The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

Obligation to apply enhanced customer due diligence

33.—(1) A relevant person must apply enhanced customer due diligence measures and enhanced ongoing monitoring, in addition to the customer due diligence measures required under regulation 28 and, if applicable, regulation 29, to manage and mitigate the risks arising—

(a)in any case identified as one where there is a high risk of money laundering or terrorist financing—

(i)by the relevant person under regulation 18(1), or

(ii)in information made available to the relevant person under regulations 17(9) and 47;

(b)in any business relationship or transaction with a person established in a high-risk third country;

(c)in relation to correspondent relationships with a credit institution or a financial institution (in accordance with regulation 34);

(d)if a relevant person has determined that a customer or potential customer is a PEP, or a family member or known close associate of a PEP (in accordance with regulation 35);

(e)in any case where the relevant person discovers that a customer has provided false or stolen identification documentation or information and the relevant person proposes to continue to deal with that customer;

(f)in any case where—

(i)a transaction is complex and unusually large, or there is an unusual pattern of transactions, and

(ii)the transaction or transactions have no apparent economic or legal purpose, and

(g)in any other case which by its nature can present a higher risk of money laundering or terrorist financing.

(2) Paragraph (1)(b) does not apply when the customer is a branch or majority owned subsidiary undertaking of an entity which is established in an EEA state if all the following conditions are satisfied—

(a)the entity is—

(i)subject to the requirements in national legislation implementing the fourth money laundering directive as an obliged entity (within the meaning of that directive), and

(ii)supervised for compliance with those requirements in accordance with section 2 of Chapter VI of the fourth money laundering directive;

(b)the branch or subsidiary complies fully with procedures and policies established for the group under Article 45 of the fourth money laundering directive; and

(c)the relevant person, applying a risk-based approach, does not consider that it is necessary to apply enhanced customer due diligence measures.

(3) For the purposes of paragraph (1)(b), a “high-risk third country” means a country which has been identified by the European Commission in delegated acts adopted under Article 9.2 of the fourth money laundering directive as a high-risk third country.

(4) The enhanced customer due diligence measures taken by a relevant person for the purpose of paragraph (1)(f) must include—

(a)as far as reasonably possible, examining the background and purpose of the transaction, and

(b)increasing the degree and nature of monitoring of the business relationship in which the transaction is made to determine whether that transaction or that relationship appear to be suspicious.

(5) Depending on the requirements of the case, the enhanced customer due diligence measures required under paragraph (1) may also include, among other things—

(a)seeking additional independent, reliable sources to verify information provided or made available to the relevant person;

(b)taking additional measures to understand better the background, ownership and financial situation of the customer, and other parties to the transaction;

(c)taking further steps to be satisfied that the transaction is consistent with the purpose and intended nature of the business relationship;

(d)increasing the monitoring of the business relationship, including greater scrutiny of transactions.

(6) When assessing whether there is a high risk of money laundering or terrorist financing in a particular situation, and the extent of the measures which should be taken to manage and mitigate that risk, relevant persons must take account of risk factors including, among other things—

(a)customer risk factors, including whether—

(i)the business relationship is conducted in unusual circumstances;

(ii)the customer is resident in a geographical area of high risk (see sub-paragraph (c));

(iii)the customer is a legal person or legal arrangement that is a vehicle for holding personal assets;

(iv)the customer is a company that has nominee shareholders or shares in bearer form;

(v)the customer is a business that is cash intensive;

(vi)the corporate structure of the customer is unusual or excessively complex given the nature of the company’s business;

(b)product, service, transaction or delivery channel risk factors, including whether—

(i)the product involves private banking;

(ii)the product or transaction is one which might favour anonymity;

(iii)the situation involves non-face-to-face business relationships or transactions, without certain safeguards, such as electronic signatures;

(iv)payments will be received from unknown or unassociated third parties;

(v)new products and new business practices are involved, including new delivery mechanisms, and the use of new or developing technologies for both new and pre-existing products;

(vi)the service involves the provision of nominee directors, nominee shareholders or shadow directors, or the formation of companies in a third country;

(c)geographical risk factors, including—

(i)countries identified by credible sources, such as mutual evaluations, detailed assessment reports or published follow-up reports, as not having effective systems to counter money laundering or terrorist financing;

(ii)countries identified by credible sources as having significant levels of corruption or other criminal activity, such as terrorism (within the meaning of section 1 of the Terrorism Act 2000(1)), money laundering, and the production and supply of illicit drugs;

(iii)countries subject to sanctions, embargos or similar measures issued by, for example, the European Union or the United Nations;

(iv)countries providing funding or support for terrorism;

(v)countries that have organisations operating within their territory which have been designated—

(aa)by the government of the United Kingdom as proscribed organisations under Schedule 2 to the Terrorism Act 2000(2), or

(bb)by other countries, international organisations or the European Union as terrorist organisations;

(vi)countries identified by credible sources, such as evaluations, detailed assessment reports or published follow-up reports published by the Financial Action Task Force, the International Monetary Fund, the World Bank, the Organisation for Economic Co-operation and Development or other international bodies or non-governmental organisations as not implementing requirements to counter money laundering and terrorist financing that are consistent with the recommendations published by the Financial Action Task Force in February 2012 and updated in October 2016.

(7) In making the assessment referred to in paragraph (6), relevant persons must bear in mind that the presence of one or more risk factors may not always indicate that there is a high risk of money laundering or terrorist financing in a particular situation.

(8) In determining what measures to take when paragraph (1) applies, and what the extent of those measures should be, credit institutions and financial institutions must also take account of any guidelines issued by the European Supervisory Authorities under Article 18.4 of the fourth money laundering directive.