The extent of global attention to money laundering and the financing of terrorism are relatively recent issues, and a reaction to events. The extent of the money generated by the sale of illegal drugs in the 1980’s first demanded a reaction. This was followed in 2001 by the terrorist attack on the twin towers.
This document represents Car Lease Agent Limited (CLA ) policy towards fighting financial crime globally. CLA takes these responsibilities seriously, and expects its staff to do the same due to our collective responsibility to society, in addition to the legal requirements and penalties (individual as well as corporate). CLA commits to ensuring that it will verify its customers identities before they are accepted, and will then continue to know its customers adequately for so long as a relationship is maintained.
The FCA defines Financial Crime as ‘fraud or dishonesty, market abuse and handling the proceeds of crime’. This policy of CLA ’s particularly addresses risks relating to money laundering, terrorist financing, corruption and bribery, proliferation financing and fraud.
Money Laundering may include the following:
There can be considerable similarities between the movement of terrorist property and the laundering of criminal property: some terrorist groups are known to have well established links with organised criminal activity. However, there are two major differences between terrorist property and criminal property more generally:
Terrorist organisations often control property and funds from a variety of sources and employ modern techniques to manage these funds, and to move them between jurisdictions.
Transparency International defines Corruption as ‘the abuse of entrusted power for personal gain.’ They amplify this by describing corruption and bribery as ‘complex transactions involving both someone offering a benefit, often a bribe, and someone accepting it as well as other specialists or intermediaries to facilitate the transaction’.
Corruption risk includes channelling corrupt payments into the financial system so that they may be laundered as well as direct engagement in corruption. In January 09 the FSA stated ‘The involvement of UK financial institutions in corrupt or potentially corrupt practises overseas undermines the integrity of the UK financial services sector’.
Politically Exposed Persons (PEP’s)
This term has arisen from PEP’s history of association with corruption, to an extent where their presence in a transaction has become a risk indicator. PEP’s are persons who have been entrusted with prominent public functions, and people close to such persons.
The broad objective of CLA ’s anti‐financial crime system is to know who our customers are, what they do, and whether or not they are likely to be engaged in criminal activity.
The financial crime issues described in Section 1 above have led to various global and national organisations and legal frameworks as a response.
The EU has produced its forth Money Laundering Directive (2015) (4th EU ML Directive), refining and extending the previous regime. This should lead to a uniform minimum standard throughout the EU, however, in practise it will take time to achieve this, and generally Eastern Europe lags Western Europe in this respect. In the UK the 4th EU ML Directive has been implemented by the Money
Laundering Regulations 2017 (The ML Regulations).
This Directive extended the ML requirements in the EU to the so‐called Gatekeepers, such as professional firms, tax advisers, estate agents etc. It structured Customer Due Diligence measures more specifically as identifying, and verifying the identity of, customers and beneficial owners, knowing the purpose and nature of business relationships, and conducting ongoing monitoring. The
Regulatory requirements include:
In the UK, the Proceeds of Crime Act 2002 (POCA) and the Terrorism Act 2000 (TACT) contain the principal legal provisions relating to money laundering and terrorist financing respectively. They also provide the legal basis for Suspicious Activity Reports and the Consent regime in both areas.
(POCA) consolidated, updated and reformed the UK law relating to money laundering to include any dealing in criminal property. It has set a standard for much subsequent money laundering legislation in the world, and is the origin of the "concealing, disguising, transferring and removing" definition of money laundering so prevalent in British ex‐colonies and a growing number of countries in the Middle and Far East.
Schedule 7 of the Counter‐Terrorism Act 2008 gives HM Treasury (in contrast to Judges under POCA and TACT) powers, in response to terrorist or proliferation finance threats, to direct firms to carry out:
There are three groups of offences for money laundering that CLA needs to avoid committing:
Penalties – against either firms or individuals
These offences have been extended to the proceeds of all crime, not just money laundering, which often arises from other jurisdictions, or trusts or foundations.
TACT creates a range of offences addressing e.g. fund‐raising for terrorist purposes, the possession and use of terrorist property, being involved in funding arrangements, and money laundering involving terrorist property.
Both POCA and TACT contain an offence for failing to make a Suspicious Activity Report.
Since 2001, the FSA has fined a number of firms multi‐million pound sums for breaching its money laundering and financial crime rules.
