Understanding risks and taking action for Trust or Company Service Providers

Question 1

TCSP Risk Characteristics

Accepted Answer

The services provided by TCSPs can be used by criminals to:

help obscure the identity of beneficial owners
support the channelling of illicit funds through layers of corporate structure
help obscure the true criminal origin of illicit funds

As a TCSP you must submit a Suspicious Activity Report to the National Crime Agency (NCA) as soon as possible if you know or suspect that a person is engaged in or attempting:

money laundering
terrorist financing

Find out how to submit a Suspicious Activity Report on the NCA website.

Question 2

Money laundering

Accepted Answer

Corporate structures are used globally for money laundering schemes, particularly where they offer a lack of transparency that can be exploited to hide beneficial ownership. UK companies and partnerships are likely to be attractive for money laundering due to the UK’s international reputation for trade and finance and upholding the rule of law. This means those TCSPs who form firms are at risk of these services being exploited for criminal purposes. Beyond firm formation, TCSP services are attractive for money laundering as they provide opportunity to exploit corporate solutions primarily aimed at supporting UK businesses. They also offer criminals the opportunity to:

facilitate fraudulent or illicit business activity
conceal the identities of those controlling organised criminal operations

The nature of TCSP services mean they are both offered and sought by a range of businesses spanning many UK industries. The risk of their exploitation is widespread. A TCSP may not routinely deal directly with a customer’s funds however they are well placed to consider the money laundering, terrorist financing and proliferation financing risks presented by:

the people they deal with
the services they are asked to provide
how they will be used

The money laundering risks posed by the TCSP sector overall have been assessed by the national risk assessment 2020 as high risk. The national risk assessment 2020 assessed that the risk is increased when TCSP services are provided with other financial, legal or accountancy services.

Question 3

Terrorist financing

Accepted Answer

TCSPs are assessed by the national risk assessment 2020 as low risk for use for terrorist financing purposes.

Question 4

Proliferation financing

Accepted Answer

The UKs first national risk assessment of proliferation financing considered specific proliferation financing risks associated with the ease of establishing companies in the UK and gaining access to the UK financial system. It considers that the ease of access to the UK financial system can make UK TCSPs, who form firms or create corporate structures, attractive to criminals who may seek to exploit these services for the purposes of proliferation financing.

TCSPs can also provide access to the UK financial system through shelf companies, sold with already established UK bank accounts. This may allow proliferation-linked operations to finance proliferation-sensitive activities by accessing UK financial services. They may also hide behind UK corporate structures to hide their criminal links to proliferation or to proliferation financing-exposed jurisdictions.

Nominee shareholder or director services provided by TCSPs can be exploited to anonymise beneficial owners of a company. This company may be then used to facilitate proliferation financing.

Question 5

HMRC-supervised TCSPs

Accepted Answer

The services offered by TCSPs that HMRC supervise can include increased and reduced risk levels. Providing a single standalone TCSP service might offer less exposure to potential abuse and the risk may be considered to be reduced.

When coupled with other TCSP services or other risk factors, such as the involvement of a third party outside of the UK, the level of risk increases.

A TCSP must risk assess each TCSP service provided in its own right, and within the context of any additional TCSP services provided.

Many HMRC-supervised TCSPs will supply only one or two TCSP services. These will generally be small, localised businesses including those whose main business activity is as an accountancy service provider. HMRC-supervised TCSPs do not normally provide financial services beyond those of an accountancy service provider, and they do not normally provide legal services.

Additional risk may have developed as a result of the COVID-19 pandemic, where corporate structures and TCSP services may have been utilised by criminals for the abuse of employee support and bounce back loans schemes.

Any changes in the behaviour of customers that requested services during this period, for example, moving from the occupation of physical space to a virtual service, less frequent collection of mail, or changes in commercial activity, should be monitored carefully.

HMRC is the default anti-money laundering supervisor for TCSPs who are not already supervised for TCSP activity by a professional body listed in Schedule 1 of the Regulations or by the Financial Conduct Authority (FCA). This means that a business which is not supervised for anti-money laundering purposes by one of the professional bodies or the FCA must be registered with HMRC for anti-money laundering supervision for TCSP activity before engaging in that activity.

Question 6

TCSP Risk Indicators

Accepted Answer

The following information describes risks that your business may face as a TCSP.

You must consider all of the information in this risk assessment when carrying out your business’s own risk assessment.

Risks common to all TCSPs

1. The service requested or the customer’s business does not appear to be normal business practice, have a valid commercial reason or make any economic sense

Services are requested which have no commercial rationale, particularly where complex services or services across multiple jurisdictions are requested. If there is no obvious reason why the services are being requested, or a customer is secretive about their reason for requesting services, this can indicate an increased level of risk.

