ECSH33390 - Checking customer due diligence: requirement to cease transactions
If a business is unable to complete its customer due diligence (CDD) measures, it must not establish a business relationship or carry out a transaction with the customer and must terminate any existing business relationship, see ECSH 63490. It must also consider whether a suspicious activity report (SAR) should be raised.
You should ask the business if it has raised any SARs in relation to this or if it recalls any transactions which were not completed. You should review any internal SARs or records relating to the customer/cancelled transaction.
You may be able to locate transactions marked as cancelled within transactional data and discuss the reasons for this with the business. You will need to understand why this occurred and what actions the business took to decide if there is a breach of regulation 31.
(This content has been withheld because of exemptions in the Freedom of Information Act 2000)
If payment had already been received from the customer, confirm how they were refunded. For example, if the transaction was in cash, you should ask if the cash was returned to the customer. If it had already been banked, was the refund made by bank transfer? Explain to the business that if it was refunded differently to how it was paid, it could provide legitimate source of funds which is a risk of money laundering or terrorist financing (ML/TF).
Breaches
Where you establish that the business has not ceased a transaction where it should have, you should tell the business that there is a breach of regulation 31 of Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), and it must terminate the business relationship immediately.
Case study
You are conducting a check on an art market participant (AMP). For one of the transactions you are testing, the business advises you that it requested ID documents to verify the identity of individuals which the customer did not provide; the business carried out the transaction irrespective of this. A review of the bank statements shows that the transaction was completed by bank transfer.
You consider there is a breach of regulation 31(1)(a) and advise the business it should not have continued with the transaction, even if it considered there was a low risk of ML/TF and should retrospectively consider submitting a SAR, see ECSH 33600. For guidance on corresponding breaches, see ECSH33395 on specific breaches of customer due diligence.