HMRC internal manual

Economic Crime Supervision Handbook

From:: HM Revenue & Customs
Published: 26 May 2023
Updated:: 11 February 2025 - See all updates

ECSH32910 - Results from initial contact/review of documents

Having asked the business what their business activities are and how their business is organised, you need to establish how these work in practice.

Consider the below to help you plan your next steps:

Who might you need to speak to at the compliance check? Directors, managers, staff, internal auditors.

Consider whether the business requires supervision, whether the activities are in scope or potentially out of scope. See ECSH50000 for information on which businesses are supervised by HMRC.

Review whether the business model the trader has told you about appears to be the same as what you’ve established from the initial review. If not, has the business changed direction? Do the application details need updating?

Results from risk assessment, and policies, controls and procedures review

Do they have a risk assessment (RA), and policies, controls and procedures (PCPs) which set out how the business mitigates and manages the risks of money laundering, terrorist and proliferation financing? Have they got these documents in writing? See ECSH33205.

If it is a Money Service Businesses (MSB) providing money transmission services, does its PCPs satisfy the requirements within the Funds Transfer Regulations and the requirements of Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfer of funds?

If the business has written RA and PCP documents, are they consistent with the business model and take into account all relevant factors?

Do the length and complexity of the documents seem proportionate to the size and nature of the business based on results of your initial review?

Do they meet the criteria in Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) regulations 18/18A/19/19A?

Are there any processes you can’t understand or follow, that require explaining?

Does the risk assessment take account of the National Risk Assessment (NRA) and information produced by HMRC or other relevant sources? Including “understanding risks and taking action” document for the relevant sector/s, found on Money Laundering Regulations

Do the documents appear to be written by the business, or a third party, or a downloaded template?

Do the documents appear to be specific to the business, or generic?

Do the procedures effectively mitigate the risks identified in the risk assessment?

What follow up questions do you have, based on the documents?

Do the documents refer to other documents you’ve not had sight of, such as a client risk assessment?

At this point, consider doing a ‘gap analysis’ to establish what you know and you still need to find out.

The following may assist you:

What is known? What is not known? Consistencies. Conflicts.

Who?

What?

Where?

Why?

When?

How?

Help us improve GOV.UK

To help us improve GOV.UK, we’d like to know more about your visit today. Please fill in this survey (opens in a new tab).