Economic Crime Supervision Handbook

ECSH53175 - Compliance checks during an estate agency business intervention

You should refer to ECSH33000 when considering how to test compliance with The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) during a compliance intervention.  

The information below is supplementary and focuses on specific circumstances you may come across during a compliance intervention.  

You should seek to understand all estate agency business (EAB) services (relevant activity) conducted by the business, as well as any other services it provides within scope of MLR 2017, such as letting agency business (LAB) activity. You must understand how the business has risk assessed each area of its relevant activity and how it manages and mitigates those risks. Record testing should span all the relevant activity the business undertakes. For example, where an EAB sells properties and also provides LAB services, records should be selected from both EAB and LAB services. 

(This content has been withheld because of exemptions in the Freedom of Information Act 2000)

General money laundering, terrorist financing and proliferation financing risks for EABs can be found at ECSH53125. 

Guidance

HMRC’s guidance for Estate and Letting Agent Businesses gives information to assist EABs in complying with their obligations under MLR 2017. This is available on gov.uk.

HMRC’s assessment of the MLR risks relevant to the EAB sector (‘Understanding Risk and Taking Action for Estate Agent Businesses) is published here.

EABs must take these publications into consideration as part of their compliance obligations under MLR 2017.  A compliance intervention to a EAB should therefore include establishing whether and to what extent they have considered these publications and followed their guidance. EABS should be expected to provide an explanation for any departure from this guidance.

Generic Risk Assessment (RA) and/or Policy, Controls and Procedures (PCPs) documents

You may find that an EAB has purchased RAs and/PCP documents from one of a number of firms that operate in producing these for the estate agent sector. These may be produced to you as evidence of compliance with the MLR 2017. These types of documents are often generic in nature and do not properly assess, or mitigate and manage the specific risks to which the business is subject, as required by the MLR 2017. For more information on checking RAs and PCPs see ECSH32625 and ECSH32650.

Customer Due Diligence (CDD)

Regulations 27 and 28 MLR 2017 set out CDD obligations of a relevant person, which for an EAB is the buyer and seller. Section 6 of the EAB guidance provides detailed information on the specific checks that a business should consider implementing to demonstrate that satisfactory CDD and enhanced due diligence (EDD) measures have been conducted. A relevant person’s EDD obligations are set out in regulation 33 MLR 2017.

It is also necessary for an EAB to demonstrate that sufficient information on the, property and transaction itself has been risk assessed in relation to possible involvement in money laundering, terrorist or proliferation financing activity. Once an assessment has been put in place, ongoing monitoring must be carried out to confirm that the risk has not altered or to identify changes which may warrant additional risk mitigation measures.

HMRC’s ‘Understanding Risk and Taking Action for Estate Agent Businesses include non-exhaustive lists of potential risk factors for EABs to consider when determining appropriate risk based CDD measures.

Suspicious Activity Reports (SARs)

The Proceeds of Crime Act 2002 (POCA) creates an offence of failing to make a report of suspicious activity.This applies to nominated officers and employees of EABs. Under MLR 2017, a business must have PCPs in place requiring everyone within the business to comply with their obligations under POCA. If employees, including the employees of agents, know or suspect, or have reasonable grounds for knowing or suspecting, that another person is engaged in money laundering or terrorist financing and that information comes to them in the course of the business, they must make a suspicious activity report.

Under MLR 2017 a regulated business must appoint a nominated officer to receive reports of suspicious activity from staff.The business’s nominated officer, or their appointed alternative, must consider all internal reports. The nominated officer must make a suspicious activity report to the National Crime Agency (NCA) as soon as it is practical to do so, even if no transaction takes place, if they consider that there is knowledge, suspicion or reasonable grounds for knowledge or suspicion that another person is engaged in money laundering, or financing terrorism.

The business must consider whether it needs to seek a defence against money laundering or terrorist financing offence (DAML) (formerly known as a consent SAR) from the NCA before proceeding with a suspicious transaction or entering into arrangements.

Discrepancy Reporting 

Regulation 30A MLR 2017 requires EABs to report material discrepancies regarding its customers to Companies House. A material discrepancy is when the information a EAB holds on a customer is significantly different to the information recorded by Companies House about a person of significant control (PSC) of a company, or a registrable beneficial owner of an overseas entity, e.g. a difference in name, date of birth or nationality. 

Detailed information can be found here.

Training

Where the EAB has employees, the EAB should be assessed for compliance with the training obligations under regulation 24 MLR 2017. You may find that a EAB has purchased training material from one of several firms who either produce it for the letting or property sector or produce generic anti-money laundering (AML) training. In all cases, the training provided to staff of a EAB must be recorded. Training must include how the EAB has made their employees aware of MLR 2017 and data protection laws and be appropriate for employees to be able to recognise and deal with transactions/activities/situations which may be related to money laundering or terrorist/proliferation financing.  

Records

In some circumstances, it may be necessary to request the EAB’s records of transactions, identity verification, property ownership documents etc. It would be reasonable for an officer to ask to see the documents to verify that the business has been following its own risk assessment process, and abiding by its policies, controls and procedures. It would be reasonable to ask to see the documents to verify this, as the request has an MLR related purpose (testing of CDD and ongoing monitoring of a business relationship measures). 

It is reasonable in all cases however, to ask to see evidence that the EAB has verified the identity of the buyer or seller as part of their CDD measures. Where the EAB has written AML policy documents, risk assessment documents and spreadsheets compiled for ongoing monitoring purposes, these should be inspected.

For more information on powers under regulation 66 MLR 2017, please see ECSH71500.

For more information on checking records, see ECSH33500.

General Data Protection Regulations (GDPR)

An EAB may have concerns that by keeping records relating to its customers for the periods and purpose as specified in MLR 2017, or by sharing records during a compliance visit, this may breach their GDPR obligations. In this case, the EAB should be referred to regulation 72(2) MLR 2017. Regulations 72(2) and (3) MLR 2017 provide that a businesses’ compliance in providing information pursuant to regulations 66, 69, 70, 74A or 74B MLR 2017 does not carry with it a civil liability for breaching GDPR obligations, nor does that provision of information automatically breach restrictions on the disclosure of information.

Further information on GDPR and its impact on businesses can be found at ECSH10500 and record keeping obligations at ECSH33520.