Top money men face up to 2 YEARS in slammer for neglecting to spot crim-cash activity

HMRC warns fines could also be imposed

Secure remote control for conventional and virtual desktops

Senior managers at "money service businesses" face up to two years imprisonment and an unlimited fine if their neglect leads to money laundering or terrorist financing activities, HM Revenue & Customs (HMRC) has warned.

In new guidance on its supervision of money services businesses under anti-money laundering rules (65-page/195KB PDF), HMRC said that senior managers at those businesses, which include currency exchanges, money remittance providers or those delivering third party cheque cashing services, could be held "personally liable" in cases where failings in anti-money laundering checks are identified in their company.

"Senior managers must: identify, and manage effectively, the risks that their business may be exploited to launder money or finance terrorists; take a risk-based approach that focuses more effort on higher risks; appoint a nominated officer to report suspicious activity; [and] devote enough resources to deal with money laundering and terrorist financing," the guidance said.

HMRC said that senior managers at money service businesses are responsible for carrying out a risk assessment to identify where their business is "vulnerable to money laundering and terrorist financing" and for preparing policies and procedures that outline how the company will manage those risks identified.

In addition, the senior managers must ensure that staff are sufficiently trained to implement the anti-money laundering policies and that systems are in place to "help them" do so. Responsibility for monitoring the effectiveness of the anti-money laundering policy and controls in place, and for updating them with improvements when necessary, also falls to senior managers, according to the guidance.

HMRC said that money service businesses must carry out customer due diligence checks before processing transactions in certain cases, including prior to entering into an ongoing business relationship with a customer, where transactions from customers are occasional only, if they suspect money laundering or terrorist financing activity or where they doubt the reliability or adequacy of the information about customers obtained as part of due diligence checks.

The guidance sets outs the types of checks money service businesses have to carry out in those cases, and references checks to verify customers' identity, the identify of the beneficial owner of the customer who that customer is acting for, and "obtaining information on the purpose and intended nature of a business relationship".

Money service businesses' customer checks might also involve continued monitoring of their relationship with individual customers "to ensure transactions are consistent with what the business knows about the customer, and the customer’s risk profile", HMRC said.

HMRC said that whilst it is likely that a standard due diligence checking process will apply to the majority of a money service business' customers, those companies may have to conduct additional checks on some customers depending on the " the risks and warning signs" identified and assessed.

"The extent of customer due diligence measures depends on the degree of risk," HMRC said. "It depends on the type of customer, business relationship, product or transaction... It goes beyond simply carrying out identity checks to understanding who you’re dealing with. This is because even people you already know well may become involved in illegal activity at some time, for example if their personal circumstances change or they face some new financial pressure. Your due diligence measures should reduce the risk of this, and the opportunities for staff to be corrupted."

"This means that you must consider the level of identification, verification and ongoing monitoring that’s necessary, depending on the risk you assessed. You should be able to demonstrate that the extent of these procedures is appropriate when asked to do so," it said.

HMRC said that customers' identify can be verified electronically, but said that money service business must check at least two sources online to satisfy themselves that a customer is who they say they are and stressed that they must also "verify key facts that only the customer may know, to establish that they are who they say they are".

Copyright © 2014, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Intelligent flash storage arrays

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.