The Money Laundering Regulations 2007 – Due Diligence
- PART 1 – GENERAL
- PART 2 – CUSTOMER DUE DILIGENCE
- PART 3 – RECORD-KEEPING, PROCEDURES AND TRAINING
- PART 4 – SUPERVISION AND REGISTRATION
- PART 5 – ENFORCEMENT
- PART 6 – MISCELLANEOUS
- SCHEDULE 1 – ACTIVITIES LISTED IN POINTS 2 TO 12 AND 14 OF ANNEX I TO THE BANKING
Meaning of customer due diligence measures
5. “Customer due diligence measures” means—
(a) identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source;
(b) identifying, where there is a beneficial owner who is not the customer, the beneficial owner and taking adequate measures, on a risk-sensitive basis, to verify his identity so that the relevant person is satisfied that he knows who the beneficial owner is, including, in the case of a legal person, trust or similar legal arrangement, measures to understand the ownership and control structure of the person, trust or arrangement; and
(c) obtaining information on the purpose and intended nature of the business relationship.
Meaning of beneficial owner
6.—(1) In the case of a body corporate, “beneficial owner” means any individual who—
(a) as respects any body other than a company whose securities are listed on a regulated market, ultimately owns or controls (whether through direct or indirect ownership or control, including through bearer share holdings) more than 25% of the shares or voting rights in the body; or
(b) as respects any body corporate, otherwise exercises control over the management of the body.
(2) In the case of a partnership (other than a limited liability partnership), “beneficial owner” means any individual who—
(a) ultimately is entitled to or controls (whether the entitlement or control is direct or indirect) more than a 25% share of the capital or profits of the partnership or more than 25% of the voting rights in the partnership; or
(b) otherwise exercises control over the management of the partnership.
(3) In the case of a trust, “beneficial owner” means—
(a) any individual who is entitled to a specified interest in at least 25% of the capital of the trust property;
(b) as respects any trust other than one which is set up or operates entirely for the benefit of individuals falling within sub-paragraph (a), the class of persons in whose main interest the trust is set up or operates;
(c) any individual who has control over the trust.
(4) In paragraph (3)—
“specified interest” means a vested interest which is—
(a) in possession or in remainder or reversion (or, in Scotland, in fee); and
(b) defeasible or indefeasible;
“control” means a power (whether exercisable alone, jointly with another person or with the consent of another person) under the trust instrument or by law to—
(a) dispose of, advance, lend, invest, pay or apply trust property;
(b) vary the trust;
(c) add or remove a person as a beneficiary or to or from a class of beneficiaries;
(d) appoint or remove trustees;
(e) direct, withhold consent to or veto the exercise of a power such as is mentioned in sub-paragraph (a), (b), (c) or (d).
(5) For the purposes of paragraph (3)—
(a) where an individual is the beneficial owner of a body corporate which is entitled to a specified interest in the capital of the trust property or which has control over the trust, the individual is to be regarded as entitled to the interest or having control over the trust; and
(b) an individual does not have control solely as a result of—
(i) his consent being required in accordance with section 32(1)(c) of the Trustee Act 1925 (power of advancement);
(ii) any discretion delegated to him under section 34 of the Pensions Act 1995 (power of investment and delegation);
(iii) the power to give a direction conferred on him by section 19(2) of the Trusts of Land and Appointment of Trustees Act 1996 (appointment and retirement of trustee at instance of beneficiaries); or
(iv) the power exercisable collectively at common law to vary or extinguish a trust where the beneficiaries under the trust are of full age and capacity and (taken together) absolutely entitled to the property subject to the trust (or, in Scotland, have a full and unqualified right to the fee).
(6) In the case of a legal entity or legal arrangement which does not fall within paragraph (1), (2) or (3), “beneficial owner” means—
(a) where the individuals who benefit from the entity or arrangement have been determined, any individual who benefits from at least 25% of the property of the entity or arrangement;
(b) where the individuals who benefit from the entity or arrangement have yet to be determined, the class of persons in whose main interest the entity or arrangement is set up or operates;
(c) any individual who exercises control over at least 25% of the property of the entity or arrangement.
(7) For the purposes of paragraph (6), where an individual is the beneficial owner of a body corporate which benefits from or exercises control over the property of the entity or arrangement, the individual is to be regarded as benefiting from or exercising control over the property of the entity or arrangement.
