MLR 2017 and Enhanced Due Diligence: A Compliance Blueprint

The dynamic nature of the economy makes it vulnerable to criminal activities such as Money Laundering (ML), Terrorist Financing (TF), and Proliferation Financing (PF).  To safeguard the economy against these crimes, UK has adopted a rigorous Anti-Money Laundering (AML), Counter-Terrorist Financing (CTF), and Counter-Proliferation Financing (CPF) regulatory regime. A significant compliance requirement under the framework is Customer Due Diligence (CDD). In high-risk situations, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) obligates Relevant Persons to carry out Enhanced Due Diligence (EDD).

This blog discusses EDD in detail, as EDD is an advanced, in-depth, and rigorous version of CDD used to assess and manage ML/TF and PF risks associated with high-risk customers. To understand EDD, let’s first look at the definition, purpose, and steps involved in carrying out Customer Due Diligence.

Customer Due Diligence

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 mandate ‘Relevant Persons’ to adopt CDD measures as part of their AML compliance process. CDD in AML refers to the process through which Relevant Persons verify and authenticate customers’ identities to detect, prevent, and mitigate ML/TF and PF.

Purpose of CDD 

The primary purpose of conducting CDD is to ensure that the businesses thoroughly identify their customers before establishing a business relationship with them. CDD aims to verify the legitimacy of customer identity and business activities, so that ML/TF and PF risks are effectively managed. CDD facilitates Relevant Persons to understand the degree of ML/TF and PF risks a customer poses and take risk mitigation measures accordingly. It also enables informed decision-making regarding business relationships with the client.

Steps Involved in CDD

There are various steps involved in the CDD process. These include the following:

• Customer Identification and Verification or Know Your Customer (KYC)
• Identification and Verification of the Beneficial Owner of the customer, whether a customer is a legal entity or a legal arrangement
• Understanding the nature and purpose of the intended business relationship with the customer
• Conducting Name Screening, which includes Sanctions Screening, Politically Exposed Persons (PEP) Screening, and Adverse Media Screening
• Conducting Customer Risk Assessment
• Determine the level of CDD to be applied: Simplified Due Diligence is permitted for low-risk customers, whereas EDD is mandatory for high-risk customers. For other customers, standardised versions of CDD may be adopted
• Conducting Ongoing Monitoring of the business relationship
• Record-Keeping of all the documents and information collected while conducting CDD

ID Verification and KYC

ID verification is a crucial step of the CDD process, that ensures that the provided identity is legitimate and does not hint of any forged or counterfeit identity document, any identity theft, or underlying illegal activities. The KYC process involves verifying personal details such as name, address, date of birth, etc. This information is then cross-examined with reliable and independent sources. ID verification helps in mitigating the risks of criminals using false identities and identity theft.

Customer Risk Assessment 

Customer Risk assessment under the CDD process involves assessing factors such as customer identity, business activities, geography, delivery channels, transaction history, etc. Customers are then categorised into risk categories depending on the level of ML/TF and PF risks they pose. This helps the Relevant Person determine if Enhanced Due Diligence is necessary.

Ongoing Monitoring of a Business Relationship

Here the client profile is tracked and periodically refreshed to understand if there are any additional control measures necessary in line with the changes in the customer profile.

Transaction Monitoring 

Transaction monitoring refers to keeping track of and analysing transactions of customers to identify any suspicious activity. This ensures prompt detection of changes in risk levels associated with customers. When any suspicious behaviour is recorded, it demands further investigation and reporting to regulatory authorities. Continuous review and analysis of customer transactions help in the rapid detection of irregularities and prevent financial crimes at an early stage.

