Customer Due Diligence

IPA Insolvency Practitioner newsletter AML Digest, December 2024

The main non-compliance issues that the IPA finds in relation to AML work by our supervised members is Customer Due Diligence (CDD) either not being carried out at all or completed late. Failure to carry out CDD correctly can lead to an allegation of misconduct against the IP which may lead to a financial sanction.

So, to assist in this Digest we will look at:

  1. What is CDD?
  2. What should members be doing in respect of CDD?
  3. Can CDD ever be started post-appointment or post agreement to act?
  4. What about Court or Secretary of State appointments?
  5. Is CDD required on purchasers of assets or where a third party pays funds into an estate?
  6. Dividends & distributions
  7. What are the issues that are being found in reviews and visits?
  8. Twelve simple steps to assist with compliance

What is CDD?

CDD requires you to evidence that you know and understand a customer’s identity and their business activities. CDD allows you to identify and understand where there are heightened risks of dealing with the entity and to ensure these are understood and managed effectively. The requirement under the Money Laundering Regulations is to:

  1. Identify the customer
  2. Verify the customer’s identity
  3. Assess and obtain information on the purpose and intended nature of the business relationship or occasional transaction

CDD is required whenever a relevant person (i.e an IP):

  • Establishes a business relationship (by far the most common reason for CDD)
  • Suspects money laundering or terrorist financing
  • Has doubt on the veracity or adequacy of documents (previously) provided for identification or verification
  • Carries out an occasional transaction within Art3.9 of the Funds Transfer Regulation exceeding €1,000 (very rare)
  • Carries out an occasional transaction that amounts to €15,000 or more in a single operation or several operations that are linked

You should also keep CDD under review and re-do CDD where you become aware of changes in the circumstances of an existing customer which alters your risk assessment of that customer or the circumstances of the appointment.

The Insolvency Appendix to the CCAB Guidance (CCAB Appendix F) provides a list of appointments where CDD will be required:

  • Agreeing to act as liquidator or provisional liquidator of a solvent or insolvent company or LLP
  • Agreeing to act as nominee in a Company Voluntary Arrangement (CVA) not preceded by another insolvency procedure
  • Agreeing to accept an appointment as administrator or special administrator
  • Agreeing to accept an appointment as an administrative receiver (in Scotland, receiver)
  • Agreeing to act as nominee or supervisor in an Individual Voluntary Arrangement (IVA)
  • Agreeing to act as a trustee (including interim trustee) in a bankruptcy, a sequestration or under a trust deed
  • Accepting instructions to prepare, or assist in preparing, a proposal for a CVA or IVA where appointment as nominee will be sought
  • Agreeing to act as liquidator, provisional liquidator or administrator of an insolvent partnership
  • Agreeing to act as trustee of a partnership under Article 11 of the Insolvent Partnerships Order 1994; Anti-Money Laundering and Counter-Terrorist Financing Guidance for the Accountancy Sector
  • Agreeing to act as nominee or supervisor in relation to a Partnership Voluntary Arrangement (PVA).

As can be seen the requirement for CDD in effect covers any appointment that an IP may undertake.

What should members be doing in respect of CDD?

Firstly, CDD must be conducted prior to consenting to an insolvency appointment and periodically throughout an appointment on a risk sensitive basis. Reg 30(2) makes it clear that CDD must be completed before entering into a business relationship.  That means before any letter of engagement is issued, and crucially, before any funds are paid into your client account.  Your risk starts on contact terms being agreed, so your AML risk assessment must be completed before then.  This is one of the most common AML breaches that we see.

What does CDD look like in practice? For company appointments – identify and verify the name of the company, check against the company number and other registrations for any relevant information and verify the trading and registered office addresses.

You should also know who the directors of the company and senior persons responsible for the company’s operations are, as well as beneficial owners of the company – especially where an individual or corporate body owns 25% or more of the company shares.

For individuals – confirming and verifying the identity of the individual, confirming their address(es) and any understanding any business that they undertake.

In all case files there should be:

  • Copies of all required identification documentation and/or electronic verification – clearly dated as to when obtained and for ID documentation confirmed as a true likeness of the individual (i.e. for directors, shareholders, individuals)
  • Copies of company details – Companies House search, other registrations confirmed and details held
  • Details of other searches that may have been carried out as part of CDD – OFSI search, FATF check, Individual Insolvency Register search, Google search etc.
  • A clear risk assessment document that considers the specific risks of a proposed appointment and provides an initial risk assessment for the proposed appointment on a low/normal/high basis
  • The risk assessment and documents reviewed and signed-off by the proposed appointee – and kept under review during the appointment

Can CDD ever be commenced post-appointment or post agreement to act?

The quick answer is no.

The CCAB guidance is clear that there are circumstances where CDD cannot be completed prior to an appointment and Reg 30 MLR17 also advises that verification can be completed as soon as practicable after first contact is established if this is not necessary to interrupt the normal course of business or there is little risk of money laundering.