(8) In the case of an estate of a deceased person in the course of administration, “beneficial owner” means—
(a) in England and Wales and Northern Ireland, the executor, original or by representation, or administrator for the time being of a deceased person;
(b) in Scotland, the executor for the purposes of the Executors (Scotland) Act 1900.
(9) In any other case, “beneficial owner” means the individual who ultimately owns or controls the customer or on whose behalf a transaction is being conducted.
(10) In this regulation—
“arrangement”, “entity” and “trust” means an arrangement, entity or trust which administers and distributes funds;
“limited liability partnership” has the meaning given by the Limited Liability Partnerships Act 2000.
Application of customer due diligence measures
7.—(1) Subject to regulations 9, 10, 12, 13, 14, 16(4) and 17, a relevant person must apply customer due diligence measures when he—
(a) establishes a business relationship;
(b) carries out an occasional transaction;
(c) suspects money laundering or terrorist financing;
(d) doubts the veracity or adequacy of documents, data or information previously obtained for the purposes of identification or verification.
(2) Subject to regulation 16(4), a relevant person must also apply customer due diligence measures at other appropriate times to existing customers on a risk-sensitive basis.
(3) A relevant person must—
(a) determine the extent of customer due diligence measures on a risk-sensitive basis depending on the type of customer, business relationship, product or transaction; and
(b) be able to demonstrate to his supervisory authority that the extent of the measures is appropriate in view of the risks of money laundering and terrorist financing.
(a) a relevant person is required to apply customer due diligence measures in the case of a trust, legal entity (other than a body corporate) or a legal arrangement (other than a trust); and
(b) the class of persons in whose main interest the trust, entity or arrangement is set up or operates is identified as a beneficial owner,
the relevant person is not required to identify all the members of the class.
(5) Paragraph (3)(b) does not apply to the National Savings Bank or the Director of Savings.
8.—(1) A relevant person must conduct ongoing monitoring of a business relationship.
(2) “Ongoing monitoring” of a business relationship means—
(a) scrutiny of transactions undertaken throughout the course of the relationship (including, where necessary, the source of funds) to ensure that the transactions are consistent with the relevant person’s knowledge of the customer, his business and risk profile; and
(b) keeping the documents, data or information obtained for the purpose of applying customer due diligence measures up-to-date.
(3) Regulation 7(3) applies to the duty to conduct ongoing monitoring under paragraph (1) as it applies to customer due diligence measures.
Timing of verification
9.—(1) This regulation applies in respect of the duty under regulation 7(1)(a) and (b) to apply the customer due diligence measures referred to in regulation 5(a) and (b).
(2) Subject to paragraphs (3) to (5) and regulation 10, a relevant person must verify the identity of the customer (and any beneficial owner) before the establishment of a business relationship or the carrying out of an occasional transaction.
(3) Such verification may be completed during the establishment of a business relationship if—
(a) this is necessary not to interrupt the normal conduct of business; and
(b) there is little risk of money laundering or terrorist financing occurring,
provided that the verification is completed as soon as practicable after contact is first established.
(4) The verification of the identity of the beneficiary under a life insurance policy may take place after the business relationship has been established provided that it takes place at or before the time of payout or at or before the time the beneficiary exercises a right vested under the policy.
(5) The verification of the identity of a bank account holder may take place after the bank account has been opened provided that there are adequate safeguards in place to ensure that—
(a) the account is not closed; and
(b) transactions are not carried out by or on behalf of the account holder (including any payment from the account to the account holder), before verification has been completed.
10.—(1) A casino must establish and verify the identity of—
(a) all customers to whom the casino makes facilities for gaming available—
(i) before entry to any premises where such facilities are provided; or
(ii) where the facilities are for remote gaming, before access is given to such facilities; or
(b) if the specified conditions are met, all customers who, in the course of any period of 24 hours—
(i) purchase from, or exchange with, the casino chips with a total value of 2,000 euro or more;
(ii) pay the casino 2,000 or more for the use of gaming machines; or
(iii) pay to, or stake with, the casino 2,000 euro or more in connection with facilities for remote gaming.
