Chwilio Deddfwriaeth

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

 Help about what version

Pa Fersiwn

 Help about advanced features

Nodweddion Uwch

Changes to legislation:

There are currently no known outstanding effects for the The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, PART 4. Help about Changes to Legislation

Close

Changes to Legislation

Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.

PART 4U.K.Reliance and Record-keeping

RelianceU.K.

39.—(1) A relevant person may rely on a person who falls within paragraph (3) (“the third party”) to apply any of the customer due diligence measures required by regulation 28(2) to (6) and (10) [F1, or to carry out any of the measures required by regulation 30A,] but, notwithstanding the relevant person's reliance on the third party, the relevant person remains liable for any failure to apply such measures.

(2) When a relevant person relies on the third party to apply customer due diligence measures [F2or carry out any of the measures required by regulation 30A] under paragraph (1) it—

(a)must immediately obtain from the third party all the information needed to satisfy the requirements of regulation 28(2) to (6) and (10) [F3and regulation 30A] in relation to the customer, customer's beneficial owner, or any person acting on behalf of the customer;

(b)must enter into arrangements with the third party which—

(i)enable the relevant person to obtain from the third party immediately on request copies of any identification and verification data and any other relevant documentation on the identity of the customer, customer's beneficial owner, or any person acting on behalf of the customer;

(ii)require the third party to retain copies of the data and documents referred to in paragraph (i) for the period referred to in regulation 40.

(3) The persons within this paragraph are—

(a)another relevant person who is subject to these Regulations under regulation 8;

F4(b). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

(c)a person who carries on business in a third country who is—

(i)subject to requirements in relation to customer due diligence and record keeping which are equivalent to those laid down in the fourth money laundering directive; and

(ii)supervised for compliance with those requirements in a manner equivalent to section 2 of Chapter VI of the fourth money laundering directive;

(d)organisations whose members consist of persons within sub-paragraph (a)F5... or (c).

(4) A relevant person may not rely on a third party established in [F6a high-risk third country], and for these purposes “high-risk third country” has the meaning given in regulation 33(3).

(5) Paragraph (4) does not apply to a branch or majority owned subsidiary of an entity F7... if all the following conditions are met—

[F8(a)the entity is—

(i)a person who is subject to the requirements in these Regulations as a relevant person within the meaning of regulation 8 and who is supervised for compliance with them; or

(ii)subject to requirements in national legislation having an equivalent effect to those laid down in the fourth money laundering directive on an obliged entity (within the meaning of that directive) and supervised for compliance with those requirements in a manner equivalent to section 2 of Chapter VI of the fourth money laundering directive;]

[F9(b)the branch or subsidiary complies fully with procedures and policies established for the group under—

(i)regulation 20 of these Regulations, or

(ii)requirements in national legislation having an equivalent effect to those laid down Article 45 of the fourth money laundering directive.]

(6) A relevant person is to be treated by a supervisory authority as having complied with the requirements of paragraph (2) if—

(a)the relevant person is relying on information provided by a third party which is a member of the same group as the relevant person;

(b)that group applies customer due diligence measures, rules on record keeping and programmes against money laundering and terrorist financing in accordance with these Regulations, the fourth money laundering directive or rules having equivalent effect; and

(c)the effective implementation of the requirements referred to in sub-paragraph (b) is supervised at group level by—

(i)an authority of an EEA state F10... with responsibility for the functions provided for in the fourth money laundering directive; or

(ii)an equivalent authority of a third country.

(7) Nothing in this regulation prevents a relevant person applying customer due diligence measures [F11, or carrying out any of the measures required by regulation 30A,] by means of an agent or an outsourcing service provider provided that the arrangements between the relevant person and the agent or outsourcing service provider provide for the relevant person to remain liable for any failure to apply such measures.

(8) For the purposes of paragraph (7), an “outsourcing service provider” means a person who—

(a)performs a process, a service or an activity that would otherwise be undertaken by the relevant person, and

(b)is not an employee of the relevant person.

Textual Amendments

Record-keepingU.K.

40.—(1) Subject to paragraph (5), a relevant person must keep the records specified in paragraph (2) for at least the period specified in paragraph (3).

(2) The records are—

(a)a copy of any documents and information obtained by the relevant person to satisfy the customer due diligence requirements in regulations 28, 29 and 33 to 37 [F12and the requirements of regulation 30A] [F13, and of regulations 64C and 64G(1)];

(b)sufficient supporting records (consisting of the original documents or copies) in respect of a transaction (whether or not the transaction is an occasional transaction) which is the subject of customer due diligence measures or ongoing monitoring to enable the transaction to be reconstructed.

