Anti-‐Money Laundering Guidance Notes September 2009 What you need to know – What you need to do I s l e o f M a n L a w S o c i e t y Anti-‐Money Laundering Guidance Notes 2 of 53 Contents MONEY LAUNDERING GUIDE TO THE 2008 CODE.................................................... 5 Introduction .............................................................................................................................. 5 Purpose of Guidance Notes....................................................................................................... 5 You Must Implement and Follow the Code............................................................................... 5 What’s New? ............................................................................................................................. 6 Legislative Background.............................................................................................................. 7 Proceeds of Crime Act 2008 ...................................................................................................... 7 Purpose of the Code:................................................................................................................. 7 DUTIES AND RESPONSIBILITIES............................................................................... 8 Compliance With the Code is Mandatory ................................................................................. 8 Risk-‐based Approach................................................................................................................. 8 Customer Due Diligence (CDD) ................................................................................................. 9 Who is a ‘Relevant Person’?...................................................................................................... 9 What is ‘Relevant Business’ in Relation to the Legal Profession? ............................................. 9 Guidance on Activities Covered by the Code .......................................................................... 10 What is the Responsibility of a Relevant Person? ................................................................... 11 RISK ASSESSMENT ................................................................................................ 13 The New Requirement ............................................................................................................ 13 What Risk? .............................................................................................................................. 13 What Factors Must Be Considered When Making the Risk Assessment? ............................... 13 What Type of Clients Pose a Risk?........................................................................................... 14 When Must the CDD Risk Assessment be Undertaken? ......................................................... 14 Keeping the Risk Assessment Up To Date ............................................................................... 14 PROCEDURES AND CONTROLS.............................................................................. 15 Before Undertaking Relevant Business ................................................................................... 15 What Procedures and Controls Must be in Place?.................................................................. 15 Establish, Maintain and Operate............................................................................................. 15 Educate, Train and Make Aware ............................................................................................. 16 How to Prove Compliance? ..................................................................................................... 16 Penalty for Failing to Comply with the General Requirements............................................... 16 Liability of Corporate Bodies, Partnerships, and Associations ................................................ 17 Defence for Failing to Comply With General Requirements of the Code ............................... 17 IDENTIFICATION PROCEDURES ............................................................................. 18 Common Principles in Identification Procedures .................................................................... 18 Simplified CDD for Acceptable Clients..................................................................................... 18 What are the Required Identification Procedures? ................................................................ 19 Who must undertake Identification Procedures? ................................................................... 20 When to Undertake Identification Procedures? ..................................................................... 20 What to do if Evidence of Identity is not Obtained or Produced ............................................ 21 Beneficial Ownership and Control........................................................................................... 22 New Business Relationships .................................................................................................... 24 Continuing Business Relationships.......................................................................................... 26 Triggers and Procedures.......................................................................................................... 26 Anti-‐Money Laundering Guidance Notes 3 of 53 Procedures to be Implemented on Triggering Circumstances or Events ................................ 26 Continuing Business Relationship Summary ........................................................................... 27 Enhanced Customer Due Diligence (EDD) ............................................................................... 29 One-‐off Transactions............................................................................................................... 30 Politically Exposed Persons (PEP) ............................................................................................ 30 Introduced Business ................................................................................................................ 31 Other Identification Situations................................................................................................ 32 Ongoing Monitoring ................................................................................................................ 33 RECORD KEEPING ................................................................................................. 35 What Records Must be Kept? ................................................................................................. 35 In What Format Must Records be Kept? ................................................................................. 35 Recognising and Reporting Suspicious Transactions............................................................... 36 Establish Clear Internal Reporting Procedures........................................................................ 37 STAFF TRAINING & EDUCATION............................................................................ 38 Screening of Staff .................................................................................................................... 38 Staff Training ........................................................................................................................... 38 Technological Developments .................................................................................................. 39 OFFENCES UNDER THE PROCEEDS OF CRIME ACT 2008......................................... 40 Being Concerned in an Arrangement ...................................................................................... 40 Exceptions to Criminal Liability ............................................................................................... 40 Acquiring Criminal Property .................................................................................................... 41 Failure to Make Disclosure...................................................................................................... 42 Exception from Liability for Professional Legal Advisers ......................................................... 43 What are Privileged Circumstances?....................................................................................... 44 What Must be Disclosed?........................................................................................................ 45 How to Make Disclosure ......................................................................................................... 45 Offences by Disclosure Officers............................................................................................... 46 Tipping Off Offences & Exemptions ........................................................................................ 47 RISK ASSESSMENT TEMPLATE............................................................................... 49 Advisory Note.......................................................................................................................... 53 Anti-‐Money Laundering Guidance Notes 4 of 53 MONEY LAUNDERING GUIDE TO THE 2008 CODE Introduction These Guidance Notes 2009 set out the basis upon which members of the Isle of Man Law Society should apply the provisions of the Criminal Justice (Money Laundering) Code 2008 and the Proceeds of Crime Act 2008. Unless otherwise stated, references below to the Code are to the 2008 Code. Purpose of Guidance Notes These Guidance Notes are not intended to be an exhaustive digest of the Code and are not a substitute for a careful reading of the Code itself. The primary concept is to encapsulate the current legislation and Code in a clear and concise way. The Guidance Notes should be read alongside the text of the 2008 Code and the Proceeds of Crime Act 2008. However, paragraph 4(3) provides that in determining whether a person has complied with any of the General Requirements of the Code a court may take account, in the absence of any relevant supervisory or regulatory guidance, “any other relevant guidance issued by a body that regulates, or is representative of, any trade, business, profession or employment carried on by that person.” In those circumstances members of the Isle of Man Law Society are encouraged to take account of the Guidance Notes and develop or amend their own internal policies, procedures and controls in order to implement all the provisions of the Code. You Must Implement and Follow the Code The Code provides (paragraph 4(1)) that in conducting relevant business a relevant person shall not form or continue a business relationship or carry out a one-‐off transaction with or for another person unless the procedures and controls specified in the Code have been established, maintained and operated in accordance with the Code. It is a criminal offence punishable with a fine and/or imprisonment to do so. These procedures include those relating to Risk Assessment, Identification, Record Keeping, Staff Screening, the prevention of the misuse of technological developments, and other control and communication procedures, ‘appropriate for the purpose of forestalling and preventing money laundering.’ Money laundering is an evolving activity, driven by the need for criminals to legitimise the proceeds of crime. As state authorities introduce new measures to combat money laundering, criminals develop more sophisticated and complex ways to attempt to legitimise criminal property. In the circumstances, there can be no definitive or exhaustive list of typologies of money laundering or terrorist financing. Anti-‐Money Laundering Guidance Notes 5 of 53 However, the schedule of relevant typologies in relation to money laundering or terrorist financing annexed to the 2007 Guidance Notes provides a useful digest of relevant typologies grouped under 14 different categories. What’s New? Many of the Code’s mandatory requirements represent a significant development from the wording of the 2007 Code, strengthening protection against the risk of money laundering and terrorism financing. Completely new to the 2008 Code is a requirement (paragraph 3) that a relevant person must carry out a money laundering and terrorist financing risk assessment for the purpose of determining the measures to be taken when undertaking customer due diligence (CDD). These Guidance Notes provide assistance as to how to comply with this new requirement. Annexed is a suggested template that can be easily adapted to suit members’ particular setup and trading style. Whereas the 2007 Code referred to evidence of identity, the 2008 Code requires not only identification procedures but also procedures for verification of identity using relevant information and data from reliable sources. By and large the onus of taking steps to establish identity has been placed on the shoulders of the relevant person and most references to the applicant having to produce evidence of identity have been eliminated. In addition to or as part of identification procedures new requirements have been introduced to require the obtaining of additional information as to the nature and intended purpose of a business relationship or transaction and the source of funds. The definition of beneficial owner has also been strengthened to encompass a wider range of persons who may be true owners