The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

CHAPTER 2U.K.Enhanced customer due diligence

Obligation to apply enhanced customer due diligenceU.K.

33.—(1) A relevant person must apply enhanced customer due diligence measures and enhanced ongoing monitoring, in addition to the customer due diligence measures required under regulation 28 and, if applicable, regulation 29, to manage and mitigate the risks arising—

(a)in any case identified as one where there is a high risk of money laundering or terrorist financing—

(i)by the relevant person under regulation 18(1), or

(ii)in information made available to the relevant person under regulations 17(9) and 47;

(b)in any business relationship F1... with a person established in a high-risk third country [F2or in relation to any relevant transaction where either of the parties to the transaction is established in a high-risk third country];

(c)in relation to correspondent relationships with a credit institution or a financial institution (in accordance with regulation 34);

(d)if a relevant person has determined that a customer or potential customer is a PEP, or a family member or known close associate of a PEP (in accordance with regulation 35);

(e)in any case where the relevant person discovers that a customer has provided false or stolen identification documentation or information and the relevant person proposes to continue to deal with that customer;

[F3(f)in any case where—

(i)a transaction is complex or unusually large,

(ii)there is an unusual pattern of transactions, or

(iii)the transaction or transactions have no apparent economic or legal purpose, and]

(g)in any other case which by its nature can present a higher risk of money laundering or terrorist financing.

(2) Paragraph (1)(b) does not apply when the customer is a branch or majority owned subsidiary undertaking of an entity which is established in [F4a third country] if all the following conditions are satisfied—

[F5(a)the entity is—

(i)subject to requirements in national legislation having an equivalent effect to those laid down in the fourth money laundering directive on an obliged entity (within the meaning of that directive); and

(ii)supervised for compliance with those requirements in a manner equivalent to section 2 of Chapter VI of the fourth money laundering directive;]

(b)the branch or subsidiary complies fully with procedures and policies established for the group under [F6requirements equivalent to those laid down in] Article 45 of the fourth money laundering directive; and

(c)the relevant person, applying a risk-based approach, does not consider that it is necessary to apply enhanced customer due diligence measures.

[F7(3) For the purposes of paragraph (1)(b)—

(a)[F8a “high-risk third country” means [F9a country named on either of the following lists published by the Financial Action Task Force as they have effect from time to time—

(i)High-Risk Jurisdictions subject to a Call for Action;

(ii)Jurisdictions under Increased Monitoring;]]

(b)a “relevant transaction” means a transaction in relation to which the relevant person is required to apply customer due diligence measures under regulation 27;

(c)being “established in” a country means—

(i)in the case of a legal person, being incorporated in or having its principal place of business in that country, or, in the case of a financial institution or a credit institution, having its principal regulatory authority in that country; and

(ii)in the case of an individual, being resident in that country, but not merely having been born in that country.]

[F10(3A) The enhanced due diligence measures taken by a relevant person for the purpose of paragraph (1)(b) must include—

(a)obtaining additional information on the customer and on the customer’s beneficial owner;

(b)obtaining additional information on the intended nature of the business relationship;

(c)obtaining information on the source of funds and source of wealth of the customer and of the customer’s beneficial owner;

(d)obtaining information on the reasons for the transactions;

(e)obtaining the approval of senior management for establishing or continuing the business relationship;

(f)conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination.]

(4) The enhanced customer due diligence measures taken by a relevant person for the purpose of paragraph (1)(f) must include—

(a)as far as reasonably possible, examining the background and purpose of the transaction, and

(b)increasing the degree and nature of monitoring of the business relationship in which the transaction is made to determine whether that transaction or that relationship appear to be suspicious.

[F11(4A) Where a relevant person provides a life insurance policy, the relevant person must consider the nature and identity of the beneficiary of the policy when assessing whether there is a high risk of money laundering or terrorist financing, and the extent of the measures which should be taken to manage and mitigate that risk.

(4B) Where the beneficiary of a life insurance policy provided by a relevant person—

(a)is a legal person or a legal arrangement, and

(b)presents a high risk of money laundering or terrorist financing,

the relevant person must take reasonable measures to identify and verify the identity of the beneficial owner of that beneficiary before any payment is made under the policy.]

