ECSH63545 - Regulation 37 - Application of simplified customer due diligence
Catergory Heading | Description |
---|---|
The Law |
https://www.legislation.gov.uk/uksi/2017/692/regulation/37 |
What it means |
A relevant person may apply simplified customer
due diligence measures (SDD) in relation to a particular business
relationship or transaction, if it determines that it presents a low risk of
money laundering and terrorist or proliferation financing (ML/TF/PF). It is still required to comply with the requirements of Regulation 28 and 30A but may adjust the extent, timing or type of CDD it carries out - regulation 37(2) refers. Paragraph (3) of sets out areas which may be considered lower risk, such as: where the customer is a PLC or is supervised under the MLRs offering products and services which can’t be used to launder money whether the customer is resident, established or registered in a country with effective AML/CFT systems, low level of corruption or other criminal activity (such as terrorism, money laundering, and the production and supply of illicit drugs) based on credible sources, such as FATF evaluations or reports published by other international bodies (such as IMF, World Bank, OECD etc). It must still carry out sufficient monitoring of a business relationships or transactions to enable it to detect any unusual or suspicious activity (see 37(8)). It must not apply SDD if it suspects ML/TF/PF or that any ID documents it has obtained may be forged or fraudulently obtained, or if any factors shown within regulation 33 are present. |
Purpose |
To reduce the burden in applying CDD in the lowest risk circumstances. |
Time Line |
Regulation 13 MLR 2007. |
What to establish |
Does the relevant person/business carry out SDD measures? How has the relevant person arrived at the decision that there is a low risk of MLTFPF? Has it taken into account the risk assessments under regulation 16 (by the Treasury in the National Risk Assessment), regulation 17 (by HMRC in the sector risk assessments published on GOV.UK) or regulation 18 (the risk assessment carried out by the relevant person)? Has it followed published guidance? |
How to test compliance and evidence to obtain |
Review the business’ risk assessment – does it contain situations which are considered LOW RISK? If so, officers need to discuss what procedures are carried out and how the business arrived at the conclusion that the risk should be considered low. Review the external “understanding risk” documents for each sector and the National Risk Assessments. Any situations shown as medium or high risk will not be suitable for SDD. Review FATF evaluations or reports published by other international bodies (such as IMF, World Bank, OECD) to confirm that a certain country or situation is LOW RISK. |
Best Practice |
Where the business “Firm Status” is showing as an
Authorised Payment Institution (API) or registered small payment institution
(SPI), officers will need to check the HMRC MLR registers to ensure that the
business DOES appear therefore HMRC is the supervisor as a payment service
provider for the purposes of the Transfer of Funds Regulations (REGULATION
(EU) 2015/847 – Information of payer Transfer of funds regulations). Officers
will therefore need to determine whether the business complies with
Regulation 64 of the MLRs. If it DOES NOT appear on the HMRC MLR Register (or officers are needing to ensure that they don’t have dual supervision or require supervision by the FCA instead), officers will need to review the “Activities and Services” section of the FCA website to see whether the business provides any other services than Payment Services. For example the “Activities and Services” section may show dropdowns for Payments Services & E-Money, Banking, Insurance, Mortgages and Home finance, Consumer Credit, Pensions, Investments or Other Services (where the dropdown will open up to describe the other services provided). IF the “Activities and Services” section of the FCA website contains anything IN ADDITION to “Payment Services” the FCA is the supervisor for the purposes of the Transfer of Funds Regulations (REGULATION (EU) 2015/847 – Information of payer Transfer of funds regulations AND HMRC are not the business supervisor for these purposes. |
AMP | When dealing with another AMP subject to the MLRs, provided there are no other risk factors present, SDD may be appropriate. The AMP should confirm the other AMP is shown on HMRC’s supervised business register and that the information shown on Companies House is correct. |
ASP |
No
further sector specific information currently available. |
EAB |
SDD may be appropriate if the business can demonstrate that the customer
is low risk, this should be detailed in and supported by the businesses risk
assessment. For examples of customers that may be lower risk please see the EAB
Guidance. |
LAB |
See above and LAB Guidance. |
HVD |
As cash is high risk in the NRA and cash intensive businesses are a high
risk indicator under regulation 33, SDD is not appropriate. |
MSB |
It is rare that MSB’s will be able to conduct SDD, however in any
instances where they have applied SDD, officers will need to review the MSB
Risk digest for the limited instances where an MSB could undertake SDD. |
TCSP |
No
further sector specific information currently available. |
Further Reading | Regulation 18 toolkit |
FATF mutual evaluations | |
NRA 2020 | |
Supervised Business Register | |
FAQs |
Q:
I’ve reviewed a business’s written risk assessment which says all of its
clients are low risk. Does that mean it doesn’t have to carry out CDD? A: No – it is still required to carry out CDD on all of its customers, but it may reduce the number of checks it carries out. But first, you’ll need to make sure you agree with the business’s assessment by researching some of the products and services it supplies and checking where its customers are based. |