or controllers or beneficiaries of applicants, legal persons, or legal arrangements. It is clear from the above that members will need to substantially revise any existing anti-‐money laundering procedures to take account of these new provisions. These Guidance Notes will assist in that process. Anti-‐Money Laundering Guidance Notes 6 of 53 Legislative Background The Criminal Justice (Money Laundering) Code 2008 came into force on 18 December 2008. It replaces the Anti Money Laundering Code of 1998, the Criminal Justice (Money Laundering) Code 2007, and its amendment in 2008. These Guidance Notes also take into account the Proceeds of Crime Act 2008, which came into force on 1 August 2009. The Code prescribes mandatory procedural requirements for an anti-‐money laundering and prevention of terrorism regime in the conduct of relevant business. Relevant business is defined in paragraph 2 and Schedule 1 and includes specified activities undertaken by an advocate, registered legal practitioner, Notary Public or any person providing accountancy services. Proceeds of Crime Act 2008 Money Laundering is dealt with in Part 3 of the Act, Sections 139 to 158. Section 157 empowers the Department for Home Affairs to make such Code “as it considers appropriate for the purposes of preventing and detecting money laundering.” Purpose of the Code: It is the intention of the Proceeds of Crime Act 2008 that the Code will: (a) “provide practical guidance with respect to the requirements of any provision of this Part or any other statutory provision relating to the benefits or proceeds of criminal conduct or the treatment of criminal property.” (b) “require any person carrying on a business in the regulated sector to institute and operate such systems, procedures, record-‐keeping, controls and training as may be specified in the code;” (c) “require persons carrying on, employed in or otherwise concerned in a business in the regulated sector to comply with such systems, procedures, record-‐keeping, controls and training as are required to be instituted and operated under paragraph (b);” The statute also permits the Code to enable criminal prosecution for contravention of the Code with liability (i) on summary conviction, to custody for 6 months, or to a fine not exceeding £5,000, or to both; and (ii) on conviction on information, to custody not exceeding 2 years, or to a fine, or to both. Anti-‐Money Laundering Guidance Notes 7 of 53 DUTIES AND RESPONSIBILITIES Compliance With the Code is Mandatory Paragraph 41 of the 2008 Code provides that a ‘relevant person’ shall not form a business relationship or carry out a one off transaction nor continue a business relationship with or for another person unless the relevant person complies with the duties set out under Paragraph 4. Risk-‐based Approach Adopting a risk-‐based approach to anti-‐money laundering procedures requires firms to appreciate and manage the risks they face by money laundering and the financing of terrorism. These risks include criminal and disciplinary action against legal firms and members, in particular those in positions of management or supervisory responsibility; damage to reputation; and consequent loss of business. By using a risk-‐based approach to customer due diligence members can determine the extent of information required to establish and verify identity and the most cost-‐ effective way to control the risks of money laundering. This involves taking positive steps to assess the most effective and proportionate method to manage risks of money laundering or terrorism financing. A risk-‐based approach allows efforts and resources to be focused where the risks are highest. Members should: • • • • • Identify the money laundering risks that are relevant to the firm; Carry out a detailed risk assessment; Design and put in place procedures and controls to manage and reduce the impact of these risks; Monitor these procedures and controls, and improve their efficiency; Keep records of what was done and why it was done. Members may decide for themselves how to carry out a risk assessment for the legal firm. It may be quite simple or very sophisticated depending on: • • The size and structure of the firm; The range of activities the firm carries out and the nature of the services it supplies. In carrying out such a risk assessment the following factors may be included in the general consideration: • The types of customer that use the firm; 1 Virtually identical to the requirements of the 2007 Code except that ‘competent authority’ replaces reference to the Financial Supervision Commission and the Insurance and Pensions Authority. Anti-‐Money Laundering Guidance Notes 8 of 53 • • • • • • Where these customers are based; The customers' behaviour; How customers come to instruct the firm; The range of services offered by the firm; Delivery channels and payment processes, for example cash over the counter, cheques, electronic transfers or wire transfers; Where customers' funds come from or go to. Customer Due Diligence (CDD) The 2008 Code introduces the new requirement to undertake a customer risk assessment as part of customer due diligence. In conjunction with the other mandatory requirements of the Code this will determine the extent to which identification information may be required and will protect members against the risk of money laundering and terrorism financing. The FSC recommends a five-‐stage process in undertaking Customer Due Diligence: 1. 2. 3. 4. 5. Collect Information Assess and Evaluate Relevant Information Determine Initial Risk Profile Verify Customer Identity and underlying principles Conduct ongoing due Diligence Most of these steps are now incorporated as mandatory requirements when entering into a business relationship or undertaking a transaction that comes within the type of business covered by the Code. Who is a ‘Relevant Person’? The person responsible for undertaking CDD in relation to business that comes within the terms of the Code is referred to as the ‘Relevant Person.’ Paragraph 2 defines a Relevant Person as ‘a person carrying on relevant business,’ and ‘Relevant Business’ is defined as ‘engaging by way of business in one or more of the businesses, transactions or activities specified in Schedule 1. A Relevant Person may be an individual or the legal firm itself, or both. What is ‘Relevant Business’ in Relation to the Legal Profession? ‘Relevant Business’ is a key phrase of the 2008 Code. These Guidance Notes assist members to identify some specific aspects of work that may come within the definition of ‘Relevant Business’ for those engaged in legal practice but Schedule 1 of the 2008 is deliberately wide-‐ranging and requires a careful consideration by members. Examples and assistance in this area can only be illustrative and not definitive. Anti-‐Money Laundering Guidance Notes 9 of 53 It is not possible to provide an exhaustive definition of what may come within the term Relevant Business. These Guidance Notes are not a substitute for a careful case-‐by-‐case consideration as to whether any particular form of business comes within Schedule 1. Schedule 1 of the 2008 Code sets out some 30 specific activities that are within the definition of Relevant Business, ranging from building societies, to estate agency, bookmakers, insurance, bureau de change, and the Post Office. Of particular note to those engaged in legal practice is paragraph 6 of Schedule 1, which provides that any specified activity undertaken by an advocate, a registered legal practitioner, a Notary Public2, an accountant or person providing accountancy services, is relevant business. The activities specified in Schedule 1 are: a) Holding or managing assets belonging to a client; b) The provision of legal services which involves participation in a financial or real property transaction (whether by assisting in the planning or execution of any such transaction or otherwise) by acting for, or on behalf of, a client in respect of: i) The sale or purchase of land; ii) Managing bank, savings or security accounts; iii) Organising contributions for the promotion, formation, operation or management of bodies corporate; iv) The sale or purchase of a business; v) The creation, operation or management of a legal structure or legal arrangement. These activities are largely the same as in the 2007 Code but (iv) and (v) above are new additions in the 2008 Code. The Code only applies to members accepting instructions to act in relation to the listed specified legal or accountancy services. However, members may also provide other related but non-‐legal services such as corporate or trust services. In those circumstances regard should be had to the full list of activities set out in Schedule 1. Guidance on Activities Covered by the Code In general, Relevant Business for lawyers relates to participation in financial or real property transactions such as: • • • Buying and selling of real property or business entities; Managing of client money, securities or other assets; Opening or management of bank, savings or securities accounts; 2 Formerly simply described as a ‘Notary’ it has now become a ‘Notary Public within the meaning of the Advocates Act 1995 and the Notaries Regulations 2000.’ Anti-‐Money Laundering Guidance Notes 10 of 53 • • Organisation of contributions necessary for the creation, operation or management of companies; Creation, operation or management of trusts, companies or similar structures. Holding or managing assets belonging to a client means any asset and not just money. It includes holding money within a client account. ‘Participating in a transaction’ has not been authoritatively defined. However, members will be participating in a transaction if they assist in the planning or execution of the transaction or otherwise acting in a legal capacity on behalf of a client in the transaction. The following are not viewed as participation in financial transactions: • • • • • • Preparing a home information pack or any document or information for inclusion in a house sale transaction; Payment on account of costs to an advocate or payment of an advocate's bill; Provision of legal advice; Participation in litigation or a form of alternative dispute resolution; Will-‐writing, although consideration should be given as to whether any accompanying taxation advice is covered; Publicly funded work. Whilst there has been no prosecution of a lawyer in the Isle of Man, in the UK a solicitor was convicted of failing to disclose a suspicious real estate transaction where he should have known that the subject property was likely from the proceeds of crime because it was grossly undervalued.3 Members should be careful about activity associated with or consequent to legitimate legal activity. For example, whilst acting in litigation is not relevant business within the Code, accepting the proceeds of a settlement into a client account would be covered. If uncertain whether the Code applies to a specific activity, either seek specific legal advice on the particular circumstances or adopt a broad approach to compliance and assume that the Code does apply. The Code provides a system for sound scrutiny and self-‐protection; members may wish to adopt the Code voluntarily in relation to non-‐relevant business. What is the Responsibility of a Relevant Person? Not only must a Relevant Person not undertake Relevant Business without compliance with the general provisions of paragraph 4, but even before that stage is reached the relevant person must carry out a risk assessment in accordance with 3 R v Griffiths [2006] All ER (D) 19. Dealt with in more detail below in the section on failing to disclose offences. Anti-‐Money Laundering Guidance Notes 11 of 53 paragraph 3 of the Code. This is a new provision in the 2008 Code and members may find that existing procedures that may have been compliant with the 2007 Code will need to be substantially overhauled to ensure compliance with the 2008 Code. Anti-‐Money Laundering Guidance Notes 12 of 53 RISK ASSESSMENT The New Requirement The 2008 Code introduces a new requirement in paragraph 3 to undertake a risk assessment. In order to determine the measures to be taken when undertaking customer due diligence prior to undertaking any or any further business a relevant person must carry out a risk assessment as part of the CDD process. For the assistance of members a sample risk assessment template is set out below at pages 49-‐52 below. What Risk? A risk assessment must be undertaken in accordance with the requirements set out in paragraph 3. ‘Risk’ means ‘a risk of money laundering or the financing of terrorism, or both.’4 Therefore, the risk assessment must estimate the risk of money laundering and terrorist financing (ML/TF) on the part of the customer. What Factors Must Be Considered When Making the Risk Assessment? The Code requires the risk assessment to be undertaken with regard to four specified factors: a. Nature, scale and complexity of the customer’s activities; b. The products and services provided; c. To whom and the manner in which these products and services are provided; and d. Reliance on third parties for elements of the customer due diligence process. Paragraph 3(4) provides that when carrying out customer due diligence (CDD), whether for an applicant for business, an existing business or a one-‐off transaction, the relevant person must do so: a. On the basis of materiality (relevance) and risk; b. In accordance with the current (paragraph 3) risk assessment; and c. Have regard to whether the customer poses a higher risk5. A risk assessment that has been previously carried out for an existing customer must be revised so that it complies with the requirements of paragraph 3. 