Not only do the recent changes to the Money Laundering Regulations widen the range of firms who have to comply, but there are also changes to the requirements for customer due diligence, risk assessments, policies, controls, procedures and training for firms already in scope. You have until by 10 January 2020 to comply with most of the changes. I've summarised most changes here. Let me know if you need assistance.
Changes to Scope of the MLRs
The range of firms covered by the MLRs now includes letting agents, art market participants; cryptoasset
(e.g. virtual currency) exchange providers and custodian wallet
providers.
The definition of tax adviser is also extended to those who
provide material aid or assistance on tax; and certain limits are
lowered for e-money transactions and new restrictions are imposed on
acquiring anonymous prepaid card transactions.
Law enforcement authorities and the Gambling Commission can obtain
information about safe-deposit boxes and about accounts held with banks,
building societies and credit unions.
Changes to due diligence requirements
When you adopt new products, business practices (including new delivery mechanisms) or technology you must take appropriate
measures in preparation for, and during, that process to assess - and if necessary mitigate - any money laundering or terrorist financing risks change may cause.
If your firm is a parent, you must establish and maintain throughout your group all the various policies, controls and procedures for the purposes of preventing money laundering
and terrorist financing - including for
data protection and sharing information and including policies on the sharing of information about customers, customer accounts and transactions.
You must take appropriate measures - and keep records to prove - that you train your employees and agents whose work is relevant to your AML compliance or the identification or mitigation of the risk, prevention
or detection of money laundering and terrorist financing. The training must be
in the law relating to money laundering and terrorist financing, and
related data protection requirements; as well as how to recognise and deal with suspicious transactions and other
activities or situations which may be related to money laundering or terrorist
financing.
The triggers for applying customer due diligence measures now include:
- at appropriate times for existing customers, on a risk based approach;
- when you become aware that the circumstances of an existing customer relevant to your risk assessment for that customer have changed;
- when you have a legal duty to contact an existing customer for the purpose of reviewing any information relevant to your risk assessment and relates to the beneficial ownership of the customer, including information which enables you to understand the ownership or control structure of a legal person, trust, foundation or similar arrangement who is the beneficial owner of the customer;
- when you have to contact an existing customer to fulfil a duty under the International Tax Compliance Regulations 2015.
The obligation to understand the ownership and control structure of a customer applies whether the customer is a body corporate or other legal person, trust, company, foundation or similar legal arrangement.
Where you've exhausted all possible means of identifying the beneficial owner of the body corporate and either you haven't succeeded or you aren't satisfied that the individual identified is in fact the beneficial owner, you must keep written records of all the actions you've taken to identify the beneficial owner and take reasonable measures to verify the identity of the senior person in the body corporate responsible for managing it, as well as all the actions you've taken and any difficulties you encountered in doing so.
Before establishing a business relationship with a customer, you must collect proof of registration or an excerpt of the relevant company or partnership registry (as the case may be) and report to the relevant registrar any discrepancy between information relating to the beneficial ownership of the customer that you collect from the register and information that otherwise becomes available to you in the course of carrying out your duties under the MLRs.
There are new triggers for carrying out 'enhanced' customer due diligence measures, as well as a specified (non-exhaustive) list of measures.
The thresholds for applying customer due diligence in the context of e-money are significantly reduced.
There are new restrictions on
acquiring anonymous prepaid card transactions.
Law enforcement authorities and the Gambling Commission can now obtain information about safe-deposit boxes and about accounts held with banks, building societies and credit unions.
No comments:
Post a Comment