AMLG2500 - Sector Specific Guidance: Trust or Company Service Provider Guidance
1. Who is this Guidance For?
This guidance should be read in addition to Parts 1 and 3. The following applies to TCSPs supervised by HMRC under the Regulations, but it may be referenced by TCSPs supervised by other Money Laundering Supervisors.
We use the term “illicit finance” in this guidance to mean money laundering, proliferation financing and the financing of terrorism.
2. TCSP Definition
TCSP is the term used to describe a firm or sole practitioner who by way of business in the UK provides any of the following services to other persons:
Formation services, including selling an off-the-shelf firm
Acting, or arranging for another person to act, as
a director or secretary of a company
a partner of a partnership (or in a similar capacity for other legal persons)
a trustee of an express trust or similar legal arrangement
a nominee shareholder for another person, unless the other person is a company listed on a regulated market which is subject to acceptable disclosure requirements.
Providing a registered office, business address, correspondence address or administrative address for a company, partnership, or other legal person or arrangement.
3. Complying with the Regulations as a TCSP
TCSPs must comply with the Regulations. You must not carry out any TCSP activity unless you:
are registered and approved for supervision as a TCSP with HMRC,
are an FCA authorised firm or,
are supervised for TCSP services by a Professional Body that is listed in Schedule 1 of the Regulations.
4. Fit and Proper Checks
When TCSPs apply to be supervised by HMRC they are subject to the Fit & Proper test.
TCSPs and their beneficial owners, officers and managers (BOOMs) are required to undergo Fit & Proper checks to carry out relevant activity in the sector.
A TCSP must not carry on business until its Fit & Proper checks have been processed by HMRC, and the business’s registration is confirmed.
Carrying out relevant activity before Fit & Proper checks have been concluded is a breach of the Regulations and can result in a civil or criminal sanction.
Please see the Fit and Proper Guidance for more information on the fit and proper test.
5. National Risk Assessment (NRA)
The NRA assesses the risk of money laundering through TCSPs to be high.
TCSPs are not necessary for the abuse of legal entities and arrangements for illicit purposes, but they can assist in their exploitation, for example by creating the complex structures which impede investigations or obscure beneficial ownership.
The NRA assesses the risk of terrorist financing through TCSPs to be medium.
The risk involves trusts, partnerships and companies that might receive money from businesses whose funds are linked to terrorist activity. For example, a client receiving money from a company that operates in a high-risk area and pays protection money to a terrorist group, or buys form a supplier connected to a terrorist group. TCSP services can also be used to help obscure the genuine destination of funds.
Please read the NRA for further information on risks for TCSPs. For further details of the specific risks TCSPs face for money laundering, terrorist financing and proliferation financing, please see Part 3.
The NRA is a central part of the UK’s “risk-based approach” to countering ML and TF. The NRA sits alongside System Prioritisation which aims to publish a list of economic crime priorities to inform public-private resource. These are intended to support the regulated sector to effectively allocate their internal resources on a cost-neutral basis while maintaining their regulatory responsibilities.
Typologies in the NRA should be read in conjunction with the priorities published by the NECC & FCA under System Prioritisation. These priorities are intended to provide context to the risks in the NRA and provide more detail on the priority areas some sectors should note for certain typologies. The priorities are expected to be reviewed annually as well as on publication of a new NRA. When the priorities are published guidance will be provided on how to relate these to each NRA typology.
You should take account of the system priorities and pay particular attention to anything which might fall into one of the priority categories, making a meaningful SAR where possible, given these activities are of key interest to law enforcement.
6. Proliferation Financing
For general information on proliferation financing and the National risk assessment for proliferation financing (PF NRA), please see Part 1 of this guidance.
The PF NRA states that the ease of access to the UK financial system and creation of corporate structures can make UK TCSPs attractive to exploitation.
TCSPs can provide companies access to the UK financial system through shelf companies, sold with already established UK bank accounts. This may allow proliferation-linked companies to access financial services in proliferation and PF-exposed countries.
Provision of nominee shareholder or director services provided by TCSPs can be exploited to increase the anonymity of the beneficial owners of a company, which can then be used for proliferation financing.
TCSPs must be aware of proliferation financing (PF) and assess the risk their business faces from PF in their risk assessment, training, and policies, controls and procedures (PCPs).
