| Category Heading | Description |
|---|---|
| The Law | https://www.legislation.gov.uk/uksi/2017/692/regulation/27 |
| What it means | Regulations 27 sets out the circ*mstances that a relevant person must apply customer due diligence measures. Customer due diligence measures must be applied if the person establishes a business relationship (see regulation 4) Customer due diligence measures must be applied if the person carries out an occasional transaction that amounts to a transfer of funds within the meaning of Article 3.9 of the funds transfer regulation exceeding 1,000 euros Customer due diligence measures must be applied if the person suspects money laundering or terrorist financing Customer due diligence measures must be applied if the person doubts the veracity or adequacy of documents or information previously obtained for the purpose of identification or verification. |
| Purpose | To highlight the circ*mstances when customer due diligence must be applied. |
| Time Line | This was also a requirement under MLR 2007 (Regulation 5) See also Regulation 13 (simplified due diligence) and Regulation 14 (enhanced due diligence) MLR 2007 |
| What to establish | Failure to apply customer due diligence measures when required is a fundamental breach of this regulation. 27(1) Is the relevant person required to undertake CDD measures resulting from: establishing a business relationship, carrying out an occasional transfer of funds exceeding 1,000 euros as defined, suspecting ML or TF, or, having doubts regarding the veracity or adequacy over previously obtained documents or information for identification or verification? 27(2) Has the relevant person who is not a LAB, HVD, AMP, crypto asset exchange provider (see R27(7D)) or casino undertaken an occasional transaction that amounts to 15,000 euros or more? If so, have they applied CDD measures? 27(3) As an HVD, is the relevant person applying CDD measures when carrying out an occasional transaction in cash of 10,000 euros or more, whether the transaction is executed in a single operation or in several operations which appear to be linked? 27(4) Are any cash transactions that fall under 27(3) paid by or on behalf of a party to the transaction: to a person other than the other party, or directly into a bank account of the other party to the transaction? If so, the business is still required to apply CDD measures. 27(7A) Has the letting agent applied CDD measures to transactions that consist of the conclusion of an agreement for the letting of land (see regulation 13(7)), when letting land for: a month or more, and a monthly rent equivalent to 10,000 euros or more? 27(7B) If regulation 27(7A) applies, has the letting agent applied CDD measures to both the person by whom the land is being let, and the person who is renting the land? 27(7C) Is the AMP applying CDD measures when: it is involved in the sale of a work of art for an amount of 10,000 euros or more, or, when it is storing a work of art (see regulation 14), it is the operator of a freeport and the value of the art stored for a person, or series of persons, amounts to 10,000 euros or more? 27(8) and (za) Has the relevant person also applied CDD measures when the relevant person has had any legal duty in the course of a calendar year to contact an existing customer for the purpose of reviewing any information which: is relevant to the relevant person's risk assessment for that customer, and, relates to the beneficial ownership of the customer, including information which enables the relevant person to understand the ownership or control structure of a legal person, trust, foundation or similar arrangement who is the beneficial owner of the customer? 27(9) When determining when it is appropriate for the relevant person to take CDD measures for an existing customer. Has the relevant person taken into account, amongst other things, any indication that the identity of the customer, or the customer's beneficial owner has changed; any transactions that are not reasonably consistent with the relevant person's knowledge of the customer; any change in the purpose or intended nature of the relevant person's relationship with the customer; any other matter that might affect the relevant person's risk assessment of MLTF risk in relation to the customer? |
| How to test compliance and evidence to obtain | Evidence of a business relationship or occasional transaction is usually obtained naturally as part of the compliance visit through a conversation with the customer during initial contact. You will establish if is the business relationship arises out of the business of the relevant person and if the relevant person expects an element of duration. Simply ask the question. CDD testing will also provide the necessary information to evidence a business relationship, for example obtaining contracts, engagement agreements and fees charged (see regulation 28). Many of the products and services offered by the population that HMRC supervise, repeat business is expected, and could be an indication as to whether there is likely an element of duration. Specific questions during the compliance visit or DBI will also highlight if the relevant person has suspected MLTF, or has doubted the veracity or adequacy of documents or information previously obtained for identification or verification. |
