Save content
Have you found this content useful? Use the button above to save it to your profile.

CCAB anti-money laundering guidance gets an update


Julia Penny looks at the main areas of change in the new CCAB anti-money laundering guidance and the updates that these will necessitate on your own policies and procedures.

15th Sep 2020
Save content
Have you found this content useful? Use the button above to save it to your profile.

The Consultative Committee of Accounting Bodies (CCAB) is responsible for producing the anti-money laundering and terrorist financing (MLTF) guidance for the accountancy sector. This guidance is then approved by HM Treasury and once approved must be taken into account by the courts when considering if an individual or business has breached the Regulations. The latest Treasury approved guidance is that from March 2018, but on 4 September 2020, a draft version of updated guidance was published.

This revised version takes account of changes made by the 5th Money Laundering Directive (5MLD), which mostly took effect on the 10 January 2020. However, the CCAB has also taken the opportunity to update elements of the guidance to make it easier to read and to highlight areas that need more attention.

PSC discrepancies

One of the biggest areas of change is the addition of Section 5.6 on the responsibility to report discrepancies in the information held on the Persons of Significant Control (PSC) register to Companies House. The draft guidance sets out that if a material discrepancy is found between the information that the firm finds when carrying out its initial customer due diligence (CDD), and that held on the PSC register it must report to Companies House as soon as reasonably practicable.

The draft guidance has stated that this means within 30 days, but this period could change following Treasury approval as it is not mentioned in the existing government guidance. However, if the client corrects the PSC within 30 days of the discrepancy being found, the draft guidance states that the firm does not have to report to Companies House. Whilst this seems a logical exemption, to limit the work required by Companies house and firms, it could change or be removed following Treasury approval.

Importantly it appears that there will only be a requirement to report discrepancies when CDD is performed when taking on a new client and not every time CDD is refreshed. This will help considerably in alleviating the work required, as updates of CDD might not routinely include consideration of the PSC register. However, there is a chance that this requirement will change once the final Treasury approved version is issued.

It should also be noted that an equivalent requirement will exist for registrable trusts, which will take effect from 10 March 2022. The report of any discrepancy must be made to the Trust Registration Service (TRS), which HMRC are currently working on updating to allow relevant non-taxable trusts to be registered. Due to these updates it is vital that you finish any part-completed registrations before 23 September 2020.

Defined services

Defined services mean those that are covered by the money laundering regulations. The list of such services was expanded by 5MLD, though mostly this does not affect accountants. However, one area that has changed is that the definition of tax advice has been expanded. It now includes both direct and indirect provision of material aid, assistance or advice, including specific tax advice, completing or submitting tax returns and advice on whether something is liable to tax or on the amount of tax due.

Whilst this is unlikely to impact accountants very much, as in most cases their work will already be defined services, it may impact those they work with. For instance, the draft guidance sets out information describing when software providers might be considered to be providing tax services. This is likely to become increasingly relevant as artificial intelligence (AI) and other software developments provide services which accountants traditionally delivered.  

Beneficial owners, officers and managers, (BOOMs)

Rules requiring MLTF supervisors, primarily the professional bodies, to ensure that all those who are BOOMs of the firm have not been convicted of a relevant offence took effect in June 2018. However, it was not covered in the CCAB guidance. The draft now includes an explanation of a BOOM and the fact that BOOMs should expect to submit evidence of their criminal record (a basic DBS check) to their MLTF supervisor. If you are a BOOM and haven’t yet obtained a DBS check then you should do so now.

Risk assessment procedures

Regulated firms must ensure that any new products, services or ways of operating are considered in terms of their impact on MLTF risks before being implemented. So, if a firm is about to start offering probate services, or changing all operations to be remote and not face-to-face, for example, a renewed risk assessment must be carried out and appropriate controls put in place. With the current Covid restrictions, changes in methods of operating could easily trigger this requirement.

CDD data protection notification

Firms must ensure they inform data subjects of the information that will be collected from them as part of CDD and why it is collected. This information must not be used for other purposes unless the express consent of the data subjects is received. This may be easily done when providing a checklist of appropriate identity documents, for example.

