Each business will need to make its own assessment as to what evidence is appropriate to verify the identity of its clients. That assessment will vary depending on the client type. In this section, a number of the considerations that will apply to different types of client and possible sources of information as to identity are outlined.
A natural person's identity comprises a number of aspects, including their name, current and past addresses, date of birth, place of birth, physical appearance, employment and financial history, and family circumstances.
In most cases of face to face verification, producing a valid passport or photocard identification should enable most clients to meet the anti-money laundering/counter terrorist financing identification requirements.
It is considered good practice to have either:
Where it is not possible to obtain such documents, businesses should consider the reliability of other sources and the risks associated with the client and the retainer. Electronic verification may be sufficient verification on its own as long as the service provider uses multiple sources of data in the verification process.
The following sources may be useful for verification of UK-based clients:
Where a business meets the client it is likely to be able to see the person's passport or national identity card. If it has concerns that the identity document might not be genuine, it should contact the relevant embassy or consulate.
The client's address may be obtained from:
If documents are in a foreign language appropriate steps must be taken to be reasonably satisfied that the documents in fact provide evidence of the client's identity.
Where the business does not meet the client, the 2007 Regulations state thatmeasures must be undertaken.
Sometimes clients are unable to provide standard verification documents. The purpose of the2007 Regulations is not to deny people access to regulated services for legitimate transactions, but to mitigate the risk of such services being used for the purposes of money laundering. Businesses should consider whether the inability of the client to provide standard verification is consistent with the client's profile and circumstances or whether it might arouse suspicions that money laundering or terrorist financing is occurring.
Where a business decides that a client has a good reason for not meeting the standard verification requirements, it may accept a letter from an appropriate person who knows the individual and can verify the client's identity.
Where other professionals use a business's services, the business may consult their professional directory to confirm the person's name and business address. It will not be necessary to then confirm the person's home address. A business may consult directories for foreign professionals, if it is satisfied it is a valid directory, e.g. one produced and maintained by their professional body, and the information can either be translated or is understood already.
A partnership is not a separate legal entity, so businesses must obtain information on the constituent individuals.
Where partnerships or unincorporated businesses are well-known, reputable organisations with long histories in their industries, and with substantial public information about them, their principals, and controllers the following information should be sufficient:
Other partnerships and unincorporated businesses which are small and have few partners should be treated as private individuals. Where the numbers are larger, they should be treated as private companies.
Where a partnership is made up of regulated professionals, it will be sufficient to confirm the firm's existence and the trading address from a reputable professional directory or search facility with the relevant professional body. Otherwise evidence should be obtained of the identity of at least the partner instructing the business and one other partner, and evidence of the firm's trading address.
For a UK LLP, businesses should obtain information in accordance with the requirements for companies as outlined below.
A company is a legal entity in its own right, but conducts its business through representatives. So businesses must identify and verify the existence of the company. They should consider whether the person instructing the business on behalf of the company has the authority to do so.
A company's identity comprises its constitution, its business and its legal ownership structure. The key identification particulars are the company's name and its business address, although the registration number and names of directors may also be relevant identification particulars.
Where a company is a well-known household name, a business may consider that the level of money laundering and terrorist financing risks are low and apply CDD measures in a manner which is proportionate to that risk.
Businesses will also need to consider the identity of beneficial owners wheredoes not apply.
Simplified due diligence applies where a company is either:
For a listed company, this evidence may simply be confirmation of the company's listing on the regulated market. Such evidence may be:
For a subsidiary of a listed company businesses will also require evidence of the parent/subsidiary relationship. Such evidence may be:
The regulated market in the UK is the London Stock Exchange. AIM is not considered a regulated market within the UK, but under the risk-based approach businesses may feel that the due diligence process for listing on AIM gives equivalent comfort as to the identity of the company under consideration.
Where further CDD is required for a listed company (i.e. when it is not on a regulated market) businesses should obtain relevant particulars of the company's identity.
