See how we helped Michael

"Fantastic! The legal document I used was so comprehensive and easy to complete. It is very reassuring to know my business now has this level of protection"

Michael S, London

Standard due diligence

Standard due diligence


Each business will need to make its own assessment as to what evidence is appropriate to verify the identity of its clients. That assessment will vary depending on the client type. In this section, a number of the considerations that will apply to different types of client and possible sources of information as to identity are outlined.

Natural persons

A natural person's identity comprises a number of aspects, including their name, current and past addresses, date of birth, place of birth, physical appearance, employment and financial history, and family circumstances.

In most cases of face to face verification, producing a valid passport or photocard identification should enable most clients to meet the anti-money laundering/counter terrorist financing identification requirements.

It is considered good practice to have either:

  • One government document which verifies either name and address or name and date of birth
  • A government document which verifies the client's full name and another supporting document which verifies their name and either their address or date of birth

Where it is not possible to obtain such documents, businesses should consider the reliability of other sources and the risks associated with the client and the retainer. Electronic verification may be sufficient verification on its own as long as the service provider uses multiple sources of data in the verification process.

UK residents

The following sources may be useful for verification of UK-based clients:

  • Current signed passport
  • Birth certificate
  • Current photocard driver's licence
  • Current EEA member state identity card
  • Current identity card issued by the Electoral Office for Northern Ireland
  • Residence permit issued by the Home Office
  • Firearms certificate or shotgun licence
  • Photographic registration cards for self-employed individuals and partnerships in the construction industry
  • Benefit book or original notification letter from the DWP confirming the right to benefits
  • Council tax bill
  • Utility bill or statement, or a certificate from a utilities supplier confirming an arrangement to pay services on pre-payment terms
  • A cheque or electronic transfer drawn on an account in the name of the client with a credit or financial institution regulated for the purposes of money laundering
  • Bank, building society or credit union statement or passbook containing current address
  • Entry in a local or national telephone directory confirming name and address
  • Confirmation from an electoral register that a person of that name lives at that address
  • A recent original mortgage statement from a recognised lender
  • Solicitor's letter confirming recent house purchase or land registry confirmation of address
  • Local council or housing association rent card or tenancy agreement
  • HMRC self-assessment statement or tax demand
  • House or motor insurance certificate
  • Record of any home visit made
  • Statement from a member of the business or other person in the regulated sector who has known the client for a number of years attesting to their identity

Persons not resident in the UK

Where a business meets the client it is likely to be able to see the person's passport or national identity card. If it has concerns that the identity document might not be genuine, it should contact the relevant embassy or consulate.

The client's address may be obtained from:

  • An official overseas source
  • A reputable directory
  • A person regulated for money laundering purposes in the country where the person is resident who confirms that the client is known to them and lives or works at the overseas address given

If documents are in a foreign language appropriate steps must be taken to be reasonably satisfied that the documents in fact provide evidence of the client's identity.

Where the business does not meet the client, the 2007 Regulations state that Enhanced due diligence measures must be undertaken.

Clients unable to produce standard documentation

Sometimes clients are unable to provide standard verification documents. The purpose of the2007 Regulations is not to deny people access to regulated services for legitimate transactions, but to mitigate the risk of such services being used for the purposes of money laundering. Businesses should consider whether the inability of the client to provide standard verification is consistent with the client's profile and circumstances or whether it might arouse suspicions that money laundering or terrorist financing is occurring.

Where a business decides that a client has a good reason for not meeting the standard verification requirements, it may accept a letter from an appropriate person who knows the individual and can verify the client's identity.


Where other professionals use a business's services, the business may consult their professional directory to confirm the person's name and business address. It will not be necessary to then confirm the person's home address. A business may consult directories for foreign professionals, if it is satisfied it is a valid directory, e.g. one produced and maintained by their professional body, and the information can either be translated or is understood already.

Partnerships, limited partnerships and UK Limited Liability Partnerships

A partnership is not a separate legal entity, so businesses must obtain information on the constituent individuals.

Where partnerships or unincorporated businesses are well-known, reputable organisations with long histories in their industries, and with substantial public information about them, their principals, and controllers the following information should be sufficient:

  • Name
  • Registered address, if any
  • Trading address
  • Nature of business

Other partnerships and unincorporated businesses which are small and have few partners should be treated as private individuals. Where the numbers are larger, they should be treated as private companies.