4 Paragraph 2. 5 See the section below on higher risk customers. Anti-‐Money Laundering Guidance Notes 13 of 53 What Type of Clients Pose a Risk? A legal practice may be at risk of money laundering from: • • • • • • • • • • • New clients carrying out large, one-‐off transactions; A client who has been introduced -‐ because the person who introduced them may not have carried out adequate CDD; Clients who are not based on the Island; Clients involved in a business that handles large amounts of cash; Businesses with a complicated ownership structure that could conceal underlying beneficiaries; A client -‐ or group of clients -‐ who makes regular transactions with the same individual or group of individuals; Clients who are reluctant to or have difficulty providing identification; Clients who do not want to reveal the name of a person they represent; Clients agreeing to bear very high or uncommercial penalties or charges; Clients engaged in transactions that do not make commercial sense; Transactions where it is more difficult to check where funds have come from. When Must the CDD Risk Assessment be Undertaken? The risk assessment must be undertaken as soon as reasonably practicable after the Code came into force in relation to an existing business, or as soon as reasonably practicable after the relevant person commences business in any other case. Keeping the Risk Assessment Up To Date A risk assessment must be regularly reviewed and, where appropriate, amended so as to keep it up to date.6 The FSC recommends review on a periodic basis and at least annually for higher risk customers. The opening of a new account, purchase of a further product, or a meeting with the customer, are all opportunities to confirm or update the risk assessment. 6 Paragraph 392)(b). Anti-‐Money Laundering Guidance Notes 14 of 53 PROCEDURES AND CONTROLS Before Undertaking Relevant Business A relevant person shall not form a business relationship or carry out a one-‐off transaction with or for another person, nor continue an existing business relationship unless the procedures set out in paragraph 4 have been established, maintained, and operated by the relevant person.7 These procedures and controls are described under the heading of ‘General requirements.’ Note that the requirement applies from before the inception of the business relationship and not merely before the transaction of the relevant business. What Procedures and Controls Must be in Place? Paragraph 4 of the Code requires the establishment, maintenance and operation of specified procedures and controls covering the following areas: • • • • • • Identification; Record Keeping; Internal Reporting; Internal Staff Screening; Internal Control and Communication; To prevent the misuse of ‘Technological Developments.’8 In addition9 the relevant person must: • • Take appropriate Measures for making Staff aware of the above procedures and money laundering requirements; and Provide education and training.10 Establish, Maintain and Operate It is not enough for members to simply undertake a one-‐time exercise to establish a set of procedures and controls compliant with paragraph 4. Once established, the procedures must be maintained, which implies kept in place and kept up to date. And those procedures must actually be in operation in the day-‐to-‐day legal practice. 7 Paragraph 4(1). 8 Paragraph 23. 9 Paragraph 4(1)(b) & (c). 10 Paragraph 22. Anti-‐Money Laundering Guidance Notes 15 of 53 Educate, Train and Make Aware The relevant person must also take appropriate measures from time to time to educate, train and make employees aware of both the procedures and the provisions of the money laundering requirements and their personal obligations.11 How to Prove Compliance? Being able to produce a suitable money laundering policy document on request for inspection by the authorities does not begin to fulfil the ‘General Requirements’ of the Code. Amongst other matters, members will have to be in a position to demonstrate: that their system of procedures and controls are up to date and in practice applied to the conduct of relevant business; and that there is an established system for maintaining those procedures and controls, together with measures to educate and train all staff members on money laundering requirements and the system. It would be advisable to build into any system of procedures and controls: (1) provision for a regular audit and evaluation of their operation in practice, enabling the procedures to be amended and updated as necessary; and (2) a regular education and training process for employees. Documenting the audit and the training would provide good evidence of the intention to comply. Penalty for Failing to Comply with the General Requirements These General Requirements are taken very seriously by the Code. It is a criminal offence punishable by imprisonment for up to two years for a relevant person to contravene the ‘General Requirements’ by carrying out relevant business with a customer without having first established, maintained and operated compliant procedures and controls, or to do so without having taken appropriate measures to train and educate employees/staff on money laundering requirements and the correct operation of the legal practice’s control system.12 The precise way the Code is worded does not strictly require every legal practice to establish these procedures, but rather requires a relevant person not to form a business relationship or carry out a transaction amounting to relevant business unless the procedures have first been established, etc. However, given the wide-‐ ranging definition of what may constitute relevant business it would be wise in any event for every legal practice to take time to put a compliant system of procedures in place. 11 Paragraph 4(1)(b) & (c) and paragraph 22. See below for further advice on employee training. 12 Curiously there is no penalty for contravention of the requirement to carry out a risk assessment. Anti-‐Money Laundering Guidance Notes 16 of 53 Liability of Corporate Bodies, Partnerships, and Associations If a paragraph 4 offence is committed by a body corporate and the prosecution can prove that it was committed with the consent or connivance of, or was attributable to neglect of the part of an officer of the body, then that officer, as well as the body shall be guilty of the offence.13 It is important to note that ‘officer’ includes not only a director, manager, or secretary, but also a person purporting to act as a director, manager or secretary. Similarly, criminal liability falls on a consenting or conniving partner or person concerned in the control of an association other than a partnership or body corporate, as well as the partnership or association.14 Members of a body also fall within the definition of ‘officer,’ if the body is managed by its members.15 Criminal liability may fall on an officer, partner or person in control of an association even if that person was not involved in the relevant business transaction and even if completely unaware of the transaction or unaware that it was not conducted in compliance with the general requirements of the Code, provided that the commission of the offence was attributable to neglect on the part of that officer, etc. Defence for Failing to Comply With General Requirements of the Code The burden is on the Defendant to show that he took all reasonable steps and exercised all due diligence to avoid committing the offence.16 Note that both limbs are required, it is not an either or. Also note that the person proceeded against must show that he personally took all reasonable steps or exercised all due diligence, not some other person within the legal practice. This imposes a personal responsibility of the relevant person conducting the relevant business transaction to ensure that the appropriate system of procedures is in place and operating correctly, whether or not he personally was responsible for the design or implementation of the procedures established by the legal practice. The potential consequences of contravention for the individual and the legal practice are disastrous. It would obviously be very difficult to establish such a defence without being able to document that compliant systems were in place. Members should also be aware that failure to comply with the Code may also amount to criminal liability for one or more of the offences under the Proceeds of Crime Act 2008. The statutory offences are dealt with in outline from page 40 below. 13 Paragraph 4(5) & (6). 14 Paragraph 4(7) & (8). 15 Paragraph 4(10). 16 Paragraph 4(4). Anti-‐Money Laundering Guidance Notes 17 of 53 IDENTIFICATION PROCEDURES Paragraphs 5 through 15 of the Code set out the minimum requirements for the identification procedures that must be established, maintained and operated in relation to forming a business relationship for or in carrying out relevant business with or on behalf of an ‘applicant for business.’17 Common Principles in Identification Procedures Identification procedures must be taken before a business relationship is entered into, or during the formation of that relationship (i.e. before the relationship is established) but in any event as soon as reasonably practicable after first contact. However, where there is in the circumstances little risk of money laundering or terrorist financing account can be taken of the need not to interrupt the normal conduct of business. In almost all cases the Code requires not only evidence of identity but verification of identity with relevant information obtained from reliable and independent source documents or data. In addition to establishing and verifying identity, the identification process includes identifying the beneficial owner or controller of the applicant for business. In almost all cases the identification process also includes taking reasonable steps to establish the source of funds and the purpose and intended nature of the business relationship or transaction. When dealing with an applicant other than face-‐to-‐face, the relevant person, when taking steps in relation to identification, must take adequate measures to compensate for any risk arising as a result. Simplified CDD for Acceptable Clients If the applicant is one of the regulated persons listed in the Code18 verification of identity is not required provided that the relevant person knows the identity of the applicant and the nature and intended purpose of the relationship. The 2007 Code did not require evidence of identity in such cases. The 2008 Code always requires a procedure for the identification of the applicant19 but does not require verification in the above circumstances. However, as set out below, verification will always be required in circumstances of suspicion, suspicious patterns 17 Defined in relation to a continuing business relationship as ‘the person who, in relation to the formation of the business relationship, was the applicant for business,’ paragraph 5(6). 18 Paragraphs 6(5) and 9(4). 19 In most cases this must be part of a procedure undertaken by the relevant person, but in the case of introduced business it may be provided by the introducer or third-‐party in the strictly controlled circumstances set out in paragraph 11. Anti-‐Money Laundering Guidance Notes 18 of 53 of behaviour, or anything giving cause to doubt the applicant’s identity, or in relation to external regulated business where the Schedule 2 country of the applicant does not apply the FATF Recommendations or insufficiently applies it to the business of that person. If members consider that the circumstances are such that verification of identity is not required they should ensure that the established procedures include provision to record and evidence the basis upon which the applicant was considered not to require verification of identity. This should include the basis upon which the client’s identity is known, the nature and intended purpose of the relationship and the basis upon which the relevant person is satisfied that the applicant does not require verification of identity. Consideration should also be given to any third party relationships with the applicant that may be relevant. What are the Required Identification Procedures? Members considering updating their anti-‐money laundering procedures should note that in comparison with the 2007 Code, the 2008 Code substantially re-‐wrote the required identification procedures in relation to new and continuing business relationships. The 2008 Code has significantly expanded the identification section in comparison with the 2007 Code by incorporating new provisions relating to seven specific topics: Beneficial ownership and control; Enhanced customer due diligence; Politically exposed persons; Exceptions from customer due diligence; Correspondent banking services; Foreign branches and subsidiaries; Ongoing monitoring. Effectively, the bar has been raised for identification procedures. The old Code primarily relied on the production by the applicant of satisfactory evidence of identity or such other measures to produce satisfactory evidence of identity. In the main, the 2008 Code does not refer to satisfactory evidence20 of identity but rather to identification and verification of identity. It also goes beyond identity to require much wider and more detailed procedures for: The identification and verification of the beneficial ownership or other control of the applicant; obtaining information on the purpose and intended 20 But does do so in relation to assessment of previously produced identification in a continuing business relationship; see below. Anti-‐Money Laundering Guidance Notes 19 of 53 nature of the business relationship; and, the taking of reasonable steps to establish the source of funds. In essence, under the 2008 Code the relevant person must take reasonable steps to first identify the applicant for relevant business and then verify that identity using relevant information and data from reliable sources. Those ‘behind’ or on whose behalf the applicant is acting, including beneficiaries, or others controlling an applicant or legal person, or legal arrangement must also be identified and verified. Who must undertake Identification Procedures? In almost all cases21 the Code puts the onus on the ‘relevant person’ to establish, maintain and operate procedures for the identification and verification of the identity of an applicant for relevant business. In the case of ‘Introduced Business’ only, the identification procedure may provide that the introducer must produce evidence of the identity of the applicant.22 This abrogation of responsibility is discretionary, if the relevant person ‘thinks fit.’ The evidence of identity must be such as to comply with paragraph 6(3) and thus must go beyond simply identification. In respect of companies, partnerships and other associations, liability for contravention of the Code may also fall on body as well as officers, partners, or other persons concerned in the management or control of the association, where the offence was committed with the consent or connivance of or was attributable to neglect on the part of such persons. In other words, legal firms and principals in legal practice will be liable for failure to establish, maintain and operate compliant procedures, including for identification of applicants for relevant business, and must ensure that identification procedures are being properly complied with. When to Undertake Identification Procedures? In general, identification procedures must be undertaken before the business relationship is entered into or during the formation of that relationship but must in any event be as soon as reasonably practicable after contact is first made.23 In other words, identification and verification of identity is a requirement that applies at the outset of a business relationship for relevant business, except that where, in relation to new business, the identity of the applicant is already known, along with the nature and intended purpose of the relationship, and the applicant is a regulated person as defined, verification of identity is not required to be produced. 21 Except for introduced business, paragraph 11. 22 Paragraph 11(4)(a). 23 However, account may be taken of the need not to interrupt the normal conduct of business where there is little risk of money laundering or terrorist financing occurring. Anti-‐Money Laundering Guidance Notes 20 of 53 What to do if Evidence of Identity is not Obtained or Produced Except in the special circumstances where the applicant is a regulated person whose identity is already known to the relevant person24, when the required evidence of identity is not obtained or produced as required by the Code, the following action must be taken: The business relationship and transaction must not proceed any further and must be terminated. The relevant person should also consider whether a suspicious transaction report should be made.25 24 E.g. under paragraph 6(4). 25 Paragraph 6(9). Anti-‐Money Laundering Guidance Notes 21 of 53 Beneficial Ownership and Control The 2008 Code imposes new and wider-‐ranging obligations on a relevant person to obtain and verify a wide-‐range of information as to the beneficial owner or controller of any applicant for relevant business. In relation to all relevant business situations, whether new business relationships, continuing business relationships, one-‐off transactions, or introduced business, the Code requires not only the identification of the beneficial owner or controller of any applicant but also the verification of that identity using information or data from a reliable and independent source.26 This is a substantial extension of the duty required in the 2007 Code, which only required consideration of verification measures where there was a high risk of money laundering. Beneficial owner is defined in the Code27 as meaning the natural person who ultimately owns or controls the applicant for business or on whose behalf a transaction or activity is being conducted. In relation to a legal person other than a stock exchange listed company it means the natural person who ultimately owns or controls (whether through direct or indirect ownership control more than 25% of the shares or voting rights, or the natural person who otherwise exercises control over the management of the legal person. In relation to a legal arrangement this means the trustees or other persons controlling the applicant. This definition meets the criticism of the rather limited ‘ultimate owner’, ‘controller’ or ‘person on whose behalf’ definition contained in the 2007 Code. The relevant person must: identify who is the beneficial owner; take reasonable steps to verify that identity using information or data from a reliable source; and determine whether the applicant is acting on behalf of another person; if so, take reasonable steps to verify his identity in the same way.28 In relation to an applicant who is a legal person or legal arrangement, the Code imposes stringent requirements on the relevant person to obtain a wide range of detailed and verifiable information going beyond identification to include information as to aspects of its structure, control, and status. For example, the relevant person must verify that the person purporting to act on behalf of the applicant is authorised to do so; identify and take reasonable steps to verify his identity using ‘reliable and independent source documents, data or information;’29 verify the legal status of the applicant; obtain the names and 26 The FSC recommends that where there is a change in the underlying principles or third parties on whose behalf a customer acts or there is a change in the beneficial ownership and control of a customer, the relevant person should treat these persons as new relationships and the CDD and identification requirements must be applied. 27 Paragraph 2(1). 28 Paragraph 5 (2). 29 Paragraph 5(3): note the different (higher) standard of proof required for verifying identity in relation to a legal person/arrangement in comparison with a ‘non-‐legal’ applicant. Anti-‐Money Laundering Guidance Notes 22 of 53 addresses of any person having power to direct its activities; and obtain information to ‘understand the ownership and control structure of the applicant.’ Where appropriate, any known settlor and beneficiaries of any legal arrangement must be identified and in particular, no payment may be made to a beneficiary unless he has been identified and his identity has been verified using relevant information and data from a reliable source. Anti-‐Money Laundering Guidance Notes 23 of 53 New Business Relationships The required identification procedures must be undertaken before a new business relationship is entered into or during the formation of the relationship and in any event as soon as reasonably practicable after contact is first made between the relevant person and the applicant for business concerning any business relationship. As stated above, where there is in the circumstances little risk of money laundering or terrorist financing account can be taken of the need not to interrupt the normal conduct of business. The relevant person must establish, maintain and operate procedures to identify the applicant and verify that identity using reliable, independent source documents, data or other information. The procedures must also include: the obtaining of information on the purpose and intended nature of the business relationship; the taking of reasonable steps to establish the source of funds; and do all of the above in accordance with procedures to identify the beneficial owner or controller. If dealing with an applicant other than face-‐to-‐face take adequate measures to compensate for any risk arising as a result.30 In other words, take increased precautions for the risk of being deceived by not being able to visually confirm identity. In relation to new business, verification of identity is not required to be produced if each of the following three conditions is fulfilled:31 a) The identity of the applicant is already known to the relevant person; b) The relevant person knows the nature and intended purpose of the relationship; and c) The relevant person has satisfied itself that the applicant for business is either a regulated person, an Isle of Man advocate, registered legal practitioner, accountant, or a person who acts in the course of external regulated business and is regulated under the law and regulation of a country listed in Schedule 2. Note that on the wording of this provision obtaining evidence of identity is still required.32 However, even if the applicant is a regulated person verification of identity is still required if the relevant person: knows or suspects that the proposed transaction is or may be related to money laundering; or a suspicious pattern of behaviour causes the relevant person to know or suspect that the behaviour is or may be related to 30 Paragraph 6(6). 31 Paragraph 6(4) & (5). 32 This seems inconsistent with the fact that paragraph 6(4) only applies if the identity of the applicant is already known to the relevant person. In which case why should evidence of identity still be required? Anti-‐Money Laundering Guidance Notes 24 of 53 money laundering; or becomes aware of anything which causes the relevant person to doubt either the identity or bona fides of the applicant or beneficial owner.33 33 Paragraph 6(8). Anti-‐Money Laundering Guidance Notes 25 of 53 Continuing Business Relationships In relation to continuing business relationships the Code refers to the applicant for business as being the person who, in relation to the formation of the business relationship, was the applicant for business.34 In summary, the required identification procedures are only required in relation to a continuing business relationship when circumstances exist or arise to cause the relevant person to become suspicious that the applicant’s behaviour or the transaction is or may be related to money laundering. Triggers and Procedures Additional procedures are required in relation to a continuing business relationship as soon as is reasonably practicable after any one of list of triggering events occur.35 Those triggers include:36 Suspicion that a transaction may be related to money laundering; a suspicious pattern or behaviour; unusual patterns of transactions or transactions or patterns of transactions that are complex or unusually large and which have no apparent economic or visible lawful purpose; or becoming aware of anything which causes doubt as to the identity of the applicant; or becoming aware of anything which causes doubt as to the veracity of adequacy of the produced evidence of identity. Procedures to be Implemented on Triggering Circumstances or Events As soon as is reasonable practicable the following procedures shall be undertaken. The relevant person must examine the background and purpose of the transaction or circumstances. In effect, this is a requirement to take a step back and look at the overall relationship and transaction with a sceptical eye. If in fact no evidence of identity had been produced after the business relationship was established then the relevant person must take such steps as will require the production by the person who was the applicant of information (i.e. as to identity as well as the other matters required as set out above), as is required in relation to a new business relationship.37 If evidence of identity was produced under paragraph 6(3), the relevant person must take such steps as will determine whether the evidence of identity is satisfactory. If this is simply a test of satisfaction, a carry over from the 2007 Code, it 34 E.g. as specified in paragraph 7(3)(b). 35 Triggering events and circumstances are not phrases used in the Code but are employed here to encapsulate the effect of paragraph 7(2). 