 |
| WHAT MUST ESTATE AGENTS DO |
|
There are a number of elements to the new Money Laundering Regulations which Estate Agents must adhere to, and these can be checked with the Office of Fair Trading. 1stForIDverification can help you to satisfy one of these key elements that relates to Customer Due Diligence (CDD). |
| |
Estate agents must determine the extent of CDD measures on a risk-sensitive basis,
depending on the type of customer, business relationship, product or transaction. They must
be able to demonstrate to their supervisory authority that the extent of CDD measures is
appropriate in view of the risks of money laundering and terrorist financing. |
| |
| Timing of CDD Measures |
|
The verification of the identity of the customer and, where applicable, the beneficial owner,
must, subject to the exceptions referred to below, take place before the establishment of a
business relationship or the carrying out of an occasional transaction, i.e. when a customer is
registering a house to be put on the market. |
| |
Firms must apply CDD measures to its existing customers on a risk sensitive basis, at
appropriate times. A range of trigger events, such as an existing customer applying to open a
new account or establish a new relationship, might prompt a firm to seek appropriate
evidence, i.e. if a customer has sold a house with the estate agent once and then chooses to
sell another 2 years later, this may be viewed as a trigger to re-verify the identity of the
individual. |
| |
| Characteristics and Evidence of Identity |
|
The identity of an individual has a number of aspects: e.g., his/her given name (which of
course may change), date of birth, place of birth. Other facts about an individual accumulate
over time e.g. family circumstances and addresses, employment and business career,
contacts with the authorities or with other financial sector firms, physical appearance. |
| |
Evidence of identity can take a number of forms. In respect of individuals, much weight is
placed on so-called ‘identity documents’, such as passports and photo card driving licences,
and these are often the easiest way of being reasonably satisfied as to someone’s identity. |
| |
How much identity information or evidence to ask for, and what to verify, in order to be
reasonably satisfied as to a customer’s identity, are matters for the judgement of the firm,
which must be exercised on a risk-based approach. |
| |
Evidence of identity can be in documentary or electronic form. An appropriate record of the
steps taken, and copies of, or references to, the evidence obtained, to identify the customer
must be kept. |
| |
The firm should obtain the following information in relation to the private individual: -
- full name
- residential address
- date of birth
|
Verification of the information obtained must be based on reliable and independent sources –
which might either be a document or documents produced by the customer, or electronically
by the firm, or by a combination of both. In some limited circumstances, the source of funds
may provide appropriate evidence of identity. |
| |
Where business is conducted face-to-face, firms should see originals of any documents
involved in the verification. Customers should be discouraged from sending original valuable
documents by post. |
| |
| Documentary Evidence |
|
Documentation purporting to offer evidence of identity may emanate from a number of
sources. These documents differ in their integrity, reliability and independence. Some are
issued after due diligence on an individual’s identity has been undertaken; others are issued
on request, without any such checks being carried out. There is a broad hierarchy of
documents: -
|
Some documents are more easily forged than others. If suspicions are raised in relation to
any document offered, firms should take whatever practical and proportionate steps are
available to establish whether the document offered has been reported as lost or stolen. |
| |
Firms will in many situations need to be prepared to accept a range of documents, and they
may wish also to employ electronic checks, either on their own or in tandem with
documentary evidence. |
| |
| If identity is to be verified from documents, this should be based on: |
| |
Either a government-issued document which incorporates: -
- the customer’s full name and photograph, and
- either his residential address
- or his or her date of birth.