Where a partnership is made up of regulated professionals, it will be sufficient to confirm the firm's existence and the trading address from a reputable professional directory or search facility with the relevant professional body. Otherwise evidence should be obtained of the identity of at least the partner instructing the business and one other partner, and evidence of the firm's trading address.

For a UK LLP, businesses should obtain information in accordance with the requirements for companies as outlined below.


A company is a legal entity in its own right, but conducts its business through representatives. So businesses must identify and verify the existence of the company. They should consider whether the person instructing the business on behalf of the company has the authority to do so.

A company's identity comprises its constitution, its business and its legal ownership structure. The key identification particulars are the company's name and its business address, although the registration number and names of directors may also be relevant identification particulars.

Where a company is a well-known household name, a business may consider that the level of money laundering and terrorist financing risks are low and apply CDD measures in a manner which is proportionate to that risk.

Businesses will also need to consider the identity of beneficial owners where Simplified due diligence does not apply.

Public companies listed in the UK

Simplified due diligence applies where a company is either:

  • Listed and its securities are admitted to trading on a regulated market, or
  • Majority-owned and consolidated subsidiary of such a company

For a listed company, this evidence may simply be confirmation of the company's listing on the regulated market. Such evidence may be:

  • A copy of the dated page of the website of the relevant stock exchange showing the listing
  • A photocopy of the listing in a reputable daily newspaper
  • Information from a reputable electronic verification service provider or online registry

For a subsidiary of a listed company businesses will also require evidence of the parent/subsidiary relationship. Such evidence may be:

  • The subsidiary's last filed annual return
  • A note in the parent's or subsidiary's last audited accounts
  • Information from a reputable electronic verification service provider or online registry

The regulated market in the UK is the London Stock Exchange. AIM is not considered a regulated market within the UK, but under the risk-based approach businesses may feel that the due diligence process for listing on AIM gives equivalent comfort as to the identity of the company under consideration.

Where further CDD is required for a listed company (i.e. when it is not on a regulated market) businesses should obtain relevant particulars of the company's identity.

Verification sources may include:

  • A search of the relevant company registry (such as Companies House)
  • A copy of the company's certificate of incorporation
  • Information from a reputable electronic verification service provider

Businesses are still required to conduct ongoing monitoring of the business relationship with a publicly-listed company to enable it to spot suspicious activity.

Private and unlisted companies in the UK

Private companies are generally subject to a lower level of public disclosure than public companies. In general, however, the structure, ownership, purposes and activities of many private companies will be clear and understandable.

The standard identifiers for private companies are:

  • Full name
  • Business/registered address
  • Names of two directors, or equivalent
  • Nature of business

Other sources for verifying corporate identification may include:

  • Certificate of incorporation
  • Details from the relevant company registry, confirming details of the company and of the director, including the director's address
  • Filed audited accounts
  • Information from a reputable electronic verification service provider

Public overseas companies

Simplified due diligence applies when a company or its subsidiary is listed on a regulated market subject to specified disclosure obligations.

Specified disclosure obligations are disclosure requirements consistent with specified articles of:

  • The Prospectus Directive [2003/71/EC]
  • The Transparency Obligations directive [2004/109/EC]
  • The Market Abuse directive [2003/6/EC]

If a regulated market is located within the EEA, under a risk-based approach businesses may wish simply to record the steps taken to ascertain the status of the market. A similar approach might be considered for non-EEA markets that subject companies to disclosure obligations which are contained in international standards equivalent to specified disclosure obligations in the EU.

Evidence of the company's listed status should be obtained in a manner similar to that for UK public companies. Companies whose listing does not fall within the above requirements should be identified in accordance with the provisions for private companies.

Private and unlisted overseas companies

Obtaining CDD material for these companies can be difficult, particularly regarding beneficial ownership.

Businesses should apply the risk-based approach, looking at the risk of the client generally, the risk of the retainer and the risks presented as a result of the country in which the client is incorporated. Money laundering risks are likely to be lower where the company is incorporated or operating in an EEA state or a country which is a member of FATF.

The company's identity is established in the same way as for UK private and unlisted companies.

Other arrangements or bodies


A trust is not a separate legal entity. The client may be the settlor, the trustee(s) or occasionally the beneficiaries.

