Search Legislation

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

What Version

 Help about what version
  • Latest available (Revised)
  • Original (As made)

Status:

This is the original version (as it was originally made). This item of legislation is currently only available in its original format.

PART 4Reliance and Record-keeping

Reliance

39.—(1) A relevant person may rely on a person who falls within paragraph (3) (“the third party”) to apply any of the customer due diligence measures required by regulation 28(2) to (6) and (10) but, notwithstanding the relevant person’s reliance on the third party, the relevant person remains liable for any failure to apply such measures.

(2) When a relevant person relies on the third party to apply customer due diligence measures under paragraph (1) it—

(a)must immediately obtain from the third party all the information needed to satisfy the requirements of regulation 28(2) to (6) and (10) in relation to the customer, customer’s beneficial owner, or any person acting on behalf of the customer;

(b)must enter into arrangements with the third party which—

(i)enable the relevant person to obtain from the third party immediately on request copies of any identification and verification data and any other relevant documentation on the identity of the customer, customer’s beneficial owner, or any person acting on behalf of the customer;

(ii)require the third party to retain copies of the data and documents referred to in paragraph (i) for the period referred to in regulation 40.

(3) The persons within this paragraph are—

(a)another relevant person who is subject to these Regulations under regulation 8;

(b)a person who carries on business in an EEA state other than the United Kingdom who is—

(i)subject to the requirements in national legislation implementing the fourth money laundering directive as an obliged entity (within the meaning of that directive), and

(ii)supervised for compliance with those requirements in accordance with section 2 of Chapter VI of the fourth money laundering directive; or

(c)a person who carries on business in a third country who is—

(i)subject to requirements in relation to customer due diligence and record keeping which are equivalent to those laid down in the fourth money laundering directive; and

(ii)supervised for compliance with those requirements in a manner equivalent to section 2 of Chapter VI of the fourth money laundering directive;

(d)organisations whose members consist of persons within sub-paragraph (a), (b) or (c).

(4) A relevant person may not rely on a third party established in a country which has been identified by the European Commission as a high-risk third country in delegated acts adopted under Article 9.2 of the fourth money laundering directive, and for these purposes “high-risk third country” has the meaning given in regulation 33(3).

(5) Paragraph (4) does not apply to a branch or majority owned subsidiary of an entity established in an EEA state if all the following conditions are met—

(a)the entity is—

(i)subject to requirements in national legislation implementing the fourth money laundering directive as an obliged entity (within the meaning of that directive); and

(ii)supervised for compliance with those requirements in accordance with section 2 of Chapter VI of the fourth money laundering directive;

(b)the branch or subsidiary complies fully with procedures and policies established for the group under Article 45 of the fourth money laundering directive.

(6) A relevant person is to be treated by a supervisory authority as having complied with the requirements of paragraph (2) if—

(a)the relevant person is relying on information provided by a third party which is a member of the same group as the relevant person;

(b)that group applies customer due diligence measures, rules on record keeping and programmes against money laundering and terrorist financing in accordance with these Regulations, the fourth money laundering directive or rules having equivalent effect; and

(c)the effective implementation of the requirements referred to in sub-paragraph (b) is supervised at group level by—

(i)an authority of an EEA state other than the United Kingdom with responsibility for the functions provided for in the fourth money laundering directive; or

(ii)an equivalent authority of a third country.

(7) Nothing in this regulation prevents a relevant person applying customer due diligence measures by means of an agent or an outsourcing service provider provided that the arrangements between the relevant person and the agent or outsourcing service provider provide for the relevant person to remain liable for any failure to apply such measures.

(8) For the purposes of paragraph (7), an “outsourcing service provider” means a person who—

(a)performs a process, a service or an activity that would otherwise be undertaken by the relevant person, and

(b)is not an employee of the relevant person.

Record-keeping

40.—(1) Subject to paragraph (5), a relevant person must keep the records specified in paragraph (2) for at least the period specified in paragraph (3).

(2) The records are—

(a)a copy of any documents and information obtained by the relevant person to satisfy the customer due diligence requirements in regulations 28, 29 and 33 to 37;

(b)sufficient supporting records (consisting of the original documents or copies) in respect of a transaction (whether or not the transaction is an occasional transaction) which is the subject of customer due diligence measures or ongoing monitoring to enable the transaction to be reconstructed.

(3) Subject to paragraph (4), the period is five years beginning on the date on which the relevant person knows, or has reasonable grounds to believe—

(a)that the transaction is complete, for records relating to an occasional transaction; or

(b)that the business relationship has come to an end for records relating to—

(i)any transaction which occurs as part of a business relationship, or

(ii)customer due diligence measures taken in connection with that relationship.

(4) A relevant person is not required to keep the records referred to in paragraph (3)(b)(i) for more than 10 years.

(5) Once the period referred to in paragraph (3), or if applicable paragraph (4), has expired, the relevant person must delete any personal data obtained for the purposes of these Regulations unless—

(a)the relevant person is required to retain records containing personal data—

(i)by or under any enactment, or

(ii)for the purposes of any court proceedings;

(b)the data subject has given consent to the retention of that data; or

(c)the relevant person has reasonable grounds for believing that records containing the personal data need to be retained for the purpose of legal proceedings.

