Financial Crime Policy


The extent of global attention to money laundering and the financing of terrorism are relatively recent issues, and a reaction to events. The extent of the money generated by the sale of illegal drugs in the 1980’s first demanded a reaction. This was followed in 2001 by the terrorist attack on the twin towers.

This document represents Car Lease Agent Limited (CLA ) policy towards fighting financial crime globally. CLA takes these responsibilities seriously, and expects its staff to do the same due to our collective responsibility to society, in addition to the legal requirements and penalties (individual as well as corporate). CLA commits to ensuring that it will verify its customers identities before they are accepted, and will then continue to know its customers adequately for so long as a relationship is maintained.

The FCA defines Financial Crime as ‘fraud or dishonesty, market abuse and handling the proceeds of crime’. This policy of CLA ’s particularly addresses risks relating to money laundering, terrorist financing, corruption and bribery, proliferation financing and fraud. 


Money Laundering may include the following:

  • classic money laundering, which is trying to turn money raised through criminal activity into ‘clean’ money;
  • criminals investing the proceeds of their crimes in a whole range of financial products.
  • handling the benefit of acquisitive crimes such as theft, fraud and tax evasion, or handling stolen goods;
  • being directly involved with any criminal or terrorist property, or entering into arrangements to facilitate the laundering of criminal or terrorist property. 


There can be considerable similarities between the movement of terrorist property and the laundering of criminal property: some terrorist groups are known to have well established links with organised criminal activity. However, there are two major differences between terrorist property and criminal property more generally:

  • often only small amounts are required to commit individual terrorist acts, thus increasing the difficulty of tracking the terrorist property;
  • terrorists can be funded from legitimately obtained income, including charitable donations, and it is extremely difficult to identify the stage at which legitimate funds become terrorist property.

Terrorist organisations often control property and funds from a variety of sources and employ modern techniques to manage these funds, and to move them between jurisdictions. 


 Transparency International defines Corruption as ‘the abuse of entrusted power for personal gain.’ They amplify this by describing corruption and bribery as ‘complex transactions involving both someone offering a benefit, often a bribe, and someone accepting it as well as other specialists or intermediaries to facilitate the transaction’.  

Corruption risk includes channelling corrupt payments into the financial system so that they may be laundered as well as direct engagement in corruption. In January 09 the FSA stated ‘The involvement of UK financial institutions in corrupt or potentially corrupt practises overseas undermines the integrity of the UK financial services sector’.   

Politically Exposed Persons (PEP’s)

This term has arisen from PEP’s history of association with corruption, to an extent where their presence in a transaction has become a risk indicator. PEP’s are persons who have been entrusted with prominent public functions, and people close to such persons.


The broad objective of CLA ’s anti‐financial crime system is to know who our customers are, what they do, and whether or not they are likely to be engaged in criminal activity.   


The financial crime issues described in Section 1 above have led to various global and national organisations and legal frameworks as a response.   


The EU has produced its forth Money Laundering Directive (2015) (4th EU ML Directive), refining and extending the previous regime. This should lead to a uniform minimum standard throughout the EU, however, in practise it will take time to achieve this, and generally Eastern Europe lags Western Europe in this respect. In the UK the 4th EU ML Directive has been implemented by the Money

Laundering Regulations 2017 (The ML Regulations).

This Directive extended the ML requirements in the EU to the so‐called Gatekeepers, such as professional firms, tax advisers, estate agents etc. It structured Customer Due Diligence measures more specifically as identifying, and verifying the identity of, customers and beneficial owners, knowing the purpose and nature of business relationships, and conducting ongoing monitoring. The

Regulatory requirements include:

  • records to be kept for five years,
  • the establishment of policies and procedures concerning, inter alia, Customer Due Diligence (CDD) and monitoring, risk assessment, reporting and record keeping, and  
  • training and awareness must be provided including recognition of suspicious transactions. 


In the UK, the Proceeds of Crime Act 2002 (POCA) and the Terrorism Act 2000 (TACT) contain the principal legal provisions relating to money laundering and terrorist financing respectively. They also provide the legal basis for Suspicious Activity Reports and the Consent regime in both areas.

(POCA) consolidated, updated and reformed the UK law relating to money laundering to include any dealing in criminal property. It has set a standard for much subsequent money laundering legislation in the world, and is the origin of the "concealing, disguising, transferring and removing" definition of money laundering so prevalent in British ex‐colonies and a growing number of countries in the Middle and Far East.

Schedule 7 of the Counter‐Terrorism Act 2008 gives HM Treasury (in contrast to Judges under POCA and TACT) powers, in response to terrorist or proliferation finance threats, to direct firms to carry out:

  • Enhanced due diligence
  • Ongoing monitoring
  • Systematic reporting
  • Limit or cease business

POCA Offences

There are three groups of offences for money laundering that CLA needs to avoid committing: 


  • Knowingly assisting (in a number of specified ways) in concealing, or entering into arrangements for, the acquisition, use or possession of, criminal property, or would constitute an offence above if done in the UK.
  • Failing to report knowledge, suspicion or where there are reasonable grounds for this, that another person is engaged in money laundering. 
  • Tipping off or prejudicing an investigation. 

Penalties – against either firms or individuals 

  • 14 years imprisonment and/or unlimited fine 
  • 5 years imprisonment and/or unlimited fine 
  • 2 years imprisonment and/or unlimited fine 

These offences have been extended to the proceeds of all crime, not just money laundering, which often arises from other jurisdictions, or trusts or foundations.

TACT creates a range of offences addressing e.g. fund‐raising for terrorist purposes, the possession and use of terrorist property, being involved in funding arrangements, and money laundering involving terrorist property.

Both POCA and TACT contain an offence for failing to make a Suspicious Activity Report.

Since 2001, the FSA has fined a number of firms multi‐million pound sums for breaching its money laundering and financial crime rules.

There are a number of parties who contribute towards the fight against financial crime in the UK, including the FCA, one of whose statutory objectives is ‘the reduction of financial crime’: thereby reducing the extent to which it is possible for a business to be used for a purpose connected with financial crime. The FCA’s role is to ensure that regulated firms have effective systems and controls to counter the risk that they may be used for financial crime. Additionally, the FCA can prosecute under the ML Regulations as well as being able to sanction regulated firms.

The National Crime Agency(NCA) is another such party in the UK. NCA is the UK’s Financial Intelligence Unit, and a law enforcement agency with harm reduction responsibilities attached to the

UK Home Office. It is the agency to whom any Suspicious Activity Reports (SARS) are sent. 


The Joint Money Laundering Steering Group (JMLSG) is made up from 17 trade associations from across the spectrum of the UK financial services. Their Guidance, on which this policy is based, assists firms in interpreting and implementing relevant laws and regulations, indicates good industry practise and assists firms to design and implement systems and controls to minimise the risk of being used for financial crime.

HM Treasury has formally approved the JMLSG Guidance. UK legislation and the FCA will now require any court to have regard to the extent that CLA has followed such approved industry guidance.   


Internationally the Financial Action Task Force (FATF) was created in 1989 at a G7 meeting. It is an inter‐governmental, policy‐making body which established international standards to combat money laundering and terrorist financing. The FATF produced a list of ’40 Recommendations’ against money laundering. These were supplemented by ‘9 Recommendations’ against terrorism in 2001.

By 2010, the FATF has 35 member countries, all of whom have agreed to implement the FATF’s recommendations and submit to mutual inspections. There are a number of regional country groups which have been given Associate member status, including MONEYVAL, a Council of Europe group representing non‐FATF member EU countries.

In addition to the FATF, both the Basle Committee and the Wolfsberg Group of major, international banks have produced helpful papers regarding various aspects of financial crime.


  • Recent years have seen a significant number of economic sanctions being issued, in a number of different forms:
  • The UN and EU can designate individuals and organisations to be sanctioned. These are implemented by countries individually (e.g. by HM Treasury in the UK).
  • The UN also calls on members to prevent and suppress the financing of terrorism, and specifically in relation to Bin Laden, Al‐Qa’ida and the Taliban.
  • The UN also maintains country based financial sanctions targeting persons and entities connected to the political leadership of targeted countries.
  • Trade sanctions, such as embargoes on making military hardware or knowhow available to certain countries, can be imposed by countries.
  • Countries can add their own sanction targets as well. For example, the Office of Foreign Assets Control (OFAC), part of the US Treasury, operates three progr CLA : country, specified foreign government officials and other persona non‐grata, and specified individuals, entities and vessels. OFAC now takes the position that foreign‐based firms violate its sanctions to the extent they intentionally use the US financial system or US counterparties to provide services to sanctions targets by concealing the involvement of the sanctions target from information sent to the US.

