Anti Money Laundering

AAT is a registered charity. No. 1050724

Disclaimer
Although all reasonable care have been taken to ensure that the content of this factsheet is
accurate and reflects industry best practice and regulations, members should always consider their
individual circumstances when using this document. The content of this document does not
constitute legal advice and in certain circumstances, it may be necessary for members to seek
expert legal advice.

AAT will accept no liability for loss caused to any person or entity as a result of acting or refraining
to act in accordance with any material in this factsheet.

Third party websites

Although all reasonable care have been taken when selecting third party websites, AAT is not responsible for
the contents or reliability of the linked web sites. AAT accepts no liability for any linked sites and their content
and it is important that you take necessary precautions, especially to ensure appropriate safety from viruses
and other potentially destructive items. We cannot guarantee that the links will work all of the time and we have
no control over the availability of the linked pages. As in all cases, when visiting external websites, you should
review those websites' privacy policies and other terms of use to learn more about how they collect and use any
personally identifiable information.

AAT is a registered charity. No. 1050724

Introduction

This fact sheet is intended to provide an overview of the main requirements of the Anti Money
Laundering/anti-terrorist financing legislation, as it affects AAT licensed members. This abridged guidance is
designed to be read in conjunction with industry and AAT guidance on Anti Money Laundering including the
Anti Money Laundering toolkit issued to AAT licensed members. All money laundering related queries should
be sent to [email protected]

The legislation

The UK Anti Money Laundering Legislation (AMLL) consists of:

• The Proceeds of Crime Act 2002 (POCA)
• The Terrorism Act 2000 (TA)
• Money Laundering Regulations 2007
• The Bribery Act 2010

Application of the UK AMLL

POCA and TA define money laundering and terrorist financing and impose very similar obligations upon
individuals within the regulated sector, including those involved in providing accountancy services to
clients, to submit:

1. An internal report to a Money Laundering Reporting Officer (MLRO), by those in a

group practice
2. A suspicious activity report (SAR) to the National Crime Agency (NCA), by sole practitioners and
MLROs.

The Regulations impose duties upon sole traders and firms (not employees) to establish and maintain
practice policies and procedures to detect and deter activities relating to money laundering and terrorist
financing.

Definitions

The following definitions are paraphrased versions of those contained in POCA and TA.

Money laundering
To acquire, possess or deal in a benefit obtained from a criminal act or to facilitate someone else to do so,
when knowing or suspecting that the benefit was obtained from a criminal act.

Terrorist financing
Fundraising, possessing or dealing with property or facilitating someone else to do so, when intending,
knowing or suspecting or having reasonable cause to suspect that it is intended for the purposes of terrorism.

Money laundering involves the proceeds of crime, while terrorist financing may involve legitimate
property or the proceeds of crime.

AAT is a registered charity. No. 1050724

The 2007 Money Laundering Regulations

Policies and procedure

The policies and procedures required by the 2007 ML Regulations must relate to:
• customer due diligence on new clients
• on-going monitoring of existing clients and transactions
• internal reporting to a MLRO
• internal control
• risk assessment and management
• internal communication of policies and procedures
• monitoring and management of compliance with policies and procedures
• record keeping
• staff training

Risk sensitive approach

The policies and procedures must be applied on a risk sensitive basis. This means that there is no industry
standard. Each practice must establish policies and procedures that are proportionate to the risks of its services
being exploited by money launderers and terrorist financiers. Therefore, policies and procedures will vary
according to the individual circumstances of each practice.

The requirement to establish policies and procedures on a risk-sensitive basis is intended to increase the
likelihood of you detecting and deterring activity connected with money laundering and terrorist financing - not to
eliminate it. There is no zero tolerance approach in this regard.

