Your Questions Answered
You’ll find the most common questions related to our AMLCC product and what the Regulations mean for your business.
To register/subscribe to AMLCC, click here. You will need to fill in the relevant details and also add to the “discount code” box any discounts you may have received from your supervisory body regarding our product.
You will receive an email with your login details 5-10 minutes after submitting the registration form. Always check your junk mail if you have not received them within this timeframe. If you have still not received the email, contact the AMLCC team who will be able to assist you.
You will receive 3 separate logins in total:
Firm login: This is emailed to you after your registration has been successful and gives the highest access as it allows you to edit business and staff details.
MLRO login: This is created as part of your firm’s initial setup in the system. It gives the MLRO access to their own specific training video, enables them to see which staff members have completed their training and also to receive reports from staff members that need to be sent as a SAR.
Staff login: Each staff member at your firm will have their own login details in order to be able to complete their training and upload their own clients (if applicable).
The product comes with access for the firm, the MLRO and 3 staff members. If you require more staff logins, you can purchase additional users by ordering online.
You will need to use the firm login to set up your firm details and create your MLRO and staff logins. If you are a sole practitioner you will only need to set up the MLRO login. In the day-to-day use of the system, you will use the MLRO and/or staff logins as appropriate.
If you know your username, you can click the forgotten password link on the login page, enter your user name and click “Email password”. You will receive 4 digits on screen and then receive a further 4 digits within an email. You will need to combine these 8 digits to use as your new password. If you do not know your username you will need to contact the AMLCC team who will be able to assist you.
Each separate user can change their login username to something more memorable if they wish. To change your username, login and then click on “Personal Details”.
However at present you cannot do the same with your password. Your password can only be changed to a system-generated random one, which will be displayed to you during the procedure (see previous FAQ).
In addition, your MLRO can change any staff member’s password. To do this the MLRO needs to login, go to the Admin header and then click on “Staff”. This will show all of the details for that particular login; the MLRO will be able to edit accordingly and then click “Update results” to save the revised details.
We do not currently send renewal emails to remind users of the end of their subscription.
Yes, you will need to register with the ICO under the Data Protection Act as the act regulates the use of “personal data” which covers obtaining, recording and holding the data.
You will need to add a paragraph to your current letter of engagement to advise clients that you might carry out online verification on them for AML purposes. You do not require their permission for this but you do need to make them aware that these checks may happen.
The online client verification tool is provided by Equifax and produces online verifications for residents in the UK. We have a link to the Equifax database from our members’ website, enabling you to run online verifications using the AMLCC system once you have registered.
The online verifications cost £3+VAT each. If you think you will be requiring multiple verifications, you can purchase them in bulk with discounts available for bulk purchases of 50, 100 or 200. Please see the Registration page for details.
Yes, you simply go to the “Upload Clients” tab and download the upload template. There are instructions for this on the template, once completed make sure the file is saved as a CSV file and simply upload it to the website.
Yes, you can! We believe you should have control of how you assess your clients.
If you wish to mitigate a high-risk outcome you simply click “Update Risk Assessment”, locate the high-risk question (in the section key at the top this will be shown by a red flag as to where the high-risk answer lies), and from the drop-down select “Risk Mitigation Accepted”. Once you have done this simply reassess the client to change this outcome.
Remember to always document your thought process as this is your best line of defence if you are ever investigated. Staff members are unable to change the outcome, they can only request from the drop down to mitigate the risk but the MLRO has to make the final decision.
If you have many similar types of clients and you do not wish to manually risk assess each client, you are able to purchase a template or templates (depending on the number of different clients you have) and pre-fill in a model set of answers, you can then simply upload the model set of answers to each client saving a lot of valuable time and making your compliance easier.