Role of KYC in Enhanced Due Diligence

Know Your Customer (KYC) or Customer Identification and Verification is the first step in the Customer Due Diligence (CDD) process. It plays an important role in determining the level of CDD applicable to a customer. KYC sets the groundwork for EDD and helps businesses to implement an effective EDD framework. The role of KYC in EDD can be defined in the following ways:

• Through KYC, businesses get to understand the identity of the customer, the nature of customers’ business, beneficial owners, the purpose of the intended business relationship, etc.
• Under MLR 2017, Relevant Persons are required to adopt a risk-based approach to determine the degree of CDD applicable to a customer. Risk-based approach advocates adopting risk mitigation measures depending upon the ML/TF and PF risks a customer poses.
• The information collected during the KYC procedure forms the basis for customer risk profiling, allowing businesses to take an informed decision regarding the level of CDD required.
• As KYC helps in assessing the risk level, it then serves as a basis for ongoing monitoring of business relationships. This helps in the timely detection and prompt reporting of suspicious activity.
• KYC procedure helps in identifying high-risk customers such as Politically Exposed Person (PEP), or customers from high-risk jurisdictions. KYC also helps check adverse media by continuously monitoring news sources for negative information related to customers.
• Data collected for customer identification and verification is stored extensively for record-keeping purposes. This helps with building a customer profile for future references. It also helps in dynamic risk profiling to reflect changes in the ML/TF and PF risk categorisation of customers.

What Is Enhanced Due Diligence?

A risk-based approach to AML compliance requires Relevant Persons to adopt risk control measures proportional to the degree of ML/TF and PF risks a customer poses. A thorough Customer Risk Assessment will identify customers with higher ML/TF and PF risks. EDD is a more rigorous and stringent version of CDD, applied to high-risk customers.

Regulatory Framework for Enhanced Due Diligence

In UK, EDD is prescribed as an AML compliance requirement to be conducted on high-risk customers under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. Under MLR 2017, the following measures should be part of the EDD procedures of a Relevant Person:

• Collecting additional information on the customer and their background, the customer’s Beneficial Owner, the intended nature of the business relationship, and the financial situation of the customer
• Determining if the transaction involved is aligned with the nature and purpose of the business relationship with the customer
• Increasing the frequency and degree of ongoing monitoring of the business relationship with the customer and a greater scrutiny of the transactions that the customer undertakes
• Obtaining information from additional independent and reliable sources for the purpose of verification of customer information
• For customers that are considered high-risk due to their having connections with a high-risk country, the following EDD measures must be taken:
  • Obtaining information about the Source of Wealth (SoW) and Source of Funds (SoF) of the customer and the customer’s Beneficial Owner
  • Understanding the reason for the transaction
  • Seeking the approval of Senior Management for customer onboarding or continuing the business relationship with the customer
  • Enhancing the ongoing monitoring of the business relationship with the customer
• In cases where a transaction is complex, unusually large, it involves unusual patterns of transactions, or the transaction has no economic and legal reasons, the following EDD measures must be applied:
  • Thoroughly examining the background and purpose of the transaction
  • Conduct enhanced ongoing monitoring of the degree and nature of business relationships to determine if the transaction or the business relationship is suspicious in the context of ML/TF and PF
• In cases where the customer is a Politically Exposed Persons (PEP), EDD is compulsory. EDD measures for PEP include the following:
  • Senior Management approval before onboarding
  • Establishing the Source of Funds and Source of Wealth (SoF and SoW)
  • Undertaking enhanced ongoing monitoring of the business relationship
• While conducting EDD procedures, if Relevant Persons finds that a customer is subject to sanctions, such a customer should not be onboarded, and a Frozen Asset Report must be filed with the Office of Financial Sanctions Implementation (OFSI) if the Relevant Person holds or controls funds or other economic resources of the sanctioned customer.

When Should Enhanced Due Diligence Be Performed?