A lack of economic sense can be indicated by:

the money flow generated by a company not being in line with its underlying business activities or industry
a company whose primary purpose is collecting funds from various sources for transfer to local or foreign bank accounts which have no apparent ties with the company
the carrying out of transactions that do not correspond with their background
a business continuously making losses
the lifestyle or wealth of a customer or beneficial owner which does not match what you know of their income source

Providing TCSP services on a short-term basis with valid commercial reason to UK-based owner-managed businesses may present a reduced level of risk. This should not be considered in isolation, other factors of the business relationship may increase the risk it presents.

Where you are less familiar with the industry or sector of a customer and associated ‘normal’ business practice, you may be at greater risk of exploitation. This means that you may need more information to understand the commercial viability of the request.

2. The customer or service is from or linked to a High Risk Third Country

High Risk Third Countries are jurisdictions considered by the FATF to have strategic deficiencies in their regimes to counter:

money laundering
terrorist financing
proliferation financing

High Risk Third Countries are included in the following publications on the FATF website and are subject to change:

Find out more information about High Risk Third Countries.

Services provided to or from High Risk Third Countries or customers, intermediaries and third parties who are resident, have their principal place of business, or are incorporated in High Risk Third Countries pose a high risk of:

money laundering
terrorist financing
proliferation financing

You must apply enhanced due diligence measures before you form a business relationship with a person established in a High Risk Third Country.

As the FATF lists are subject to change, there is a risk that that customers you have an existing business relationship with are established in a jurisdiction which may become a High Risk Third Country during the business relationship.

3. The customer or service is from or linked to an overseas jurisdiction

Services provided to or from overseas jurisdictions or customers, intermediaries and third parties who are resident, have their principal place of business, or are incorporated overseas may pose an increased risk of:

money laundering
terrorist financing
proliferation financing

In determining the appropriate customer due diligence or enhanced due diligence measures to take where there is a link to an overseas jurisdiction in a business relationship, you must consider your business’s risk assessment, as well as your assessment of the level of risk arising in that particular case.

Your assessment of the level of risk arising in a particular case must include consideration of the following geographical risk factors in Regulation 33(6)(c) of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

These can indicate, where identified by a credible source, that an overseas jurisdiction poses an increased level of risk:

not having effective systems to counter money laundering or terrorist financing
having a significant level of corruption, terrorism, or supply of illicit drugs
subject to sanctions or embargoes issued by the EU or UN
providing funding or support for terrorism
having organisations designated under domestic sanctions legislation or or if they are proscribed terrorist groups or organisations by the UK
having terrorist organisations designated by the UK, EU, other countries and international organisations
countries that have been assessed by organisations such as FATF, FATF-style regional bodies, World Bank, Organisation for Economic Co-operation and Development and the International Monetary Fund as not implementing measures to counter money laundering and terrorist financing that are consistent with the FATF recommendations

In addition to the geographical risk factors in Regulation 33(6)(c), HMRC considers there may be an increased geographical risk where the overseas jurisdiction:

is not subject to anti money laundering or counter terrorist measures equivalent to the UK
shares a border with a High Risk Third Country as money laundering, terrorist financing or proliferation financing often involves the movement of funds across borders
has limited corporate registration requirements or limited beneficial ownership information requirements (for example, where there is no requirement to update ownership changes)
allows unrestricted bearer share usage
has laws aiding financial secrecy
has high levels of tax evasion
has high levels of capital flight
is a conflict zone

Examples of sources which may help you to consider the risk of an overseas jurisdiction may include:

guidance on the Joint Money Laundering Steering Group website, for example, Annex 4-1 of part 1, on the level of risk in other jurisdictions
guidance and Corruption Index on the Transparency International website
guidance on the Global Witness website
internet searches
news articles and media publications

You should take care to make sure the sources you consider are credible.

Where you consider there is a high risk in a particular case, you must apply enhanced due diligence measures before you form a business relationship.

If an overseas jurisdiction is also a High Risk Third Country, you must apply enhanced due diligence measures before you form a business relationship.

See risk indicator ‘2. The customer or service is from or linked to a High Risk Third Country’.

4. TCSP services are provided with other financial, legal or accountancy services

The addition of these services can elevate the overall risk of a business relationship.

If you are also an accountancy service provider you must identify and assess the risks of your business being exploited for money laundering, terrorist financing or proliferation financing purposes by providing those accountancy service provider services. You must also identify and assess the risks to your business of providing TCSP and accountancy service provider services in combination.

Further information on the risks that your business might face as an Accountancy Service Provider is available in HMRC’s risk assessment of Accountancy Service Providers.

5. Supply Chains — a supply chain is created when a relevant service is provided to an end-user through an intermediary

Supply chains can compound the risks presented by individuals and intermediaries involved with the provision of TCSP services, by placing distance between the service provider and the end user of the service which could be used for the purposes of providing anonymity.