(2) The specified conditions are—
(a) the casino verifies the identity of each customer before or immediately after such purchase, exchange, payment or stake takes place, and
(b) the Gambling Commission is satisfied that the casino has appropriate procedures in place to monitor and record—
(i) the total value of chips purchased from or exchanged with the casino;
(ii) the total money paid for the use of gaming machines; or
(iii) the total money paid or staked in connection with facilities for remote gaming,
by each customer.
(3) In this regulation—
“gaming”, “gaming machine”, “remote operating licence” and “stake” have the meanings given by, respectively, sections 6(1) (gaming & game of chance), 235 (gaming machine), 67 (remote gambling) and 353(1) (interpretation) of the Gambling Act 2005;
“premises” means premises subject to—
(a) a casino premises licence within the meaning of section 150(1)(a) of the Gambling Act 2005 (nature of licence); or
(b) a converted casino premises licence within the meaning of paragraph 65 of Part 7 of Schedule 4 to the Gambling Act 2005 (Commencement No. 6 and Transitional Provisions) Order 2006;
“remote gaming” means gaming provided pursuant to a remote operating licence.
Requirement to cease transactions etc.
11.—(1) Where, in relation to any customer, a relevant person is unable to apply customer due diligence measures in accordance with the provisions of this Part, he—
(a) must not carry out a transaction with or for the customer through a bank account;
(b) must not establish a business relationship or carry out an occasional transaction with the customer;
(c) must terminate any existing business relationship with the customer;
(d) must consider whether he is required to make a disclosure by Part 7 of the Proceeds of Crime Act 2002 or Part 3 of the Terrorism Act 2000.
(2) Paragraph (1) does not apply where a lawyer or other professional adviser is in the course of ascertaining the legal position for his client or performing his task of defending or representing that client in, or concerning, legal proceedings, including advice on the institution or avoidance of proceedings.
(3) In paragraph (2), “other professional adviser” means an auditor, accountant or tax adviser who is a member of a professional body which is established for any such persons and which makes provision for—
(a) testing the competence of those seeking admission to membership of such a body as a condition for such admission; and
(b) imposing and maintaining professional and ethical standards for its members, as well as imposing sanctions for non-compliance with those standards.
Exception for trustees of debt issues
12.—(1) A relevant person—
(a) who is appointed by the issuer of instruments or securities specified in paragraph (2) as trustee of an issue of such instruments or securities; or
(b) whose customer is a trustee of an issue of such instruments or securities,
is not required to apply the customer due diligence measure referred to in regulation 5(b) in respect of the holders of such instruments or securities.
(2) The specified instruments and securities are—
(a) instruments which fall within article 77 of the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001; and
(b) securities which fall within article 78 of that Order.
Simplified due diligence
13.—(1) A relevant person is not required to apply customer due diligence measures in the circumstances mentioned in regulation 7(1)(a), (b) or (d) where he has reasonable grounds for believing that the customer, transaction or product related to such transaction, falls within any of the following paragraphs.
(2) The customer is—
(a) a credit or financial institution which is subject to the requirements of the money laundering directive; or
(b) a credit or financial institution (or equivalent institution) which—
(i) is situated in a non-EEA state which imposes requirements equivalent to those laid down in the money laundering directive; and
(ii) is supervised for compliance with those requirements.
(3) The customer is a company whose securities are listed on a regulated market subject to specified disclosure obligations.
(4) The customer is an independent legal professional and the product is an account into which monies are pooled, provided that—
(a) where the pooled account is held in a non-EEA state—
(i) that state imposes requirements to combat money laundering and terrorist financing which are consistent with international standards; and
(ii) the independent legal professional is supervised in that state for compliance with those requirements; and
(b) information on the identity of the persons on whose behalf monies are held in the pooled account is available, on request, to the institution which acts as a depository institution for the account.
(5) The customer is a public authority in the United Kingdom.
(6) The customer is a public authority which fulfils all the conditions set out in paragraph 2 of Schedule 2 to these Regulations.