7. How can TCSPs be used for Illicit Finance?
Money laundering takes many forms. The services provided by TCSPs can be used to help obscure the identity of beneficial owners and support the channelling of illicit funds through layers of corporate structure, hiding their true criminal origin.
Here are some examples of how the TCSP sector can be used to facilitate money laundering:
Forming firms with complex structures, or those formed across jurisdictions, provides opportunity for criminal funds to be channelled through several layers, making it more difficult for law enforcement to trace or recover.
Provision of a registered office address can be used to distance a business from its operating location(s) and present a more reputable image.
Off-the-shelf firms, particularly aged ones, can be used to provide an air of legitimacy to shell companies used to transfer illicit funds.
Nominee services can help provide anonymity to those in control of a business.
Multiple Services:
Using multiple TCSP services or services in volume, can compound the risk of money laundering presented – they can be utilised by criminals to disguise or legitimise parts of organised criminal networks.
For example:
A range of TCSP services being requested by a firm to add additional ownership obscurity and layers to a corporate structure, without commercial basis.
A service being requested in volume, with little commercial basis, such as for multiple or bulk company formations to the same or connected clients.
8. Customer Due Diligence
For general information on CDD please see Part 1 of this guidance.
9. Timing of CDD
Appropriate CDD must be undertaken at the time that a business relationship is established. There are no occasional transactions for TCSPs.
10. Business Relationships in the TCSP Sector
You must conduct appropriate Customer Due Diligence (CDD) when establishing a business relationship with a customer. Please refer to Part 1 for further information on appropriate CDD requirements.
For a TCSP, provision of the following services constitutes a business relationship, regardless of whether or not the relationship with the customer is expected to have an element of duration:
Provision of formation services, including the sale of pre-formed or off-the-shelf firms, for other persons
Acting, or arranging for another person to act, as:
a director or secretary of a company
a partner of a partnership (or in a similar capacity for other legal persons)
a trustee of an express trust or similar legal arrangement
a nominee shareholder for another person, unless the other person is a company listed on a regulated market which is subject to acceptable disclosure requirements
Providing a registered office, business address, correspondence address or administrative address for a company, partnership, or other legal person or arrangement, will by its nature have an element of duration, and constitutes a business relationship.
This means all TCSP services constitute a business relationship.
11. Supply Chains in the TCSP sector
Supply chains in the TCSP sector present additional risks which you must consider as part of your risk assessment. They also present an additional consideration for you in determining who your customer is (or customers are) for the purposes of applying appropriate customer due diligence measures.
12. What is a Supply Chain?
A supply chain is created when a relevant service is provided to an end-user via an intermediary.
This will be the case where you provide your relevant services to an intermediary for their clients to use. It will also be the case when you obtain a relevant service from an intermediary to provide to your clients.
The intermediary may be a TCSP themselves, or another type of entity.
For example, where you provide the use of a registered office address to one of your clients, who is an intermediary, who then provides the use of that registered office address onwards to its own clients for their use, a supply chain is formed.
You are also part of a supply chain, if you are the intermediary, obtaining a registered office address from another TCSP, in order to provide this to your clients to use themselves.
No supply chain is formed where you provide a relevant service directly to the end user, your own client. For example, where you provide the use of your address to your clients and only your clients make use of that registered office service.
It is not unusual for a TCSP to be part of a supply chain and there can be valid and commercially justifiable reasons for such chains. However, it can also be indicative of a higher level of risk. More detail on supply chain risks can be found in Part 3.
A supply chain can vary in its complexity and length and the risk posed will depend on multiple factors, including the number and nature of the intermediaries the service is provided through, as well as who are the end users of the service. The longer the supply chain, the greater the potential risk it poses, particularly where the chain involves several jurisdictions or a high risk third country.
Where there is a supply chain HMRC expects TCSPs to:
Understand who the other parties in the supply chain are.
Understand why they and others form part of the supply chain.
Understand who the end users of the service provided are and why they are requesting the service.
Establish which of those in the chain are their customer(s).
Conduct appropriate customer due diligence on their customer(s).
Be aware of the implications of exercising reliance under Regulation 39 of the Regulations (where appropriate).
Use the above understanding to assess the risk of providing the service being asked and of acting in a supply chain.
13. Who is the Customer in a Supply Chain?
For a TCSP, the provision of any relevant service to a customer constitutes a business relationship and requires appropriate customer due diligence to be conducted (see Section 10 Business Relationships in the TCSP sector). You will need to establish who your customer(s) is to ensure you conduct the appropriate level of due diligence on the right person(s)/entities.