Supply chains can vary in length; they may be either:

short, with a single intermediary acting as a ‘middleman’
lengthy and involving many TCSPs or third parties acting as intermediaries

TCSP services provided through a shorter supply chain may be a sign of a reduced level of risk, than when provided through a lengthy chain with many parties. Other factors, such as the jurisdictions involved and rationale for the service and supply chains involved, will also determine the risks involved.

HMRC expects you to properly assess the risk of each supply chain on the basis of the services, customers, intermediaries and locations in the supply chain, as well as its length or complexity and commercial rationality.

You need to understand why you and others form part of the supply chain and whether this makes commercial sense. HMRC expects TCSPs to properly assess how the risk associated with providing the service as part of a supply chain, may differ from the risks associated with providing the service where there is no supply chain.

Where supply chains involve intermediaries or end users who are based outside of the UK, the risk is further increased as this combines the risk of the service being provided overseas or to High Risk Third Countries with risk inherent to supply chains.

Signs of an increased level of risk are:

supply chains which involve overseas jurisdictions
intermediaries within supply chains who market themselves and their jurisdictions as facilitating anonymity and disguised asset ownership
requests from intermediaries to provide services to their customers that can be used as part of a scheme to disguise income, assets, and ownership
the number of intermediaries in the supply chain or the frequency of requests for services from intermediaries seems excessive
lack of clear rationale to explain why an end user has not approached you directly for the service

6. Forming a business relationship with another business, customer or intermediary, who is undertaking relevant activity under the regulations but is not, or does not appear to be, registered for anti-money laundering supervision for that activity

Business relationships with a business, customer or intermediary who is carrying out relevant activity but is not registered for anti-money laundering supervision for that relevant activity, pose a risk. That entity or person is unlikely to be aware of its obligations under the regulations. It is also unlikely to have measures to appropriately identify and assess, and then effectively manage and mitigate the risk that its services could be exploited for:

money laundering
terrorist financing
proliferation financing

As a result, that entity or person may be at an increased risk of exposure to money laundering, terrorist financing or proliferation financing risks, and therefore those who form business relationships with them are also exposed to these risks.

There is also a risk that the entity or person is deliberately evading scrutiny from an anti-money laundering supervisor, which may be as a result of them actively enabling illicit activity through its services.

Before entering into a business relationship with a business, customer or intermediary who is carrying out relevant activity, you should take appropriate measures to check they are anti-money laundering supervised for that activity. If not, you should not enter into the business relationship.

The appropriate measures you take to check whether their relevant activity is anti-money laundering supervised will vary depending on who their anti-money laundering supervisor should be.

Where they should be supervised by HMRC, you can check whether they appear on HMRC’s supervised business register as supervised for carrying out each type of relevant activity they undertake.

If they do not appear on this register as supervised by HMRC when they should be, or they are carrying out relevant activity which is not reflected in their entry on the register, you should report to HMRC the entity or person you believe should be supervised for their relevant activity, or contact HMRC’s fraud hotline.

7. TCSP services are requested for an entity which appears to be dormant

TCSP services are less likely to be required by entities which are not trading or declared as dormant and consideration should be given to whether a request for TCSP services has a valid commercial rationale and makes economic sense.

Entities used in money laundering schemes may falsely declare themselves dormant to Companies House despite transacting, to disclose less financial information and reduce their exposure to scrutiny.

There is a risk the services are being requested to disguise the entity’s true beneficial ownership or to facilitate the movement of illicit funds, rather than for a legitimate commercial purpose.

8. Services are provided with no face-to-face interaction

Where you meet your customer face-to-face and you are able to review original physical documents before providing services, this can give you greater assurance that the customer is who they say they are.

Where you provide services without meeting your customer face-to-face, this presents a risk that the customer is not who they say they are.

Fraudulent identity or business documents may be provided and may be more difficult to detect when supplied online or remotely.

Where you have regular, face-to-face contact with a customer, this presents a reduced level of risk than where you meet a customer face-to-face initially but there is no ongoing in-person interaction.

Whilst you may have assured yourself of the customer’s identity at the outset of the business relationship, there is a risk that the customer is employed to act for a criminal operation only to obtain the service without arousing suspicion. There is a risk that the ongoing business relationship is with an organised crime group, and this may not be detected where there is no further face-to-face interaction.

The customer due diligence measures you take where there is little or no face-to-face contact must reflect the additional risk.

9. Services are paid for in cash or the customer operates a cash intensive business

Cash is attractive to criminals as it provides anonymity and disguises audit trails. It is more difficult to trace the origin of funds either where cash is used to pay for TCSP services provided or you provide services to a customer operating a cash-intensive business.

Although TCSP services may rarely be paid for in cash as they are often provided and paid for using online platforms, the payment of cash directly into your business bank account from unknown sources can pose an increased risk of money laundering. Monitoring cash payments for services into your bank account to ensure they are from customers who you have authorised to make cash payments can help you to identify payments from unknown sources.

