It’s been over six months since the introduction of the 4th Money Laundering Directive. There are two features which stand out:
(1) policies, process and controls (2) Customer due diligence.
Policies, process and controls
Regulation 18 of the directive requires that regulated businesses need to undertake written risk assessments to identify the risks posed to their specific business by money laundering and terrorist financing.
Under regulation 19, policies and procedures must be established and maintained by a regulated business, proportionate to the level of risk identified. Regulation 20 requires a relevant person ensures that policies and controls apply to subsidiaries including ones outside the UK.
Finally, regulation 21 covers appointment of an individual from the board as the responsible officer. The regulation also over screening of employees.
Customer due diligence (CDD)
Part 3 sets out the circumstances in which CDD must be applied for new and existing customers.
‘Simplified CDD’ is no longer deemed automatically sufficient in any circumstances. From now on, businesses must always consider the applicable risk factors (taking into account their risk assessments), and consider what level of CDD is appropriate.
In certain high-risk situations, there is now compulsory enhanced CDD and enhanced ongoing monitoring. These include transactions or business relationships involving a ‘high-risk third country’, or where the customer is a politically exposed person (PEP).
Firms like yours must have appropriate risk-management systems in place to identify whether customers or their beneficial owners are PEPs – or family members or known close associates of a PEP. Enhanced CDD measures must now be applied to a person for at least 12 months after they cease to be a PEP.
Nick Stone, ARK Group Conference Producer