When can I undertake simplified CDD (SDD)?
This is the fifth blog in a series to help law firms grapple with the latest Legal Sector Affinity Group (LSAG) guidance on the Money Laundering Regulations.
In the previous LSAG blog, we looked at the situations which require enhanced due diligence (EDD). These are occasions where, due to a client’s risk profile, you must undertake more extensive checks than when applying standard CDD.
In this blog, we will look at the situations in which the Regulations say you may consider applying simplified due diligence (SDD). The LSAG Guidance explains that, as SDD is,“the lowest permissible form of due diligence… [it] must only be used where you have determined that the client presents a low risk of money laundering or terrorist financing.”
When determining whether the client poses a low-risk of money laundering or terrorist financing, the Regulations state that you must consider the results of the risk assessment undertaken. Specifically, you must take into account:
- The status of the client (e.g. whether they are a company listed on a regulated market, or a credit institution which is also subject to the Regulations);
- Whether the product, service, transaction or delivery channel risk factors are low; and
- The geographic risk factors (i.e. the country where the client is resident, established or registered).
Provided these factors have been taken into account, you may consider applying SDD. As highlighted on the SRA’s website, this differs from the position in the Money Laundering Regulations 2007, which allowed for SDD to be applied automatically in certain situations. This is because, whilst the presence of the factors outlined above would normally suggest the client’s risk level is low, that is not always a foregone conclusion. Furthermore, even if the client’s risk level is low, it may be inappropriate for your particular firm to apply SDD. This is because the results of your practice-wide risk assessment (PWRA) may have led to the conclusion that, due to the types of clients you deal with, or the nature of the services you provide, you should not apply SDD for your clients.
In light of the fact that there are no longer situations which automatically allow you to apply SDD, the LSAG Guidance emphasises that: “You must record your reasoning for why you have determined that it is appropriate to use SDD via your client or matter risk assessment.”
What does SDD involve?
In our third LSAG blog, we explained that, when acting for an entity, you must identify the client and take steps to understand their ownership and control structure. We used the example of a UK company, and listed the information which you would ordinarily be required to identify and verify. However, as mentioned above, there are situations where you may consider applying SDD, which means certain requirements may be dispensed with.
For example, with respect to public companies listed on regulated markets, the LSAG Guidance, referring to the Regulations, states that one need not:
- Obtain details relating to the client’s beneficial owners;
- Take steps to find out the law to which the company is subject; or
- Find out the names of the company’s directors.
Another situation in which it may be appropriate to apply SDD is when other professionals (e.g. another law firm) use your services. However, the distinction should be made between:
- Professionals using your services in their capacity as professionals (such as in relation to one of their clients, or for their firm itself), and
- Professionals using your services as private individuals.
Whereas you may consider undertaking SDD in the former situation, you should complete CDD as per any other client in the latter. Moreover, even when acting for clients in their capacity as professionals, you must remember that they should not automatically be presumed to pose a low risk of money laundering or terrorist financing.
The initial level of CDD applied is not final
Finally, even when applying SDD, the LSAG Guidance reminds us of the need to conduct ongoing monitoring:
You must carry out sufficient monitoring of the relationship or transaction to enable you to detect any unusual or suspicious transactions.
This means periodically reviewing the client’s file and considering whether their circumstances have changed. You should consider, amongst other things, whether the following have changed since your initial risk assessment:
- The client’s ownership and control structure. If there are new ultimate beneficial owners, are any of them politically exposed persons or based in high-risk jurisdictions?
- The sector the client operates in, or the products and services they offer. If these have changed, does this mean that you or your client are now more susceptible to being a target of financial crime than when the client was first onboarded?
- Has the client started working with different countries? Are any of these high-risk jurisdictions?
If the answers to any of these questions lead you to amend the client’s risk profile, so that they are no longer categorised as ‘low risk’, you should cease applying SDD. You should also apply a higher standard of CDD if, at any point in the course of a client relationship, you suspect money laundering or terrorist financing, or have reason to doubt the veracity of any information the client has previously provided
SDD in VinciWorks’ AML client onboarding solution
Simplified due diligence is not applied automatically. Rather, certain ‘triggers’ prompt users to consider if SDD is appropriate (e.g. for a client listed on a regulated market):
Users’ decisions are preliminary, and admins (compliance teams/ partners) decide if they agree with the level of CDD:
Contact us to learn more about our Client Onboarding Solution.