| Best Practice | Understand the business model and the sector the business is in (is it likely to be a business relationship or occasional transaction). Depending on the sector and services offered (which can be found on the application form), tailor the questions to be asked with a view to establish whether there is a business relationship or occasional transaction. |
| AMP | AMP's must carry out CDD measures when there is a business relationship. For example, where there is a contract to provide regular services; customers have extended credit terms arrangements or financing or loan arrangements; or, a buyer asks a dealer to source multiple paintings of a particular kind for their art collection over a period of time. Most transactions, however will be occasional transactions (please see paragraph 46 of the AMP guidance for a definition). Receiving marketing material or attending events does not constitute a business relationship. |
| ASP | Within this sector, a business relationship is most likely. Generic advice, provided with no expectation of any client follow-up or continuing relationship (such as generic reports provided free of charge or available for purchase by anyone), is unlikely to constitute a business relationship, although may potentially be an occasional transaction. However, this is not common in accountancy services (please see paragraphs 5.22 and 5.23 of the accountancy guidance). |
| EAB | CDD must be carried out on the customer and the counterparty to the transaction when a business relationship is established - see regulation 4 and the EAB guidance - part 4. |
| LAB | CDD must be undertaken when a business relationship is established.CDD must be undertaken to both the person by whom the land is being let, and the person who is renting the land |
| HVD | For HVDs, customer due diligence must be undertaken when establishing a business relationship, involving high value cash payments, with a customer; carrying out occasional transactions with a customer valued at 10,000 euros or more.CDD must be carried out on the receiver when making a high value cash payment. |
| MSB | Customer due diligence must be completed when establishing a business relationship; when carrying out an occasional transaction which is the transfer of funds exceeding 1,000 euros; under the transfer of funds regulations only, the customer must be identified and verified when a money transmission transaction is of any value and is funded by cash or anonymous e-money; and, when carrying out an occasional transaction with a customer of 15,000 euros or more, either at once, or in a series of linked transactions. It is vital to gain a full understanding of the MSB operating model in order to clearly identify who fits the definition of customer and therefore who must have customer due diligence measures applied; For example, if the MSB accepts business from another MSB acting as an intermediary payment service provider (IPSP) then the other MSB is also a customer. In circ*mstances with involve third party payments if the corresponding MSB (normally in another country) is instructing the UK MSB to move money then the overseas MSB become the UK MSB's customer. Scrutiny will be required not only on the overseas MSB but the underlying transaction linked to the movement of funds (Including invoices, bills of lading, shipping manifests) and whether what is obtained makes commercial business sense (Including importer and exported details, price of goods, credibility of any documents presented). |
| TCSP | For a TCSP, a business relationship may exist, for example, where another TCSP is the business's customer; where the business sets up a customer account; where the business forms a company for a customer; where there's a contract to provide regular services; where preferential rates for services are provided to repeat customers; and, in any other arrangement that facilitates an ongoing business relationship or repeat custom, such as providing a unique customer identification number for the customer to use. Company formation is not considered an occasional transaction but must be treated as a business relationship, even if it is the only service provided to that customer. |
| Further Reading | Part II, section 5 of the BAMF AML guidance Chapter 5 of CCAB AML Guidance 2020 Chapter 4 of EAB Guidance Chapter 4 of MSB Guidance Chapter 4 of TCSP Guidance Part 1, chapter 5 of JMLSG Guidance Meaning of business relationship - Regulation 4 Customer due diligence measures - Regulation 28 Politically exposed persons: other duties - Regulation 36 Record-keeping -Regulation 40 |
| FAQs | N/A |
FAQs
What is Regulation 27 of the money laundering Regulations 2017? ›
Regulation 27 requires you to apply CDD when: • establishing a business relationship; carrying out an occasional transaction that amounts to 15,000 Euros or more, whether it is executed in a single operation or in several operations which appear to be linked.