The general form of the sanctions is an asset freeze prohibiting any dealing with the funds or economic resources of the sanctioned party, or making funds or economic resources available to them, or for their benefit.

A breach of a sanction is likely to be a criminal offence. 


CLA has established, and maintains policies and procedures to counter the risk of CLA being used to further financial crime, and conducts regular assessments of these to ensure they continue to counter this risk. The systems and controls, including this policy, allow CLA to identify, assess, monitor and manage its financial crime risk.

Compliance policies and procedures include;

  • Appropriate training for staff. This will be a combination of e‐training and presentations, both on joining CLA and on a regular basis.
  • Reports and recommendations as necessary to Management covering any developing regulatory or other issues that should be drawn to the committees’ attention, reports on any proposed improvements to the systems and controls and progress thereof and any changes to the risk assessment.
  • Each version of this Financial Crime policy and the risk assessments will be recorded and kept.

As Nominated Officer, the MLRO will receive any Suspicious Activity Reports from CLA ’s staff, and is responsible for considering these and, where appropriate, forwarding them to NCA.

CLA ’s Compliance, MLRO and Internal Audit functions have unrestricted access to client information and transaction records and the independence to scrutinise transactions they select.




In England and Wales there is no precise legal definition of fraud and no single criminal offence that can be called fraud.

Fraud is generally considered to involve theft (the removal of cash or assets to which the fraudster is not entitled) or false accounting (the falsification or alteration of accounting records or other documents). Assets include commercially sensitive information and intellectual property which would disadvantage its rightful owner if it were to fall into the hands of, or be sold to, a competitor.

The Oxford dictionary describes fraud more succinctly as ‘criminal deception; the use of false representations to gain an unjust advantage’.

In addition, dishonest behaviour is implied in a number of other offences such as corruption.

Areas of fraud potentially relevant to CLA

Data security (protection of personal details)

Fraudulent commercial lending

Commercial misrepresentation

False statements

About Fraud

The fraud triangle (Dr Donald Cressey) describes why three conditions are commonly found when fraud occurs. Perpetrators experience some incentive or pressure to engage in misconduct. There must be an opportunity to commit fraud and the perpetrators are often able to rationalise or justify their actions. The global economic decline increases these opportunities. When economic survival is threatened, the line separating acceptable and unacceptable behaviour becomes less easily distinguished.   

Statutory and Regulatory position

The Fraud Act 2006 came into effect on 15 January 2007. The Act creates a new general offence of fraud with three ways of committing it:

  • Fraud by false representation
  • Fraud by failing to disclose information, and
  • Fraud by abuse of position

It also creates new offences:

  • Obtaining services dishonestly
  • Possessing, making and supplying articles for use in frauds
  • Fraudulent trading applicable to non‐corporate traders.

The main fraud prosecuting authorities are the:

  • Serious Fraud Office
  • City of London Policy Fraud Squad
  • Crown Prosecution Service
  • National Crime Agency.

In October 2008, the National Fraud Strategic Authority (NFSA) was created to coordinate activity across the economy to make the UK a hostile environment for fraudsters.

In March 2009, the first National Fraud Strategy was launched. The three‐year strategy aims to crackdown on fraudsters and focus counter fraud activity on four priority areas:

  • improving knowledge about fraud;
  • tackling the most serious and harmful fraud threats;
  • disrupting and punishing more fraudsters while improving support to victims; and
  • improving the nation's long‐term capability to prevent fraud.

One of the FCA’s statutory objectives is to reduce the extent to which it is possible for a business carried on by a regulated person to be used for a purpose connected with financial crime. Financial crime includes any offence involving fraud and dishonesty, market abuse and handling the proceeds of crime.

The FCA have always required:

(a) senior management to take responsibility for managing fraud risks; and

(b) firms to have effective systems and controls in place that are proportionate to the particular risks that they face.

