FAQs: Client due diligence

When doing customer due diligence (CDD) on a company client, who would be considered “senior persons responsible for the operations of the body corporate”, under regulation 28 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (‘the Regulations’)? Would an individual who is on the executive level but not registered as a director of the company be considered a ‘senior person’?  

Regulation 28 (3)(b)(ii) states: “Where the customer is a body corporate … subject to paragraph (5), the relevant person must take reasonable measures to determine and verify … the full names of the board of directors (or if there is no board, the members of the equivalent management body) and the senior persons responsible for the operations of the body corporate.”

The Legal Sector Affinity Group AML Guidance at Ch. 6.14.11 states:

“… the practice must take reasonable measures to determine and verify the law to which the company is subject, and its constitution (whether set out in its articles of association or other governing documents) and the full names of the board of directors (or if there is no board, the members of the equivalent management body) and the senior persons responsible for the operations of the body corporate.”

Accordingly, a senior person should be someone who has a control over the way in which the company is run and/or the direction it takes, and if an executive board has that power, for example, then a list of those persons from the company or its website could be sufficient. If, however, you conclude that an executive does not have that level of control, then he or she may not be sufficiently senior to comply with the regulation.

We are a medium-sized law firm with a diverse client base. Although some of our work is not in scope of the 2017 Money Laundering Regulations 2017, it is the firm’s policy to conduct CDD on all clients. Part of that includes using an external company to translate documents and this is reflected in our Practice Wide Risk Assessment (PWRA). One of our clients has strongly objected to paying for the translation and is insisting we accept a translation from a friend. Is this acceptable?

Regulation 28 requires firms to identify and verify their in-scope clients. You must verify the identity of a client on the basis of documents, data or information obtained from a reliable source which is independent of the person whose identity is being verified. If documents need to be translated, then that translation should also be independent. A translation provided by the friend is unlikely to be sufficiently independent.

Depending on the level of risk, one way to resolve this matter is to make use of a free translation app such as Google or Microsoft Translate or similar which your firm regards as suitable. You will also need to update your PWRA and provide staff with training if necessary.

I am the money laundering compliance officer (MLCO) in the process of reviewing our firm’s policies, controls and procedures (PCPs). Is there any guidance on how to mitigate the risk of dealing with forged documents when conducting CDD?

When conducting CDD, although you are not required to be an expert in recognising forged documents you must not ignore obvious forgeries. You may, however, consider providing relevant employees with appropriate training and equipment to help identify forged documents where relevant to the processes of your practice and where proportionate to the risk. You may make use of guidance on how to identify a forged document from the issuing body, or a similarly reputable source. For example, the Passport Office issues such information, and current bill formats are available on utility provider websites. The government has also issued guidance on examining identity documents.

 For further information, please see Chapter 6 of the Anti-money laundering guidance for the legal sector and the Law Society guidance on customer due diligence.