Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.
Sign up for our Commercial Litigation UK newsletter
You must correct or enter the following before you can sign up:
Thank You!
Law360 (May 26, 2020, 5:02 PM EDT )
Christopher Convey |
We might be on lockdown, with offices shut, schools closed and lawful business reduced to a minimum, but thieves, fraudsters and money launderers just keep doing what comes naturally to them. Many among them clearly see the pandemic as no more than a new opportunity to ply their trade.
Reports of COVID-19-related fraud suggest that it is gaining pace.[1] In March, the U.K.'s National Cyber Security Centre took down more than 2,000 online coronavirus scams.[2]
As long as criminals acquire ill-gotten gains, they will have a need to launder their proceeds. Lawyers and their practices need to maintain vigilance against anyone seeking to launder those criminal funds or channel monies toward terrorist activity.
Despite the current business conditions and the need to practice social distancing, if you are practicing as a lawyer and your work falls within the scope of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (as amended),[3] you must still comply with the statutory anti-money laundering obligations. Those obligations include the requirement to undertake customer due diligence, or CDD, in relation to a new client in order to check and verify their identity.
Customer Due Diligence Essentials
CDD is required when you undertake instructions covered by the money laundering regulations. Typically, this will be where you are instructed as an independent legal professional when participating in financial or real property transactions or you are acting as a tax adviser in relation to the provision of tax advice. In those circumstances, where you have not already verified your client's identity, you must undertake CDD. To do this successfully you need to:
- Identify your client;
- Verify their identity from reliable and independent documents, data or information; and
- Assess, and where appropriate obtain information on, the purpose and intended nature of the business relationship that you are being asked to enter into.
In carrying this out, you must address each requirement in a manner that is proportionate to your assessment of the relevant level of money laundering or terrorist financing risk in the new relationship with the potential client.
For most lawyers, the practicalities of identifying and verifying a new client are usually undertaken in person, often at the premises of the legal practice or practitioner. Yet, while the restrictions on movement and gatherings under the Health Protection (Coronavirus, Restrictions) (England) Regulations 2020[4] and the need for social distancing remain in place, such methods are unlikely to be available.
In order to assist practitioners in carrying on business while meeting their obligations under the money laundering regulations, the Legal Sector Affinity Group[5] has issued a guidance note to practitioners on how to approach CDD and the requirements of identification and verification.[6]
The guidance note advises practitioners, in the absence of face-to-face meetings, to consider using alternative methods in order to verify that the new client is who they say they are:
Practices and practitioners are reminded to adopt a risk-based approach, taking into account the contents of their practice-wide risk assessment, policies and procedures (and where necessary updating them) and the circumstances of individual clients/matters. As an alternative to face-to-face documentary verification, legal practices and practitioners may adopt or further utilise electronic means of ID&V [identification and verification] where appropriate to the risks present in the client/transaction.
Verifying a New Client Is Who They Say Are
The Legal Sector Affinity Group guidance note advises lawyers, in the absence of face-to-face meetings, to consider using alternative methods in order to verify that the new client is who they say they are. The suggested methods may be used independently or in combination:
1. Digital identification and verification services that meet the requirements of the money laundering regulations;[7]
2. Gathering and analyzing additional data to triangulate the evidence provided by the client, such as geolocation, IP addresses, verifiable phone numbers etc.;
3. Verifying phone numbers, emails and/or physical addresses by sending codes to the client's address to validate access to accounts;
4. Using live and/or recorded digital video (many reliable and free options exist for this) of the customer showing their face and original photo identification documents so that you can compare them to a scanned copy of the same document (e.g., passport or driving license).
2. Gathering and analyzing additional data to triangulate the evidence provided by the client, such as geolocation, IP addresses, verifiable phone numbers etc.;
3. Verifying phone numbers, emails and/or physical addresses by sending codes to the client's address to validate access to accounts;
4. Using live and/or recorded digital video (many reliable and free options exist for this) of the customer showing their face and original photo identification documents so that you can compare them to a scanned copy of the same document (e.g., passport or driving license).
Practitioners are reminded that, irrespective of the alternative methods they adopt, responsibility for compliance with the money laundering regulations remains with the relevant practitioner and practice. Lawyers and their practices should always ensure that they make use of only trustworthy digital processes.
Robust Processes
The guidance note suggests that a prerecorded video (see point 4 above) may be sufficient for non-face-to-face identification and verification purposes. However, non-face-to-face business relationships, transactions and "situations" are recognized as an example of a potentially higher-risk situation in undertaking CDD.[8]
Given the need to be satisfied of liveness, you would be well advised to require more reassurance than that provided by a prerecorded video. The requirements of social distancing look set to remain a part of everyday life and business practice for the foreseeable future. As a result, non-face-to-face business relationships, transactions and "situations" look set to become the norm for some time to come. You and your clients will need to be able to recognize and address the associated money laundering and terrorist financing risks inherent in this new business model.
Record-Keeping
You should also ensure that you keep a record of the CDD steps taken and the verification provided, so that you can evidence the processes that were followed, for example, in any video calls that are made.[9]
Elevated Risk and Enhanced Due Diligence
You should also consider that the steps set out above may not be appropriate or sufficient on their own where there is an elevated risk of money laundering or terrorist financing. The requirement to apply enhanced due diligence will remain in the case of some potential clients.
Where this greater level of due diligence is needed, more robust methods of identification and an increased number of reliable and independent documents, data or information may be required for verification in order to ensure that you have met your CDD obligations. An example of a situation where such a need would arise would be where the new client is resident in a high-risk third country[10] or is a so-called politically exposed person.[11]
It is vital for practitioners to meet their CDD obligations and maintain compliance with the money laundering regulations. If you or your client are in doubt as to what is required, you should not hesitate to obtain independent legal advice from an experienced practitioner.
Christopher Convey is a barrister at 33 Chancery Lane and chair of the Bar Council's Money Laundering Working Group.
The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients, or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.
[1] https://www.interpol.int/News-and-Events/News/2020/Unmasked-International-COVID-19-fraud-exposed; https://www.bbc.co.uk/news/technology-52319093.
[2] https://www.bbc.co.uk/news/technology-52361618.
[3] http://www.legislation.gov.uk/uksi/2017/692/pdfs/uksi_20170692_en.pdf
[4] http://www.legislation.gov.uk/uksi/2020/350/contents/made
[5] The Legal Sector Affinity Group is the publisher of the HM Treasury approved legal sector wide Money Laundering and Terrorist Financing Guidance.
[6] https://www.barcouncilethics.co.uk/wp-content/uploads/2017/10/AML-COVID-19-Advisory-note-for-the-legal-sector.pdf.
[7] Regulation 28(19) "… secure from fraud and misuse and capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity."
[8] Regulations 33(1)(a) & 33(6). The potentially higher-risk status of non-face to face business relationships was recently reaffirmed in the Financial Action Task Force Guidance on Digital Identity, Paris 2020 §10, www.fatf-gafi.org/publications/documents/digital-identity-guidance.html.
[9] Where personal information is retained, for example passport details or digital imaging, you should obtain consent from the data subject for the capture and storage of this information and have due regard to the data protection obligations upon you as data controller.
[10] Regulation 33(1)(b).
[11] Regulation 33(1)(c).
For a reprint of this article, please contact reprints@law360.com.