36 See paragraph 7(2) for the full list. 37 Paragraph 7(3)(b). Anti-‐Money Laundering Guidance Notes 26 of 53 does not require verification of identity or to establish the source of the funds. However, the way that paragraph 7(3)(b) is worded, it would seem that the evidence of identity must be weighed against the requirements of paragraph 6(3), which include more than simply evidence of identification. If the evidence of identity produced under paragraph 6(3) is not for any reason satisfactory, the relevant person must take either take such steps as will require the other party38 to produce evidence of his identity that complies paragraph 6(3) (those identification procedures required for a new business relationship), or take such measures as will in fact produce evidence of his identity in accordance with paragraph 6(3).39 If no paragraph 6 compliant evidence of identity is obtained or produced the business relationship shall not proceed any further and consideration must be given to terminating the relationship and as to whether a suspicious transaction report should be made. Note that this wording40 is different to the requirement in relation to a new business relationship, which requires termination of the relationship rather than consideration of termination.41 How much time is given to an applicant for business to produce necessary identification and verification documents will vary and depend on the nature of the instructions and the client’s risk assessment profile. In any event, members should not permit funds or assets to be transferred or final transactional documents to be signed before the full identification verification process is complete. It will be important to explain to clients in clear writing and ideally in writing at an early stage that unless the client provides all identification verification documents in a timely manner the member firm will be obliged to cease acting for the client. This is particularly important in non face-‐to-‐face transactions where original documents cannot be produced immediately. Continuing Business Relationship Summary In summary, in relation to a continuing business relationship there must always be a risk assessment under paragraph 3. However, it is only if a triggering event occurs that it is it necessary to implement the paragraph 7 Code procedures in relation to identification. It will then be necessary to look at the background and purpose of the transaction and determine whether evidence of identification was produced and whether it is satisfactory. 38 It is not clear why ‘other party’ is used here instead of ‘applicant for business.’ 39 This is a change from the 2007 Code, which only required either the other party to produce satisfactory evidence of his identity or steps by the relevant person that would result in production of satisfactory evidence of identity. 40 Paragraph 7(6). 41 Paragraph 6(9). Anti-‐Money Laundering Guidance Notes 27 of 53 If evidence of identity was not produced, the relevant person must implement the identification procedures required in relation to a new business relationship under paragraph 6 of the Code. If evidence of identity was produced steps must be taken to determine if it is satisfactory in accordance with paragraph 6(3). If for any reason evidence of identity is not satisfactory then either, steps must be taken to require the other party to produce evidence of his identity, or measures must be taken as will produce paragraph 6(3) compliant evidence of identity.42 If that evidence of identity is not produced or obtained the business relationship and transactions must not proceed further and consideration must be given to terminating the relationship and making a suspicious transaction report.43 Another point to note is that, as set out above, if the evidence of identity is not satisfactory the procedure to be implemented is to take such steps as will require the other party to produce evidence of his identity or for the relevant person to take such measures as will produce evidence of his identity in accordance with paragraph 6(3),44 meaning compliance with all the procedures set out in paragraph 6(3) and not just evidence of identity, otherwise there would be no reason to refer to paragraph 6(3) at all. Paragraph 6(3) does not in fact require the applicant for business in a new business relationship to produce evidence of identity but instead requires the relevant person to establish, maintain and operate procedures to identify and verify the identity of the applicant for business, etc. In practice, however, the procedures to be implemented are likely to require the applicant to produce evidence of his identity.45 42 It is unclear from the wording but it would appear that this requires more than simply evidence of identity. The situation where evidence of identity was produced but not under paragraph 6(3) is not covered by the wording of paragraph 7. 43 Care must be taken as to ‘tipping off’ when deciding to both terminate the relationship and make a suspicious transaction report. 44 It is assumed here that both the production by the other party and the measures taken by the relevant person to produce refer to evidence of identity relate to identity in accordance with paragraph 6(3) and thus more than mere evidence of identity. 45 Paragraph 5(3) of the 2007 Code did require the applicant to produce evidence of his identity. It is not clear why this reference to production by the applicant has been carried over into the procedural requirements under paragraph 7 of the 2008 Code. Anti-‐Money Laundering Guidance Notes 28 of 53 Enhanced Customer Due Diligence (EDD) Paragraph 8 of the Code provides that where an applicant for business poses a higher risk the relevant person must carry out enhanced customer due diligence (EDD). The Code sets out matters which may pose a higher risk as including but not restricted to: A relationship or transaction with a politically exposed person, or a person or legal arrangement based in a country which does not apply or insufficiently applies the FATF Recommendations to the business or transaction in question; a person or legal arrangement subject to a warning issued by a competent authority; and a company with shares in bearer form. The FSC suggests that EDD should also be applied where the relevant person has any reason to believe that an applicant has been refused banking or other financial services by other institutions. The FSC also suggests that high-‐risk customers may include high net worth individuals (HNWI), but there is no legal definition of a HNWI. The FSC points out that the affairs of HNWI are on the whole more complex and varied that those of the average customer and may involve complex structures, multiple and interlinked products or services, and a high average value and volume of transactions. These characteristics represent an increased risk of money laundering. The FSC suggests that special provisions are made for HNWI in customer acceptance and monitoring procedures. EDD means undertaking steps additional to those required for new or continuing business relationships or for one-‐off transactions, for the purpose of identifying customers and ‘other persons.’ These additional steps comprise: • • • • Consider whether additional identification data needs to be obtained; Consider whether additional aspects of the customer’s identity need to be verified; Take reasonable steps to establish the source of the wealth of the customer and any beneficial owner; and Consider what ongoing monitoring46 should be carried on in accordance with paragraph 15. 46 See the section below on Ongoing Monitoring. Anti-‐Money Laundering Guidance Notes 29 of 53 One-‐off Transactions Before any one-‐off transaction for relevant business is entered into the relevant person must establish, maintain and operate the identification procedures specified in paragraph 9 of the Code. Unlike the required procedures for new or continuing business relationships, the required procedures for a one-‐off transaction put onus on the applicant for business to produce not only his identification but verification of his identity using reliable, independent source documents, data or information. 47 Information must also be obtained on the purpose and intended nature of the one-‐ off transaction, and reasonable steps must be taken to establish the source of funds. A one-‐off transaction that is complex or unusually large and has no apparent economic or visible lawful purpose requires the relevant person to take adequate measures to compensate for any risk arising as a result.48 Paragraph 9 contains the same provision to dispense with verification of identity in the circumstances and exceptions set out above49 in relation to a regulated applicant for business. If evidence of identity is not obtained or produced when required by the established procedure then the one-‐off transaction may not be carried out and the relevant person must consider whether to make a suspicious transaction report. In determining whether to make a suspicious transaction report it is recommended that the established procedure should include provision for the recording of the reasons for making or not making such a report. Politically Exposed Persons (PEP) Identification procedures must include appropriate procedures and controls to identify politically exposed persons. The Code defines a politically exposed person as a person resident in a country or territory outside the Island who is a natural person who is or has been entrusted with prominent public functions, or one of the listed relationship family members, or any close associate of such a person.50 The Code provides a non-‐exhaustive list of persons to be regarded as politically exposed, ranging from a head of state to a senior official of an international organisation. 47 It is not clear that it was the intention of paragraph 9(3) that the applicant should produce verification of identity rather than the duty of the relevant person to verify identity, but that is the way in which it is worded. 48 Paragraph 9(6). 49 Paragraph 9(4). See the section on Simplified CDD above. 50 Paragraph 2(1). Anti-‐Money Laundering Guidance Notes 30 of 53 The established procedure must be able to determine whether any applicant for business, customer, or natural person having power to control the same, or beneficial owner or beneficiary is a politically exposed person. The procedure must require the approval of senior management before any business relationship or one-‐off transaction is established with a politically exposed person. Approval of senior management for the continuation of business relationship must also be sought when a relevant person discovers that an established business relationship is with a politically exposed person. Introduced Business As referred to above51, where an applicant for business is introduced by a third party the relevant person may, if he thinks fit, choose to adopt the paragraph 11 procedure instead of those required for new business relationships52 or one-‐off transactions.53 However, these alternative procedures must be undertaken before a business relationship is entered into.54 These alternative identification procedures permit the relevant person to require the introducer to produce evidence of identity of the applicant, but that evidence must be in accordance with paragraph 6(3) and thus must go wider than simple identification to include verification of identity, except that verification is not required where the introducer is a regulated person55 and the relevant person has taken steps to satisfy itself that the introducer is so regulated, and such steps as are necessary to ensure that he becomes aware of any material change to the introducer’s status.56 The required procedure is two-‐fold with the second limb being the alternative of taking ‘such other measures’ as will produce evidence of identity compliance with paragraph 6(3). This may allow some other method of producing evidence of identity, such as by a third-‐party other than the introducer. It should be noted that the ultimate responsibility for ensuring that the CDD procedures comply with the Code lies with the relevant person and not the introducer.57 Fit for Purpose & Testing: It is the responsibility of the relevant person to ensure that these alternative procedures are fit for the purpose of ensuring that the evidence produced is satisfactory, and that the introducer’s procedures are also fit 51 See the section above, who must undertake identification procedures? 52 Paragraph 6. 53 Paragraph 9. 54 Paragraph 11(3). This is stricter than the 2007 Code which permitted the procedure to be undertaken during the formation of the relationship 55 Paragraph 11(5). 56 Or the status of the introducer’s regulation jurisdiction. Paragraph 11(10). 57 Paragraph 11(13). Anti-‐Money Laundering Guidance Notes 31 of 53 for that purpose.58 The relevant person must also take steps to satisfy itself that these paragraph 11 procedures are effective by testing them on a random and periodic basis.59 Members will need to be able to show that the procedures include provision for such random and periodic testing of efficiency and that the exercise and the results are documented. There is provision, similar to that in relation to a new business relationship, to not require verification of identity in the conditions where the introducer is a regulated person, the applicant (and the beneficial owner) has been identified by the relevant person,60 and the nature and intended purpose of the relationship is known to the relevant person. There are a number of safeguards set out in paragraph 11 before a relevant person may rely on evidence of identification produced by the introducer. In essence, these require written terms of business in place between the relevant person and the introducer, which require the introducer to verify the identity of all introduced applicants and keep records of the evidence of identity and all transactions. These safeguards are quite detailed and a careful consideration of paragraph 11(7) of the Code is recommended. Other Identification Situations It is not intended to consider in detail the other special circumstances where identification procedures are required or may be excepted, but a summary follows below: Paragraph 12: The Code provides that an insurer need not comply with the identification procedures in certain circumstances. Paragraph 13: Additional steps and prohibitions are prescribed in relation to a business relationship or one-‐off transaction which involves correspondent banking services or similar arrangements. Paragraph 14: Branches or subsidiaries in a country outside the Island must take measures consistent with the Code61 for preventing money laundering and the financing of terrorism, to the extent permitted by the laws and regulations of that country. 