CHAPTER IIU.K. CUSTOMER DUE DILIGENCE
SECTION 1 U.K. General provisions
Article 10U.K.
[1. Member States shall prohibit their credit institutions and financial institutions from keeping anonymous accounts, anonymous passbooks or anonymous safe-deposit boxes. Member States shall, in any event, require that the owners and beneficiaries of existing anonymous accounts, anonymous passbooks or anonymous safe-deposit boxes be subject to customer due diligence measures no later than 10 January 2019 and in any event before such accounts, passbooks or deposit boxes are used in any way.]
2.Member States shall take measures to prevent misuse of bearer shares and bearer share warrants.
Article 11U.K.
Member States shall ensure that obliged entities apply customer due diligence measures in the following circumstances:
(a)
when establishing a business relationship;
(b)
when carrying out an occasional transaction that:
(i)
amounts to EUR 15 000 or more, whether that transaction is carried out in a single operation or in several operations which appear to be linked; or
(ii)
constitutes a transfer of funds, as defined in point (9) of Article 3 of Regulation (EU) 2015/847 of the European Parliament and of the Council(), exceeding EUR 1 000;
(c)
in the case of persons trading in goods, when carrying out occasional transactions in cash amounting to EUR 10 000 or more, whether the transaction is carried out in a single operation or in several operations which appear to be linked;
(d)
for providers of gambling services, upon the collection of winnings, the wagering of a stake, or both, when carrying out transactions amounting to EUR 2 000 or more, whether the transaction is carried out in a single operation or in several operations which appear to be linked;
(e)
when there is a suspicion of money laundering or terrorist financing, regardless of any derogation, exemption or threshold;
(f)
when there are doubts about the veracity or adequacy of previously obtained customer identification data.
Article 12U.K.
1.By way of derogation from points (a), (b) and (c) of the first subparagraph of Article 13(1) and Article 14, and based on an appropriate risk assessment which demonstrates a low risk, a Member State may allow obliged entities not to apply certain customer due diligence measures with respect to electronic money, where all of the following risk-mitigating conditions are met:
[(a) the payment instrument is not reloadable, or has a maximum monthly payment transactions limit of EUR 150 which can be used only in that Member State;
(b) the maximum amount stored electronically does not exceed EUR 150;]
(c)the payment instrument is used exclusively to purchase goods or services;
(d)the payment instrument cannot be funded with anonymous electronic money;
(e)the issuer carries out sufficient monitoring of the transactions or business relationship to enable the detection of unusual or suspicious transactions.
[ . . . . .]
[2. Member States shall ensure that the derogation provided for in paragraph 1 of this Article is not applicable in the case of redemption in cash or cash withdrawal of the monetary value of the electronic money where the amount redeemed exceeds EUR 50, or in the case of remote payment transactions as defined in point (6) of Article 4 of the Directive (EU) 2015/2366 of the European Parliament and of the Council () where the amount paid exceeds EUR 50 per transaction.]
[3. Member States shall ensure that credit institutions and financial institutions acting as acquirers only accept payments carried out with anonymous prepaid cards issued in third countries where such cards meet requirements equivalent to those set out in paragraphs 1 and 2.
Member States may decide not to accept on their territory payments carried out by using anonymous prepaid cards.]
Article 13U.K.
1.Customer due diligence measures shall comprise:
[(a) identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source, including, where available, electronic identification means, relevant trust services as set out in Regulation (EU) No 910/2014 of the European Parliament and of the Council () or any other secure, remote or electronic identification process regulated, recognised, approved or accepted by the relevant national authorities;]
(b)identifying the beneficial owner and taking reasonable measures to verify that person's identity so that the obliged entity is satisfied that it knows who the beneficial owner is, including, as regards legal persons, trusts, companies, foundations and similar legal arrangements, taking reasonable measures to understand the ownership and control structure of the customer[.] [Where the beneficial owner identified is the senior managing official as referred to in Article 3(6)(a) (ii), obliged entities shall take the necessary reasonable measures to verify the identity of the natural person who holds the position of senior managing official and shall keep records of the actions taken as well as any difficulties encountered during the verification process;]
(c)assessing and, as appropriate, obtaining information on the purpose and intended nature of the business relationship;
(d)conducting ongoing monitoring of the business relationship including scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the obliged entity's knowledge of the customer, the business and risk profile, including where necessary the source of funds and ensuring that the documents, data or information held are kept up-to-date.
