ECSH52250 - Virtual Office Services - What you expect to see
ECSH52250 Virtual Office Services - Compliance Visit Overview
A virtual office (VO) service enables a business to access services such as a mailing address (correspondence or registered office), phone answering services and meeting rooms etc. without having the overheads associated with physical space, or the high capital costs of setting up their own office and employing their own staff.
It should be noted that “virtual office” is a generic term for these activities,and is not a term defined as such in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017). It is common for businesses offering virtual office services to also offer physical office space and phone answering services. However, it should also be noted that within these services, the only relevant MLR 2017 activity involves providing a registered office, or a business address, correspondence, or administrative address per MLR 2017 Regulation 12(2)(c).
Virtual office providers vary in size, as does the number of premises they operate from. They will usually have a website advertising their services. Some of the larger providers have an online platform to on-board customers. Typical activities include the provision of a business address and/or registered office.
Most customers are UK entities who want the ability to have a business address without the overheads of a physical office. In addition to direct customers, it is likely there will be customers who are professional intermediaries (i.e. accountants or other UK TCSPs). The risk level presented by a professional intermediary is influenced by several risk factors: products and services offered; geographic location (both of any intermediary and end user of the service); and delivery channels used.
Payment for services is normally by electronic methods, often through a third-party (i.e. WorldPay) which uses 3D secure to prevent fraud. Due to the products and services offered, virtual office providers do not have oversight of a customer’s banking records so would be unable to identify transactional risks outside that associated with the fees they charge their customers.
At a compliance visit, an officer should seek to understand all TCSP services (relevant activity) conducted by the TCSP, how the TCSP has risk assessed each service alone and in combination, and how it manages and mitigates those risks.
Record testing should span all of the TCSP services provided. For example, where a TCSP provides formation and trustee services, records should be selected where formation services have been provided, where trustee services have been provided, and where both services have been provided together.
Where the TCSP also carries out relevant activity in another supervised sector, an officer should seek to understand the business’s compliance with the MLR 2017 in respect of that additional sector(s). Record testing should span all sectors of relevant services provided by the business, including where provided in combination.
General money laundering, terrorist financing and proliferation financing risks for TCSPs can be found ECSH52125 - General risks in the trust or company service providers (TCSP) sectorECSH52125 - General risks in the trust or company service providers (TCSP) sector.
At a compliance visit, TCSPs should be expected to provide an explanation for any departure from published guidance.