MLR1PP7300 - Penalties guidance: related breaches under MLR 2017: fundamental requirements
Breaches under MLR 2017 will in general fall into several groups of related breaches.
Fundamental requirements
These are fundamental requirements for having effective anti-money laundering controls in place:
- Regulation 18 - failure to identify and assess the risks of money laundering and terrorist financing a business is subject to and to take account of information provided and risk factors
- Regulation 18(4) -failure to keep an up to date record in writing of the risk assessment
- Regulation 18(6) - failure to provide the risk assessment when requested
- Regulation 19 - failure to establish, maintain, review, update, keep a record in writing and communicate the policies, controls and procedures to mitigate and manage the risks identified in the risk assessment
- Regulation 20 – failure to apply policies, controls and procedures to subsidiaries and branches in and outside the UK
- Regulation 21(1) – failure to appoint a compliance officer, screen relevant employees and establish an independent audit function
- Regulation 21(3) - failure to appoint a nominated officer,
- Regulation 21(4) - failure to notify the identity of and changes to the compliance and nominated officer
- Regulation 21(5) – failure to consider internal disclosures of suspicion
- Regulation 21(7) – failure of an electronic money issuer to appoint an individual to monitor and manage compliance with policies, controls and procedures
- Regulation 21(8) - failure to establish and maintain systems which enable it to respond fully to enquiries from law enforcement officers
- Regulation 22 – failure of an electronic money issuer or payment service provider to appoint a central contact point in the UK when requested
- Regulation 26(4) failure of a relevant person to take reasonable care that no-one is appointed, or acts in a capacity that requires approval, without being approved
- Regulation 26(5) – failure of a sole practitioner requiring approval to be approved
- Regulation 26(10) - failure of a relevant firm to inform HMRC of a conviction for a relevant offence within the specified time
- Regulation 40 - failure to keep the required records and provide them when required
- Regulation 41 - failure to provide customers with the required information in relation to data protection
- Regulation 78(5) - failure of a relevant person to take reasonable care to ensure that a prohibited person does not act in a management role
Fundamental customer due diligence measures:
- Regulation 27 - failure to apply customer due diligence measures when required.
- Regulation 28(2) - failure to identify and verify the customer and assess the purpose and intended nature of the business relationship or occasional transaction
- Regulation 28(4) - failure to identify and take reasonable measures to verify the identity of the beneficial owner
- Regulation 28((8) failure to keep records of steps taken to identify the beneficial owner of a corporate body
- Regulation 28(10) - failure to identify and verify a person acting on behalf of the customer and to verify their authority to act
- Regulation 28(11) - failure to conduct ongoing monitoring of a business relationship
- Regulation 28(12) - failure to take account of the risk assessment and level of risk when taking customer due diligence measures
- Regulation 30 - failure to comply with the requirements on timing of verification Regulation 33 - failure to apply enhanced due diligence and enhanced ongoing monitoring where required
- Regulation 35(1) – failure to have appropriate risk management systems and procedures to determine whether a person is a politically exposed person (PEP) or a family member or known close associate of a PEP and to manage the enhanced risk of the business relationship or transactions
- Regulation 35(5) – failure to take additional measures in relation to a PEP
- Regulation 37 - failure to apply simplified due diligence appropriately taking account of the risk assessment, information provided to it and the risk factors
- Regulation 39(2) - failure to use reliance appropriately and to obtain the customer due diligence information from the person relied on and to enter into arrangements as required