When performing the measures referred to in points (a) and (b) of the first subparagraph, obliged entities shall also verify that any person purporting to act on behalf of the customer is so authorised and identify and verify the identity of that person.
2.Member States shall ensure that obliged entities apply each of the customer due diligence requirements laid down in paragraph 1. However, obliged entities may determine the extent of such measures on a risk-sensitive basis.
3.Member States shall require that obliged entities take into account at least the variables set out in Annex I when assessing the risks of money laundering and terrorist financing.
4.Member States shall ensure that obliged entities are able to demonstrate to competent authorities or self-regulatory bodies that the measures are appropriate in view of the risks of money laundering and terrorist financing that have been identified.
5.For life or other investment-related insurance business, Member States shall ensure that, in addition to the customer due diligence measures required for the customer and the beneficial owner, credit institutions and financial institutions conduct the following customer due diligence measures on the beneficiaries of life insurance and other investment-related insurance policies, as soon as the beneficiaries are identified or designated:
(a)in the case of beneficiaries that are identified as specifically named persons or legal arrangements, taking the name of the person;
(b)in the case of beneficiaries that are designated by characteristics or by class or by other means, obtaining sufficient information concerning those beneficiaries to satisfy the credit institutions or financial institution that it will be able to establish the identity of the beneficiary at the time of the payout.
With regard to points (a) and (b) of the first subparagraph, the verification of the identity of the beneficiaries shall take place at the time of the payout. In the case of assignment, in whole or in part, of the life or other investment-related insurance to a third party, credit institutions and financial institutions aware of the assignment shall identify the beneficial owner at the time of the assignment to the natural or legal person or legal arrangement receiving for its own benefit the value of the policy assigned.
6.In the case of beneficiaries of trusts or of similar legal arrangements that are designated by particular characteristics or class, an obliged entity shall obtain sufficient information concerning the beneficiary to satisfy the obliged entity that it will be able to establish the identity of the beneficiary at the time of the payout or at the time of the exercise by the beneficiary of its vested rights.
Article 14U.K.
1.Member States shall require that verification of the identity of the customer and the beneficial owner take place before the establishment of a business relationship or the carrying out of the transaction. [Whenever entering into a new business relationship with a corporate or other legal entity, or a trust or a legal arrangement having a structure or functions similar to trusts (‘similar legal arrangement’) which are subject to the registration of beneficial ownership information pursuant to Article 30 or 31, the obliged entities shall collect proof of registration or an excerpt of the register.]
2.By way of derogation from paragraph 1, Member States may allow verification of the identity of the customer and the beneficial owner to be completed during the establishment of a business relationship if necessary so as not to interrupt the normal conduct of business and where there is little risk of money laundering or terrorist financing. In such situations, those procedures shall be completed as soon as practicable after initial contact.
3.By way of derogation from paragraph 1, Member States may allow the opening of an account with a credit institution or financial institution, including accounts that permit transactions in transferable securities, provided that there are adequate safeguards in place to ensure that transactions are not carried out by the customer or on its behalf until full compliance with the customer due diligence requirements laid down in points (a) and (b) of the first subparagraph of Article 13(1) is obtained.
4.Member States shall require that, where an obliged entity is unable to comply with the customer due diligence requirements laid down in point (a), (b) or (c) of the first subparagraph of Article 13(1), it shall not carry out a transaction through a bank account, establish a business relationship or carry out the transaction, and shall terminate the business relationship and consider making a suspicious transaction report to the FIU in relation to the customer in accordance with Article 33.
Member States shall not apply the first subparagraph to notaries, other independent legal professionals, auditors, external accountants and tax advisors only to the strict extent that those persons ascertain the legal position of their client, or perform the task of defending or representing that client in, or concerning, judicial proceedings, including providing advice on instituting or avoiding such proceedings.