There are a number of parties who contribute towards the fight against financial crime in the UK, including the FCA, one of whose statutory objectives is ‘the reduction of financial crime’: thereby reducing the extent to which it is possible for a business to be used for a purpose connected with financial crime. The FCA’s role is to ensure that regulated firms have effective systems and controls to counter the risk that they may be used for financial crime. Additionally, the FCA can prosecute under the ML Regulations as well as being able to sanction regulated firms.
The National Crime Agency(NCA) is another such party in the UK. NCA is the UK’s Financial Intelligence Unit, and a law enforcement agency with harm reduction responsibilities attached to the
UK Home Office. It is the agency to whom any Suspicious Activity Reports (SARS) are sent.
The Joint Money Laundering Steering Group (JMLSG) is made up from 17 trade associations from across the spectrum of the UK financial services. Their Guidance, on which this policy is based, assists firms in interpreting and implementing relevant laws and regulations, indicates good industry practise and assists firms to design and implement systems and controls to minimise the risk of being used for financial crime.
HM Treasury has formally approved the JMLSG Guidance. UK legislation and the FCA will now require any court to have regard to the extent that CLA has followed such approved industry guidance.
Internationally the Financial Action Task Force (FATF) was created in 1989 at a G7 meeting. It is an inter‐governmental, policy‐making body which established international standards to combat money laundering and terrorist financing. The FATF produced a list of ’40 Recommendations’ against money laundering. These were supplemented by ‘9 Recommendations’ against terrorism in 2001.
By 2010, the FATF has 35 member countries, all of whom have agreed to implement the FATF’s recommendations and submit to mutual inspections. There are a number of regional country groups which have been given Associate member status, including MONEYVAL, a Council of Europe group representing non‐FATF member EU countries.
In addition to the FATF, both the Basle Committee and the Wolfsberg Group of major, international banks have produced helpful papers regarding various aspects of financial crime.
The general form of the sanctions is an asset freeze prohibiting any dealing with the funds or economic resources of the sanctioned party, or making funds or economic resources available to them, or for their benefit.
A breach of a sanction is likely to be a criminal offence.
CLA has established, and maintains policies and procedures to counter the risk of CLA being used to further financial crime, and conducts regular assessments of these to ensure they continue to counter this risk. The systems and controls, including this policy, allow CLA to identify, assess, monitor and manage its financial crime risk.
Compliance policies and procedures include;
As Nominated Officer, the MLRO will receive any Suspicious Activity Reports from CLA ’s staff, and is responsible for considering these and, where appropriate, forwarding them to NCA.
CLA ’s Compliance, MLRO and Internal Audit functions have unrestricted access to client information and transaction records and the independence to scrutinise transactions they select.
In England and Wales there is no precise legal definition of fraud and no single criminal offence that can be called fraud.
Fraud is generally considered to involve theft (the removal of cash or assets to which the fraudster is not entitled) or false accounting (the falsification or alteration of accounting records or other documents). Assets include commercially sensitive information and intellectual property which would disadvantage its rightful owner if it were to fall into the hands of, or be sold to, a competitor.
The Oxford dictionary describes fraud more succinctly as ‘criminal deception; the use of false representations to gain an unjust advantage’.
In addition, dishonest behaviour is implied in a number of other offences such as corruption.
Areas of fraud potentially relevant to CLA
Data security (protection of personal details)
Fraudulent commercial lending
The fraud triangle (Dr Donald Cressey) describes why three conditions are commonly found when fraud occurs. Perpetrators experience some incentive or pressure to engage in misconduct. There must be an opportunity to commit fraud and the perpetrators are often able to rationalise or justify their actions. The global economic decline increases these opportunities. When economic survival is threatened, the line separating acceptable and unacceptable behaviour becomes less easily distinguished.
Statutory and Regulatory position
The Fraud Act 2006 came into effect on 15 January 2007. The Act creates a new general offence of fraud with three ways of committing it:
It also creates new offences:
The main fraud prosecuting authorities are the:
In October 2008, the National Fraud Strategic Authority (NFSA) was created to coordinate activity across the economy to make the UK a hostile environment for fraudsters.
In March 2009, the first National Fraud Strategy was launched. The three‐year strategy aims to crackdown on fraudsters and focus counter fraud activity on four priority areas:
One of the FCA’s statutory objectives is to reduce the extent to which it is possible for a business carried on by a regulated person to be used for a purpose connected with financial crime. Financial crime includes any offence involving fraud and dishonesty, market abuse and handling the proceeds of crime.