(5) Depending on the requirements of the case, the enhanced customer due diligence measures required under paragraph (1) may also include, among other things—

(a)seeking additional independent, reliable sources to verify information provided or made available to the relevant person;

(b)taking additional measures to understand better the background, ownership and financial situation of the customer, and other parties to the transaction;

(c)taking further steps to be satisfied that the transaction is consistent with the purpose and intended nature of the business relationship;

(d)increasing the monitoring of the business relationship, including greater scrutiny of transactions.

(6) When assessing whether there is a high risk of money laundering or terrorist financing in a particular situation, and the extent of the measures which should be taken to manage and mitigate that risk, relevant persons must take account of risk factors including, among other things—

(a)customer risk factors, including whether—

(i)the business relationship is conducted in unusual circumstances;

(ii)the customer is resident in a geographical area of high risk (see sub-paragraph (c));

(iii)the customer is a legal person or legal arrangement that is a vehicle for holding personal assets;

(iv)the customer is a company that has nominee shareholders or shares in bearer form;

(v)the customer is a business that is cash intensive;

(vi)the corporate structure of the customer is unusual or excessively complex given the nature of the company's business;

[F12(vii)the customer is the beneficiary of a life insurance policy;

(viii)the customer is a third country national who is applying for residence rights in or citizenship of [F13a state] in exchange for transfers of capital, purchase of a property, government bonds or investment in corporate entities in [F14that state];]

(b)product, service, transaction or delivery channel risk factors, including whether—

(i)the product involves private banking;

(ii)the product or transaction is one which might favour anonymity;

(iii)the situation involves non-face-to-face business relationships or transactions, without certain safeguards, such as [F15an electronic identification process which meets the conditions set out in regulation 28(19)];

(iv)payments will be received from unknown or unassociated third parties;

(v)new products and new business practices are involved, including new delivery mechanisms, and the use of new or developing technologies for both new and pre-existing products;

(vi)the service involves the provision of nominee directors, nominee shareholders or shadow directors, or the formation of companies in a third country;

[F16(vii)there is a transaction related to oil, arms, precious metals, tobacco products, cultural artefacts, ivory or other items related to protected species, or other items of archaeological, historical, cultural or religious significance or of rare scientific value;]

(c)geographical risk factors, including—

(i)countries identified by credible sources, such as mutual evaluations, detailed assessment reports or published follow-up reports, as not having effective systems to counter money laundering or terrorist financing;

(ii)countries identified by credible sources as having significant levels of corruption or other criminal activity, such as terrorism (within the meaning of section 1 of the Terrorism Act 2000 M1), money laundering, and the production and supply of illicit drugs;

(iii)countries subject to sanctions, embargos or similar measures issued by, for example, the European Union or the United Nations;

(iv)countries providing funding or support for terrorism;

(v)countries that have organisations operating within their territory which have been designated—

(aa)by the government of the United Kingdom as proscribed organisations under Schedule 2 to the Terrorism Act 2000 M2, or

(bb)by other countries, international organisations or the European Union as terrorist organisations;

(vi)countries identified by credible sources, such as evaluations, detailed assessment reports or published follow-up reports published by the Financial Action Task Force, the International Monetary Fund, the World Bank, the Organisation for Economic Co-operation and Development or other international bodies or non-governmental organisations as not implementing requirements to counter money laundering and terrorist financing that are consistent with the recommendations published by the Financial Action Task Force in February 2012 and updated in [F17June 2019].

(7) In making the assessment referred to in paragraph (6), relevant persons must bear in mind that the presence of one or more risk factors may not always indicate that there is a high risk of money laundering or terrorist financing in a particular situation.

F18(8) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Enhanced customer due diligence: credit institutions, financial institutions and correspondent relationshipsU.K.

34.—(1) A credit institution or financial institution (the “correspondent”) which has or proposes to have a correspondent relationship [F19involving the execution of payments] with another such institution (the “respondent”) from a third country must, in addition to the measures required by regulation 33—

(a)gather sufficient information about the respondent to understand fully the nature of its business;

(b)determine from publicly-available information from credible sources the reputation of the respondent and the quality of the supervision to which the respondent is subject;

(c)assess the respondent's controls to counter money laundering and terrorist financing;

(d)obtain approval from senior management before establishing a new correspondent relationship;

(e)document the responsibilities of the respondent and correspondent in the correspondent relationship; and

(f)be satisfied that, in respect of those of the respondent's customers who have direct access to accounts with the correspondent, the respondent—

(i)has verified the identity of, and conducts ongoing customer due diligence measures in relation to, such customers; and

(ii)is able to provide to the correspondent, upon request, the documents or information obtained when applying such customer due diligence measures.