[5. Member States shall require that obliged entities apply the customer due diligence measures not only to all new customers but also at appropriate times to existing customers on a risk-sensitive basis, or when the relevant circumstances of a customer change, or when the obliged entity has any legal duty in the course of the relevant calendar year to contact the customer for the purpose of reviewing any relevant information relating to the beneficial owner(s), or if the obliged entity has had this duty under Council Directive 2011/16/EU () .]
SECTION 2 U.K. Simplified customer due diligence
Article 15U.K.
1.Where a Member State or an obliged entity identifies areas of lower risk, that Member State may allow obliged entities to apply simplified customer due diligence measures.
2.Before applying simplified customer due diligence measures, obliged entities shall ascertain that the business relationship or the transaction presents a lower degree of risk.
3.Member States shall ensure that obliged entities carry out sufficient monitoring of the transactions and business relationships to enable the detection of unusual or suspicious transactions.
Article 16U.K.
When assessing the risks of money laundering and terrorist financing relating to types of customers, geographic areas, and particular products, services, transactions or delivery channels, Member States and obliged entities shall take into account at least the factors of potentially lower risk situations set out in Annex II.
Article 17U.K.
By 26 June 2017, the ESAs shall issue guidelines addressed to competent authorities and the credit institutions and financial institutions in accordance with Article 16 of Regulations (EU) No 1093/2010, (EU) No 1094/2010, and (EU) No 1095/2010 on the risk factors to be taken into consideration and the measures to be taken in situations where simplified customer due diligence measures are appropriate. Specific account shall be taken of the nature and size of the business, and, where appropriate and proportionate, specific measures shall be laid down.
SECTION 3 U.K. Enhanced customer due diligence
Article 18U.K.
1.[In the cases referred to in Articles 18a to 24, as well as in other cases of higher risk that are identified by Member States or obliged entities, Member States shall require obliged entities to apply enhanced customer due diligence measures to manage and mitigate those risks appropriately.]
Enhanced customer due diligence measures need not be invoked automatically with respect to branches or majority-owned subsidiaries of obliged entities established in the Union which are located in high-risk third countries, where those branches or majority-owned subsidiaries fully comply with the group-wide policies and procedures in accordance with Article 45. Member States shall ensure that those cases are handled by obliged entities by using a risk-based approach.
[2. Member States shall require obliged entities to examine, as far as reasonably possible, the background and purpose of all transactions that fulfil at least one of the following conditions:
(i)
they are complex transactions;
(ii)
they are unusually large transactions;
(iii)
they are conducted in an unusual pattern;
(iv)
they do not have an apparent economic or lawful purpose.
In particular, obliged entities shall increase the degree and nature of monitoring of the business relationship, in order to determine whether those transactions or activities appear suspicious.]
3.When assessing the risks of money laundering and terrorist financing, Member States and obliged entities shall take into account at least the factors of potentially higher-risk situations set out in Annex III.
4.By 26 June 2017, the ESAs shall issue guidelines addressed to competent authorities and the credit institutions and financial institutions, in accordance with Article 16 of Regulations (EU) No 1093/2010, (EU) No 1094/2010, and (EU) No 1095/2010 on the risk factors to be taken into consideration and the measures to be taken in situations where enhanced customer due diligence measures are appropriate. Specific account shall be taken of the nature and size of the business, and, where appropriate and proportionate, specific measures shall be laid down.
[Article 18a U.K.
1. With respect to business relationships or transactions involving high-risk third countries identified pursuant to Article 9(2), Member States shall require obliged entities to apply the following enhanced customer due diligence measures:
(a) obtaining additional information on the customer and on the beneficial owner(s);
(b) obtaining additional information on the intended nature of the business relationship;
(c) obtaining information on the source of funds and source of wealth of the customer and of the beneficial owner(s);
(d) obtaining information on the reasons for the intended or performed transactions;
(e) obtaining the approval of senior management for establishing or continuing the business relationship;
(f) conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination.
Member States may require obliged entities to ensure, where applicable, that the first payment be carried out through an account in the customer’s name with a credit institution subject to customer due diligence standards that are not less robust than those laid down in this Directive.
