The CCAB has published the latest version of its Anti-Money Laundering Guidance for the Accountancy Sector, together with the Tax Appendix and the Insolvency Appendix, following the Treasury’s approval of all three documents.
The guidance was initially updated in September 2020 to reflect amendments made to the UK Money Laundering and Terrorist Financing Regulations 2017 (the 2017 Regulations). These regulations were amended in January 2020 to reflect the Fifth Money Laundering Directive (5MLD) from the EU.
The main changes for 5MLD are as follows:
- The requirement for members to report discrepancies in the People with Significant Control (PSC) register to Companies House.
- The requirement for firms to train ‘agents’ on client due diligence and how to identify and report suspicions of money laundering and terrorist financing; the CCAB interpretation of who should be considered an ‘agent’ for these purposes has been approved by the Treasury.
- The expansion of the scope of the regulations to include indirect provision of tax services.
- The enhanced due diligence that must be conducted when a client is connected to a high-risk third country.
- Clarification that electronic client due diligence systems may be considered a reliable method for client due diligence, subject to meeting certain conditions.
Key changes since 2020
Following Treasury review and approval, the guidance has now been amended as follows:
- The timeframe in which members must report discrepancies in the PSC register to Companies House has been defined as being as soon as reasonably practicable after the discrepancy is discovered, which would normally be within 15 working days (previously 30 days). This means that a business has the opportunity to discuss the potential discrepancy with the client to establish whether an inadvertent error has been made and will be corrected without delay. The outcome of any such discussion with the client will allow the business to conclude whether a material discrepancy exists and is reportable (paragraph 5.6.7).
- A strengthening from ‘should’ to ‘must’ for the following requirements:
- Firm-wide risk assessment – businesses must consider information from the business’s AML supervisory authority when conducting the firm’s risk assessment (paragraph 3.6.5).
- New services of products – businesses must have procedures that require any new service or product, including its characteristics, to be assessed for MLTF vulnerability and included within the firm-wide risk assessment (paragraph 3.6.9). It must respond appropriately to any new or increased risks (paragraph 4.6.13)
- New ways of working – before introducing new ways of working, consideration must be given to whether new controls, policies or procedures are required to mitigate the MLTF risk, for example, the introduction of additional monitoring or review controls (paragraph 3.6.10).
- Employee screening – businesses must consider the skills, knowledge, expertise, conduct and integrity of all relevant employees both before and during their appointment (paragraph 3.6.22).
- CDD (verification) – the original document, or an acceptably certified copy, must be seen, and a copy retained (Appendix B – client verification; paragraph B.1.2).
- CDD – where an individual is believed to be acting on behalf of another person, that person must also be identified (paragraph 5.1.9).
- CDD (when delays occur) – the business must still gather enough information to form a general understanding of the client’s identity so that it remains possible to assess the risk of MLT (paragraph 5.5.1).
- SDD – additional circumstances for when SDD provisions must be set aside, for example, veracity or accuracy of documents, suspicion of MLTF or where the business no longer considers there is a low risk of MLTF (paragraph 5.3.6).
- PEPs – appropriate risk management systems and procedures must be put in place to determine whether potential clients (or their BOs) are PEPs, or family members/known close associates of a PEP (paragraph 5.3.12).
- A review of law and regulations following the UK leaving the EU – particularly some requirements of the regulations relating to the EU lists. Businesses should refer to the list of high-risk third countries as per the MLTF (Amendment) (No. 2) (High-Risk Countries) Regulations 2021 and the HM Treasury Advisory Notice ‘MLTF controls in higher-risk jurisdictions’.
- The guidance also clarifies the wording around enhanced due diligence where a client or any parties to an occasional transaction are established in a high-risk third country or where there is a business relationship with a client established in a high-risk third country (paragraph 5.3.7).
Future changes to the guidance
The guidance will need to be updated in due course to include changes to the 2017 Regulations, which are anticipated to come into force later in 2022.