New AML Regulations and the pursuit of the beneficial owner.
Published on March 4, 2020 Introduction The new Money Laundering & Terrorist Finance (Amendment) Regulations 2019 which came into force on 10 January have modified a number of aspects of the 2017 AML Regulations, with which we have been complying with for some time. However, many firms’ procedures hark back to the earlier days of the 2007 Regulations and have not been modified or updated much over recent years. This article seeks to set out what the new Regulations in fact require, and the steps we should be taking in relevant cases. The Policy It has been true for some time that the ultimate aim of all the regulatory rules is transparency – it has always been the case that the use of artificial structures such as trusts, companies, bearer shares, foundations and charities – whilst perfectly legal – have to some extent also benefitted from the extra anonymity they offer to the true owner and recipient of the funds and services we provide. If we offer services to these types of entity, the Regulations require us to go some way to identifying the individuals who are actually benefitting from our services, and this entails uncovering the true ownership of the organisation. Whilst this would be difficult in many instances – Cayman Island companies with bearer shares, for example – we must nevertheless attempt to get some assurances from the creators of the companies, accountants or registrars as to the ownership of the shares, and have some way of being notified of any change in ownership. We also need to be aware of the PEP and Sanctions status of these individuals. Further, for UK companies, the PSC Regulations 2016 impose an exactly similar obligation on the companies themselves to identify their beneficial owners and notify Companies House of any shareholder with 25% or more of the shares or exercising control over management of the business. The Regulations The Regulations provide that we must, as part of our CDD procedures · Identify the client – this means coming to know who they are, by name and some other characteristic, eg address, date of birth, date of incorporation · Verify that identity – by means of reliable and independent data and documentation · Identify the beneficial owner (if the client is an entity) – though not necessarily verifying that identity · Identify and verify the identity of the person actually instructing us (if not already done). What this means for us When acting for a COMPANY (that is not a listed company) the Regulations require us to obtain · Details of the company as registered (which must be proven by a copy of the register entries available from Companies House or equivalent registry) – o name, number, registered office address, principal place of business o the law to which it is subject o details of its governing documentation (its memorandum) o names of the directors. · Names of any beneficial owners, and the identity of any individual owners of legal entities which own the client · Names and verification of the persons instructing us on behalf of the company, and their authority to do so. Note that we cannot rely on the information provided by the company under the PSC Regulations but we must undertake our own research in order to fulfil our CDD duties. Further, if as part of that research, we discover that the Companies House data on PSC’s is incorrect, then we are now under a further obligation to notify the Registrar of Companies of this fact. We also need to establish that PEPs and Sanctions checks are also undertaken. If genuinely positive entries are revealed in response we should undertake enhanced CDD steps or cease to act, accordingly. Electronic searches are a permissible avenue to use provided the search provider can offer us the necessary assurances that the person actually claiming an identity is IN FACT that person. Check also whether they also indicate PEP and Sanctions listings. Above all, the new Regulations provide that we “must take all reasonable steps to understand the ownership and control structures within the organisation” – regardless of the official lists of names that we may have in front of us. There are similar rules for trusts, charities, estates and other types of entity – but I do not intend to outline those rules here. Further, we must periodically update any information that we have. What if our enquiries fail to identify the individuals involved? The Regulations provide us with a default position, available only in the most extreme of cases. Where “all reasonable steps” have been taken to identify the beneficial owner and it has not been possible to do so, firms may be allowed to treat the principal manager of the business as the beneficial owner, provided all records of the steps taken and the difficulties involved in so identifying them are kept. Conclusions The Rules appear to have changed, in that there is nowhere any longer a rule which says that we have to identify and verify at least two directors of a company etc etc. We need the names of everyone involved in the business – directors, shareholders, stakeholders and others – and we need to verify the identity of the persons instructing us, regardless of their position, and that they have authority to so instruct us. Further, as long as we understand the overall structures of control within the organisation – and question any departure from expected norms – we should be doing enough.
