Customer Due Diligence (CDD) is a requirement for businesses subjected to the Money Laundering, Terrorist Financing and Transfer of Funds Regulations (2017) (MLRs 2017). CDD refers to the process by which companies gather sufficient information on a new or existing client and examine the risks of doing business with them. This makes it difficult for business relationships to be used for money laundering or terrorist financing purposes (5.1.10 of The Joint Money Laundering Steering Group).
When should CDD be undertaken by the firms?
In line with Regulation 27 of the MLRs 2017, CDD should take place when:
- Establishing a business relationship
- Occasional transactions are being carried out, involving transfers of money exceeding 1,000 Euros
- There is suspicion of money laundering or terrorist financing
- The firm has doubts about the authenticity of documents acquired previously for identification or verification
What does the FCA expects of firms?
Simplified CDD
Simplified CDD is required for clients who pose a low risk of money laundering or terrorist financing. The process involves only the identification of the client during onboarding with official documents. Firms are not required to verify the client’s identity or to know the intended purpose behind the business relationship. However, continued monitoring must still take place.
According to Regulation 37 of the MLRs (2017), customers who are public entities in the UK or listed on a regulated exchange such as the London Stock Exchange would satisfy this lower threshold because their information is publicly available.
Standard CDD
Standard CDD is a type of due diligence that is required when money laundering or terrorist financing may be a potential risk, but the risk of these occurring is low. Firms must identify and verify the client by checking independent and reliable documents that confirm the client’s identity, ensuring the client is the person they say to be.
For example, documents that can be used to verify the identity of a legal entity include: Proof of incorporation, memorandum/articles of association and annual reports/accounts.
Enhanced Due Diligence (EDD)
EDD is the highest level of due diligence and refers to additional measures and procedures firms need to undertake to identify and verify that the client’s funds and activities are legitimate. EDD should take place in ‘high risk’ situations which Section 33 of the MLRs (2017) outlines, this includes when:
- Clients are established in high-risk jurisdictions or high-risk industries like Mining, oil and gas, crypto-asset businesses and high value real estate
- Transactions have uncommon patterns. For example, large amounts of money have been withdrawn with no clear purpose
- False documents have been provided
- The ownership structure is unclear
- The client is a Politically Exposed Person (PEP), a Relative of a PEP or a Close Associate
Enforcement by the FCA: Failure to comply with CDD Standards
According to Section 42 of The Money Laundering Regulations 2007, failure to comply with Money Laundering Regulations which includes CDD standards can result in bodies like the FCA imposing penalties on financial institutions which can result in economic and reputational damage to firms. The FCA finds out about failures to comply with the CDD process through investigations of financial firms and their Anti-Money Laundering (AML) controls. If weaknesses are identified, this may result in a Final Notice.
Big firms have recently been fined heavily by the FCA for failure to comply with CDD standards. Santander Bank Plc has been fined £107.7 million due to consistent gaps in their anti-money laundering failures. Some of the issues as outlined in the Final Notice 2022 included the failure to verify customers and understanding the customer’s business unless the client was high risk, risk assessments were not documented either on staff systems.
Another recent fine of £7.6 million was issued to Guaranty Trust Bank (UK) Limited, failures included Anti-Money Laundering risks of customers were not assessed, not carrying out CDD when entering business relationships and EDD for higher risk customers. There was also a failure to carry out ongoing monitoring of account activity and staff were not trained with suitable AML training.
How can Complyport help?
With potential risk to the trust and reputation of firms, along with potential FCA fines to firms who fall in breach of the Money Laundering, Terrorist Financing and Transfer of Funds Regulations (2017), the importance of firms carrying out proper Customer Due Diligence is imperative.
Our Financial Crime and Forensics Unit offer a variety of services, all of which can be tailored to your firm, to help meet your needs and requirements to safeguard your firm.
- Financial crime health checks and audits
- Implementation of financial crime, AML, CTF, ABC, Fraud and market abuse controls and frameworks
- Ongoing advice on financial crime, AML, CTF, market abuse and fraud prevention
- Authoring/reviewing financial crime policies
- Outsourced MLRO support
- Outsourced KYC and CDD support
- Resourcing MLROs and financial crime experts
- Remediation
- Assistance in identifying Politically Exposed Persons (PEPs)
- Assistance in navigating international sanctions
- Expert Witness in financial crime cases
- Forensics and investigations
- Design and/or delivery of online or face to face financial crime training
Please contact us to discuss your firm’s anti-money laundering polices and system needs. Contact Jan Hagen via jan.hagen@complyport.co.uk to book a free consultation.
About Complyport
Complyport is a market leading consulting firm supporting the UK financial services industry for over 20 years. We specialise in providing Governance, Risk and Compliance services to support the regulated financial services industry to raise standards and thrive.
Complyport advises and assists firms to become authorised and to comply with the rules and requirements of regulators on an ongoing basis. We have successfully assisted over 1000 firms to become authorised with the FCA and EU and are providing regulatory support to over 600 regulated firms on an ongoing basis globally. With presence in the UK and EU, as well as via our Associates Network, Complyport can assist firms across multiple jurisdictions.
We specialise in supporting the UK financial services industry with compliance guidance, advice and best practice including support with:
- Financial crime and forensics
- MIFIDPRU permissions
- Prudential support, IFPR, ICARA and financial resilience advice
- Consumer Duty implementation advice
- Cryptoasset registration
- Financial Promotions guidance, support, and management software solutions
- Operational resilience & cybersecurity advice
- CASS advice and protections of client assets
- Compliance managed services and resourcing compliance personnel
- Skilled Person Reviews and regulatory investigation
Contact our Head of Regulatory Business Solutions, Jan Hagen via email at: jan.hagen@complyport.co.uk to book a free consultation.