58 Paragraph 11(8). 59 Paragraph 11(9). 60 Note that this only applies where the relevant person has identified the applicant. 61 And guidance issued by a competent authority. Anti-‐Money Laundering Guidance Notes 32 of 53 Ongoing Monitoring Paragraph 15 of the Code requires the relevant person to perform ongoing and effective monitoring of any existing business relationship. ‘Ongoing Monitoring’ has previously been defined as: ‘…Scrutiny of transactions undertaken throughout the course of the relationship to ensure that the transactions being conducted are consistent with the institution’s knowledge of the customer, their business and risk profile, including where necessary, the source of funds.’ The extent of this monitoring must be in accordance with the requirements of CDD as set out in paragraph 3(4), i.e. based on: • • • materiality and risk; the risk assessment; and with regard to whether the customer poses a higher risk. The FSC recommends targeting resources towards those relationships presenting a higher risk of money laundering or terrorist financing. High-‐risk relationships will clearly require more frequent intensive monitoring. Ongoing monitoring requires: 1. Review of the CDD information, ensuring that it is up to date and appropriate;62 2. Appropriate scrutiny of transactions and other activities, paying particular attention to transactions which are: i. complex; ii. both large and unusual; iii. or of an unusual pattern, and which have no apparent economic or lawful purpose; and 3. Appropriate scrutiny of transactions to ensure that they are consistent with the Relevant Person’s knowledge of the customer, its business and risk profile and, where necessary, the source of the funds. Ongoing monitoring can take place by updating CDD when taking new instructions from existing clients, particular if there has been a significant gap between instructions or where the clients circumstances have changed or there is a change of identity detail. Records should be kept of decisions on risk assessment processes and what CDD was undertaken or when CDD is updated or reviewed. Consistent with the principle repeated throughout the Code, where the Relevant Person deals with a customer otherwise than face to face, he must, in carrying out 62 In particular where the relationship poses a higher risk; paragraph 15(1)(a). Anti-‐Money Laundering Guidance Notes 33 of 53 ongoing monitoring, take adequate measures to compensate for any risk arising as a result. Anti-‐Money Laundering Guidance Notes 34 of 53 RECORD KEEPING Member firms that conduct Relevant Business must retain documents that demonstrate that they have met the requirements of the Code. As set out below, members must also keep copies of identification documents and other records to permit reconstruction of transactions. It is advisable to keep records of all decisions made in conducting CDD, including decisions not to obtain verification of identity. Member firms may also wish to draft their procedures so as to provide for the auditing of decisions, and the recording of authorisations by supervisors. What Records Must be Kept? Records which must be retained include:63 • • • Either a copy of the evidence of identity, or information that enables a copy of such evidence to be obtained; A record of all transactions carried out in the course of Relevant Business;64 Such other records as are sufficient to permit reconstruction of individual transactions and compliance with the Code. Any records relating to compliance with the Code must be retained for a period of 5 years from the date when either all activities relating to a one-‐off transaction or series of linked transactions were completed or when the retainer in relation to a particular matter was formally ended or, if not formally ended, when all activities in relation to that matter were completed.65 Where a report has been made or it is known that a matter is under investigation, all relevant records must be retained for as long as required by the constable.66 If a request for information or an enquiry is underway by a competent authority, all relevant records must be retained for as long as required by the authority.67 In What Format Must Records be Kept? Hard copy records kept in the Island must be capable of retrieval without undue delay. If kept outside the Island, copies must be able to be sent to the Island and available within 7 days.68 Other records such as those kept on a computer must be readily accessible and capable of retrieval without undue delay. 63 Paragraph 16. 64 Including identification data, account files, and business correspondence records. 65 Paragraph 17. 66 Paragraph 17(2). 67 Paragraph 17(3) 68 In the 2007 Code this was 21 days. Anti-‐Money Laundering Guidance Notes 35 of 53 A Relevant Person may rely on the records of a third party for details of customer payments and transactions provided that that it is satisfied that the third party is required to produce copies on request and to notify the Relevant Person if, for whatever reason, they are no longer able to comply with the production of copies on request. The procedures established in relation to this requirement must provide for the retention of all records relating to client due diligence that was undertaken to establish evidence identity. A register of money laundering enquiries by law enforcement or other authorities is a mandatory requirement. This must be kept separate from other records and contain prescribed minimum information.69 Recognising and Reporting Suspicious Transactions Reporting within an organisation is normally70 first made to what the Proceeds of Crime Act 2008 calls the nominated officer but described in the Code as a Money Laundering Reporting Officer (MLRO). It is a criminal offence to fail to make a disclosure as soon as is practicable if reasonable grounds exist for suspecting that an identifiable person is engaged in money laundering.71 All firms which carry on Relevant Business must appoint a MLRO to whom money laundering reports should be made by the employees of the member firm and who will exercise the functions conferred by paragraph 20 of the Code. Employees may disclose any knowledge or suspicion of money laundering or seek advice on circumstances of concern.72 The MLRO must be either sufficiently senior in the organisation or, if not in that organisation, have sufficient experience and authority. In any event, he must have a right of direct access to the directors, managing board or partners (as the case may be) to be effective in the exercise of his or her functions.73 The MLRO must be able to exercise independent action to report suspicion to the Financial Crime Unit and must be able to gain reasonable access to all information which is within the possession of the member firm which may assist the MLRO to properly fulfil his duties. 69 Paragraph 19. The minimum information comprises the date and nature of the enquiry, the name and agency of the inquiring officer, the powers being exercised, and details of the accounts or transactions involved. 70 In general terms The Proceeds of Crime Act 2008 permits disclosure to either the nominated officer or to a constable or customs officer within the Financial Crime Unit of the Isle of Man Constabulary. 71 See the section below ‘Proceeds of Crime Act 2008’ under the sub-‐heading, ‘Failure to Make Disclosure.’ 72 Bear in mind that seeking advice about money laundering issues does not qualify as a money laundering disclosure. 73 This would appear to permit the employment of a MLRO third party or service, provided that it has sufficient experience and authority as well as direct access to the partners, etc. Consideration would also need to be given to ensuring that client confidentiality or legal professional privilege rights are not infringed. Anti-‐Money Laundering Guidance Notes 36 of 53 Establish Clear Internal Reporting Procedures It is mandatory that written internal reporting procedures are established maintained and operated in relation to all Relevant Business conducted by the firm.74 In particular, these procedures should enable all partners, directors, all other persons involved in the management, and all appropriate employees to know to whom they should report any knowledge or suspicions of money laundering activity. There must be a clear reporting chain for the passing of suspicions to the MLRO. The procedures to be established must require reports to be made to the MLRO of any information or other matter which comes to the attention of a person handling Relevant Business which, in that person’s opinion, gives rise to a knowledge or suspicion that another person is engaged in money laundering. The procedures must require the MLRO to consider any report in the light of all other relevant information available to him for the purpose of determining whether or not it gives rise to a knowledge or suspicion of money laundering. The procedures must ensure that the MLRO has full access to any other relevant information which may be of assistance to him and which is available to the Relevant Person; and Enable the information or other matter in a report to be disclosed promptly to a constable serving in the Financial Crime Unit. A register must be kept of all such reports, containing details of the date of the report, the person making the report, the constable to whom the report is made, and information sufficient to identify the relevant papers. 74 Paragraph 20(2). Firms should not wait until relevant business comes along, as the requirements of the Code include procedures that must be in place before the formation of a business relationship for relevant business. Anti-‐Money Laundering Guidance Notes 37 of 53 STAFF TRAINING & EDUCATION Member firms that engage in Relevant Business must have procedures in place to screen new senior management and other appropriate employees. Regular education and training must be provided for management, key, and other appropriate employees. Screening of Staff Appropriate procedures must be established, maintained and operated to enable the Relevant Person (i.e. any person who enters into a business relationship for Relevant Business or who will undertake Relevant Business75) to be satisfied as to the integrity of new directors or partners and all new appropriate employees. Staff Training There is a mandatory obligation to provide or cause to be provided76 education and training, including refresher training not less than annually, for all directors, partners, all other persons involved in management, all key staff and appropriate employees. A competent programme of staff education and training will ensure that senior management and all appropriate employees are aware of money laundering requirements; the firm’s established policies and procedures for reporting and preventing money laundering, and their individual money laundering responsibilities. The Code states77 that it is the purpose of the education and training to ensure that all relevant staff and management are aware of: a. The provisions of the money laundering requirements; b. Their personal obligations under those requirements; c. The established internal reporting procedures which must be maintained and operated; d. The policies and procedures established to prevent money laundering; e. The established customer identification, record-‐keeping and other procedures; f. The recognition and handling of suspicious transactions; g. Their personal liability for failure to report information or suspicions in accordance with internal procedures; h. New developments, including information on current techniques, methods and trends in money laundering and the financing of terrorism. 75 As set out above, ‘relevant person’ can include a firm, legal practice, or other similar entity as well as individuals within that organisation. 76 This means that others may be brought in to provide the training. 77 Paragraph 22. Anti-‐Money Laundering Guidance Notes 38 of 53 Technological Developments A new requirement in the 2008 Code78 is that a Relevant Person must maintain79 appropriate procedures and controls for the purpose of preventing the misuse of technological developments for the purpose of money laundering or the financing of terrorism. The Code does not elaborate, as it does, for example, in relation to staff education and training, as to precisely what must be done. It should be noted, however, that the requirement is not only for procedures but also controls. 78 Paragraph 23. Not previously included in the 2007 Code. 79 Curiously, unlike most of the other requirements the wording used here is only ‘maintain’, rather than ‘establish, maintain, and operate.’ Anti-‐Money Laundering Guidance Notes 39 of 53 OFFENCES UNDER THE PROCEEDS OF CRIME ACT 2008 Not only does contravention of the Code invoke criminal liability but failure to follow the mandatory procedures to be established under the Code may also amount to one or more criminal offences under the Proceeds of Crime Act 2008. A digest of the more relevant provisions of the statute follows.80 Being Concerned in an Arrangement If a business relationship is entered into or transaction carried out in relation to Relevant Business without having established, maintained or operated required anti-‐ money laundering procedures, the Relevant Person may in fact be committing an offence of being concerned in an arrangement under Section 140 of the Proceeds of Crime Act 2008. Section 140 provides that it is an offence for a person to enter into or become concerned in an arrangement which the person knows or suspects facilitates (by whatever means) the acquisition, retention, use or control of criminal property by or on behalf of another person. A business relationship formed with the intention of carrying out a transaction in relation to Relevant Business can amount to an arrangement within the meaning of the Act. On the wording of this section the offence is made out if the person suspects that the arrangement facilities money laundering, even if the arrangement does not in fact facilitate money laundering, and even if no actual transaction is carried out. Information obtained about the applicant for business, the business relationship, or the proposed transaction, may give rise to suspicion that it may relate to money laundering or terrorist financing. The Code imposes reporting duties and clearly requires a business relationship to be terminated or not further proceeded with in such circumstances. Exceptions to Criminal Liability No offence is committed if a section 154 disclosure is made before being concerned in the arrangement or any transaction is carried out, or the person intended to make such a disclosure but had a reasonable excuse for not doing so. The statute provides that a person does not commit a Section 140 offence81 if: 80 This is not exhaustive and is for outline guidance only. The effect of some of the provisions is not entirely clear. For example, some appear ambiguous as to whether prescribed conditions are cumulative or in the alternative. There are also some drafting errors. 81 Section 140(2). Anti-‐Money Laundering Guidance Notes 40 of 53 (a) that person makes an authorised disclosure under section 154 and (if the disclosure is made before the person does the act mentioned in subsection (1)) the person has the appropriate consent; (b) that person intended to make such a disclosure but had a reasonable excuse for not doing so; (c) the act the person does is done in carrying out a function the person has relating to the enforcement of any provision of this Act or of any other enactment relating to criminal conduct or benefit from criminal conduct. Further, it is not an offence for a deposit-‐taking body if it does the act in operating an account maintained with it, and the arrangement facilitates the acquisition, retention, use or control of criminal property of a value that is less than the threshold amount82 determined under section 156 for the act. It is not an offence if the person knows, or believes on reasonable grounds, that the relevant criminal conduct occurred in a particular country or territory outside the Island and was not, at the time it occurred, unlawful under the criminal law then applying in that country or territory; and is not of a description prescribed by an order made by the Department of Home Affairs. Similar exceptions to criminal liability apply, with small variations in the wording, to other money laundering offences under the Proceeds of Crime Act 2008. Acquiring Criminal Property Under Section 141 it is an offence for a person to: (a) acquire criminal property; (b) use criminal property; (c) have possession of criminal property. Failure to establish, maintain and operate appropriate anti-‐money laundering procedures may in consequence result in a person receiving, using or being in possession of criminal property. The exceptions to liability for this offence also include acquisition, use or possession for adequate consideration.83 Inadequate consideration is if the value of the consideration is significantly less than the value of the property. Note that the provision by a person of goods or services which the person knows or suspects may help another to carry out criminal conduct is not consideration.84 82 15,000 Euros. 83 Section 141(2)(c). 84 Section 141(6)(c). Anti-‐Money Laundering Guidance Notes 41 of 53 Failure to Make Disclosure A failure to disclose offence is made out under Section 140 of the Act if four specified conditions exist.85 In essence, these four conditions require knowledge or the existence of reasonable grounds for suspecting that another person is engaged in money laundering and that knowledge or suspicion arises in the course of business. The person must also being able to identify the money launderer or the whereabouts of any of the laundered property, or it is reasonable to believe that the information giving rise to knowledge or suspicion will or may assist in identifying the money launderer or the whereabouts of any of the laundered property. Finally, the offence is only made out if disclosure does not take place as required in the statute. The first condition86 is that a person (a) knows or suspects; or (b) has reasonable grounds for knowing or suspecting, that another person is engaged in money laundering. The second condition87 is that the information or other matter on which the person’s knowledge or suspicion is based; or which gives reasonable grounds for such knowledge or suspicion, came to that person in the course of a business in the regulated sector. The third condition88 is that the person can identify the other person mentioned in subsection (2), or the whereabouts of any of the laundered property; or that the person believes, or it is reasonable to expect the person to believe, that the information or other matter mentioned in subsection (3) will or may assist in identifying that other person or the whereabouts of any of the laundered property. The fourth condition89 is that the person does not make the required disclosure to (a) a nominated officer; or (b) a constable or customs officer serving (in either case) with the Financial Crime Unit of the Isle of Man Constabulary, as soon as is practicable after the information or other matter mentioned in subsection (3) comes to that person. There has been no conviction to date of an advocate in the Isle of Man but in the UK a solicitor was convicted of failing to disclose suspicious real estate transaction where he should have known that the subject property was likely from the proceeds of crime because it was grossly undervalued.90 Mr Griffith undertook the conveyance 85 Section 142(1). There is a drafting error here as it refers to the conditions set out in section 142(2) to (4) but the fourth condition referred to is in fact contained within section 142(5). Uncorrected, this may be fatal to any prosecution under this section. 86 Section 142(2). 87 Section 142(3). 88 Section 142(4). 89 Section 142(5). 90 R v Griffiths [2006] All ER (D) 19 (Sep) Anti-‐Money Laundering Guidance Notes 42 of 53 of property to a long time friend and business associate from a convicted criminal, at a significant undervalue. The property was worth £150,000 at the time of sale but sold for the original purchase price of £43,000. The solicitor received only his conveyancing fee of £399. In the appeal against his sentence of 15 months imprisonment (reduced to 6 months) the Court of Appeal observed that Mr Griffith's action was a lapse in the normally high standards expected of a solicitor, rather than a desire to benefit by criminal activity. Further they noted that the conviction had brought his professional life to an end, which made any penalty significantly greater. The court added: "We do not leave the case without underlining to all professional people involved in the handling of money and with an involvement in financial transactions the absolute obligation to observe scrupulously the terms of this legislation and the inevitable penalty that will follow failure to do so." Exception from Liability for Professional Legal Advisers No offence is committed if there is a reasonable excuse for not making the disclosure.91 There are in addition specific exemptions of liability for persons in the following limited circumstances: • • • Where a professional legal adviser (or relevant professional adviser92) only knows the identity of the suspected money launderer, or the whereabouts of the laundered property, or received the information that gave grounds for the knowledge or suspicion of money laundering, by reason of information received in privileged circumstances.93 Where a person, who ought in the circumstances to have known or been suspicious, does not in fact know or suspect and has not been provided with anti-‐money laundering training by their employer.94 Where a person is employed by, or is in partnership with, a professional legal adviser or a relevant professional adviser to provide the adviser with assistance or support and the information or other matter giving rise to knowledge or suspicion comes to that person in connection with the provision of such assistance or support and in privileged circumstances.95 It is also not a disclosure offence if the person knows, or believes on reasonable grounds, that the money laundering is occurring in a particular country or territory 91 Section 142(8). 92 A relevant professional adviser is an accountant, auditor or tax adviser who is a member of a professional body which is established for accountants, auditors or tax advisers and provides for a competence test of admission and maintains standards and exercises discipline: Section 142(19). 93 Section 142(8)(b). 94 Section 142(9). 95 Section 142(11). Anti-‐Money Laundering Guidance Notes 43 of 53 outside the Island where money laundering is not criminally unlawful; and is not of a description prescribed by an order made by the Department of Home Affairs. It will be important in avoiding liability to be able to prove compliance with other disclosure obligations under the Code and that any publicised guidance issued by a supervisory or other appropriate body96 has been followed. Section 142 provides that in deciding whether a person has committed a failure to disclose offence the court must consider whether the person: (a) complied with other relevant legal obligations in connection with the making of disclosures under this section, including any obligations imposed by the Code; and (b) followed any relevant guidance which was at the time concerned issued by a supervisory authority or any other appropriate body and which has been published in a manner approved as appropriate in the opinion of the authority or body to bring the guidance to the attention of persons likely to be affected by it.97 What are Privileged Circumstances? Information or other matter comes to a professional legal adviser (or relevant professional adviser) in privileged circumstances if it is communicated or given to the adviser: (a) by (or by a representative of) a client of the adviser in connection with the giving by the adviser of legal advice to the client; (b) by (or by a representative of) a person seeking legal advice from the adviser; or (c) by a person in connection with legal proceedings or contemplated legal proceedings.98 However, privilege does not attach to information or other matter which is communicated or given with the intention of furthering a criminal purpose. Thus a client effectively seeking advice on what would amount to money laundering may divulge information that would require disclosure and is not protected by the above privilege provisions. 96 An appropriate body is any body which regulates or is representative of any trade, profession, business or employment carried on by the alleged offender: section 142(18). 97 Section 142(12). 98 Section 142(15). Anti-‐Money Laundering Guidance Notes 44 of 53 What Must be Disclosed? The disclosure that is required99 is a disclosure of the identity of the person suspected of money laundering and, if known, the whereabouts of the laundered property, so far as is known, together with the information on which the knowledge or suspicion is based. The laundered property referred to in section 142 is the property forming the subject-‐matter of the money laundering that the person knows or suspects, or has reasonable grounds for knowing or suspecting, that other person to be engaged in.100 How to Make Disclosure The Department of Home Affairs may prescribe the form and manner in which a disclosure must be made.101 It is a criminal offence to make a disclosure otherwise than in the form or manner so prescribed,102 unless there is a reasonable excuse for doing so.103 As noted above, the Code requires the appointment of a sufficiently senior person within the organisation to serve as a Money Laundering Reporting Officer (MLRO).104 Effectively, this is person referred to in the statute as the ‘nominated officer’, also described below for the purposes of simplicity as the disclosure officer. The statute requires disclosure by a person to either the nominated officer, being a person nominated by the alleged offender’s employer to receive Section 142 disclosures, and made in the course of the alleged offender’s employment,105 or to a constable or customs officer serving (in either case) with the Financial Crime Unit of the Isle of Man Constabulary. In either case the disclosure must be made as soon as is practicable after the information or other matter giving rise to knowledge or suspicion comes to that person. Seeking advice about whether to make a disclosure is not sufficient to amount to a disclosure. The statute provides that it is not a statutory disclosure if: the person making the disclosure is a professional legal adviser or relevant professional adviser; 99 Section 142(6). 