Anonymised Anti-Money Laundering (AML) case studies, to assist members in reviewing AML policies and procedures, are available on our enforcement notices page – click here.

Anti-Money Laundering Case Studies

Case Study 1

Area of Concern

Regulations 27 & 28 of the 2017 Money Laundering Regulations require the application of Customer Due Diligence (CDD) measures to identify and verify the identity of the proposed client. Copies of the CDD documentation should be held to evidence verification of identity.

Position

A case file reviewed as part of an inspection visit did not have copies of the CDD identification documentation. As such there was no evidence that Regulations 27 & 28 had been followed.

Result

The issue was flagged to the member as an Advisory Notice requiring remediation, and updated CDD documentation was obtained and added to the file.

Requirement

Members must ensure that proper CDD work is carried out prior to taking on a new appointment or advice work, and they should ensure that copies of the CDD documentation are held on the case file. It is recommended that the any CDD policy makes is clear that such documentation should be clearly held on file.


Case study 2

Area of Concern

Regulation 27 of the 2017 Money Laundering Regulations requires the application of Customer Due Diligence (‘CDD’) measures to identify and verify the identity of a proposed client. Regulation 30 advises that the requirement to verify must be carried out prior to the establishment of any business relationship, i.e. the taking of an appointment, unless the appointment is urgent or there is little risk of money laundering.

Position

A member was appointed as Liquidator of a company and sold the assets to the former director of the company as sale under Statement of Insolvency Practice (SIP) 13. The CDD documentation was requested prior to the appointment, but was not received until after the appointment and SIP 13 sale had completed.

Result

The issue was flagged to the member as an Advisory Notice and the firm’s CDD policy was updated to confirm that where there was no urgency to the appointment – as in this case – the CDD work must be completed before undertaking any work on the assignment.

Requirement

Insolvency is considered to be a high-risk area for money laundering, so no case should fall into the area where CDD is not required prior to the commencement of an appointment, even if it is believed that there may be a low risk of money laundering. Where an appointment is urgent – such as where an appointment is made at a decision procedure for an Insolvency Practitioner (IP) to be appointed instead of the nominated IP – CDD work can be undertaken post-appointment, but must be completed as soon as reasonably practicable thereafter.


Case study 3

Area of Concern

Employment of new members of staff – AML training under Regulation 24 of the 2017 Money Laundering Regulations.

Position

A member had employed new members of staff, but there was no evidence that they had undertaken AML training and been provided with details of the firm’s AML policies and procedures.

Result

The member noted this during the visit, and the policies and procedures were provided and training set up for the new staff members. Due to the actions during the visit, the matter was flagged to the member as a minor finding, and they received a reminder to ensure that new members of staff receive effective AML training and are made aware of the firm’s AML policies and procedures.

Requirement

Regulation 24 requires appropriate measures to be taken to ensure your employees are made aware of the law relating to money laundering, the requirements of data protection and that they regularly receive training on how to recognise and deal with transactions and other activities or situations which may be related to money laundering. Remember you must have a written record of the training undertaken. Policies, controls and procedures are required under Regulation 19, and steps must be taken to communicate these policies and any changes within your firm.


Case study 4

Area of Concern

Regulation 30(3) of the 2017 Money Laundering Regulations relates to where Customer Due Diligence (CDD) can be completed prior to commencing an insolvency appointment of advice work, but where there is a hostile appointment (ie where the appointment is being made without the consent of a company’s directors), the CDD work must be completed as soon as reasonably practicable.

Position

A member was appointed as Administrator over a company, and the appointment was a hostile appointment by the secured creditor. Whilst searches were carried out at Companies House, via Smartsearch and Office of Financial Sanctions Implementation (OFSI) checks, no identity or verification of identity was carried out. There was also no request from the secured creditor for confirmation of any searches that they had undertaken to provide some comfort and reliance on third party checks.

Result

The member met with the directors and completed identification checks of the directors and was able to evidence the work undertaken. As such, the issue was noted to the member as a minor finding with a reminder to ensure that where there is a hostile appointment, CDD work is carried out as soon as reasonably practicable.

Requirement

Whilst most appointments can be planned and CDD work undertaken prior to an appointment, there will be a very small number of occasions where CDD cannot be completed prior to an appointment. Members must ensure that they complete CDD as soon as practicable post-appointment and ensure that the case risk assessment is kept updated and file notes are held to evidence work carried out to complete CDD work.

Members are reminded of Regulation 31, which is clear that where CDD cannot be completed, the business relationship must not be established.


Case study 5

Area of Concern

Regulation 28(11) of the 2017 Money Laundering Regulations requires Client Due Diligence (CDD) checks to be kept under review, and consideration is also required of the ‘Person with Significant Control’ (PSC) on Companies House, as required under the 5th Money Laundering Directive.

Position

A member was appointed as Liquidator of a Members Voluntary Liquidation (MVL), and there was a change in director between the engagement and appointment, but the CDD checks were not updated and kept under review. The change also meant that the PSC did not match the details held on Companies House.

Result

The member provided updated copies of CDD documentation and an updated case risk assessment, and was provided with a reminder to ensure that CDD was kept under review as part of any case as per Regulation 28(11).

