1. Introduction and Summary


These procedures are to be used by any member of staff for reference. Further reference material can be found in “Xxxx Due Diligence Annex”.

This manual has been drafted in compliance in line with the prevailing regulation in our current jurisdiction.

Money Laundering Regulations as applied by Her Majesty’s Revenue and Customs (HMRC), and National Crime Agency (NCA) and applicable to Xxxx can be broadly summarised as follows:

  •   Xxxx must obtain satisfactory evidence of the identity of each customer with whom it has a business relationship through relevant Customer Due Diligence checks;
  •   This evidence of client identity must be retained for the duration of the client relationship and for a period of five years after it is terminated; details of transactions must be kept for 5 years beginning on the date on which the business relationship ends;
  •  To understand the beneficial ownership structure of a business customer – who the underlying individuals are who make financial gains from the business;
  •   Identify the customer and verify the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source;
  •  Identify the Source of Funds, where required by the risk based approach;
  •  Identify, where the beneficial owner is not the customer, and take adequate measures, on a risk-sensitive basis, to verify their identity so that the relevant person is satisfied that they know who the beneficial owner is, including, in the case of a legal person, trust or similar legal arrangement, measures to understand the ownership and control structure of the person, trust or arrangement;
  •   Obtain information on the purpose and intended nature of the business relationship.
  •   To perform enhanced due diligence on customers who may be classified as presenting a higher risk of money laundering or Politically Exposed Persons;
  •  Any suspicious transaction, whether in connection with a new or existing client, must be reported immediately to the designated Money Laundering Reporting Officer (MLRO);
  •  The Money Laundering Reporting Officer (MLRO) must, if deemed appropriate, report suspicion of money laundering to the appropriate authorities; in the UK, this is the National Crime Agency (NCA);
  •  Appropriate training must be provided to all members of staff who handle, or are managerially responsible for handling, transactions which may involve money laundering to ensure they are aware of firm procedures which guard against money laundering and the legal requirements of the money laundering rules; this training will be co-ordinated by the MLRO;

2.  Money Laundering

Money laundering is the process by which criminally obtained money or other assets (criminal property) are exchanged for ‘clean’ money or other assets with no obvious link to their criminal origins.

Criminal property may take any form, including money or money’s worth, securities, tangible property and intangible property. It also covers money, however come by, which is used to fund terrorism.

Examples of Money laundering activity includes:

  •   Acquiring, using or possessing criminal property;
  •  Handling the proceeds of crimes such as theft, fraud and tax evasion;
  •  Being knowingly involved in any way with criminal or terrorist property;
  •  Entering into arrangements to facilitate laundering criminal or terrorist property;
  •  Investing the proceeds of crimes in other financial products;
  •  Investing the proceeds of crimes through the acquisition of property/assets; and
  •  Transferring criminal property.

There is no single stage of money laundering; methods can range from the purchase and resale of luxury items such as a car or jewellery, to passing money through a complex web of legitimate operations. Usually the starting point will be cash, but it is important to appreciate that money laundering is defined in terms of criminal property. This can be property in any conceivable legal form, whether money, rights, real estate or any other benefit, if you know or suspect that it was obtained, either directly or indirectly, because of criminal activity and you do not report these suspicions to your MLRO then you too are taking a part in the process.

The money laundering process usually follows three stages:

  • Placement – Disposal of the initial proceeds derived from illegal activity e.g. into a bank account.
  • Layering – The money is moved through the system in a series of financial transactions in order to disguise the origin of the cash with the purpose of giving it the appearance of legitimacy
  • Integration – Criminals are free to use the money as they choose once it has been removed from the system as apparently “clean” funds.

Please note however that it is rare for any one financial institution to be involved with all stages and as such a firm may only see one or two stages. This makes it harder to detect and prevent as no financial sector business is immune from the activities of criminals and OmegaPro will consider the money laundering risks posed by the products and services they offer.


What is Counter Terrorist Financing (CTF)?

Terrorist financing is the process of legitimate businesses and individuals choosing to provide funding to resource terrorist activities or organisations. This could be being done for ideological, political or other reasons. Firms must therefore ensure that:

  • 1. customers are not terrorist organisations themselves; and
  • 2. they are not providing the means through which terrorist organisations can be funded

There is inevitably some overlap between AML provisions and Terrorist Financing acts. However, there are two major difficulties when Terrorist Financing is compared with other money laundering activities:

  • 1. Often, only quite small sums or money are required to commit terrorist acts
  • 2. If legitimate funds are used to fund terrorist activities, it is difficult to identify when the funds become terrorist funds


Regulatory Framework

There are currently a number of relevant pieces of legislation of which all employees need to be aware of and comply with, including the following:

  •  The Terrorism Act 2000, and the Anti-terrorism, Crime and Security Act 2001;
  •  The Proceeds of Crime Act 2002;
  •  The Serious Organised Crime and Police Act 2005;
  •  The Money Laundering Regulations 2017;
  •  Counter Terrorism Act 2008.


Proceeds of Crime Act 2002

The Proceeds of Crime Act 2002 has established a series of criminal offences in connection with money laundering, failing to report knowledge or suspicions or reasonable grounds for knowledge or suspicions, tipping off a person to the fact that a report has been made, and prejudicing an investigation. The Act also sets out penalties for the various offences established under PoCA. Furthermore, the act upholds that the National Crime Agency NCA has the power to investigate whether a person holds criminal assets, and if so, their location. In addition, the act has created five investigative powers for law enforcement.


