can never be disclosed unless statute permits, either expressly or by necessary implication. Such communications are those protected by legal professional privilege (LPP). 6.3 Legal professional privilege (LPP) LPP is a privilege against disclosure, ensuring clients know that certain documents and information provided to legal professionals cannot be disclosed at all. It recognises the client's fundamental human right to be open and transparent with his legal adviser, without fear of information being disclosed later to his detriment. It is an absolute right and cannot be overridden by any other interest e.g. that of the legal professional. LPP does not extend to everything legal professionals have a duty to keep confidential. LPP protects only those confidential communications falling under either of the two heads of privilege – advice privilege or litigation privilege. Advice privilege: Communications between a legal professional, acting in his capacity as a legal professional, and a client, are privileged if they are both:


confidential;

for the purpose of seeking legal advice or providing it to a client.

Communications are not privileged merely because a client is speaking or writing to you. The protection applies only to those communications which directly seek or provide advice or which are given in a legal context, that involve the legal professional using his legal skills and which are directly related to the performance of his or her professional duties [Passmore on Privilege: 3rd edition]. Case law helps define what advice privilege covers. Communications subject to advice privilege:

a solicitor‟s bill of costs and statement of account [Chant v Brown (1852) 9 Hare 790];

information imparted by prospective clients in advance of a retainer will attract LPP if the communications were made for the purpose of indicating the advice required [Minter v Priest [1930] AC558 per Lord Aitken at 584].

Communications not subject to advice privilege:

notes of open court proceedings [Parry v News Group Newspapers (1990) 140 New Law Journal 1719] are not privileged, as the content of the communication is not confidential;

conversations, correspondence or meetings with opposing lawyers [Parry v News Group Newspapers (1990) 140 New Law Journal 1719] are not privileged as the content of the communication is not confidential;

a client account ledger maintained in relation to the client's money [Nationwide Building Society v Various Solicitors [1999] P.N.L.R.53.];

an appointments diary or time record on an attendance note, timesheet or fee record relating to a client [R v Manchester Crown Court, ex p. Rogers [1999] 1 W.L.R. 832];

conveyancing documents are not communications so are not subject to advice privilege [R v Inner London Crown Court ex p. Baines & Baines [1988] QB 579].

Advice within a transaction All communications between a legal professional and his client relating to a transaction in which the legal professional has been instructed for the purpose of obtaining legal advice are covered by advice privilege, notwithstanding that they do not contain advice on matters of law and construction, provided they are directly related to the performance by the legal professional of his professional duties as legal adviser of his client [Three Rivers District Council and others v the Bank of England [2004] UKHL 48 at 111]. This will mean that where you are providing legal advice in a transactional matter (such as a conveyance) the advice privilege will cover all communications with, instructions from and advice given to the client including any working papers and drafts prepared, as long as they are directly related to your performance of your professional duties as a legal adviser.


Litigation privilege: This privilege, which is wider than advice privilege, protects confidential communications made after litigation has started, or is reasonably in prospect, between either:

a legal professional and a client;

a legal professional and an agent, whether or not that agent is a legal professional;

a legal professional and a third party.

These communications must be for the sole or dominant purpose of litigation, either:

for seeking or giving advice in relation to it;

for obtaining evidence to be used in it;

for obtaining information leading to obtaining such evidence.

It is not a breach of LPP to discuss a matter with your MLRO for the purposes of receiving advice on whether to make a disclosure. Important points to bear in mind: An original document not brought into existence for these privileged purposes and so not already privileged, does not become privileged by being given to a legal professional for advice or other privileged purpose. Further, where you have a corporate client, communication between you and the employees of the corporate client may not be protected by LPP if the employee cannot be considered to be "the client" for the purposes of the retainer. As such, some employees will be clients whilst others will not [Three Rivers District Council v the Governor and Company of the Bank of England (no 5) [2003] QB 1556]. It is not a breach of LPP to discuss the matter with your MLRO (nominated officer) for the purposes of receiving advice on whether to make a SAR. Crime/fraud exception: LPP protects advice you give to a client on avoiding committing a crime [Bullivant v Att-Gen of Victoria [1901] AC 196] or warning them that proposed actions could attract prosecution [Butler v Board of Trade [1971] Ch 680]. LPP does not extend to documents which themselves form part of a criminal or fraudulent act, or communications which take place in order to obtain advice with the intention of carrying out an offence [R v Cox & Railton (1884) 14 QBD 153]. It is irrelevant whether or not you are aware that you are being used for that purpose [Banque Keyser Ullman v Skandia [1986] 1 Lloyds Rep 336].


Intention of furthering a criminal purpose It is not just your client's intention which is relevant for the purpose of ascertaining whether information was communicated for the furtherance of a criminal purpose. It is also sufficient that a third party intends the lawyer/client communication to be made with that purpose (e.g. where the innocent client is being used by a third party) [R v Central Criminal Court ex p Francis & Francis [1989] 1 AC 346]. Knowing a transaction constitutes an offence If you know the transaction you are working on is a principal offence, you risk committing an offence yourself. In these circumstances, communications relating to such a transaction are not privileged and should be disclosed. Suspecting a transaction constitutes an offence If you merely suspect a transaction might constitute an ML offence, the position is more complex. If the suspicions are correct, communications with the client are not privileged. If the suspicions are unfounded, the communications should remain privileged and are therefore non-disclosable. Prima facie evidence If you suspect you are unwittingly being involved by your client in a fraud, the courts require prima facie evidence before LPP can be displaced [O'Rourke v Darbishire [1920] AC 581]. The sufficiency of that evidence depends on the circumstances: it is easier to infer a prima facie case where there is substantial material available to support an inference of fraud. Whilst you may decide yourself whether prima facie evidence exists, you may also ask the court for directions [Finers v Miro [1991] 1 W.L.R. 35]. The Crown Prosecution Service guidance for prosecutors indicates that if you form a genuine, but mistaken, belief that the privileged circumstances exemption (see chapter 6.4 below) applies (e.g. the client misleads you and uses the advice received for a criminal purpose) you will be able to rely on the reasonable excuse defence. It is likely that a similar approach would be taken with respect to a genuine, but mistaken, belief that LPP applies. CILEx‟s view is that you should not make a SAR unless you have strong prima facie evidence that you are being used to further a crime. 6.4 Privileged circumstances POCA recognises another type of communication - one which is received in 'privileged circumstances' which is separate from LPP. It is not the same. It is merely an exemption from certain provisions of POCA, although in many cases the communication will also be covered by LPP. The privileged circumstances exemptions are found in the provisions of:


POCA – section 330 (6)(b), (10) and (11);

POCA – section 342 (4);

Terrorism Act – section 19 (5) and (6);

Terrorism Act – section 21A (8).