The risks

The risks of your services being exploited for money laundering and terrorist financing consist of a combination
of three elements:

• opportunity – for a client to engage in money laundering or terrorist financing - exists irrespective of the
client’s honesty. For example, high cash businesses, and transactions and legal structures with
overseas involvement or which tend to obscure ownership are deemed to provide heightened
opportunity.
• likelihood – of an opportunity being exploited – is dependent upon the nature of the particular client.
New clients about whom you have not accumulated much ‘know your client’ information are considered
more likely to be exploitative than long standing clients, as are clients whose transactions or structures
are opaque or have no apparent economic purpose, as opposed to those with open and transparent
dealings.
• impact – in terms of detriment to society – should the opportunity be exploited. The detriment to society of
the more ‘anti-social’ crimes, such as drug smuggling, people trafficking, theft, etc.

Risk assessment

Before you can devise risk sensitive policies and procedures, you need to have a reasonable estimate of the
risks to which your practice is exposed. This necessitates the carrying out of a risk assessment of your practice
in light of your client profile, the services you provide and your current management policies. It is important to
note that the risk assessment does not have to be sophisticated, a simple risk register should be sufficient for
small practices covering all known risks of money laundering.

AAT is a registered charity. No. 1050724

Applying policies and procedures generally and to individual clients

You should assess the general risks to which your practice is exposed. This will enable you to establish and
maintain appropriate and proportionate policies and procedures in the context of your practice. However, the
policies and procedures must be applied in relation to individual clients. Therefore, the risk presented by each
client must also be individually assessed and may be categorised as high, medium or low risk, according to
your risk register or other assessment. AAT has produced template risk assessment forms for AAT licensed
members we supervise for money laundering compliance.

Required policies and procedures

Customer due diligence (CDD)

CDD must be applied to new clients before you provide your services to them. The one exception to this is
where to do so would interrupt the normal conduct of business and there is little risk of money laundering or
terrorist financing, in which case you must always find out who the client claims to be before commencing the
client’s instructions and complete CDD as soon as you reasonably can afterwards.

There are three elements to CDD

1. Find out who the client claims to be – name, address, date of birth – and obtain evidence (on a risk
sensitive basis) to check that the client is as claimed. The amount and strength of evidence you
require can be standardised for medium and low risk clients. For high risk clients, you must conduct
enhanced CDD to compensate for the higher risk.
2. Obtain evidence (on a risk sensitive basis) so that you are satisfied that you know who any
beneficial owners are. This means that beneficial owners must be considered on an individual basis
rather than banded for standardised evidence. Generally, a beneficial owner is an individual who
ultimately owns 25% or more of the client or the transaction property.
3. Obtain information on the purpose and intended nature of the transaction.

The evidence you obtain can be documentary, data or information from a reliable and independent source or a
mix of all of these. A ‘reliable independent source’ refers to the producer of the evidence, such as a
Government department, not necessarily the person who supplies you with it, who may be the client. Also, there
is no requirement to take photocopies of the evidence. It is sufficient to make a note of it so that it can be
traced, and the item can then be traced using unique reference numbers and dates.

The CDD requirement may vary according to circumstance. You must conduct enhanced CDD in relation to a
client who has not attended your practice for identification purposes (non face-to-face clients), is a politically
exposed person or is otherwise a high risk client. You may conduct ‘simplified’ CDD in relation to certain
products and entities, such as a child trust fund, certain insurance contracts and pension schemes, listed
companies, limited partnerships, banks, UK public authorities.

If you cannot complete CDD, you must not act for the client and should consider whether to submit an Internal
Report or SAR, as appropriate (see Duty to Report).

AAT is a registered charity. No. 1050724

On-going monitoring

You must apply on-going monitoring to existing clients. This means that you must:
• carry out appropriate and risk sensitive CDD measures to any transaction which appears to be
inconsistent with your knowledge of the client or the client’s business or risk profile. For example, if a
client suddenly has an injection of significant funds, check the source of funds. If a beneficial owner is
revealed, obtain evidence of the beneficial owner’s identity and the nature and purpose of the injection
of the funds
• keep CDD documents, data and information up to date. For example, if a client company has a change
to its directorship, update your records accordingly.

