See how we helped Michael

"Fantastic! The legal document I used was so comprehensive and easy to complete. It is very reassuring to know my business now has this level of protection"

Michael S, London

Enhanced due diligence

Enhanced due diligence


A risk-based approach to customer due diligence will identify situations which by their nature can present a higher risk of money laundering or terrorist financing.

Regulation 14 sets out a general provision that enhanced due diligence must be applied in such situations and means that the business must obtain additional customer due diligence information about the client.

The 2007 Regulations also specify that enhanced due diligence must be applied in a number of situations, of which two are outlined below:

  • If a client has not been physically present for identification purposes, and if so, one or more additional measures must be taken to enhance due diligence, for example by, inter alia, either gathering additional documents, data or information, or taking additional steps to verify documents or obtain a confirmatory certificate from a credit or financial institution subject to the third money laundering directive
  • If a business relationship or occasional transaction is to be undertaken with a politically exposed person (PEP) in which case the business must provide for senior management approval for the relationship to be established, must take adequate measures to establish the source of wealth and funds which are involved and must conduct enhanced monitoring of any relationship entered into.

Non face-to-face clients

A client who is not a natural person can never be physically present for identification purposes and will only ever be represented by an agent. The mere fact that a business does not have face-to-face meetings with the agents of an entity or arrangement does not automatically require that enhanced due diligence is undertaken. The business should consider the risks associated with the retainer and the client, assess how well standard CDD measures are meeting those risks and decide whether further CDD measures are required.

Where a client is a natural person and they are not physically present for identification purposes, a business must undertake enhanced due diligence.

Regulation 14 (2) outlines possible steps which can be taken above standard verification procedures to compensate for the higher risk of non face-to-face transactions. The regulations suggest the following options, although this list is not exhaustive:

  • Using additional documents, data or information to establish identity. This may involve using electronic verification to confirm documents provided, or using two or three documents from different sources to confirm the information set out in each.
  • Using supplementary measures to verify or certify the documents supplied or obtain confirmatory certification by a credit or financial institution which is subject to the third money laundering directive. Businesses may consider electronic verification to confirm the documents provided. Alternatively businesses may consider getting certified copies of documents
  • When dealing with foreign passports or identity cards, businesses should check the requirements for that country with the relevant embassy or consulate.
  • With all other documents, businesses should consider whether the certifying person is regulated with respect to the regulations or is otherwise a professional person subject to some sort of regulation or fit and proper person test, who can easily be independently contacted to verify their certification of the documents. Such persons include bank managers, accountants, or local GPs. Businesses may also consider accepting documents certified by the Post Office-provided Identity Checking Service.
  • Ensuring the first payment in the retainer is through an account opened in the client's name with a credit institution. EU regulation 1781/2006 says credit institutions must provide the payers name, address and account number with all electronic fund transfers. It entered force on 1 January 2007 and is directly applicable to all member states.

Politically exposed persons

Businesses must take the following steps to deal with the heightened risk posed by having a client who is a PEP:

  • Have senior management approval for establishing a business relationship with a PEP
  • Take adequate measures to establish the source of wealth and source of funds which are involved in the business relationship or occasional transaction
  • Conduct closer ongoing monitoring of the business relationship

Who is a PEP?

A person who has been entrusted within the last year with one of the following prominent public functions by a state other than the UK, a Community institution or an international body:

  • Heads of state, heads of government, ministers and deputy or assistant ministers
  • Members of parliament
  • Members of supreme courts, of constitutional courts, or of other high-level judicial bodies whose decisions are not generally subject to further appeal, except in exceptional circumstances
  • Members of courts of auditors or of the boards of central banks
  • Ambassadors, charges d'affairs and high-ranking officers in the armed forces
  • Members of the administrative, management or supervisory bodies of state-owned enterprises

In addition to the primary PEPs listed above, a PEP also includes:

  • Family members of a PEP - spouse, partner, children and their spouses or partners, and parents
  • Known close associates of a PEP - persons with whom joint beneficial ownership of a legal entity or legal arrangement is held, with whom there are close business relationships, or who is a sole beneficial owner of a legal entity or arrangement set up by the primary PEP

The regulations only apply to persons appointed by governments and authorities outside the UK, but it may be appropriate, on a risk-based approach to apply some or all of the enhanced due diligence requirements to a person appointed in the UK, who would have been a PEP had they been appointed outside the UK.

How to identify PEPs

Businesses are not required to conduct extensive investigations to establish whether a person is a PEP. They need to have regard only to information that is in their possession or publicly known.

Senior management approval

The 2007 Regulations do not define senior management, so each business must decide who that is, on a risk-sensitive basis.

Establishing source of wealth and funds

Generally, this simply involves asking questions of the client about their source of wealth and the source of the funds to be used with each retainer. When a business knows a person is a PEP, their salary and source of wealth is often publicly available on a register of their interests.

Enhanced monitoring

Businesses should ensure that funds paid to it come from the account nominated and are for an amount commensurate with the client's known wealth, and should ask further questions if they are not.

Copyright © 2024 Epoq Group Ltd. All trademarks acknowledged, all rights reserved

This website is operated by Epoq Legal Ltd, registered in England and Wales, company number 3707955, whose registered office is at 2 Imperial Place, Maxwell Road, Borehamwood, Hertfordshire, WD6 1JN. Epoq Legal Ltd is authorised and regulated by the Solicitors Regulation Authority (SRA number 645296).

Our use of cookies

We use necessary cookies to make our site work. We would also like to set some optional cookies. We won't set these optional cookies unless you enable them. Please choose whether this site may use optional cookies by selecting 'On' or 'Off' for each category below. Using this tool will set a cookie on your device to remember your preferences.

For more detailed information about the cookies we use, see our Cookie notice.

Necessary cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Functionality cookies

We'd like to set cookies to provide you with a better customer experience. For more information on these cookies, please see our cookie notice.