Although the wording is not exactly the same in all these sections, the essential elements of the exemption are as follows:

you are a professional legal adviser;

the information or material is communicated to you: o by your client or their representative in connection with you giving legal

advice; o by the client or their representative in connection with them seeking legal

advice from you; o by any person for the purpose of/in connection with actual or contemplated

legal proceedings;

the information or material cannot be communicated or given to you with a view to furthering a criminal purpose.

The defence covers Approved Managers and their employees (see section 330(7B) of POCA, barristers and in-house lawyers). You should consider the crime/fraud exception when determining what constitutes the furthering of criminal purpose (see above). Section 330(9A) protects the privilege attaching to any disclosure made to an MLRO for the purposes of obtaining advice about whether or not a SAR should be made. Differences between privileged circumstances and LPP: Protection of advice Communications between you and third parties will not be protected under the advice arm of LPP when advice is given or received in circumstances where litigation is neither contemplated nor reasonably in prospect, except in very limited circumstances. Privileged circumstances, however, exempt communications regarding information communicated by representatives of a client, where it is in connection with you giving legal advice to the client, or the client seeking legal advice from you. This may include communications with:

a junior employee of a client (if it is reasonable in the circumstances to consider them to be a representative of the client);

other professionals who are providing information to you on behalf of the client as part of the transaction.


You should consider the facts of each case when deciding whether or not a person is a representative for the purposes of privileged circumstances. Losing protection by dissemination There may be circumstances in which a legal adviser has information which is subject to LPP communicated to him or her, but which does not fall within the definition of privileged circumstances. For example, a legal professional representing client A may hold or have had communicated to him or her information which is privileged as between client B and his own legal professional, in circumstances where client A and client B are parties to a transaction, or have some other shared interest. The sharing of this information may not result in client B's privilege being lost, if it is made clear that privilege is not waived [Gotha City v Sothebys (no1) [1998] 1 WLR 114]. However, privileged circumstances will not apply because the information was not communicated to client A's legal professional by a client of his in connection with the giving by him of legal advice to that client. If, however it was given to him by any person in connection with legal proceeding or contemplated legal proceedings, privileged circumstances would apply. In such circumstances, the legal professional representing client A would not be able to rely on privileged circumstances, but the information might still be subject to LPP, unless the crime/fraud exemption applied. Vulnerability to seizure It is important to identify correctly whether communications are protected by LPP or if they are merely covered by the privileged circumstances exemption. This is because the privileged circumstances exemption exempts you from certain POCA provisions. It does not provide any of the other LPP protections to those communications. Therefore a communication which is only covered by privileged circumstances, not LPP will still remain vulnerable to seizure or production under a court order or notice from law enforcement which overrides confidentiality. 6.5 When to disclose If the communication is covered by LPP and the crime/fraud exception does not apply, you cannot make a SAR under POCA. If the communication was received in privileged circumstances and the crime/fraud exception does not apply, you are exempt from the relevant provisions of POCA, which include making a SAR to the NCA.


If neither of these situations applies, the communication will still be confidential. However, the material is disclosable under POCA and can be disclosed, whether as an authorised disclosure, or to avoid breaching section 330. Section 337 of POCA permits you to make such a disclosure and provides that you will not be in breach of your professional duty of confidentiality if you do so.


CHAPTER 7 – TERRORIST PROPERTY OFFENCES 7.1 Legislation The Terrorism Act 2000 (as amended) criminalises not only the participation in terrorist activities but also the provision of monetary support for terrorist purposes. The Terrorism Act applies to everyone including the principal terrorist property offences in sections 15 – 18. However, the specific offence of failure to disclose and the two tipping off offences apply only to persons in the regulated sector (see chapter 1.4). Section 15 – fundraising It is an offence to be involved in fundraising if you have knowledge or reasonable cause to suspect that the money or other property raised may be used for terrorist purposes. You can commit the offence by:

inviting others to make contributions;

receiving contributions;

making contributions towards terrorist funding, including making gifts and loans.

There is no defence that the money or other property is a payment for goods and services. Section 16 – use or possession It is an offence to use or possess money or other property for terrorist purposes and you intend that it should be used or you have reasonable cause to suspect it may be used for these purposes. Section 17 – arrangements It is an offence to become involved in an arrangement which makes money or other property available to another if you know, or have reasonable cause to suspect it may be used for terrorist purposes. Section 18 – money laundering It is an offence to enter into or become concerned in an arrangement facilitating the retention or control of terrorist property by, or on behalf of, another person including, but not limited to the following ways:

by concealment;

by removal from the jurisdiction;

by transfer to nominees.


It is a defence if you did not know, and had no reasonable cause to suspect, that the arrangement related to terrorist property. Chapter 5 provides assistance as to what constitutes an arrangement under POCA. 7.2 Defences to principal terrorist property offences The TACT and POCA Regulations 2007 introduced three defences to the main offences in sections 15 – 18. These defences are contained in sections 21ZA – 21ZC.

Prior consent defence – you make a disclosure to an authorised person before becoming involved in a transaction or an arrangement and the person acts with the consent of an authorised officer.

Consent defence – you are already involved in a transaction or arrangement and make a disclosure, so long as there is a reasonable excuse for failure to make a disclosure in advance.

Reasonable excuse defence – you intended to make a disclosure but have a reasonable excuse for failing to do so (see chapter 5.10).

There are further defences relating to co-operation with the police in section 21. You do not commit an offence under sections 15-18 in the following circumstances:

you are acting with the express consent of a constable, including civilian staff at the NCA;

you disclose your suspicion or belief to a constable or the NCA after you become involved in an arrangement or transaction that concerns money or terrorist property, and you provide the information on which your suspicion or belief is based. You must make this disclosure on your own initiative and as soon as reasonably practicable.