Electronic identity checks

It has been made clearer that electronic identity verification can be used as long as it is reliable. It is regarded as such if it is secure from fraud and misuse and capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity. Electronic ID is therefore now also listed as an example source of verification, along with passports and photo card driving licences etc.

Client risk assessment

During identification and risk assessment further questions must be considered.  These include, among other things, considering:

  • Why the client has selected you?
  • Whether the client has asked to engage with you in an unusual manner?
  • Whether the transaction appears to align to the client’s normal business or planned strategy?
  • Whether the transaction makes commercial sense?
  • Whether there is a lack of documentation?
  • Whether payment is in large amounts of cash or electronic currency?

If you use forms to help complete the risk assessment process these will need updating for the changes.

Enhanced due diligence (EDD)

As well as these additional questions, which help determine the level of client risk, Appendix D now has additional high-risk factors as follows:

  • The customer is a third country national applying for residence rights or citizenship in an EEA state in exchange for transfers of capital or various other investments (sometimes referred to as golden visas).
  • There is a transaction related to oil, arms, precious metals, tobacco products, cultural artefacts, ivory and other items related to protected species, items of archaeological historical and religious significance, or of a rare scientific value.

As before, firms must take into account at least all of the high-risk factors in Appendix D when making their assessment of whether enhanced due diligence (EDD) is required, so any forms will need updating.

More specifically, EDD requirements have been expanded and now include extra checks for clients that are higher risk due to connections with high-risk third countries, including information on the source of wealth. Senior management approval will also now be required for such clients, in the same way that approval must be sought to act for a PEP. (Talking of PEPs there is now a list of UK PEP functions as part of the Regulations).

Additionally, EDD is now required when a transaction is complex, or unusually large, or there is an unusual pattern of transactions which have no apparent economic or legal purpose. Previously there was an ‘and’ separating these features, so now any of them being present, rather than all of them being present, triggers a requirement for enhanced due diligence.

Beneficial owners

Verification of beneficial owners for companies has now been clarified somewhat. The Regulations state that this must be on a risk-sensitive basis, but the draft guidance now states that that where risk is normal the identity of the director who is the key client contact should be verified. Additional directors should potentially have their identity verified for high-risk clients. In all cases the regulated business should consider the risk of identity theft and false documents.

This might cause firms to want to update their procedures to reduce current requirements if they are generally checking all or most directors’ identity information. Bear in mind that you will need to justify the change, if the guidance has not yet been Treasury approved.


This must now include all agents, as well as relevant employees, such as subcontractors, who are working in a similar manner to staff. Alternatively, agents can supply evidence of their own training, to prevent them having to undertake such training multiple times.

Suspicious Activity Report (SAR)

Not much has changed with respect to SARs but interestingly the guidance now highlights that you do not have to suspect your client of money laundering for a SAR to be needed. Whilst the information must come to you in the course of your work in a regulated business, it might be a suspicion of a third party’s fraud, tax evasion or other money laundering offence. This has been emphasised as there was concern that some practitioners may have misunderstood their reporting obligations, as the rules have not altered.

Consent and DAML

The other area of change with regard to SARs is a switch in terminology from requests for “consent” to requests for a “DAML” – a defence against money laundering. Whilst the terminology that the National Crime Agency (NCA) uses changed some time ago, the guidance still referred to a request for consent, so this is a sensible update. DAML requests are made where there is a risk that the firm might become involved in a money laundering arrangement, for instance when making a SAR in connection with a planned transfer of client assets. In these cases, it is vital that assets are not transferred unless and until the NCA gives consent for this to happen.

Reasonable defence for not reporting

There is also an additional reasonable defence excuse, for not making a SAR, albeit subject to Treasury approval. This means that if a SAR is not made, because it is clear that a UK law enforcement agency is already aware of all the relevant information that the business holds or all the relevant information is entirely in the public domain, this may be regarded as a reasonable excuse for not making a report. Note that it will still be better to make a report if you have suspicions, as you may not be fully aware of what the authorities know or don’t know and it is only the courts that can ultimately decide if an excuse is reasonable. 

Conclusion and action

Despite the length of this article there is still more detail in the draft guidance itself that firms will need to consider. Until the guidance is Treasury approved, firms may prefer to make only draft changes to their own policies and procedures and to delay training until the final outcome is known. However, given that the 5th money laundering directive took effect back in January, procedures do at least need to have been updated for those headline changes.