Requirement

Members must ensure that CDD is kept under review as part of any appointment, and updates of documentation requested where required. It is recommended that reviews of CDD and the case risk assessment are carried out as part of a review of the case file and that the review is evidenced as being completed. Members should also remember that where there is a discrepancy in the PSC between the details on Companies House and the details you have been provided, you have a duty under the 5th Money Laundering Directive to report the discrepancy to Companies House. Details of how you can carry this out, can be found here.


Case Study 6

Area of Concern

Under Regulation 18 of the 2017 Money Laundering Regulations, all firms that deal with insolvency must have a risk assessment which identifies and assesses the risks of money laundering to which its business is subject, and this assessment must cover the areas listed in Regulation 18(2).

Position

A member’s firm’s risk assessment did not consider the particular services provided and the level of risk of those services highlighting areas where the risk was deemed to be increased so that staff could fully consider the AML risks on an individual case level.

Result

The member updated the firm’s risk assessment to cover the areas under Regulation 18 and circulated the updated assessment around the teams to highlight the areas where a higher risk of money laundering could be found. The member was reminded to ensure that the risk assessment was subject to at least an annual review and updated to consider the change in risk of work undertaken.

Requirement

Every firm should have an assessment of the risks. There will be general risk areas but there may be specific types of cases that are undertaken, and it is key that the money laundering risk of the specific work is considered, assessed and highlighted as part of any Regulation Assessment document.

Members will be aware that, as part of licence renewal, a copy of the current Regulation 18 firm risk assessment is required to be provided. The IPA will be reviewing risk assessments and following up on any that appear to be non-compliant with the member, to require immediate remediation action.


Case Study 7

Area of Concern

Training of furloughed staff as per Regulation 24 of the Money Laundering Regulations.

Position

The member had some furloughed members of staff who did not undertake AML training provided during the period of furlough.

Result

The member was reminded that when the relevant members of staff were taken off furlough and were brought back to work, they must undertake the AML training. When the training has been undertaken, the firm’s training record must be updated to evidence the training having been taken.

Requirement

Whilst this is a matter that is highlighted due to Covid, the same position would also apply to staff on maternity or paternity leave, or long-term sick who return to the office. It is important that any returning members of staff undertake the required AML training and that you ensure that the training record is updated to evidence the training has been fully rolled out.


Case study 8

Area of Concern

The carrying out on of an audit of AML policies and procedures under Regulation 21 of the 2017 Money Laundering Regulations.

Position

A member’s AML internal policy was that an external consultant would audit the firm’s AML policies and procedures every 2-3 years, but there was no evidence of any external audit being carried out.

Result

The member was asked to provide details of the last audit, confirm the date of the next audit and provide a copy of any recommendations for amendment to policies and procedures so that these can be monitored to ensure they are introduced effectively.

Requirement

Regulation 21 applies, where appropriate, with regard to the size and nature of a business and requires a member of senior management or a Board member to be appointed to ensure compliance by the firm with the 2017 Money Laundering Regulations. Reg21(1)(c) advises the need to establish an independent audit function to examine and evaluate the adequacy and effectiveness of policies and procedures, and make recommendations for improvement.

Where an independent audit function is in place, you must make sure that this is carried out. It is recommended to have policies and procedures independently checked to ensure that they are robust, effective and provide clear guidance to staff on responsibilities.


Case Study 9

Area of Concern

Reliance on third parties to have undertaken Customer Due Diligence (CDD) measures required under Regulation 28 of the 2017 Money Laundering Regulations.

Position

A member relied upon a third party to carry out CDD on a transaction but failed to obtain from the third party the information needed to satisfy the requirements of Regulation 28.

Result

The member was reminded of the requirements of Regulation 39 of relying on a third party to carry out CDD work, and an amended CDD policy was provided to evidence that the requirement was part of the firm’s procedures.

Requirement

A member can rely on a third party to carry out CDD work as Regulation 39 makes that clear. However, Regulation 39 also requires that you must immediately obtain from the third party all the information needed to satisfy the requirement of Regulation 28 and that you must enter into arrangements with the third party which enable you to obtain immediately on request copies of any identification and verification data and requires the third party to retain the records for a period of five years from the date that the business relationship (i.e. closure of the estate) has ceased.


Case Study 10

Area of Concern

Failure to carry out a case risk assessment for a Court work case.

Position

A member was appointed as Trustee of a Bankruptcy estate. Whilst the member could rely on the work by the Court to verify the bankrupt’s identity, the member did not undertake an assessment of the money laundering risks for the case or keep the Customer Due Dilligence (CDD) and risk assessment under review during the appointment.

Result

As this was a single instance, the member was reminded that a risk assessment to consider any risks that may arise from the appointment must still be held, even where it is a Court instigated appointment.

Requirement

Where there is an appointment as Trustee of a Bankruptcy estate or Liquidator of a Compulsory Liquidation, you can place some reliance on the order of appointment and Court Order as to verification of identity, but this does not remove the need to consider if money laundering has taken place, or consider and assess the risk that may arise during the course of the appointment.