2. In addition to the measures provided in paragraph 1 and in compliance with the Union’s international obligations, Member States shall require obliged entities to apply, where applicable, one or more additional mitigating measures to persons and legal entities carrying out transactions involving high-risk third countries identified pursuant to Article 9(2). Those measures shall consist of one or more of the following:
(a) the application of additional elements of enhanced due diligence;
(b) the introduction of enhanced relevant reporting mechanisms or systematic reporting of financial transactions;
(c) the limitation of business relationships or transactions with natural persons or legal entities from the third countries identified as high risk countries pursuant to Article 9(2).
3. In addition to the measures provided in paragraph 1, Member States shall apply, where applicable, one or several of the following measures with regard to high-risk third countries identified pursuant to Article 9(2) in compliance with the Union’s international obligations:
(a) refusing the establishment of subsidiaries or branches or representative offices of obliged entities from the country concerned, or otherwise taking into account the fact that the relevant obliged entity is from a country that does not have adequate AML/CFT regimes;
(b) prohibiting obliged entities from establishing branches or representative offices in the country concerned, or otherwise taking into account the fact that the relevant branch or representative office would be in a country that does not have adequate AML/CFT regimes;
(c) requiring increased supervisory examination or increased external audit requirements for branches and subsidiaries of obliged entities located in the country concerned;
(d) requiring increased external audit requirements for financial groups with respect to any of their branches and subsidiaries located in the country concerned;
(e) requiring credit and financial institutions to review and amend, or if necessary terminate, correspondent relationships with respondent institutions in the country concerned.
4. When enacting or applying the measures set out in paragraphs 2 and 3, Member States shall take into account, as appropriate relevant evaluations, assessments or reports drawn up by international organisations and standard setters with competence in the field of preventing money laundering and combating terrorist financing, in relation to the risks posed by individual third countries.
5. Member States shall notify the Commission before enacting or applying the measures set out in paragraphs 2 and 3.]
Article 19U.K.
[With respect to cross-border correspondent relationships involving the execution of payments with a third-country respondent institution, Member States shall, in addition to the customer due diligence measures laid down in Article 13, require their credit institutions and financial institutions when entering into a business relationship to:]
(a)
gather sufficient information about the respondent institution to understand fully the nature of the respondent's business and to determine from publicly available information the reputation of the institution and the quality of supervision;
(b)
assess the respondent institution's AML/CFT controls;
(c)
obtain approval from senior management before establishing new correspondent relationships;
(d)
document the respective responsibilities of each institution;
(e)
with respect to payable-through accounts, be satisfied that the respondent institution has verified the identity of, and performed ongoing due diligence on, the customers having direct access to accounts of the correspondent institution, and that it is able to provide relevant customer due diligence data to the correspondent institution, upon request.
Article 20U.K.
With respect to transactions or business relationships with politically exposed persons, Member States shall, in addition to the customer due diligence measures laid down in Article 13, require obliged entities to:
(a)
have in place appropriate risk management systems, including risk-based procedures, to determine whether the customer or the beneficial owner of the customer is a politically exposed person;
(b)
apply the following measures in cases of business relationships with politically exposed persons:
(i)
obtain senior management approval for establishing or continuing business relationships with such persons;
(ii)
take adequate measures to establish the source of wealth and source of funds that are involved in business relationships or transactions with such persons;
(iii)
conduct enhanced, ongoing monitoring of those business relationships.
[Article 20a U.K.
1. Each Member State shall issue and keep up to date a list indicating the exact functions which, according to national laws, regulations and administrative provisions, qualify as prominent public functions for the purposes of point (9) of Article 3. Member States shall request each international organisation accredited on their territories to issue and keep up to date a list of prominent public functions at that international organisation for the purposes of point (9) of Article 3. Those lists shall be sent to the Commission and may be made public.
2. The Commission shall compile and keep up to date the list of the exact functions which qualify as prominent public functions at the level of Union institutions and bodies. That list shall also include any function which may be entrusted to representatives of third countries and of international bodies accredited at Union level.
