exceljockey
Blogger
Share this content
0
15
4039

KYC / Anti money Laundering w.r.t outsourcing

KYC / Anti money Laundering w.r.t outsourcing

Hi

A local company has approached me to provide accountancy services on their behalf to clients they have. They provide consultancy services to business clients and want to charge the clients one fee per month including accounting services. 

Who is responsible for the KYC/AML for the clients of the company I am outsourcing for? I have an engagement letter with the client in which I have said they are to abide with AML regulations with respect to any clients I deal with on their behalf, but is this sufficient?

Thanks for any advice.

Replies

Please login or register to join the discussion.

20th Aug 2012 22:46

Outsourcing and MLR 2007

Your contract is with the company who have approached you to do the work.  So you need to undertake client due diligence on them.

But their clients (in effect your 'ultimate clients') are the true beneficiaries of your services.  I would suggest that you regard them like 'beneficial owners'.  This means that you should satisfy yourself, as part of your initial procedures, that you know who they are.

There is provision, under Reg 17 MLR 2007, for 'reliance'.  Have a look at that and consider if it would be appropriate to operate 'reliance' on your client to undertake initial customer due diligence on the 'ultimate clients'.  But bear in mind that if they foul up you carry the can for it!

David

Thanks (1)
avatar
By merlyn
21st Aug 2012 09:29

I was in a similar position where accountancy firms would refer clients to me, so I asked the HMRC if I had to also carry out the normal money laundering procedures and this was their response.

"Regulation 17 of the money laundering regulations allow businesses to rely on certain other persons provided they agree to being relied upon, but you will still remain liable to prosecution for any failures by the person you have relied upon if they have not conducted proper due diligence.

Provided the accountants who are referring clients to you are registered with one of the professional bodies or supervisory bodies listed in the money laundering regulations at Schedule 3 part 1, you can rely on them to have conducted proper due diligence procedures, subject to their agreement.

Please be aware that if there is anything suspicious, you should report this to the Serious Organised crime Agency."

As David said reading up on Regulation 17 should help.

 

Thanks (1)
avatar
21st Aug 2012 10:42

To rely or not to rely

I'm not following if you can rely on someone else or not. What is the point of being able to do it yet still be responsible for any failures by that person that you were relying on?

For instance, if I were the OP in this case and obtained written confirmation from the company that they have carried out all the appropriate checks etc on the specific clients can I still be held responsible if it turns out they have not?

 

Thanks (0)
21st Aug 2012 10:58

Responsibility

Roland195 wrote:

I'm not following if you can rely on someone else or not. What is the point of being able to do it yet still be responsible for any failures by that person that you were relying on?

For instance, if I were the OP in this case and obtained written confirmation from the company that they have carried out all the appropriate checks etc on the specific clients can I still be held responsible if it turns out they have not?

 

Yes, see Reg 17(1)(b).

David

Thanks (0)
avatar
21st Aug 2012 10:59

Customer due diligence

Unusually, because I normally like the advice that David Winch gives, I disagree.  The customer identificiation process applies to customer (ie the accountancy firm) and beneficial owners of the accountancy firm not the clients of the customer.  It is irrelevant who benefits from the service.  Regulation 17 does not apply because it only applies when seeking reliance to identify your customers not someone elses customers.

If however you suspicious that Money Laundering has taken place then you have a duty to disclose to SOCA directly regardless of whether the client is yours or not.

Thanks (0)
avatar
By merlyn
21st Aug 2012 11:03

I'm assuming you probably shouldn't tell the firm who you are sub-contracted through either as this may count as 'tipping off' if they then tell the client.

Thanks (0)
avatar
21st Aug 2012 11:13

Subcontracting

In accountancy related subcontracting arrangements, it is not uncommon for the client to prohibit/restrict contact between the subcontractor and their clients. This may be because the firm does not want to risk the subbie forming a relationship then poaching the client or that they do not wish their client to know that they are subcontracting.