(7) The product is—
(a) a life insurance contract where the annual premium is no more than 1,000 euro or where a single premium of no more than 2,500 euro is paid;
(b) an insurance contract for the purposes of a pension scheme where the contract contains no surrender clause and cannot be used as collateral;
(c) a pension, superannuation or similar scheme which provides retirement benefits to employees, where contributions are made by an employer or by way of deduction from an employee’s wages and the scheme rules do not permit the assignment of a member’s interest under the scheme (other than an assignment permitted by section 44 of the Welfare Reform and Pensions Act 1999 (disapplication of restrictions on alienation) or section 91(5)(a) of the Pensions Act 1995) (inalienability of occupational pension)); or
(d) electronic money, within the meaning of Article 1(3)(b) of the electronic money directive, where—
(i) if the device cannot be recharged, the maximum amount stored in the device is no more than 150 euro; or
(ii) if the device can be recharged, a limit of 2,500 euro is imposed on the total amount transacted in a calendar year, except when an amount of 1,000 euro or more is redeemed in the same calendar year by the bearer (within the meaning of Article 3 of the electronic money directive).
(8) The product and any transaction related to such product fulfils all the conditions set out in paragraph 3 of Schedule 2 to these Regulations.
(9) The product is a child trust fund within the meaning given by section 1(2) of the Child Trust Funds Act 2004.
Enhanced customer due diligence and ongoing monitoring
14.—(1) A relevant person must apply on a risk-sensitive basis enhanced customer due diligence measures and enhanced ongoing monitoring—
(a) in accordance with paragraphs (2) to (4);
(b) in any other situation which by its nature can present a higher risk of money laundering or terrorist financing.
(2) Where the customer has not been physically present for identification purposes, a relevant person must take specific and adequate measures to compensate for the higher risk, for example, by applying one or more of the following measures—
(a) ensuring that the customer’s identity is established by additional documents, data or information;
(b) supplementary measures to verify or certify the documents supplied, or requiring confirmatory certification by a credit or financial institution which is subject to the money laundering directive;
(c) ensuring that the first payment is carried out through an account opened in the customer’s name with a credit institution.
(3) A credit institution (“the correspondent”) which has or proposes to have a correspondent banking relationship with a respondent institution (“the respondent”) from a non-EEA state must—
(a) gather sufficient information about the respondent to understand fully the nature of its business;
(b) determine from publicly-available information the reputation of the respondent and the quality of its supervision;
(c) assess the respondent’s anti-money laundering and anti-terrorist financing controls;
(d) obtain approval from senior management before establishing a new correspondent banking relationship;
(e) document the respective responsibilities of the respondent and correspondent; and
(f) be satisfied that, in respect of those of the respondent’s customers who have direct access to accounts of the correspondent, the respondent—
(i) has verified the identity of, and conducts ongoing monitoring in respect of, such customers; and
(ii) is able to provide to the correspondent, upon request, the documents, data or information obtained when applying customer due diligence measures and ongoing monitoring.
(4) A relevant person who proposes to have a business relationship or carry out an occasional transaction with a politically exposed person must—
(a) have approval from senior management for establishing the business relationship with that person;
(b) take adequate measures to establish the source of wealth and source of funds which are involved in the proposed business relationship or occasional transaction; and
(c) where the business relationship is entered into, conduct enhanced ongoing monitoring of the relationship.
(5) In paragraph (4), “a politically exposed person” means a person who is—
(a) an individual who is or has, at any time in the preceding year, been entrusted with a prominent public function by—
(i) a state other than the United Kingdom;
(ii) a Community institution; or
(iii) an international body,
including a person who falls in any of the categories listed in paragraph 4(1)(a) of Schedule 2;
(b) an immediate family member of a person referred to in sub-paragraph (a), including a person who falls in any of the categories listed in paragraph 4(1)(c) of Schedule 2; or
(c) a known close associate of a person referred to in sub-paragraph (a), including a person who falls in either of the categories listed in paragraph 4(1)(d) of Schedule 2.
(6) For the purpose of deciding whether a person is a known close associate of a person referred to in paragraph (5)(a), a relevant person need only have regard to information which is in his possession or is publicly known.
Branches and subsidiaries
15.—(1) A credit or financial institution must require its branches and subsidiary undertakings which are located in a non-EEA state to apply, to the extent permitted by the law of that state, measures at least equivalent to those set out in these Regulations with regard to customer due diligence measures, ongoing monitoring and record-keeping.
(2) Where the law of a non-EEA state does not permit the application of such equivalent measures by the branch or subsidiary undertaking located in that state, the credit or financial institution must—
(a) inform its supervisory authority accordingly; and
(b) take additional measures to handle effectively the risk of money laundering and terrorist financing.