Under the act the following are money laundering offences:

  •  Concealing (Subject to a maximum 14-year jail term and or a fine)

    Providing assistance to conceal, disguise, convert, transfer or remove funds from the UK if you know, should have known, suspect or should have suspected that the funds were the proceeds of criminal conduct.

  •  Arrangements (Subject to a maximum 14-year jail term and or a fine)

    It is an offence to enter into or become concerned with an arrangement if you know, should have known, suspect or should have suspected that the arrangement facilitates the acquisition, retention, use or control of criminal property.

  •  Acquisition use and possession (Subject to a maximum 14-year jail term and or a fine)

    Regardless of any attempt to conceal or disguise the criminal origin of property, it is an offence to acquire, use or possess criminal property. Importantly, this offence does not require the laundering process to be actively undertaken.

  •  Tipping Off (Subject to a maximum 5-year jail term and or a fine)

    It is an offence for anyone to take any action likely to prejudice an investigation by informing the person who is the subject of a suspicious activity report, or anybody else, that a disclosure has been made, or that the police or customs authorities are carrying out or intending to carry out a money laundering investigation.

  •  Failure to Disclose (Subject to a maximum 5-year jail term)

    This offence prevents people from turning a ‘blind eye’ to money laundering by making it a criminal offence for persons working in the regulated sector to fail to report where they have knowledge, suspicion or reasonable grounds for knowledge or suspicion that another person is engaged in money laundering.


The report must be made to the MLRO as soon as reasonably practical after the knowledge, suspicion or reasonable grounds for knowledge or suspicion came to light. There is no defence in claiming no knowledge or suspicion if the circumstances were such that a reasonable person would have known or suspected that the funds could have been the proceeds of crime.


The Money Laundering Regulations 2017 (MLR 2017)

The MLR 2017 applies to institutions who engage in any financial activities. The MLR 2017 aims to combat money laundering and terrorist financing through:

  •  Requiring firms to take measures to identity their customers;
  •  Specifying the policies and procedures that financial institutions and other relevant businesses must put in place in order to prevent and identify activities relating to money laundering and terrorist financing;
  •  Setting out the supervision and registration arrangements.

Failure to comply with the provisions of the regulations carries a maximum of 2 years imprisonment and or a fine.


Fourth Money Laundering Directive (MLR2017)

The commission published the 4th Money Laundering Directive in June 2015, and this came into effect in June 2017. The regulation and Directive provide a more targeted and focused risk-based approach. In summary, the directive:

  •  Extends the definition of politically exposed persons (PEPs) to formally encompass persons entrusted with a prominent public position domestically, as well as domestic PEPs who work for international organisations
  •  Presents a shift to a risk-based approach- removal of the automatic entitlement to apply ‘simplified due diligence’ (SDD) for specific customers. Instead firms need to carry out risk assessments and provide robust rationale and justification for applying SDD.
  •  Lower the exemptions for one-off transactions and expand the perimeter from €15,000 to €10,000
  •  Include new requirements on beneficial ownership information.
  •  Include tax crimes as predicate offences.
  •  Reinforce sanctioning powers and requirements to co-ordinate cross-border action.
  •  Include national and EU-wide risk assessments.
  •  Include new information requirements for fund transfers.


Fifth Money Laundering Directive (MLR2019)

The 5AMLD is a new regulation to amend the Fourth Money Laundering Directive (MLR2017) to further clamp down on terrorist financing. The Fifth Money Laundering Directive (5AMLD) will come into force on January 10, 2020.

In summary, the directive:

  •  Extends to regulating virtual currencies such as Bitcoin and pre-paid cards to prevent terrorist financing
  •  Extends to regulating virtual currencies such as Bitcoin and pre-paid cards to prevent terrorist financing
  •  Requires enhanced due diligence when dealing with transactions from high risk countries
  •  Amend the ‘reliable and independent source’ requirement for verification of customer information to include ‘where available, electronic identification means’.
  •  Increased transparency in beneficial ownership. Trusts will be required to meet greater transparency obligations, including the beneficial ownership requirements
  •  Firms are also expected to be required to renew CDD in situations where they are under a legal obligation to contact an existing client


Terrorism Act 2000 (TA 2000) as amended by the Anti-Terrorism, Crime and Security Act 2001

The TA 2000 establishes offences relating to involvement in facilitating, raising, possessing or using funds for terrorist purposes and for failing to report suspicions, tipping off and prejudicing an investigation. In addition, empowers authorities to make Orders on financial institutions in connection with terrorist investigations Furthermore, establishes a list of proscribed organisations with which financial services firms may not deal.


Financial Conduct Authority (FCA) Rules

One of the statutory objectives of the FCA is the enhancement of the integrity of the UK financial system. The statutory objective was derived from the Financial Services and Markets Act 2000 (FSMA 2000). This particular objective incorporates the prevention of money laundering.

The MLRO will provide guidance to you relating to your obligations relating to money laundering and financial crime.


Joint Money Laundering Steering Group (JMLSG)

The JMLSG is made up of the leading UK Trade Associations within the Financial Services Industry. It provides detailed interpretation on the practical issues involved in the implementation of and compliance with the sources of UK legislation outlined above.



Apart from the criminal penalties mentioned above, contravention of the laws and rules can also give rise to civil actions under the civil law framework whereby liabilities to the victims of the original crime or subsequent terrorist act could arise.