If you do not have in-house expertise dealing with your policies and procedures then either consider using an external consultant or purchase a reputable MLTF system to ensure that your policies and procedures, including the forms you use to assess risk and gather identity information, are updated appropriately.

Replies (9)

Please login or register to join the discussion.

By Moonbeam
16th Sep 2020 09:40

Thank you Julia - an excellent read.

Thanks (0)
By mhkay
16th Sep 2020 09:46

It's all so detached from real life. I heard recently of a lady who arrived from the US and couldn't open a bank account without a utility bill, and couldn't sign up with the utilities because she didn't have a bank account, so in the end she broke the impasse by forging a gas bill using her Photoshop skills. We shouldn't be forcing people to become criminals to get round the system.

Thanks (5)
cloud accounting
By ENFSolutionsLtd
16th Sep 2020 11:26

As a sole practitioner am I required to have a DBS check on file for myself?

Thanks (0)
Replying to ENFSolutionsLtd:
By Ian McTernan CTA
16th Sep 2020 11:34

Yes. You also need a written AML strategy for yourself and you need to report anything to your AML person, ie yourself...It's a big pile of legislation and box ticking which costs many millions for us all to do and with zero evidence it has actually caught anything significant.

But as long as it costs us money and employs thousands in non-productive work..

Thanks (5)
Replying to ENFSolutionsLtd:
All Paul Accountants in Leeds
By paulinleeds
17th Sep 2020 11:55

What ever the rule actually says, the best and only person to know if they have a criminal conviction is yourself.

If like me you are a sole practitioner with no staff then what is the point of doing and paying for a DBS check?

I already know the answer about myself! i.e. I have no convictions.

Thanks (1)
Replying to ENFSolutionsLtd:
By User deleted
17th Sep 2020 15:36

I checked this with ICAS when the rule came in and they said "yes" - yes, despite me the practice owner knowing that I have no record. £40 or whatever wasted, though that is the least of the costs associated with all this nonsense

Thanks (1)
By Prem Sikka
16th Sep 2020 11:33

Another cosmetic exercise form the accounting trade associations.
A 2017 joint report by HM Treasury and the Home Office stated that “accountancy services remain attractive to criminals due to the ability to use them to gain legitimacy, create corporate structures or transfer value” and “some of those accountants involved in money laundering cases are assessed to be complicit or wilfully blind to money laundering risks”. Yet there is little effective regulation.

A report by the Office for Professional Body Anti-Money Laundering Supervision (OPBAS), housed within the FCA and created to co-ordinate the regulatory activities of the accountancy and law trade associations, concluded:

“The accountancy sector and many smaller professional bodies focus more on representing their members rather than robustly supervising standards. Partly because they don’t believe – or don’t want to believe – that there is any money laundering in their sector. Partly because they believe that their memberships will walk if they come under scrutiny … We were told, particularly in the accountancy sector, that professional bodies believed their members would leave if they took robust enforcement action.”

All CCAB bodies have fought tooth-and-nail to avoid public accountability and are outside the freedom of information net. They are too many conflict of interests and they are unfit to be regulators

Thanks (1)
Replying to premsikka:
By User deleted
17th Sep 2020 15:43

Could I respectfully ask you to get back in your box in your ivory tower?

We have to comply with enough ineffective rules and nonsense without having someone stirring the pot to try to make it worse.

Most of us are acting for clearly legitimate businesses and just trying to earn a living. Our time is valuable so spending so much of it filling out silly forms grates a little. I know this will go over the head of an academic, since wasting time in return for a fixed and genourous salary and pension is all in a lifetime's work.

If you want to do something useful, why not ask regulators to focus on the specific firms out there who are in cahoots with fraudsters - rather than making everyone do a load of admin which the fraudsters clearly won't.

Till then, you do not represent me and I'd rather you piped down and kept to the corridors of the University of Essex - that hallowed seat of learning.

Thanks (2)
By North East Accountant
16th Sep 2020 17:42

When you click on the link to see the draft guidance published on 04/09/20 the draft document is dated January 2020.

It appears that the CCAB aren't very quick at getting their documents published.

Thanks (1)