Where you provide a relevant service directly to the end user, establishing who is the customer is much simpler; the end users are your customer, and they are who you have formed a business relationship with.
Where a supply chain exists, your customer may also include the clients of a TCSP/intermediary who are receiving the relevant service from you indirectly via other parties in the chain. You will need to consider if a business relationship has formed with those clients as well as with your TCSP/intermediary client and with other parties in the chain. This will depend on the type and amount of contact or dealings you have with the end users and other parties in the supply chain and may differ on a case-by-case basis; a risk-based approach should be applied.
The scenarios below are examples to illustrate with whom a business relationship may exist:
Where you provide a company formation service to an intermediary, for one of their clients, and you do not have any direct contact or dealings with their client.
In this example, the business relationship will exist between you and the intermediary as they will be your customer. It is unlikely that a business relationship may exist between you and the intermediary’s client(s). You have provided this service indirectly and had no direct dealings with anyone else. If, however, you were to begin providing this service to the intermediary’s client repeatedly, it is likely that a business relationship will also now exist between you and that client.
You provide the use of a registered office address to an intermediary, for their clients to use, and you may have contact or dealings with their clients such as forwarding mail to their clients’ address or arranging for mail to be collected by their clients.
In this example, it is likely that a business relationship exists between you and the intermediary’s client(s). You have provided this service indirectly, but you have had direct dealings with the end user.
You should take into account information provided by your customer (the intermediary) who provides your service to its own clients, and the relationship it has with its clients and any dealings or contact you have with its clients, when determining whether a business relationship has also formed between you and their clients.
Where you consider a business relationship has formed, you must conduct the appropriate level of customer due diligence. You may consider relying on another party in the supply chain to apply appropriate CDD measures on your customer(s), provided that you are not prohibited from doing so by the Regulations.
Please refer to Part 1 of this guidance for more information on appropriate CDD (AMLG11300), and Reliance on third parties (AMLG11410).
14. Reporting Suspicious Activity
For more information on reporting suspicious activity see Part 1 of this guidance.
See Part 1 of this guidance for some of the (non-exhaustive) factors to consider in deciding whether to submit a suspicious activity report. Below are some (non-exhaustive) factors to consider when deciding whether to submit a SAR specifically in relation to TCSP activity:
No apparent reason for a customer using a TCSP service - for example, there is no valid commercial reason to use a TCSP service or a request does not make any economic sense given what you understand about the customer. This includes where existing customers request changes to the TCSP services you provide, or additional TCSP services from you.
No apparent reason for a customer using your business’ services - for example, another TCSP is better placed to provide the service.
The customer appears to change service providers frequently, for example, engaging a series of TCSPs for nominee services over a shorter period of time than appears to be necessary, without valid commercial reason.
The customer is trying to use intermediaries to protect their identity or hide their involvement, particularly if the intermediary markets themselves as facilitating anonymity and disguised asset ownership.
Where the TCSP service provides for oversight of a customer’s operations and transactions, such as (but not limited to) provision of nominee director and shareholder services:
The size and frequency, or pattern of transactions or activity is different from the customer’s normal pattern or has changed since the business relationship was established.
Unusually large cash or foreign currency transactions.
The customer will not disclose the source of the funds or reasons for transfers between companies.
Unusual involvement of third parties, or large payments from private funds, particularly where the customer appears to have a low income.
There has been a significant or unexpected improvement in the customer’s financial position that the customer cannot give a proper account of.
Unusual source of funds or unexpected movement of funds into a company
The above factors, as well as those listed in Part 1 of this guidance, are not exhaustive and might not always indicate suspicious activity. However, HMRC expects to see that you have recorded the potential suspicious activity, your assessment of the risk and reasons why you have or haven’t submitted a suspicious activity report.
15. Further Sources of Guidance
The Financial Action Task Force (FATF) website provides guidance on the risk-based approach for TCSPs.
Businesses that provide both accountancy services (ASP) and trust or company services, and are supervised by HMRC, should follow the Consultative Committee of Accountancy Bodies (CCAB) guidance for ASP activities and refer to this guidance for TCSP activities. The CCAB guidance can be found online.
If you are supervised by a professional body, or the FCA, you should contact them directly.