(2) Credit institutions and financial institutions must not enter into, or continue, a correspondent relationship with a shell bank.

(3) Credit institutions and financial institutions must take appropriate enhanced measures to ensure that they do not enter into, or continue, a correspondent relationship with a credit institution or financial institution which is known to allow its accounts to be used by a shell bank.

(4) For the purposes of this regulation—

(a)“correspondent relationship” means—

(i)the provision of banking services by a correspondent to a respondent including providing a current or other liability account and related services, such as cash management, international funds transfers, cheque clearing, providing customers of the respondent with direct access to accounts with the correspondent (and vice versa) and providing foreign exchange services; or

(ii)the relationship between and among credit institutions and financial institutions including where similar services are provided by a correspondent to a respondent, and including relationships established for securities transactions or funds transfers;

(b)a “shell bank” means a credit institution or financial institution, or an institution engaged in equivalent activities to those carried out by credit institutions or financial institutions, incorporated in a jurisdiction in which it has no physical presence involving meaningful decision-making and management, and which is not part of a financial conglomerate or third-country financial conglomerate;

(c)in sub-paragraph (b), “financial conglomerate” and “third-country financial conglomerate” have the meanings given by regulations 1(2) and 7(1) respectively of the Financial Conglomerates and Other Financial Groups Regulations 2004 M3.

Enhanced customer due diligence: politically exposed personsU.K.

35.—(1) A relevant person must have in place appropriate risk-management systems and procedures to determine whether a customer or the beneficial owner of a customer is—

(a)a politically exposed person (a “PEP”); or

(b)a family member or a known close associate of a PEP,

and to manage the enhanced risks arising from the relevant person's business relationship or transactions with such a customer.

(2) In determining what risk-management systems and procedures are appropriate under paragraph (1), the relevant person must take account of—

(a)the risk assessment it carried out under regulation 18(1);

(b)the level of risk of money laundering and terrorist financing inherent in its business;

(c)the extent to which that risk would be increased by its business relationship or transactions with a PEP, or a family member or known close associate of a PEP, and

(d)any relevant information made available to the relevant person under regulations 17(9) and 47.

(3) If a relevant person has determined that a customer or a potential customer is a PEP, or a family member or known close associate of a PEP, the relevant person must assess—

(a)the level of risk associated with that customer, and

(b)the extent of the enhanced customer due diligence measures to be applied in relation to that customer.

[F20(3A) For the purpose of the relevant person’s assessment under paragraph (3), where a customer or potential customer is a domestic PEP, or a family member or a known close associate of a domestic PEP—

(a)the starting point for the assessment is that the customer or potential customer presents a lower level of risk than a non-domestic PEP, and

(b)if no enhanced risk factors are present, the extent of enhanced customer due diligence measures to be applied in relation to that customer or potential customer is less than the extent to be applied in the case of a non-domestic PEP.]

(4) In assessing the extent of the enhanced customer due diligence measures to be taken in relation to any particular person (which may differ from case to case), a relevant person—

(a)must take account of any relevant information made available to the relevant person under regulations 17(9) and 47; and

(b)may take into account any guidance which has been—

(i)issued by the FCA; or

(ii)issued by any other supervisory authority or appropriate body and approved by the Treasury.

(5) A relevant person who proposes to have, or to continue, a business relationship with a PEP, or a family member or a known close associate of a PEP, must, in addition to the measures required by regulation 33—

(a)have approval from senior management for establishing or continuing the business relationship with that person;

(b)take adequate measures to establish the source of wealth and source of funds which are involved in the proposed business relationship or transactions with that person; and

(c)where the business relationship is entered into, conduct enhanced ongoing monitoring of the business relationship with that person.

(6) A relevant person which is providing a customer with a contract of long-term insurance (an “insurance policy”) must take reasonable measures to determine whether one or more of the beneficiaries of the insurance policy or the beneficial owner of a beneficiary of such an insurance policy are—

(a)PEPs, or

(b)family members or known close associates of PEPs.

