Recent changes mean reporting entities can now rely on customer identification procedures undertaken by reliable third parties to meet their customer identification and know your customer (KYC) obligations under the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) laws. Partner Langton Clarke explains the changes which commenced on 17 June 2021.

Reliable third party

A reliable third party only includes another reporting entity or an AML/CTF regulated foreign equivalent.

Ongoing arrangements

A reporting entity can rely on the customer identification procedures of a reliable third party on an ongoing basis where—

• the reporting entity and the reliable third party have entered into a written agreement or arrangement, known as a 'customer due diligence arrangement' (CDDA), and
• there are reasonable grounds for the reporting entity to believe the reliable third party has appropriate AML/CTF systems and controls to meet the requirements.

CDDA

A CDDA must—

• document the responsibilities of each party
• allow for the reporting entity to obtain all relevant KYC information
• enable the reporting entity to obtain a record of the customer identification procedures or other procedures specified, and
• be approved by the board or a senior management official of the reporting entity.

If a reporting entity enters a complying CDDA with a reliable third party, it will have the benefit of the safe harbour provisions.

Safe harbour

A reporting entity which satisfies the ongoing arrangements provisions is afforded a 'safe harbour' from liability for isolated or occasional breaches of the customer identification procedures. Isolated or occasional breaches are those that occur rarely and are of minor or immaterial impact.

The reporting entity remains responsible for—

• remedying isolated breaches as soon as practicable after the breach is identified
• systemic breaches that occur where a reasonable person would not consider the CDDA complies with the AML/CTF legislation
• individual breaches, where the reporting entity becomes aware, or should be aware, the third party does not have the appropriate AML/CTF systems and controls or fails to carry out the customer identification procedures to the agreed standard.

Regular assessment

A reporting entity must undertake regular assessments of CDDAs to ensure reliable third parties continue to meet the agreed requirements. These assessments must be undertaken at least every two years and consider—

• the reporting entity's risk of money laundering, terrorism financing, and other serious crimes
• any material changes to the requirements relating to the CDDA arrangements.

A material change may include publication of adverse regulatory findings against the third party, adverse media against the third party, changes in ownership or control of the third party that may affect its risk profile, or open-source information indicating a significant change in the domestic money laundering, terrorism financing, or serious crime risk environment in the country where the third party is based.

Reporting entities are required to make a written record within 10 days of completing a regular assessment to outline the findings and conclusions.

Case-by-case arrangements

To utilise the case-by-case provision, there must be reasonable grounds for the reporting entity to believe it is appropriate to rely upon the reliable third party's identification procedure. In addition, the reporting entity must have 'reasonable grounds' to believe the verification information will be made available as soon as practicable if it requests it.

The reporting entity must obtain from the reliable third party information about the identity of the relevant customer obtained while carrying out that procedure. The reporting entity must make a written record to outline how the requirements for reliance with a third party were satisfied.

Even where relying upon the case-by-case provision, it is advisable to obtain a signed statement from the reliable third party confirming it satisfies the relevant requirements, which also includes representations about the items to which the reporting entity is required to form a 'reasonable belief'.

Reliable entities utilising case-by-case arrangements will not benefit from the safe harbour provisions.

For help understanding what these changes mean for your business, please contact a member of our team.