ECSH33550 - Reliance arrangements

Introduction

During a compliance check, you should establish whether the business relies on another person to carry out its customer due diligence (CDD) measures and/or for checking company registers with a view to reporting discrepancies required by regulation 30A.

The requirements for reliance are set out in regulation 39 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017). You should ensure you read the relevant requirements in ECSH63615 Regulation 39 - Reliance which covers what to establish if a business is relying on a third party to carry out CDD, and how to test this.

It is important to note that if the business is relying on a third party to carry out CDD, it must have obtained all of the information needed to satisfy the CDD requirements in relation to its customer (regulation 28(2)), its beneficial owner (regulation 28(6)), or any person acting on behalf of the customer (regulation 28(10)); and/or the requirements under regulation 30A to report discrepancies in registers; although the records may be held by the other person who is being relied upon. Also note that reliance doesn’t extend to enhanced due diligence checks for customers deemed to be high risk. You can find more guidance on all these requirements in [ECSH33300 Checking customer due diligence].

You should discuss the arrangement with the business to establish why it is deemed necessary to enter into such an arrangement and how it satisfies itself that it can comply with its obligations in relation to CDD. Similarly, if the business is being relied upon by another business, it is important to discuss the arrangements in place and ensure it complies with record keeping requirements - see ECSH33525 Record keeping.

Understanding reliance

There are set parameters around persons who can be relied upon and what is required as part of a reliance arrangement. For example, the other person must be supervised under MLR 2017 (or equivalent measures in another country) and cannot be based in a high risk third country, unless it is a branch or subsidiary of an entity subject to measures equivalent to MLR 2017 and follows the group’s procedures – see regulation 20).

Please note, a business using an independent identity provider, for example as described in regulation 28(19)(a), is not “reliance”. You can find more information in ECSH33357 Electronic verification.

You should be careful when using the word “rely” during meetings with a business because of the specific meaning of reliance under the MLR 2017. This also applies when a business says that it “relies” on a third party. You should clarify through questioning whether the business means it has a reliance arrangement in place and whether the requirements of regulation 39 are sufficiently met, if applicable. It may be that the business has used the word “rely” (meaning it has assumed a third party is conducting the checks), but this does not necessarily mean that they have a reliance arrangement in place.

(This content has been withheld because of exemptions in the Freedom of Information Act 2000)

Case studies

Please see the case studies below.

Case study 1

An art market participant (AMP) says it “relies” on a third party to carry out its due diligence checks. Through questioning, you establish that the AMP uses an online verification platform to carry out background checks on its customers. The AMP enters its customer details (such as name, address, ID document references) into the online verification platform which will run checks (for example against the electoral roll, to identify if a customer is politically exposed or a sanctioned individual, or adverse media checks) and provide a report containing matches and red flag alerts.

This is not reliance. The AMP uses the services provided by an outsourcing company (the third-party online verification platform), see regulation 39(7). The third party is not a supervised business and therefore cannot be relied upon to carry out CDD checks on behalf of the AMP. The AMP is verifying its customer’s identity using the services of the third-party online verification platform, and these checks must be fully documented within its procedures. The AMP is liable for any failings.

Case study 2

An estate agency business (EAB) acts for a customer selling their property. The customer is a UK-based limited company who instructs a conveyancer. The conveyancer tells the EAB they have conducted CDD on the beneficial owners of the UK-based limited company. The EAB assumes that as the conveyancer carried out CDD checks and the sale went through, it does not need to carry out any additional checks.

This is not reliance. Although the conveyancer is a person who may be relied upon under regulation 39(3) of the MLR 2017, the conveyancer has not agreed to provide the EAB with the CDD on the beneficial owners. The EAB must carry out its own checks and has therefore failed to carry out CDD when establishing a business relationship.

Case study 3

A trust or company service provider (TCSP1) acts for clients who are also clients of another TCSP within its UK corporate group structure (TCSP2). To avoid duplication, TCSP1 has a reliance agreement in place with TCSP2 to carry out CDD measures on joint clients. You review the CDD information TCSP1 holds for one of these clients, and it sends copies of the CDD records, obtained from TCSP2, to you the day after your visit. You review the documents and conclude that the CDD checks carried out satisfactorily verify the customer and its beneficial owners.