ECSH32920 - Records you need to see
The records you need to see will depend on the risks you need to address and the type of business, for example, transactional data, invoices, accounts, bank statements, contracts with third parties, and training records. Some of this information may be provided ahead of a visit or may be requested during a visit to the trading premises.
Further information is provided in the sector specific guidance[link to 50000 Business sectors supervised by HMRC] and sector specific information in the MLR Toolkit.
(This content has been withheld because of exemptions in the Freedom of Information Act 2000)
Identifying areas to test
Where you have received theseinitialrecords,as requested during your initial contact, you can begin to analyse and consider what questions you will ask and what records you will need test during the intervention.
The results frominitial contact andany client/transaction analysis will help identify areas of riskand also help you select a sample that is representative of the client base/transactions and tests the business’s risk-based approach. For example, you may identify that a customer maybe a politically exposed person (PEP), you will want to test they have met the requirements for dealing with that type of customer. Or if the business relies on another supervised business to carry out its customer due diligence, you may need to consider whether these records will be available to you on the day of the intervention.
Other records you may need to see will depend on the type of business and its operating model.
Remember, you want to establish what information the business holds on its customers and a list of transactions/clients to test should not be provided in advance of the intervention.
Depending on the information you’verequested [Link to ECSH 32825 Information and documents requested before an intervention], you might want to consider:
Client based sectors
How many clients does the business have?Does this seem appropriate in the context of how big the business is and how many staff they have? This will also help you decide how many records to test. [link to ECSH 33710 Initial sample]
Are there mostly repeat clients or are they providing one-off services?Providing one-off services could be higher risk, so you would need to test the business’s understanding of the risk level and mitigations in place.
What services do they offer clients? Does this match what you know of the business already?Select a range of different services in your test;there could be different risks for different services. Has the business considered this or applied the same level of customer due diligence across them all?
How long have they been serving clients?Are they all historic or are there lots of new clients? If the business has been visited in the past, you should concentrate your testing on clients onboarded since the outcome was issued, as they should have implemented any actions they were required to take.
Who are their biggest clients? These will likely be the most important clients to the business.
Transaction based sectors
What dates and times are the transactions conducted?Are there any ‘out of hours’ transactions? You will need to ask the reason why and decide whether the response seems appropriate.
What are the highest and lowest / averagevalue of transactions? You should test across the range.
Are there any cancelled transactions?You will need to establish the reason why they were cancelled.
Branch names/IDs where the transactions were conducted –you will want to test transactions across the branches to establish if there are localised or systemic failings.
Do any transactions appear to be linked? Will they cross a threshold set by the business or the Money Laundering, Terrorist Financing and Transfer of Funds (information on the Payer) Regulations 2017? Have the appropriate checks been done?
Are there transactions just below customer due diligence or enhanced due diligence thresholds set by the business? This could be a way of circumventing the requirements set at the thresholds.
Client and transaction based sectors
Location of customers/properties for sale/rent:
are they in the locality of the business, or spread out across the country/world?
are there any possible links to sanctioned or high riskcountries?
has the business done appropriate checks on customers potentially not met face to face?
Customer names:
look for titles indicating possibility of PEPs
possibility of names arising from high riskor sanctioned countries
do the business namesindicate the activitiesof the businesses and therefore the sectors they interact with, which could be higher or lower risk
Are customers individuals, businesses or other entities like charities and trusts? You will need to test how they apply customer due diligence to different entities.
Do customers have beneficiaries? Have appropriate checks been done on them?
For guidance on how to conductMoney Service Business (MSB) data analysis, see Data Analysis Excel Helpcards found within the MSB Compliance Resources on the Knowledge Library Home]
You will also want to review the integrity of the data – do there appear to be duplicate entries, missing or inaccurate information? For guidance on help available to support you with data see [ECSH 32928Data handler].
Please note this list is not prescriptive or exhaustive.