In addition to risks of prosecution, you also leave your business open to the risk of damage to reputation. Consumers often select financial services firms on the basis of their perceived integrity, trust, ethical standards and professionalism. Perceived involvement in money laundering or terrorist financing could have the effect of destroying a firm’s reputation. 


3. Measures to Prevent Money Laundering

There are certain measures and controls that can be implemented and carried out to help prevent against money laundering. OmegaPro carries out such measures during its daily business activities and is committed to preventing any aspect of financial crime.

  • 1.  Client Identification Procedures – As set out in clause 6 of this policy, client ID and due diligence is performed on all new customers and where legal or regulatory standards require it. We will never work with clients that have not been verified through our strict due diligence and background checks.
  • 2.  Due Diligence Questionnaire – this questionnaire acts as an application form for new customers and asks detailed questions about the business/person concerned. Potential business customers are also expected to provide accompanying documents where applicable such as the company Certificate of Incorporation and/or their Data Protection Certificate.
  • 3.  Traceable Transactions – all transactions carried out by OmegaPro are recorded in such a manner that they can be traced should the need arise through the settlement files from the payment gateway
  • 4.  Records Management – all documents, accounts and transactions associated with clients/customers will be retained as per the legal or statutory retention periods.

An MLRO has been appointed and is responsible for monitoring all anti-money laundering measures and raising SARs.

All documents relating to money laundering reporting, business transactions, client identification and customer due diligence are retained for a minimum of 5 years.

The appointed MLRO will ensure that the below minimums are met with regards to the information on any reports: –

  •  The dates of such activities
  •  Whether the transactions have happened, are ongoing or are imminent
  •  Where they took place
  •  How they were undertaken
  •  The amount of money involved;
  •  What has given rise to the suspicion

Using all the information available at the time, the MLRO is required to make an informed decision using sound judgment as to whether there are reasonable grounds for either the knowledge or the suspicion of money laundering and to enable them to prepare their report for the National Crime Agency (NCA), where appropriate.


Firm Responsibility

To ensure compliance with obligations under the law, OmegaPro is required to establish and maintain systems and controls to deter criminals from using their facilities for money laundering purposes.

OmegaPro Money Laundering Reporting Officer (MLRO) is John Smith who has the overall oversight of the firm’s anti-money laundering activities, the implementation of appropriate Financial Crime strategies and regulatory reporting obligations.


Compliance Monitoring

John Smith is responsible for ensuring that the firm is provided with compliant and up to date systems and controls policies related to financial crime on a regular basis.

Provisions relating to countries with inadequacies on the approach to Money Laundering Prevention

The HM Treasury may direct any person or institution carrying out relevant business not to enter into a business relationship or carry out one-off transaction, or not to proceed any further with a customer relationship or transaction if the customer is based or incorporated in a country to which the Financial Action Task Force (FATF) has decided to apply countermeasures.

OmegaPro will make use of national and international findings on countries with inadequacies. This is to enable the Government and Financial Action Task Force findings of inadequacies concerning the approach of money laundering of individual countries or jurisdictions to be brought to bear on the relevant firms’ decisions and arrangements.


Responsibility of the staff

All staff working in OmegaPro, regardless of their actual position, have a duty to be aware of the need to prevent money laundering and terrorist financing.

Staff will direct any queries regarding AML/CTF to the MLRO. All suspicions must be reported to the MLRO. Failure to report your knowledge or suspicions to the MLRO may result in action being taken.

Should staff have reason to believe or suspect that any transaction, or potential transaction, could involve the proceeds of criminal conduct they must make an internal report of this to its MLRO. Failure of any staff member to adhere to the guidance and objectives laid out in this policy, may lead to action being taken upon that staff member i.e. disciplinary action.


Responsibility of the Money Laundering Reporting Officer

John Smith is responsible for the firms Anti-Money Laundering strategy.

The MLRO is responsible for:

  •  Receiving reports relating to (suspicions of) money laundering and terrorist financing;
  •  Investigating reports of suspicious events;
  •  Making reports of relevant suspicious events to the NCA;
  •  Ensuring the adequacy of arrangements made for the awareness and training of all staff and advisers;
  •  Reporting at least annually to the regulators on the operation and effectiveness of its systems and controls;
  •  Responding promptly to any reasonable requests for information made by the FCA;
  •  The approval and assessment of new or amended products/jurisdictions/sales channels and their risks;

Approving business relationships where the firm wishes to enter or continue a business relationship where the consumer is a Politically Exposed Person, the jurisdiction is considered by Financial Action Task Force (FATF) as non-cooperative or where the country has a high risk of terrorism.

It is the MLRO’s overall responsibility to oversee the firm’s compliance with the Money Laundering regulations and the FCA Senior Management Arrangements, Systems and Controls (SYSC) Sourcebook.

When considering an internal suspicion report, the MLRO will need to strike the appropriate balance between the requirement to make a timely disclosure to the NCA, especially if consent is required, and any delays that might arise in searching a number of unlinked systems and records that might hold relevant information.

Given the need for timely reporting, it may be prudent for the MLRO to consider making an initial report to the NCA prior to completing a full review of linked or connected relationships, which may or may not subsequently need to be reported to the NCA.

The manner of reporting will include typed, paper-based submission on a standard form and the existing electronic submission methods; secure extranet Money Web interface, the NCA’s web based reporting mechanism (Suspicious Activity Report) SARs Online, encrypted e-mail or encrypted digital media.