(3) In this regulation “subsidiary undertaking”—
(a) except in relation to an incorporated friendly society, has the meaning given by section 1162 of the Companies Act 2006 (parent and subsidiary undertakings) and, in relation to a body corporate in or formed under the law of an EEA state other than the United Kingdom, includes an undertaking which is a subsidiary undertaking within the meaning of any rule of law in force in that state for purposes connected with implementation of the European Council Seventh Company Law Directive 83/349/EEC of 13th June 1983 on consolidated accounts;
(b) in relation to an incorporated friendly society, means a body corporate of which the society has control within the meaning of section 13(9)(a) or (aa) of the Friendly Societies Act 1992 (control of subsidiaries and other bodies corporate).
(4) Before the entry into force of section 1162 of the Companies Act 2006 the reference to that section in paragraph (3)(a) shall be treated as a reference to section 258 of the Companies Act 1985 (parent and subsidiary undertakings).
Shell banks, anonymous accounts etc.
16.—(1) A credit institution must not enter into, or continue, a correspondent banking relationship with a shell bank.
(2) A credit institution must take appropriate measures to ensure that it does not enter into, or continue, a corresponding banking relationship with a bank which is known to permit its accounts to be used by a shell bank.
(3) A credit or financial institution carrying on business in the United Kingdom must not set up an anonymous account or an anonymous passbook for any new or existing customer.
(4) As soon as reasonably practicable on or after 15th December 2007 all credit and financial institutions carrying on business in the United Kingdom must apply customer due diligence measures to, and conduct ongoing monitoring of, all anonymous accounts and passbooks in existence on that date and in any event before such accounts or passbooks are used.
(5) A “shell bank” means a credit institution, or an institution engaged in equivalent activities, incorporated in a jurisdiction in which it has no physical presence involving meaningful decision-making and management, and which is not part of a financial conglomerate or third-country financial conglomerate.
(6) In this regulation, “financial conglomerate” and “third-country financial conglomerate” have the meanings given by regulations 1(2) and 7(1) respectively of the Financial Conglomerates and Other Financial Groups Regulations 2004.
17.—(1) A relevant person may rely on a person who falls within paragraph (2) (or who the relevant person has reasonable grounds to believe falls within paragraph (2)) to apply any customer due diligence measures provided that—
(a) the other person consents to being relied on; and
(b) notwithstanding the relevant person’s reliance on the other person, the relevant person remains liable for any failure to apply such measures.
(2) The persons are—
(a) a credit or financial institution which is an authorised person;
(b) a relevant person who is—
(i) an auditor, insolvency practitioner, external accountant, tax adviser or independent legal professional; and
(ii) supervised for the purposes of these Regulations by one of the bodies listed in Part 1 of Schedule 3;
(c) a person who carries on business in another EEA state who is—
(i) a credit or financial institution, auditor, insolvency practitioner, external accountant, tax adviser or independent legal professional;
(ii) subject to mandatory professional registration recognised by law; and
(iii) supervised for compliance with the requirements laid down in the money laundering directive in accordance with section 2 of Chapter V of that directive; or
(d) a person who carries on business in a non-EEA state who is—
(i) a credit or financial institution (or equivalent institution), auditor, insolvency practitioner, external accountant, tax adviser or independent legal professional;
(ii) subject to mandatory professional registration recognised by law;
(iii) subject to requirements equivalent to those laid down in the money laundering directive; and
(iv) supervised for compliance with those requirements in a manner equivalent to section 2 of Chapter V of the money laundering directive.
(3) In paragraph (2)(c)(i) and (d)(i), “auditor” and “insolvency practitioner” includes a person situated in another EEA state or a non-EEA state who provides services equivalent to the services provided by an auditor or insolvency practitioner.
(4) Nothing in this regulation prevents a relevant person applying customer due diligence measures by means of an outsourcing service provider or agent provided that the relevant person remains liable for any failure to apply such measures.
(5) In this regulation, “financial institution” excludes money service businesses.
Directions where Financial Action Task Force applies counter-measures
18. The Treasury may direct any relevant person—
(a) not to enter into a business relationship;
(b) not to carry out an occasional transaction; or
(c) not to proceed any further with a business relationship or occasional transaction,
with a person who is situated or incorporated in a non-EEA state to which the Financial Action Task Force has decided to apply counter-measures.