I am increasingly seeing the SRA identify that firms’ compliance policies are missing the following key provisions:
- A provision to identify and scrutinise complex transactions – Regulation 19(4)(a)(i)(aa)
- A provision to identify and scrutinise unusually large transactions or unusual patterns of transactions – Regulation 19(4)(a)(i)(aa)
- A provision to identify and scrutinise transactions with no apparent economic or legal purpose – Regulation 19(4)(a)(i)(bb)
- The taking of additional measures, where appropriate, to prevent products or transactions that favour anonymity being used for money laundering or terrorist financing – Regulation 19(4)(b)
- Mitigation of ML/TF risks arising from new products, practices, or technologies – Regulation 19(4)(c)
- Suspicious activity reporting requirements under POCA and the Terrorism Act – Regulation 21(5)
- Customer due diligence (CDD), including identification and verification measures – Regulation 28
- The firm’s approach to risk assessing clients and matters – Regulations 28(12), 28(13), and 33(6)
- Ongoing monitoring and how the firm ensures CDD is maintained and kept up to date – Regulation 28(11)
- Source of funds and source of wealth requirements – Regulations 28(11) and 33
- Reporting discrepancies to Companies House – Regulation 30A
- Checking the sanctions register and complying with the sanctions regime – Regulation 33
- Procedures relating to high-risk third countries / high-risk jurisdictions – Regulation 33
- Enhanced due diligence (EDD), ensuring the policy covers all circumstances in which EDD must be applied – Regulation 33
- Measures applied to politically exposed persons (PEPs) – Regulation 35
- The requirement for senior management approval when taking on PEPs – Regulation 35(5)
- Simplified due diligence – Regulation 37
- Reliance on third parties – Regulation 39
Do not wait for an SRA AML audit or, worst still an FCA AML Audit. Make sure your PCPs are updated.