The FCA have always required:
(a) senior management to take responsibility for managing fraud risks; and
(b) firms to have effective systems and controls in place that are proportionate to the particular risks that they face.
The FCA focuses in particular on market‐related offences and issues relating to unauthorised activities such as boiler rooms. They are not and do not seek to be the responsible agency for prosecuting financial fraud in its ‘conventional’ or wider sense.
CLA ’s initial analysis of these risks may be considered most simply as internal or external.
Internal – likely to be employee related
CLA systems and controls include:
On discovery of fraud, an employee should report this to any member of senior management, either directly or via the Whistle blowing procedure.
CLA must report any significant instances of fraud to the FCA, per SUP 15.3.17R, including specifically
POCA extended the definition of money laundering to cover fraud and theft, so that fraud is now also subject to the Suspicious Activity Reporting regime to NCA.
The Act introduces four principal offences.
The first two central offences of bribing another person and being bribed address the concept of ‘an intention to induce improper conduct’, and are set out in the form of 2 ’active’ and four ’passive’ cases of bribery.
i). Bribing another person (Active)
A person (P) will be guilty of bribing another person if P offers, promises or gives a financial or other advantage to another person ...
Case 1: intending the advantage
i) to induce a person to perform a relevant function or activity improperly, or ii) to reward a person for the improper performance of a such a function or activity, or
The person to whom the advantage is offered, promised or given may be different to the person performing the function or activity.
Case 2: knowing or believing that the acceptance of the advantage in itself constitutes the improper performance of a relevant function or activity.
In cases 1 and 2, the advantage may be given or promised by P directly, or through a third party.
ii). Being bribed (Passive)
A person (R) will be guilty of being bribed where, for cases 3, 4, and 5, R requests, agrees to receive or accepts a financial or other advantage ...
Case 3: intending that, in consequence, a relevant function or activity should be performed improperly (whether by R or another person),
Case 4: and the request, agreement or acceptance itself constitutes the improper performance by R of a relevant function or activity,
Case 5: as a reward for the improper performance (whether by R or another person) of a relevant function or activity.
Where, in anticipation of or in consequence of R requesting, agreeing to receive or accepting a financial or other advantage, a relevant function or activity is performed improperly – by R, or by another person at R’s request or with R’s assent or acquiescence.
Where a person other than R is performing the function or activity, it also does not matter whether that person knows or believes that the performance of the function or activity is improper.
In cases 3 to 6, it does not matter:
whether R requests, agrees to receive or accepts the advantage directly or through a third party, whether the advantage is for the benefit of R or another person.
In cases 4 to 6, it does not matter whether R knows or believes that the performance of the function or activity is improper.
‘relevant functions or activities’ above are:
a) functions of a public nature,
b) any activity connected with a business,
c) any activity performed as part of a person’s employment,
d) any activity performed by or on behalf of a body of persons (corporate or not), and which meet at least one of conditions A to C, where persons performing the function or activity:
A. are expected to perform it in good faith,
B. are expected to perform it impartially,
C. are in a position of trust by virtue of performing it.
Relevant functions or activities may be conducted anywhere, globally.
The function or activity will be performed improperly if the person performing it breaches the expectations in Condition A or B above, or for C, the expectation as to the manner in which, or the reasons for which, the function or activity will be performed, that arise from the position of trust.
This also applies to acts still being carried out relating to former functions or activities.
An expectation in this context is what a reasonable person in the UK would expect in relation to the function or activity concerned, disregarding any local custom or practise (unless permitted or required by the written law of the relevant country). iii) Bribery of foreign public officials
A person (“P”) who bribes a foreign public official (“F”) is guilty of an offence if P’s intention is to influence F in F’s capacity as a foreign public official, and P intends to obtain or retain business or an advantage in the conduct of business.
Further, P bribes F if, and only if,
a) directly or indirectly, P offers, promises or gives a financial or other advantage to F, or another person at F’s request or with F’s assent or acquiescence, and
b) F is neither permitted nor required by the written law applicable to F to be influenced in his capacity as a foreign public official by the offer, promise or gift.
Influencing F means influencing F in the performance of his functions, including:
1) Any omission to exercise those functions, and
2) Any use of F’s position as such an official, even if not within F’s authority.
“Foreign public official” means an individual who—
a) holds a legislative, administrative or judicial position of any kind, whether appointed or elected, of a country or territory outside the United Kingdom,
b) exercises a public function—
i. for or on behalf of a country or territory outside the United Kingdom, or ii. for any public agency or public enterprise of that country or territory (or subdivision), or
c) is an official or agent of a public international organisation.
