CDD and Enhanced Due Diligence under MLR 2017

CDD and Enhanced Due Diligence under the Money Laundering Regulations 2017

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (SI 2017/692) ("MLR 2017") impose obligations on solicitors as "relevant persons" in the regulated sector.

When CDD is Required (reg. 27 MLR 2017)

• Establishing a new business relationship.
• Carrying out an occasional transaction worth €15,000 or more (or linked transactions totalling €15,000 or more).
• There is suspicion of money laundering or terrorist financing.
• There is doubt about the veracity or adequacy of previously obtained identification information.

Standard CDD Measures (reg. 28 MLR 2017)

1. Identify the client and verify identity on the basis of documents, data or information from a reliable, independent source.
2. Identify the beneficial owner (UBO) — for a corporate body, individuals who ultimately own or control more than 25% of the shares or voting rights, or who otherwise exercise control (reg. 5 MLR 2017).
3. Assess and understand the purpose and intended nature of the business relationship.

Simplified Due Diligence (reg. 37 MLR 2017)

Permitted where the firm's risk assessment concludes that the business relationship or transaction presents a lower degree of risk (e.g., listed companies on a regulated market, UK public authorities). Cannot be applied where there is any suspicion of money laundering or terrorist financing (reg. 37(4) MLR 2017).

Enhanced Due Diligence (EDD) (reg. 33 MLR 2017)

Mandatory in higher-risk situations, including:

• Politically Exposed Persons (PEPs), their family members and known close associates — reg. 35 MLR 2017.
• Transactions involving high-risk third countries designated by HM Treasury under reg. 33(3) MLR 2017 (HM Treasury publishes the list; the FCA designates countries for its own supervised sector but the MLR 2017 designation power rests with HM Treasury).
• Any other situation assessed as higher risk under the firm's risk assessment (reg. 33(1)(e) MLR 2017).

EDD measures include: obtaining additional information on the client and on the source of funds and wealth; obtaining senior management approval for the relationship; and conducting enhanced ongoing monitoring (reg. 33(5)–(6) MLR 2017).

Timing of Verification (reg. 30 MLR 2017)

Verification must ordinarily be completed before establishing the business relationship or carrying out the transaction. It may exceptionally be completed during the establishment of the relationship where this is necessary not to interrupt the normal conduct of business and there is little risk of money laundering or terrorist financing — but it must be completed as soon as practicable thereafter (reg. 30(3) MLR 2017).

Common Traps

• The €15,000 threshold applies only to occasional transactions — there is no monetary threshold for CDD when establishing a new business relationship.
• Simplified DD does not mean no DD; it means CDD measures applied to a reduced extent proportionate to the lower risk.
• A PEP continues to be treated as a PEP for at least 12 months after leaving the prominent public function, and ongoing scrutiny must continue for as long as the risk warrants (reg. 35(4) MLR 2017).
• Failure to apply CDD when required means the firm must not establish the relationship or carry out the transaction, and must consider whether to make a Suspicious Activity Report under s.330 Proceeds of Crime Act 2002 (reg. 31(1)–(2) MLR 2017).

Exam tip: Match the trigger (new relationship / occasional transaction / suspicion) to the correct level of CDD. EDD for PEPs and high-risk third-country transactions is mandatory, not discretionary.