Senior managers at "money service businesses" face up to two years imprisonment and an unlimited fine if their neglect leads to money laundering or terrorist financing activities, HM Revenue & Customs (HMRC) has warned.
In new guidance on its supervision of money services businesses under anti-money laundering rules (65-page/195KB PDF), HMRC said that senior managers at those businesses, which include currency exchanges, money remittance providers or those delivering third party cheque cashing services, could be held "personally liable" in cases where failings in anti-money laundering checks are identified in their company.
"Senior managers must: identify, and manage effectively, the risks that their business may be exploited to launder money or finance terrorists; take a risk-based approach that focuses more effort on higher risks; appoint a nominated officer to report suspicious activity; [and] devote enough resources to deal with money laundering and terrorist financing," the guidance said.
HMRC said that senior managers at money service businesses are responsible for carrying out a risk assessment to identify where their business is "vulnerable to money laundering and terrorist financing" and for preparing policies and procedures that outline how the company will manage those risks identified.
In addition, the senior managers must ensure that staff are sufficiently trained to implement the anti-money laundering policies and that systems are in place to "help them" do so. Responsibility for monitoring the effectiveness of the anti-money laundering policy and controls in place, and for updating them with improvements when necessary, also falls to senior managers, according to the guidance.
HMRC said that money service businesses must carry out customer due diligence checks before processing transactions in certain cases, including prior to entering into an ongoing business relationship with a customer, where transactions from customers are occasional only, if they suspect money laundering or terrorist financing activity or where they doubt the reliability or adequacy of the information about customers obtained as part of due diligence checks.
The guidance sets outs the types of checks money service businesses have to carry out in those cases, and references checks to verify customers' identity, the identify of the beneficial owner of the customer who that customer is acting for, and "obtaining information on the purpose and intended nature of a business relationship".
Money service businesses' customer checks might also involve continued monitoring of their relationship with individual customers "to ensure transactions are consistent with what the business knows about the customer, and the customer’s risk profile", HMRC said.
HMRC said that whilst it is likely that a standard due diligence checking process will apply to the majority of a money service business' customers, those companies may have to conduct additional checks on some customers depending on the " the risks and warning signs" identified and assessed.
"The extent of customer due diligence measures depends on the degree of risk," HMRC said. "It depends on the type of customer, business relationship, product or transaction... It goes beyond simply carrying out identity checks to understanding who you’re dealing with. This is because even people you already know well may become involved in illegal activity at some time, for example if their personal circumstances change or they face some new financial pressure. Your due diligence measures should reduce the risk of this, and the opportunities for staff to be corrupted."
"This means that you must consider the level of identification, verification and ongoing monitoring that’s necessary, depending on the risk you assessed. You should be able to demonstrate that the extent of these procedures is appropriate when asked to do so," it said.
HMRC said that customers' identify can be verified electronically, but said that money service business must check at least two sources online to satisfy themselves that a customer is who they say they are and stressed that they must also "verify key facts that only the customer may know, to establish that they are who they say they are".
Copyright © 2014, Out-Law.com
Out-Law.com is part of international law firm Pinsent Masons.
Sponsored: Ransomware has gone nuclear