ECSH33328 - Testing customer due diligence: customers that are a body corporate

Regulation 28(3) of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) sets out that a business must identify and verify:

  • The name of the body corporate.
  • It's company registration number.
  • It's registered office address, and if different, its principal place of business.

The business must also take reasonable measures to determine and verify:

  • The law to which the body corporate is subject, and its constitution (whether set out in its articles of association or other governing documents).
  • The full names of the board of directors (or if there is no board, the members of the equivalent management body) and the senior persons responsible for the operations of the body corporate.
  • Unless the customer is a company which is listed on a regulated market.

“Regulated market” is defined in regulation 3 MLR 2017 as:

  • Within the UK, as defined by Article 2(1)(13A) of the markets in financial instruments regulation;
  • Outside the UK, within the EEA, as defined by Article 2(1)(13B) of the markets in financial instruments regulation; or
  • Outside the EEA, a regulated financial market which subjects companies whose securities are admitted to trading to disclosure obligations which are equivalent to the specified disclosure obligations.

 

What is a body corporate?

A body corporate is defined in regulation 3 of MLR 2017 and includes:

  • A body corporate incorporated under the laws of the UK or any part of the UK (for example, the Companies Act), and
  • A body corporate constituted under the law of a country or territory outside the UK.

But does not include:

  • A corporation sole (which is a legal entity consisting of a single incorporated office, occupied by a single natural person (often religious corporations or Commonwealth governments) which provides continuity following the death of the individual. The Crown, bishops, deans, vicars, and the Lord Mayor of London are examples of a corporation sole.
  • A partnership that, whether or not a legal person, is not regarded as a body corporate under the law by which it is governed.

Examples of body corporates include Companies (Public Limited Companies (PLC), Private Limited Companies (LTD), Unlimited Companies, Charitable Companies and other entities which have been created by various act of parliament (the Post Office, British Broadcasting Corporation (BBC), Limited Liability Partnerships (LLP).

You can find out more about different types of legal form on GOV.UK.

 

How to check the business is meeting the requirements          

You should ask the business how it has identified and verified the information it is required to.It is important to confirm that the business has obtained all the information required, from the checks it has done. For example, if a business has verified company information via a credit reference agency, it may not include details of directors or beneficial owners but may give a credit score and verify the company name, address, and registration number.

There is no requirement to verify the identity of all the directors. MLR 2017 states the business must take reasonable measures to determine and verifythe of the board of directors (or if there is no board, the members of the equivalent management body) and the senior persons responsible for the operations of the body corporate.You need to establish whether this has been done, by checking the information held on Companies House - see the section “How to corroborate the business’s checks” in ECSH33355 Evidence of verification. 

You may find that the business has verified the identity of the name of the lead contact within the body corporate. You should establish whether the business verified they have authority to act on behalf of the entity, as required by regulation 28(10)(a) of MLR 2017 – see ECSH33320.

If there are complex or opaque structures, you need to understand if the business has satisfied itself why these structures are being used, and what evidence it has obtained to come to that understanding. You might find it useful to ask the business to provide a type of ‘family tree diagram’ or organisational structure to visually represent the information.

You can use the records you have obtained to verify this information and establish if the business has identified and taken reasonable measures to verify the identity of all the beneficial owners (BO), following the meaning in regulation 5.

You should establish if the business has considered whether the person identified as the BO has control over the entity.

For example:

  • Does the person identified as the BO have ownership, voting rights or control rights in the legal person, so that they meet the definition of a BO in regulation 5 of MLR 2017?
  • Is the person actually exercising the rights associated with the level of ownership and/or control in practice in their own name, or is the person exercising those rights under instruction from, or by agreement with, an undisclosed third party?

 

What if the business cannot identify the beneficial owner (BO)?

You should be aware that there are obligations on corporate bodies to assist businesses in identifying BOs and the business can request that the customer provides them with information as required by regulation 43 MLR 2017. See ECSH33385 on requirement to report discrepancies in registers and obligations on corporate bodies and trustees for more information.

The business must keep records in writing of all the actions it has taken to identify the BO, if it has not succeeded in doing so or is not satisfied that the individual identified is in fact the BO.

If the business states it encountered difficulties in identifying beneficial ownership of a body corporate, you should ask to see records to verify:

  • What steps were recorded.
  • Whether the business continued with the transaction.
  • If approval was sought to continue and who from.


Businesses listed on a regulated market

You should be able to see records of checks performed to confirm that a customer is listed on a regulated market at the time of the transaction or establishment of the business relationship, as well as other points in time, because the status can change.


Reasonable measures

Remember, it is for the business to demonstrate to you that the extent of the measures it has taken are appropriate.

You should ask to see the attempts it has made, to establish if the business has taken reasonable measures. Where MLR 2017 allow the business to take “reasonable measures,” you will need to consider if these are indeed reasonable.

 You should consider whether the business has conducted the checks:

  • Using a risk-based approach;
  • In a way that is proportionate and effective to mitigate any identified money laundering or terrorist financing risks; and,
  • Evidenced the extent it has tried to obtain the information and verification.


For example, if the business could not verify certain pieces of required information you will need to consider whether it could have verified the information in another way and provide guidance on how it might do this in future.


Requirement to conduct ongoing monitoring

Where the business is (or was) in a business relationship with a customer, it must conduct ongoing monitoring.


Requirement to report discrepancies in registers

If the business has an ongoing relationship with customers, you need to consider whether the business is meeting its requirements to report discrepancies in BOs as required by regulation 30A MLR 2017. See ECSH33385 on requirement to report discrepancies in registers and obligations on corporate bodies and trustees for more details.  

 

Breaches

Where you establish that the business has not taken appropriate measures, you should tell the business that there is a breach of regulation 28 MLR 2017 and direct it to guidance to correct this.