Under the 2017 Regulations, a regulated firm can apply simplified due diligence if it determines that the business relationship or transaction presents a low risk of money laundering.  Relevant considerations include:

  • the firm’s own risk assessment regarding its business generally;
  • relevant information provided by the firm’s supervisory authority; and
  • risk factors set out in the 2017 Regulations, which cover customer, product, service, transaction or delivery channel risks, and geographical risks.In terms of customer risk, one of the specified factors indicating lower risk is where the customer is a credit or financial institution “subject to requirements in national legislation having an equivalent effect to those laid down in the fourth money laundering directive…” In terms of geographic risk factors, lower risk factors include (but are not limited to) whether the customer is resident or operates in the United Kingdom or a “third country which has effective systems to counter money laundering and terrorist financing.” The 2017 Regulations make clear that the presence of one or more lower risk factors may not always indicate that there is a low risk of money laundering.

The 2017 Regulations provide that when applying Simplified Due Diligence, the firm should “continue to comply with the [standard customer due diligence] requirements but it may adjust the extent, timing or type of the measures it undertakes . . . to reflect its determination” that the situation is low risk.  The firm must also carry out sufficient monitoring to detect unusual or suspicious transactions.2

The 2017 Regulations, as amended by the 2019 Regulations, provide that a regulated firm must apply enhanced due diligence (EDD) to manage and mitigate risks arising in the following cases:

  • cases identified as high-risk by the firm through its risk assessment, or from information provided by the firm’s supervisory authority;
  • business relationships with a person established in a high-risk third country, (or in relation to any relevant transaction where either of the parties to the transaction is established in a high-risk third country). A high-risk third country means a country specified in Schedule 3ZA (as amended from time to time); 
  • correspondent relationships between credit or financial institutions involving the execution of payments;
  • business relationships with Politically Exposed Persons or their family members or known close associates;
  • cases in which a customer has provided false or stolen identification documents or information;
  • transactions that are complex or unusually large, or where there is an unusual pattern of transactions, or where the transaction or transactions have no apparent economic or lawful purpose; and
  • any other cases which by their nature may present a higher risk of money laundering or terrorist financing.4

The Regulations provide a list of risk factors which firms must take into account in assessing whether there is a high risk of money laundering in a particular situation, and the extent of measures which should be taken to mitigate the risk.

In terms of the EDD measures, the Regulations provide that if EDD is required because a transaction is complex and unusually large (etc…) then the EDD measures must include as far as reasonably possible, examining the background and purpose of the transaction, and increasing the degree and nature of monitoring of the business relationship to determine whether that transaction or relationship appears to be suspicious.5

The Regulations also set a list of specific EDD measures which must be undertaken where there is a business relationship with a person established in a high-risk third country/transaction where either of the parties is established in a high-risk third country. These are:

  • Obtaining additional information on the customer and on the customer’s beneficial owner;
  • Obtaining additional information on the intended nature of the business relationship;
  • Obtaining information on the source of funds and source of wealth of the customer and of the customer’s beneficial owner;
  • Obtaining information on the reasons for the transactions;
  • Obtaining the approval of senior management for establishing or continuing the business relationship;
  • Conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination.

Otherwise, depending on the case, EDD measures may include:

  • seeking additional independent, reliable sources to verify the CDD information provided;
  • taking additional measures to understand the background, ownership and financial situation of the customer, and other parties to the transaction;
  • taking further steps to be satisfied that the transaction is consistent with the purpose and intended nature of the relationship; and
  • increasing the monitoring of the business relationship, including greater scrutiny of transactions.6


1 The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (2017 Regulations), SI 2017/692, art. 37, ¶ 3 (UK).
2 2017 Regulations, art. 37, ¶ 2.
European Banking Authority, Final Guidelines, JC 2017 37, at 24.
4 2017 Regulations, art. 33, ¶ 1.
5 2017 Regulations, art. 33, ¶ 4.
6 2017 Regulations, art. 33, ¶ 5.

More topics in this series