Money Laundering

The main aspect of Anti-Money Laundering controls is that a company must undertake identity checks for all individuals with whom they are establishing a relationship, as well as maintaining a level of confidence that the identity is genuine throughout the lifetime of the relationship. This is known throughout the industry as 'Know Your Customer' (KYC).

Currently failure to comply with any of the requirements of the Regulations constitutes a criminal offence, which is punishable by a maximum of 2 years imprisonment, or a fine or both. This applies whether or not money laundering has taken place.

Both the Proceeds of Crime Act and the Terrorism Act contain provisions concerning a "failure to report an event" i.e. any suspicious activity. Failure to report carries a maximum penalty of 5 years imprisonment therefore it is vital for all businesses to ensure that they have adequate procedures in place for detection and reporting of suspicious activity.

Identification Verification Methods

Traditionally companies have used documentary evidence, such as a passport or driving licence, as a way to confirm an individual's identity. This method has in the past been effective for face-to-face applications as any photographs on the documentation can be verified against the individual making the application. Unfortunately documentary evidence is becoming increasingly open to fraud, with false documents easy to obtain or generate either through personal contacts or over the internet. Companies also face the cost of training staff sufficiently to be able to identify false documentation as well as the cost of the time spent verifying documents with the source. In addition new methods of application, such as the internet are increasing the challenges to organisations to ensure adequate verification has been carried out.

In light of this, electronic verification offers a more efficient, robust and less costly method of verification.

The Joint Money Laundering Steering Group (JMLSG) has been producing Money Laundering Guidance Notes for the financial sector since 1990. In December 2001 the Guidance Notes were updated to recognize the powers of the Financial Services Authority (FSA) to make Rules in relation to the prevention and detection of money laundering.

The current Guidance Notes were published in January 2006 and provide new guidance on the prevention of money laundering and combating the financing of terrorism.

Callcredit's KYC Solutions

The 2006 JMLSG Guidance Notes have clarified the use of electronic checks as a sufficient form of verifying identity. The FSA have also shown their recognition of the benefits of electronic verification (see their report ID - Defusing the Issue found at http://www.fsa.gov.uk/pubs/other/id_report.pdf) Callcredit have developed KYC solutions, CallVerify and CallML, which offer retrospective and point of application verification, both of which have proved very effective in fulfilling an organisation's requirements under KYC. These products can be used in replacement of or in addition to documentary checks.

Callcredit's KYC products use a wide range of datasets including the full Electoral Roll, public data and summarised SHARE (Callcredit's financial information) as well as utilising external datasets such as the Bank of England terrorist file.

CallML

CallML is an online product for anti-money laundering checks, which produces an automated pass, decline or refer for each applicant. The pass criteria can be amended to reflect the risk associated with the type of application or product in line with the risk based approach to verification promoted by the FSA.

The CallML report will also display all information held on the individual as well enabling a record of any documentary evidence produced by the applicant to be input by the user. These features allow the organisation to keep a detailed audit trail of the identification evidence seen at the time of the search. In line with the requirements, CallML will remove from the automated decision any duplication of a financial data item found on our databases that matches the information provided on the documentary evidence. This ensures that the same original source of information is not used twice in the decision.

CallVerify

CallVerify is used for batch processing of retrospective customer verification. Using the principle of diminishing returns, data is passed through a series of data cleansing tiers to maximize the percentage of customer records successfully checked. Different levels of individual confirmation are given, based on the strength of the match as well as a unique score being attributed to every record.

For further information regarding Callcredit's KYC products please see the attached product information sheets.

• CallML
• CallVerify

Summary

On 1 September 2006 the 2003 addition of the JMLSG guidance notes was superseded by the 2006 guidance notes.

For more information please go to http://www.jmlsg.org.uk/

The main changes introduced by the 2006 Guidance Notes are the emphasis on senior management responsibility, the implementation of risk based approach to money laundering prevention, revised approach to customer identification, additional material on the legal and regulatory context and specific industry sector guidance.

The new Guidance Notes offer clearer confirmation regarding the use of electronic checks and their ability to fulfill anti-money laundering requirements. They also offer guidance to firms on the criteria they should look for when deciding which agency to use for electronic verification. It also covers the requirement on that agency to check a variety of accurate and reliable data sources as well as the ability to show a clear audit trail for the checks conducted by the firm.

There has been a complete overhaul for the requirements for non-personal customers in order to avoid trying to fit them in to a regime primarily designed for individuals. This will result in a reduction of the documents required, especially ancillary documents such as memorandums and articles of association. This should ease the bureaucracy for Small or Medium Enterprises (SMEs).

Part I of the new guidance notes is generic text and guidance that applies to all sectors of the industry. Part II sets out guidance tailored to particular industry sectors, but should not be read in isolation. In order to provide the context in which the guidance is given material on the legal and regulatory framework is included for the first time.

The changes allow firms to take a risk-based approach to their management of money laundering risk. This means focusing their resources on the areas of greater risk based on an agreed standard level of identification and ensuring that where appropriate they hold additional information about the customer and monitor their transactions and activity. This will hopefully deliver a balanced and proportionate response.

The FSA has indicated that in assessing a firm's compliance with the requirements of the FSA Money Laundering Sourcebook (ML) it will have regard to the relevant provisions of JMLSG guidance. The FSA have also confirmed a shift away from an emphasis on identification (ID) and record keeping to assessing the firm's compliance to their own procedures.