OmegaPro will include in each SAR as much relevant information about the customer, transaction or activity that it has in its records. The law enforcement agencies have indicated that details of an individual’s occupation/company’s business and National Insurance number are valuable in enabling them to access other relevant information about the customer. As there is no obligation to collect this information (other than in very specific cases), a firm may not hold these details for all its customers; where it has obtained this information, however, it would be helpful to include it as part of a SAR made by the firm. If the MLRO decides not to make a report to the NCA, the reasons for not doing so should be clearly documented or recorded electronically and retained with the internal suspicion report. Please refer to Appendix 1 Suspicious Activity Report Form.


4.  Risk Assessment

Carrying out the Risk Assessment

The first step in carrying out Due Diligence on prospective clients is to ascertain what level of risk that client may present. Then, depending on the level of risk, Due Diligence should be carried out, as appropriate.

In order to make the Risk Assessment procedure as clear and as effective as possible there are three levels of risk in which the client can be categorised:

  •   Low Risk
  •   Medium Risk
  •  High Risk

The following must be taken into account when assessing the client’s level of risk

  •  The nature of the product or service sought by the client;
  •  The nature and length of any existing or previous relationship between the customer and the firm;
  •  The nature and / or extent of any assurances from other (Financial Conduct Authority) regulated firms which may be relied upon (i.e. an introducers certificate), NOTE: The firm may not defer responsibility in this regard. If the firm has any suspicions regarding a client which has been introduced to it by a regulated firm, using an introduction certificate, then the firm must apply its own Due Diligence as well;

 Whether the customer is physically present;

 The presence of PEPs;

 The location of the client (i.e. are they in a high-risk jurisdiction?); and

 Any other reason to suspect the client may be engaged in criminal activity, such as Money Laundering, or the Financing of Terrorism.

With a Risk Assessment it is always better to considered on the side of caution, and not make assumptions that the client is low risk. The key “Red Flags” above, notwithstanding the other points, are in bold. Should the client be “Red Flagged” by any of those points then Enhanced Due Diligence procedures should be followed.

Low Risk Examples

The following examples provided are given as guidance and would typically be considered “Low Risk” clients. If there is any suspicion raised by a member of staff however, for whatever reason, then Enhanced Due Diligence procedures should be followed.

  •  Financial services firms which are subject to the Money Laundering regulations or equivalent, and which are regulated in the UK by the Financial Conduct Authority, or in the EU or an equivalent jurisdiction, by an equivalent regulatory body;
  •  Companies listed on a regulated market (see appendix for definitions);
  •  Beneficial owners of pooled account held by notaries or independent legal professionals;
  •  UK public authorities;
  •  Community institutions;
  •  Pension funds;
  •  Child trust funds


Medium Risk Example

  •  Individual based in the UK or equivalent jurisdiction


High Risk Examples

The following are given as guidance only.

  •  There is a PEP present in the structure of a legal entity, or the individual client is a PEP;
  •  The structure of the firm / group of firms seems unnecessarily complex;
  •  The firm / individual is based in a high-risk jurisdiction
  •  The firm / individual was not physically present to open the account


Sanction list and PEPs checks as part of the AML Assessment

Xxxx should run PEP and Sanction List check’s on all-natural persons and all-natural persons requiring verification in regard to legal entities (whether Director, Beneficiary, Controller, Signatory etc):

  •  Should any individuals flag up on Sanction List checks, Xxxx should refuse to engage them as a client;
  •  Should any individuals flag up on PEP checks, Enhanced Due Diligence procedures should be followed; and
  •  Xxxx should maintain and utilise a “stop” list of all individuals on sanction lists, to ensure Xxxx does not trade for them.

Note: Equivalent & High-Risk Jurisdictions

The list of jurisdictions which are considered Equivalent or High Risk is updated regularly by the Joint Money Laundering Steering Group (JMLSG).

All European Economic Area (EEA) states are considered equivalent jurisdictions and therefore low risk.



Czech RepublicEstoniaHungaryLatvia


Jurisdictions outside of the EEA which are considered equivalent jurisdictions, and as such are low risk are the following.

ArgentinaChinaNew ZealandTurkey
AustraliaBrazilHong Kong 
IndiaJapanSouth KoreaMexico
SingaporeSwitzerlandSouth Africa 


For the latest guidance on Equivalent Jurisdictions, please see: For guidance on whether a given jurisdiction is high risk, you may refer to several Indices on the Transparency International website.

  •  Corruption Perceptions Index 2018
  •  Research


5. Record Keeping Requirements


Client Record Keeping

Any copies of any evidence obtained in order to verify a client’s identity and satisfy Due Diligence requirements should be retained for a minimum of 5 years from the date that the client relationship finished.

Copies must be made of any paper documentation. These copies must be filed and stored electronically to allow efficient retrieval when required.

Details of client transactions must be retained for a minimum of 5 years from the date of the transaction.


Internal / External Reports

If applicable (i.e. if any internal / external reports have been made) records should be retained of:

  •  Internal and external suspicion reports;
  •  Details of actions taken in respect of internal and external suspicion reports;
  •  Details of information considered by MLRO in respect of an internal report where no external report is made; and
  •  Details of any client which has been refused by Xxxx due to being too risky, appearing on a Sanction list, or any other equivalent stop list.


Training Record Keeping

As required under Money Laundering Regulations, periodic training of staff is required.

When this is carried out, the following must be recorded by the firm:

  •  The dates AML training was given;
  •  The nature of the training;
  •  The names of the staff who received training;
  •  Declaration from those persons having undergone training that they understood the training; and
  •  The results of any tests undertaken by staff, where appropriate.