Government-issued documents with a photograph include: -
- Valid passport
- Valid photo card driving licence (full or provisional)
- National Identity card (non-UK nationals)
- Firearms certificate or shotgun licence
- Identity card issued by the Electoral Office for Northern Ireland
or a government-issued document (without a photograph) which incorporates the customer’s
full name, supported by a second document, either government-issued, or issued by a
judicial authority, a public sector body or authority, a regulated utility company, or another
FSA-regulated firm in the UK financial services sector, or in a comparable jurisdiction, which
incorporates: -
- the customer’s full name and
- either his residential address
- or his date of birth
|
| Electronic Evidence |
| |
Electronic data sources can provide a wide range of confirmatory material without involving
the customer. Where such sources are used for a credit check, the customer’s permission is
required under the Data Protection Act; a search for identity verification, however, leaves a
different ‘footprint’ on the customer’s electronic file, and the customer’s permission is not
required, but they must be informed that this check is to take place. |
| |
| The size of the electronic ‘footprint’ in relation to the depth, breadth and quality of data, and
the degree of corroboration of the data supplied by the customer may provide a useful basis
for an assessment of the degree of confidence in their identity. |
| |
If identity is verified electronically, this should be on the basis of the customer’s full name,
address and date of birth. |
| |
It is important that the process of electronic verification meets a standard level of confirmation
before it can be relied on. The standard level of confirmation, in circumstances that do not
give rise to concern or uncertainty, is: -
Positive information (relating to full name, current address, date of birth) can prove that an
individual exists, but some can offer a higher degree of confidence than others. Such
information should include data from more robust sources - where an individual has to prove
their identity, or address, in some way in order to be included, as opposed to others, where no
such proof is required. |
| |
Negative information includes lists of individuals known to have committed fraud, including
identity fraud, and registers of deceased persons. Checking against such information may be
necessary to mitigate against impersonation fraud. |
| |
For an electronic check to provide satisfactory evidence of identity on its own, it must use
data from multiple sources, and across time, or incorporate qualitative checks that assess the
strength of the information supplied. An electronic check that accesses data from a single
source (e.g. a single check against the Electoral Roll) is not normally enough on its own to
verify identity. |
| |
| Criteria for use of an Electronic Data Provider |
|
Before using a commercial agency for electronic verification, firms should be satisfied that
information supplied by the data provider is considered to be sufficiently extensive, reliable
and accurate. This judgement may be assisted by considering whether the provider meets all
the following criteria: -
-
it is recognised, through registration with the Information Commissioner’s Office, to
store personal data;
-
it uses a range of positive information sources that can be called upon to link an
applicant to both current and previous circumstances;
-
it accesses negative information sources, such as databases relating to identity fraud
and deceased persons;
-
it accesses a wide range of alert data sources; and
-
it has transparent processes that enable the firm to know what checks were carried
out, what the results of these checks were, and what they mean in terms of how
much certainty they give as to the identity of the subject.
In addition, a commercial agency should have processes that allow the enquirer to capture
and store the information they used to verify an identity. |
| |
As well as requiring a commercial agency used for electronic verification to meet the criteria
set out above, it is important that the process of electronic verification meets a standard level
of confirmation before it can be relied on. The standard level of confirmation, in circumstances
that do not give rise to concern or uncertainty, is: -
- one match on an individual’s full name and current address, and
- a second match on an individual’s full name and either his current address or his
date of birth.
Commercial agencies that provide electronic verification use various methods of displaying
results - for example, by the number of documents checked, or through scoring mechanisms.
Firms should ensure that they understand the basis of the system they use, in order to be
satisfied that the sources of the underlying data reflect the guidance and cumulatively meet
the standard level of confirmation required. |
| |
To mitigate the risk of impersonation fraud, firms should either verify with the customer
additional aspects of his identity which are held electronically, or follow the guidance below. |
| |
| Customers who Cannot provide the Standard Evidence |
|
Some customers may not be able to produce identification information equivalent to the
standard. Such cases may include, for example, some low-income customers in rented
accommodation, customers with a legal, mental or physical inability to manage their affairs,
individuals dependent on the care of others, dependant spouses/partners or minors, students,
refugees and asylum seekers, migrant workers and prisoners. The firm will therefore need an
approach that compensates for the difficulties that such customers may face in providing the
standard evidence of identity. |
| |
| Mitigation of Impersonation Risk |
|
Where identity is verified electronically, or copy documents are used, a firm should apply an
additional verification check to manage the risk of impersonation fraud. The additional check
may consist of robust anti-fraud checks that the firm routinely undertakes as part of its
existing procedures, or may include: -
- requiring the first payment to be carried out through an account in the customer’s
name with a UK or EU regulated credit institution or one from a comparable
jurisdiction;
- verifying additional aspects of the customer’s identity, or of his electronic ‘footprint’;
- telephone contact with the customer prior to opening the account on a home or
business number which has been verified (electronically or otherwise), or a “welcome
call” to the customer before transactions are permitted, using it to verify additional
aspects of personal identity information that have been previously provided during the
setting up of the account;
- communicating with the customer at an address that has been verified (such
communication may take the form of a direct mailing of account opening
documentation to him, which, in full or in part, might be required to be returned
completed or acknowledged without alteration);
- internet sign-on following verification procedures where the customer uses security
codes, tokens, and/or other passwords which have been set up during account
opening and provided by mail (or secure delivery) to the named individual at an
independently verified address;
- card or account activation procedures;
- requiring copy documents to be certified by an appropriate person.
