1. GENERAL PROVISIONS
1.1. This policy has been prepared by the Money Laundering Reporting Officer (MLRO) to set out AFP Services’ policy for complying with the UK AML/CTF regime (principally, The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, The Money Laundering and Terrorist Financing Regulations (Amendment) Regulations 2019 and the Proceeds of Crime Act 2002). AFP Services is committed to upholding its AML/CTF obligations under UK legislation.
1.2. AFP is Regulated by CIMA.
1.3. AFP has a team of two people that help support the anti-money laundering policies and procedures. The Money Laundering Reporting Officer (MLRO) is Kevin Simcoe, and Assistant is Ian Smorfitt.
1.4. The Money Laundering Reporting Officer regularly reviews this policy (at least annually) to ensure it remains up-to-date and adequate. A written record is kept of when the policy was last reviewed and any changes that were made.
1.5. This policy must be communicated and read by all staff. A written record must be maintained to confirm all staff have read and understood this policy. If any changes are made following the review set out in 1.3, these changes must also be communicated to staff and a written record maintained to confirm they have read and understood the changes.
2. AFP SERVICES RISK ASSESSMENT FOR AML/CTF PURPOSES
2.1. A formal and documented company risk assessment will be undertaken that will focus on the risk to AFP Services arising from factors including our clients, the countries in which we operate, the services we provide and how we deliver our services.
2.2. The company risk assessment will be renewed on a risk-sensitive basis and in any case at least annually.
2.3. From the most recent company risk assessment, the key areas of risk to AFP Services at present are:
o Section 5 of the Risk Assessment – unusual or excessively complex company structures
o Section 6 of the Risk Assessment – engaging in property or other high value transactions
o Section 8 of the Risk Assessment – our services regarding payroll
o Section 15 of the Risk Assessment – letters of engagement/scope letters regarding Data Protection
3. CLIENT DUE DILIGENCE (CDD) – CLIENT IDENTIFICATION
3.1. CDD must be carried out when the practice establishes a business relationship. Our New Client forms, Credit Safe and Companies House will be used to:
– Identify the client and verify their identity,
– obtain information on the purpose and intended nature of the business relationship,
– check for the existence of any beneficial owners, and, if present, identify them and take reasonable measures to verify their identity,
– verify information held on Companies House PSC register and, if any there are any discrepancies between with information held of the client, report directly to HMRC,
– ensure reliable sources of electronic ID verification is used to undertake CDD, which is free from fraud and provides sufficient assurance of the identity of the individual
3.2. The nature and extent of evidence and information obtained to satisfy 3.1 must reflect the level of risk the business relationship poses. Therefore, AFP Services performs a client risk assessment on every client to assess the level of ML and TF risk they pose.
3.3. The requirements set out in 3.1 must be satisfied before a business relationship is established with the client.
3.4. AFP Service’s Terms of Engagement outline the services to be provided with sufficient detail to make it clear to the client and our practice the intended nature and purpose of the business relationship and the services to be provided.
3.5. AFP Services will not establish a business relationship if we have been unable to satisfy the requirements set out in 3.1 (as informed by the client risk assessment set out in 3.2). AFP Services will also consider making a suspicious activity report (SAR) to the MLRO (if applicable) or directly to the National Crime Agency (for example, if the client has been deliberately difficult or evasive). If a SAR is made, AFP Services will ensure it complies with its obligation to not tip off the client.
3.6. Should the client request additional or different services it may be necessary to perform all or part of the requirements set out in this section as necessary in relation to the additional or different services.
4. CLIENT DUE DILIGENCE (CDD) – ONGOING MONITORING OF CLIENTS
4.1. AFP Services will conduct ongoing monitoring measures, which includes:
– scrutiny of transactions/activity undertaken throughout the course of the relationship (including, where necessary, the source of funds) to ensure that the transactions/activity are consistent with our knowledge of the client, the client’s business and risk profile, and
– undertaking reviews of existing client records and keeping the documents or information obtained on the client up-to-date.