MLRO annual reports

The MLRO will draft an annual report, in which the effectiveness of Xxxx’s systems and controls are reviewed. This is to be retained by the firm for a minimum of 5 years from when the report was drafted.


6. MLRO & Reporting of suspicious Transactions


The MLRO of OmegaPro is John Smith. His appointed deputy for receiving internal suspicion reports is

The responsibilities of these members of staff include:

  •   achieving and maintaining threshold competence:
    • i.   aware of changing behavior and practices amongst money launderers;
    • ii.   suspicious activity
    • iii.   aware of AML regulations applicable to the firm
  •  assume personal responsibility for considering internal suspicion reports, and for deciding whether an external report should be made;
  •  be responsible for oversight of the firm’s AML systems and controls;
  •  make regular reports to senior management on the operation of the firm’s AML/CTF (Counter Financing of Terrorism) procedures, and on any improvements that are needed; and

Reporting Suspicious Activity to the MLRO or appointed deputy

If any member of staff has any suspicions raised, about any client, whether that client might be engaged in money laundering, or terrorist financing, then an internal report must be made by that staff member to the MLRO, or the MLRO’s appointed deputy.

The obligation on staff members is to submit this internal report as soon as is reasonably practical.

Any internal report must be considered by the MLRO in the light of all other relevant information, to determine whether or not the information contained within the report does give rise to concerns or suspicions that the client may be engaging in money laundering or the financing of terrorism.


Reporting Procedures summary

  •  All staff must raise an internal report where they have knowledge or suspicion, or where there are reasonable grounds to have knowledge or suspicion, that another person has engaged in money laundering or that terrorist property exists;
  •  The firm’s MLRO must consider all internal reports;
  •  The firm’s MLRO must make an external report to the NCA as soon as is practical if he considers that there is knowledge, suspicion, or reasonable grounds for knowledge or suspicion, that another person is engaged in money laundering or that terrorist property exists;
  •  The firm must seek consent from the NCA before proceeding with a suspicious transaction or entering into arrangements;
  •  Firms must freeze funds if a customer is identified as being on the Consolidated List on the HM Treasury website of suspected terrorists or sanctioned individuals and entities, and make an external report to HM Treasury;
  •  It is a criminal offence for anyone, following a disclosure to a MLRO or to the NCA, to do or say anything that might either ‘tip off’ another person that a disclosure has been made or prejudice an investigation. E.g. do not inform the client in any way that a disclosure has been made against them; and
  •  The firm’s MLRO must report suspicious approaches (e.g. suspicious attempts to engage in business), even if no transaction takes place.


7. Processing Client Due Diligence Documentation

When a client provides Xxxx with requested Due Diligence Documentation, it is vital that the following procedures be adhered to.

Documents in a foreign language
Any document received in a foreign language for the purposes of satisfying Due Diligence requirements must have an independent translation into English.

Original Documents
When a client supplies Xxxx with original documentation, and copies are made, the member of staff making the copy must on every page of the copy:

  •  Mark the copy “Copied at Xxxx”;
  •  Clearly print their own name;
  •  Clearly provide a date at which the copy was made; and
  •  Sign off the copy.

Paper versions of these copies must be stored in the physical Client file, and electronic copies must be stored and filed on the computer system to allow easy and efficient retrieval, when necessary.

When a client is unable to provide original documentation to Xxxx, they may provide copies. The copies must be retained in the physical client files, and also be scanned and stored electronically.

Completing Due Diligence
Once all relevant Due Diligence documentation and information is collected, the account opening forms must be populated with the relevant information. The entire client file must be signed off by the member of staff who compiled it as completed, and also have a senior member of staff countersign it, to confirm the file has all required information.


Politically Exposed Persons (PEPs)

A PEP is defined as:
“an individual who is or has, at any time in the preceding year, been entrusted with prominent public functions and an immediate family member, or a known close associate, of such a person”.
This definition only applies to those holding such a position in a state outside the UK, or in a Community institution or an international body.

The following are examples of prominent public functions which may constitute a PEP:

  •  heads of state, heads of government, ministers, deputy or assistant ministers, and members of parliaments;
  •  members of supreme court, constitutional court or other high-level judicial bodies whose decisions are not generally subject to further appeal, except in exceptional circumstances;
  •  members of the boards of central banks;
  •  ambassadors, charges d’affaires and high-ranking officers in the armed forces (other than in respect of relevant positions at Community and international level); and
  •  members of the administrative, management or supervisory boards of state-owned enterprises.

    Where Due Diligence procedures uncover the presence of PEPs, the following extra procedures should be adhered to

  •   obtain appropriate senior management approval for establishing a business relationship with such a customer;
  •  follow Enhanced Due Diligence procedures;
  •  establish the source of wealth and source of funds which are involved in the business relationship or occasional transaction; and
  •  conduct enhanced ongoing monitoring of the business relationship.

The firm should, as far as practicable, be alert to public information relating to possible changes in the status of its customers with regard to political exposure (i.e. Interpol and National Crime Agency (NCA) updates).


Ongoing Due Diligence & Monitoring

Ongoing monitoring of a business relationship includes:

  •  scrutiny of transactions undertaken throughout the course of the relationship (including, where necessary, the source of funds) to ensure that the transactions are consistent with the firm’s knowledge of the customer, the business and risk profile;
  •  ensuring that the documents, data or information held by the firm are kept up to date. Depending on that clients level of risk, this could be reviewed quarterly, bi-annually or annually; and
  •  the MLRO receives non-public Sanction list updates from the NCA. This list should be checked against the database of client to ensure Xxxx does not act for those persons. The same should be done in regard to PEPs.