Record keeping

Your records should maintain a paper trail to facilitate any future law enforcement investigation relating to your
client, and demonstrate that you have complied with your statutory obligations. Your records should consist:
• copies of or reference to the CDD identification evidence. These records must be kept for five years
starting with the date on which your relationship with the clients ends
• copies or originals of documents relating to transactions that have been subject to CCD measures or
ongoing monitoring. These must be kept for five years starting with the date on which you completed the
client’s instructions
• a note of your policies and procedures and their application.

Internal control

This is a catch all to encourage you to respond to risks, which are not subject to specific policy and procedure
requirements in the Regulations.

Risk assessment and management

You should conduct a risk assessment at intervals appropriate for your own practice. This could be by re-
examining your risk register, or repetition of any other method you use. You should amend your policies and
procedures as required in order to keep risks to a tolerable level.

Internal reporting procedure

Internal reporting procedures require firms to nominate a MLRO and to ensure that internal reports are directed
to the MLRO. In light of information available to the MLRO, the MLRO must decide whether to submit a SAR to
NCA on behalf of the firm, and whether the firm requires consent before providing its professional services to
the client.

Internal communication of policies and procedures

Once the requisite policies and procedures are in place, you must ensure that all relevant personnel within your
firm are familiar with them to the extent necessary, given their respective roles.

Monitoring and management of compliance

You must take steps to ensure that your employees comply with your practice’s policies and procedures.

AAT is a registered charity. No. 1050724

Training

You must ensure that relevant staff are given training at appropriate intervals on how to recognise a suspicious
transaction, and how and to whom to Report their suspicions to. If you do not employ staff, then you must
ensure that you undertake regular training as above. We recommend AML training when assessing CPD
requirement.

Supervision

All accountancy sole traders and firms providing professional services to clients by way of business must be
supervised in their compliance with the regulations. AAT’s method of supervision is by:
• helping you to understand the anti money laundering legislation by providing guidance and support
• only making you do what is really necessary on a risk sensitive basis and making you aware of any
simplified procedures
• where noncompliance is identified, working with you to correct this to ensure full compliance
• where a blatant breach, continued breach or disregard for the legislation is identified, taking appropriate
action.

POCA and TA

Duties to report

There are two circumstances (subject to exceptions, below) when you must submit an internal report or a SAR
(collectively referred to below as a report), as appropriate, namely:

1. When you wish to provide services in relation to property which you actually know or suspect
relates to money laundering or terrorism financing. In such circumstances, you must indicate in the
Report that you require consent to provide such services, and refrain from doing so until you
receive actual or deemed consent
2. When you actually know or suspect or there are reasonable (objective) grounds for you to know or
suspect that another person is engaged in money laundering or terrorist financing, whether or not
you wish to act for such person. The person in question could be a client, a colleague or third party.

Note: You do not require consent when you:

• do not intend to act in relation to the suspect property
• do intend to act but you do not actually know or suspect that the property relates to money laundering or
terrorist financing, even though reasonable grounds may exist.

Exceptions to the duties to report

The duties to report do not apply if:

1. The information which forms the basis of your knowledge or suspicion or the reasonable grounds to
know or suspect came to you other than in the course of business, for example, on a social
occasion.
2. The information came to you in privileged circumstances that is, in order for you to provide legal
advice, such as explaining a client’s tax liability, except when you judge that your advice has been
sought to enable the client to commit a criminal offence or avoid detection; or expert opinion or
services in relation to actual or contemplated legal proceedings.
3. You have a reasonable excuse for not reporting, in which case you must report as soon as
reasonable in the circumstances.

AAT is a registered charity. No. 1050724

Tipping off

If you know or suspect that a report has been made, you will commit an offence if you disclose any information
that is likely to prejudice any actual or contemplated investigation following a report.

Note: the report does not have to have been made by you, you merely need to know or suspect that one has
been made to a MLRO, NCA, HMRC or the police.

Dealing with NCA

Although internal reports can be in any form determined by the firm, SARs made to NCA must be in writing.
NCA prefers you to use their online SAR Forms.

AAT is a registered charity. No. 1050724