The FCA focuses in particular on market‐related offences and issues relating to unauthorised activities such as boiler rooms. They are not and do not seek to be the responsible agency for prosecuting financial fraud in its ‘conventional’ or wider sense. 


CLA ’s initial analysis of these risks may be considered most simply as internal or external.

Internal – likely to be employee related

  • Theft of soft or hard assets
  • Accounting fraud


  • System penetration
  • Fraud within lending transactions 


CLA systems and controls include:

  • Vetting of employees to prevent staff/agent fraud by taking up references and conducting background checks
  • IT: Multiple access level control and role assigned application access.
  • Customer Due Diligence (CDD).
  • Internal audit reviews of systems and controls and the reliability and integrity of financial and operating information.
  • Whistle blowing: CLA attaches importance to its whistle‐blowing arrangements (see Compliance manual), that is the facility for employees to report with confidence on wrongdoing. Whistle‐blowing is an important defence against fraud.
  • Staff remuneration principally by way of competitive basic salary.
  • Agent remuneration structured to encourage positive behaviours



On discovery of fraud, an employee should report this to any member of senior management, either directly or via the Whistle blowing procedure.


CLA must report any significant instances of fraud to the FCA, per SUP 15.3.17R, including specifically

  • fraud against customers,
  • against CLA ,
  • any intent to commit fraud,
  • any accounting or other irregularities and
  • where CLA suspects that one of its employees may be guilty of serious misconduct concerning his honesty or integrity and which is connected with the firm's regulated activities or ancillary activities.

POCA extended the definition of money laundering to cover fraud and theft, so that fraud is now also subject to the Suspicious Activity Reporting regime to NCA.   



The Act introduces four principal offences.

The first two central offences of bribing another person and being bribed address the concept of ‘an intention to induce improper conduct’, and are set out in the form of 2 ’active’ and four ’passive’ cases of bribery. 

i). Bribing another person (Active)

A person (P) will be guilty of bribing another person if P offers, promises or gives a financial or other advantage to another person ... 

Case 1: intending the advantage   

i) to induce a person to perform a relevant function or activity improperly, or ii) to reward a person for the improper performance of a such a function or activity, or

The person to whom the advantage is offered, promised or given may be different to the person performing the function or activity.

Case 2: knowing or believing that the acceptance of the advantage in itself constitutes the improper performance of a relevant function or activity.

In cases 1 and 2, the advantage may be given or promised by P directly, or through a third party.

ii). Being bribed (Passive)

A person (R) will be guilty of being bribed where, for cases 3, 4, and 5, R requests, agrees to receive or accepts a financial or other advantage ...

Case 3: intending that, in consequence, a relevant function or activity should be performed improperly (whether by R or another person),  

Case 4: and the request, agreement or acceptance itself constitutes the improper performance by R of a relevant function or activity,

Case 5: as a reward for the improper performance (whether by R or another person) of a relevant function or activity.  

Where, in anticipation of or in consequence of R requesting, agreeing to receive or accepting a financial or other advantage, a relevant function or activity is performed improperly – by R, or by another person at R’s request or with R’s assent or acquiescence.

Where a person other than R is performing the function or activity, it also does not matter whether that person knows or believes that the performance of the function or activity is improper. 

In cases 3 to 6, it does not matter:

whether R requests, agrees to receive or accepts the advantage directly or through a third party, whether the advantage is for the benefit of R or another person.

In cases 4 to 6, it does not matter whether R knows or believes that the performance of the function or activity is improper.

‘relevant functions or activities’ above are:

    a) functions of a public nature,

    b) any activity connected with a business,

    c) any activity performed as part of a person’s employment,

    d) any activity performed by or on behalf of a body of persons (corporate or not), and which meet at least one of conditions A to C, where persons performing the function or activity:

    A. are expected to perform it in good faith,

    B. are expected to perform it impartially,

    C. are in a position of trust by virtue of performing it.

Relevant functions or activities may be conducted anywhere, globally.

‘Improper performance’

The function or activity will be performed improperly if the person performing it breaches the expectations in Condition A or B above, or for C, the expectation as to the manner in which, or the reasons for which, the function or activity will be performed, that arise from the position of trust.

This also applies to acts still being carried out relating to former functions or activities.