The defence of disclosure to a constable or the NCA is also available to an employee who makes a disclosure about terrorist property offences in accordance with the internal reporting procedures laid down by the entity. Chapter 8 provides information on how to make a disclosure/report to the NCA. 7.3 Failure to disclose offences Non-regulated sector Section 19 provides that anyone, whether they are an MLRO (nominated officer) or not, must disclose as soon as reasonably practicable to a constable, or the NCA, if they know or suspect that another person has committed a TF offence based on information which came to them in the course of a trade, profession or employment. The test is subjective.


Regulated sector Section 21A, inserted by the Anti -Terrorism Crime and Security Act 2001, makes it a criminal offence for those in the regulated sector to fail to make a disclosure to either a constable or the entity's MLRO where they know, suspect, or there are reasonable grounds for suspecting that another person has committed an offence. This was expanded by the TACT and POCA Regulations 2007 include a failure to disclose an attempted offence under sections 15 -18. 7.4 Defences to failure to disclose The following are defences to the failure to disclose offences under both section 19 and section 21A, either:

you had a reasonable excuse for not making the disclosure; or

you received the information on which the belief or suspicion is based in privileged circumstances, without an intention of furthering a criminal purpose.

TACT Regulations 2007 introduced an additional defence for those in the regulated sector. A person has a defence where they are employed or are in partnership with a professional legal adviser to provide assistance and support and they receive information giving rise to the relevant knowledge or suspicion in privileged circumstances. It is also a defence under section 19 if you made an internal report in accordance with your employer's reporting procedures. 7.5 Tipping off The tipping off offences in relation to the terrorism offences are very similar to those under POCA and are set out below. Section 21D tipping off offences: regulated sector

Section 21D (1) – disclosing a suspicious activity report (SAR). It is an offence to disclose to a third person that a SAR has been made by any person to the police, HM Revenue and Customs, the NCA or an MLRO/nominated officer, if that disclosure might prejudice any investigation that might be carried out as a result of the SAR. This offence can only be committed:

after a disclosure to the NCA;

if you know or suspect that, by disclosing this information, you are likely to prejudice any investigation related to that SAR;

the information upon which the disclosure is based came to you in the course of business in the regulated sector.

Section 21D(3) – disclosing an investigation. It is an offence to disclose that an investigation into allegations relating to terrorist property offences is being contemplated or carried out if that disclosure is likely to prejudice that


investigation. The offence can only be committed if the information on which the disclosure is based came to the person in the course of business in the regulated sector. The key point is that you can commit this offence, even where you are unaware that a SAR was submitted.

7.6 Defences to tipping off The defences to tipping off are also similar to those under POCA but there are some additional provisions which may be of assistance to legal professionals. Section 21E – disclosures within an undertaking or group etc. It is not an offence if an employee, officer or partner discloses that a SAR has been made if it is to an employee, officer or partner of the same undertaking. In addition, you will not commit a tipping off offence if a disclosure is made to another legal professional in a different undertaking, provided that the undertakings in which the parties work:

share common ownership, management or control, and

carry on business in either an EEA state or a country or territory that imposes ML requirements equivalent to the EU.

Section 21F – other permitted disclosures You will not commit a tipping off offence if all the following criteria are met:

the disclosure is made to another legal professional in an EEA state, or a country with an equivalent AML regime;

the disclosure relates to a client or former client of both parties, or a transaction involving them both, or the provision of a service involving them both;

the disclosure is made for the purpose of preventing a money laundering offence;

both parties have equivalent professional duties of confidentiality and protection of personal data.

Section 21G – limited exception for professional legal advisers You will not commit a tipping off offence if the disclosure is to a client and it is made for the purpose of dissuading the client from engaging in conduct amounting to an offence. This exception and the tipping off offence in section 21D only apply to legal professionals in the regulated sector. 7.7 Making enquiries of a client You will often make preliminary enquiries of your client, or a third party, to obtain further information to help you to decide whether you have a suspicion. You may also need to raise questions during a retainer to clarify issues.


These enquiries will only amount to tipping off if you disclose that a SAR has been made, or that an investigation into allegations relating to terrorist property offences is being carried out or contemplated. 7.8 Sanctions regime The UK operates a range of financial sanctions, as do other advanced economies, which tend to follow action at the UN or the EU, because of human rights abuses or other violations of internationally accepted behaviour. Sanctions may also be imposed at UK level for the above reasons or to minimise the risk of terrorism within the UK. Financial sanctions affect designated persons, including individuals and entities. Those designated persons („sanctions targets‟) are listed in the Consolidated List published by HM Treasury. Detailed guidance on sanctions has been produced by HM Treasury https://www.gov.uk/government/publications/financial-sanctions-faqs Financial sanctions invariably include asset freezing measures, which means that funds are frozen by a bank or other institutions involved.

Under the Al Qaida and Taliban (United Nations Measures) Order 2011 you must not:

deal with the funds or economic resources of designated persons;

make funds and economic resources available, directly or indirectly for the benefit of designated persons.

Under the Terrorism Asset Freezing Act 2010, you must not:

deal with the funds or economic resources of a designated person;

make funds, financial services or economic resources available, directly or indirectly to a designated person;

make financial services or economic resources available to any person for the significant benefit of a designated person.

Finally, you must not knowingly and intentionally participate in activities that would directly or indirectly circumvent the financial restrictions, enable, or facilitate the commission of any of the above offences. It is a defence if you did not know or had no reason to suspect that you were undertaking a prohibited act in relation to a designated person. In relation to funds, „deal with‟ is defined by the legislation as:

using, altering, moving, allowing access to or transferring;

dealing with in any other way that would result in any change in volume, amount, location, ownership, possession, character or destination; or

https://www.gov.uk/government/publications/financial-sanctions-faqs


making any other change that would enable use, including portfolio management.

In relation to economic resources, 'deal with' is defined as:

using to obtain funds, goods, or services in any way, including (but not limited to) by selling, hiring or mortgaging the resources.