Which clients are likely to qualify for simplified due diligence? ›Simplified due diligence is only meant to be used when there is a low risk of money laundering, tax evasion, criminal or terrorist financing, and other financial crimes. Scenarios can include, but are not limited to, when: The customer is a government entity. The customer is a publicly-known company.
What is enhanced due diligence in money laundering regulations? ›Enhanced due diligence is conducted on any new business or customer that is deemed to be 'high risk' in terms of money laundering or terrorism financing. A 'high-risk' customer is: Linked to high-risk countries, defined in The Money Laundering and Terrorist Financing (High-Risk Countries) Amendment Regulations 2024.
What is simplified due diligence money laundering regulations? ›Simplified due diligence (SDD) is the lowest level of customer due diligence (CDD) that a financial institution can employ. It is a brief identity verification process that can be applied to eligible customers when the risk of money laundering or terrorist financing is deemed very “low”.
What are the regulatory requirements for AML? ›Financial institutions and other regulated entities must have an effective AML program that includes written internal policies, procedures, and controls, a designated AML compliance officer, and ongoing employee training.
What is customer due diligence in money laundering regulations 2017? ›Customer due diligence (CDD)
Under the MLR 2017, you're required to: identify your client and verify their identity on the basis of a reliable independent source (such as a passport)
The CDD Rule requires these covered financial institutions to identify and verify the identity of the natural persons (known as beneficial owners) of legal entity customers who own, control, and profit from companies when those companies open accounts.
What is the difference between customer due diligence and enhanced due diligence? ›In summary, CDD is a standard process used to assess a customer's risk, while EDD is used when a customer is considered to present a higher risk and requires amore thorough investigation.
What are the three types of CDD? ›There are three main types of CDD measures that organisations may use: standard CDD, enhanced CDD, and ongoing CDD. Standard Customer or Client Due Diligence refers to the basic level of information organisations must collect and verify about their customers.
What are the four customer due diligence requirements? ›Customer Due Diligence (CDD) involves four key requirements:
- Identifying and verifying the customer's identity using reliable sources.
- Understanding the nature of the customer's business relationship to determine expected transactions.
- Ensuring ongoing monitoring of the customer's transactions for suspicious activities.
How to do simplified due diligence? ›
Simplified Due Diligence Requirements
Verifying and identifying all customers. Verifying and identifying all beneficial owners (when doing business with companies) Understanding the purpose and nature of the relationship (developing customer risk profiles)
There are three levels of customer due diligence: standard, simplified, and enhanced. The level of customer due diligence that needs to be applied is derived from a customer's risk score, which should be calculated when onboarding a customer and during the ongoing due diligence process.
What is Regulation 17 of the money laundering Regulations? ›17. —(1) Each supervisory authority must identify and assess the international and domestic risks of money laundering and terrorist financing to which those relevant persons for which it is the supervisory authority (“its own sector”) are subject.
What is money laundering Regulations 37? ›Simplified due diligence (SDD) (Regulation 37)
Simplified due diligence is permitted where a firm determines, after individual risk assessment of the client, that the business relationship or transaction presents a low risk of money laundering or terrorist financing, taking into account their risk assessment.
You must meet certain day-to-day responsibilities if your business is covered by the Money Laundering Regulations. These include carrying out 'customer due diligence' measures to check that your customers are who they say they are, and risk assessing your business.
What is Regulation 30A of the money laundering Regulations 2017? ›Regulation 30A of the Money Laundering Regulations 2017 requires relevant persons to report to the registrar of companies any discrepancies between information: they hold about the beneficial owners of companies, as a result of client due diligence (CDD) measures, and.