This helpsheet has been issued by ICAEW’s Technical Advisory Service to help ICAEW members carry out Client (Customer) Due Diligence (CDD).

CDD is the process by which the identity of a client is established and verified. There are no strict rules on what can be used for CDD but ICAEW members should apply a risk based approach and be flexible in what they request depending on the circumstances.

Members may also wish to refer to the following related helpsheets and resources:

• CCAB Anti-money laundering guidance for the accountancy sector
• ICAEW client screening service
• Document retention
• Money laundering regulations compliance review checklist
• Electronic client due diligence

The following questions and answers are designed to help with some of the more common questions on CDD. If you need further advice please contact the ICAEW Ethics Advisory Service on +44(0)1908 248 250.

1. What if I haven’t met the client face to face?

If you do not have a face to face relationship with the client you will need to consider the implications for your risk assessment (see appendices B and D of the CCAB guidance). In these circumstances we suggest you request an original or certified copy of photo ID and an additional piece of evidence. Alternatively, it may be possible to make use of an appropriate electronic identification process (see Q12).

If no photo ID is available you will need to consider what (and how much) alternative evidence might be appropriate, depending on your risk assessment of the client. Alternative evidence might include a utility bill, HMRC correspondence, bank statement etc.

2. My client is elderly and lives in a care home with no photo ID or utility bill. What can I accept for CDD?

If no photo ID is available, and you have assessed this client as normal risk you may determine that you can accept non-photo ID, proof of address (care home) and an additional piece of evidence (e.g. current bank statements, letter from doctor addressed to client at the care home, documents from HMRC, pension letters/documents).

3. What do I need to do in terms of client due diligence for overseas clients?

The geographical area in which your client operates will have been considered during your overall risk assessment but not meeting face to face may also increase risk (see Q12).

You can use an appropriate electronic identification process for clients you have not met face to face (ee Q12 and the helpsheet Electronic client due diligence).

Alternatively, you could accept a certified copy of the client’s passport as evidence but you would also need an additional piece of evidence as well. We recommend that certification is by a person in the permitted category for reliance e.g. a professional lawyer, auditor, external accountant, insolvency practitioner or tax advisor regulated for anti-money laundering (see 5.4.15 of the CCAB guidance).

4. Does the location of my overseas client impact the CDD I carry out?

The geographical area in which your client operates will have been considered during your overall risk assessment.

Under the regulations you must apply enhanced due diligence (EDD) if either you or your client is established in a high-risk third country. This EDD must include:

• obtaining additional information on the client and on the client's beneficial owner;
• obtaining additional information on the intended nature of the business relationship;
• obtaining information on the source of funds and source of wealth of the client and of the client's beneficial owner (see Source of wealth factsheet);
• obtaining information on the reasons for the transactions;
• obtaining the approval of senior management for establishing or continuing the business relationship;
• conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination.

Being established in a country means:

• in the case of a legal person, being incorporated in or having its principal place of business in that country, or, in the case of a financial institution or a credit institution, having its principal regulatory authority in that country; and
• in the case of an individual, being a resident in that country, but not merely having been born in that country.

5. Are there special requirements for politically exposed persons (PEPs)?

A PEP is an individual entrusted with prominent public functions, other than as a middle-ranking or more junior official. A list of prominent public functions is included in the glossary to the CCAB guidance.

Additional requirements apply to PEPs, family members of PEPs and known associates of PEPs including a requirement to carry out enhanced due diligence (EDD) and adequate measures to establish sources of wealth and funds (see Source of wealth factsheet).

Each PEP, family members of PEPs and known associates of PEPs must be considered individually and EDD applied on the basis of the risk associated with the PEP. Approval of senior management is needed before entering into or continuing a business relationship with a PEP and enhanced monitoring must be carried out during the relationship.

An individual must also continue to be treated as a PEP for at least 12 months after they cease to hold a prominent public function but this requirement does not apply to family members or known close associates of PEPs.

Further information is available in paragraphs 5.3.11 to 5.3.25 of the CCAB guidance.

Due to these additional requirements, and in order to assess the risk, it is important to identify PEPs. Electronic measures (such as those explored in the Electronic client due diligence helpsheet) may assist with this.

6. Our client is a charity with six trustees, do we need to complete client due diligence on all of them?

You would need to identify who the trustees are and, as they will all exercise control, it would be sensible to verify all of them. If anyone else has control or influence over the finances of the charity you will need to consider whether to identify and verify them as well. You also need to consider what client due diligence is needed in relation to the beneficiaries, the settlor and any other individual with control over the trust.