    Effective monitoring may be based on a considered identification of transaction characteristics, such as:

  •  the unusual nature of a transaction: For example, abnormal size or trading frequency for that customer or peer groups or the early surrender of product;
  •  the nature of a series of transactions: for example, a number of cash credits;
  •  the geographic destination or origin of a payment: for example, to or from a high-risk country; and
  •  the parties concerned: for example, a request to make a payment to or from a person on a sanctions list.

Enhanced Due Diligence (Individuals)

Enhanced customer due diligence and monitoring (EDD) is required by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) in any situation where there is a higher risk of money laundering or terrorist financing. It must also be carried out in certain prescribed situations. For example, where clients have unnecessarily complex or opaque business structures, the transactions are unusual or lack an obvious purpose, the client is not present, or the client is a politically exposed person (PEP). One other situation is where the business relationship or transaction is with a person established in a “high-risk third country”.

Examples where the client’s details or circumstances change include:

    •   a big change in the level or type of business activity; and
    •  A change of address.

      For Individuals, the following (certified copies, or original documentation):

    •  Their photograph on a valid official document issued by a government department which confirms their identity such as:
      • i. a passport; or
      • ii. a driving license
    •  A document dated within the last 3 months which confirms their residential address, proof of address required:
      • i.  recent utility bill;
      • ii. bank statement;
      • ii. electoral register;
      • ii.  information held by credit reference agencies such as Experian and Equifax;
      • v. Drivers license.

If the client has changed address in the last 3 years, proof of previous address is required.

The following supplementary information should also be provided by the client:

  •  the intended nature of the relationship – for example source of funding, the purpose of transactions, and so on;
  •  details of your customer’s business or employment;
  •  the source and origin of funds that your customer will be using in the relationship (such as an original or certified copy of recent and /or current financial statements within at least the last 3 months); and
  •  the expected level and type of activity that will take place.

A more Extensive list of documentation which may be accepted for Due Diligence Purposes may be found in Annex 2, along with guidance on its use.

Simplified Due Diligence (Legal Entities)

If there is any suspicion that a principal of the client firm may be a PEP, or, if you have doubts about a customer’s identification information (e.g. possible fraud), then Enhanced Due Diligence procedures should apply.

Simplified DD should be applied firstly, on evidence reasonable grounds for believing the firm may be regulated and authorised by:

    •  checking with the home country central bank or relevant supervisory body;
    •  checking with another office, subsidiary, branch or correspondent bank in the same country;
    •  checking with a regulated correspondent bank of the overseas institution; or
    •  Obtaining from the relevant institution evidence of its licence or authorisation to conduct financial and/or banking business.

A list of the regulatory authorities in EU and FATF member states is available at

Xxxx must take appropriate steps to be reasonably satisfied (risk-based approach) that the person representing the company is appropriately authorised to do so. This may be done by:

  •  Providing the firm with a form to ascertain who the authorised signatories are for the account, to be signed by a member of the board of the firm. This should be cross checked against Companies House registry of Directors.
  •  provide copies of identification for the authorised signatory / signatories
  •  details of the relationships between signatories and any underlying beneficial owners

Enhanced Due Diligence (Legal Entities)

Enhanced Due diligence procedures must be carried out if there is any suspicion that a principal of the client firm may be a PEP, or, otherwise a principal or the firm is considered high risk (adverse media, name match on sanctions list, suspicion of money laundering, company structure is overly complex), or if you have doubts about a customer’s identification information (e.g. have not been able to validate the information provided). It must be repeated if the client’s details or circumstances have changed.

Examples where the client’s details or circumstances change include:

    •  a big change in the level or type of business activity;
    •  a change in the ownership structure of a business; and
    •  A change of address.

Xxxx should ensure that it fully understands the company’s legal structure and ownership. Xxxx should also obtain sufficient additional information on the nature of the company’s business and the reasons for seeking the product or service. In addition to evidencing the identity of beneficial owners and controllers, the following, additional documentation (If deemed high risk, certified or original) should be obtained:

    •  a Certificate of Incorporation;
    •  a Memorandum and Articles of Association (object clause to be checked to ensure activity envisaged is within the objects of the firm);
    •  A signed statement from the principals of the entity confirming that an appropriate anti money laundering policy is in place;
    •  the most recent financial statements;
    •  a list of authorised signatories; and
    •  the board minutes authorising the opening of the account.

The critical issue is to establish a link between the beneficial owners (whose assets are in the firm) and controllers (who will operate the account) of the firm

The firm should verify the existence of the corporate status:

  •  confirmation of the company’s listing on a regulated market; or
  •  a search of the relevant company registry; or
  •  a copy of the company’s Certificate of Incorporation

For companies not listed on a recognised stock exchange (i.e. private companies), identity should be verified (follow Simplified Due Diligence procedures for individuals engaging in a one-off purchase) for:

  • 1.   The director as a beneficial owner if the director owns or controls more than 25% of the company’s shares or voting rights (whether shares are held directly or indirectly – i.e. though a holding company);
    • i. If a beneficial owner hold shares indirectly through a holding company, the accounts for that company must be obtained
  • 2.   Individual beneficial owners owning or controlling more than 25% of the company’s shares or voting rights (whether shares are held directly or indirectly);
  • 3.   Individuals with principal control over the firm’s assets (e.g. controllers, directors’ director/partners, shadow directors)


8. Miscellaneous Due Diligence


For trusts, identity should be verified (follow Simplified Due Diligence procedures for individuals) for the settlor (i.e. person providing the funds) and the individuals who are authorised to invest or transfer funds (i.e. trustees and those who exert influence over the trustees). In addition, the following information should be obtained:

  •  full name of the trust;
  •  nature of the trust;
  •  country of establishment;
  •  names of all trustees;
  •  names of any beneficial owners;
  •  name and address of any protector or controller; and
  •  list of authorised signatories.