Under MLR 2017, EDD should be performed in the following circumstances:

• Identification of High-Risk by the Relevant Person or Information Provided by Supervisory Authorities: When the Relevant Person identifies a customer as high-risk of ML/TF or acts as per the information provided by its Supervisory Authority
• Customer Is from High-Risk Third Country: When a customer or a party to a transaction is established in a high-risk third country
• Correspondent Relationships: When a customer is in a correspondent relationship with a Relevant Person that is a credit or financial institution
• Customer Is PEP: When a customer is a Politically Exposed Person (PEP), or a family member or a known close associate of a PEP
• False Identification Documents: When a customer has provided identification documents that are found to be false or stolen
• Unusual Transactions: When a transaction is unusually large complex, it involves unusual pattern of transactions, or the transaction has no economic or legal reasons
• High-Risk by Nature: Cases which by its very nature are of high-risk for ML/TF and PF

Enhanced Due Diligence Procedures

EDD involves the following procedures:

• Enhanced Customer Identification and Verification: As compared to simplified and standard due diligence, the EDD process involves obtaining more detailed information on the customer’s identity. It includes verifying official documents through cross-checking against reliable databases, and, if required, carrying out face-to-face interviews to confirm customers’ legitimacy.

• Source of Wealth Verification: Under the EDD process, it is important to understand the origin and source of customers’ wealth. This involves assessing customers’ financial standing and net-worth through documents specifying how they acquired their wealth, such as through a gift deed, subject matter of succession through a will, to name a few to ensure that the wealth has been accumulated through legal means.
• Source of Funds Verification: This step focuses on verifying the sources of funds in a transaction. It involves tracing the origin of money involved to confirm that the funds are coming from legal sources. This could be verified through bank statements, contracts, and relevant transactional documents.
• Seeking Approval of Senior Management: Before onboarding a high-risk customer, it is necessary to seek the approval of senior management of the Relevant Person.
• Ongoing Monitoring: Continuous monitoring is a key component of EDD. This helps in detecting any unusual or suspicious activity and addressing it promptly. Continuous review helps in recognising changes in customers’ profiles, especially the level of risks, which could change anytime.
• Record-Keeping: Gathered information is to be maintained in the form of extensive records for prescribed timeframe. Record-keeping is a regulatory requirement and is crucial for regulatory compliance and future references. Proper record-keeping provides evidence of AML compliance.

Benefits of EDD

EDD provides significant benefits for Relevant Persons such as the following:

• Comprehensive Customer Profile: The details and documents such as customers’ official documents, information on their financial background, and business activities gathered during the EDD process is maintained in the form of a comprehensive record. This comprehensive record helps in building a customer profile to assess risk levels, perform ongoing monitoring, and make informed decisions.
• Prompt Detection of ML/TF and PF: In-depth checks and ongoing monitoring in EDD helps in enhancing the effectiveness of AML compliance. This helps in identifying suspicious activities and transactions that hint of ML/TF and PF.
• Regulatory Compliance: Adhering to AML regulations in UK is mandatory for businesses. EDD ensures that businesses meet legal requirements set under MLR 2017.
• Adoption of a Risk-Based Approach: EDD adopts a risk-based approach and enables businesses to tailor their AML measures and allocate resources more efficiently. The tailored approach ensures that the level of due diligence is proportionate to the level of risk. This helps businesses in optimising their AML/CTF/CPF compliance.
• Informed Decision Making: EDD helps Relevant Persons to make informed decisions regarding their relationship with the customer.
• Builds Positive Reputation: By ensuring that adequate ML/TF and PF risk mitigation measures, such as EDD, are in place, Relevant Persons demonstrate their commitment to AML compliance, building a positive reputation in their industry.

Limitations of Enhanced Due Diligence

• Customer Dissatisfaction: EDD process involves extensive background checks and a rigorous verification process. This can be time-consuming and frustrating for customers and can lead to dissatisfaction.
• ML/TF and PF Risks May Still Occur: Even after applying rigorous EDD measures, criminals may manage to bypass background checks using advanced tools to conceal their identity and the activities they are involved in. Through EDD, risk can be minimised but may not be completely eliminated, which necessitates the requirement for continuous improvement and adoption of robust and latest AML/CTF/CPF compliance practices.
• Time-Intensive: The extensive nature of EDD makes it a time-consuming process. Detailed checks such as verification of sources of wealth and funds, conducting thorough risk assessments, and continuous monitoring require significant time and effort. This can slow down the customer onboarding process.
• Resource Heavy: EDD demands stringent scrutiny, requiring trained staff, advanced technology, and heavy financial investment. This can be burdensome for small and medium-sized businesses and impacts their ability to conduct effective due diligence. It makes EDD an expensive and labour-intensive process.

