The below information is based on the results of our 2022/23 anti-money laundering monitoring reviews.
1. Updating customer due diligence
The most common finding from our 2022/23 AML monitoring reviews related to updating customer due diligence. Where we made this finding, firms were not performing, and updating, their customer due diligence throughout the duration of the client relationship.
2. Risk assessing clients
Our second most common finding is that firms have failed to perform a risk assessment of the client. Often, firms have focused on verifying the identity of the client without assessing the risk to determine the amount of evidence that must be obtained.
3. Customer due diligence on new clients
Customer due diligence (CDD) is a process of checks designed to identify, risk assess and verify your client to make sure they are who they say they are. We found that some firms don’t perform CDD on all their new clients.
4. Incomplete criminal record checks on BOOMs
We find that some firms haven’t yet obtained criminal record certificates for the beneficial owners, officers and managers (BOOMs) in the firm.
5. Review of policies, controls and procedures
We find that some of the firms we review haven’t performed a regular review of the adequacy and effectiveness of their policies, controls and procedures.
6. Reporting discrepancies in PSC register
A person with significant control (PSC) is someone who owns or controls a company. If firms identify a discrepancy between the information they gather while carrying out their regulatory obligations on their corporate clients and the information their client has provided on the PSC register, they must report that discrepancy to Companies House or HMRC. We find that firms do not have the required policies and procedures in place to record and report any identified discrepancies.
7. Firm-wide risk assessments
The risk-based approach underpins the MLR17 – firms should focus their resources on the services and clients that have the highest risk of money laundering. To determine how and where resources should be focused, firms must perform a risk assessment to understand the risk that the firm may be used to conceal or launder the proceeds of a crime.
The Money Laundering Regulations stipulate that a relevant firm must provide AML training to all staff and agents. Training ensures that staff/agents are aware of their suspicious activity reporting obligations and understand and how to comply with a firm’s AML policies.
9. No written procedures
We will ask to see firms’ written procedures that set out how they comply with the Money Laundering Regulations. Where firms have subscribed to a training provider manual, we will expect to see this tailored to the circumstances of the firm.
10. No AML supervisor
We automatically supervise our member firms through ICAEW’s Practice Assurance scheme. Where we find that a firm isn’t supervised, it is normally because the firm thinks it is an ICAEW member firm, but it isn’t.