The importance of client due diligence

You’ll hopefully be aware that your AML obligations are not voluntary. Accountants have been regulated under the UK money laundering regulations since the end of 2007. These regulations have only become more watertight since then, with the release of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and its subsequent amendments. The latest set of amendments came into force in September 2022. Further updates are already under discussion.

by | 1 Mar, 2023

But despite these laws, according to the annual reports from various accountancy supervisors, it appears that only around 15% of accountants are currently doing everything they can to comply with the regulations and taking their AML seriously.

This is not acceptable – and supervisors are cracking down. The ICAEW expelled 7 members in its 2021/2022 year, while the AAT expelled 4 and terminated 10 practising licenses. HMRC has also revoked practicing licenses from sole practitioners as well as bigger firms. And substantial fines have been levied against other non-complying firms.

If you’re not doing so already, you need to act to avoid the consequences of not complying with AML regulations. For all accountancy sector firms that fall within the scope of the AML regulations, putting in place effective Client Due Diligence (CDD) is just one of the essential parts of this process: you must first have trained all employees and agents (including yourself), completed a firm-wide risk assessment and then used the training received and the insight gained from the firm-wide risk assessment to create your AML policies, controls and procedures.

What’s driving this increased vigilance?

With increased financial volatility and the crisis in Ukraine, last year’s events reminded us of the risks we face. That is why the Financial Action Task Force (FATF), the main global advisory body for anti-money laundering (AML), updates its policies regularly. The UK bases its guidelines and regulations on FATF policy, as does the rest of the world. This uniformity is important. Money laundering (ML), terrorist financing (TF) and proliferation financing (PF) cost the global economy over US$2 trillion every year. Sadly the second highest amount of money is laundered each year in the UK – an estimated £88bn is cleared by criminals annually according to research by Credas Technologies. Only the US sees more. In addition, Transparency International have found that more than one in ten (around 14%) of all UK LLPs show red flags for money laundering. 

The 2020 MLTF National Risk Assessment confirmed this. The trusted reputation of the accountancy sector makes us a target for this criminal activity. Services for company formation, mainstream accounting, payrolls and tax advice are especially high risk.

How does CDD play a part in your AML?

Your client could be anyone. Even if you have a personal relationship with them outside of business, that doesn’t mean they’re less likely to be involved in ML, TF or PF.

This is where your CDD comes into play. As stated in AMLGAS, ‘the purpose of CDD is to know and understand a client’s identity and business activities, so that any MLTF risks can be properly managed. Effective CDD is, therefore, a key part of MLTF defences.’

CDD is integrated across the AML regulatory framework. The legislation that underpins this framework is The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations, 2017.

The Regulations stipulate that businesses must have the right policies, controls and procedures (PCPs) in place to ensure CDD is correctly performed for every client and entity. This is important because CDD feeds and supports some of your other AML work, such as Suspicious Activity Reporting (SARs), record keeping, discrepancy reporting, appointment of officers or ‘relevant persons’ such as a Money Laundering Reporting Officers (MLRO) and more.

Walking through the stages of CDD

AMLGAS sets out the components of good CDD as this:

  • Identifying the client (i.e. knowing who the client is);
  • Verifying the identity of the client (i.e. demonstrating that they are who they claim to be) by obtaining documents or other information from independent and reliable sources;
  • Identifying the Beneficial Owners (BOs) so that the ownership and control structure can be understood and the identities of any individuals who are the owners or controllers can be known;
  • On a risk-sensitive basis, taking reasonable measures to verify the identity of the BO(s); and
  • Gathering information on the intended purpose and nature of the business relationship.

Don’t forget that a client risk assessment is a key part of the identification (information gathering) and verification (evidence gathering) process.

The initial identification stage involves the gathering of information about a client’s identity and the purpose of the intended business relationship. The next stage of CDD is the risk assessment. This should be completed following the risk-based approach, and it must reflect the purpose, regularity and duration of the business relationship, as well as the size of any transaction and the business’ own firm-wide risk assessment.

The first risk assessment or evidence-gathering process may highlight a need for more information to be obtained or an updated risk assessment carried out.

If you haven’t done this for every client and entity your firm acts for, you are not complying with your AML obligations. Completing these steps only during onboarding is not enough either. The additional times that AMLGAS requires you to revisit your CDD include:

  • Regularly during their relationship with your firm.
  • When an occasional transaction is to be undertaken.
  • When there is either knowledge or a suspicion of MLTF.
  • When there is any doubt about the reliability of the identity information or documents obtained previously for verification purposes.
  • When you have a legal duty to contact a client that includes the requirement to review information related to the ownership or control structure of the client or any BOs.

It’s all about taking a risk-based approach in areas where a firm could be exploited. Written records are a must and again, there should be PCPs in place for these. If your firm is ever investigated written records are key to your defence.

The five risk factors

There are five risk factors that underpin the AML framework: Customers. Countries or geographic areas. Products or services. Transactions and Delivery channels. These risks  can present a number of red flags.

For example, are you finding it difficult to verify a client’s identity? Are they behaving suspiciously, such as becoming defensive in response to certain questions, or avoiding face-to-face contact? Are clients insisting on cash payments? Are you involved in a transaction that has no apparent economic or legal purpose, that is large or unusually complex? A full list of red flags can be found in Appendix B of the CCAB 2022 guidance.

In some cases, these red flags will lead to a requirement for enhanced CDD. This could mean further checks. Renewing validation and verification of identity on an annual basis. Senior management may need to approve the client relationship. Or additional information such as source of funds may be required.

Suspicious activity reports (SARs)

If you suspect that ML, TF or PF has taken place, or may take place, you are legally obliged to submit a Suspicious Activity Report (SAR) to your Money Laundering Reporting Officer (MLRO). Don’t forget, all CDD – and all AML activity – is in place to ensure you can submit a full and accurate SAR.

The MLRO must then decide if the SAR should be sent to the National Crime Agency. A sole practitioner must act as MLRO themselves.

 It can’t be stressed enough. Make sure all your actions and decisions are recorded and that you retain records for five years after you stop acting for the client. Businesses can use third-party providers to assist with the CDD process but remember – it’s your firm that remains legally responsible.

Final thoughts

The 2022 amendments are due to recent FATF recommendations to improve and harmonise AML standards, not to make life harder. In response to increased threats, regulations are evolving faster. Firms that are not on top of their AML are at risk of being fined or having their practicing certificate revoked due to non-compliance.

Moreover, FATF is unequivocal regarding its policy direction. More regulations, more supervision and harsher penalties. Any disruption to your business can be prevented through comprehensive AML. Thorough CDD is a vital part of this work but be aware it is only part of your legal obligations.

The AMLCC platform is designed to provide your firm with all the necessary tools to allow it to comply with the regulations and support you through each well documented step.

More from Financial Accountant

Will we see a completely virtual Professional Accountancy Organisation?

Will we see a completely virtual Professional Accountancy Organisation?

Dawn of a new era: building capacity in accountancy through competency-based education reform

Dawn of a new era: building capacity in accountancy through competency-based education reform

4 challenges and opportunities for supporting small businesses in sustainability

4 challenges and opportunities for supporting small businesses in sustainability

AML Conference Online: Preview

AML Conference Online: Preview

‘I might as well stop and diversify into holiday lets’ – new research reveals the reality of farming after Brexit

‘I might as well stop and diversify into holiday lets’ – new research reveals the reality of farming after Brexit

IFA Tax Facts 2024 now available

Share This