Money laundering regulations: whiter than white

It’s been nearly six months since the Treasury’s money laundering regulations
2007 came into force. Has the initial compliance frenzy calmed down or are firms
are still in the dark about the new regulations?

The majority are becoming fully compliant with the new regulations. This is
evidenced by the fact that the initial barrage of enquiries from practices to
our company have pretty much levelled out. However, it only takes the odd
headline about MLR and the phones are hot once again.

It is clear that most firms have got the message but there are still pockets
that quite clearly haven’t. We are continually amazed at how many firms were
oblivious to the new regulations until we actually told them. From speaking to
clients it is clear that there are still two main areas of concern with the new
regulations, both of which are centred on the checking of ID.

According to the HM Treasury, the new Money Laundering Regulations 2007
require firms to put preventative measures in place.

They require firms to ensure that they know their customers, to keep records
of identity and to train their staff on the requirements of the Regulations. In
summary, they:

? Provide more detailed obligations regarding customer due diligence. For
example, explicit requirements for firms to undertake ongoing monitoring of
business relationships and for firms to identify not just the customer, but the
beneficial owner of the customer;

? Require firms to vary customer due diligence and monitoring according to
the risk of money laundering or terrorist financing;

? Require firms to take enhanced customer due diligence measures in higher
risk situations, while allowing firms to take reduced identification measures
for specific situations with a lower risk of money laundering;

? Allow firms to rely on certain other firms for undertaking customer
identification; and

? Clarify the arrangements for the supervision of firms, including those that
will be supervised for the first time.

The most common concern tends to be how do firms verify the ID of new and
existing clients in an efficient, cost effective and friendly manner? Requests
to provide a passport, in a country that isn’t used to having to provide photo
ID, is frequently met with antagonism. It is this reason, and the sheer volume
of checks that frequently makes clients bury their heads in the sand.

The other worry for firms is achieving ‘belt and braces’ compliance –
demonstrating that they have followed best practice and used the latest
technology to achieve what we term the ‘gold standard’ for ID checks.
Practitioners know they are easy targets, especially where identity fraud is
perpetrated by one of their clients. Even without an incident, they still need
to be compliant as MLR is the law and it’s only a matter of time before they are
subject to regulatory checks.

We explain to worried clients that the starting point is always to know the
rules.

Then, they need to examine how their practice operates and how that fits with
the risk-based approach of the regulations. For example, a firm handling client
funds is clearly at greater risk of being exploited by a fraudster than one that
doesn’t. These firms will always need extra support as this approach is often a
foreign and nebulous concept, especially as auditing is a thing of the past for
most small practices.

Once they have fully understood the rules and assessed their impact on the
firm, they can turn to the process of ID verification. For most firms, the risks
are low so they can use online electronic checking services that meet the

Joint Money Laundering Steering Group criteria that have data drawn from a
number of independent sources.

The advantages of an online ID verification system are twofold – firstly, a
simple ‘pass’ or ‘fail’ is achieved so that an accountant knows if he can
continue to work for the client.

Second, a score is provided so if a client is a borderline case, then the
practitioner can make a judgement on the case based on how much risk they are
willing to assume.

This is beneficial as it is an informed decision with guidance sought from
the Serious Organised Crime Agency, if required.

An ID verification failure for a client could even flag up the fact that they
have been the victim of a fraud.

From our experience, accountants are delighted with the paperless approach. A
good online provider should spend time talking to users when they sign up for
their service.

Electronic ID verification is extremely cost efficient as it allows for
single or bulk checking, at a time convenient to the accountant. The costs can
be recouped quickly and easily with clients charged a ‘security levy’ similar to
airport surcharges that we all now take for granted.

Clear up the rules clutter

? Find out what the rules are and how they impact on your practice, the way
you do business and how you interact with clients.

? Keep a copy of the rules for reference: www.jmlsg.org.

? Ensure staff are properly trained so everybody understands how to apply the
rules to your practice.

? Appoint an MLR officer, which, in a small practice, will probably be the
partner but in a larger firms, may require the creation of a new position –
remember that it’s not just a title, it’s a responsibility.

? Ask your regulatory body for their guidelines. If you have any specific
queries relating to the way your practice runs, write or email them and ask for
written guidance.

? Once all the groundwork has been done, conduct a review of your clients and
business methods to determine whether any changes are necessary. If so,
implement them consistently.

? If you are not a member of a recognised body, register with HMRC
immediately www.hmrc.gov.uk/mlr.

? Register with SOCA for online reporting at www.soca.org.uk.

? Subscribe to an online ID checking system for existing and new clients,for
example: www.formationsdirect.com/mlr.

? Review your risk profile regularly.

Norman Younger is the managing director of Formations
Direct