ECSH52275 - Multi-service provider- compliance visit overview
Multi-service provider - compliance visit overview
A trust or company service provider (TCSP) offering a variety of relevant services will likely have a similar business and operating model to formation agents ECSH52175 - Company formation - compliance visit overviewbut will vary depending on the types of TCSP services it provides which are covered elsewhere in this this handbook from ECSH 52000 - Trust or company service providers.
It is common for TCSPs to offer a bundle of services to stand out in the marketplace, including:
Company formation (UK and non-UK),
Registered office,
Nominee company secretary,
Nominee director and shareholder.
Whilst it is common for the same TCSP to form a legal entity and provide a registered address for that company/entity, the more TCSP services it is asked to provide, the higher the level of risk.
For example:
A range of TCSP services being requested by a firm to add additional ownership obscurity and layers to a corporate structure, without commercial basis.
A service being requested in volume, with little commercial basis, such as for multiple or bulk company formations to the same or connected customers.
This is why TCSPs offering a suite of services are included as a distinct type of TCSP within this guidance, based on the attractiveness of anonymity services to criminals.
Customers can be a mixture of direct clients or those which use professional intermediaries (e.g. non-UK Corporate Service Providers). The risk level presented by a professional intermediary is influenced by several risk factors: products and services offered; geographic location (both of any intermediary and end user of the service); and delivery channels used.
Multi-service TCSP providers may also offer accountancy services or other supervised sector services. More information on TCSPs providing ASP or other supervised sector services can be found at ECSH52300 - Trust or company service providers (TCSPS) providing accountancy service providers or other supervised sector services.
A TCSP providing multiple services must understand and assess as part of its risk assessment, all relevant risks posed to its business as a result of each service it provides. As part of this, aTCSP must also consider how the risk posed to its business is impacted by offering different combinations of services which could be provided together, and providing any new services which the TCSP previously did not offer.
The risks posed by offering multiple and/or combinations of services, should also be reflected in the TCSP’s risk profile of each of its customers. Multi-service TCSPs are more likely to be engaged to offer several single services per customer, and in those cases are likely to see more business information or records from each customer.
Where multi-service TCSPs are engaged to offer a single service for a customer, they may only see a limited amount of business information or records from their customers from which they may identify suspicious activity.
The TCSP must consider, both at the start of a business relationship and throughout, whether a customer’s business activity, financial affairs and behaviour are in line with the rationale given at the start of the business relationship. The TCSP must also consider, under Regulation 18, the service(s) and combinations of services the customer requests, as well as the risk the customer may pose. This can help the TCSP to readily identify suspicious activity, or any changes in the way the customer is behaving to indicate they pose a greater risk to the TCSP.
At a compliance visit, an officer should seek to understand all TCSP services (relevant activity) conducted by the TCSP, how the TCSP has risk assessed each service alone and in combination, and how it manages and mitigates those risks.
Record testing should span all of the TCSP services provided. For example, where a TCSP provides formation and trustee services, records should be selected where formation services have been provided, where trustee services have been provided, and where both services have been provided together.
Where the TCSP also carries out relevant activity in another supervised sector, an officer should seek to understand the business’s compliance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017)in respect of that additional sector(s). Record testing should span all sectors of relevant services provided by the business, including where provided in combination.
General money laundering, terrorist financing and proliferation financing risks for TCSPs can be found at ECSH52125 - General risks in the TCSP sector.
At a compliance visit, TCSPs should be expected to provide an explanation for any departure from published guidance.