ECSH53175 - Compliance checks during an estate agency business intervention
You should refer to ECSH33000 when considering how to test compliance with The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) during a compliance intervention.
The information below is supplementary and focuses on specific circumstances you may come across during a compliance intervention.
You should seek to understand all estate agency business (EAB) services (relevant activity) conducted by the business, as well as any other services it provides within scope of MLR 2017, such as letting agency business (LAB) activity. You must understand how the business has risk assessed each area of its relevant activity and how it manages and mitigates those risks.
The specific campaign will indicate whether record testing should be focused on one area, or if it should cover all regulated services conducted by the business. This can change between campaigns.
During the compliance intervention, the officer must consider the campaign-related risks found and they should consider those risks by understanding the business’s operating model and its services provided. The officer should also seek to understand how the business has risk assessed each of the five risk factors, and how it manages and mitigates those risks.
General money laundering, terrorist financing and proliferation financing risks for EABs can be found at ECSH53125.
Guidance
HMRC’s guidance for Estate and Letting Agency Businesses gives information to assist EABs in complying with their obligations under MLR 2017. This is available on gov.uk.
HMRC’s assessment of the money laundering, terrorist financing and proliferation financing risks relevant to the EAB sector (‘Understanding Risk and Taking Action for Estate Agent Businesses) is published here.
EABs must take these publications into consideration as part of their compliance obligations under MLR 2017. A compliance intervention to an EAB should therefore include establishing whether and to what extent it has considered these publications and followed their guidance. EABs should be expected to provide an explanation for any departure from this guidance.
Material information
A common occurrence seen at EAB interventions is where the EAB has failed to update its material information within the required timeframe. Therefore, officers should verify that the EAB’s registration information is correct, and that if material changes have been made, they have been accurately reported.
Material changes can include:
When a beneficial owner, officer, or manager changes – this can include compliance officers appointed under accordance with regulation 21(1) MLR 2017.
Change of the nominated officer.
The business starts operating from an additional branch.
The business starts providing a new service or stops an existing one.
The business changes its bank account.
Change of business premises address.
Provision of additional services e.g. trust or company service provider or accountancy service provider.
Further information can be found in ECSH47075.
Generic risk assessments or policy, controls and procedures documents
You may find that an EAB has purchased its risk assessment (RA) and policies, controls and procedures (PCPs) documents from one of a number of compliance businesses that operate in producing these for the EAB sector. These may be produced to you as evidence of compliance with MLR 2017. There is a risk that these types of documents can often be generic in nature and may not properly assess or mitigate and manage the specific risks to which the business is subject, as required by MLR 2017. For more information on checking RAs and PCPs see ECSH32625 and ECSH32650.
An EAB’s RA must be specific to the business itself and must take into account the risk factors listed under regulation 18 MLR 2017, along with covering all the relevant risk indicators within our external risk assessment.
They must also take appropriate steps to identify and assess the risk of proliferation financing in order to be compliant with regulation 18A MLR 2017.
Customer Due Diligence (CDD)
Regulation 4(3) MLR 2017 outlines that EABs are to be treated as entering into a business relationship with a buyer and seller. This regulation should be read in conjunction with regulations 27 and 28 MLR 2017 which set out CDD obligations of a relevant person. Section 6 of the EAB guidance provides detailed information on the specific checks that a business should consider implementing to demonstrate that satisfactory CDD and enhanced due diligence (EDD) measures have been conducted. A relevant person’s EDD obligations are set out in regulation 33 MLR 2017.
It is also necessary for an EAB to demonstrate that sufficient information on the property and transaction itself has been risk assessed in relation to possible involvement in money laundering, terrorist or proliferation financing activity. Once an assessment has been put in place, ongoing monitoring must be carried out to confirm that the risk has not altered or to identify changes which may warrant additional risk mitigation measures.
HMRC’s ‘Understanding Risk and Taking Action for Estate Agent Businesses’ document includes non-exhaustive lists of potential risk factors that EABs must consider when determining appropriate risk-based CDD measures.
Suspicious Activity Reports (SARs)
The Proceeds of Crime Act 2002 (POCA) creates an offence of failing to make a report of suspicious activity. This applies to nominated officers and employees of EABs. Under MLR 2017, a business must have PCPs in place requiring everyone within the business to comply with their obligations under POCA. If employees, including the employees of agents, know or suspect, or have reasonable grounds for knowing or suspecting, that another person is engaged in money laundering or terrorist financing and that information comes to them in the course of the business, they must make a suspicious activity report.
EABs must not assume, or rely on, another entity in a transaction (such as a solicitor or conveyancer, bank or another EAB) to submit a SAR.
Under MLR 2017 a regulated business must appoint a nominated officer to receive reports of suspicious activity from staff. The business’s nominated officer, or their appointed alternative, must consider all internal reports. The nominated officer must make a suspicious activity report to the National Crime Agency (NCA) as soon as it is practical to do so, even if no transaction takes place, if they consider that there is knowledge, suspicion or reasonable grounds for knowledge or suspicion that another person is engaged in money laundering, or financing terrorism.
The business must consider whether it needs to seek a defence against money laundering (DAML) or terrorist financing offence (DATF) (formerly known as a consent SAR) from the NCA before proceeding with a suspicious transaction or entering into arrangements.
EABs should retain copies of the SARs that they make, along with sufficient records to reconstruct any transaction.
Further detail can be found in ECSH33600.
You may also find it useful to view the EAB film ‘Closing Costs’ which can be found here.
Discrepancy Reporting
Regulation 30A MLR 2017 requires EABs to report material discrepancies regarding their customers to Companies House. A material discrepancy is when the information an EAB holds on a customer is significantly different to the information recorded by Companies House about a person of significant control (PSC) of a company, or a registrable beneficial owner of an overseas entity (e.g. a difference in name, date of birth or nationality).
Detailed information can be found here.
Training
All of the EAB’s relevant employees, including beneficial owners, should be assessed for their compliance with the training obligations under regulation 24 MLR 2017.
You may find that an EAB has purchased training material from one of several firms who either produce it for the letting or property sector or produce generic anti-money laundering (AML) training.
In all cases, EABs must maintain a record in writing of what training was undertaken, when the training was delivered, and to whom the training was delivered. Training must include how the EAB has made its employees aware of MLR 2017 and data protection laws and be appropriate for employees to be able to recognise and deal with transactions/activities/situations which may be related to money laundering, terrorist financing or proliferation financing.
Records
Along with the EAB’s RA, PCP and other relevant AML documents, officers must also request the EAB’s records of transactions, identity verification, and property ownership documents in order to assess its compliance with CDD obligations and record keeping obligations. Officers will need to ask to see the documents to verify that the business has been following its own risk assessment process, and abiding by its policies, controls and procedures.
It is reasonable in all cases, however, to ask to see evidence that the EAB has verified the identity of the buyer and/or seller as part of its CDD measures.
For more information on checking records, see ECSH33500.
General Data Protection Regulations (GDPR)
An EAB may have concerns that by keeping records relating to its customers for the periods and purpose as specified in MLR 2017, or by sharing records during a compliance visit, this may breach its GDPR obligations. In this case, the EAB should be referred to regulation 72(2) MLR 2017. Regulations 72(2) and (3) MLR 2017 provide that a business’ compliance in providing information pursuant to regulations 66, 69, 70, 74A or 74B MLR 2017 does not carry with it a civil liability for breaching GDPR obligations, nor does that provision of information automatically breach restrictions on the disclosure of information.