Cash intensive businesses can be attractive tools for criminals to launder illicit cash through, presenting illicit cash as legitimate funds. When providing services to customers with cash intensive operations there is a risk the services are sought to support illicit funds being channelled through the business or to assist in hiding their origin.

Where the volume of cash transacted through the customer’s business is not consistent with what you know about your customers business activity or does not make commercial sense this poses an increased level of risk. Where you form a business relationship with a cash intensive business, monitoring the volume of cash transacted through the business can help you to consider whether the measures you have in place to manage and mitigate the risks posed remain effective.

10. TCSP services are requested for an entity which appears to be a shell company

Shell companies are entities created to protect or hide the assets of another company. They only exist on paper and have no physical location, staff, revenue, or significant assets, but they may have bank accounts or investments. Whilst they are not necessarily illegal, they are often used as part of money laundering operations.

If the commercial purpose of an entity you are requested to form, or provide other TCSP services to appears to be that of a shell company you must consider the risks it will be used for illicit purposes.

Shell companies can be established in overseas jurisdictions where additional secrecy laws help to disguise their beneficial ownership. This makes a shell company an attractive tool to create or use to conceal illicit funds, evade sanctions, and circumvent anti-money laundering measures.

If the beneficial owner is not immediately identifiable, this poses a risk the shell company is being used to disguise their identity and connections with illicit activity they may be undertaking.

Signs of an increased level of risk are where funds are being transferred into or through the shell company in the form of ‘loans’ to individuals from trusts and non-bank shell companies, facilitating a system of regular transfers from the individual recipients of the loans in the form of repayments.

11. Frequent changes to beneficial ownership or those acting in roles such as directors and shareholders

Changes to the controlling parties of an entity, which are not consistent with the purpose you understood when the business relationship started, can be a sign of a firm being used for illicit purposes.

12. Dealing with, interacting with or forming a business relationship with, an individual or organisation which could be a professional enabler

The majority of firms and practitioners offering professional services take action to comply with professional and regulatory obligations, such as those under the Money Laundering Regulations 2017 where applicable, and help to prevent criminals exploiting these services. Some have been known to facilitate economic crime and other criminal offences, for example fraud, and drive serious and organised crime in the UK.

They may also enable criminality through negligence of their own compliance with professional and regulatory obligations. This is group is known collectively as professional enablers.

Professional services includes but are not limited to:

accountancy services
financial services
trust or company services
legal services
estate agency
art market participants

You are providing professional services if you are carrying out relevant activity as a TCSP.

There is a risk that you may deal with these ‘professional enablers’ through the course of your business and may be at an increased risk of exposure to money laundering, terrorist financing or proliferation financing risks when dealing with them. They may deliberately seek to exploit your services or any weaknesses in your professional and regulatory compliance procedures, to enable criminality. They may also expose you to these risks through neglect of their own compliance.

You should not assume that all professional service providers will take the same approach to their regulatory and professional obligations. Professional enablers are known to be highly adaptable and are likely to have an understanding of your regulatory obligations. They may seek to exploit your trust that your peers in professional service sectors are meeting their own regulatory and professional obligations and are unlikely to be enabling criminality.

It can be difficult to identify professional enablers, but you can be vigilant to risks associated with their behaviours.

Signs of an increased level of risk are:

individuals or organisations who undertake relevant activity under the Money Laundering Regulations 2017 but do not appear to be anti-money laundering supervised
individuals or organisations who in relation to their regulatory or professional obligations (including but not limited to the Money Laundering Regulations 2017):
- appear to take shortcuts or attempt to circumvent compliance procedures
- exhibit dishonest, improper or reckless behaviour
- appear negligent

See risk indicator ‘6. Forming a business relationship with another business, customer or intermediary, who is undertaking relevant activity under the Regulations but is not, or does not appear to be, registered for anti-money laundering supervision for that activity’.

Risks relating to providing Multiple TCSP Services

The risk increases the more TCSP services that are provided, as the opportunity for criminals to reduce transparency of ownership or control, or add layers within a corporate structure will be increased. Each combination of TCSP services can provide different opportunities for criminals to exploit them together.

13. A TCSP is asked to provide multiple services with little commercial basis

TCSPs often provide ‘packages’ of services which together aid in the setup and onward administration of a corporate structure, for example, forming a company, and including the supply of a registered office address and a mail forwarding service.

Once a firm has been formed, it is usually expected that director or other nominee roles within the corporate structure are transferred to the customer. If this not the intention of the customer, the commercial rationale behind this should be considered. The combined services may be being used to place layers between a company and its beneficial owners.

Signs of an increased level of risk when being asked to provide multiple services include:

there is little commercial basis for the request, in particular from overseas intermediaries
a request for services over a longer period of time than would normally be expected

14. The TCSP is providing multiple services to overseas beneficial owners or intermediaries

A beneficial owner seeking a range of TCSP services that distances them from the legal entity can be a sign of an increased level of risk.

See risk Indicator ‘2. The customer or service is from or linked to a High Risk Third Country’.