The applicable, written law, in order of precedence, is:
a) the law of the relevant part of the UK, or
b) the applicable, written rules of a public international organisation, or
c) the law of the country to which F is a foreign public official (i.e. need local law advice).
iv) Failure of a commercial organisation to prevent bribery.
This offence can occur globally, subject only to the commercial organisation (C) conducting at least a part of its business in the UK.
A company (or partnership) commits this offence if an associated person (A) performing services on its behalf bribes another person in order to obtain or retain either business or a business advantage for the company.
This is a strict liability offence (i.e. if the event occurs, the offence is committed). The only available defence is for C to prove that it had in place adequate procedures designed to prevent persons associated with it from undertaking such conduct.
This offence is committed regardless of the location where the acts or omissions forming part of the offence take place. Ordinary principles of common law apply here, so an offence can include aiding, abetting, counselling or procuring
In relation to the first three offences [i), ii) and iii) above],
a) Geographical Scope
The above three offences obviously apply in the UK. They will also apply to acts outside the UK if a person's acts or omissions would form part of an offence if committed in the UK and that person is closely connected with the UK.
b) Offences by companies
If any of the above three offences is committed by a company, any ‘senior officer’ is also guilty of that offence if they consented to or connived in the offence. If the offence is committed outside the UK, they will only be guilty where they have a close connection to the UK.
A ‘Facilitation payment’ is the payment of a small sum of money to a public official (or other person) as a way of ensuring they perform their duty, either more promptly or at all.
The Bribery Act does not permit any facilitation payments, no matter how small, routine or expected by local custom. They are likely to be a Bribery of a foreign public official offence (not legitimately due), but could be a Bribing another person (improper) offence, but subject to prosecutorial discretion.
‘Corporate hospitality is a legitimate part of doing business at home and abroad, provided it remains within appropriate limits’.
There is a maximum penalty of ten years’ imprisonment or an unlimited fine (or both) for all the offences, other than the corporate offence for which there is an unlimited fine.
Different customers, products, countries and potentially other factors represent different levels of financial crime risk. Rather than imposing a universal standard of knowing customers, authorities globally support a risk based approach to the extent to which firms must know their customers. This allows resources to be weighted towards areas of greater risk.
The broad objective of a risk based approach to CDD is that CLA should know:
1. who our customers are (that they are who say they are),
2. what they do,
3. whether they are acting on behalf of another,
4. whether or not they are likely to be engaged in criminal activity, and that there is no legal barrier (e.g. sanctions) to providing them with the product or service requested. Under a risk based approach, CLA starts from the premise that most customers are not money launderers or terrorist financiers. However, we then have processes in place to highlight those customers and transactions which indicate or present a higher risk of financial crime.
These processes identify and assess the risks of financial crime in CLA ’s business, and subsequently control and manage them. The Financial crime risks, for this policy, are money laundering, terrorist and proliferation financing, corruption, fraud and dishonesty.
The risk of damage to CLA ’s name and reputation if it becomes associated with any financial crime should not be overlooked.
Where relationships develop towards a transaction, Customer Due Diligence must be performed. Note that CLA has the greatest leverage with clients to perform these CDD requirements (particularly obtaining material from the customer) while the customer wants our product, and most crucially, before CLA delivers it. Verification of identity of customers must occur before the establishment of a business relationship.
A business relationship is a business, commercial or professional relationship between a firm and a customer, which is expected by the firm when contact is established to have an element of duration. A relationship need not involve an actual transaction; giving advice may often constitute establishing a relationship.
Where the results of our CDD are unsatisfactory, we must:
Payment instructions should be monitored to ensure that payments are not made to any parties on any sanctions lists.
Customer Due Diligence (CDD) involves several steps:
a) identifying the customer, and verifying his identity;
b) obtaining information on the purpose and intended nature of the business relationship.
The customer is identified by obtaining a range of information about him. Some of this information needs to be verified against documents, data or information obtained from a reliable and independent source to provide sufficient confidence that the customer is who they claim to be.
In general, the customer will be the party, or parties, with whom the business relationship is established, or for whom the transaction is carried out. Where, however, there are several parties to a transaction, not all will necessarily be customers. The term customer is not defined in the Money Laundering Regulations, and may be wider here than as defined in the FCA’s Glossary.