[F14(c)in the case of an inter-cryptoasset business transfer, in addition to the records referred to in sub-paragraphs (a) and (b), any documents and information received by an intermediary cryptoasset business and the cryptoasset business of a beneficiary by virtue of the obligations under regulations 64C(1), (2) and (7), or received by them pursuant to a request under regulation 64D(2)(a) or 64E(2)(a); and

(d)in the case of an unhosted wallet transfer, in addition to the records referred to in sub-paragraphs (a) and (b), any documents and information received by a cryptoasset business pursuant to a request under regulation 64G(1).]

(3) Subject to paragraph (4), the period is five years beginning on the date on which the relevant person knows, or has reasonable grounds to believe—

(a)that the transaction is complete, for records relating to an occasional transaction; or

(b)that the business relationship has come to an end for records relating to—

(i)any transaction which occurs as part of a business relationship, or

(ii)customer due diligence measures taken in connection with that relationship.

(4) A relevant person is not required to keep the records referred to in paragraph (3)(b)(i) for more than 10 years.

(5) Once the period referred to in paragraph (3), or if applicable paragraph (4), has expired, the relevant person must delete any personal data obtained for the purposes of these Regulations unless—

(a)the relevant person is required to retain records containing personal data—

(i)by or under any enactment, or

(ii)for the purposes of any court proceedings;

(b)the data subject has given consent to the retention of that data; or

(c)the relevant person has reasonable grounds for believing that records containing the personal data need to be retained for the purpose of legal proceedings.

(6) A relevant person who is relied on by another person must keep the records specified in paragraph (2) for the period referred to in paragraph (3) or, if applicable, paragraph (4).

(7) A person referred to in regulation 39(3) (“A”) who is relied on by a relevant person (“B”) must, if requested by B within the period referred to in paragraph (3) or, if applicable, paragraph (4), immediately—

(a)make available to B any information about the customer, any person purporting to act on behalf of the customer and any beneficial owner of the customer, which A obtained when applying customer due diligence measures; and

(b)forward to B copies of any identification and verification data and other relevant documents on the identity of the customer, any person purporting to act on behalf of the customer and any beneficial owner of the customer, which A obtained when applying those measures.

(8) Paragraph (7) does not apply where a relevant person applies customer due diligence measures by means of an agent or an outsourcing service provider (within the meaning of regulation 39(8)).

(9) For the purposes of this regulation—

(a)B relies on A where B does so in accordance with regulation 39(1);

(b)copy” means a copy of the original document which would be admissible as evidence of the original document in court proceedings;

[F15(c)data subject” has the same meaning as in the Data Protection Act 2018 (see section 3 of that Act);

(d)personal data” has the same meaning as in Parts 5 to 7 of that Act (see section 3(2) and (14) of that Act).]

[F16(e)“beneficiary”, “cryptoasset business”, “inter-cryptoasset business transfer”, “intermediary cryptoasset business” and “unhosted wallet transfer” have the meanings given by regulation 64B.]

Data ProtectionU.K.

41.—(1) Any personal data obtained by relevant persons for the purposes of these Regulations may only be processed for the purposes of preventing [F17money laundering, terrorist financing or proliferation financing].

F18(2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

(3) No other use may be made of personal data referred to in paragraph (1), unless—

(a)use of the data is permitted by or under an enactment other than these Regulations [F19or the [F20UK GDPR]]; or

(b)the relevant person has obtained the consent of the data subject to the proposed use of the data.

F21(4) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

F21(5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

[F22(6) Before establishing a business relationship or entering into an occasional transaction with a new customer, as well as providing the customer with the information required under Article 13 of the [F23UK GDPR] (information to be provided where personal data are collected from the data subject), relevant persons must provide the customer with a statement that any personal data received from the customer will be processed only—

(a)for the purposes of preventing [F24money laundering, terrorist financing or proliferation financing], or

(b)as permitted under paragraph (3).

(7) In Article 6(1) of the [F25UK GDPR] (lawfulness of processing), the reference in point (e) to processing of personal data that is necessary for the performance of a task carried out in the public interest includes processing of personal data in accordance with these Regulations that is necessary for the prevention of [F26money laundering, terrorist financing or proliferation financing].

(8) In the case of sensitive processing of personal data for the purposes of the prevention of [F27money laundering, terrorist financing or proliferation financing], section 10 of, and Schedule 1 to, the Data Protection Act 2018 make provision about when the processing meets a requirement in Article 9(2) or 10 of the [F28UK GDPR] for authorisation under the law of the United Kingdom (see, for example, paragraphs 10, 11 and 12 of that Schedule).

(9) In this regulation—

data subject” has the same meaning as in the Data Protection Act 2018 (see section 3 of that Act);

personal data” and “processing” have the same meaning as in Parts 5 to 7 of that Act (see section 3(2), (4) and (14) of that Act);

sensitive processing” means the processing of personal data described in Article 9(1) or 10 of the [F29UK GDPR] (special categories of personal data and personal data relating to criminal convictions and offences etc).]

