The Risk Sensitive Basis


The Regulations require relevant persons (sole traders and firms) to establish and maintain appropriate and risk sensitive policies and procedures to prevent activities relating to money laundering and terrorist financing (r.20 (1)). Those policies and procedures must relate to:

  • Client Due Diligence
  • on going monitoring of existing clients
  • internal reporting to a firm’s MLRO
  • record keeping
  • internal control
  • risk assessment and management
  • internal communication of such policies and procedures
  • monitoring and management of compliance with such policies and procedures
  • training

Much of the 2003 regulations still remains and should be familiar. Nevertheless, this list has now been enhanced and may appear to be daunting when first viewed. However, with understanding and a common-sense approach, and taken within the context of knowledge of your own business model, the list is easily satisfied. It must be stated that the obligations placed upon the nominated officer is to apply the Regulations appropriately and proportionately, to that of ‘a reasonable standard’.

The Regulations do not set standards as to the form or content of the policies and procedures for your firm. They leave it to you to devise policies and procedures that are suitable in the context of your own practice, the work you undertake and your client bases. Whereas the list above is described as the ‘basic requirements’, the Regulations do go on to require that your policies and procedures provide specifically for:

Regulation 20 (2))
(a) For identifying and scrutinising:

  • Complex or unusually large transactions
  • Unusual patterns of transactions which have no apparent economic or visible lawful purpose
  • Activities which you regard as particularly likely by their nature to relate to money laundering or terrorist financing.

(b) For specifying the taking of additional measures, where appropriate, to prevent the use for money laundering or terrorist financing of products and transactions which might favour anonymity.

(c) For determining whether a person is a politically exposed person.

(d) For firms to nominate a MLRO and to ensure that persons in the firm abide by the reporting obligations in the POCA and TA. A MLRO is a person within a firm who will receive all Internal Reports and assess them before deciding whether they justify a SAR to SOCA.

In (a) above, it may be necessary for banks, which have customarily transferred funds upon instruction and without concern for the purpose of the transfer. For example, the simple cheque transaction, repeated millions of times every day. By contrast, as accountants we have a relatively close relationship with our clients. Accountants will usually, therefore, satisfy (a) as a matter of course. Although, some inquiry of the client might be necessary to fill in gaps of information provided, incomplete records or poor recording of detail of transactions is a common occurrence encountered in practice.