Apart from any regulatory requirements, CLA will want to get to know prospective customers sufficiently to satisfy our commercial and credit requirements. Information obtained for this purpose should contribute to the CDD process, and be kept up to date.
Nature of Evidence
For individuals, official identification documents such as passports and photo driving licences provide an obvious solution.
More generally, the source of the document is important for both integrity (higher level sources below are more likely to have conducted appropriate checking themselves) and being less easy to forge. This leads to the following hierarchy of preferred document sources:
Additionally and/or alternatively, electronic sources of information may be used. If electronic data sources are used for identification information or verification, customers must be advised of this in advance.
Mitigation of Impersonation/ Fraud risk
If documents are in a foreign language, appropriate steps should be taken to be reasonably satisfied that the document in fact provide evidence of the customer’s identity.
Where copy documents are used (excepting where copies are taken as evidence of originals seen), or identity is verified electronically:
CLA must apply an additional verification check to manage the risk of impersonation fraud. The additional check may include ‐
e.g. his/her given name (which of course may change), date and place of birth. Other facts about an individual accumulate over time (the so‐called electronic “footprint”): e.g., family circumstances and addresses, employment and business career, contacts with the authorities or with other financial sector firms, physical appearance.
For private individuals, the following information should be obtained as standard identification evidence:
Private individuals should be (re‐)screened against the sanctions lists at this stage. Any positive results should be discussed with the MLRO to consider their implications.
The standard identification requirement (for documentary or electronic approaches) is likely to be sufficient for most situations. If, however, the customer, and/or the product or delivery channel, is assessed to present a higher financial crime risk – whether because of the nature of the customer, or his business, or its location – the firm will need to decide whether it should require additional identity information to be provided, and/or whether to verify additional aspects of identity.
Evidence of identity can take a number of forms. In respect of individuals, much weight is placed on so‐called ‘identity documents’, such as passports and photo card driving licences, and these are often the easiest way of being reasonably satisfied as to someone’s identity. It is, however, possible for other forms of confirmation, including, in appropriate circumstances, written assurances from persons or organisations that have dealt with the customer for some time, to complement or corroborate the above standard evidence.
Verification of the information obtained must be based on reliable and independent sources – which might either be a document or documents made available by the customer, or electronically by the firm, or by a combination of both. Where CLA meets a customer (face‐to‐face), it should see originals of any documents used for verification.
Documentary verification should be based on:
A government issued document incorporating: Customer’s full name and photo, and either their residential address or their date of birth.
Typical government issued documents include:
A photo‐less government issued document incorporating customer’s full name (Box 1 below), supported by a second document (Box 2), issued by one of the hierarchy of preferred sources (page 14) incorporating:
Customer’s full name and either their residential address, or their date of birth.
Government issued documents without a photograph include:
Other documents include:
These documents are intended to help to verify a customer’s address, so we should expect them to have been posted to the customer, not accessed via the internet.
Where the result of the standard verification check gives rise to concern or uncertainty over identity, or other risk considerations apply, so the number of matches that will be required to be reasonably satisfied as to the individual’s identity will increase.
Any electronic verification of identity must be based on a customers’ full name, address and date of birth. CLA may do this directly, or by using a service meeting the JMLSG criteria (5.3.39‐40) that provides reasonable assurance that the customer is who they say they are. Additionally, the service must meet the minimum, specified standard level of confirmation.
CLA staff are required to report to the MLRO information that comes to them through CLA ’s business:
The MLRO will consider each such report to determine whether it provides grounds for knowledge or suspicion, and if so, will report the matter to NCA as soon as practicable.
It is a criminal offence for anyone, following a disclosure to the MLRO or to NCA, to release information that might ‘tip off’ another person that a disclosure has been made and prejudice an investigation.
In relation to sanctions, there is also a requirement to report to HM Treasury both details of funds frozen and where CLA has knowledge or suspicion that a customer or a person with whom CLA has had business dealings is a listed person, a person acting on behalf of a listed person or has committed an offence under the sanctions legislation.
Having knowledge means actually knowing something to be true. In a criminal court, it must be proved that the individual in fact knew that a person was engaged in money laundering. That said, knowledge can be inferred from the surrounding circumstances; so, for example, a failure to ask obvious questions may be relied upon by a jury to imply knowledge. The knowledge must, however, have come to CLA (or to the member of staff) in the course of business, or (in the case of the MLRO) as a consequence of a disclosure under s 330 (Tipping off) of POCA or s 21A of the Terrorism Act. Information that comes to the firm or staff member in other circumstances does not come within the scope of the regulated sector obligation to make a report. This does not preclude a report being made should staff choose to do so, or are obligated to do so by other parts of these Acts.