An expectation in this context is what a reasonable person in the UK would expect in relation to the function or activity concerned, disregarding any local custom or practise (unless permitted or required by the written law of the relevant country). iii) Bribery of foreign public officials

A person (“P”) who bribes a foreign public official (“F”) is guilty of an offence if P’s intention is to influence F in F’s capacity as a foreign public official, and P intends to obtain or retain business or an advantage in the conduct of business.

Further, P bribes F if, and only if,

    a) directly or indirectly, P offers, promises or gives a financial or other advantage to F, or another person at F’s request or with F’s assent or acquiescence, and

    b) F is neither permitted nor required by the written law applicable to F to be influenced in his capacity as a foreign public official by the offer, promise or gift.

Influencing F means influencing F in the performance of his functions, including:

    1) Any omission to exercise those functions, and

    2) Any use of F’s position as such an official, even if not within F’s authority.

“Foreign public official” means an individual who—

    a) holds a legislative, administrative or judicial position of any kind, whether appointed or elected, of a country or territory outside the United Kingdom,

    b) exercises a public function—

i. for or on behalf of a country or territory outside the United Kingdom, or ii. for any public agency or public enterprise of that country or territory (or subdivision), or

    c) is an official or agent of a public international organisation.

The applicable, written law, in order of precedence, is:

    a) the law of the relevant part of the UK, or

    b) the applicable, written rules of a public international organisation, or

    c) the law of the country to which F is a foreign public official (i.e. need local law advice).

iv) Failure of a commercial organisation to prevent bribery.

This offence can occur globally, subject only to the commercial organisation (C) conducting at least a part of its business in the UK.

A company (or partnership) commits this offence if an associated person (A) performing services on its behalf bribes another person in order to obtain or retain either business or a business advantage for the company. 

This is a strict liability offence (i.e. if the event occurs, the offence is committed). The only available defence is for C to prove that it had in place adequate procedures designed to prevent persons associated with it from undertaking such conduct.

This offence is committed regardless of the location where the acts or omissions forming part of the offence take place. Ordinary principles of common law apply here, so an offence can include aiding, abetting, counselling or procuring  

In relation to the first three offences [i), ii) and iii) above],

    a) Geographical Scope

The above three offences obviously apply in the UK. They will also apply to acts outside the UK if a person's acts or omissions would form part of an offence if committed in the UK and that person is closely connected with the UK.

    b) Offences by companies

If any of the above three offences is committed by a company, any ‘senior officer’ is also guilty of that offence if they consented to or connived in the offence. If the offence is committed outside the UK, they will only be guilty where they have a close connection to the UK.

Facilitation payments

A ‘Facilitation payment’ is the payment of a small sum of money to a public official (or other person) as a way of ensuring they perform their duty, either more promptly or at all.

The Bribery Act does not permit any facilitation payments, no matter how small, routine or expected by local custom. They are likely to be a Bribery of a foreign public official offence (not legitimately due), but could be a Bribing another person (improper) offence, but subject to prosecutorial discretion.  


‘Corporate hospitality is a legitimate part of doing business at home and abroad, provided it remains within appropriate limits’.    


There is a maximum penalty of ten years’ imprisonment or an unlimited fine (or both) for all the offences, other than the corporate offence for which there is an unlimited fine. 


Different customers, products, countries and potentially other factors represent different levels of financial crime risk. Rather than imposing a universal standard of knowing customers, authorities globally support a risk based approach to the extent to which firms must know their customers. This allows resources to be weighted towards areas of greater risk.

The broad objective of a risk based approach to CDD is that CLA should know:

    1. who our customers are (that they are who say they are),

    2. what they do,

    3. whether they are acting on behalf of another,

    4. whether or not they are likely to be engaged in criminal activity, and that there is no legal barrier (e.g. sanctions) to providing them with the product or service requested. Under a risk based approach, CLA starts from the premise that most customers are not money launderers or terrorist financiers. However, we then have processes in place to highlight those customers and transactions which indicate or present a higher risk of financial crime.

These processes identify and assess the risks of financial crime in CLA ’s business, and subsequently control and manage them. The Financial crime risks, for this policy, are money laundering, terrorist and proliferation financing, corruption, fraud and dishonesty.

Reputational Risk

The risk of damage to CLA ’s name and reputation if it becomes associated with any financial crime should not be overlooked. 