See risk Indicator ‘3. The customer or service is from or linked to an overseas jurisdiction’.

Risks relating to Firm Formation

A firm formation agent is a business involved in the supply of the service of forming firms for customers.

15. Firms formed that may become part of a corporate structure not wholly based within the UK

Customers may request the formation of UK firms which may become part of a corporate structure partially based in an overseas jurisdiction or based across multiple other overseas jurisdictions.

Tracing ownership and control is more difficult where corporate structures are not wholly based within the UK.

These requests could indicate attempts to avoid the levels of corporate transparency that would be typical for a structure based wholly in the UK, such as scrutiny of a business’s activity, ownership and financial arrangements across its corporate structure.

This could indicate attempts to make it more difficult for funds being channelled through the corporate structure to be traced, or for the ultimate beneficial owners of the business to be identified.

In particular, the risk is high where the corporate structure will be wholly or partially based in a High Risk Third Country as they are more likely to be linked to:

money laundering
terrorist financing
proliferation financing

See risk indicator ‘2. The customer or service is from or linked to a High Risk Third Country’.

See risk indicator ‘16. Firms formed that may become part of a complex or unusual corporate structure’.

16. Firms formed that may become part of a complex or unusual corporate structure

A complex corporate structure refers to a firm or network of firms, where there is no immediate transparency of its ultimate ownership or control. For example, it has several layers of:

indirect ownership
subsidiaries
divisions

It also may have multiple:

shareholders
corporate officers
persons with significant control

Customers requesting firms to be formed which may become part of an unusual or unnecessarily complex corporate structure may be a sign of an increased level of risk.

This could be a sign of attempts to make it more difficult for funds being channelled through the corporate structure to be traced, or for the ultimate beneficial owners of the business to be identified.

Tracing ownership and control is more difficult where corporate structures are complex or unusual. This is particularly the case where a corporate structure extends overseas.

See risk indicator ‘15. Firms formed that may become part of a corporate structure not wholly based within the UK’.

17. Wholesale type or bulk formations or single formations in close succession

Multiple formations in one request from a customer can be a sign of an attempt to use firms as layers to hide or channel funds through if there is no commercial rationale.

The firms may be being used to open a large number of bank accounts across different jurisdictions to facilitate the movement of illicit funds.

A customer making a series of requests for formations over a short time period are also signs of attempts to avoid additional scrutiny they may have been subject to, had they made a request for multiple formations at one time.

Monitoring the volume or frequency of requests for formations from customers, can help you to consider whether these are consistent with what you know about your customer’s business activity. This can also help you to consider whether the measures you have in place to manage and mitigate the risks your business is subject to remain appropriate.

18. Requests for ‘shelf’ firms — these may also be known as ‘aged’ firms

Shelf firms are those which have been previously formed and time has passed since their formation.

A shelf firms’ company history will vary in its attractiveness for use by criminals. Those with older incorporation dates are more likely to be attractive than firms more recently formed. Older firms with established banking or credit facilities are more likely to be attractive over those which are younger and may not have these.

These firms may be less likely than a newly formed firm to attract scrutiny when bank accounts, investments or other financial services are subsequently sought, making them attractive for criminals to acquire.

A customer requesting a shelf firm as opposed to seeking a new firm formation can therefore be a sign of an increased level of risk.

19. The forming of firms that have no obvious commercial purpose

If there is no obvious commercial purpose for a formation being requested, this is signs of an increased level of risk.

This may include, for example, where a customer requests a firm formation, despite having multiple dormant companies already listed on Companies House.

Whilst there may be a legitimate explanation for a customer having multiple dormant companies, these may be falsely declared as dormant.

See risk Indicator ‘7. TCSP services are requested for an entity which appears to be dormant’.

20. The customer is secretive about the reasons for, and the way a company structure is being set up

Any evasive action by a customer could indicate an increased level of risk.

You must apply appropriate customer due diligence measures before services are provided and a business relationship is formed and you will need to take action to support this legal obligation as well as make a commercial decision as to whether to act for a customer.

21. The customer favours legal entities that are not transparent or do not require registration of beneficial ownership information

This can be a sign of an attempt to obscure beneficial ownership.

This is more likely where an overseas formation is being requested.

In the UK, companies must register beneficial ownership information with Companies House. An overseas entity must register any land or property it holds in the UK on the Register of Overseas Entities.

Overseas jurisdictions may not have similar requirements, making them more attractive to those seeking entities where the identity of beneficial owners or origin of illicit funds it holds or moves may be more easily obscured.

See risk indicator ‘15. Firms formed that may become part of a corporate structure not wholly based within the UK’.

22. Unexpected changes to a firm shortly after formation, for example, directors and shareholders

Changes to the controlling parties or the commercial activity of an entity, shortly after formation, which are not consistent with the purpose you understood when the formation request was made can be a sign of a firm being formed for illicit purposes.

