 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
SP6 Firms must be able to provide documentary evidence of their compliance with the legislation and these Notes
10 Providing Documentary Evidence
10.1 Compliance Documentation
Documenting the processes a firm has in place becomes a vital component of compliance with the Notes. It is not enough to just provide documentary evidence of the due diligence performed on the customer but firms need to demonstrate that all the other processes have been given effect.
The requirements of these Notes also extend to how a firm has complied with the statements of principle, the senior management’s responsibilities have been satisfied, the risk based approach designed and implemented, how each of the risks have been mitigated, how the firm’s due diligence measures are escalated (or reduced) depending on the risk profile of the customer and how reports to GFIU considered and reported.
The Notes highlight the specific requirements that each firm must meet if it is to be held to be in compliance. In order to assist firms in this 0 contains a checklist of all the statements of principles and requirements of these Notes. Firms should complete this checklist at the earliest possible opportunity and design an action plan to address any deficiencies that are identified.
R105 As part of the FSC’s risk-based methodology for assessing regulated firms, the Compliance Report in Chapter XII and its accompanying action plan will be requested together with any risk questionnaires that form part of the normal risk assessment process.
It is therefore important that firms have in place a clear action plan to deal with deficiencies. The FSC does not expect full compliance with the revised requirements contained in these Notes immediately that they have come into force but does need to see senior management commitment to attaining full compliance within a reasonable time-frame.
The risk-assessment on-site work conducted by the FSC will sample whether the practice of a firm matches the responses given by the firm.
10.2 Customer identification documentation
The requirement contained in Section 10P of the Crime (Money Laundering and Proceeds) Act to keep records of customers’ identification and transactions is an essential constituent of the audit trail that the Sections seek to establish.
! In determining what are relevant records, firms need to also consider that Notes, e-mail exchanges and correspondence will augment the firm’s knowledge of the customer and would therefore normally also be caught by the term relevant records.
If the law enforcement agencies investigating a money laundering case cannot link funds passing through the financial system with the original criminal money, then confiscation of those funds cannot be made. Often the only valid role required of a firm in a money laundering or terrorist financing investigation is as a provider of relevant records, particularly where the money launderer or terrorist financier has used a complex web of transactions specifically for the purpose of confusing the audit trail.
R106 The records prepared and maintained by any firm on its customer relationships and transactions should be such that:
a. requirements of legislation are fully met;
b. competent third parties will be able to assess the institution’s observance of money laundering policies and procedures;
c. any transactions effected via the institution can be reconstructed; and
d. the institution can satisfy within a reasonable time any enquiries or court orders from the appropriate authorities as to disclosure of information.
e. businesses must maintain a record that:
1. indicates the nature of the evidence obtained, and
2. comprises either a copy of the evidence or (where this is not reasonably practicable) contains such information as would enable a copy of it to be obtained.
R107 These records of identity must be kept for at least five years from the date when the relationship with the customer has ended. In accordance with Section 10P, this is the date of:
a. the carrying out of the one-off transaction, or the last in a series of linked one-off transactions; or
b. the ending of the business relationship; or
c. the commencement of proceedings to recover debts payable on insolvency.
Where formalities to end a business relationship have not been undertaken but a period of five years has elapsed since the date when the last transaction was carried out, then the five year retention period commences on the date of the completion of that last transaction.
10.3 Transaction Records
R108 Section 10P(2)(b) requires institutions to retain, for at least five years, records of all transactions undertaken in respect of relevant financial business.
The precise nature of the records required is not specified, but the objective is to ensure, in so far as is practicable, that in any subsequent investigation the company/business can provide the authorities with its section of the audit trail. These record keeping requirements are separate from those of the financial services regulators, but there is a considerable degree of overlap.
For each transaction consideration should be given to retaining a record of :
o the name and address of its customer;
o the name and address (or identification code) of its counterparty;
o what the transaction was used for, including price and size;
o whether the transaction was a purchase or a sale;
o the form of instruction or authority;
o the account details from which the funds were paid (including, in the case of cheques, sort code, account number and name);
o the form and destination of payment made by the business to the customer;
o whether the investments, etc were held in safe custody by the business or sent to the customer or to his/her order and, if so, to what name and address.
10.4 Record Keeping By Eligible Introducers
Section 10P(4) to (7) specifically addresses the responsibility for record keeping in respect of business introduced by eligible introducers. If the eligible introducer is itself authorised under the Financial Services, Banking, or Insurance Companies Acts for relevant financial business, the principal can rely on an assurance that the eligible introducer will keep, on the principal's behalf, the necessary records in respect of both verification of identity and transactions. It is of course necessary for the principal to keep copies of the records itself.
10.5 Format And Retrieval Of Records
R109 To satisfy the requirements of the law enforcement agencies, it is important that all types of records are capable of retrieval without undue delay.
It is not necessary to retain documents in their original hard copy form, provided that the firm has reliable procedures for holding records in microfiche or electronic form, as appropriate, and that these can be reproduced without undue delay. In addition, an institution may rely on the records of a third party, such as a bank or clearing house in respect of details of payments made by customers. However, the primary requirement is on the institution itself and the onus is thus on the business to ensure that the third party is willing and able to retain and, if asked to, produce copies of the records required.
However, the record requirements are the same regardless of the format in which they are kept or whether the transaction was undertaken by paper or electronic means. Documents held centrally must be capable of distinguishing between the transactions relating to different customers and of identifying where the transaction took place and in what form.
The Regulations do not state the location where relevant records should be kept but the overriding objective is for financial sector businesses to be able to retrieve relevant information without undue delay.
When setting document retention policy, firms must weigh the
statutory requirements and the needs of the investigating authorities against
normal commercial considerations. When
original vouchers are used for account entry, and are not returned to the
customer or his agent, it is of assistance to the law enforcement agencies if
these original documents are kept for at least one year to assist forensic
analysis, and this can also provide evidence to a financial institution when
conducting its own internal investigations.
However, this is not a requirement of the anti-money laundering
legislation and there is no other statutory requirement in
It is also of assistance to law enforcement, particularly in
cases where a third party has been relied upon to undertake verification of
identity procedures or to confirm identity, that copies of all records relating
to verification of identification are retained in
! Institutions are asked to ensure that when original documents which would normally have been destroyed are required for investigation purposes, they check that the destruction policy has actually been adhered to before informing the law enforcement agencies that the documents are not available.
Where documents verifying the identity of a customer are held in one part of a group, they do not need to be held in duplicate form in another. However, if the documents are held in another jurisdiction, they must wherever possible (subject to local legislation) be freely available on request within the group, or otherwise be available to the investigating agencies under due legal procedures and mutual assistance treaties. Access to group records must not be impeded by confidentiality or data protection restrictions.
Financial sector businesses should also take account of the
scope of money laundering legislation in other countries, and should ensure
that group records kept in other countries that are needed to comply with