ECSH33339 - Checking customer due diligence: complex and unusual transactions

Regulation 33(1)(f) of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) sets out that enhanced due diligence (EDD) is required in any case where:

  • a transaction is complex or unusually large
  • there is an unusual pattern of transactions or
  • the transactions have no apparent economic or legal purpose.

Ensure you read the general operational guidance for EDD and the Relevant Requirements section for Regulation 33. 

You can find more information in 5.7.10 and Annex 5-IV of the Joint Money Laundering Steering Group (JMLSG) guidance.

Complex or unusually large transactions

To be able to test if the business has carried out EDD for any “complex” or “unusually large” transactions, you must first understand what “the norm” is for the business. Use the guidance for understanding business activities to get a good understanding of what you can expect to see when testing the business’s records.

Ask what the business would consider “complex”. This could be the product or service itself, the number of parties involved or multi-layered structures, or complicated arrangements for payment/settlement, used to obscure the true beneficial ownership. Is there a valid reason for the complexity?

You may find it helpful to ask theoretical questions to establish what the business would consider “unusually large”. For example, when visiting a high value dealer, you could ask if there is an amount in cash which would appear unusual or above which the business would be reluctant to accept? If special arrangements are in place for a small number of customers, you should ask the business to explain the circumstances. For example, if a business has a policy of not accepting large cash payments or payments from a third party, what led to the business waiving this policy?

This will be unique to every business; even though they may operate in a similar way to other businesses in the same sector, what may be complex and unusually large for one business, may not be for another.

You should then ask what additional checks would be performed if a transaction of this nature occurred. When you look at transaction records you wouldn’t expect to see any transactions which exceed the business’s risk threshold; if you do, you should select them for testing and ask to see additional due diligence carried out. If the business didn’t identify the transactions, you will need to discuss the reasons why and if there are any mitigating circumstances. This may highlight that there are insufficient controls in place, such as senior manager approval for transactions above a certain threshold or set criteria for when a transaction should be considered complex.

Unusual pattern of transactions

Ask the business what it would consider to be unusual in relation to:

  • the types of customers it has
  • where customers are based
  • the types of transactions or services carried out
  • how customers pay
  • people acting on behalf of customers.

You should ask the business how it monitors customer activity. What management information is produced on a daily, weekly, monthly and annual basis? How and when is this information analysed and by whom? For example, who in the business monitors patterns of transactions and identifies peaks (or troughs) in activity, in particular locations, customers or at particular times? Is management information capable of highlighting activity which would be considered unusual for the business or a particular customer? If unusual activities cannot be rationally explained, they may involve money laundering or terrorist financing.

For example, when visiting a money service business that says it only deals with local customers who usually visit once a month to transmit money to family, why do the records suggest there are customers who travel from outside the area daily? You could ask questions to establish a mile radius which is considered “local” and then ask the business for further details about the customer and a record of the checks carried out, to demonstrate that the pattern of transactions is unusual.  

Your questioning will always relate to what you have learned about the business and on the records and management information available. How unusual transactions are classified and handled should be documented in the business’s policies, controls and procedures (PCP) as required by regulation 19(4)(a)(i). If it is not, there’s likely to be a breach of regulation 19, alongside any breaches of regulation 33.

Transactions with no apparent economic or legal purpose

This means that transactions don’t make commercial sense or could be linked to criminality.

For example, a wholesaler who is a high value dealer may explain that all of its suppliers are paid by bank transfers. However, it makes cash payments to a new company who has started supplying it with discounted alcohol, and who make a 600-mile round trip to collect the cash. You would need to ask the business to explain its rationale for making such payments and why the new company can’t be paid in the same way as all other suppliers. You could ask who approved the payments, whether the transactions are being monitored and if the arrangement is likely to change.

Similarly, there are numerous case studies which show that cash is received from customers established in countries which limit the amount of cash which can be used or leave the country. This would indicate that the cash doesn’t have a legal purpose. An example of this is Chinese underground banking and you can find out more information by reading the National Risk Assessment (NRA).

Checking EDD has been carried out

If you identify any customers and/or transactions which meet the explanations above, you shouldcheck that the business has identified them and carried out additional checks. If not, you will need to establish the reasons why. 

Testing EDD measures

Check that the business has:

  • as far as reasonably possible, examined the background and purpose of the transaction, and
  • increased the degree and nature of monitoring of the business relationship in which the transaction is made to determine whether that transaction or that relationship appear to be suspicious

The business should be able to evidence that these are over and above normal transaction monitoring.

Did the business consider submitting a defence against money laundering (DAML) suspicious activity report (SAR)?

You may need to ask the business follow up questions to understand the extent of the EDD measures which have been applied and the reasons for this. To test whether the EDD measures are appropriate, see the general EDD guidance.