100 Section 142(7). 101 I.e. a disclosure under sections 142, 143, 144 or 154. 102 The prescribed disclosure form may include a request to a person making a disclosure that the person provide (additional) information specified or described in the form if the person has not provided it in making the disclosure, section 155(4). However the form must also make it clear that there is no obligation to comply with the request. 103 Section 155. 104 Paragraph 20. 105 Section 142(13). Anti-‐Money Laundering Guidance Notes 45 of 53 makes it for the purpose of obtaining advice about making a section 142 disclosure; and does not intend it to be a section 142 disclosure.106 A disclosure to either a constable or customs officer serving with the Financial Crime Unit of the Isle of Man Constabulary, or a nominated disclosure officer, is a protected disclosure if the information or matter disclosed came in the course of the discloser’s trade, profession, business or employment, and that information or matter causes or gives the discloser reasonable grounds to know or suspect that another person is engaged in money laundering, provided that disclosure is made as soon as is practicable after the information or other matter comes to the discloser’s attention.107 Section 154 provides for authorised disclosures to be made by alleged offenders in the prescribed form and manner to a constable or customs officer, or a nominated officer, in certain prescribed conditions set out in the section. Essentially, this provides for disclosure on his own initiative by a person who discovers that he is about to commit, or in the course of, a prohibited act but did not previously know or suspect that the property is criminal property. An authorised disclosure may be made as soon as it is practicable to do so after the event, provided he had a reasonable excuse for failure to make the disclosure before doing the prohibited act. Formal consent may also be given in certain circumstances under sections 151 and 152 to do what would otherwise be a prohibited act. Offences by Disclosure Officers A disclosure officer commits a criminal offence if the following 4 conditions are satisfied:108 First Condition: that the disclosure officer knows or suspects that another person is engaged in money laundering; Second Condition: that the information or other matter upon which that knowledge or suspicion is based came to the disclosure officer in consequence to a disclosure made to the officer; Third Condition: that the identity of the money launderer or the whereabouts of any of the laundered property is known to the disclosure officer in consequence of a disclosure made to him; that the money launderer or whereabouts of any of the laundered property can be identified from the information or matter; or the disclosure officer believes, or it is reasonable to expect him to believe, that the information or other matter will or may assist in identifying the money launderer or the whereabouts of any of the laundered property. 106 Section 142(14). 107 Section 153. 108 Section 144. Anti-‐Money Laundering Guidance Notes 46 of 53 Fourth Condition: that the disclosure officer does not make the required disclosure to a constable or customs officer serving with the Financial Crime Unit of the Isle of Man Constabulary as soon as is practicable after the information or other matter comes to the disclosure officer. The disclosure officer must disclose109: the identity of the person known or suspected to be engaged in money laundering; the whereabouts of the laundered property, so far as has been disclosed to the disclosure officer; and the information or other matter on which the knowledge or suspicion is based and which came as a result of a disclosure to the disclosure officer. No offence is committed by a disclosure officer if he has a reasonable excuse for not making the required disclosure.110 No offence is committed by a disclosure officer if that person knows, or believes on reasonable grounds, that the money laundering is occurring in a particular country or territory outside the Island and was not, at the time it occurred, unlawful under the criminal law then applying in that country or territory; and is not of a description prescribed by an order made by the Department of Home Affairs. Tipping Off Offences & Exemptions In essence, it is a criminal offence to disclose either that a statutory disclosure has been made to either a constable or customs officer serving with the Financial Crime Unit of the Isle of Man Constabulary, or a nominated disclosure officer,111 or that an investigation into suspected money laundering is underway or contemplated. However, such a tipping off disclosure must also be likely to prejudice any investigation that might be conducted following the statutory disclosure and the information on which the disclosure to another is based must have come to the offender in the course of a business in the regulated sector.112 No offence is committed if the person making the disclosure does not know or suspect that it might prejudice any investigation.113 It is not an offence to make such a tipping off type disclosure by an employee, officer or partner of an undertaking to an employee, officer or partner in the same undertaking.114 Nor is it an offence for one credit or financial institution to make 109 Section 144(6). 110 Section 144(9). 111 Section 145(1) & (2). 112 Section 145(1) & (3). 113 Section 148(3) & (4). However, there is a drafting error in section 148(4) where there is reference to a non-‐existent section 148(3)(b). It is assumed that it should have referred to section 145(3)(b) and the effect of tipping off about an investigation. 114 Section 146(1). Anti-‐Money Laundering Guidance Notes 47 of 53 such a disclosure to another in the same group and situated in a prescribed country or territory.115 A professional legal adviser (or relevant professional adviser) does not commit such a tipping off offence if he discloses to another professional legal adviser (or relevant professional adviser), provided that both carry on business in a prescribed country of territory; and they perform their professional activities within different undertakings that share common ownership, management or control.116 Neither is it an offence for a professional legal adviser to disclose to another professional legal adviser if the disclosure relates to a client or former client of the both legal advisers, or a transaction or provision of services involving them both. However such disclosure must be made only for the purpose of preventing a money laundering offence and the legal adviser to whom the disclosure is made is situated in a prescribed country or territory, and both legal advisers are subject to equivalent duties of professional confidentiality and the protection of personal data.117 Making a tipping off type disclosure by a person to his supervisory authority for the purpose of detection, investigation or prosecution of a criminal offence; or a money laundering investigation; or the enforcement of a Proceeds of Crime Act court order.118 A professional legal adviser may also make a tipping off type disclosure to his client for the purpose of dissuading the client from engaging in conduct amounting to an offence.119 115 Section 146(2). 116 Section 146(4). 117 Section 147(2). 118 Section 148(1). 119 Section 148(2). Anti-‐Money Laundering Guidance Notes 48 of 53 RISK ASSESSMENT TEMPLATE CDD Risk Assessment Client: Date of Risk Assessment: Reference: Person conducting: Client Profile (include all relevant client information) Client contact address: Contact Telephone: Home telephone: Client residence address (if different): Other contact information: Is client a legal person or legal arrangement? YES/NO Is client an advocate or other regulated person? YES/NO Does the client act for a beneficiary/controller: YES/NO Transaction Information Proposed transaction: (Attach relevant information) Stated purpose of transaction: Is this Relevant Business? YES/NO Estimated Value of transaction: Source of funds: State where funds originate: Client History Nature of client’s normal business: Is this an existing client? Person previously handling: Date/reference last risk assessment: Detail any change in identity or circumstances since last risk assessment: Is this new business? YES/NO YES/NO Email: Mobile: How will funds be transferred: State where funds are destined: Date/reference last transaction: Previous risk assessment? Has it been reviewed? Was client introduced? YES/NO YES/NO YES/NO Anti-‐Money Laundering Guidance Notes 49 of 53 How did client come to instruct: Introducer: Are terms of business in place with the introducer? Are introducer’s identification procedures fit for purpose? Has introducer completed client identification? If so, has it been reviewed? Is this a one-‐off transaction? Detail steps taken to identify source of funds: Any previous legal firm employed by client: Identification Is client’s identity known: State how client is known: YES/NO YES/NO YES/NO YES/NO YES/NO YES/NO Identity verification documentation obtained: (attach copies) Is identification satisfactory? Is client authorised to act? Identify beneficiary of transaction: Beneficiary verification documentation obtained: (attach copies) Is identification satisfactory? YES/NO Is it satisfactory? YES/NO Known how long? State nature and purpose of transaction: If verification deemed not necessary for known client state why: Primary identification produced or obtained: Beneficiary or Controller Identify true beneficiary or controller of client: Beneficiary verification documentation obtained: (attach copies) Is identification satisfactory? Are they satisfactory? When were they last tested? Date/reference: YES/NO YES/NO YES/NO YES/NO Higher Risk Factors Is this a non-‐face-‐to-‐face transaction? Detail additional steps to compensate for non-‐face-‐to-‐ face transaction: Is client a politically exposed person (PEP)? Is senior management approval required for PEP? Is client a high net worth individual (HNWI)? YES/NO YES/NO YES/NO YES/NO Anti-‐Money Laundering Guidance Notes 50 of 53 Is client based in state with limited MLR? Do funds originate from or are destined for a state with limited MLR? Has client been previously refused financial or other services? Is the client or recipient of funds subject to any regulatory sanctions? Does the transaction involve transmission of funds to a state with high levels of organised crime or drug production? Does the client handle large amounts of cash? Is the client reluctant to provide identification verification documentation? Does the transaction make commercial sense? Does the transaction have a visible lawful purpose? Is this part of a series of high volume, high value, or complex transactions? Is there an unusual pattern of transactions? Will it be difficult to check the source of funds? List other risk factors in the client’s circumstances: Evaluation of high risk factors: Is additional identification evidence required? Detail additional steps required to compensate for high risk: YES/NO Detail ongoing monitoring requirements: Other Relevant Information List any other information relevant to the risk assessment: (attach copies if appropriate) List any factors which may give rise to knowledge or suspicion of money laundering or terrorist financing: Are additional steps required? YES/NO YES/NO YES/NO YES/NO YES/NO YES/NO YES/NO YES/NO YES/NO YES/NO YES/NO YES/NO YES/NO Certificate of Compliance The proposal relates to Relevant Business: Stage at which identification procedures completed: CDD Level applied: Simplified (SDD), Standard (CDD), Enhanced (EDD): I have applied and complied with identification procedures: I have verified identity using information or data from reliable sources: Risk level is assessed as High/Medium/Low: Appropriate steps have been taken to compensation for risk: Is money laundering or terrorist financing suspected: YES/NO YES/NO YES/NO YES/NO YES/NO Anti-‐Money Laundering Guidance Notes 51 of 53 The proposed transaction should be reported to the MLRO: Transaction is approved in principle: The proposed transaction has been submitted for approval: Recommended risk assessment review date: I have received appropriate training in ML procedures and responsibilities: I have properly recorded all decisions made: Signed: Position: Date: YES/NO YES/NO YES/NO YES/NO YES/NO Anti-‐Money Laundering Guidance Notes 52 of 53 Advisory Note These Guidance Notes are intended for the general reference and education of Members of the Isle of Man Law Society and their employees. Accordingly these Guidance Notes should not be seen as a definitive legal advice in what is a complex area of law. Anti-‐Money Laundering Guidance Notes 53 of 53
© Copyright 2026 Paperzz