AML Essential Kit - Client ID Verifications

ID verification is often automated and is easy to evidence. But we must be clear that CDD is more than just client ID verification. AMLGAS (produced by the Consultative Committee of Accountancy Bodies) is a useful resource of which most firms of accountants would be expected to be aware. Helpfully, it breaks down CDD into three components: Identification (and information gathering), Risk assessment and Verification (evidence gathering). The three components of CDD impact each other. In other words, when assessing the AML risk attaching to the client, you might feel you need to go back to gathering more information, or perform more rigorous verification work (as part of enhanced CDD).

For a firm of accountants, CDD is most commonly undertaken at the start of a business relationship. In that context, it is easy to see how CDD can help a firm to better understand the client, so that relevant employees can have expectations about the client’s activities and be more likely to notice unexpected – perhaps suspicious - activities. But the information gathered about the client needs to be verified, with evidence being gained from a reliable, independent source.

CDD requires a flexible approach in which questions are asked as they arise – as information is gathered - and verification is sought of the answers provided. Verification of the relevant information gathered about a client will always include ID verification, as criminals value obscurity and will, inevitably, try to conceal their true identity. Although the identification of corporate entities is also relevant, this section of the guidance focuses on verifying the identification of individuals, whether they be clients, beneficial owners, directors, trustees, or anyone else identified as significant within the information-gathering process.

What does the legislation say?

The verification requirements are set out within regulation 28 of MLR 2017. Wherever it requires information to be verified, it means it must be verified “on the basis of documents or information in either case obtained from a reliable source which is independent of the person whose identity is being verified”. It clarifies that any documents issued by an official body (such as a passport or driver’s licence) are deemed to be from an independent source, even if they are provided to the firm by the person whose identity is being verified.

With regard to the reliability of the source, regulation 28 explains how certain electronic identification processes may be regarded as being obtained from a reliable source. It states that the electronic identification process must be “secure from fraud and misuse and capable of providing assurance that the person claiming a particular identity is in fact the person with that identity, to a degree that is necessary for effectively managing and mitigating any risks of money laundering and terrorist financing”.

In itself, perhaps that is of limited help, particularly when it has proven difficult to verify the identity of the person by more traditional means, in which case the money laundering and terrorist financing risk may be assessed as higher. But a firm may, in fact, decide to use electronic verification as an element of CDD in all cases (and not only out of necessity or as a response to assessed risk). In any case, judgement must be exercised by the firm in evidencing that it is satisfied that the client’s identification has been suitably verified. In placing reliance on an online service provider, a firm must be satisfied that the evidence to be gained will be relevant, reliable and sufficient. In reaching its conclusion, it should ask itself a few questions:

• What sources does the system draw upon? (This must be a range of sources.)

• How up-to-date is the information to be gained from the provider? (This is dependent upon the online system itself, as well as the sources of information that the system interrogates.)

• Does the provider themselves have a system for checking the accuracy and relevance of the information being gathered?

The adequacy of all the evidence gathered to verify the identity of those concerned must be assessed on a case-by-case basis, in light of the client’s risk profile (including, of course, any lack of clarity concerning the ownership and control of the client). Of course, there are many means of undertaking CDD online, including searching the entire internet in innovative ways, using social networking platforms, maps (including street view), etc. But these are time-consuming. Therefore, in each case, you must be clear about the relevant, proportionate approach to undertaking CDD according to the assessed risk.

Learn more

The AML Essential Kit will guide you through everything you need to know, it covers:

• When to perform ID checks

• Reporting discrepancies

• Traditional methods of verification

• Digital methods of verification

• Sanctions screening

• Reliance on third parties

• Conclusion

View all the details and the full AML Essential Kit here - https://www.firmcheck.com/aml-essential-kit