The trust deed or reference to an appropriate register in the country of establishment should be able to provide most of the information.

Partnerships and Unincorporated Bodies

All beneficial owners must be identified. The beneficial owner of a partnership is any individual who ultimately is entitled to or controls (whether the entitlement or control is direct or indirect) more than a 25% share of the capital or profits of the partnership, or more than 25% of the voting rights in the partnership, or who otherwise exercise control over the management of the partnership.

The firm should obtain the following in relation to the partnership or unincorporated association

  •  full name;
  •  business address;
  •  names of all partners/principals who exercise control over the management of the partnership;
  •  names of individuals who own or control over 25% of its capital or profit, or of its voting rights; and
  •  list of authorised signatories.


Xxxx’s obligation is to verify the identity of the customer using evidence from a reliable and independent source. Where partnerships or unincorporated businesses are well known reputable organisations, and with substantial public information about them and their principals and controllers, confirmation of the customer’s membership of a relevant professional or trade association is likely to be able to provide such reliable and independent evidence. This does not obviate the need to verify the identity of the partnership’s beneficial owners.

Other partnerships and unincorporated businesses will have a lower profile, and will generally comprise a much smaller number of partners/principals. In verifying the identity of such customers, firms should primarily have regard to the number of partners / principals. Where these are relatively few, the customer should be treated as a collection of private individuals and follow the guidance for individuals. Where numbers are larger, the firm should decide whether it should continue to regard the customer as a collection of private individuals or whether it can be satisfied with evidence of membership of a relevant professional or trade association. In either circumstance there is, likely to be, a need to see the partnership deed (or other evidence in the case of sole traders or other unincorporated businesses), to satisfy that the entity exists, unless an entry in an appropriate national register can be verified.

For identification purposes, Scottish partnerships and limited liability partnerships should be treated as corporate customers. For limited partnerships, the identity of general partners should be verified (follow Due Diligence procedures for individuals engaging in a one-off purchase) whilst other partners should be treated as beneficial owners.


Public Sector bodies, governments, state owned companies and supranationals

(Public sector bodies include state supported schools, colleges, universities and NHS trusts.)

Only Simplified Due Diligence is required in respect of public authorities in the UK.

Only Simplified Due Diligence is required in respect of non-UK public authorities which meet the following criteria:

    •  the customer has been entrusted with public functions pursuant to the Treaty on the European Union, the Treaties on the European Communities or Community secondary legislation;
    •  the customer’s identity is publicly available, transparent and certain;
    •  either the customer is accountable to a Community institution or to the authorities of an EEA state, or otherwise appropriate check and balance procedures exist ensuring control of the customer’s activity.

Firms should obtain the following information about customers who are public sector bodies, governments, state-owned companies and supranationals:

  •  full name of the entity;
  •  nature and status of the entity (e.g., overseas government, treaty organisation);
  •  address of the entity;
  •  name of the home state authority;
  •  names of directors (or equivalent); and
  •  list of authorised signatories.

Firms should take appropriate steps to understand the ownership of the customer and the nature of its relationship with its home state authority.


Pension Schemes

UK pension schemes can take a number of legal forms. Some may be companies limited by guarantee; some may take the form of trusts; others may be unincorporated associations. Many register with HMRC in order to achieve tax-exempt status. Most have to register with the Pensions Regulator. Generally, evidence of registration with HMRC or the Pensions Regulator will be sufficient to meet identification and verification obligations in respect of most UK pension schemes.

Where a firm is unable to confirm the scheme’s HMRC or Pension Regulator registration, a pension scheme should be treated for AML/CTF purposes according to its legal form and standard evidence obtained, including obtaining the list of authorised signatories.


Non-Face to Face Identification and Verification

Non face-to-face identification and verification carries an inherent risk of impersonation fraud. Where identity is verified electronically, or copy documents are relied on, a firm should apply an additional verification check to manage the risk of impersonation fraud. The additional check may consist of robust anti-fraud checks that the firm routinely undertakes as part of its existing procedures, or another measure, such as:

  •  requiring the first payment to be carried out through an account in the customer’s name with a UK or EU regulated credit institution or one from a comparable jurisdiction;
  •  verifying additional aspects of the customer’s identity, or of his or her electronic ‘footprint’; telephone contact with the customer prior to opening the account on a home or business number which has been verified (electronically or otherwise), or a “welcome call” to the customer before transactions are permitted, using it to verify additional aspects of personal identity information that have been previously provided during the setting up of the account;
  •  telephone contact with the customer prior to opening the account on a home or business number which has been verified (electronically or otherwise), or a “welcome call” to the customer before transactions are permitted, using it to verify additional aspects of personal identity information that have been previously provided during the setting up of the account;
  •  communicating with the customer at an address that has been verified (such communication may take the form of a direct mailing of account opening documentation to him, which, in full or in part, might be required to be returned completed or acknowledged without alteration);
  •  internet sign-on following verification procedures where the customer uses security codes, tokens, and/or other passwords which have been set up during account opening and provided by mail (or secure delivery) to the named individual at an independently verified address;
  •  other card or account activation procedures; and
  •  requiring copy documents to be certified by an appropriate person.