Financial services are defined broadly and include advisory services such as providing advice on:

acquisitions;

corporate restructuring and strategy.

In some cases (domestic terrorism designations and dealing with Syria and Iran) there are additional restrictions on providing designated persons with financial services or insurance. Systems: Entities should have policies and procedures to ensure that they comply with their obligations under the sanctions regime. This may include subscribing to the updates from the Financial Sanctions Unit at HM Treasury http://engage.hm-treasury.gov.uk/fin-sanc-subscribe/ so that you are aware of any changes to sanctioned regimes and to persons who become designated persons. Where an entity carries out checks, it may find that it has a customer with a name (or other details) identical or similar to that of a designated person. Where this is the case, the entity needs to decide as far as possible whether their customer is actually the designated person or not. If the entity decides their customer is a designated person, they should freeze the funds (but not send them to HM Treasury) and report the full facts to HM Treasury using this email address: [email protected]. Designated persons You must not proceed with a transaction, unless you obtain a licence from HM Treasury Financial Sanctions Unit, where a client or the intended recipient of funds from the transaction is identified as a designated person. You must do all of the following:

suspend the transaction pending advice from the Financial Sanctions Unit;

contact the Financial Sanctions Unit to seek a licence to deal with the funds;

consider whether you have a suspicion of ML or TF which requires a SAR to be made to the NCA.

You must not:

http://engage.hm-treasury.gov.uk/fin-sanc-subscribe/

http://engage.hm-treasury.gov.uk/fin-sanc-subscribe/

mailto:[email protected]


return funds to the designated person without the approval of the Financial Sanctions Unit.

The Financial Sanctions Unit has the power to grant licences exempting certain transactions from the financial restrictions. Requests are considered on a case-by-case basis, to ensure that there is no risk of funds being diverted to terrorism. Contact the Financial Sanctions Unit to request a licence or obtain advice regarding financial restrictions at: Financial Sanctions Unit Address 1 Horse Guards Road London SW1A 2HQ Email: [email protected].

mailto:[email protected]


CHAPTER 8 – MAKING A SAR 8.1 Introduction The National Crime Agency (the NCA) is responsible for the reporting regime for ML and TF. It took over responsibility from the Serious Organised Crime Agency (SOCA) on 7 October 2013 under provisions contained in the Crime and Courts Act 2013. It is a law enforcement body devoted to dealing with organised crime within the UK and networking with other law enforcement agencies to combat global organised crime. For full details on the NCA, their activities and how to make a SAR view their website at: http://www.nationalcrimeagency.gov.uk/ 8.2 Reporting obligations A suspicious activity report (SAR) is the name used to refer to the making of a disclosure to the NCA under either POCA or the Terrorism Act. Under POCA, any person may be required to make an authorised disclosure or SAR about criminal property. In addition, all persons within the regulated sector and MLROs have obligations to report suspicions of ML under POCA. Under the Terrorism Act 2000, all persons must report suspected TF to the NCA. Entities need to ensure that all employees understand the reporting obligations under POCA and the Terrorism Act 2000 and to whom reports must be made, as well as what information to provide. It is unlikely that an entity will allow employees to make SARs to the NCA, instead requiring that they report to the MLRO or a deputy who will decide on behalf of the entity whether to make a report. Under POCA, a SAR must be made as soon as practicable, after the individual has formed a reportable suspicion or knows of TF or ML (subject to privilege considerations). There are a number of considerations to bear in mind when reporting and it is important that SARs are made in accordance with the law, when the law requires a SAR to be made. 8.3 How to report A SAR may be submitted online or by fax using the preferred forms. There is no prescribed form. Entities are encouraged to make a SAR using the securely encrypted SARs online system as this allows you to submit a SAR at any time of day and receive e-mail confirmation of each SAR submitted. It also enables you to register your firm and relevant contact persons with the NCA. The advantages of using this method are that it will help the NCA to assess your SAR quickly and where relevant, is likely to result in consent being granted more

http://www.nationalcrimeagency.gov.uk/

http://www.lawsociety.org.uk/advice/anti-money-laundering/legislation/


http://www.lawsociety.org.uk/advice/practice-notes/aml/introduction/#h1poca1


swiftly. Entities/MLROs are advised to register in preparation for making a SAR rather than waiting until a SAR needs to be made. Details of how to register and activate the registration are at: https://www.ukciu.gov.uk/(kea0xyv1ddzwgm55eawgs155)/saronline.aspx Although SARs can be submitted in hard copy, they should be typed on the preferred forms. No acknowledgement will be received of SARs submitted this way. If consent is required, the SAR should be submitted by fax to: 020 7238 8286 and not by post. Where consent is not required, a hard copy SAR should be sent by post to UK FIU, PO Box 8000, London SE11 5EN. 8.4 What information should be included? The NCA has provided guidance on how to submit a SAR http://www.nationalcrimeagency.gov.uk/publications/116-submitting-a-sar-within-the-regulated-sector/file and how to seek consent http://www.nationalcrimeagency.gov.uk/about-us/what-we-do/specialist-capabilities/ukfiu/seeking-consent-for-financial-transactions In September 2014, guidance on the Closure of Cases Requiring Consent was released http://www.nationalcrimeagency.gov.uk/publications/398-closure-of-sars-cases-requesting-consent/file. This makes it clear that cases will be closed with effect from 1 October 2014 if insufficient information is provided in the SAR. It is recommended that MLROs/entities ensure that they are familiar with the contents of the guidance so that SARs contain all the relevant information which will increase the chances of consent being obtained quickly. It is also recommended that the NCA's glossary of codes is used in the reason for suspicion section of the report: http://www.nationalcrimeagency.gov.uk/publications/47-sar-glossary-codes-revision-explained/file. You are required to provide your regulator number which is available from IPS (details to be inserted). 8.5 Obtaining consent An MLRO will often be seeking consent from the NCA for the entity to undertake a “prohibited act” i.e. one that would constitute a principal ML offence. Although the NCA has produced detailed guidance (see paragraph 8.4), it is important to consider the following points;

consent can only be granted to the extent it is sought, so explain what the next steps are and what you are seeking consent to do, (in non-legal language);

