ECSH32610 - Desk based checks
Introduction
Desk-based checksare carried out where you review business records, documents, or information away from a business’s premises.
Desk-based checks can be conducted alongside other types of interventions, such as face-to-face visits [ECSH 32615 Face to face visits] or telephone calls [ECSH 32605 Telephone call]. Alternatively, desk-based checks can be conducted without any other intervention to check a business’s compliance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017). For example, desk-based checks could be solely undertaken using correspondence by letter or email (where the appropriate protocol is in place – see [ECSH 32812, Initial contact: By email]).
Compliance desk-based interventions
A desk-based intervention (or DBI) is a type of desk-basedcompliance check which is approached in the same way as a face-to-face visit, but interviews of key personnel (for example, the Nominated Officer for the business) are carried out desk-based, for example, by phone or Teams calls.
(This content has been withheld because of exemptions in the Freedom of Information Act 2000)
How are desk-based checks conducted?
Desk-based checks are usually conducted by requesting information and/or documents from the business.
(This content has been withheld because of exemptions in the Freedom of Information Act 2000)
As part of your desk-based checks, you may review the business’s:
- application to register [link to ECSH 40000 Registration]
- risk assessment [link to ECSH 33205 Checking risk assessment and management]
- policies, controls and procedures [ECSH 33210 Establishing policies, controls and procedures]
- anti money laundering training [ECSH 33220 Anti money laundering training]
- customer due diligence records [ECSH 33305 Customer due diligence]
- transaction records [ECSH 33700 Records testing]
- internal controls and compliance monitoring [ECSH 33400 Checking internal controls and compliance monitoring]
- record keeping, reliance and compliance with GDPR [ECSH 33500 Checking record keeping, reliance and GDPR]
- internal reporting processes [ECSH 33600 Checking internal reporting and suspicious activity reports]
This list is not exhaustive.
What to consider
(This content has been withheld because of exemptions in the Freedom of Information Act 2000)
You should consider what information you need at each stage of your compliance check. For example, you may need to carry out desk-based checks prior to a face-to-face intervention to help you prepare and plan your interview. [ECSH 32825 Information and documents requested before an intervention]
Additionally, you may need to carry out desk-based checks after a visit. For example, to test additional records or request additional information. It will depend on the circumstances of your case. [ECSH 33700 Selecting transactions to test]
You will need to consider what information needs to be sent to you and how this will be done,
(This content has been withheld because of exemptions in the Freedom of Information Act 2000)
You must consider the volume of records you need to see, if they will contain sensitive information (for example bank statements or an individual’s ID documents) and any cost or additional burden this may present the business. You must always consider how you will use the information to gain assurance that the business is complying with MLR 2017.