You may have been provided with false information on the intended purpose and nature of the firm being formed, or its controlling parties, as they may be part of criminal operations.

Where your business relationship with a customer continues beyond the formation of a firm, (such as provision of other TCSP services) part of your obligations under the Regulations includes considering changes to that firm’s activity or ownership and any additional risk they present.

Risks relating to director services

‘Director services’ refers to acting as, or arranging for someone to act as, the director of a company. The role is commonly known as a ‘nominee director’, though it is also possible to be a nominated partner in a partnership, or similar capacity in another type of legal arrangement. Legal responsibility still sits with the beneficial owner who will expect the nominee to make business decisions in line with their instructions.

Director services may be used as an administrative tool during merger negotiations for example, where a neutral party acts until all legal requirements are completed and company control is handed back to a customer.

If you are being asked to provide director services for a prolonged period of time, not just during the formation period or during a period of change, a TCSP will need to be satisfied it knows:

on whose behalf it is acting
who the beneficial owner of the business is
the rationale for that prolonged service provision

A TCSP should understand the business it is providing the service to and satisfy itself that any transactions that it is required to approve as a nominee director are commercially sound and legitimate.

Whilst there may be legitimate reasons why a beneficial owner of a business may want to remain anonymous, it can also be part of a process to disguise misuse of funds. There is also a risk that a disqualified director may use another person to act in their place.

As part of your risk assessment you may want to check Companies House’s list of disqualified directors to protect your business from accusations of acting as a ‘sham’ director.

23. Appointed nominee directors lack understanding of the business activity or oversight of its operations or transactions

Where you act (or you arrange for someone to act) as a nominee director for a business, the nominated person should have oversight of the customer’s business bank accounts and business operations.

A lack of understanding, or lack of oversight of the customer’s operations and their banking activity, reduces the ability of nominees to identify suspicious or unusual activity or transactions, and could therefore indicate an increased level of risk.

Where the customer has bank accounts in the name of their business in overseas jurisdictions but oversight and control of these by a nominee director is not available this presents a further risk.

Monitoring incoming and outgoing payments through the business you act as a nominee for (or you have arranged a nominee to act for), can help you to consider whether these are consistent with what you know about your customer’s business activity and the reason a nominee service is in place.

This can also help you to consider whether the measures you have in place to manage and mitigate the risks your business is subject to remain appropriate.

24. Appointed nominee directors are acting for multiple companies

Where you act (or you arrange for someone to act) as a director, that nominated person is expected to dedicate appropriate time and resource to fulfil the duties of the role. Acting for multiple companies can increase the risk of the nominee service being exploited.

The ability of nominees to identify suspicious or unusual activity or transactions alongside the duties of the role may be compromised where they hold multiple appointments and could therefore indicate an increased level of risk.

The national risk assessment 2020 indicates high risk where a nominee acts for 20 or more companies.

25. Requests to provide nominees to act for multiple companies which are connected or have common beneficial owners

Requests to act for more than one firm, which share either a common beneficial owner or a common group of beneficial owners, can be a sign of attempts to obscure relationships between firms they own.

26. Requests for excessive or unnecessary provision of nominees, where there is no clear business need for the service

The customer may be using this service to distance themselves from the company and avoid detection.

Risks relating to company secretarial services

‘Company secretarial services’ refers to acting as, or arranging for someone to act as, the company secretary of an entity. A company secretary is responsible for the statutory compliance obligations of a corporate entity.

While the requirement for UK companies to have a company secretary has been removed for most companies, some will still need one. Those UK companies that do require one or decide to appoint one will generally present a reduced risk, such as public limited companies.

Jurisdictions other than the UK, may also require companies to have a company secretary. The risk is increased where this service is provided to jurisdictions other than the UK.

27. Appointed company secretaries lack understanding and oversight of the business activity, or the knowledge and experience required to effectively discharge the functions of the role — this includes where company secretarial services are provided to overseas companies

A lack of requisite knowledge and experience, or oversight of the business activity to effectively discharge functions as secretary of a company, poses a risk that the Company Secretary’s ability to identify suspicious or unusual activity or transactions related to money laundering, terrorist financing or proliferation financing may be compromised.

This is particularly the case where the company is based outside of the UK, and the requirements of the company secretary role differ from those as set out in UK legislation. There is a risk that an appointed person may not have sufficient understanding of, or competence with, the requirements for that jurisdiction and ability to identify where non-compliance with these requirements may be related to money laundering, terrorist financing or proliferation financing activity.

Risks relating to Shareholder Services

‘Shareholder services’ refers to acting as, or arranging for someone to act as, a nominee who holds shares on behalf of a firm’s beneficial owner. This is a commonly used service during a firm’s formation for administrative purposes. It may also be used for investment management purposes, for example where investment houses or stockbrokers hold shares in discretionary portfolios, an investment manager may make investment decisions on behalf of the beneficial owner of the shares.