Verification sources may include:
Businesses are still required to conduct ongoing monitoring of the business relationship with a publicly-listed company to enable it to spot suspicious activity.
Private companies are generally subject to a lower level of public disclosure than public companies. In general, however, the structure, ownership, purposes and activities of many private companies will be clear and understandable.
The standard identifiers for private companies are:
Other sources for verifying corporate identification may include:
Simplified due diligence applies when a company or its subsidiary is listed on a regulated market subject to specified disclosure obligations.
Specified disclosure obligations are disclosure requirements consistent with specified articles of:
If a regulated market is located within the EEA, under a risk-based approach businesses may wish simply to record the steps taken to ascertain the status of the market. A similar approach might be considered for non-EEA markets that subject companies to disclosure obligations which are contained in international standards equivalent to specified disclosure obligations in the EU.
Evidence of the company's listed status should be obtained in a manner similar to that for UK public companies. Companies whose listing does not fall within the above requirements should be identified in accordance with the provisions for private companies.
Obtaining CDD material for these companies can be difficult, particularly regarding beneficial ownership.
Businesses should apply the risk-based approach, looking at the risk of the client generally, the risk of the retainer and the risks presented as a result of the country in which the client is incorporated. Money laundering risks are likely to be lower where the company is incorporated or operating in an EEA state or a country which is a member of FATF.
The company's identity is established in the same way as for UK private and unlisted companies.
A trust is not a separate legal entity. The client may be the settlor, the trustee(s) or occasionally the beneficiaries.
Trusts are used extensively in everyday situations and often pose limited risk. They can become more risky if:
In a higher risk situation businesses should consider either conducting further CDD or enhanced monitoring. This could include:
The client, whether they are the trustee(s), settlor or beneficiaries, must be identified in accordance with their relevant category, (i.e. natural person, company etc.). Where a business is acting for more than one trustee, it is preferable that it verifies the identity of at least two of the trustees. Where the trustee is another regulated person, a business may rely on their listing with their supervisory body.
Businesses must consider beneficial ownership issues where acting for the trustee(s).
A foundation is the civil law equivalent to a common law trust and operates in many EEA countries.
Businesses should understand why the client is using the services of a professional outside of the jurisdiction of establishment, and the statutory requirements for the establishment of the foundation. Then it should obtain similar information as it would for a trust.
Where the foundation's founder is anonymous, businesses may consider whether any intermediary or agent is regulated for AML/CTF and whether they can provide assurances on the identity of relevant persons involved with the foundation.
Foundations can also be a loose term for charitable institutions in the UK and the USA - where that is the case they must be verified in accordance with the procedures for verifying charities set out below.
For registered charities, businesses should take a record of their full name, registration number and place of business. Details of registered charities can be obtained from:
Other countries may also have charity regulators which maintain a list of registered charities. Currently in Northern Ireland there is no regulator for charities.
For all other types of charities businesses should consider the business structure of the charity and apply the relevant CDD measures for that business structure. Confirmation of their charitable status can also generally be obtained from HMRC. Further, in applying the risk-based approach to charities it is worth considering whether it is a well-known entity or not. The more obscure the charity, the more likely a business will be to want to view the constitutional documents of the charity.
When acting for the executor(s) or administrators of an estate, businesses should establish their identity using the procedures for natural persons or companies set out above. When acting for more than one executor or administrator, it is preferable to verify the identity of at least two of them. Businesses should consider getting copies of the death certificate, grant of probate or letters of administration.
If a Will trust is created, and the trustees are different from the executors, the procedures in relation to trusts will need to be followed when the Will trust comes into operation.
Schools and colleges may be a registered charity, a private company, an unincorporated association or a government entity and should be verified in accordance with the relevant category.
Many of these bear a low money laundering risk, but this depends on the scope of their purposes, activities and geographical spread.