Suspicion is more subjective and falls short of proof based on firm evidence. Suspicion has been defined by the courts as being beyond mere speculation and based on some foundation, for example:
“A degree of satisfaction and not necessarily amounting to belief but at least extending beyond speculation as to whether an event has occurred or not”; and
“Although the creation of suspicion requires a lesser factual basis than the creation of a belief, it must nonetheless be built upon some foundation.”
A transaction which appears unusual is not necessarily suspicious. Even customers with a stable and predictable transactions profile will have periodic transactions that are unusual for them. Many customers will, for perfectly good reasons, have an erratic pattern of transactions or account activity. So the unusual is, in the first instance, only a basis for further enquiry, which may in turn require judgement as to whether it is suspicious. A transaction or activity may not be suspicious at the time, but if suspicions are raised later, an obligation to report then arises.
POCA and the Terrorism Act introduce criminal liability for failing to disclose information when reasonable grounds exist for knowing or suspecting that a person is engaged in money laundering/terrorist financing. This introduces an objective test of suspicion. The test would be likely to be met when there are demonstrated to be facts or circumstances, known to CLA staff, from which a reasonable person engaged in a business subject to the ML Regulations would have inferred knowledge, or formed the suspicion, that another person was engaged in money laundering or terrorist financing.
To defend themselves against a charge that they failed to meet the objective test of suspicion, CLA staff would need to be able to demonstrate that they took reasonable steps in the particular circumstances, in the context of a risk‐based approach, to know the customer and the rationale for the transaction, activity or instruction. It is important to bear in mind that, in practice, members of a jury may decide, with the benefit of hindsight, whether the objective test has been met.
Depending on the circumstances, if CLA is served with a court order in relation to a customer, this may give rise to reasonable grounds for suspicion in relation to that customer. In such an event, CLA should review all the information it holds about that customer, in order to determine whether or not such grounds exist.
Staff are entitled to consult their line manager prior to reporting to the MLRO, but must bear in mind the POCA obligation to report ‘as soon as practicable’. In any event, the legal obligation remains with the original staff member to decide for themselves whether or not to report. Where colleagues are consulted, they will then have knowledge such that they must themselves consider whether to report to the MLRO, but ensuring that only one report is made.
Any further transactions or activity with that customer must also be reported to the MLRO, until the
MLRO advises that no report to NCA is to be made.
The offence of money laundering, and the duty to report under POCA, apply in relation to the proceeds of any criminal activity, wherever conducted (including abroad), that would constitute an offence if it took place in the UK.
Where a customer instruction is received prior to a transaction or activity taking place, or arrangements being put in place, and there are grounds for knowledge or suspicion that the transaction, arrangements, or the funds/property involved, may relate to financial crime, a report must be made to NCA and consent sought to proceed with that transaction or activity. In such circumstances, it is an offence to consent to a transaction or activity going ahead within the seven working day notice period from the working day following the date of disclosure, unless NCA gives consent.
CLA provides training on financial crime to its staff for two reasons:
Financial crime training will be provided by a combination of off‐the‐shelf e‐training courses, and internal training more specific to CLA ’s business and products, with the intention of ensuring staff have a general knowledge of financial crime issues and an understanding of how they may apply to
CLA ’s business and products. This will be provided both at joining and on a regular basis thereafter.
CLA is required to keep records of its CDD work because:
Records to be kept
Records must be kept for the following:
Steps taken to identify customers, and copies of, or references to, the evidence of the customer’s identity (and verification) obtained as part of the CDD process.
Records of ID evidence must be kept for at least five years after a customer relationship ends. The end date is when the account(s) is closed, or the date of an occasional transaction, or last in a series of linked transactions.
All transactions carried out on behalf of or with a customer must be recorded. These records must be sufficient to create a satisfactory audit trail if necessary.
Records of all transactions relating to a customer must be kept for five years from the date on which the transaction is completed.
Internal and external reports
CLA must retain copies of
Records of actions taken under the internal and external reporting requirements (including any SAR’s) for five years, and
Information reported to the MLRO, which is not forwarded onto NCA.
CLA must retain records of the dates and nature of financial crime training, and the members of staff trained together with their results.
CLA must retain records of the MLRO’s monitoring reports, and the consideration of these reports and any action taken as a result.