Where relationships develop towards a transaction, Customer Due Diligence must be performed. Note that CLA has the greatest leverage with clients to perform these CDD requirements (particularly obtaining material from the customer) while the customer wants our product, and most crucially, before CLA delivers it. Verification of identity of customers must occur before the establishment of a business relationship.

A business relationship is a business, commercial or professional relationship between a firm and a customer, which is expected by the firm when contact is established to have an element of duration. A relationship need not involve an actual transaction; giving advice may often constitute establishing a relationship.

Where the results of our CDD are unsatisfactory, we must:

  • not establish a business relationship or carry out any transaction,
  • terminate any existing relationship, and
  • consider whether to make a suspicious activity report to the National Crime Agency(NCA). In this case, CLA must retain any funds received until consent has been received from NCA.

Payment instructions should be monitored to ensure that payments are not made to any parties on any sanctions lists. 


Customer Due Diligence (CDD) involves several steps:

    a) identifying the customer, and verifying his identity;

    b) obtaining information on the purpose and intended nature of the business relationship.

The customer is identified by obtaining a range of information about him. Some of this information needs to be verified against documents, data or information obtained from a reliable and independent source to provide sufficient confidence that the customer is who they claim to be.

In general, the customer will be the party, or parties, with whom the business relationship is established, or for whom the transaction is carried out. Where, however, there are several parties to a transaction, not all will necessarily be customers. The term customer is not defined in the Money Laundering Regulations, and may be wider here than as defined in the FCA’s Glossary.

Apart from any regulatory requirements, CLA will want to get to know prospective customers sufficiently to satisfy our commercial and credit requirements. Information obtained for this purpose should contribute to the CDD process, and be kept up to date. 

Nature of Evidence

For individuals, official identification documents such as passports and photo driving licences provide an obvious solution.

More generally, the source of the document is important for both integrity (higher level sources below are more likely to have conducted appropriate checking themselves) and being less easy to forge. This leads to the following hierarchy of preferred document sources:

  • Government departments, agencies or courts,
  • other public sector bodies or local authorities,
  • regulated financial sector firms
  • other firms subject to the ML Regulations or equivalent legislation,
  • other organisations.

Additionally and/or alternatively, electronic sources of information may be used. If electronic data sources are used for identification information or verification, customers must be advised of this in advance.

Mitigation of Impersonation/ Fraud risk

If documents are in a foreign language, appropriate steps should be taken to be reasonably satisfied that the document in fact provide evidence of the customer’s identity.

Where copy documents are used (excepting where copies are taken as evidence of originals seen), or identity is verified electronically:

CLA must apply an additional verification check to manage the risk of impersonation fraud. The additional check may include ‐

  • requiring copy documents to be certified by an appropriate person,
  • verifying additional aspects of the customers’ identity,
  • communicating with the customer at an address which has been verified (e.g. account opening documentation needing completion or acknowledgment),
  • requiring a first payment to be carried out through a customer‐named account with an EU, or equivalent, regulated financial institution. The identity of an individual has a number of aspects:

e.g. his/her given name (which of course may change), date and place of birth. Other facts about an individual accumulate over time (the so‐called electronic “footprint”): e.g., family circumstances and addresses, employment and business career, contacts with the authorities or with other financial sector firms, physical appearance.   

Standard Evidence

For private individuals, the following information should be obtained as standard identification evidence:

  • Full name
  • Residential address (obtain Residential and Postal addresses if different)
  • Date of birth

Private individuals should be (re‐)screened against the sanctions lists at this stage. Any positive results should be discussed with the MLRO to consider their implications.   


The standard identification requirement (for documentary or electronic approaches) is likely to be sufficient for most situations. If, however, the customer, and/or the product or delivery channel, is assessed to present a higher financial crime risk – whether because of the nature of the customer, or his business, or its location – the firm will need to decide whether it should require additional identity information to be provided, and/or whether to verify additional aspects of identity.

Evidence of identity can take a number of forms. In respect of individuals, much weight is placed on so‐called ‘identity documents’, such as passports and photo card driving licences, and these are often the easiest way of being reasonably satisfied as to someone’s identity. It is, however, possible for other forms of confirmation, including, in appropriate circumstances, written assurances from persons or organisations that have dealt with the customer for some time, to complement or corroborate the above standard evidence.   