(7) The measures required under paragraph (6) must be taken before—

(a)any payment is made under the insurance policy, or

(b)the benefit of the insurance policy is assigned in whole or in part to another person.

(8) A relevant person must, in addition to the measures required by regulation 33, ensure that—

(a)its senior management is informed before it pays out any sums under an insurance policy the beneficiary of which is a PEP or a person who comes within paragraph (6)(b) in relation to a PEP, and

(b)its entire business relationship with the holder of the insurance policy (“the policy holder”) is scrutinised on an ongoing basis in accordance with enhanced procedures, whether or not the policy holder is a PEP or a family member or known close associate of a PEP.

(9) Where a person who was a PEP is no longer entrusted with a prominent public function, a relevant person must continue to apply the requirements in paragraphs (5) and (8) in relation to that person—

(a)for a period of at least 12 months after the date on which that person ceased to be entrusted with that public function; or

(b)for such longer period as the relevant person considers appropriate to address risks of money laundering or terrorist financing in relation to that person.

(10) Paragraph (9) does not apply in relation to a person who—

(a)was not a politically exposed person within the meaning of regulation 14(5) of the Money Laundering Regulations 2007 M4, when those Regulations were in force; and

(b)ceased to be entrusted with a prominent public function before the date on which these Regulations come into force.

(11) When a person who was a PEP is no longer entrusted with a prominent public function, the relevant person is no longer required to apply the requirements in paragraphs (5) and (8) in relation to a family member or known close associate of that PEP (whether or not the period referred to in paragraph (9) has expired).

(12) In this regulation—

(a)“politically exposed person” or “PEP” means an individual who is entrusted with prominent public functions, other than as a middle-ranking or more junior official;

(b)“family member” of a politically exposed person includes—

(i)a spouse or civil partner of the PEP;

(ii)children of the PEP and the spouses or civil partners of the PEP's children;

(iii)parents of the PEP;

(c)“known close associate” of a PEP means—

(i)an individual known to have joint beneficial ownership of a legal entity or a legal arrangement or any other close business relations with a PEP;

(ii)an individual who has sole beneficial ownership of a legal entity or a legal arrangement which is known to have been set up for the benefit of a PEP;

[F21(d)“domestic PEP” means a politically exposed person entrusted with prominent public functions by the United Kingdom;

(e)“non-domestic PEP” means a politically exposed person who is not a domestic PEP;

(f)“enhanced risk factors”, in relation to a customer or potential customer who is a domestic PEP or a family member or a known close associate of that domestic PEP, mean risk factors other than the customer’s or potential customer’s position as a domestic PEP or as a family member or a known close associate of that domestic PEP.]

(13) For the purposes of paragraph (5), a reference to a business relationship with an individual includes a reference to a business relationship with a person of which the individual is a beneficial owner.

(14) For the purposes of paragraphs (9), (11) and [F22(12)], individuals entrusted with prominent public functions include—

(a)heads of state, heads of government, ministers and deputy or assistant ministers;

(b)members of parliament or of similar legislative bodies;

(c)members of the governing bodies of political parties;

(d)members of supreme courts, of constitutional courts or of any judicial body the decisions of which are not subject to further appeal except in exceptional circumstances;

(e)members of courts of auditors or of the boards of central banks;

(f)ambassadors, charges d'affaires and high-ranking officers in the armed forces;

(g)members of the administrative, management or supervisory bodies of State-owned enterprises;

(h)directors, deputy directors and members of the board or equivalent function of an international organisation.

(15) For the purpose of deciding whether a person is a known close associate of a politically exposed person, a relevant person need only have regard to information which is in its possession, or to credible information which is publicly available.

Politically exposed persons: other dutiesU.K.

36.—(1) The duty under section 30(1) of the Bank of England and Financial Services Act 2016 (duty to ensure that regulations or orders implementing the fourth money laundering directive comply with paragraphs (a) to (d) of that subsection) M5 does not apply if, and to the extent that, the duty is otherwise satisfied as a result of any provision contained in these Regulations, or any guidance issued by the FCA under these Regulations.

(2) The duty under section 333U(1) and (2) of FSMA (duty to issue guidance in connection with politically exposed persons) M6 does not apply if, and to the extent that, the duty is otherwise satisfied as a result of guidance issued by the FCA under these Regulations.