Blogger
Share this content
0
10
5115

Money Laundering

Hello there

Historically, when collating ID for money laundering checks, I have always obtained photo ID (being passport or photocard driving license) and proof of address (being a utility bill dated within the last three months).

I have recently been informed that this is not necessary and there is a simple check that can be performed on Experian that will satisfy the requirements of the Money Laundering Regulations.

Has anyone come across this before - it doesn't quite seem right to me as there is no physical verification that the person in front of you is who they say they are.  I wonder if this approach pre-dates the 2007 regulations?

Any thoughts on this would be appreciated.

Many thanks

Replies

Please login or register to join the discussion.

21st Mar 2012 19:20

Just imagine . . .

Just a imagine a new client walks in off the street.  He says his name is David Cameron and gives his address as 10 Downing Street.  On an electronic verification this checks out OK.  That's fine.  But you need to send an engagement letter BY POST TO THE ADDRESS he has given you.  If it comes back signed then you have confirmed his ID.

The thinking is that (at the least) this guy has access to post sent to that name & address (which is apparently the name & address of a real person as shown by the electronic check).  Of course he could still be a phoney (or a dodgy postman!) but how far can you go.  The only way to confirm ID absolutely is to take saliva / fingerprints and send it to the boys in blue (and if that works then the client really is a dodgy geezer!).

David

Thanks (0)
By Hansa
21st Mar 2012 21:32

"Photo ID & proof of address" to take on a client?

Good grief!  you want "photo ID and proof of address" to take on a client?  ... A client who is going to pay YOU for doing his book-keeping/preparing his accounts?  This is surely excessive - do none of your potential clients decline to be treated like criminals?

The regulations themselves make no such demands stating only: -

The Money Laundering Regulations 2007

5.  “Customer due diligence measures” means—

(a)identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source;

So, simple example (and drawing from Mr Winch's reply above).  Potential client walks through the door (having made say a telephone appointment in which he gave his name, company name & telephone no).  He expains he is a director of said company ....  enough!

The companies house record will confirm the directors (and in most cases the home address), the engagement letter is signed and returned (giving good prima facie evidence that the address is accurate), the cheque new client provides clears, thus further evidencing that the client is a director, his signature matches (the bank's mandate) and that it wasn't stopped & was unlikely therefore to be from a stolen book.

All of the preceding paragraph amply fulfills the requirements of the regulations ... An Experian printout simply adds much the same information in collated form. To request more in straightforward circumstances is simply offensive - in the client's shoes I would ask the same from you!   . . . and then take great pleasure in saying the displayed lack of any trust would preclude me from entering into any relationship with you.

Thanks (1)
21st Mar 2012 22:11

The MLR 2007

The Money Laundering Regulations 2007 require that the firm adopt a RISK-SENSITIVE approach to the verification of ID.

The money laundering risk associated with an elderly widow wanting routine help completing a straightforward tax return is likely to be less than that associated with someone running a local small manufacturing business which will be less than that associated with a business involved with trading in overseas countries which will be less than that associated with a bureaux de change sending its customers' money overseas - to take a few examples.

In a low risk case view of a passport alone would suffice (no need to see a utility bill as well).

If, say, an elderly client living in a care home has no passport or similar then a simple letter from the manager of the home might suffice.

Have a look for example at the table on p45 of the CCAB Guidance.

I would be cautious about placing too much reliance on a Companies House search, in the absence of other evidence, in relation to the verification of an individual who was to be personally a client.  A cheque which clears would help (but I very much doubt that would reliably confirm the signature matched one on the bank mandate).

In relation to the verification of a company one normally needs to ascertain who the beneficial owners of the company are - and a Companies House search has an obvious role to play there (but that concerns verification of the ID of the COMPANY as a client, not the directors as personal clients).

David

Thanks (1)
By Hansa
22nd Mar 2012 00:38

RISK-SENSITIVE approach to the verification of ID.

In response to Mr. Winch, I stand by what I said.  The "risk sensitive approach" is self evident, and with respect a red herring. (An Afghan politician arriving with a suitcase of cash is clearly high risk - and I for one would not take on such a client full stop however many passports he had!),  but it should be proportionate. 

The first mention of risk in the Regulations is also in (5) and says "identifying, where there is a beneficial owner who is not the customer, the beneficial owner and taking adequate measures, on a risk-sensitive basis, to verify his identity so that the relevant person is satisfied that he knows who the beneficial owner is, including, in the case of a legal person, trust or similar legal arrangement, measures to understand the ownership and control structure of the person, trust or arrangement; and obtaining information on the purpose and intended nature of the business relationship."

again (7) (3) (1)

(b)be able to demonstrate to his supervisory authority that the extent of the measures is appropriate in view of the risks of money laundering and terrorist financing.

So far we have possible examples of anonymous persons hiding behind nominees and those likely to take part in terrorist financing.

