Last updated: 19 Mar 2024 09:00 Posted in: AIA
David Potts, AIA Director of Operations and MLRO, explores ‘simplified’ and ‘enhanced’ due diligence and explains how the right questions enable the effective management of money laundering risk.
It is well established that criminals and bad actors often seek to mask their identity by using complex and opaque ownership structures.
As accountants we have a key tool available to disrupt economic crime and to ensure that illicit finance is prevented from entering the legitimate economy. Client due diligence is all about knowing and understanding your client’s identity and business activities so that any money laundering or terrorist financing risks can be managed.
Effective client due diligence is, therefore, a key part of anti-money laundering defences. By knowing the identity of a client, including who owns and controls it, you are not only fulfilling your legal and regulatory requirements but equipping yourself to make informed decisions about your client’s standing and acceptability.
Client due diligence also helps you to construct a complete understanding of your client’s typical business activities. By understanding what normal practice is, it is easier to detect abnormal events, which in turn may point to money laundering or terrorist financing activity.
The Money Laundering Regulations require that the extent and breath of your client due diligence measures reflect your assessment of the risks. Fundamentally this means focusing your effort on higher risk clients, whilst avoiding disproportionate effort for lower risk clients.
Broadly speaking, simplified due diligence may be applied in circumstances where your firm has determined that a client is low risk (with certain exceptions). For clients where high-risk characteristics are present, your firm must undertake enhanced due diligence. The scenarios and requirements for undertaking enhanced due diligence are explored throughout this article.
Principles of client due diligence
Client due diligence requires the collection and recording of information about a client’s personal background and business, or ‘know your client information’.
The Money Laundering Regulations outline the required components of good client due diligence. You must apply them at the start of a new business relationship (including a company formation), at appropriate points during the lifetime of the relationship and when an occasional transaction is to be undertaken:
When determining the degree of client due diligence to apply, your firm must adopt a risk-based approach, considering the type of client, business relationship, product or transaction, and ensuring that the appropriate emphasis is given to those areas that pose a higher level of risk.
Should my firm be applying simplified due diligence?
Simplified due diligence can usually be applied when a client is low risk, in accordance with the firm’s risk assessment criteria. To perform this risk assessment, you should ensure that your firm takes into account risks outlined in the National Risk Assessment of Money Laundering and Terrorist Financing 2020 and in the sectoral risk outlook published by the Accountancy Anti-Money Laundering Supervisors Group.
The Money Laundering Regulations set out low risk indicators, which should be considered too:
As a firm, you must also consider the services you are being asked to provide to the client, alongside delivery methods, and whether this is something assessed as being of higher risk in your firm-wide risk assessment; for example, providing trust or company services. If the services you are providing are considered high risk or if the client has high-risk characteristics, such as being a cash-based business, then simplified due diligence is not appropriate, even if any of the other conditions above are met.
As a minimum requirement to perform simplified due diligence, there must be no high risk characteristics related to the client.
How should my firm apply simplified due diligence to a client?
The Money Laundering Regulations require only that you must comply with standard client due diligence measures; however, you may vary the extent, timing or type of measures taken to reflect lower risk.
The components of good client due diligence outlined in the Regulations are:
Examples of simplified due diligence may include the following:
Documenting simplified due diligence
Your firm should document your processes and explain which client due diligence actions are required when you are undertaking simplified due diligence. These processes will be reviewed during any anti-money laundering compliance review undertaken by AIA.
Furthermore, even though your firm may be undertaking solely simplified due diligence on a client, it is important to note that ongoing monitoring is still required by the Money Laundering Regulations.
This is useful when considering whether anything in your business relationship – or any information that has come to you while providing services for that client – indicates that it is no longer appropriate to carry out simplified due diligence and instead a more in-depth assessment is required.
Recent anti-money laundering and economic crime updates
Additional guidance and free webinar recording
Log in for more information, including templates, checklists and a free webinar recording outlining your client due diligence requirements.
When should my firm undertake enhanced due diligence on a client?
A risk-based approach to client due diligence will identify situations in which there is a higher risk of money laundering or terrorist financing. In these instances, the Money Laundering Regulations specify that ‘enhanced’ due diligence (Regulation 33) must be applied:
When undertaking enhanced due diligence on a client, the following steps must be taken. As far as reasonably possible, examine the background and purpose of the engagement. You should increase the degree and nature of monitoring of the business relationship in which the transaction is made, to determine whether that transaction or that relationship appears to be suspicious.
For clients that are higher risk due to connections to a high-risk third country:
Enhanced due diligence may also include one or more of the following measures:
Ask the right questions
Performing enhanced due diligence at certain trigger points is a regulatory requirement which often means that more in-depth questions are asked of clients. It is important to make use of your professional scepticism to judge whether the information you are being told is accurate or trustworthy and to question further where clients may be uncooperative or things do not seem right.
Remember that you must have documented policies and procedures that trigger the application of enhanced due diligence both at client onboarding and for ongoing monitoring. You should also record your decisions and reasoning – both to accept and decline a client.
Further detailed guidance is provided within ‘Anti-Money Laundering Guidance for the Accountancy Sector’ for situations where simplified and enhanced due diligence are required, including what constitutes simplified due diligence and enhanced due diligence respectively. This guidance is available here.
Author Biography
David Potts is Director of Operations at the AIA.
"Performing enhanced due diligence at certain trigger points is a regulatory requirement which often means that more in-depth questions are asked of clients. It is important to make use of your professional scepticism to judge whether the information you are being told is accurate or trustworthy and to question further where clients may be uncooperative or things do not seem right."
David Potts, AIA Director of Operations and MLRO