the initial “notice period” is 7 working days after the SAR is made. If consent is

https://www.ukciu.gov.uk/(kea0xyv1ddzwgm55eawgs155)/saronline.aspx

http://www.nationalcrimeagency.gov.uk/publications/116-submitting-a-sar-within-the-regulated-sector/file

http://www.nationalcrimeagency.gov.uk/publications/116-submitting-a-sar-within-the-regulated-sector/file

http://www.nationalcrimeagency.gov.uk/about-us/what-we-do/specialist-capabilities/ukfiu/seeking-consent-for-financial-transactions

http://www.nationalcrimeagency.gov.uk/about-us/what-we-do/specialist-capabilities/ukfiu/seeking-consent-for-financial-transactions

http://www.nationalcrimeagency.gov.uk/publications/398-closure-of-sars-cases-requesting-consent/file

http://www.nationalcrimeagency.gov.uk/publications/398-closure-of-sars-cases-requesting-consent/file

http://www.nationalcrimeagency.gov.uk/publications/30-glossary-codes-oct-2013/file

http://www.nationalcrimeagency.gov.uk/publications/47-sar-glossary-codes-revision-explained/file

http://www.nationalcrimeagency.gov.uk/publications/47-sar-glossary-codes-revision-explained/file


refused, the “moratorium period” is a further 31 calendar days from the date of refusal. If you need consent more quickly, explain why the issue is urgent and give details. You may need to discuss the situation with the NCA, particularly if the situation changes. The NCA may be able to give consent in a matter of hours provided they have all the relevant information;

within the notice and moratorium periods, you must not undertake a prohibited act. However you can still undertake other activities, such as writing letters, conducting searches etc.;

the NCA will contact you by telephone to advise that consent has been provided and will then send a follow up letter or email.

Entities should be aware of the Terrorism Act 2000 and Proceeds of Crime Act 2002 (Amendment) Regulations 2007 which came into force on 26 December 2007. There is now a defence if you make a SAR to an authorised person before becoming involved in a transaction or an arrangement, and the person acts with the consent of an authorised officer, see section 21ZA. 8.6 Constructive trust issues POCA‟s aim is to deprive wrongdoers of the benefit of their crimes, not to compensate the victims who have the right under civil law to take action against wrongdoers and those who have assisted them through a claim for constructive trusteeship. Legal professionals may be targeted by the victim of the crime as they tend to be able to pay compensation due to their indemnity insurance. Making a SAR, even if you obtain consent, does not avoid any liability for acting as a constructive trustee. If you think you have acted as a constructive trustee, you should seek legal advice. Liability as a constructive trustee under English law can arise when an entity either knows that the funds held by the entity do not belong to its client, or is on notice that such funds or property may not belong to its client. The entity will then take on the obligation of a constructive trustee to the rightful owner of the funds or property. If the entity pays the funds or property to someone other than the rightful owner and it is deemed to have acted dishonestly in doing so, it may be held liable for knowingly assisting a breach of trust. As a result of making a SAR, the entity may became a constructive trustee as there may then be an indication that the entity knows that the property does not belong to its client, or is on notice that it may not belong to its client. However, such suspicion may not itself be enough to cause an entity to become a constructive trustee. Case law suggests that a constructive trust will only arise when there is some evidence that the property belongs to someone other than the client. Constructive trusteeship can arise as a result of your interference with trust property or involvement in a breach of fiduciary duty. These are traditionally described as

http://www.lawsociety.org.uk/advice/practice-notes/aml/money-laundering-offences/#h5pmlo

http://www.lawsociety.org.uk/advice/practice-notes/aml/money-laundering-offences/#h5pmlo


“knowing receipt” and “knowing assistance‟. This area of law is complex and specialist legal advice should be sought if there is a possibility that the entity may have acted as a constructive trustee. It should be noted that constructive trust is not a concept recognised in Scots law. 8.7 Contacting the NCA If you need help

to submit a SAR or with the SARs online system;

on consent issues;

in assessing the risk of tipping off so you know whether disclosing information about a particular SAR would prejudice an investigation;

you should contact the NCA on 020 7238 8282. 8.8 Confidentiality of SARs A key element of the SARs regime is that the NCA and law enforcement treat SARs confidentially. Home Office circular 53/2005 provides further information but in essence where information from a SAR is disclosed to law enforcement, all parties must ensure that the identity of the reporter (and the entity) is not disclosed to anyone: https://www.gov.uk/government/publications/money-laundering-the-confidentiality-and-sensitivity-of-suspicious-activity-reports-sars-and-the-identity-of-those-who-make-them. If a reporter‟s identity is not protected, the safety of the reporter may be at risk. If you have specific concerns regarding your safety after making a SAR, you should raise this with the NCA either in the SAR or through the helpdesk. If you have concerns about your immediate safety following the making of a SAR, you should contact your local police. If you fear the confidentiality of a SAR made by you or your entity has been breached, you should telephone the SARs confidentiality breach line on 0800 234 6657. In addition, you can contact IPS (insert details) so that we can continue to monitor this issue for discussion with the NCA. 8.9 Feedback on SARs The NCA provides some feedback in their annual reports on the value of SARs they have received. The feedback will always be anonymised to protect the confidentiality of those who submitted it.

https://www.gov.uk/government/publications/money-laundering-the-confidentiality-and-sensitivity-of-suspicious-activity-reports-sars-and-the-identity-of-those-who-make-them




