Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.
Record keeping, disclosure and compliance
Record-keeping and disclosure requirements
What record-keeping and disclosure requirements apply to companies and relevant individuals under the anti-money laundering, terrorism financing and fraud legislation?
In addition to the requirements of data protection law of general application in the United Kingdom, businesses in the regulated sector (which include financial institutions, accountants and most lawyers) are subject to specific obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. These include requirements to keep records for a specified period (Regulation 40) subject to data protection safeguards (Regulation 41).
What internal compliance measures are required and/or advised for companies in relation to the anti-money laundering, terrorism financing and fraud legislation?
The obligations of the regulated sector under the regulations also include requirements to:
- conduct a risk assessment (Regulation 18);
- establish and maintain policies, controls and procedures (Regulations 19 and 20); and
- train employees (Regulation 24).
Depending on the size and nature of the business, an individual or entity in the regulated sector should also consider appointing a compliance officer, screening relevant employees and establishing an independent audit function (Regulation 21).
Increasingly, businesses both within and outside the regulated sector that have operations in the United Kingdom are advised to conduct a risk assessment and establish proportionate policies and procedures in order to manage the risks created by various legislation related to money laundering, terrorist financing and fraud, as well as related areas such as:
- bribery (noting the offence of failing to prevent bribery in Section 7 of the Bribery Act 2010);
- sanctions (noting the broadened reporting requirements in the European Union Financial Sanctions (Amendment of Information Provisions) Regulations 2017); and
- tax evasion (noting the offences of failing to prevent the facilitation of UK or foreign tax evasion in Part 3 of the Criminal Finances Act 2017).
What customer and business partner due diligence is required and/or advised for companies in relation to the anti-money laundering, terrorism financing and fraud legislation?
The regulations also require regulated sector businesses to conduct customer due diligence (CDD) in certain circumstances (under Regulations 27-32), which in some cases must be enhanced (Regulations 33-36) and in other cases may be simplified (under Regulations 37-38). For example, CDD must be enhanced where the customer is a politically exposed person, or a relative or known associate of a politically exposed person, on which the published guidance of the Financial Conduct Authority (FCA) is useful. Again, increasingly, businesses outside the regulated sector may also be advised to conduct CDD on their customers and partners in order to manage risks under the Proceeds of Crime Act and other legislation.
Click here to view full article.