Technical helpsheet which aims to help ICAEW members carry out electronic client due diligence.
This helpsheet has been issued by ICAEW’s Technical Advisory Service to help ICAEW members use electronic resources as part of carrying out client due diligence (CDD).
Members may also wish to refer to the following related guidance and helpsheet:
What is electronic client due diligence
Electronic client due diligence (CDD) includes the use and analysis of electronic databases and open source information to know your client, as well as using electronic sources for identity, verification and other checks. The decision to use electronic resources should be made in the context of the firm’s risk based approach.
Depending on the electronic resources used, they can help with all three stages of CDD:
- At the identification phase electronic resources may help with the gathering of information about a client’s identity and, where the client is an organisation, the identity of anyone who ultimately owns or controls the client (beneficial owners).
- At the risk assessment phase electronic resources may be used to help determine the amount of evidence needed to verify identity. No matter what systems, services and sources are used, an AML risk assessment based on the information gathered must be carried out.
- At the verification phase electronic resources may be used to assist in validating (with independent, authoritative sources), that the identity is genuine and belongs to the claimed individual or entity.
Online know your client resources
The following are some examples of tools available to members that may be used to gather information about a client, which can then be used to inform a risk assessment.
ICAEW client screening service
The ICAEW Library and Information Service provides a client screening service to check names of individuals or entities against global risk and compliance data to identify restricted, sanctioned, prohibited and high risk individuals and businesses (it does not verify a client’s identity). This service is free to ICAEW members and ACA students (subject to a maximum of three free name checks per week).
Open source databases and online tools
There are a wide variety of online databases (some free, some chargeable) which may be used as part of information gathering and, in some cases, verification. Each system will vary, so it is important to understand exactly what is being searched and what the results of the search mean (e.g. would the search identify whether an individual is a politically exposed person (PEP)).
Databases such as the Offshore Leaks Database published by the International Consortium of Investigative Journalists (ICIJ) may aid in identifying beneficial owners of offshore companies, foundations and trusts.
Searches of the Register of Companies (Companies House) or overseas registries, as applicable, may assist in information gathering and verification for corporate bodies, although firms must not rely solely on information contained in a register of people with significant control when identifying and verifying beneficial owners.
Reverse image searches
When trying to put a name to a face, a reverse image search may be useful. These allow a user to put an image into the search box rather than a description of what they want to search for. There are a number of free reverse image search providers, including Google.
These internet based search engines search for connections between search criteria including individuals and entity names. Cluster analysis (also called segmentation analysis) tries to identify structures within the data, finding connections that may not have been previously known or not obvious. This may be useful in trying to identify connections between individuals and entities or between entities themselves, for example you may have concerns about an individual’s other business interests.
Social media searches
Scanning social media profiles for posts or profile information associated with a person might provide useful insights unavailable elsewhere or highlight inconsistencies in the information gathered. Social media may provide useful evidence of business activity, for example marketing on social media can help verify products and services offered by the business.
Adverse media searches
This involves searching public data sources (in its simplest form, search engines) for negative news associated with an individual or company. Negative news search strings may be used to carry out searches on an entity or an individual such as:
Name AND bribe OR corruption OR court OR conviction OR crime OR fraud OR money laundering OR sanctions OR terrorism, etc.
These can also be modified using wildcard searches (where you replace the suffix of a particular search term with an asterisk):
Name AND bribe* OR corrupt* OR court* OR convict* OR crim* OR fraud* OR money launder* OR sanction* OR terroris*, etc.
Where this occurs, a search engine will identify all variants of the root search term (e.g. corrupted, corruption, corrupting, etc.).
Firms with overseas clients should also consider using negative search terms in multiple languages.
Services such as Google street view allow images of an address or location to be viewed. This can assist in verifying whether a business is operating out of an address and whether the address matches your understanding of the business (e.g. a corporate office or an industrial unit).
A number of commercially available services give access to identity-related information. Many of them can be accessed online and are often used to replace or supplement paper based verification checks.
Where an electronic identification process is used to verify an individual’s identity, the information may be regarded as obtained from a reliable source which is independent of the person whose identity is being verified where:
- The process is secure from fraud and misuse; and
- Is capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity.