While there may be legitimate reasons why a beneficial owner of a business may want to remain anonymous, it can also be part of a process to disguise misuse of funds.

Providing shareholder services for multiple companies with common owners may present a risk in that the beneficial owners may not wish their business relationships to be open to scrutiny. In providing such services, a TCSP needs to have awareness of local reporting requirements in the jurisdiction where the company is resident, for example, any equivalent of the UK’s register of persons with significant control.

28. Being asked to act as a nominee shareholder for a prolonged period of time

Requests to act for a period beyond a firm’s formation, or in circumstances where a nominee shareholder would not normally be necessary, without a valid commercial rationale can indicate an increased level of risk. This may indicate a nominee shareholder service being sought to obscure the identities of those controlling organised criminal operations.

29. Providing shareholder services for multiple firms with common beneficial owners

Requests to act for more than one firm, which share either a common beneficial owner or a common group of beneficial owners, without a valid commercial rationale can be signs of attempts to obscure relationships between firms the beneficial owners control.

30. Excessive or unnecessary use of nominees, no clear business need for the service

Where there is no valid commercial rationale the customer may be seeking this service to distance themselves or its beneficial owners from the company and avoid detection.

Risks relating to Virtual Office Services

‘Virtual Office services’ involve the provision of an official address for a company or other legal entity to use and may include forwarding or arranging collection of any mail received. These services can often be found offered alongside ‘serviced office services’ (which are not within the scope of the Regulations) such as the hire of physical office space for meetings and telephone answering.

It is possible that customers of serviced office services (out of scope) begin to use access to a premises for virtual office services (in scope).

A TCSP offering both types of services needs to understand which of its activities fall into scope of and require its compliance with the Regulations, but also to allow it to appropriately identify and assess the risks this poses to its business.

Where both virtual and serviced office services are provided by a TCSP, it is likely that access to its premises is available to customers of either service.

Monitoring access to your premises by customers can help you consider how a customer is using your services in practice, whether this aligns with the services you have agreed to provide to them, and help you to comply with the Regulations in respect of any in scope activity you undertake.

31. Minimal or no face-to-face contact

Where you have regular, face-to-face contact with a customer using virtual office services, this presents a reduced level of risk than where a customer is never met face to face or is met face-to-face initially but you have no ongoing in-person interaction.

This includes customers who initially request serviced office services, for example the hire of meeting rooms or office space, but then do not use them and there is no longer an ongoing physical presence. There is a risk that physical office services are sought, with the customers intention only to use them as virtual office services; this may be to avoid the customer due diligence measures that using a virtual office service will require you to undertake. It is known that in the early days of certain types of fraud there is a great deal of activity, which then lessens, and the perpetrators reduce their presence.

Physical interaction can help mitigate risks of the customer using fraudulent documents, masquerading as someone else, or changing how the services are used.

Where virtual office services are provided overseas, or provided through a supply chain, the risk of the services being used for the purposes of money laundering, terrorist financing or proliferation financing may be increased.

See risk Indicator ‘2. The customer or service is from or linked to a High Risk Third Country’.

See risk Indicator ‘3. The customer or service is from or linked to an overseas jurisdiction’.

See risk Indicator ‘5. Supply Chains’.

See risk Indicator ‘8. Services are provided with no face-to-face interaction’.

32. Physical collection of mail by unknown persons, or frequent changes in persons collecting

The personnel of criminal organisations may change regularly to avoid detection.

Frequent changes to those collecting mail, or collections by unknown individuals without a valid and reasonable commercial rationale may be signs of abuse of the service, or that there have been changes to the customer’s beneficial ownership which have purposefully not been declared.

Monitoring the individuals collecting, or the frequency of collections, can help you to consider whether these are consistent with what you know about your customer’s business activity and its beneficial ownership. This can also help you to consider whether the measures you have in place to manage and mitigate the risks your business is subject to remain appropriate.

33. Regular forwarding of large volumes of mail

Without a valid commercial rationale, this can be a sign of use of the address to support fraud schemes, such as investment frauds and particularly those that are promoted with long term returns.

Potential victims are often contacted by mail and perpetrators will issue letters to engage recipients in large volumes. This is to increase the pool of potential victims perpetrators can reach, knowing it is likely only a small proportion will respond.

Changes to the volume or frequency of mail received on behalf of a customer without a valid commercial rationale can also be signs of an increased level of risk.

Monitoring the volume of or frequency of mail forwarded to customers, can help you to consider whether these are consistent with what you know about your customer’s business activity. This can also help you to consider whether the measures you have in place to manage and mitigate the risks your business is subject to remain appropriate.

34. Multiple addresses supplied to the same or connected businesses

Without a valid commercial rationale, this may be a sign of an attempt to make a business involved in illicit activity appear more reputable, more substantial than it is, or to create an impression to its customers that they are dealing with a local company.