Verification of the information obtained must be based on reliable and independent sources – which might either be a document or documents made available by the customer, or electronically by the firm, or by a combination of both. Where CLA meets a customer (face‐to‐face), it should see originals of any documents used for verification.

Documentary verification should be based on: 


A government issued document incorporating: Customer’s full name and photo, and either their residential address or their date of birth.

Typical government issued documents include:

  • valid passport [n.b. Home Office advice is that ‘bio’ pages are valuable, so that copies must be kept safe, and only forwarded to organisations you trust],
  • photo driving licence
  • national ID card (non‐UK nationals)  


A photo‐less government issued document incorporating customer’s full name (Box 1 below), supported by a second document (Box 2), issued by one of the hierarchy of preferred sources (page 14) incorporating:

Customer’s full name and either their residential address, or their date of birth.

Box 1

Government issued documents without a photograph include:

  • Valid (old style) full UK driving licence
  • Recent evidence of entitlement to a state or local authority funded benefit (including housing benefit and council tax benefit), tax, credit, pension, educational or other grant

Box 2

Other documents include:

  • Instrument of a court appointment (such as liquidator, or grant of probate)
  • Current council tax demand letter, or statement
  • Current bank statements, or credit/debit card statements, issued by a regulated financial sector firm in the UK, EU or an equivalent jurisdiction (but not ones printed off the internet)
  • Utility bills (but not ones printed off the internet)

These documents are intended to help to verify a customer’s address, so we should expect them to have been posted to the customer, not accessed via the internet.

 Other issues:

  • Consider whether the documents may be forged. (e.g. Worldcheck & Complinet have machine‐readable passport no checks).
  • Foreign language: appropriate steps should be taken to be reasonably satisfied that the document does evidence the individual.

Where the result of the standard verification check gives rise to concern or uncertainty over identity, or other risk considerations apply, so the number of matches that will be required to be reasonably satisfied as to the individual’s identity will increase.  

Electronic verification

Any electronic verification of identity must be based on a customers’ full name, address and date of birth. CLA may do this directly, or by using a service meeting the JMLSG criteria (5.3.39‐40) that provides reasonable assurance that the customer is who they say they are. Additionally, the service must meet the minimum, specified standard level of confirmation. 



CLA staff are required to report to the MLRO information that comes to them through CLA ’s business:

  • where they know or
  • where they suspect or
  • where they have reasonable grounds for knowing or suspecting that a person, whether or not a customer, is engaged in financial crime. Within this guidance, the above obligations are collectively referred to as “grounds for knowledge or suspicion”.

The MLRO will consider each such report to determine whether it provides grounds for knowledge or suspicion, and if so, will report the matter to NCA as soon as practicable.

It is a criminal offence for anyone, following a disclosure to the MLRO or to NCA, to release information that might ‘tip off’ another person that a disclosure has been made and prejudice an investigation.

In relation to sanctions, there is also a requirement to report to HM Treasury both details of funds frozen and where CLA has knowledge or suspicion that a customer or a person with whom CLA has had business dealings is a listed person, a person acting on behalf of a listed person or has committed an offence under the sanctions legislation. 


Having knowledge means actually knowing something to be true. In a criminal court, it must be proved that the individual in fact knew that a person was engaged in money laundering. That said, knowledge can be inferred from the surrounding circumstances; so, for example, a failure to ask obvious questions may be relied upon by a jury to imply knowledge. The knowledge must, however, have come to CLA (or to the member of staff) in the course of business, or (in the case of the MLRO) as a consequence of a disclosure under s 330 (Tipping off) of POCA or s 21A of the Terrorism Act. Information that comes to the firm or staff member in other circumstances does not come within the scope of the regulated sector obligation to make a report. This does not preclude a report being made should staff choose to do so, or are obligated to do so by other parts of these Acts.  


Suspicion is more subjective and falls short of proof based on firm evidence. Suspicion has been defined by the courts as being beyond mere speculation and based on some foundation, for example:

“A degree of satisfaction and not necessarily amounting to belief but at least extending beyond speculation as to whether an event has occurred or not”; and

“Although the creation of suspicion requires a lesser factual basis than the creation of a belief, it must nonetheless be built upon some foundation.”