If this were the case, then the OP in question would seem to have little choice than to turn down the work if they feel that the risk from AML (or indeed that the client has not carried it out) is too great.

Reg. 17 seems largely pointless (and misleading to the point of danger) to say that you can rely on another person but only if they do it right.

 

 

 

 

 

 

Thanks (0)
21st Aug 2012 11:31

A solution?

I would suggest the OP asks his client to let him have copies of the ID documents he has seen in conducting his client due diligence.  Then the OP can satisfy himself that his client has conducted initial client due diligence on the ultimate client.

@merlyn  there is no 'tipping off' problem here (as no report has been made to SOCA).  Tipping off is very restricted in its application, see s333A PoCA 2002.

@alan  I take your point.  You will note the careful wording of my first response on this thread, "I would suggest that you regard them like 'beneficial owners' . . .".  I think there may be a danger that the authorities would be unhappy if you took no steps to deal with client due diligence in relation to the 'ultimate client'.

David

Thanks (0)
avatar
22nd Aug 2012 10:11

Auditing Manchester united football club

davidwinch wrote:

@alan  I take your point.  You will note the careful wording of my first response on this thread, "I would suggest that you regard them like 'beneficial owners' . . .".  I think there may be a danger that the authorities would be unhappy if you took no steps to deal with client due diligence in relation to the 'ultimate client'.

David

David it is irrelevant how the authorities might view this we should rely on the legislation and ccab guidance.  Customer is to my knowledge not defined by regulation 5 (although customer due diligence is) so we are reliant on the ccab definition (assuming you are regulated by them) which defines client as "a person in a business relationship".  Helpfully in paragraph 5.4 states the keys component of customer due diligence is "identifying the client (ie knowing who the client is)"  The business relationship here is with the main contractor not the end user.

I would therefore suggest that the stages are 1 - identify who the client is - ie the main contractor and 2 identify him (them) and his beneficial owners.  The end user is irrelevant to the whole discussion which is why iris do not identify clients when carrying out outsourcing work and my subcontractor (who does not speak to the clients or meet them) does not have to go through a customer due dilgence process on the customer.  To suggest otherwise is to take bureaucracy to the extreme - for example if I was auditor of Manchester United football club I do not have to identify all of their supporters even though they no doubt benefit (indirectly) from my services,  Do you agree?

 

Thanks (0)
avatar
By merlyn
21st Aug 2012 11:29

Sorry I meant if the OP suspected their was money laundering so reported to SOCA

Thanks (0)
21st Aug 2012 11:33

Where a report has been made to SOCA

merlyn wrote:
Sorry I meant if the OP suspected their was money laundering so reported to SOCA

In circumstances where a report has been made to SOCA then passing information about that on to the client (but not the ultimate client) may be permitted by s333C.

David

Thanks (0)
22nd Aug 2012 12:07

The point of CDD

Alan

I would suggest that (at least part) of the point of initial client due diligence is that one should be in a position to assess the money laundering risk associated with undertaking the work and that, should it prove necessary to make a report to SOCA concerning the client, one is satisfied as to the identity of the client.

Those considerations will apply, I would suggest, to the 'ultimate client' in the outsourcing situation.  That indicates to me that some level of CDD should be undertaken with respect to the 'ultimate client' (even if that is achieved via a 'reliance' arrangement).

I do not think the same argument holds water when applied to supporters of Manchester Untited Football Club and the work of the auditors of the company which operates the club.

David

Thanks (0)
avatar
22nd Aug 2012 21:24

Reducing the bureaucracy associated with Money laundering cdd

davidwinch wrote:

Alan

I would suggest that (at least part) of the point of initial client due diligence is that one should be in a position to assess the money laundering risk associated with undertaking the work and that, should it prove necessary to make a report to SOCA concerning the client, one is satisfied as to the identity of the client.

Those considerations will apply, I would suggest, to the 'ultimate client' in the outsourcing situation.  That indicates to me that some level of CDD should be undertaken with respect to the 'ultimate client' (even if that is achieved via a 'reliance' arrangement).