Money Laundering is the process by which proceeds of crime are integrated into the legitimate economy. Under the Proceeds of Crime Act (POCA) 2002 money laundering offences are committed when a person:
- Conceals, disguises, converts or transfers criminal property (Section 327)
- Enters into an arrangement regarding criminal property (Section 328)
- Acquires, uses or possesses criminal property (Section 329)
Put simply doing “stuff” with or with regard to the proceeds of crime is going to be a money laundering offence.
Conviction of any of these offences can be punishable for up to 14 years imprisonment and/or a fine.
All individuals or firms acting as ASPs (Accountancy Service Provider, defined to include accountants, bookkeepers, tax advisors, auditors and insolvency practitioners) have a legal obligation to report any knowledge or suspicion (or grounds for either) of money laundering as soon as practically possible. Full definitions are provided within the 2017 money laundering regulations as expanded by AMLGAS (Anti-Money Laundering Guidance for the Accountancy Sector).
For an employee, their duty ends once they have reported their suspicions to their firm’s MLRO (Money Laundering Reporting Officer) or DMLRO (Deputy MLRO). Once this report has been sent, it is then the responsibility of the MLRO to consider if a report to the NCA (National Crime Agency) via a SAR (Suspicious Activity Report) is required.
It is a criminal offence for ASPs not to comply with the 2017 money laundering regulations.
Individuals in the regulated sector commit an offence if they fail to disclose knowledge or suspicion (or grounds for suspicion) that money laundering is occurring or has occurred. The maximum penalty is 5 years’ imprisonment and/or a fine.
The Proceeds of Crime Act (POCA) 2002 provides full details on the obligations and penalties.
Businesses need to establish a system that maintains their compliance with AML regulations and provides evidence of such compliance. The key requirements are:
- Appointing an MLRO (Money Laundering Reporting Officer) and having clear reporting procedures to the MLRO
- Performing a risk assessment on their firm and keeping it updated
- Performing risk assessments on every client and keeping them updated
- Undertaking due diligence and ongoing monitoring for all clients
- Maintaining clear and up-to-date records
- Carrying out training for relevant staff and senior managers
- Having clear Anti-Money Laundering compliance policies and procedures
- Identify reportable matters to the National Crime Agency (NCA)
Monitoring and amending the above routinely and as circumstances dictate
The MLRO (Money Laundering Reporting Officer or Nominated Officer) is responsible for ensuring that all relevant staff are trained on an annual basis to make sure they are up to date with legislation and aware of the firm’s own policies and procedures. It is also their job to submit any SARs (Suspicious Activity Reports) to the NCA (National Crime Agency) and to maintain the confidentiality of the report to avoid ‘tipping off’.
It’s worth noting that the MLRO is well established term for the individual with responsibility for considering and making reports to the National Crime Agency. That role is often doubles-up as the person who is responsible for money laundering compliance within a firm. This role is also referred to as Money Laundering Compliance Principal.
Identification and verification of clients is essential. Don’t forget that it is the natural persons behind a client that must be identified and verified, this applies equally when the client is not a natural person (the client’s beneficial owner(s)).
Verification of a client may include:
- Obtaining their photocard driving licence or passport to verify their name, DOB and visual identity
- Obtaining an up-to-date utility bill (no older than 3 months) to verify their address
- Undertaking an online verification, where appropriate, to further verify the identity of the client or beneficial owners.
It’s worth considering the role of confirming that such a person exists and that the person you are dealing with is that person. This is particularly important to minimise the risk of identity fraud.
Electronic verification is used to complement the normal identification documents as a tool for ‘Enhanced Customer Due Diligence’ (EDD). It is usually reserved for high-risk clients or those requiring EDD in order to:
- Search their electronic footprint
- Search the PEP (politically exposed person) database and sanctions lists
- Perform extra checks to confirm that a person’s identity exists
However, a firm may choose to run an electronic verification on all clients to manage the risk of a client being a PEP or on the sanctions list.