A transaction which appears unusual is not necessarily suspicious. Even customers with a stable and predictable transactions profile will have periodic transactions that are unusual for them. Many customers will, for perfectly good reasons, have an erratic pattern of transactions or account activity. So the unusual is, in the first instance, only a basis for further enquiry, which may in turn require judgement as to whether it is suspicious. A transaction or activity may not be suspicious at the time, but if suspicions are raised later, an obligation to report then arises. 


POCA and the Terrorism Act introduce criminal liability for failing to disclose information when reasonable grounds exist for knowing or suspecting that a person is engaged in money laundering/terrorist financing. This introduces an objective test of suspicion. The test would be likely to be met when there are demonstrated to be facts or circumstances, known to CLA staff, from which a reasonable person engaged in a business subject to the ML Regulations would have inferred knowledge, or formed the suspicion, that another person was engaged in money laundering or terrorist financing.

To defend themselves against a charge that they failed to meet the objective test of suspicion, CLA staff would need to be able to demonstrate that they took reasonable steps in the particular circumstances, in the context of a risk‐based approach, to know the customer and the rationale for the transaction, activity or instruction. It is important to bear in mind that, in practice, members of a jury may decide, with the benefit of hindsight, whether the objective test has been met.

Depending on the circumstances, if CLA is served with a court order in relation to a customer, this may give rise to reasonable grounds for suspicion in relation to that customer. In such an event, CLA should review all the information it holds about that customer, in order to determine whether or not such grounds exist.  


Staff are entitled to consult their line manager prior to reporting to the MLRO, but must bear in mind the POCA obligation to report ‘as soon as practicable’. In any event, the legal obligation remains with the original staff member to decide for themselves whether or not to report. Where colleagues are consulted, they will then have knowledge such that they must themselves consider whether to report to the MLRO, but ensuring that only one report is made.

Any further transactions or activity with that customer must also be reported to the MLRO, until the

MLRO advises that no report to NCA is to be made.


The offence of money laundering, and the duty to report under POCA, apply in relation to the proceeds of any criminal activity, wherever conducted (including abroad), that would constitute an offence if it took place in the UK.


Where a customer instruction is received prior to a transaction or activity taking place, or arrangements being put in place, and there are grounds for knowledge or suspicion that the transaction, arrangements, or the funds/property involved, may relate to financial crime, a report must be made to NCA and consent sought to proceed with that transaction or activity. In such circumstances, it is an offence to consent to a transaction or activity going ahead within the seven working day notice period from the working day following the date of disclosure, unless NCA gives consent. 


CLA provides training on financial crime to its staff for two reasons:

  • First because knowledgeable staff are an essential ingredient to the effectiveness of our financial crime procedures, and
  • Secondly, because staff are criminally liable if they are involved in financial crime or do not report their knowledge or suspicion where there are reasonable grounds for this.

Financial crime training will be provided by a combination of off‐the‐shelf e‐training courses, and internal training more specific to CLA ’s business and products, with the intention of ensuring staff have a general knowledge of financial crime issues and an understanding of how they may apply to

CLA ’s business and products. This will be provided both at joining and on a regular basis thereafter. 



CLA is required to keep records of its CDD work because:

  • It is auditable evidence of work performed in relation to legal and regulatory obligations, and
  • It should be made available for any investigations.

Records to be kept

Records must be kept for the following:

Customer information

Steps taken to identify customers, and copies of, or references to, the evidence of the customer’s identity (and verification) obtained as part of the CDD process.

Records of ID evidence must be kept for at least five years after a customer relationship ends. The end date is when the account(s) is closed, or the date of an occasional transaction, or last in a series of linked transactions.   


All transactions carried out on behalf of or with a customer must be recorded. These records must be sufficient to create a satisfactory audit trail if necessary.

Records of all transactions relating to a customer must be kept for five years from the date on which the transaction is completed.

Internal and external reports

CLA must retain copies of

Records of actions taken under the internal and external reporting requirements (including any SAR’s) for five years, and

Information reported to the MLRO, which is not forwarded onto NCA.


CLA must retain records of the dates and nature of financial crime training, and the members of staff trained together with their results.


CLA must retain records of the MLRO’s monitoring reports, and the consideration of these reports and any action taken as a result.