4.2. The degree and nature of the ongoing monitoring measures in 4.1 must reflect the level of risk the business relationship poses (as identified in the client risk assessment set out in 3.2).
4.3. AFP Services will consider whether as part of the ongoing monitoring measures in 4.1 the level of risk the business relationship poses (as identified in the client risk assessment set out in 3.2) has now changed.
4.4. AFP Services will terminate the business relationship if we have been unable to satisfy the requirements set out in 4.1 (as informed by the client risk assessment set out in 3.2). AFP Services will also consider making a suspicious activity report (SAR) to the MLRO (if applicable) or directly to the National Crime Agency (if, for example, the client has been deliberately difficult or evasive). If a SAR is made, AFP Services will ensure it complies with its obligation to not tip off the client.
5. ENHANCED DUE DILIGENCE MEASURES (EDD)
5.1. AFP Services will apply enhanced due diligence measures where any business relationship has been assessed as high risk in order to manage and mitigate the risk. EDD measures will be applied in addition to the requirements set out in 3.1 and 4.1. High risk situations include:
a) a high risk of ML or TF as it is a high risk situation identified in our company risk assessment and set out in 2.3 or in the information made available by our Supervisory Authority (CIMA),
b) the client is established in a high-risk third country,
c) the client is a politically exposed person, or a family member or known close associate of a politically exposed person (collectively referred to as ‘a PEP’),
d) the client has provided false or stolen identification documentation or other information and we propose to continue to deal with that client,
e) a transaction is (i) complex and unusually large, or there is an unusual pattern of transactions, and (ii) the transaction or transactions have no apparent economic or legal purpose,
f) any other case which by its nature can present a higher risk of money laundering or terrorist financing, including a business relationship identified as high risk when we perform the client risk assessment set out in 3.2.
The enhanced due diligence measures taken by a relevant person for the purpose of paragraph (1)(b) must include:
(a) obtaining additional information on the customer and on the customer’s beneficial owner;
(b) obtaining additional information on the intended nature of the business relationship;
(c) obtaining information on the source of funds and source of wealth of the customer and of the customer’s beneficial owner;
(d) obtaining information on the reasons for the transactions;
(e) obtaining the approval of senior management for establishing or continuing the business relationship;
(f) conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination.”;
5.2. The CDD forms contained on AMLCC will be used to assist with identifying whether any of the high risk situations set out in 5.1 apply.
5.3. Specifically in relation to identifying high risk situation 5.1 c), AFP Services has assessed that it is unlikely that a client will be a PEP. This is based on the company risk assessment, the level of ML and TF AFP Services faces (and the extent to which that risk would increase should we establish a business relationship with such a PEP client), and the information made available by our Supervisory Authority (CIMA). In the absence of any factors that indicate the client may be a PEP, AFP Services will seek to identify such clients by asking them if they are a PEP and performing a web-based search.
5.4. The EDD measures AFP Services applies for the high risk situations in 5.1 depend on the nature of the high risk, and may include:
– seeking additional independent, reliable sources to verify information provided or made available to the relevant person,
– taking additional measures to understand better the background, ownership and financial situation of the client, and other parties to the transaction/activity,
– taking further steps to be satisfied that the transaction/activity is consistent with the purpose and intended nature of the business relationship,
– increasing the monitoring of the business relationship, including greater scrutiny of transactions/activity.
5.5. Specifically for high risk situation 5.1 c), AFP Services assesses the level of risk the PEP client poses and the extent of EDD measures to be applied. When making this assessment, AFP Services considers information made available by our Supervisory Authority (CIMA) and HM Treasury approved guidance. However, EDD measures must at least include:
– obtaining approval from senior management for establishing or continuing the business relationship with that client,
– take adequate measures to establish the source of wealth and source of funds which are involved in the proposed business relationship or transactions with that client; and
– where the business relationship is entered into, conduct enhanced ongoing monitoring of the business relationship with that person.
