ECSH53150 - What would you expect to see on a compliance intervention at an estate agency business
An estate agency business (EAB) can range from a traditional high street estate agent with a few staff, to online-only EABs with no dedicated premises for customers, to large corporations with multiple offices and thousands of staff. EABs are located all over the UK.
Businesses that operate online, and their only registration address is a virtual office or registered office leads to increased risk. If they don’t have a premise at which to meet their customers face to face, it increases the risk of fake documents being used for ID verification as part of their CDD measures.
The EAB sector is relatively diverse and can differ depending on the sub-sector that the EAB is trading in – for example, there are boutique firms that only deal in super-prime, or auctioneers that specialise in repossessed homes.
The operating times for EABs vary based on the business in question. Most operate 9-5 on weekdays, but many residential EABs open on the weekend to facilitate viewings.
How are EAB customers engaged and communicated with?
EAB customers can be geographically spread due to the nature of the property market, the rise of online-only EABs, and the use of property portals and search engines.
The vast majority of initial contact between EABs and their customers is done online for property buyers, usually through the EAB’s website, through a property portal, or by phone.
Traditional high street estate agents will still receive engagement by customers visiting and passing by their physical premises.
Sellers are most likely to use EABs local to them, online EABs that usually have lower prices, or niche EABs that deal exclusively with their property type.
It is important to note that different types of EAB also have an impact on how customers are engaged with, with this in turn impacting their risk factors needed to be assessed under Regulation 18 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017).
EABs must have assessed all of the risk factors, including those of their delivery channels, including whether or not their customers are met face to face. Not meeting customers face to face would have a higher risk, so EABs are expected to have identified and mitigated this risk as part of their risk assessment.
Where do EAB customers live?
EAB customers range dramatically, including first time buyers, families, wealthy overseas individuals, property investors, and commercial customers. Their location differs due to the nature of property market – customers will not always be local to the EAB and often will be from overseas.
Some EABs are niche and only cater to specific sub-sectors of the market – such as those specialising in high end “super-prime” property. Their customers are more likely to live in more expensive areas – such as central London, Cheshire, and parts of the south coast.
EABs must have taken the appropriate steps to identify and assess the risk of their customers and the countries or geographic areas in which they operate, and where their customers are from.
What type of records are kept?
EABs have an obligation under regulation 40 MLR 2017 to keep a copy of any documents and information obtained to satisfy their CDD obligations.
They must also keep sufficient supporting records (consisting of the original documents or copies) in respect of a transaction which is the subject of customer due diligence measures or ongoing monitoring to enable the transaction to be reconstructed.
MLR 2017 does not specify the medium in which records should be kept, but they must be available immediately on request by HMRC. It is essential that an EAB has an efficient record keeping process in place, as you will need to review business records to firstly understand how the business operates and what paperwork is created during a sale or purchase.
What types of systems and software do EABs use?
Software is available that can be used to support tasks an EAB may undertake, for example to store and manage records, and can be held in customer relationship management systems. There are also systems which are marketed as aiding a business’ compliance with MLR 2017.
Any business using computerised records will typically have a backup process, so that records can be retrieved in the event of a data loss. This may be cloud based or the EAB may have physical hard drives. The use of any software/system which aids an EAB with its CDD, record keeping and/or any other obligations under MLR 2017 should be fully understood by the EAB, including its limitations, and the EAB should be able to explain this to a compliance officer on a visit.
Any failures or limitations of the systems or software an EAB uses to assist it in complying with MLR 2017, remain the responsibility of the EAB.
Use of systems and software depend on the EAB in question. Some EABs will still use physical and paper files.
EABs operating in multiple sectors
In many cases EABs will also be a Letting Agency Business (LAB), due to the similar nature of these sectors. However, some EABs specialise in only estate agency work and do not offer LAB services. In addition, some EABs may operate in other supervised sectors such as the Trust or Company Service Provider (TCSP) sector. For example, the business may combine a property transaction with the formation of a legal entity for its customerin order topurchase the property.
If an EAB provides TCSP services, it must also be registered for TCSP supervision under MLR 2017.
The combination of multiple supervised services will increase the risk that the business can be used, or exploited for the purposes of money laundering, terrorist financing or proliferation financing. The increase in risk to the EAB’s business model should then be factored into their risk assessment and be included within the business’s assessment of risk of its services and delivery channels.
For more information on EABs operating in multiple sectors see ECSH55200.
Third Party Compliance Companies
There are many third-party compliance companies that operate within the EAB market that can help EABs comply with their obligations under MLR 2017. What they provide differs depending on which company they use and what level of service they pay for. Some will offer training and help draft risk assessments and policies, controls and procedures, and some conduct sanctions checks. Some will provide a report on a customer, which could show a colour risk score or ticks and crosses for the checks completed.
EABs cannot use third party Digital Verification Services (DVS), to undertake CDD checks, unless they meet the criteria below. It is important to note that the business is responsible for having the relevant CDD paperwork. Any reports provided must be examined by the business, who will then need to decide if any further action needs to be taken to ensure they have met the CDD requirements under the regulations.
Additional information regarding EABs and EAB risk and compliance visits is contained in section ECSH53175 and compliments this page of the handbook.
Digital Verification Services (DVS)
EABs will need to ensure that any digital ID verification companies they use are certified against the UK digital identity and attributes trust framework and on the DVS register, in line with HMT guidance.
Digital identity services which are certified against the trust framework and on the DVS register are a reliable and independent source of information, with an appropriate level of anti-impersonation assurance, and can be used by EABs as part of their customer due diligence processes. Digital verification services which are not certified and therefore not on the DVS register cannot reliably be deemed suitable for identity verification in compliance with MLR 2017.