Textual Amendments

Yn ôl i’r brig

Options/Help

Print Options

You have chosen to open The Whole Instrument

The Whole Instrument you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.

Would you like to continue?

You have chosen to open The Whole Instrument as a PDF

The Whole Instrument you have selected contains over 200 provisions and might take some time to download.

Would you like to continue?

You have chosen to open yr Offeryn Cyfan

Yr Offeryn Cyfan you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.

Would you like to continue?

Close

Mae deddfwriaeth ar gael mewn fersiynau gwahanol:

Y Diweddaraf sydd Ar Gael (diwygiedig):Y fersiwn ddiweddaraf sydd ar gael o’r ddeddfwriaeth yn cynnwys newidiadau a wnaed gan ddeddfwriaeth ddilynol ac wedi eu gweithredu gan ein tîm golygyddol. Gellir gweld y newidiadau nad ydym wedi eu gweithredu i’r testun eto yn yr ardal ‘Newidiadau i Ddeddfwriaeth’.

Gwreiddiol (Fel y’i Deddfwyd neu y’i Gwnaed): Mae'r wreiddiol fersiwn y ddeddfwriaeth fel ag yr oedd pan gafodd ei deddfu neu eu gwneud. Ni wnaed unrhyw newidiadau i’r testun.

Close

Gweler y wybodaeth ychwanegol ochr yn ochr â’r cynnwys

Rhychwant ddaearyddol: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.

Dangos Llinell Amser Newidiadau: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.

Close

Dewisiadau Agor

Dewisiadau gwahanol i agor deddfwriaeth er mwyn gweld rhagor o gynnwys ar y sgrin ar yr un pryd

Close

Memorandwm Esboniadol

Mae Memoranda Esboniadol yn nodi datganiad byr o ddiben Offeryn Statudol ac yn rhoi gwybodaeth am ei amcan polisi a goblygiadau polisi. Maent yn ceisio gwneud yr Offeryn Statudol yn hygyrch i ddarllenwyr nad oes ganddynt gymhwyster cyfreithiol, ac maent yn cyd-fynd ag unrhyw Offeryn Statudol neu Offeryn Statudol Drafft a gyflwynwyd ger bron y Senedd o Fehefin 2004 ymlaen.

Close

Rhagor o Adnoddau

Gallwch wneud defnydd o ddogfennau atodol hanfodol a gwybodaeth ar gyfer yr eitem ddeddfwriaeth o’r tab hwn. Yn ddibynnol ar yr eitem ddeddfwriaeth sydd i’w gweld, gallai hyn gynnwys:

  • y PDF print gwreiddiol y fel deddfwyd fersiwn a ddefnyddiwyd am y copi print
  • rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
  • manylion rhoi grym a newid cyffredinol
  • pob fformat o’r holl ddogfennau cysylltiedig
  • slipiau cywiro
  • dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill
Close

Asesiadau Effaith

Impact Assessments generally accompany all UK Government interventions of a regulatory nature that affect the private sector, civil society organisations and public services. They apply regardless of whether the regulation originates from a domestic or international source and can accompany primary (Acts etc) and secondary legislation (SIs). An Impact Assessment allows those with an interest in the policy area to understand:

  • Why the government is proposing to intervene;
  • The main options the government is considering, and which one is preferred;
  • How and to what extent new policies may impact on them; and,
  • The estimated costs and benefits of proposed measures.
Close

Llinell Amser Newidiadau

This timeline shows the different points in time where a change occurred. The dates will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. The first date in the timeline will usually be the earliest date when the provision came into force. In some cases the first date is 01/02/1991 (or for Northern Ireland legislation 01/01/2006). This date is our basedate. No versions before this date are available. For further information see the Editorial Practice Guide and Glossary under Help.

Close

Rhagor o Adnoddau

Defnyddiwch y ddewislen hon i agor dogfennau hanfodol sy’n cyd-fynd â’r ddeddfwriaeth a gwybodaeth am yr eitem hon o ddeddfwriaeth. Gan ddibynnu ar yr eitem o ddeddfwriaeth sy’n cael ei gweld gall hyn gynnwys:

  • y PDF print gwreiddiol y fel gwnaed fersiwn a ddefnyddiwyd am y copi print
  • slipiau cywiro

liciwch ‘Gweld Mwy’ neu ddewis ‘Rhagor o Adnoddau’ am wybodaeth ychwanegol gan gynnwys

  • rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
  • manylion rhoi grym a newid cyffredinol
  • pob fformat o’r holl ddogfennau cysylltiedig
  • dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill