Find Accountant
My AIA
My AIA

Client Due Diligence

Client Due Diligence (CDD)

Firms must perform client due diligence before establishing a business relationship and when any factors relevant to client risk assessment have changed. These include:

  • your client’s identity has changed;
  • you have identified a transaction that isn’t consistent with your knowledge of your client; or
  • the services you are providing to your client have changed.

Firms must identify the beneficial owner of the client and take reasonable measures to verify their identity and if the beneficial owner is an entity or legal arrangement, take reasonable measures to understand its ownership and control structure. The regulations state that you can’t rely solely on Companies House registers of beneficial ownership.

There are three key changes to the CDD requirements:

  • You must now also complete CDD where you only perform company formation services, even if that service is a one-off service for that client.
  • You must also identify and verify the identity of a person purporting to act on behalf of your client.
  • You must obtain and verify the name of the body corporate, its registration number, its registered address, and principal place of business. You must also take reasonable measures to determine and verify the law to which it is subject, its constitution (set out in governing documents) and the names of the board of directors and its senior management.

Simplified Due Diligence (SDD)

SDD can be applied when you have assessed the client as low risk of money laundering and terrorist financing.

MLR2017 sets out a list of factors to be taken into account when assessing whether a client presents a low degree of money laundering risk and terrorist financing. If they do, SDD measures can be applied.

Enhanced Due Diligence (EDD)

Enhanced Due Diligence (EDD) should be applied where there is a higher risk of money laundering or terrorist financing. MLR2017 sets out a list of circumstances in which EDD measures must be applied, which includes:

  • any transaction or  business relationship with a client established in a high-risk country;
  • any transaction or business relationship involving a politically exposed person (PEP), or a family member or known close associate of a PEP;
  • any other situation which presents a high risk of money laundering or terrorist financing.

Risk Factors to Consider

Customer-Related Risks
  • Unusual business relationships
  • Clients based in high-risk areas
  • Legal entities used to hold personal assets
  • Companies with nominee shareholders or bearer shares
  • Cash-intensive businesses
  • Complex or opaque corporate structures
Product, Service, or Delivery Risks
  • Private banking services
  • Products that favour anonymity
  • Non face-to-face transactions without safeguards
  • Payments from unknown third parties
  • Use of new or emerging technologies
  • Services involving nominee or shadow directors
Geographical Risks
  • Countries with weak AML systems
  • Countries with high levels of corruption or criminal activity
  • Countries under sanctions or embargoes
  • Countries supporting terrorism or linked to terrorist organisations

Politically Exposed Persons (PEPs)

  • Family members include a PEP’s spouse or civil partner, children, and parents.
  • Known close associates include:
    • Individuals with joint ownership of a legal entity or close business ties with a PEP
    • Individuals who solely own a legal entity set up for the benefit of a PEP

If you identify a client as a PEP, you must:

  • Get senior management approval before starting or continuing the relationship
  • Establish the source of wealth and funds
  • Apply enhanced ongoing monitoring

If a client ceases to be a PEP, you must continue EDD for at least 12 months, or longer if needed. For family members or associates, EDD can stop once the PEP status ends.

You may rely only on existing records or publicly available information to determine if someone is a known associate.

FCA Guidance

If you rely on another firm to carry out CDD—or another firm relies on yours—you must:

  • Obtain all relevant CDD information
  • Have a written agreement confirming that the third party will provide documentation immediately upon request

Record Keeping and Data Protection

You must retain copies of AML-related documents and records for five years after:

  • The business relationship ends, or
  • The transaction is completed

 

After five years, you must delete personal data, unless:

  • You’re required to keep it by law or for legal proceedings, or
  • You have the individual’s consent

Informing Clients

You must provide new clients with:

  • Information as outlined in Schedule 1, Part 2, paragraph 2(3) of the Data Protection Act 1998
  • A statement confirming that their personal data will only be used to prevent money laundering or terrorist financing, unless otherwise permitted or consented

 

Tip: Consider updating your engagement letters to reflect these requirements.

Register of Trust or Company Service Providers (TCSP)

HMRC established a register of TCSPs who are not registered with the Financial Conduct Authority (FCA) covering all non-FCA registered firms. A firm must not act as a TCSP unless it is on the register or has applied and not been rejected from registration.

AIA will automatically register your firm for AML supervision on the HMRC TCSP register provided your firm is supervised for AML by AIA as an accountancy service provider AND you have declared you provide TCSP services on your annual firm declaration.

Further Information

AIA offers a qualification and membership pathway for everyone.

Apply Now

About

Membership

Study

Insights

CPD