Trusts are used extensively in everyday situations and often pose limited risk. They can become more risky if:

  • The client requests a trust be used when there seems to be little reason to do so
  • The trust is established in a jurisdiction which has limited AML/CTF regulation

In a higher risk situation businesses should consider either conducting further CDD or enhanced monitoring. This could include:

  • Conducting CDD on all the trustees, or on the settlor even after the creation of the trust
  • Asking about the purpose of the trust and the source of the funds used to create it
  • Obtaining the trust deed or searching an appropriate register maintained in the country of establishment

The client, whether they are the trustee(s), settlor or beneficiaries, must be identified in accordance with their relevant category, (i.e. natural person, company etc.). Where a business is acting for more than one trustee, it is preferable that it verifies the identity of at least two of the trustees. Where the trustee is another regulated person, a business may rely on their listing with their supervisory body.

Businesses must consider beneficial ownership issues where acting for the trustee(s).


A foundation is the civil law equivalent to a common law trust and operates in many EEA countries.

Businesses should understand why the client is using the services of a professional outside of the jurisdiction of establishment, and the statutory requirements for the establishment of the foundation. Then it should obtain similar information as it would for a trust.

Where the foundation's founder is anonymous, businesses may consider whether any intermediary or agent is regulated for AML/CTF and whether they can provide assurances on the identity of relevant persons involved with the foundation.

Foundations can also be a loose term for charitable institutions in the UK and the USA - where that is the case they must be verified in accordance with the procedures for verifying charities set out below.


For registered charities, businesses should take a record of their full name, registration number and place of business. Details of registered charities can be obtained from:

Other countries may also have charity regulators which maintain a list of registered charities. Currently in Northern Ireland there is no regulator for charities.

For all other types of charities businesses should consider the business structure of the charity and apply the relevant CDD measures for that business structure. Confirmation of their charitable status can also generally be obtained from HMRC. Further, in applying the risk-based approach to charities it is worth considering whether it is a well-known entity or not. The more obscure the charity, the more likely a business will be to want to view the constitutional documents of the charity.

Deceased persons' estates

When acting for the executor(s) or administrators of an estate, businesses should establish their identity using the procedures for natural persons or companies set out above. When acting for more than one executor or administrator, it is preferable to verify the identity of at least two of them. Businesses should consider getting copies of the death certificate, grant of probate or letters of administration.

If a Will trust is created, and the trustees are different from the executors, the procedures in relation to trusts will need to be followed when the Will trust comes into operation.

Schools and colleges

Schools and colleges may be a registered charity, a private company, an unincorporated association or a government entity and should be verified in accordance with the relevant category.

Clubs and associations

Many of these bear a low money laundering risk, but this depends on the scope of their purposes, activities and geographical spread.

The following information may be relevant to the identity of the club or association:

  • Full name
  • Legal status
  • Purpose
  • Any registered address
  • Names of all office holders

Documents which may verify the existence of the club or association include:

  • Any articles of association or constitutions
  • Statement from a bank, building society or credit union
  • Recent audited accounts
  • Listing in a local or national telephone directory

Pension funds

Regulation 13(7)(c) provides that simplified due diligence is permitted where:

'A pension, superannuation or similar scheme which provides retirement benefits to employees, where contributions are made by an employer or by way of deduction from an employee's wages and the scheme rules do not permit the assignment of a member's interest under the scheme (other than an assignment permitted by section 44 of the Welfare Reform and Pensions Act 1999 (disapplication of restrictions on alienation) or section 91(5)(a) of the Pensions Act 1995 (inalienability of occupational pension)).'

So evidence is needed only that the product is such a scheme and so qualifies for simplified due diligence. Such evidence may include:

  • A copy of a page showing the name of the scheme from the most recent definitive deed
  • A consolidating deed for the scheme, plus any amending deed subsequent to that date

Pension funds or superannuation schemes outside the above definition should be subject to CDD according to their specific business structure.

Government agencies and councils

The money laundering and terrorist financing risks associated with public authorities varies significantly depending on the nature of the retainer and the home jurisdiction of the public authority. It may be simple to establish that the entity exists, but where there is a heightened risk of corruption or misappropriation of government monies, greater monitoring of retainers should be considered.

The following information may be relevant when establishing a public sector entity's identity:

  • Full name of the entity
  • Nature and status of the entity
  • Address of the entity
  • Name of the home state authority
  • Name of the directors or equivalent

Simplified due diligence applies to UK public authorities. Where simplified due diligence does not apply, information verifying the existence of the public sector body may be obtained from:

  • Official government websites
  • A listing in a national or local telephone directory

Beneficial owners


When conducting CDD on a client, businesses will need to identify any beneficial owners within the meaning of regulation 6 of the 2007 Regulations.