CHAPTER 9 – TRAINING 9.1 Introduction Entities will consider who to train, how to train, the form and frequency of the training and how to keep employees up to date with ML developments and emerging risk factors. Entities will review the requirements of Regulation 21 in deciding who will be “relevant employees”, this will normally include employees in the regulated sector, finance/accounts employees and those involved in compliance. Employees dealing directly with clients are the first point of contact with potential money launderers and terrorist financers and their efforts are therefore vital in the strategy for the fight against ML or TF. Employees in the non-regulated sector will need to be trained on POCA and the Terrorist Act. If the entity verifies the identity of all clients, it would be sensible to train all employees on the CDD systems. The training requirements of fee earners, reception staff, administration staff and finance staff are all likely to be different and an entity will want to ensure that the training is effective, relevant and memorable. You must take appropriate measures so that relevant employees are regularly given training. The general view is that training for all relevant employees every 2 years is prudent. In deciding what the right approach is for your entity, you are likely to consider your risk profile and the extent of the involvement of certain employees in ensuring compliance, in discussion with your training/education function. 9.2 What form should training take? There is no standard way to conduct employee training for ML purposes. The training needs to be tailored to meet your needs, depending on the size and nature of your entity and the available time and resources, in accordance with your risk assessment. Training can take many forms and may include:

online desk-based training;

face to face training;

internal meetings or discussions on AML/CTF issues and risk factors;

circulation of relevant articles or publications etc.;

attendance at AML/CTF conferences;

participation in dedicated AML/CTF forums. In order to demonstrate your compliance with Regulation 21, the entity/MLRO should retain records of the training, when it was provided and by whom, the content and


who attended. It is also prudent to retain evidence of your assessment of training needs and the steps taken to meet such needs. In considering the content of the training, the MLRO will consider criminal sanctions and reputational risks of non-compliance, developments in the common law, changing criminal methodologies and relevant publications. Training should ensure that:

employees are made aware that there is a very wide variety of documentation (from reliable and independent sources) that can be used to identify the client and verify their identity;

employees are not restricted to accepting limited types of ID documentation;

if in doubt about whether a document is acceptable (on its own or taken together with a number of other documents), employees should speak to a partner or contact their MLRO;

employees are made aware of your policy for dealing with cash transactions and the need for extra vigilance in these cases; and

the training should include details of your systems for ongoing monitoring of client relationships and the role the individual plays in the functioning of that system.

It will be necessary to make arrangements for refresher training to ensure that employees are kept aware of their responsibilities and are provided with updates on any changes. The provision of an AML/CTF manual provides a continual reference source between training sessions and helps to maintain employee awareness. 9.3 Appropriate level of training In terms of the level of training for different individuals within your entity, CILEx recommends the following: Partners/Principals/Assistants Partners, principals and assistants who are dealing directly with clients should receive appropriate training on CDD measures, must be made aware of their legal responsibilities and be familiar with your reporting system for suspicious transactions. Training should be provided on factors that may give rise to suspicions and on the procedures to be adopted when a transaction is deemed to be suspicious. Managers/Supervisors A high level of instruction covering all aspects of ML procedures must be provided to those with the responsibility for supervising or managing employees. This should include the offences and penalties arising from the legislation for non-reporting, the internal reporting procedures and the requirements for CDD and the retention of


records. Training could be provided internally by a Compliance Officer, MLRO or partner/principal who has attended training themselves. New employees/administrative or support employees A general appreciation of the background to ML and the subsequent need for reporting of any suspicious transactions to the MLRO should be provided to all new employees and administrative or support employees who would be dealing with clients or their transactions, irrespective of the level of seniority. All employees should be made aware of the legal requirement to report suspicions to the MLRO, and that there is a personal statutory obligation in this respect. Training could be provided internally by a Compliance Officer, MLRO or partner/principal who has attended training themselves. Compliance Officers and Money Laundering Reporting Officers If you decide to assign responsibility for compliance procedures to one individual and responsibility for reporting suspicious transactions to the same, or another, individual, then they should be provided with in-depth training concerning all aspects of the legislation and internal policies. In particular, the MLRO will require extensive initial and on-going instruction on the validation and reporting of suspicious transactions, on feedback arrangements and on new trends and patterns of criminal activity.


CHAPTER 10 – ENFORCEMENT 10.1 Introduction The UK AML/CTF regime is one of the most robust in Europe. Breaches of obligations under the regime are backed by disciplinary and criminal penalties. Law enforcement agencies and regulators work co-operatively with the regulated sector specifically and the legal sector generally to assist compliance and increase understanding of how to effectively mitigate risks. However, entities and their employees should be well aware of the seriousness of the sanctions for a failure to comply as well as the willingness of supervisory and enforcement bodies to take appropriate action for non-compliance. 10.2 Supervision under the regulations Regulation 23 provides for several bodies to be supervisory authorities for different parts of the regulated sector. Where a person in the regulated sector is covered by more than one supervisory authority, either the joint supervisory authorities must agree who is to be the sole supervisor of the person, or they must co-operate in the performance of their supervisory duties. A supervisory authority must:

monitor effectively the persons for whom it is responsible;

take necessary measures to ensure their compliance with the requirements of the regulations;

report to the NCA any suspicion that a person for whom it is responsible has engaged in money laundering or terrorist financing.

CILEx The supervisory authority listed in the MLR 2007 for Chartered Legal Executives in England and Wales is the Chartered Institute of Legal Executives (CILEx). This responsibility has been delegated in practice to ILEX Professional Standards (IPS). Other supervisors Other supervisory authorities which may be of relevance to entities include:

The Solicitors Regulation Authority

The Financial Conduct Authority

The Insolvency Practitioners Association

The Council for Licensed Conveyancers

The Chartered Institute of Taxation.

The Institute of Chartered Accountants in England and Wales


http://www.fsa.org.uk/

http://www.insolvency-practitioners.org.uk/

http://www.conveyancer.org.uk/

http://www.tax.org.uk/


Where IPS reaches agreement with another supervisor as to who is to be the supervisory authority for the entity, the entity will be informed about the agreement in accordance with Regulation 23(3). In all other cases of supervisory overlap, and where you have questions about AML supervision, contact IPS. The JMLSG provides guidance to the financial sector which the FCA considers when assessing compliance with AML/CTF obligations. 10.3 Enforcement powers under the Money Laundering Regulations (MLR) 2007 Part 5 of the MLR 2007 gives designated authorities a variety of powers to enable them to perform their functions under the MLR 2007. They can also impose civil penalties for non-compliance. The powers are:

Regulation 37: power to require information from, and attendance of, relevant and connected persons without a warrant

Regulation 38: power to enter and inspect without a warrant

Regulation 39: power to obtain a warrant to do things under regulations 37 and 38

Regulation 40: power to obtain a court order requiring compliance with regulation 37.