(6) A relevant person who is relied on by another person must keep the records specified in paragraph (2) for the period referred to in paragraph (3) or, if applicable, paragraph (4).

(7) A person referred to in regulation 39(3) (“A”) who is relied on by a relevant person (“B”) must, if requested by B within the period referred to in paragraph (3) or, if applicable, paragraph (4), immediately—

(a)make available to B any information about the customer, any person purporting to act on behalf of the customer and any beneficial owner of the customer, which A obtained when applying customer due diligence measures; and

(b)forward to B copies of any identification and verification data and other relevant documents on the identity of the customer, any person purporting to act on behalf of the customer and any beneficial owner of the customer, which A obtained when applying those measures.

(8) Paragraph (7) does not apply where a relevant person applies customer due diligence measures by means of an agent or an outsourcing service provider (within the meaning of regulation 39(8)).

(9) For the purposes of this regulation—

(a)B relies on A where B does so in accordance with regulation 39(1);

(b)“copy” means a copy of the original document which would be admissible as evidence of the original document in court proceedings;

(c)“personal data” and “data subject” have the meanings given in section 1 of the Data Protection Act 1998(1).

Data Protection

41.—(1) Any personal data obtained by relevant persons for the purposes of these Regulations may only be processed for the purposes of preventing money laundering or terrorist financing.

(2) Processing personal data for the purposes of preventing money laundering or terrorist financing is to be considered to be necessary for the exercise of—

(a)a function of a public nature in the public interest for the purposes of paragraph 5(d) of Schedule 2 to the Data Protection Act 1998 (conditions relevant for processing personal data)(2); and

(b)a function conferred by or under an enactment for the purposes of paragraph 7(1)(b) of Schedule 3 to the Data Protection Act 1998 (conditions relevant for processing sensitive personal data)(3).

(3) No other use may be made of personal data referred to in paragraph (1), unless—

(a)use of the data is permitted by or under an enactment other than these Regulations; or

(b)the relevant person has obtained the consent of the data subject to the proposed use of the data.

(4) Relevant persons must provide new customers with the following information before establishing a business relationship or entering into an occasional transaction with the customer—

(a)the information specified in paragraph 2(3) in Part 2 of Schedule 1 to the Data Protection Act 1998 (interpretation of data protection principles);

(b)a statement that any personal data received from the customer will be processed only for the purposes of preventing money laundering or terrorist financing, or as permitted under paragraph (3).

(5) For the purposes of this regulation, “personal data”, “processing” and “data subject” have the meanings given in section 1 of the Data Protection Act 1998 (basic interpretative provisions).

(1)

1998 c.29. Section 1 was amended by section 68 of and Part 3 of Schedule 8 to the Freedom of Information Act 2000 (c.36), and by S.I. 2004/3089.

(2)

Paragraph 5 of Schedule 2 was amended by paragraph 4 of Schedule 6 to the Freedom of Information Act 2000.

(3)

Paragraph 7 of Schedule 5 was amended by paragraph 5 of Schedule 6 to the Freedom of Information Act 2000 and S.I. 2003/1887.

Back to top

Options/Help

Print Options

You have chosen to open The Whole Instrument

The Whole Instrument you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.

Would you like to continue?

You have chosen to open The Whole Instrument as a PDF

The Whole Instrument you have selected contains over 200 provisions and might take some time to download.

Would you like to continue?

You have chosen to open the Whole Instrument

The Whole Instrument you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.

Would you like to continue?

Close

Legislation is available in different versions:

Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.

Original (As Enacted or Made):The original version of the legislation as it stood when it was enacted or made. No changes have been applied to the text.

Close

Opening Options

Different options to open legislation in order to view more content on screen at once

Close

Explanatory Memorandum

Explanatory Memorandum sets out a brief statement of the purpose of a Statutory Instrument and provides information about its policy objective and policy implications. They aim to make the Statutory Instrument accessible to readers who are not legally qualified and accompany any Statutory Instrument or Draft Statutory Instrument laid before Parliament from June 2004 onwards.

Close

More Resources

Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:

  • the original print PDF of the as enacted version that was used for the print copy
  • lists of changes made by and/or affecting this legislation item
  • confers power and blanket amendment details
  • all formats of all associated documents
  • correction slips
  • links to related legislation and further information resources
Close

Impact Assessments

Impact Assessments generally accompany all UK Government interventions of a regulatory nature that affect the private sector, civil society organisations and public services. They apply regardless of whether the regulation originates from a domestic or international source and can accompany primary (Acts etc) and secondary legislation (SIs). An Impact Assessment allows those with an interest in the policy area to understand:

  • Why the government is proposing to intervene;
  • The main options the government is considering, and which one is preferred;
  • How and to what extent new policies may impact on them; and,
  • The estimated costs and benefits of proposed measures.
Close

More Resources

Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:

  • the original print PDF of the as made version that was used for the print copy
  • correction slips

Click 'View More' or select 'More Resources' tab for additional information including:

  • lists of changes made by and/or affecting this legislation item
  • confers power and blanket amendment details
  • all formats of all associated documents
  • links to related legislation and further information resources