When doing due diligence checks for the anti-money-laundering regs, I understand quantifying the risk is a judgement, but once we have quantified it, what level of risk is acceptable from a legal point of view? I assume we are not free to decide that a 90% risk is acceptable.
If the client is identified as high risk, do you simply then need to do additional checks on their ID and run the standard enhanced due diligence checks (electoral register, HMT sanctions, PEP register etc)? And if they pass all that, you can take them on?
Apparently, you need to do enhanced due diligence (extra ID checks) on a client if they are a PEP. Surely checking them on the PEP register is part of enhanced due diligence, so how would you know unless you were already doing the enhanced due diligence?