Recent changes mean reporting entities can now rely on customer identification procedures undertaken by reliable third parties to meet their customer identification and know your customer (KYC) obligations under the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) laws. Lawyer Jessica Fuller explains the changes which commenced on 17 June 2021.
A reliable third party only includes another reporting entity or an AML/CTF regulated foreign equivalent.
A reporting entity can rely on the customer identification procedures of a reliable third party on an ongoing basis where—
A CDDA must—
If a reporting entity enters a complying CDDA with a reliable third party, it will have the benefit of the safe harbour provisions.
A reporting entity which satisfies the ongoing arrangements provisions is afforded a 'safe harbour' from liability for isolated or occasional breaches of the customer identification procedures. Isolated or occasional breaches are those that occur rarely and are of minor or immaterial impact.
The reporting entity remains responsible for—
A reporting entity must undertake regular assessments of CDDAs to ensure reliable third parties continue to meet the agreed requirements. These assessments must be undertaken at least every two years and consider—
A material change may include publication of adverse regulatory findings against the third party, adverse media against the third party, changes in ownership or control of the third party that may affect its risk profile, or open-source information indicating a significant change in the domestic money laundering, terrorism financing, or serious crime risk environment in the country where the third party is based.
Reporting entities are required to make a written record within 10 days of completing a regular assessment to outline the findings and conclusions.
To utilise the case-by-case provision, there must be reasonable grounds for the reporting entity to believe it is appropriate to rely upon the reliable third party's identification procedure. In addition, the reporting entity must have 'reasonable grounds' to believe the verification information will be made available as soon as practicable if it requests it.
The reporting entity must obtain from the reliable third party information about the identity of the relevant customer obtained while carrying out that procedure. The reporting entity must make a written record to outline how the requirements for reliance with a third party were satisfied.
Even where relying upon the case-by-case provision, it is advisable to obtain a signed statement from the reliable third party confirming it satisfies the relevant requirements, which also includes representations about the items to which the reporting entity is required to form a 'reasonable belief'.
Reliable entities utilising case-by-case arrangements will not benefit from the safe harbour provisions.
For help understanding what these changes mean for your business, please contact a member of our team.