ECSH33327 - Testing customer due diligence: the purpose and intended nature of the business relationship or transaction

Regulation 28(2)(c) of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) sets out that as part of its customer due diligence (CDD) measures, the business must “assess, and where appropriate obtain information on, the purpose and intended nature of the business relationship or occasional transaction.”

Using the everyday meaning of words within this requirement:

  • “Assess” means to evaluate, judge, or determine the value, amount, or importance of something.
  • “Purpose” means the reason something is done, created or for which something exists.
  • Intended nature of” means the expected characteristics.
  • Where appropriate” means following a risk-based approach, and in the context of MLR 2017, a business should be able to demonstrate to you when it considers it necessary to obtain information rather than “assess”.

Examples of these are given below. You can also use the Joint Money Laundering Steering Group (JMLSG) guidance from paragraphs 5.3.23.


Checking how the business is meeting this requirement

Business relationships

To establish whether the business has met the requirement when it is in a business relationship with the customer, you should ask the business including:

  • How does the business assess the purpose and intended nature of the business relationship?
  • What information is considered to inform this, such as how the customer is introduced to the business?
  • When does the business obtain information on the purpose of the business relationship?
  • When does the business obtain information on the intended nature of the business relationship?
  • How does the business obtain this information?
  • Where is the information recorded? For example, is this on a customer risk assessment form or Customer Relationship Management (CRM) system.
  • Who is the information obtained from? For example, the customer or independent sources?
  • Is this in line with the business’s risk assessment?
  • Does what the business is telling you about the business relationship seem plausible?

What information does the business obtain on the purpose and intended nature of a new business relationship? You should determine whether the business has gathered information such as:

  • The customers reason for wanting to use the specific product/service.
  • The anticipated source of funds to pay for the product/service.
  • The intended duration of the business relationship.
  • The types of transactions that will be carried out. For example, will they be in the UK or involve different countries (cross-border).
  • The anticipated level of activity within a set interval. For example, monthly volume, value, currency, frequency, and countries involved in the transactions.
  • The type of customer. For example, are they a natural person, limited company.
  • Where the customer is an individual - their occupation status. For example, employed, self-employed, retired.
  • Where the customer is a business - information about the business. For example, industry code(s), total sales, revenue, market share, major clients and suppliers, countries of significant operations.

This information will form the basis of the information on which it can conduct ongoing monitoring of the business relationship.

 

Case study 1

An accountancy service provider (ASP) has assessed that customers who pay for services in cash is high risk. You establish that the business gathers information about how a new customer will pay. If the customer states it will pay in cash, the business uses this to inform its risk assessment of this customer and follows its processes to mitigate that risk which includes increasing monitoring and scrutiny of transactions.

 

Case study 2

A London letting agency business (LAB) receives a request from an Edinburgh based customer who wants to rent a property in the London area. The LAB establishes where the customer is from and upon finding out that information, assesses that since the customer is from outside the usual geographic location, it is higher risk. The LAB asks for information on the purpose of the transaction, why the customer wants to rent the property. The customer explains that they have children who have obtained a place at a local school, so they want to live nearby.

For lower risk transactions and where the purpose is self-evident, the business might not have taken any information to assess the purpose and intended nature of the business relationship or transaction in that relationship. For example, if a customer of an estate agency business (EAB) who is considered low risk is moving from a two-bed house to a three-bed house in the same area, the purpose of the transaction might be self-evident (up-sizing) and the business may not have considered it necessary to obtain information on the purpose of the transaction.

For higher risk transactions, the business might have taken copies of financial statements, and/or evidence of the source of wealth and funds before establishing a business relationship.

 

Occasional transactions

To establish whether the business has met the requirement when it conducts an occasional transaction with customers, ask the business the same questions for business relationships above but adapt them for a one-off transaction in relation to its business model. For example, the purpose of an individual buying a new car from a high value dealer may be self-evident, but for a corporate customer who uses a fleet of vehicles, the business may consider establishing a business relationship to assist in future purchases of vehicles. It may then ask for information from the customer regarding the type and number of vehicles it uses, and the volume of cash it intends to use as opposed to other methods of payment.

You should consider when and how the business has used the information gathered to inform its risk assessment of the customer. This allows the business to anticipate risks that might arise in that customer, against what it has written in its business wide risk assessment.

 

Breaches

Where you establish that the business has not assessed, and where appropriate obtained information on the purpose and intended nature of the business relationship or occasional transaction, you should tell the business that there is a breach of regulation 28 of MLR 2017 and direct it to guidance to correct the breach.