How to manage disruption to the administration of documents used for identification and verification as part of AML procedures.
Part 3 of the Money Laundering Regulations outlines the requirements of customer due diligence (CDD) obligations. Verifying the identity of the client (demonstrating that they are who they claim to be) by obtaining documents or other information from independent and reliable sources, wherever possible, is one of the requirements stated in the legislation.
Covid-19 lockdown has disrupted the administration of documents used for identification and verification. Firms should consider whether their policies and procedures will need to be adapted to take this into account, having been risk assessed and documented accordingly. See, for example, the press release relating to the extension of the validity of photocard drivers’ licences.
HMRC has the following guidance: ‘If you are presented with a recently or soon to be expired official photo ID (expiry date between 1 February and up to 31 December), you may accept it, if you are satisfied it confirms the identity of your customer'.
In September, CCAB published the updated (draft) Anti-Money Laundering Guidance for the Accountancy Sector (AMLGAS). The guidance covers the changes to the Money Laundering and Terrorist Financing Regulations 2017 introduced as a result of the implementation of the 5th Money Laundering Directive (5MLD). This is a draft document pending approval from HM Treasury.
Accountants are reminded that electronic verification is acceptable, but when choosing an electronic verification service provider, they should note the guidance included in the CCAB guidance which states:
5.4.18 Before using any electronic service, firms should ensure they understand the basis of the systems they use and question whether the information is reliable, comprehensive and accurate. The process should be secure from fraud and misuse and capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity, to a degree that is necessary for effectively managing and mitigating any risks of money laundering and terrorist financing. Consider the following:
Does the system draw on multiple sources? A single source (eg the electoral register) is not usually sufficient unless there are additional controls to validate the information. A system that combines negative and positive data sources is generally more robust.
Are the sources checked and reviewed regularly? Systems that do not update their data regularly are generally more prone to inaccuracy.
Are there control mechanisms to ensure data quality and reliability? Systems should have built-in data integrity checks which, ideally, are sufficiently transparent to prove their effectiveness.
Is the information accessible? It should be possible to either download and store search results in electronic form or print a hardcopy that contains all the details required (name of provider, original source, date, etc.). It is sufficient to have a record of the issuer of a document and its unique identifier, it is not necessary to have a reproduction of the original document.
Does the system provide adequate evidence that the client is who they claim to be? Consideration should be given as to whether the evidence provided by the system has been obtained from an official source, eg certificate of incorporation from the official company registry, or passport.
View further guidance on Customer Due Diligence, CCAB AMLGAS and other Anti Money Laundering related matters.
