CIOT and ATT are aware that members may be minimising physical contact with existing and new clients as part of efforts to reduce exposure to COVID-19. It may therefore be helpful to have a reminder of how to meet CDD requirements where clients are not met face to face.
As a starting point remember that The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 as amended (the Regulations) require a risk based approach and the assessment of risk has an impact on the level of CDD required.
Members take a variety of approaches to meeting the CDD requirements with a growing number of firms using electronic Identification verification and others sticking to more traditional methods. Guidance is set out below in relation to both and members should remember that an appropriate record of the steps taken and/or copies of the evidence obtained to identify the client should be kept.
What are my CDD options if I can no longer meet the client face to face?
A number of firms require clients to come into their office with the identification documentation in order to meet CDD requirements. Where face to face contact is not possible members might want to consider the following options:
- Use of Skype video call and similar programmes would enable you to interact with a client in much the same way as a physical meeting. If a client emails you a copy of their identity documentation etc they could show you the originals during a call and of course having sight of the client as part of the Skype video call will enable you to confirm the passport does relate to that individual. Ensure you are particularly mindful of GDPR and data protection requirements in your handling of documents emailed to you.
- This could be the time to explore use of electronic ID verification packages. For further guidance on factors to consider when choosing and using electronic verification packages please see below.
- It is acceptable to have certified copies of client due diligence so if another professional such as a solicitor is involved with the client they may be able to provide certified copies of CDD and if they could email this to you then that would also avoid any physical contact. Clearly it might not be an option for an individual to visit another professional to get documents certified.
- The Post Office also provide an identity document certification service. Again this may not be a practical option where clients need to remain isolated at home but may be useful where clients have the ability to get to local shops.
- If other forms of identity verification are not possible you might want to consider asking the client to email copies of their documents and undertake additional checks such as:
- Google searches identifying any public information about the client.
- References or other confirmatory information from trusted professionals who have worked with the client.
- making telephone contact with the client on a home or business number which has been verified electronically.
- requiring the client to pay you through an account held in their own name with a UK or EU regulated credit institution or one from an equivalent jurisdiction.
- Ensure you are checking to make sure the client is not on the list of organisations and individuals subject to financial sanctions can be accessed on the Treasury website or the Home Office’s Proscribed terrorist groups or organisations
What guidance is there on use of electronic verification?
Electronic verification can be relied on for identity verification provided the electronic process is free from fraud and provides sufficient assurance of the identity of the individual. Therefore, those members using an appropriate electronic ID provider may find it considerably easier to meet CDD requirements in circumstances where they are unable to meet clients. Note that use of electronic ID packages is not mandatory under the Regulations although the CIOT and ATT have been aware that some of the providers have suggested this to be the case in their publicity literature.
Lists of some of the electronic id providers available can be found on the website here. When choosing an electronic verification service provider you should note the guidance included in AML Guidance for the Accountancy Sector (AMLGAS):
“5.3.42 Before using any electronic service, question whether the information is reliable,
comprehensive and accurate. Consider the following:
- Does the system draw on multiple sources? A single source (e.g., the electoral register) is not usually sufficient. A system that combines negative and positive data sources is generally the more robust.
- Are the sources checked and reviewed regularly? Systems that do not update their data regularly are generally more prone to inaccuracy.
- Are there control mechanisms to ensure data quality and reliability? Systems should have built-in data integrity checks which, ideally, are sufficiently transparent to prove their effectiveness.
- Is the information accessible? It should be possible to either download and store search results in electronic form, or print a hardcopy that contains all the details required (name of provider, original source, date, etc.).
- Does the system provide adequate evidence that the client is who they claim to be? Consideration should be given as to whether the evidence provided by the system has been obtained from an official source, e.g., certificate of incorporation from the official company registry.”
What about enhanced due diligence requirements?
Members are reminded that enhanced due diligence may be necessary for some clients and in these cases more due diligence is required and the member may need to use more than one of the above methods to ensure they have obtained adequate CDD. Relevant clients include those who are Politically Exposed Persons, where there is a transaction and either of the parties is established in a high risk third country or where clients are high risk of being involved in money laundering or terrorist financing based on the high risk factors set out in the Regulations.
There are a number of risk factors set out in the Regulations which should be considered when deciding if there is a high risk of the client being involved in money laundering or terrorist financing. Following the changes in January 2020 this now includes a new high risk factor which relates to clients not met face to face and not subject to electronic identification verification. Enhanced due diligence may be required in these cases although the circumstances would need to be considered alongside other risk factors and the Regulations would not have been drafted taking into account the practical impact of COVID-19. Firms should make sure they are risk assessing individual clients and can explain the assessments reached.
If supervised firms have any other queries relating to CDD or other areas of AML compliance then they should contact the Professional Standards team aml [at] att.org.uk.