|
| Non Face-to-face Identification and Verification |
|
Where the customer has not been physically present for identification purposes, a firm must
take specific and adequate measures to compensate for the higher risk, for example by
applying one or more of the following measures: -
- ensuring that the customer’s identity is established by additional documents, data
or information;
- supplementary measures to verify or certify the documents supplied, or requiring
confirmatory certification by a financial services firm in the UK, EU or a comparable
jurisdiction;
- ensuring that the first payment of the operation is carried out through an account
opened in the customer’s name with a ban
|
| Sanctions |
|
The United Nations, European Union, and United Kingdom are each able to designate
persons and entities as being subject to financial sanctions. Such sanctions normally include
a prohibition on making funds available to the designated target. A Consolidated List of all
targets to whom financial sanctions apply is maintained by the Bank of England, and includes
all individuals and entities that are subject to financial sanctions in the UK. |
| |
The obligations under the UK financial sanctions regime apply to all firms, and not just to
banks. The Consolidated List is the definitive list as regards the obligations under UK law. All
firms to whom this guidance applies, therefore, whether or not they are FSA-regulated or
subject to the ML Regulations, will need either: -
- for manual checking: to register with the Bank of England update service (directly or
via a third party, such as a trade association); or
- if checking is automated: to ensure that relevant software includes checks against the
relevant list and that this list is up to date.
The obligation under UK law is absolute – it is a criminal offence to make funds or financial
services available to a target or its agent. |
| |
| Politically exposed persons (PEP’s) |
|
Individuals who have, or have had, a high political profile, or hold, or have held, public office,
can pose a higher money laundering risk to firms as their position makes them vulnerable to
corruption. This risk also extends to members of their immediate families and to known close
associates. |
| |
PEP status itself does not, of course, incriminate individuals or entities. It may, however, put a
customer into a higher risk category. |
| |
A PEP is defined as “an individual who is or has, at any time in the preceding year, been
entrusted with prominent public functions and an immediate family member, or a known close
associate, of such a person”. |
| |
This definition only applies to those holding such a position in a state outside the UK, or in
the European Community or an international body. |
| |
Although under the definition of a PEP an individual ceases to be so regarded after he has left
office for one year, firms are encouraged to apply a risk-based approach in determining
whether they should cease carrying out appropriately enhanced monitoring of his transactions
or activity at the end of this period. In many cases, a longer period might be appropriate, in
order to ensure that the higher risks associated with the individual’s previous position have
adequately abated. |
| |
Public functions exercised at levels lower than national should normally not be considered
prominent. However, when their political exposure is comparable to that of similar positions at
national level, firms should consider, on a risk-based approach, whether persons exercising
those public functions should be considered as PEPs. Prominent public functions include: -
- heads of state, heads of government, ministers and deputy or assistant ministers;
- members of parliaments;
- members of supreme courts, of constitutional courts or of other high level judicial
bodies whose decisions are not generally subject to further appeal, except in
exceptional circumstances;
- members of courts of auditors or of the boards of central banks;
- ambassadors, charges d’affaires and high-ranking officers in the armed forces; and
(other than in respect of relevant positions at Community and international level)
- members of the administrative, management or supervisory boards of State-owned
enterprises.
Immediate family members include:
- a spouse;
- a partner (including a person who is considered by his national law as equivalent to a
spouse);
- children and their spouses or partners; and
- parents.
Persons known to be close associates include:
- any individual who is known to have joint beneficial ownership of a legal entity or legal
arrangement, or any other close business relations, with a person who is a PEP; and
- any individual who has sole beneficial ownership pf a legal entity or legal
arrangement which is known to have been set up for the benefit of a person who is a
PEP.
|
| Reliance on Third Parties |
|
Frequently, a customer may have contact with two or more firms in respect of the same
transaction. Several firms requesting the same information from the same customer in respect
of the same transaction not only does not help in the fight against financial crime, but also
adds to the inconvenience of the customer. It is important, therefore, that in all circumstances
each firm is clear as to its relationship with the customer and its related AML/CTF obligations,
and as to the extent to which it can rely upon or otherwise take account of the verification of
the customer that another firm has carried out. Such account must be taken in a balanced
way that appropriately reflects the money laundering or terrorist financing risks. |
| |
The new Regulations offer, potentially, a very wide scope for relying on other, appropriately
qualified, regulated firms, although in all cases the ‘relying’ firm retains ultimate responsibility
for meeting the obligations under the Regulation. |
| |
| Record Keeping |
|
Record keeping is an essential component of the audit trail that the ML Regulations and FSA
Rules seek to establish in order to assist in any financial investigation and to ensure that
criminal funds are kept out of the financial system, or if not, that they may be detected and
confiscated by the authorities. |
| |
Firms must retain records concerning customer identification and transactions as evidence of
the work they have undertaken in complying with their legal and regulatory obligations, as well
as for use as evidence in any investigation conducted by law enforcement. FSA-regulated
firms must take reasonable care to make and keep adequate records appropriate to the scale,
nature and complexity of their businesses. |
| |
In relation to the evidence of a customer’s identity, firms must keep a copy of, or the
references to, the evidence of the customer’s identity obtained during the application of CDD
measures. Where a firm has received a confirmation of identity certificate, this certificate will
in practice be the evidence of identity that must be kept. |
| |
Records of all transactions relating to a customer must be retained for a period of five years
from the date on which the transaction is completed. |
| |
