19.—(1) Subject to paragraph (4), a relevant person must keep the records specified in paragraph (2) for at least the period specified in paragraph (3).
(2) The records are—
(a)a copy of, or the references to, the evidence of the customer's identity obtained pursuant to regulation 7, 8, 10, 14 or 16(4);
(b)the supporting records (consisting of the original documents or copies) in respect of a business relationship or occasional transaction which is the subject of customer due diligence measures or ongoing monitoring.
(3) The period is five years beginning on—
(a)in the case of the records specified in paragraph (2)(a), the date on which—
(i)the occasional transaction is completed; or
(ii)the business relationship ends; or
(b)in the case of the records specified in paragraph (2)(b)—
(i)where the records relate to a particular transaction, the date on which the transaction is completed;
(ii)for all other records, the date on which the business relationship ends.
(4) A relevant person who is relied on by another person must keep the records specified in paragraph (2)(a) for five years beginning on the date on which he is relied on for the purposes of regulation 7, 10, 14 or 16(4) in relation to any business relationship or occasional transaction.
(5) A person referred to in regulation 17(2)(a) or (b) who is relied on by a relevant person must, if requested by the person relying on him within the period referred to in paragraph (4)—
(a)as soon as reasonably practicable make available to the person who is relying on him any information about the customer (and any beneficial owner) which he obtained when applying customer due diligence measures; and
(b)as soon as reasonably practicable forward to the person who is relying on him copies of any identification and verification data and other relevant documents on the identity of the customer (and any beneficial owner) which he obtained when applying those measures.
(6) A relevant person who relies on a person referred to in regulation 17(2)(c) or (d) (a “third party”) to apply customer due diligence measures must take steps to ensure that the third party will, if requested by the relevant person within the period referred to in paragraph (4)—
(a)as soon as reasonably practicable make available to him any information about the customer (and any beneficial owner) which the third party obtained when applying customer due diligence measures; and
(b)as soon as reasonably practicable forward to him copies of any identification and verification data and other relevant documents on the identity of the customer (and any beneficial owner) which the third party obtained when applying those measures.
(7) Paragraphs (5) and (6) do not apply where a relevant person applies customer due diligence measures by means of an outsourcing service provider or agent.
(8) For the purposes of this regulation, a person relies on another person where he does so in accordance with regulation 17(1).
20.—(1) A relevant person must establish and maintain appropriate and risk-sensitive policies and procedures relating to—
(a)customer due diligence measures and ongoing monitoring;
(b)reporting;
(c)record-keeping;
(d)internal control;
(e)risk assessment and management;
(f)the monitoring and management of compliance with, and the internal communication of, such policies and procedures,
in order to prevent activities related to money laundering and terrorist financing.
(2) The policies and procedures referred to in paragraph (1) include policies and procedures—
(a)which provide for the identification and scrutiny of—
(i)complex or unusually large transactions;
(ii)unusual patterns of transactions which have no apparent economic or visible lawful purpose; and
(iii)any other activity which the relevant person regards as particularly likely by its nature to be related to money laundering or terrorist financing;
(b)which specify the taking of additional measures, where appropriate, to prevent the use for money laundering or terrorist financing of products and transactions which might favour anonymity;
(c)to determine whether a customer is a politically exposed person;
(d)under which—
(i)an individual in the relevant person's organisation is a nominated officer under Part 7 of the Proceeds of Crime Act 2002 M1 and Part 3 of the Terrorism Act 2000 M2;
(ii)anyone in the organisation to whom information or other matter comes in the course of the business as a result of which he knows or suspects or has reasonable grounds for knowing or suspecting that a person is engaged in money laundering or terrorist financing is required to comply with Part 7 of the Proceeds of Crime Act 2002 or, as the case may be, Part 3 of the Terrorism Act 2000; and
(iii)where a disclosure is made to the nominated officer, he must consider it in the light of any relevant information which is available to the relevant person and determine whether it gives rise to knowledge or suspicion or reasonable grounds for knowledge or suspicion that a person is engaged in money laundering or terrorist financing.
(3) Paragraph (2)(d) does not apply where the relevant person is an individual who neither employs nor acts in association with any other person.
(4) A credit or financial institution [F1and an auction platform] must establish and maintain systems which enable it to respond fully and rapidly to enquiries from financial investigators accredited under section 3 of the Proceeds of Crime Act 2002 (accreditation and training), persons acting on behalf of the Scottish Ministers in their capacity as an enforcement authority under that Act, officers of Revenue and Customs or constables as to—
(a)whether it maintains, or has maintained during the previous five years, a business relationship with any person; and
(b)the nature of that relationship.
(5) A credit or financial institution [F2and an auction platform] must communicate where relevant the policies and procedures which it establishes and maintains in accordance with this regulation to its branches and subsidiary undertakings which are located outside the United Kingdom.
[F3(5A) A relevant person who is an issuer of electronic money must appoint an individual to monitor and manage compliance with, and the internal communication of, the policies and procedures relating to the matters referred to in paragraph (1)(a) to (e), and in particular to—
(a)identify any situations of higher risk of money laundering or terrorist financing;
(b)maintain a record of its policies and procedures, risk assessment and risk management including the application of such policies and procedures;
(c)apply measures to ensure that such policies and procedures are taken into account in all relevant functions including in the development of new products, dealing with new customers and in changes to business activities; and
(d)provide information to senior management about the operation and effectiveness of such policies and procedures at least annually.]
(6) In this regulation—
“politically exposed person” has the same meaning as in regulation 14(4);
“subsidiary undertaking” has the same meaning as in regulation 15.
Textual Amendments
F1Words in reg. 20(4) inserted (12.12.2011) by The Recognised Auction Platforms Regulations 2011 (S.I. 2011/2699), regs. 1(2)(a), 11(4)
F2Words in reg. 20(5) inserted (12.12.2011) by The Recognised Auction Platforms Regulations 2011 (S.I. 2011/2699), regs. 1(2)(a), 11(4)
F3Reg. 20(5A) inserted (9.2.2011 for specified purposes, 30.4.2011 in so far as not already in force) by The Electronic Money Regulations 2011 (S.I. 2011/99), reg. 1(2), Sch. 4 para. 19(e) (with reg. 3)
Marginal Citations
21. A relevant person must take appropriate measures so that all relevant employees of his are—
(a)made aware of the law relating to money laundering and terrorist financing; and
(b)regularly given training in how to recognise and deal with transactions and other activities which may be related to money laundering or terrorist financing.