As Bobby Gillespie observed, ‘Dealers keep dealing, thieves keep thieving, whores keep whoring and junkies keep scoring.’ We may be on varying degrees of lockdown across the globe, but thieves, fraudsters and money launderers just keep doing what comes naturally to them. Many among them clearly see the COVID-19 pandemic as no more than a new opportunity to ply their trade.
As long as criminals acquire ill-gotten gains they will have a need to launder their proceeds of crime. All barristers need to maintain their vigilance against anyone seeking to launder those criminal funds or channel monies towards terrorist activity.
Despite the current business conditions and the need to practise social distancing, if your work falls within the scope of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (as amended) (‘the Money Laundering Regulations’) you must still comply with the statutory anti-money laundering obligations. Those obligations include the requirement to undertake Customer Due Diligence (CDD) in relation to a new client in order to check and verify their identity. It is vital this is done.
Customer due diligence: a re-cap
Undertaking CDD – where your client’s identity has not already been verified by you – requires you to:
- identify your client;
- verify their identity from reliable and independent documents, data or information; and
- assess, and where appropriate obtain information on, the purpose and intended nature of the business relationship that you are being asked to enter into.
In carrying this out, you must address each requirement in a manner that is proportionate to your assessment of the relevant level of money laundering or terrorist financing risk in the new relationship with the potential client.
For most barristers, these practicalities of identifying and verifying a new client are usually undertaken in person, often at the premises of a legal practice or practitioner. Yet while the restrictions on movement and gatherings and the need for social distancing remain in place that practice is unlikely to be available.
So in order to assist you in carrying on business, while meeting your obligations under the Money Laundering Regulations, the Legal Sector Affinity Group (publisher of the HM Treasury approved legal sector wide Money Laundering and Terrorist Financing Guidance) issued a guidance note on how to approach CDD and the requirements of identification and verification.
The guidance note advises that in the absence of face-to-face meetings, to consider using alternative methods in order to verify that the new client is who they say they are:
‘Practices and practitioners are reminded to adopt a risk-based approach, taking into account the contents of their practice-wide risk assessment, policies and procedures (and where necessary updating them) and the circumstances of individual clients/matters. As an alternative to face-to-face documentary verification, legal practices and practitioners may adopt or further utilise electronic means of ID&V [identification and verification] where appropriate to the risks present in the client/transaction.’
How do you verify a new client?
The guidance note helpfully lists a number of suggested alternative methods for carrying out the required identification and verification. They can be used independently or in combination:
1. Digital ID&V services that meet the requirements of the Money Laundering Regulations (reg 28(19): ‘…secure from fraud and misuse and capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity’).
2. Gathering and analysing additional data to triangulate the evidence provided by the client, such as geolocation, IP addresses, verifiable phone numbers etc.
3. Verifying phone numbers, e-mails and/or physical addresses by sending codes to the client’s address to validate access to accounts.
4. Using live and/or recorded digital video (many reliable and free options exist for this) of the customer showing their face and original photo identification documents so that you can compare them to a scanned copy of the same document (eg passport or driving licence).
As responsibility for compliance with the Money Laundering Regulations remains with you and your practice, always ensure that you make use of only trustworthy digital processes.
So what might be viewed as trustworthy…
The guidance note suggests that a pre-recorded video (see (4) above) may be sufficient for non face-to-face identification and verification purposes. Yet non face-to-face business relationships, transactions and ‘situations’ are recognised as an example of a potentially higher-risk situation in undertaking CDD (regs 33(1)(a) & 33(6) and recently re-affirmed in the Financial Action Task Force Guidance on Digital Identity, Paris, March 2020 §10). Given the need to be satisfied of liveness, you would be well advised to require more reassurance than that provided by a pre-recorded video.
The requirements of social distancing look set to remain a part of everyday life and business practice for the foreseeable future. As a result, non face-to-face business relationships, transactions and ‘situations’ look set to become the norm for some time to come. You and your clients will need to be able to recognise and address the associated money laundering and terrorist financing risks inherent in this new business model.
You should also ensure that you keep a record of the CDD steps taken and the verification provided, so that you can evidence the processes followed, for example, of any video calls that are made. Where personal information is retained, eg passport details or digital imaging, you should obtain consent from the data subject for the capture and storage of this information and have due regard to the data protection obligations upon you as data controller.
Where there is elevated risk
You should also consider that the steps set out above may not be appropriate or sufficient on their own where there is an elevated risk of money laundering or terrorist financing. The requirement to apply Enhanced Due Diligence will remain in the case of some potential clients. Where this greater level of due diligence is needed, more robust methods of identification and an increased number of reliable and independent documents, data or information may be required for verification in order to ensure that you have met your CDD obligations. An example of a situation where such a need would arise would be where the new client is resident in a high-risk third country (reg 33(1)(b)) or is a Politically Exposed Person (reg 33(1)(c)).
It is vital for practitioners to meet their CDD obligations and maintain compliance with the Money Laundering Regulations. If you or your client are in doubt as to what is required you should not hesitate to obtain independent legal advice from an experienced legal practitioner.
Pandemic-related fraud continues to rise:
The UK’s National Cyber Security Centre (NCSC) said it took down more than 2,000 online coronavirus scams in March 2020, including 471 fake online shops that were selling fraudulent virus-related items: bbc.in/3mOsnkj; and Google reported that it was blocking 18m coronavirus scam emails every day: bbc.in/33YYm8X.
In April 2020, Interpol reported a sophisticated PPE fraud scheme using compromised emails, advance-payment fraud and money laundering across Germany, Ireland and the Netherlands: bit.ly/3j38q6Y.
In June 2020, Action Fraud said that since shops were forced to close in March it had received reports of online shopping fraud totalling £16.6 million in losses. In July, it said a total of £11.3 million had been reported lost by 2,866 victims of coronavirus-related scams; and it had received 13,820 reports of coronavirus-related phishing emails.
NCSC advice on how to spot the most obvious signs of a scam, and what to do if you’ve already responded: