Top money men face up to 2 YEARS in slammer for neglecting to spot crim-cash activity

HMRC warns fines could also be imposed

Intelligent flash storage arrays

Senior managers at "money service businesses" face up to two years imprisonment and an unlimited fine if their neglect leads to money laundering or terrorist financing activities, HM Revenue & Customs (HMRC) has warned.

In new guidance on its supervision of money services businesses under anti-money laundering rules (65-page/195KB PDF), HMRC said that senior managers at those businesses, which include currency exchanges, money remittance providers or those delivering third party cheque cashing services, could be held "personally liable" in cases where failings in anti-money laundering checks are identified in their company.

"Senior managers must: identify, and manage effectively, the risks that their business may be exploited to launder money or finance terrorists; take a risk-based approach that focuses more effort on higher risks; appoint a nominated officer to report suspicious activity; [and] devote enough resources to deal with money laundering and terrorist financing," the guidance said.

HMRC said that senior managers at money service businesses are responsible for carrying out a risk assessment to identify where their business is "vulnerable to money laundering and terrorist financing" and for preparing policies and procedures that outline how the company will manage those risks identified.

In addition, the senior managers must ensure that staff are sufficiently trained to implement the anti-money laundering policies and that systems are in place to "help them" do so. Responsibility for monitoring the effectiveness of the anti-money laundering policy and controls in place, and for updating them with improvements when necessary, also falls to senior managers, according to the guidance.

HMRC said that money service businesses must carry out customer due diligence checks before processing transactions in certain cases, including prior to entering into an ongoing business relationship with a customer, where transactions from customers are occasional only, if they suspect money laundering or terrorist financing activity or where they doubt the reliability or adequacy of the information about customers obtained as part of due diligence checks.

The guidance sets outs the types of checks money service businesses have to carry out in those cases, and references checks to verify customers' identity, the identify of the beneficial owner of the customer who that customer is acting for, and "obtaining information on the purpose and intended nature of a business relationship".

Money service businesses' customer checks might also involve continued monitoring of their relationship with individual customers "to ensure transactions are consistent with what the business knows about the customer, and the customer’s risk profile", HMRC said.

HMRC said that whilst it is likely that a standard due diligence checking process will apply to the majority of a money service business' customers, those companies may have to conduct additional checks on some customers depending on the " the risks and warning signs" identified and assessed.

"The extent of customer due diligence measures depends on the degree of risk," HMRC said. "It depends on the type of customer, business relationship, product or transaction... It goes beyond simply carrying out identity checks to understanding who you’re dealing with. This is because even people you already know well may become involved in illegal activity at some time, for example if their personal circumstances change or they face some new financial pressure. Your due diligence measures should reduce the risk of this, and the opportunities for staff to be corrupted."

"This means that you must consider the level of identification, verification and ongoing monitoring that’s necessary, depending on the risk you assessed. You should be able to demonstrate that the extent of these procedures is appropriate when asked to do so," it said.

HMRC said that customers' identify can be verified electronically, but said that money service business must check at least two sources online to satisfy themselves that a customer is who they say they are and stressed that they must also "verify key facts that only the customer may know, to establish that they are who they say they are".

Copyright © 2014, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Internet Security Threat Report 2014

More from The Register

next story
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.