ECSH33201 - Establishing risk, procedures and training: Introduction

Checking a business’s compliance under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) includes checking that it is complying with the relevant requirements to:

• carry out a risk assessment (RA) and keep an up-to-date record in writing of the steps taken to identify and assess the risks of money laundering, terrorist financing and proliferation financing (ML/TF/PF) relating to its business activities, and that its risk management practices are appropriate for the size and nature of the business – see ECSH33205 for guidance on checking risk assessment and management.
• establish policies, controls and procedures (PCPs) to mitigate and effectively manage the ML/TF/PF risks identified in its RA and maintain a record in writing
• communicate its PCPs to relevant staff and/or agents if applicable
• make relevant employees (and agents) aware of the law relating to ML/TF/PF and the requirements of data protection; and provide regular training on how to recognise and deal with suspicious activity – see ECSH33220 for guidance on anti money laundering training

There is also specific guidance for money transmitters who must also comply with the requirements of the Funds Transfer Regulations.

You may also need to check other aspects of the business’s compliance depending on the type of case you are working which may include:

• customer due diligence measures
• internal controls and compliance monitoring
• record keeping, reliance and GDPR
• internal reporting and suspicious activity reports

Full details of the “relevant requirements” of the MLR 2017 which a supervised business MUST comply with, are listed in Schedule 6. 

Guidance to help you understand each of the relevant requirements can be found in ECSH60000. 

Additionally, groups of related contraventions can be found at ECSH82791.