Potential victims of fraud schemes may be more likely to trust businesses with such attributes and the virtual office services may therefore have been sought with that purpose, to facilitate those illicit activities.

Where you are asked to supply multiple addresses to connected businesses, or businesses with a common beneficial owner, it can be a sign of attempts to disguise links between those persons and businesses from parties they deal with. Without a valid commercial rationale this may indicate an increased level of risk the customer is involved in:

money laundering
terrorist financing
proliferation financing

Monitoring the number of or links between requests for virtual office services can help you to consider whether these are consistent with what you know about your customer’s business activity. This can also help you to consider whether the measures you have in place to manage and mitigate the risks your business is subject to remain appropriate.

35. Virtual office services being used by persons or companies unknown to a TCSP

A virtual office service, such as a registered office address, offered by a TCSP might be used by a person or company without the knowledge or express authorisation of the TCSP.

Receiving mail for unknown persons or companies, or discovering that unknown persons or companies are listing their address as that of a TCSP without express permission, indicates an increased level of risk.

This can be a sign of attempts by a criminal organisation to use your address to hide their real location and activity, or to obscure the ability of law enforcement to trace its beneficial owners.

Known customers of a TCSP (those who have express authorisation to use the address service) might also ‘sub-let’ the address service without that TCSPs express authorisation or payment, for example, by allowing their own clients to also use it as their registered office address.

Whilst this could be to avoid paying a TCSP additional fees, the customer which is known to the TCSP may have initially engaged that service by acting as the ‘frontman’ for their own clients; these clients could be looking to avoid customer due diligence measures which may expose links to illicit activity or the identities of their beneficial owners.

Monitoring the recipients of mail you receive can help you to consider whether your services are being sub-let or used by those without your express permission. This can also help you to consider whether the measures you have in place to manage and mitigate the risks your business is subject to remain appropriate.

You must report any material discrepancies in the information recorded on Companies House and the information you collect as part of your customer due diligence measures for customers, where the discrepancy could reasonably be considered to be linked to money laundering or terrorist financing or to conceal details of the business of the customer.

Risks relating to Trust services

‘Trust services’ refers to acting, or arranging for another person to act, as a trustee of an express trust or similar legal arrangement, also known as acting as a ‘professional trustee’. A Professional trustee should assess the extent to which it is free to act in the best interest of the beneficiaries and without undue influence of the settlor or any other third party.

The beneficial ownership of most trusts must be declared to the Trust Registration Service. Where you form a business relationship with a trust, your customer due diligence measures must include obtaining proof of the trust’s registration. You must report any material discrepancies between the proof of registration you obtain and the information you collect as part of your customer due diligence measures for customers, where the discrepancy could reasonably be considered to be linked to money laundering or terrorist financing or to conceal details of the business of the trust.

A professional trustee must understand the nature and purpose of the trust, so that it can be clear on the intended usage of the trust and its assets to then be vigilant to risk of its exploitation for illicit purposes. A professional trustee should have oversight to identify where bank accounts or assets may be being used for non-trust purposes.

Trusts which may present a reduced risk, include those where the source of funds is clear, for example those for:

disabled persons
life interest
charities
share schemes
company pension funds

The national risk assessment 2020 considers the not-for-profit sector as low risk for money laundering. However, if acting as a professional trustee of a charity you should have appropriate measures in place to confirm the nature and purpose of the charity, and if a newly established charity, evidence that it can meet its objectives, the source and control of its funds, and that appropriate decision-making processes are in place.

36. The source of the trust’s funds or assets is not clear

This could indicate an attempt to obscure beneficial ownership of assets or to conceal the proceeds of crime.

37. Professional trustees lack oversight of bank accounts to identify where they are being used for non-trust purposes

This reduces the ability of professional trustees to identify suspicious or unusual activity or transactions which indicate the trust is not being used for its intended purpose.

Where you act (or you arrange for someone to act) as a professional trustee that nominated person should have oversight of the trust’s bank accounts and operations.

A lack of understanding, or lack of oversight of the trust’s operations and their banking activity, reduces the ability of professional trustees to identify unusual activity or transactions which indicate the trust is not being used for its intended purpose. and therefore indicates an increased level of risk.

Where the trust has bank accounts in other jurisdictions but oversight of these by a professional trustee is not available this presents a further risk.

Monitoring incoming and outgoing payments through the trust a professional trustee is acting for can help you to consider whether these are consistent with what you know about the trust’s purpose and activity and the reason a trust service is in place. This can also help you to consider whether the measures you have in place to manage and mitigate the risks your business is subject to remain appropriate.

38. Where settlor, beneficiary or other persons have significant control over the assets and or income of the trust

Where a professional trustee is pressured or influenced to manage assets in an alternative way to that which was advised as the intended use of the arrangement when the business relationship began, this could be a sign of the trust having been setup to legitimise illicit movement of funds, or the professional trustee service having been acquired to obscure the identity of its beneficial owners.

Cookies on GOV.UK