We started with an example of Mr X seeking to appoint Mr Professional to "do his books" (and I don't mean cook them).  Such a client is a million miles from what the Regulations are trying to root out and thus should be accorded a little more respect.

You are not an Immigration officer Mr Winch, and on principle thereforefore, I would not show you my passport, (any more than I would ask for yours). If you wanted to check out who I am there are many ways to do so. - I gave perfectly reasonable examples in my earlier post and these could be adapted to different circumstances.

Moving on Mr Winch's mention of the CCAB guidance ... note the word guidance here, it is NOT the regulations, simply the offerings of the great & the good of the professional accountancy world.  It therefore does not, by definition have the force of law (although compliance to the letter would certainly protect those covered from the sanctions the regulations provide for).   It is really just an example of collective self interest and the client can go hang!  It is frankly so over the top as to be laughable (eg list 2 prohibits the use of a (presumably contract) mobile phone bill as proof of address but accepts, for example an electricity bill.  Yet in the real world you can sign up for an electricity account over the phone yet virtually have to give samples of your DNA to get a first mobile contract!

I go back to the basic requirements of the Regulations

5.  “Customer due diligence measures” means—

(a)identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source;

... No mention of passports or utility bills (mobile or not)

I think a little proportionality (and common sense) might be in order.

 

Thanks (2)
avatar
22nd Mar 2012 10:51

Inspection

Many thanks for the useful comments, David.

I'm interested to know, Hansa, what you would then present to HMRC in the event of a Money Laundering Inspection?  Presumably you would show HMRC the signed engagement letter (which as a standalone document is evidence of.....nothing....in my view).  In the eyes of a third party, the letter could have been signed in your office so is not proof of address.  What else would you have to show that you have verified the client?

In my Money Laundering file, I would have a copy of the passport, which verifies that they are who they say they are, and a copy of a utility bill which verifies that this person lives where they say they live.  I have been collating this level of information for 10 years, and have never had a problem or a refusal from a client.  I simply explain to clients that this is to satisfy the requirements of the Money Laundering Regulations and in 100% of cases they provide the information requested.  I think HMRC would accept that this is a sufficient level of verification in most cases - short of checking DNA records as mentioned by David!

Thanks for your help - you have convinced me that I should continue collating the level of documentation that I have done for the last ten years.

 

Thanks (0)
By Hansa
22nd Mar 2012 17:06

... just how many "Money Laundering Inspections" have you had?

pjclar02,  you must, with respect, have a very odd client base if you get "Money Laundering Inspections" and your clients have no problem in handing over private ID documents which, if they got into the wrong hands, could lead to identity theft (even though they ARE kept in a safe . . . aren't they?)

To answer your specific points though (using the example first given as the base), my file would have: -

1.  Initial contact information (by phone).  I make notes and keep these (contemporaneous & therefore good evidence).

2. Your first meeting notes I assume you take notes during an initial client meeting.  These should in any event be retained and would/should contain a wealth of background information on the client, much of which could be verified on the internet (with relevent information being printed out) along with the Co. House information and almost certainly a business card.

3.  Engagement letter.  Your outgoing post log (assuming you keep one) would again provide contemporaneous evidence that this WAS indeed send to the client and it physical signed existence in your files would provide reasonable evidence of it's return.

4.  Cheque.  I rarely receive cheques nowadays, but a copy on the file of the initial one was my previous habit. (signature matches that on the enagement letter, and in effect is passive verification by the bank)

5. The experian report you mentioned.

The above, (for the example given) would be more than enough to satisfy the regulations which specifically require those subject to them to : verify(ing) the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source;

With respect I consider the obligations of the ML Regulations should be complied with ... to the letter (and no more).  I do not however believe they should be subject to mission creep with professionals (whether accountants, lawyers or whoever) taking it upon themselves to act as unpaid agents for an increasingly authoritarian series of governments since 1997.

As a final thought I wonder whether it is the clients of accountants/lawyers or the accountants/lawyers themselves that are proportionately more likely to actively commit ML offences.  ... Food for thought!

Thanks (0)
22nd Mar 2012 20:12

A couple of points

Hansa

I think you should also have quoted from Reg 7(3):

"(3) A relevant person must —

(a)  determine the extent of customer due diligence measures on a risk-sensitive basis depending on the type of customer, business relationship, product or transaction".

I didn't follow your reference to anonymous persons hiding behind nominees.  Has there been any reference to that in this thread?

With regard to the CCAB Guidance I believe it has been approved by HM Treasury for the purposes of s330(8) PoCA 2002.  In relation to a person who is prosecuted for failure to file a Suspicious Activity Report, s330(8) provides:

"(8)  In deciding whether a person committed an offence under this section the court must consider whether he followed any relevant guidance which was at the time concerned —
(a)  issued by a supervisory authority or any other appropriate body,
(b)  approved by the Treasury, and
(c)  published in a manner it approved as appropriate in its opinion to bring the guidance to the attention of persons likely to be affected by it
."