Source of Funds as Evidence

Under certain conditions, where the money laundering or terrorist financing risk in a product is considered to be at its lowest, a payment drawn on an account with a UK or EU regulated credit institution, or one from a comparable jurisdiction, and which is in the sole or joint name of the customer, may satisfy the standard identification requirement. Whilst the payment may be made between accounts with regulated firms or by cheque or debit card, the accepting firm must be able to confirm that the payment (by whatever method) is from a bank or building society account in the sole or joint name(s) of the customer. Firms will need to be able to demonstrate why they considered it to be reasonable to have regard to the source of funds as evidence in a particular instance.


9. Appendix 1 (Definitions)

Conflict-affected and high-risk areas

Areas identified by the presence of armed conflict, widespread violence, including violence generated by criminal networks, or other risks of serious and widespread harm to people. Armed conflict may take a variety of forms, such as a conflict of international or non international character, which may involve two or more states, or may consist of wars of liberation, or insurgencies, civil wars. High-risk areas are those where there is a high risk of conflict or of widespread or serious abuses as defined in paragraph 1 of Annex II of the Guidance. Such areas are often characterised by political instability or repression, institutional weakness, insecurity, collapse of civil infrastructure, widespread violence and violations of national or international law.

Due diligence

Due diligence is an on-going, proactive and reactive process through which companies can identify, prevent, mitigate and account for how they address their actual and potential adverse impacts as an integral part of business decision-making and risk management systems. Due diligence can help companies ensure they observe the principles ofinternational law and comply with domestic laws, including those governing the illicit trade in minerals and United Nations sanctions.

Management system

Management processes and documentation that collectively provide a systematic framework for ensuring that tasks are performed correctly, consistently and effectively to achieve the desired outcomes, and that provide for continual improvement in performance.

Regulated Market

a multilateral system operated and/or managed by a market operator, which brings together or facilitates the bringing together of multiple third-party buying and selling interests in financial instruments – in the system and in accordance with its nondiscretionary rules – in a way that results in a contract, in respect of the financial instruments admitted to trading under its rules and/or systems, and which is authorised and functions regularly and in accordance with the provisions of Title III of MiFID.



10. Appendix 2 (Due Diligence Documents List)

Group 1
PassportAny current and valid passport
Biometric residence permitUK
Current driving licence – photo card with counterpartUK/Isle of Man/Channel Islands (full or provisional)
Birth certificate – issued at time of birthUK and Channel Islands – including those issued by UK authorities overseas, eg embassies, High Commissions and HM Forces
Group 2a
Current driving licence – old-style paper versionUK
Current photo driving licenceNon-UK licences must be valid for up to 12 months from the date the applicant entered the UK
Birth certificate – issued after time of birthUK and Channel Islands
Marriage/civil partnership certificateUK and Channel Islands
Adoption certificateUK and Channel Islands
HM Forces ID cardUK
Firearms licenceUK, Channel Islands and Isle of Man
Group 2b
DocumentNotesIssue Date and Validity
Mortgage statementUK or EEAIssued in last 12 months
Bank or building society statementUK and Channel Islands or EEAIssued in last 3 months
Bank or building society account opening confirmation letterUKIssued in last 3 months
Credit card statementUK or EEAIssued in last 3 months
Financial statement, eg pension or endowmentUKIssued in last 12 months
P45 or P60 statementUK and Channel IslandsIssued in last 12 months
Council Tax statementUK and Channel IslandsIssued in last 12 months
Work permit or visaUKValid up to expiry date
Letter of sponsorship from future employment providerNon-UK or non-EEA only – valid only for applicants residing outside of the UK at time of applicationMust still be valid
Utility billUK – not mobile telephone billIssued in last 3 months
Benefit statement, eg Child Benefit, PensionUKIssued in last 3 months
Slovenia Central or local government, government agency, or local council document giving entitlement, eg from the Department for Work and Pensions, the Employment Service, HMRCUK and Channel IslandsIssued in last 3 months
EU National ID cardMust still be valid
Cards carrying the PASS accreditation logoUK and Channel IslandsMust still be valid
Letter from head teacher or college principalUK – for 16 to 19 year olds in full time education – only used in exceptional circumstances if other documents cannot be providedMust still be valid


In using the above chart, Xxxx must verify the client’s identity using one of 3 “routes” below.

Route 1

The client must be able to show:

  •  1 document from Group 1,
  •  2 further documents from either Group 1, or Group 2a or 2b,

At least 1 of the documents must show the client’s current address.

Route 2

If the client doesn’t have any of the documents in Group 1, then they must be able to show:

  •  1 document from Group 2a
  •  2 further documents from either Group 2a or 2b

At least 1 of the documents must show the client’s current address.

Route 3

Route 3 can only be used if it hasn’t been possible to process the application through Routes 1 or 2. For Route 3,

the client must be able to show:

  •  a birth certificate issued after the time of birth (UK and Channel Islands)
  •  1 document from Group 2a
  •  3 further documents from Group 2a or 2b

At least 1 of the documents must show the client’s current address.



The material contained in this web site does not constitute an offer for sale. Opinions expressed are subject to change at any time. The material is based upon information which is considered reliable, but no representation is made that it is accurate or complete, and should not be relied upon. Past performance is not an indication of future performance.