5.6. Specifically for high risk situation 5.1 e), the EDD measures must at least include:
– as far as reasonably possible, examining the background and purpose of the transaction, and
– increasing the degree and nature of monitoring of the business relationship in which the transaction is made to determine whether that transaction or that relationship appear to be suspicious.
6. APPOINTMENT OF MONEY LAUNDERING REPORTING OFFICER (MLRO)
6.1. The MLRO is Kevin Simcoe.
6.2. Should the identity of the MLRO change, AFP Services will inform the supervisory authority (CIMA) of the identity of the new MLRO within 14 days of the appointment.
6.3. The MLRO is responsible for monitoring the adequacy of the practice’s AML/CTF systems and controls and to mitigate and manage the risk of ML and TF.
6.4. The MLRO is responsible for ensuring all relevant employees receive AML/CTF training (as set out in Section 9).
6.5. Where an internal SAR is made to the MLRO, the MLRO must consider it in the light of any relevant information which is available to them and determine whether it gives rise to knowledge or suspicion or reasonable grounds for knowledge or suspicion that a person is engaged in money laundering or terrorist financing. If so, the MLRO must ensure that a SAR is made to the National Crime Agency.
7. SUSPICIOUS ACTIVITY REPORTING (SAR)
7.1. All staff must report knowledge or suspicion, or reasonable grounds for knowledge or suspicion, that a client is engaged in, or is the victim of ML or TF (‘suspicious activity’), no matter how small the suspected proceeds. This is a personal obligation for every member of staff and failure to report is a criminal offence punishable by a fine and/or imprisonment.
7.2. Staff must report suspicious activity immediately by filing a report to the MLRO using the Anti-Money Laundering Compliance Company (AMLCC) secure portal. This report can only be viewed by the MLRO, the deputy MLROs and the staff member who submitted the report. The MLRO will then make a suspicious activity report (SAR) to the National Crime Agency where required.
7.3. The justification as to why a SAR was or was not submitted by the MLRO to the National Crime Agency will be recorded in a confidential and separate place from the client file.
7.4. All staff must ensure the person on whom the SAR was made is not made aware of the SAR. It is a criminal offence punishable by a fine and/or imprisonment to disclose to a person that a SAR has been made on them.
8.1. AFP Services will:
– make all relevant employees aware of the law relating to ML and TF, and to the requirements of data protection, which are relevant to the implementation of the Regulations, and
– regularly give all relevant employees training in how to recognise and deal with transactions and other activities or situations which may be related to ML or TF.
8.2. Employees who are required to be provided with training under 9.1. are:
– employees whose work is relevant to AFP Services complying with the Regulations, or
– employees whose work is capable of contributing to the identification and mitigation of the risk of ML and TF to AFP Services, or preventing or detecting ML and TF relating to AFP Services.
8.3. The training provided must in particular focus on the key areas of risk identified in the practice risk assessment and set out in 2.3.
8.4. A written record of the training provided under 9.1 is maintained
8.5. All relevant employees receive the training provided under 9.1 upon joining the practice.
8.6. The MLRO is responsible for deciding when additional training is required or when training should be refreshed to satisfy the requirements under 9.1, and when doing so must consider any changes in the nature of AFP Services, regulatory changes and whether any internal or external SARs have been made.
9. RECORD KEEPING
9.1. AFP Services keeps:
– a copy of any documents and information obtained to satisfy our CDD (including ongoing monitoring and EDD) obligations set out in this policy,
– sufficient supporting records (consisting of the original documents or copies) in respect of a transaction (including an occasional transaction that does not form part of a business relationship) which is the subject of CDD (including ongoing monitoring and EDD) to enable the transaction to be reconstructed,
– suspicious activity records as set out in Section 8, and
– training records as set out in Section 9.
9.2. The practice keeps the records set out in 9.1 for a period of 5 years. This will begin on the date on which the business relationship comes to an end (or for an occasional transaction that is not part of a business relationship, the date on which the transaction is complete).