I do not think the same argument holds water when applied to supporters of Manchester Untited Football Club and the work of the auditors of the company which operates the club.

David

 

David there are two aspects to Money Laundering work (a) identifying the client and (b) reporting suspected money laundering.  It is clear when identifying clients one should do just that ie identify clients and therefore you need to know who your client is (ie the accountancy firm)  not their customers.  There is no requirement to verify identity of the clients' customers in event of a report being needed it is up to Soca to that.  Indeed I have come accross a number of situations were accountants are suspicious of money laundering by non clients where they cannot proove the identity but they still have to report.  The classic example would be "Client says to accountant "I was supplied by this company who asked me to pay me in cash and offered me a cheaper price if I did".  The accountant wont have done due diligency on the supplier but he still should almost certainly report the matter to Soca. 

I agree that one should assess the risk associated with taking on any assignment and when considering ongoing money laundering activity but that assessment of risk does not extend to requiring the main contractor to prove he verified the identity of any client.  For example when, as general practice accountants often do, the ring me up and ask me technical tax questions, there is no requirement for me to identifiy their clients. In law, however the situation is the same I am a subcontractor to a main contractor.

The point concerning the Manchester United the supporters of the club are no more clients of the auditor than the "ultimate clients" are clients of the subcontractor so the analogy holds good. 

I think I have provided sufficient authority (quoting the ccab guidance) to show that cdd is not necessary for the "ultimate client" so am concerned that your approach my impose an unnecessarily bureaucratic burden on the poor sub-contractor - there is little enough money in subcontracting as it is without weighing him and the main contractor down in further mounds of paper work.  Surely it is our role to push back the boundries of bureaucracy rarther than help extend them!  Do you agree? 

Thanks (0)
23rd Aug 2012 09:41

Substance over form

Alan

As accountants we are well used, on occasion, to having to have regard to the substance of a transaction as well as its legal form.

In my professional work associated with criminal cases before the Crown Courts in England & Wales I come across occasions when the criminal courts themselves will do a version of that (for example when 'piercing the corporate veil').

So, whilst I would agree with you that, by the letter of the regulations, the 'ultimate client' in an outsourcing situation may not be a 'beneficial owner' for whom the letter of the regulations require CDD to be undertaken, I am of the opinion that it is sensible and appropriate for someone in the OP's position to do something about initial CDD (and of course to assess the money laundering risk associated with the work).

I don't see it as my role "to push back the boundaries of bureaucracy".  What is important to me is that accountants should not find themselves in 'bother' with their supervisory bodies (or the courts).  So I perhaps am taking a more 'safety first' approach than you are.

But I see your point and I think this is an area where we shall simply have to accept that we have different perspectives on the issue.

Kind regards

David

Thanks (0)
avatar
23rd Aug 2012 20:11

Different perspectives

davidwinch wrote:

Alan

As accountants we are well used, on occasion, to having to have regard to the substance of a transaction as well as its legal form.

In my professional work associated with criminal cases before the Crown Courts in England & Wales I come across occasions when the criminal courts themselves will do a version of that (for example when 'piercing the corporate veil').

So, whilst I would agree with you that, by the letter of the regulations, the 'ultimate client' in an outsourcing situation may not be a 'beneficial owner' for whom the letter of the regulations require CDD to be undertaken, I am of the opinion that it is sensible and appropriate for someone in the OP's position to do something about initial CDD (and of course to assess the money laundering risk associated with the work).

I don't see it as my role "to push back the boundaries of bureaucracy".  What is important to me is that accountants should not find themselves in 'bother' with their supervisory bodies (or the courts).  So I perhaps am taking a more 'safety first' approach than you are.

But I see your point and I think this is an area where we shall simply have to accept that we have different perspectives on the issue.

Kind regards

David

Thanks David your resolution to the debate seems very sensible.  I will take on board your cautious approach.  Alan

Thanks (0)