David

Thanks (0)
By Hansa
22nd Mar 2012 23:27

Rebuttal

Mr Winch, we spar again!

S. 5 defines "Customer due diligence measures"

S.7(3) is the "Application of customer due diligence measures"

This thread (primarily) is about what constitutes adequate "due diligence" in an invented set of circumstances.  I stand by my comments that to be able to test what is adequate, one must first look at the definition of that piece of meaningless jargon "due diligence" (An American expression first used in 1933 as a defence to brokers if accused of inadequate disclosure of material information in securities dealing!).  S. 5, not S. 7 provides that definition.

I therefore stand by my emphasis of S. 5 rather than S. 7

---

You ask "I didn't follow your reference to anonymous persons hiding behind nominees..."   This was my comment on a further part of para 5 (which I quoted and quote again ...

"identifying, where there is a beneficial owner who is not the customer, the beneficial owner and taking adequate measures, on a risk-sensitive basis, to verify his identity so that the relevant person is satisfied that he knows who the beneficial owner is, including, in the case of a legal person, trust or similar legal arrangement, measures to understand the ownership and control structure of the person, trust or arrangement;"

The above "Humphrey" bureaucratese does, I contend, imply the use of nominees to hide the identity of unknown & therefore anonymous "controllers", "beneficial owners" etc.and is the first reference in the Regs to the "RISK-SENSITIVE approach" mentioned by you. I therefore stand by my comment.

-------

CCAB guidance.  Yes you are right, but so was I in saying that ". . . compliance to the letter would certainly protect those covered from the sanctions the regulations provide for" ... Is this not also your point?   I went on to say that the interpretations put on the Regs definition (our old friend 5 again) of "due diligence" by the various institutes is grossly in excess of either what the Regs define, and what is reasonable.   What is truly frightening is that

1. The regulations (S. 5) give a fairly reasonable, and dare I say innocuous, definition of what is required.

2. The professional bodies turn it into an Orwelian nightmare but call it "guidance".

3. Other regulations then provide that non compliance with this non statutory guidance might provide prima facie evidence of breach of those regulations.

Three final thoughts ...

(1) have you read Kafka?, 

(2) Did parliament debate any of this (the CCAB guidance, the regulations themselves)? . . . Of course not.

(3) In 2006, George Churchill-Coleman, the then head of Scotland Yard's anti-terrorist squad expressed his opinion that Britain was moving in the direction of a police state... Plus ça change!

Thanks (1)
avatar
03rd Apr 2012 12:03

The original question

Interesting discussions this topic always seems to bring up.  Regarding the original question about the Experian ID solution the short answer is yes it will meet the requirements of the Money Laundering Regulations.

This solution is used by lots of companies to validate ID rather than having to ask customers for physical ID.  As well as validating the ID the system also checks the mortality file and a few other key bits that may highlight fraud which would get through using the physical ID.

We use this service for a number of our clients to help them ID their customers and the feedback we have been getting is that it saves a lot of time and it is so much better just having to ask for consent to do a search than ask for documents to be produced.

The JMLSG guidance, which is approved by HM Treasury, states:

If identity is verified electronically, this should be by the firm, using as its basis the customer's full name, address and date of birth, carrying out electronic checks either direct, or through a supplier which meets the criteria in paragraph 5.3.39 and 5.3.40, that provide a reasonable assurance that the customer is who he says he is.

5.3.39 is about being satisfied the data provider is reliable and 5.3.40 is about being able to capture the information you us for the search.

The only obstacle you may face will depend on the size of your company and the number of checks you will want to undertake in a year, the Experian ID solution has some minimum sign up requirements.

If you're interested in looking at this further send me a message and I'm happy to show you a sample of what you'll get from Experian to confirm the ID.

Thanks (0)
03rd Apr 2012 12:51

Beneficial owner

Only just read the latest posts on this thread.

Just to clarify the meaning of a "beneficial owner" for MLR purposes.  The expression is explained in Reg 6.

A couple of examples:

Mr A, Mr B and Mr C set up in business as equal partners under the name A B C & Co.  The beneficial owners of the firm are Mr A, Mr B and Mr C.  If an accountant is instructed by A B C & Co he needs to satisfy himself regarding the identities of the beneficial owners Mr A, Mr B and Mr C.

Mr X incorporates a company to run a business.  The company is called X Ltd.  Mr X owns half the shares in X Ltd, his wife owns the other half.  If an accountant is instructed by X Ltd he needs to satisfy himself regarding the identities of the beneficial owners Mr X and Mrs X.

In practice the accountant may also be instructed to act for the individuals Mr A, Mr B, Mr C, Mr X and Mrs X.  Obviously in respect of any of these who becomes a client then he will conduct customer due diligence in relation to them as individuals (and there is no need to do anything further on them as beneficial owners).

David

Thanks (0)