The following information may be relevant to the identity of the club or association:
Documents which may verify the existence of the club or association include:
Regulation 13(7)(c) provides that simplified due diligence is permitted where:
'A pension, superannuation or similar scheme which provides retirement benefits to employees, where contributions are made by an employer or by way of deduction from an employee's wages and the scheme rules do not permit the assignment of a member's interest under the scheme (other than an assignment permitted by section 44 of the Welfare Reform and Pensions Act 1999 (disapplication of restrictions on alienation) or section 91(5)(a) of the Pensions Act 1995 (inalienability of occupational pension)).'
So evidence is needed only that the product is such a scheme and so qualifies for simplified due diligence. Such evidence may include:
Pension funds or superannuation schemes outside the above definition should be subject to CDD according to their specific business structure.
The money laundering and terrorist financing risks associated with public authorities varies significantly depending on the nature of the retainer and the home jurisdiction of the public authority. It may be simple to establish that the entity exists, but where there is a heightened risk of corruption or misappropriation of government monies, greater monitoring of retainers should be considered.
The following information may be relevant when establishing a public sector entity's identity:
Simplified due diligence applies to UK public authorities. Where simplified due diligence does not apply, information verifying the existence of the public sector body may be obtained from:
When conducting CDD on a client, businesses will need to identify any beneficial owners within the meaning of regulation 6 of the 2007 Regulations.
To identify the beneficial owner, businesses should obtain at least their name and record any other identifying details which are readily available. They may decide to use records that are publicly available, ask their client for the relevant information or use other sources.
To assess which identity verification measures are needed, businesses should consider the client's risk profile, any business structures involved and the proposed transaction.
The key is to understand the ownership and control structure of the client. A prudent approach is best, monitoring changes in instructions, or transactions which suggest that someone is trying to undertake or manipulate a retainer for criminal ends. Simply ticking boxes is unlikely to satisfy the risk-based approach.
Appropriate verification measures may include:
Issues that businesses may consider when assessing the risk of a particular case include:
Only in rare cases will a business need to verify a beneficial owner to the same level that it would a client.
The 2007 Regulations set out in some detail the meaning of 'beneficial owner' in terms of bodies corporate, partnerships, trusts and other legal entities/arrangements not falling into the three categories listed above as well as special provisions regarding estates of deceased persons and a catch all provision that, where not otherwise specified, defines the beneficial owner as the person who ultimately owns or controls the client or on whose behalf a transaction is being conducted. The provisions regarding beneficial ownership are set out in Regulation 6 and are summarised below:
Beneficial owner means any individual who, in respect of any body other than a company whose securities are listed on a regulated investment market, owns or controls, directly or indirectly including through bearer share holdings, more than 25% of the shares or voting rights in the body or who otherwise exercises control over the management of the body.
Beneficial owner means any individual who ultimately is entitled to or controls (directly or indirectly) more than 25% of the capital or profits of the partnership or more than 25% of the voting rights in the partnership or who otherwise exercises control over the management of the partnership.
Beneficial owner means any individual who is entitled to a specified interest in at least 25% of the capital of the trust property, or where a trust is not set up entirely for the benefit of persons with a specified interest, the class of persons in whose main interest the trust is set up or operates or any individual who has control over the trust. Where a class of persons is identified, it is not a requirement for all members of that class to be separately identified.
This refers to an entity or arrangement which administers and distributes funds. Where the individuals who benefit from the entity or arrangement have been determined, beneficial owner means any individual who benefits from at least 25% of the property of the entity or arrangement. Where those benefiting have yet to be determined, beneficial owner means the class of persons in whose main interest the entity or arrangement is set up or operates or an individual who exercises control over at least 25% of the property of the entity or arrangement. Where a class of persons is the beneficial owner, it is not a requirement for all members of that class to be separately identified. Note that where an individual is the beneficial owner of a body corporate which benefits from, or exercises control over, the property of an entity or arrangement, the individual is to be regarded as having that benefit or control and so is classed as the beneficial owner.
The beneficial owner is considered to be the executor or administrator of the estate.