7. What do I need to do in terms of client due diligence if the client is under 18?

Although there is nothing explicit in the CCAB guidance about identification and verification of children the following are some sources of information that might be used for verifying the identity of minors:

• Birth certificate
• Passport (if held in their name and signed)
• HMRC correspondence
• Confirmation of address from school register
• Reliance on another equivalent professional – e.g. solicitor

8. What do I need to do in terms of client due diligence if approached by someone exercising a power of attorney?

CDD would need to be completed on the individual exercising the power of attorney (the representative of the client) and also the person they are exercising that power on behalf of (the client). As you may not meet the client face to face you would require photo ID and an additional piece of evidence or non-photo ID, proof of address or date of birth and an additional piece of evidence (or you may consider electronic verification means – see Q12).

You can check the validity of the power of attorney for LPAs registered in England and Wales using the free Find out if someone has an attorney or deputy acting for them facility of the Office of the Public Guardian. A new service is also available for LPAs registered in England and Wales on or after 17 July 2020. The donor or an attorney can provide the LPA access code which can then be used with the view a lasting power of attorney service to access the information about the LPA.

9. We have been asked to act for a firm of solicitors, do I still need to do client due diligence?

Yes, the same risk based approach should apply as for any other client. However if the solicitor is subcontracting work on their own clients’ affairs to you then you would also need to consider the underlying party (5.4.9-5.4.10 of the CCAB guidance). Don’t forget that in these circumstances, subject to their written agreement, you may be able to rely on the CDD undertaken by the solicitors (5.4.1-5.4.7 of the CCAB guidance).

10. A local accountancy practice is closing and we are taking over a number of their clients. Can we rely on the client due diligence that they completed?

You may rely on certain third parties’ client due diligence, subject to their written agreement, but you should be cautious as you will remain liable for any failure to comply with the regulations (5.4.1-5.4.7 of the CCAB guidance). The person you rely on would need to be a member of the regulated sector in the UK or subject to an equivalent regulatory regime (5.4.2 of the CCAB guidance).

You must still carry out a risk assessment and will need to obtain copies of all relevant documentation. You will also need to enter into a written agreement that confirms that the firm/individual being relied on will provide the relevant documentation immediately on request. The CDD documentation will need to be retained by both the closing practice and the new practice, and will need to be updated as part of your ongoing CDD.

11. Do I need to carry out client due diligence on someone I have known personally for a long time?

Yes you still need to carry out CDD. Part of your verification process could, however be based on your own personal knowledge of the client. You might for example make a note that you have known the client for X years and have visited the client at their home address (thereby verifying the address). You may also wish to take advantage of electronic checks (see Q12).

12. Can I rely on electronic client due diligence checks?

Although not mandatory, electronic checks may be used to assist with CDD. Specifically they may be used as part of:

• Risk assessment;
• Identification; and/or
• Verification.

When using electronic databases, care should be taken to ensure they:

• Draw on multiple sources;
• Check those sources across a period of time;
• Have control mechanisms to ensure the quality and reliability of data; and
• Are accessible (users need to be able to access and download/store results of searches – contracts with providers should be read carefully to ensure this).

However, please be aware that some databases only check sanctions lists for politically exposed persons (PEPs).

Where an electronic identification process is used to verify an individual’s identity, the information may be regarded as obtained from a reliable source which is independent of the person whose identity is being verified where:

• The process is secure from fraud and misuse; and
• Is capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity.

In such cases, you may not need to ask for other forms of identification. This would be on a risk assessment basis and, if the client was deemed high risk, you may wish to consider additional checks.

Guidance on using electronic checks is given in paragraphs 5.4.17 and 5.4.18 of the CCAB guidance and in the helpsheet Electronic client due diligence.

13. How long should I retain client due diligence checks for existing and former clients?

All records created as part of the CDD process must be retained for five years from the end of your business relationship (3.6.18 of the CCAB guidance ). You may also wish to consult our helpsheet Document retention.

14. Should I carry out CDD checks on all my clients every 12 months?

There is a requirement to carry out ongoing CDD and to keep it up to date throughout the business relationship to understand client activities. How often checks are carried out will depend on the level of risk associated with the client. The need to update CDD will also be prompted by such events as a change in the client’s structure, appointment of new directors, changes in ownership, change in the client’s business activity or start of a new engagement (5.2.5-5.2.8 of the CCAB guidance).

The ICAEW Library and Information Service provides a client screening service to check names of individuals or entities against global risk and compliance data to identify restricted, sanctioned, prohibited and high risk individuals and businesses (it does not verify a client’s identity). This service is free to ICAEW members and ACA students (subject to a maximum of three free name checks per week).

ICAEW members, affiliates, ICAEW students and staff in eligible firms with member firm access can discuss their specific situation with the Technical Advisory Service on +44 (0)1908 248 250 or via webchat.