Best Practices for Implementing Enhanced Due Diligence

• Clearly Defined EDD Procedures: EDD procedures as part of the AML compliance program of the Relevant Person must be clearly defined and established to ensure all stakeholders understand their responsibilities and avoid any confusion.
• Integration Between Customer Risk Assessment and BWRA: Business-Wide Risk Assessment (BWRA) and Customer Risk Assessment should be integrated to ensure that the risks recognised in the BWRA are reflected in the risk weightage assigned in the Customer Risk Assessment, making it tailored to the needs of the Relevant Person.
• Senior Management Engagement: Senior Management must play an active role in ensuring AML/CTF/CPF compliance and making prompt decisions regarding business relationships with high-risk customers.
• Adoption of Risk-Based Approach: A risk-based approach should be adopted to ensure proportional risk mitigation measures are implemented depending on the intensity of risk.
• Defining Risk Appetite: Based on the BWRA, Relevant Persons should define their risk appetite to determine the amount of ML/TF and PF risks they can effectively manage with their available risk control measures. This ensures that Relevant Persons make informed decisions regarding business relationships with their customers.
• Establishing Customer Acceptance and Exit Policies: Relevant Persons should define the circumstances in which customers would not be onboarded or are to be offboarded to avoid ML/TF/PF risks emanating from them.
• Adopting AML Software Solutions: Advanced AML software can streamline and enhance overall compliance procedures. It can strengthen the EDD process by automating tasks like data collection and cross-verification, ongoing monitoring, regulatory reporting, adverse media checks, etc. As the EDD process is stringent in nature, AML software can make it efficient and accurate by managing a large amount of data and offering informed decision-making.
• Employee Training: The EDD process is extensive and demands skilled professionals specialised in conducting such processes. Therefore, it is crucial to regularly train employees on AML/CTF/CPF regulations and the latest threats concerning financial crimes. Regular training equips employees with the latest mechanism and best practices and enables them to understand their AML/CFT compliance obligations and be accountable.
• Strong Controls: Strong internal controls should be implemented to manage high-risk customers and their activities. An automated system should be adopted for monitoring transactions, conducting audits, and promptly reporting suspicious activities.

The Role of AML Software in Performing Enhanced Due Diligence

AML Software streamlines and optimises the AML/CTF/CPF compliance journey for Relevant Persons. It makes the EDD process efficient and comprehensive by providing the following solutions:

• Configurable Customer Risk Assessment: This allows risk weightage to be defined as the needs of the Relevant Person, making the Customer Risk Assessment more relevant and tailored.
• Automatic Escalation of High-Risk Customers for EDD: As per the Customer Risk Assessment, customers categorised as high-risk are automatically escalated for conducting EDD procedures on a priority basis. This reduces the time consumed by conducting EDD and ensures a smooth customer experience.
• Rigorous Ongoing Monitoring of Customer Profile and Transactions: AML Software rigorously monitors the profiles and activities of high-risk customers using cutting-edge technologies such as machine learning and data analysis.
• Generation of Red Alerts for any ML/TF and PF Risks Detected: A red alert is generated for any ML/TF and PF risk detected, ensuring that the risks are mitigated in a timely manner.
• Comprehensive Record-Keeping: Records of all transactions related to the EDD process are automatically maintained, as required by MLR 2017. This ensures regulatory compliance, enables analysis of information, assists in informed decision-making, etc.

Conclusion

Conducting Enhanced Due Diligence is crucial to detect and mitigate ML/TF and PF risks emanating from high-risk customers. It is important to ensure that the EDD process is strong enough to meet the challenges of ML/TF and PF. Adopting AML software and adopting best practices can enhance the effectiveness of EDD. By doing so, Relevant Persons in UK can protect themselves and continue their efforts to combat financial crimes by staying vigilant and resilient.