This requires the firm to verify that the information we have been given by the client as part of the ‘KYC’ process is basically true. Verification must be done at that point or within a reasonable time frame of when a ‘business relationship is formed’. If the firm cannot verify the client then they should not proceed with the work. It is worthwhile here revisiting the ML Regulations:
“The stated objectives of the ML Regulations are first, that the evidence offered is reasonably capable of establishing the customer’s identity, and secondly, that the person who is assessing the evidence is satisfied that the customer is the person he claims to be. The ML Regulations require that: The applicant for business will produce satisfactory evidence of his identity; or
Procedures established by the firm will produce such satisfactory evidence.
Regulation 4(3)(a) 5.3.4 Being reasonably satisfied that a customer is the person he claims to be is therefore a combination of being satisfied that: The named person exists: from appropriate identity data and information; and
The customer is that person: by verifying from reliable, independent source documents, data or information, satisfactory confirmatory evidence of appropriate parts of the customer’s accumulated profile.”
In simple terms it means the firm can verify the client according to your risk assessment by ‘data, documents or information’, anything that satisfies you the MLRO that the person you are dealing with is the person that you think it is. The explanations for the terms are:
Documents: The emphasis of guidance on the 2003 regulations was upon obtaining copies of documents, such as new style driving licences and passports, as evidence of identity. Such documents are still extremely valid, and in all likelihood will remain the evidence of choice for most, but the Regulations make it clear that other forms of evidence are equally valid.
Data: This is an acknowledgment that we now operate in an age when so much data is so freely available electronically and by other means. While it is open to you to obtain a data check from an agency, this is just one option open to you. Data is also available from internet search engines, such as Google or Yahoo, and from official sources, such as Companies House, local authorities and regulatory bodies, etc. All are valid sources of data.
Information: Information may be in any form, documents, data, word of mouth, personal experience etc. For example, someone you know and trust may confirm a client’s identity; someone may have been to clients’ homes, in which case they have information as to home address; or a client might be in the public eye.
Independent source: An independent source is one over which the client or other person in question has no influence or control. For example, a passport is from an independent source because a government department produced it, even though your client may provide it to you.
Paper evidence is not the only route to verification, though it may be in some cases the easiest or in some cases not appropriate considering the risk, circumstance or the inconvenience. Verification is an important part of the risk management, identification and KYC requirements of the Regulations. So “in their procedures, therefore, firms will in many situations may need to be prepared to accept a range of documents, and they may wish also to employ electronic checks, either on their own or in tandem with documentary evidence.(JMLSG 2006 5.3.10)”