Aims of the New Guidance Notes

• To allow senior management to manage their money laundering and terrorist financing risks in a risk based way
• JMLSG has now emphasised senior management responsibility for money laundering risk and offers guidance on how this responsibility might be discharged under a risk based approach.
• Senior management must therefore be fully engaged in the decision making process and must take ownership of the risk based approach since they will be held accountable if the approach is inadequate. Provided the assessment of the risks and the selection of mitigation procedures have been approached in a considered way, all relevant decisions are properly documented and the firm's procedures are followed, the risk of reproach should be minimised.
• To focus the resources employed in anti money laundering and combating terrorist financing on the areas in each firm that carry the higher risk
• There has previously been a potential to require that all customers prove that they are not a money launderer before they can be accepted. The approach has now changed to allow the firm to manage it's risks on the basis that most customers are not money launderers and to graduate its approach to identity verification in accordance with the risk the firm assesses each customer to present. It would allow the demands on lower risk customers to provide documentation to be reduced.
• Steps needed to develop an money laundering risk based policy;
  • To identify the potential risks in the sector to which the firm operates
  • To assess the actual risks presented by that firm's customers and products
  • To design and implement controls to manage these actual risks
  • To monitor and improve the effective operations of these controls
  • To keep appropriate records of what has been done and why
• To enable the guidance to be tailored to firms in different business sectors
• There are general principles which are relatively easy to interpret but which work out differently in their application in different sectors of the industry. The revision therefore sets out to provide guidance that each sector can find relevant and helpful to its participants in a practical sense. Many firms will only be concerned with one or two sections in Part II. (See Part II pages 5 - 11 for Retail Banking and pages 15 - 20 for Credit Cards)
• To allow firms to make better use of modern technologies
• JMLSG believes that subject to carefully assessed controls firms should be encouraged to make greater use of electronic verification as this is transparent to the customer and can reduce the requirement to produce paper based documentation whilst at the same time providing a significant level of assurance as to the customers identity. Knowing enough about the customer and their business and monitoring transactions and activity are just as important as confirming his identity.
• To be verified electronically a firm should use, as a base, the customer's full name and address and where possible the date of birth.
• When considering a supplier for electronic checks a firm should be satisfied that the information provided by that data provider is considered to be reliable and accurate. This judgment may be assisted by considering whether the provider meets the following criteria:
  • It is recognised through registration with the ICO to store personal data
  • It offers services which use a wide range of quality data sources that can be called upon to link applicants to both current and historical data sources
  • It utilises negative screening services such as databases relating to identity fraud and deceased persons
  • It has a transparent process that enables the firm to know what checks were carried out and what the results of those checks were
  • It has a process that allows the enquirer to capture and store the information they used to verify the identity
• Electronic data sources can provide a wide range of confirmatory material without involving the customer. Firms may wish to employ electronic checks either on their own or in conjunction with documentary evidence
• If non-face to face/higher risk it still remains that an extra check is required this can be documentary, electronic or a combination of both. This check may consist of a robust anti-fraud check that firms routinely undertake. Alternatively the firm may communicate with the customer at the verified address. (See Part I pages 61 - 63 for additional measures to mitigate higher risk)
• Consent from the customer is not required for a stand alone money laundering check but notification should be given in your Fair Processing Notices
• If your money laundering check forms part of a credit check then consent is still required
• To reduce the demands for several pieces of documentation on most customers reflecting the likelihood that most customers are not money launderers or terrorists
• Identification procedures imposed on customers should take account of the money laundering risk that particular customer presents. It is therefore important to manage money-laundering risk in a way that is consistent with minimising the inconvenience caused to customers while at the same time allowing the firm to meet its obligations.
• JMLSG seeks to establish this at least in face-to-face situations through use of a single document verification of an individual. Such a document however has to carry a high level of reliability in its issue and the checks carried out by the issuer. Where such a document is not available the standard calls for a second supporting document again with an appropriate level of reliability. Much reliable information about individuals is held electronically. It is important that access to information about individuals is carefully controlled; the revision of the guidance promotes the use of electronic verification recognising that this is now an established medium subject to well established regulatory protections.
• If identity is to be verified from a document it has be an original government issued document which incorporates;
  • The customers full name and a photograph and;
  • The residential address or;
  • The date of birth
• Acceptable documents which contain a photograph are:
  • Unexpired passport
  • Unexpired photo card driving licence
  • A national identity card
  • Firearms certificate or shot gun licence
  • Identity card issued by the electoral office for Northern Ireland
• Acceptable documents which do not contain a photograph are:
  • Unexpired (old style) driving licence
  • Recent evidence of entitlement to a state or local authority funded benefit, tax credit, pension, educational or other grant

    (For other information on non standard documents to be used see Part I pages 63- 66. See Part II Retail Banking for financial exclusion cases)

• If it is a government issued document without a photograph which incorporates the customer's full name this must be supported by a second document, either government issued, issued by a judicial authority, a public sector body or authority, or another regulated firm in the UK financial services sector, or in a comparable jurisdiction which incorporates:
  • The customers full name and either
  • The residential address
  • or the date of birth
• JMLSG has reviewed the position of firms within the legal framework and proposes that there should be greater recognition that many customers have already had their identity checked by other firms in the financial sector. This revised guidance therefore extends the ability to take account of other firms' identification procedures where this is justified and relevant.