Top money men face up to 2 YEARS in slammer for neglecting to spot crim-cash activity

HMRC warns fines could also be imposed

Intelligent flash storage arrays

Senior managers at "money service businesses" face up to two years imprisonment and an unlimited fine if their neglect leads to money laundering or terrorist financing activities, HM Revenue & Customs (HMRC) has warned.

In new guidance on its supervision of money services businesses under anti-money laundering rules (65-page/195KB PDF), HMRC said that senior managers at those businesses, which include currency exchanges, money remittance providers or those delivering third party cheque cashing services, could be held "personally liable" in cases where failings in anti-money laundering checks are identified in their company.

"Senior managers must: identify, and manage effectively, the risks that their business may be exploited to launder money or finance terrorists; take a risk-based approach that focuses more effort on higher risks; appoint a nominated officer to report suspicious activity; [and] devote enough resources to deal with money laundering and terrorist financing," the guidance said.

HMRC said that senior managers at money service businesses are responsible for carrying out a risk assessment to identify where their business is "vulnerable to money laundering and terrorist financing" and for preparing policies and procedures that outline how the company will manage those risks identified.

In addition, the senior managers must ensure that staff are sufficiently trained to implement the anti-money laundering policies and that systems are in place to "help them" do so. Responsibility for monitoring the effectiveness of the anti-money laundering policy and controls in place, and for updating them with improvements when necessary, also falls to senior managers, according to the guidance.

HMRC said that money service businesses must carry out customer due diligence checks before processing transactions in certain cases, including prior to entering into an ongoing business relationship with a customer, where transactions from customers are occasional only, if they suspect money laundering or terrorist financing activity or where they doubt the reliability or adequacy of the information about customers obtained as part of due diligence checks.

The guidance sets outs the types of checks money service businesses have to carry out in those cases, and references checks to verify customers' identity, the identify of the beneficial owner of the customer who that customer is acting for, and "obtaining information on the purpose and intended nature of a business relationship".

Money service businesses' customer checks might also involve continued monitoring of their relationship with individual customers "to ensure transactions are consistent with what the business knows about the customer, and the customer’s risk profile", HMRC said.

HMRC said that whilst it is likely that a standard due diligence checking process will apply to the majority of a money service business' customers, those companies may have to conduct additional checks on some customers depending on the " the risks and warning signs" identified and assessed.

"The extent of customer due diligence measures depends on the degree of risk," HMRC said. "It depends on the type of customer, business relationship, product or transaction... It goes beyond simply carrying out identity checks to understanding who you’re dealing with. This is because even people you already know well may become involved in illegal activity at some time, for example if their personal circumstances change or they face some new financial pressure. Your due diligence measures should reduce the risk of this, and the opportunities for staff to be corrupted."

"This means that you must consider the level of identification, verification and ongoing monitoring that’s necessary, depending on the risk you assessed. You should be able to demonstrate that the extent of these procedures is appropriate when asked to do so," it said.

HMRC said that customers' identify can be verified electronically, but said that money service business must check at least two sources online to satisfy themselves that a customer is who they say they are and stressed that they must also "verify key facts that only the customer may know, to establish that they are who they say they are".

Copyright © 2014, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Beginner's guide to SSL certificates

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
'Internet Freedom Panel' to keep web overlord ICANN out of Russian hands – new proposal
Come back with our internet! cries Republican drawing up bill
What a Mesa: Apple vows to re-use titsup GT sapphire glass plant
Commits to American manufacturing ... of secret tech
prev story


Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?