Before using such tools firms should assess whether the service is sufficiently reliable, comprehensive and accurate. Consider (and document) whether:
- The system draws on multiple independent, authoritative sources;
- The sources are checked and reviewed regularly;
- There are control mechanisms to ensure data quality and reliability;
- The information is accessible;
- The system provides adequate evidence that the client is who they claim to be; and
- The system assesses AML risk consistently with the risk profiles that the firm assigns to clients.
Not all off-the-shelf products will be appropriate in all cases. If subscribing to such a service, firms must be prepared to supplement information obtained if it is appropriate to address the risk. Firms must demonstrate they have taken reasonable steps to satisfy themselves that the client is who they purport to be. A short list of questions for potential suppliers has been included in the appendix to help practitioners who are considering subscribing to such a service (see Appendix: Questions for suppliers).
If in doubt seek advice
ICAEW members, affiliates, ICAEW students and staff in eligible firms with member firm access can discuss their specific situation with the Technical Advisory Service on +44 (0)1908 248 250, via webchat or e-mail email@example.com.
Appendix: Questions for suppliers
|Does the system draw on multiple sources?
||A single source (e.g., the electoral register) is
not usually sufficient
|Which sources does the system draw on?
||This gives you an idea of the variety and reputability of the sources. For example, the ICAEW client screening service checks the Dow Jones Risk & Compliance database.
|To what extent is the data or documentation derived from official sources?
||Documentation purporting to offer evidence of identity may emanate from a number of sources. There is a broad hierarchy of documents with certain documents issued by government departments and agencies, or by a court being the most reliable. See Appendix B of the CCAB Anti-money laundering guidance for the accountancy sector for more detail.
|What data sources are used for negative news or information about potential subjects?
||Adverse media checks can reveal actual or alleged involvement with money laundering, financial crime or other negative information that may suggest that the client is higher risk or raise reputational concerns
|Are all data sources updated in real time? If not, what is the frequency of update?
||Systems that do not update their data regularly are generally more prone to inaccuracy. This is not to suggest that non-real time data will be non-compliant with AML regulations but confidence in the reliability of systems that are more frequently updated is likely to be higher.
|How do you check that the data from these sources is reliable? How do you know that your checks are effective?
||Systems should have built-in data integrity checks which, ideally, are sufficiently transparent to prove their effectiveness. The provider should be able to explain this.
|Are the results of my searches available to download or are they stored on the cloud? If on the cloud how do I ensure continuing access should I cancel my contract?
||To meet document retention requirements, it is essential that a practitioner is able to access records relating to CDD and the business relationship for five years from the end of the client relationship.
|How does the system provide adequate evidence that the client is who they claim to be? Do you regard this as sufficient to replace a physical (“paper”) check and why?
||For example, the provision of a passport number does not mean that the person providing it is in fact the holder of the passport. Some ID verification systems have mechanisms such as photo analysis capable of confirming authenticity of documents and/or facial recognition software, or systems whereby the subject is sent a unique verification code. This is a good opportunity for probing questions.
|What measures are in place to ensure that the system is free from fraud or misuse?
||This is a specific quality specified in the regulations (SI 2017/692 reg 28(19)).
© ICAEW 2020 All rights reserved.
ICAEW cannot accept responsibility for any person acting or refraining to act as a result of any material contained in this helpsheet. This helpsheet is designed to alert members to an important issue of general application. It is not intended to be a definitive statement covering all aspects but is a brief comment on a specific point.
ICAEW members have permission to use and reproduce this helpsheet on the following conditions:
- This permission is strictly limited to ICAEW members only who are using the helpsheet for guidance only.
- The helpsheet is to be reproduced for personal, non-commercial use only and is not for re-distribution.
For further details members are invited to telephone the Technical Advisory Service T +44 (0)1908 248250. The Technical Advisory Service comprises the technical enquiries, ethics advice and anti-money laundering helplines. For further details visit icaew.com/tas.
- 04 Jan 2021 (05: 45 PM GMT)
- Changelog created, helpsheet converted to new template
- 04 Jan 2021 (05: 46 PM GMT)
- New appendix added. Section headed If in doubt seek advice updated