HM Treasury has stated that designated authorities may use these powers in their role as supervisor, and only on those relevant persons they supervise. 10.4 Disciplinary action If an entity or its employees fail to comply with AML/CTF obligations, that may also be a breach of the CILEx Code of Conduct and result in disciplinary action by IPS. For further information, contact the [helpline on insert telephone number (inside the UK), 09:00-17:00, Monday to Friday. 10.5 Offences and penalties Failure to comply with AML/CTF obligations puts you at risk of committing criminal offences. A summary of the offences and the relevant penalties are set out in chapter 5 and 7. In addition to the principal offences, you could be charged with offences of conspiracy, attempt, counselling, aiding, abetting or procuring a principal offence, depending on the circumstances.



10.6 Joint liability Regulation 47 provides that offences under the MLR 2007 can be committed by an entity as a whole, whether it is a body corporate, partnership or unincorporated association. However, if it can be shown that the offence was committed with the consent, contrivance or neglect of an officer, partner or member, then both the entity and the individual can be liable to 2 years‟ imprisonment or a fine or both. 10.7 Prosecution authorities The following prosecuting authorities are the most relevant for the purposes of this guidance;

the Crown Prosecution Service is a prosecuting authority for offences under POCA, the Terrorism Act and the MLR 2007;

the Revenue and Customs Prosecutions Office is a prosecuting authority for offences under POCA and the MLR 2007;

the FCA is a prosecuting authority under POCA and the MLR 2007 as a result of section 402 of the Financial Services and Markets Act 2000.

http://www.lawsociety.org.uk/Advice/Anti-money-laundering/Legislation/

http://www.legislation.gov.uk/ukpga


Annex 1 – Money Laundering Directives: A Summary

Financial Action Task Force (FATF) This was created in 1989 by the G7 Paris summit, building on UN treaties on trafficking of illicit substances in 1988 and confiscating the proceeds of crime in 1990. In 1990, FATF‟s 40 recommendations for fighting ML were released. A further 9 special recommendations to prevent terrorist funding were issued between 2001 and 2004. The revised Recommendations, issued in February 2012, form the basis of the proposed Fourth Money Laundering Directive. European Union directives The First Money Laundering Directive (1991) was issued by the European Commission to comply with the FATF recommendations. The FATF 40 recommendations and the First Directive only applied to banks and credit institutions and required Member States to make ML a criminal offence. It was incorporated into UK law via the Criminal Justice Act 1993, the Drug Trafficking Act 1994 and the Money Laundering Regulations 1993. Following the 1998 G8 summit, attention in the fight against ML began to focus increasingly on “gatekeepers”. These are intermediaries, e.g. legal professionals who are targeted to help launder the proceeds of crime. The FATF report on Money Laundering Typologies 2000-2001 expanded on the role of „gatekeeper‟ professionals in facilitating ML. (FATF‟s report on the vulnerabilities of legal professionals to ML and TF was issued in 2013. The International Bar Association (IBA) guidance was issued in October 2014.) The Second Money Laundering Directive (2001), adopted in the wake of “9/11”, required EU Member States to extend the AML regime to legal professionals due to the concerns that they were being used to launder the proceeds of crime and fund terrorism. It was incorporated into UK law via the Proceeds of Crime Act 2002 (POCA) and the MLR 2003. The requirements were extended to specific activities provided by a number of professionals, such as independent legal professionals, accountants/auditors, tax advisers and estate agents. The amendments to the FATF recommendations were incorporated and mirrored the requirements already applicable to the financial services sector, with some exemptions to safeguard legal professional privilege. The Third Money Laundering Directive (2005), adopted in 2005, was incorporated into UK law by the MLR 2007 and the TACT and the POCA Amendment Regulations 2007. It extended the due diligence requirements to PEPs, required the identification of beneficial owners and introduced the concept of a risk-based approach.


Annex 2 – Practical examples of interests and powers of control

See paragraph 4.14 Example 1 Details X's will provides that after payment of legacies and testamentary expenses his residuary estate passes to his children in equal shares. Three children survive X, one of whom (Y) is under 18. Application On X's death each of the children have a vested interest in one third of the residuary estate, notwithstanding that Y will not receive his share until he is 18 as he cannot give a valid receipt to the executors and none of them will be entitled to receive anything until the conclusion of the administration of the estate. Consequently, all three children should be identified under Part A, after the estate ceases to be in administration. Example 2 Details A executed an inter vivos trust in 2000 'for the benefit of my grandchildren who shall be born before 31/12/2020'. At the time he had two grandchildren. A died in 2009, and in 2010 your entity is instructed to act for the trustees. There are now four grandchildren. Application Each of the grandchildren has a vested interest in possession in one quarter of the trust fund, notwithstanding that further grandchildren may be born before 31/12/2020 and their shares may be reduced. Therefore each grandchild has a specified interest in at least 25 per cent of the capital of the trust property and should be identified under Part A. Development In 2015 new trustees are appointed, at which point there are five grandchildren, each of whom has a specified interest in 20 per cent of the fund. Application Your entity will have to apply CDD to the new trustees (either as part of the client CDD or a person who has control) and to the class of beneficiaries under Part B, which will be the grandchildren of A.

http://www.lawsociety.org.uk/support-services/advice/practice-notes/aml/anti-money-laundering-glossary/#divt


Example 3 Details D's will provides that after payment of legacies and testamentary expenses his residuary estate passes to 'such of my children as shall survive me and attain the age of 21 years'. Three children survive D, one of whom (E) is under 21. Application While the estate is in administration, it is the personal representative who will be the beneficial owner. The two elder children will have been paid out following completion of the administration of the estate, as they have absolute vested interests. E's interest in the one third of the estate is not a specified interest, being subject to a contingency and therefore not vested. As E also does not have control, this leaves you to apply CDD under Part B to the class of one, constituted by E. Example 4 Details F executes an inter vivos trust on 31/01/2010, creating a life interest in income for his wife, with remainder to such of their children as shall be living at his wife's death. At the time he has two children. Application The wife has a vested interest in possession, but it is in income, not in the capital of the trust. Therefore she is not a beneficial owner under Part A. As section 32(1)(c) of the Trustee Act 1925 is excluded from being defined as control over the trust, she is not a beneficial owner under Part C either. The children have an interest in the remainder, but it is contingent on them surviving their mother and does not vest until their mother's death. Therefore they should be identified as a class under Part B. The settlor would be identified under Part A as he also has a vested interest in reversion as he has not provided for the situation which will arise if all of the children pre-decease their mother. Should this happen there will be a total failure of the trust, which will revert to F, or if he has predeceased his wife, to his estate. The trustees would also be identified under Part C as a result of their control over the trust.