To identify the beneficial owner, businesses should obtain at least their name and record any other identifying details which are readily available. They may decide to use records that are publicly available, ask their client for the relevant information or use other sources.

To assess which identity verification measures are needed, businesses should consider the client's risk profile, any business structures involved and the proposed transaction.

The key is to understand the ownership and control structure of the client. A prudent approach is best, monitoring changes in instructions, or transactions which suggest that someone is trying to undertake or manipulate a retainer for criminal ends. Simply ticking boxes is unlikely to satisfy the risk-based approach.

Appropriate verification measures may include:

  • A certificate from the client confirming the identity of the beneficial owner
  • A copy of the trust deed, partnership agreement or other such document
  • Shareholder details from an online registry
  • The passport of, or electronic verification on, the individual
  • Other reliable, publicly available information

Issues that businesses may consider when assessing the risk of a particular case include:

  • Why the client is acting on behalf of someone else
  • How well the business knows its client
  • Whether the client is a regulated person
  • The type of business structure involved in the transaction
  • Where the business structure is based
  • The AML/CTF requirements in the jurisdiction where it is based
  • Why this business structure is being used in this transaction
  • How soon property or funds will be provided to the beneficial owner

Only in rare cases will a business need to verify a beneficial owner to the same level that it would a client.

What is a beneficial owner?

The 2007 Regulations set out in some detail the meaning of 'beneficial owner' in terms of bodies corporate, partnerships, trusts and other legal entities/arrangements not falling into the three categories listed above as well as special provisions regarding estates of deceased persons and a catch all provision that, where not otherwise specified, defines the beneficial owner as the person who ultimately owns or controls the client or on whose behalf a transaction is being conducted. The provisions regarding beneficial ownership are set out in Regulation 6 and are summarised below:

Bodies corporate

Beneficial owner means any individual who, in respect of any body other than a company whose securities are listed on a regulated investment market, owns or controls, directly or indirectly including through bearer share holdings, more than 25% of the shares or voting rights in the body or who otherwise exercises control over the management of the body.


Beneficial owner means any individual who ultimately is entitled to or controls (directly or indirectly) more than 25% of the capital or profits of the partnership or more than 25% of the voting rights in the partnership or who otherwise exercises control over the management of the partnership.


Beneficial owner means any individual who is entitled to a specified interest in at least 25% of the capital of the trust property, or where a trust is not set up entirely for the benefit of persons with a specified interest, the class of persons in whose main interest the trust is set up or operates or any individual who has control over the trust. Where a class of persons is identified, it is not a requirement for all members of that class to be separately identified.

Other entities and arrangements

This refers to an entity or arrangement which administers and distributes funds. Where the individuals who benefit from the entity or arrangement have been determined, beneficial owner means any individual who benefits from at least 25% of the property of the entity or arrangement. Where those benefiting have yet to be determined, beneficial owner means the class of persons in whose main interest the entity or arrangement is set up or operates or an individual who exercises control over at least 25% of the property of the entity or arrangement. Where a class of persons is the beneficial owner, it is not a requirement for all members of that class to be separately identified. Note that where an individual is the beneficial owner of a body corporate which benefits from, or exercises control over, the property of an entity or arrangement, the individual is to be regarded as having that benefit or control and so is classed as the beneficial owner.

The estates of deceased persons

The beneficial owner is considered to be the executor or administrator of the estate.

Copyright © 2024 Epoq Group Ltd. All trademarks acknowledged, all rights reserved

This website is operated by Epoq Legal Ltd, registered in England and Wales, company number 3707955, whose registered office is at 2 Imperial Place, Maxwell Road, Borehamwood, Hertfordshire, WD6 1JN. Epoq Legal Ltd is authorised and regulated by the Solicitors Regulation Authority (SRA number 645296).

Our use of cookies

We use necessary cookies to make our site work. We would also like to set some optional cookies. We won't set these optional cookies unless you enable them. Please choose whether this site may use optional cookies by selecting 'On' or 'Off' for each category below. Using this tool will set a cookie on your device to remember your preferences.

For more detailed information about the cookies we use, see our Cookie notice.

Necessary cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Functionality cookies

We'd like to set cookies to provide you with a better customer experience. For more information on these cookies, please see our cookie notice.