3. The Commission shall assemble, based on the lists provided for in paragraphs 1 and 2 of this Article, a single list of all prominent public functions for the purposes of point (9) of Article 3. That single list shall be made public.
4. Functions included in the list referred to in paragraph 3 of this Article shall be dealt with in accordance with the conditions laid down in Article 41(2).]
Article 21U.K.
Member States shall require obliged entities to take reasonable measures to determine whether the beneficiaries of a life or other investment-related insurance policy and/or, where required, the beneficial owner of the beneficiary are politically exposed persons. Those measures shall be taken no later than at the time of the payout or at the time of the assignment, in whole or in part, of the policy. Where there are higher risks identified, in addition to applying the customer due diligence measures laid down in Article 13, Member States shall require obliged entities to:
(a)
inform senior management before payout of policy proceeds;
(b)
conduct enhanced scrutiny of the entire business relationship with the policyholder.
Article 22U.K.
Where a politically exposed person is no longer entrusted with a prominent public function by a Member State or a third country, or with a prominent public function by an international organisation, obliged entities shall, for at least 12 months, be required to take into account the continuing risk posed by that person and to apply appropriate and risk-sensitive measures until such time as that person is deemed to pose no further risk specific to politically exposed persons.
Article 23U.K.
The measures referred to in Articles 20 and 21 shall also apply to family members or persons known to be close associates of politically exposed persons.
Article 24U.K.
Member States shall prohibit credit institutions and financial institutions from entering into, or continuing, a correspondent relationship with a shell bank. They shall require that those institutions take appropriate measures to ensure that they do not engage in or continue correspondent relationships with a credit institution or financial institution that is known to allow its accounts to be used by a shell bank.
SECTION 4 U.K. Performance by third parties
Article 25U.K.
Member States may permit obliged entities to rely on third parties to meet the customer due diligence requirements laid down in points (a), (b) and (c) of the first subparagraph of Article 13(1). However, the ultimate responsibility for meeting those requirements shall remain with the obliged entity which relies on the third party.
Article 26U.K.
1.For the purposes of this Section, ‘third parties’ means obliged entities listed in Article 2, the member organisations or federations of those obliged entities, or other institutions or persons situated in a Member State or third country that:
(a)apply customer due diligence requirements and record-keeping requirements that are consistent with those laid down in this Directive; and
(b)have their compliance with the requirements of this Directive supervised in a manner consistent with Section 2 of Chapter VI.
2.Member States shall prohibit obliged entities from relying on third parties established in high-risk third countries. Member States may exempt branches and majority-owned subsidiaries of obliged entities established in the Union from that prohibition where those branches and majority-owned subsidiaries fully comply with the group-wide policies and procedures in accordance with Article 45.
Article 27U.K.
1.Member States shall ensure that obliged entities obtain from the third party relied upon the necessary information concerning the customer due diligence requirements laid down in points (a), (b) and (c) of the first subparagraph of Article 13(1).
[2. Member States shall ensure that obliged entities to which the customer is referred take adequate steps to ensure that the third party provides immediately, upon request, relevant copies of identification and verification data, including, where available, data obtained through electronic identification means, relevant trust services as set out in Regulation (EU) No 910/2014, or any other secure, remote or electronic, identification process regulated, recognised, approved or accepted by the relevant national authorities.]
Article 28U.K.
Member States shall ensure that the competent authority of the home Member State (for group-wide policies and procedures) and the competent authority of the host Member State (for branches and subsidiaries) may consider an obliged entity to comply with the provisions adopted pursuant to Articles 26 and 27 through its group programme, where all of the following conditions are met:
(a)
the obliged entity relies on information provided by a third party that is part of the same group;
(b)
that group applies customer due diligence measures, rules on record-keeping and programmes against money laundering and terrorist financing in accordance with this Directive or equivalent rules;
(c)
the effective implementation of the requirements referred to in point (b) is supervised at group level by a competent authority of the home Member State or of the third country.
Article 29U.K.
This Section shall not apply to outsourcing or agency relationships where, on the basis of a contractual arrangement, the outsourcing service provider or agent is to be regarded as part of the obliged entity.