In both instances, the word used is ‘completed’ and not started.  You should conduct as much CDD and risk assessment before you enter a business relationship, even if you do not yet have all the details, or cooperation from the relevant individuals.

The CCAB guidance lists times where CDD cannot be completed and this is specific to hostile appointments – but an initial client identification and assessment of risk is still required before consenting to act. Where there is no prior contact with a debtor or company officers/owners, guidance advises CDD should be completed within five working days.  Also check if there is any information from any other IP who assisted the company/individual.

These circumstances are uncommon and do not apply to the majority of cases that IPs deal with. Where this does apply, there must be a clear file note as part of the CDD papers to explain why CDD was not able to be completed and steps taken pre and prior to the appointment to assess the AML risk.

What about Court/Secretary of State appointments?

You can rely on the order of appointment or Bankruptcy/Winding-Up Order but this reliance does not remove the need to consider the identity of the entity/entities and assess the risk of whether money laundering has taken place and to continue to consider those risks during the appointment.

Is CDD required on purchasers of assets or where a third party pays funds into an estate?

It depends! Where assets vest in the IP (i.e. bankruptcy or sequestration) the IP is conducting an asset sale as principal and the occasional transaction requirements apply. CDD must therefore be conducted on purchasers of assets for transactions amounting to €15,000+. If you use an agent or solicitor for any sale, you can place some reliance on CDD conducted by them – but please ensure that you check that CDD has been undertaken and there are no issues.

For Liquidator, Administrator, Receiver or Supervisor appointments, the relationship is with the entity you are appointed over and not the purchaser or assets and CDD is not required to be undertaken on purchasers of assets. However, on a risk-based approach, if you have any concerns about the purchaser or the origin of any funds that may be paid to the insolvent estate, then you can always carry out CDD or ask your agent/solicitor (as appropriate) if there are any concerns that they have noted.

For third party funds payers – which is most likely in an IVA or CVA appointment, you should carry out CDD on the third party and assess any risks. Look at the relationship with the entity, consider why they are making the payments and the source of funds.  Document your findings.

Dividends/distributions?

Recipients are not clients and ordinarily CDD is not therefore required. But always consider exposure to sanctions. If you make payment to a sanctioned entity, you are committing an offence. So, for any creditors that are out of the ordinary, consider any risks and undertake checks of the OFSI sanctions list to confirm that any distribution is OK to be paid.

What is the IPA finding on visits and reviews?

There are two main issues:

  • CDD not being completed prior to the appointment or agreement to act – the establishment of a business relationship
  • CDD not being completed prior to the acceptance of funds/realisation of assets

Both circumstances tend to arise where there is no policy or an unclear policy on CDD for the firm and/or where there has been a lack of communication or training on the requirements with members of the team.

The IPA will work with IPs to correct matters and often an Advisory Notice is issued requiring the IP to amend or alter a policy or procedure to ensure that it is compliant with regulation and guidance.

Time will be given to embed a new or revised policy and the IPA will check that the policy is effective. Where the requirements are still not being met after a further inspection or check, this will likely lead to an allegation being made against an IP, with the added risk of a financial penalty being imposed.

Twelve simple steps to assist with compliance

  1. Have a clear CDD policy and procedure for the office and ensure that this is circulated to all relevant staff and check – periodically – that everyone understands the requirements.
  2. Never take funds or deal with assets until CDD work has been completed and the IP has signed off the risk assessment for the case.
  3. Ensure that ID documents, electronic verification and other CDD documents are held on file and are clearly dated prior to the establishment of the business relationship.
  4. Make sure that ID docs are annotated as a true likeness of the individual.
  5. Ensure that when a checklist is being used that it is completed correctly – don’t allow a higher risk case to be noted as ‘normal risk’. This indicates either that the due diligence work and assessment is not understood or that the office looks to avoid Enhanced Due Diligence (EDD).
  6. Where EDD is required – and this is where there is a high risk of money laundering identified, a Politically Exposed Person (PEP) or a party situated in a high risk third country – this just means that you obtain additional information on the customer, the business, the origin of funds etc. The use of Google, social media and independent third-party verification etc. will aid in EDD work.
  7. Where a case is a higher risk and EDD is required, ensure this is clear and that the risk is notified to your Money Laundering Reporting Officer (MLRO) and the case kept under close review.
  8. Use file notes to explain any anomalies, cases where there was a hostile appointment and CDD was completed post appointment or reasons why the final risk assessment is to be reduced or amended.
  9. Keep the CDD and risk assessment under review during the life of the case.
  10. Remember CDD on third party payers and where the occasional transaction provisions may apply.
  11. Keep updated on the risks to insolvency issued by the IPA or your AML Supervisory authority, and apply to CDD considerations.
  12. Use the guidance on the IPA website – especially the CCAB guidance.