Under the 2017 Regulations, a regulated firm can apply simplified due diligence if it determines that the business relationship or transaction presents a low risk of money laundering. Relevant considerations include:
- the firm’s own risk assessment regarding its business generally;
- relevant information provided by the firm’s supervisory authority; and
- risk factors specified in the 2017 Regulations, which cover customer, product, service, transaction or delivery channel, and geographical risks.1
The 2017 Regulations provide that when applying Simplified Due Diligence, the firm should “continue to comply with the [standard customer due diligence] requirements but it may adjust the extent, timing or type of the measures it undertakes . . . to reflect its determination” that the situation is low risk. The firm must also carry out sufficient monitoring to detect unusual or suspicious transactions.2
The 2017 Regulations do not specify what adjustments could be made; however, the European Banking Authority Risk Factors Guidelines, available here, provide examples, including:
- assuming the nature and purpose of the business relationship because the product is designed for one particular use only, such as a company pension scheme or shopping center gift card; and
- accepting information obtained from the customer rather than an independent source when verifying the beneficial owner’s identity. The Guidelines note however that this is “not permitted in relation to the verification of the customer’s identity.”3
A regulated firm must apply enhanced due diligence (EDD) to manage and mitigate risks arising in the following cases:
- cases identified as high-risk by the firm or its supervisory authority;
- business relationships or transactions with persons established in high-risk third countries;
- correspondent banking relationships;
- business relationships with Politically Exposed Persons or their family members or known close associates;
- cases in which a customer has provided false or stolen identification documents or information;
- transactions that are complex and unusually large or where there is an unusual pattern of transactions and they have no apparent economic or lawful purpose; and
- any other cases which by their nature may present a higher risk of money laundering or terrorist financing.4
EDD measures must include as far as reasonably possible, examining the background and purpose of the transaction, and increasing the degree and nature of monitoring of the business relationship to determine whether that transaction or relationship appears to be suspicious.5
Depending on the case, EDD measures may include:
- seeking additional independent, reliable sources to verify the CDD information provided;
- taking additional measures to understand the background, ownership and financial situation of the customer, and other parties to the transaction;
- taking further steps to be satisfied that the transaction is consistent with the purpose and intended nature of the relationship; and
- increasing the monitoring of the business relationship, including greater scrutiny of transactions.6
Firms are required to take into account the European Banking Authority Risk Factors Guidelines in determining what simplified and enhanced due diligence measures to take, available here.
1 The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (2017 Regulations), SI 2017/692, art. 37, ¶ 3 (UK).
2 2017 Regulations, art. 37, ¶ 2.
3 European Banking Authority, Final Guidelines, JC 2017 37, at 24.
4 2017 Regulations, art. 33, ¶ 1.
5 2017 Regulations, art. 33, ¶ 4.
6 2017 Regulations, art. 33, ¶ 5.