Example 6 Details M's will provides for a life interest in favour of his wife, with remainder to his four children in equal shares. The trustees are given express power to vary the shares, in whole or in part. Application This means that the interests of the children are vested but are defeasible. Until the trustees exercise their power to vary the interest, all of the children will be identified under Part A. Once the trustee exercises their power, any children with an interest remaining at 25 per cent or more will continue to be identified under Part A, while the others will be identified under Part B. The trustees will be identified under Part C. The wife is not a beneficial owner (see example 4). Example 7 Details K by his will created a life interest in favour of his wife, with the remainder to his three children in equal shares. The trustees are given a power, during the life of the widow, to appoint an interest in all or part of the capital of the fund, without her consent, in favour of such charities as they may select. Application Until the power of appointment is exercised all three children have a vested interest in the remainder and should be identified under Part A. If, for example, the power of appointment is exercised and 50 per cent of the fund is to be paid to one specified charity – prior to the distribution it is recommended that the charity be identified under Part A and the children under Part B. After the distribution is made, the children will then return to having a one-third share each and be identified under Part A. As such it is important to obtain updated information when taking on a new retainer for such a trust. Example 8 Details P creates an inter vivos trust for his three named grandchildren subject to attaining 21, with substitution for their issue, reserving to himself the power to appoint or remove trustees. Application The three grandchildren have contingent interests and so will be identified under Part


B. P has control and should be identified under Part C due to the power to appoint or remove trustees. Example 9 Details T creates an inter vivos trust for his three named grandchildren subject to attaining 21, with substitution for their issue, appointing a protector (P) with power to veto any advancement of capital by the trustees under s32 of the Trustee Act 1925 and to appoint or remove trustees. Application The grandchildren have contingent interests and are identified under Part B. Both P and the trustees have control over the trust and should be identified under Part C.


Annex 3 – Table of entity or arrangement types

Entity or arrangement type

Evidence of identity Evidence of beneficial ownership

Professional regulated partnership

Copy of the partnership‟s listing, including address in the professional body directory

Standard Name of any partner who has more than 25% of the capital or profits of the partnership or more than 25% of the voting rights or any other person with control over the partnership

Higher risk rating for identity Copy of passport or e-verification of partners listed above

Partnership

Publicly well known Evidence of:

name

registered address and trading address

nature of business

Name of any partner who has more than 25% of the capital or profits of the partnership or more than 25% of the voting rights or any other person with control over the partnership

Small Evidence of identity for two partners (including the partner instructing you) as for private clients

In addition to the two partners, the name of any partner who has more than 25% of the capital or profits of the partnership or more than 25% of the voting rights or any other person with control over the partnership. If higher risk rating for identity, verify his or her details

Large Evidence as per a private company (see below)

Name of any partner who has more than 25% of the capital or profits of the partnership or more than 25% of the voting rights or any other person with control over the partnership. If higher risk rating for identity, verify his or her details

Company listed on the following exchanges: London Stock Exchange

Simplified due diligence applies. Obtain one of the following:

copy of the dated page of the website of the relevant stock exchange showing the listing

Not required




[specify other] copy of the listing in a reputable daily newspaper

copy of the listing from the online registry

e-verification report

Wholly owned and consolidated subsidiary of listed company (as above)

Simplified due diligence applies; obtain the following:

identity information for the parent company

evidence of the parent/entity relationship

Not required

Private company or company listed on other exchanges

Obtain one of the following:

company listing on online registry (such as Companies House www.companieshouse. gov.uk)


certificate of incorporation

filed audited accounts

ensure the document shows: o name of company o registered and business

address/es o names of two directors

Standard Name of any individual who owns more than 25% of voting rights or otherwise exercises control over the management of the company

Higher risk rating for identity Verify the above information by obtaining a copy of one of the following:

written advice from the company‟s legal team

listing on the online company registry


Trust If the trust is a company, obtain the documents for a company

If the trust is an individual, obtain the documents for a private client

If you are acting for more than one trustee, verify the identity of at least two of the trustees

Standard Names of trustees

Name of any individual with a specified interest of at least 25% in trust capital or who controls the trust

Describe the class of persons in whose main interest the trust operates

https://www.gov.uk/government/organisations/companies-house




Note: if acting for the executors of a deceased‟s estate, only the names of the executors are relevant

Higher risk rating for identity As above, but verify the names by obtaining one of the following:

written assurances from the trustees

written assurances from other regulated individuals

an e-verification check on the identified individuals

UK or EEA Public Authority (including local government)

Simplified due diligence applies in the UK and may apply to an EEA public authority

Not applicable

Other public body Evidence of:

name

registered address and trading address

nature of business

type of public body

Names of individuals instructing the legal practice and details of their authority to instruct you

Charity If the charity is registered, obtain a copy of its listing on the charities register

If the charity is not registered, consider the business structure of the charity and verify in accordance with the business structure

for all charities, confirmation of their charitable status from HMRC

As per the business structure of the charity




Club or association Copy of one of the following:

articles of association or constitution

statement from a financial institution

recent audited accounts

listing in local or national telephone directory

Ensure the document shows: o full name of the association o any registered address o names of all office holders

Standard Names of any individuals who benefit from or control at least 25% of the property of the association

Describe the class of persons in whose main interest the club or association is operated

Higher risk rating for identity As above, but verify the names by obtaining one of the following:

written assurances from the client

written assurances from other regulated individuals

copy of the constitution or membership rules

Pension fund

Employer pension fund

Simplified due diligence applies. Obtain a copy of either:

a page showing the name of the scheme from the most recent definitive deed

a consolidating deed for the scheme, plus any amending deed subsequent to that date

Not applicable

Other pension fund As per the business structure of the fund

As per the business structure of the fund