You will need to advise your client that you intend to carry out an online verification but you do not need their permission. The best way to inform your clients is to include a paragraph in your letter of engagement stating that these checks are likely to occur during the verification process and that it may leave a soft ‘footprint’ on their file, though we are advised by our online verification provider that this will not affect the credit rating of an individual.
It is not uncommon that a client may have, for example, recently moved to a new house, or that they are living with their parents or partners where they have no external records of living at an address.
The hard copy verification process should already have been undertaken and the circumstances of any particular client should be considered along with what evidence may be available or what risk is attached to the client.
You will need to verify all of your clients and carry out at least normal customer due diligence in order to demonstrate that you are complying with the money laundering regulations. Any variation from your standard policy should be noted and approved by senior management.
A high-risk client could, for example, include the following:
- Cash-based business
- High-risk business such as opaque business practices or obscure trading procedures
- Clients who operate in high-risk jurisdictions
- Clients you have never met face to face
- Politically exposed persons (PEP) or those on the Treasury Sanctions List
- Clients who are evasive
- Clients who try to put you off your guard
- Clients who try to direct your actions
AMLCC’s client risk assessment tools with take users through the risk assessment process for clients.
If you have, for example, never met a client, then their ID should be certified by an identifiable, individual of good standing such as a solicitor or accountant. A Skype call may be worthwhile to help verify their identity but will not be enough on its own. You may also consider an online verification to check their electronic footprint. This will help with checking the sanctions lists and helping with recognising that a person is politically exposed. It is not recommended to use electronic verification without having met an individual along with their actual documents or having had such documents correctly certified.
AMLCC’s client risk assessment tool includes Enhanced Due Diligence factors and measures to apply where they are required.
The person who should carry out the AML checks should be the person who the individual is a client of. Therefore, if an accountant outsources to a third-party bookkeeper, the client is technically the accountant’s and so they should be carrying out the AML checks. However, any third party who is hired should be given training on the firm’s AML policies and procedures to ensure they are working to the same standards.
In general, the AML due diligence checks follow the engagement letter. As a freelancer there would an agreement in place to provide services and not an agreement to be an employee of the accountancy practice.
Provision of accountancy (including bookkeeping) services to a third party is almost certainly going to fall under the definition within the 2017 money laundering regulations as expanded by the Anti-Money Laundering Guidance for the Accountancy Sector (AMLGAS)
If providing regulated services, then the freelancer much be supervised for AML and must undertake the necessary AML steps.
A regulated firm should have a policy in place to cover at least:
- Customer due diligence
- Ongoing monitoring of clients and evolving risks
- Documentation and recording
- Reporting SARs (Suspicious Activity Reports)
- Risk assessments for clients and the firm
- Control procedures
- Cash handling
- Client account
A comprehensive text editable draft firm policy is available within AMLCC.
The easiest way to submit a SAR is by using the SAR Online System.
The quality of the SAR can affect the ability of the NCA (National Crime Agency) to prioritise and process the report. It can also affect the law enforcement agencies’ decision or ability to investigate. It is therefore important to include as much detail as possible; poor quality reporting can lead to delays in action being taken.
‘Tipping off’ can be found in the Proceeds of Crime Act 2002 (Section 333). It creates an offence of tipping-off a client that a SAR report is about to be made or has been made about the client.
If the MLRO (Money Laundering Reporting Officer) has decided not to submit a SAR to the NCA, then a record of that decision should be documented clearly along with the reasons why that decision was made.
All individuals or firms acting as an ASP (Accountancy Service Provider) have a legal obligation to report any knowledge or suspicion of money laundering as soon as practically possible. An employee’s responsibility ends once they have sent a report to their firm’s MLRO/DMLRO. It is then the latter’s responsibility to report the suspicion to the NCA via an SAR if felt appropriate.
MLRO: Money Laundering Reporting Officer
DMLRO: Deputy Money Laundering Reporting Officer
NCA: National Crime Agency
SAR: Suspicious Activity Report