ECSH34005 - How to determine if a business has taken Reasonable steps

As The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) allow a risk-based approach, there isn’t a one size fits all and this must be considered on a case-by-case basis. One of the factors that must be considered is whether the business followed published guidance. 

In some cases, you may identify a breach, but a sanction may not be appropriate because the business did everything it could to try and comply with its obligations under MLR 2017. 

Reasonable steps could also include where a business sought independent legal advice or has followed recommendations following an audit or advice from an external consultant. 

To determine whether the business has taken reasonable steps to comply, you should consider how the breach occurred, whether it could have been avoided, and who wasresponsible. You should consider the following non-exhaustive questions: 

  • Did people within the business responsible for compliance with MLR 2017 (for example senior managers, nominated officer and/or compliance officer)have an acceptable level of knowledge of the requirements of MLR 2017? 

  • Were policies, controls and procedures (PCPs) in line with  theHM Treasury approved anti-money laundering guidance for the sectors they operate in, published on GOV.UK (in relation to regulation 47 MLR 2017)? If not, why not? 

  • Does the guidance/PCPs explain the action the business should have taken? If so, why was it not followed? 

  • Did the business understand the risks of money laundering, terrorist financing and proliferation financing within the sector/s they operate?  

  • Had they read “Understanding risks and taking action” for the sector/s they operate in (in relation to regulation 17), alongside the National Risk Assessments? If not, why not? 

  • Did the business seek any advice? 

  • Has it followed previous advice? If not, why not? 

  • Has it corrected previous breaches? If not, why not? 

  • What is the business’s overall attitude and behaviour towards compliance? 

If you consider that a sanction is appropriate, you must follow the guidance in ECSH 80000 Sanctions.  

There are also “Videos and Presentations” in the EC Capability and Learning Zone to help you.