A number of queries seeking further information and clarification have been received by the Society following the publication of the eZine article of March 2013 entitled ‘AML – no exemption for existing clients’.
The intent of the article was to broadly remind members that, where a firm provides an AML regulated service, they must carry out statutory AML client due diligence (CDD). It had come to the attention of the Law Society that some firms mistakenly believed that, if a client was an existing client or was personally known to the solicitor, then there was no need to carry out any AML CDD at all (that is, any of the four general CDD duties, including verification of identity).
This note is intended to complement the eZine article – to clarify and reiterate in greater detail that there is no exemption for existing clients from the AML statutory regime.
The Criminal Justice Act 1994 as amended
In the Criminal Justice Act 1994, as amended, there was no explicit provision stating that existing clients were exempt from the AML requirements of the 1994 act. Section 32 of the 1994 act set out the statutory AML obligations to be undertaken by designated bodies and, in respect of the identification of clients, section 32(3) stated: “A designated body shall take reasonable measures to establish the identity of any person for whom it proposes to provide a service of a kind mentioned in subsection (2) of this section.”
The use of the term ‘reasonable measures’ in section 32(3) – a term that was not clarified or expanded upon elsewhere in the 1994 act –- along with the non-retrospective application of the provisions, led to the widely accepted interpretation that existing or known clients were excluded from the statutory requirement of taking reasonable measures to establish the identity of clients. This interpretation arose from the particular manner of implementation of the AML provisions contained in the 1994 act (sections 31, 32, 57, 57A and 58), whereby the general elements of the statutory requirements were set out in the 1994 act, but the details of how to implement the requirements were set out in non-legally binding Money-Laundering Guidance Notes issued by the Money-Laundering Steering Committee (MLSC), which was chaired by the Department of Finance.
The Guidance Notes for Financial Institutions issued in May 2003 by the MLSC clearly stated at paragraph 36: “A credit institution is not expected to retrospectively establish the identity of persons who were already customers on the 2 May 1995. Credit institutions should, however, note that, on the good practice principle of ‘know your customer’, it is expected that they will be aware of who it is they are dealing with as customers.”
This approach was generally accepted across all relevant sectors of designated bodies subject to these obligations, including solicitors. The AML statutory regime as set out in the 1994 act was applied to solicitors from 15 September 2003 (SI 242 of 2003).
Criminal Justice (Money Laundering and Terrorist Financing) Act 2010
A different approach to the prevention of money laundering is evident in the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010. This act repealed the relevant money-laundering sections of the 1994 act and introduced a comprehensive statutory AML regime in their place. In contrast to the 1994 act, the 2010 act sets out in extensive detail what measures must be taken in carrying out statutory measures of what is now termed ‘customer due diligence’ – see sections 33 to 39 of the 2010 act.
In respect of the statutory requirement of ‘identification and verification of customers and beneficial owners’, there is no exemption for existing or personally known clients contained in the detailed steps set out in sections 33 to 39 or elsewhere in the 2010 act. In further contrast to the relevant provisions of the 1994 act, there are clearly defined exemptions from the identification requirements in respect of a ‘specified customer or specified product’ to be found in the 2010 act, all of which are listed in detail in section 34, that is, simplified CDD – but none of these exemptions relate to ‘existing’ or personally known clients.
The guidance notes issued by the Department of Finance in February 2012 for credit institutions in respect of the 2010 act emphasise the need for acquiring and/or updating CDD information in respect of existing clients, stating (at page 21): “Designated persons must carry out CDD before establishing a business relationship with a customer. In effect, designated persons should have reliable CDD information for an existing customer prior to carrying out any service for such a customer. Designated persons should monitor their dealings with existing customers, keep CDD information up to date as warranted by the overall knowledge the person has of the customer, the nature of the business relationship, and the risk of money laundering or terrorist financing.”
As there is no exemption in the 2010 act (either by way of explicit provision or otherwise) from the application of AML CDD to ‘existing clients’ or to those clients personally known to the solicitor, the Society believes that solicitors are obliged under the 2010 act to undertake AML CDD (the four standard obligations of CDD, including identification and verification) in relation to these clients. This means that, for all new instructions relating to AML regulated legal services, even where the client is personally known to the solicitor or the solicitor may have acted for the client in the past, AML CDD should be applied.
The Society’s guidance notes for solicitors (in relation to the 2010 act)
The guidance set out at paragraph 3.9 (referring only to the ongoing monitoring process and verification of identity on a risk-sensitive basis for existing clients who were previously exempt from identification) relates to the immediate period of time after the commencement of the 2010 act on 15 July 2010. At that point in time, there may have been ongoing AML regulated transactions that had started before the 2010 act commenced (between September 2003 and July 2010), and which involved clients falling within the old exemption of being personally known or ‘existing’. For this very specific type of transaction, it was considered that the ongoing monitoring of the legal service that was in the process of being provided would generally prove sufficient. The majority of these kinds of AML regulated transactions (commenced prior to July 2010) are presumably completed by this time.
It is not intended that retrospective verification of identity of this category of ‘existing client’ should be undertaken for past and completed transactions, nor would it be necessary.
However, if such a client (deemed ‘existing’ on the basis of past provision of legal services or a client who is personally known) should approach the firm for further services within an AML regulated legal service area, AML CDD measures are necessary, including the statutory duty to identify and verify the identity of such clients. This means that:
- If a client is personally known to the solicitor, AML CDD should nonetheless be applied to the client, including the requirement for identification and so on,
- If a client is categorised as existing because legal services were previously provided to them at a time before 15 July 2010, and this client later seeks further legal services, AML CDD should be applied, including the requirement of verification of identity. Depending on when legal services were previously provided to the client, identification and verification may be carried out for the first time or previously obtained identification material may have to be updated.
Generally, keeping identification material up to date means that solicitors may have to review it when taking new instructions from a client if there is a gap of over three years between instructions or if the firm receives information of a change in identity details (see paragraphs 3.10 to 3.13 and 5.44 to 5.47 of the Society’s guidance notes.)
In respect of the verification of identity obligation, the Society’s guidance notes offer practical guidance to solicitors at chapters 5 and 6. As stated in the guidance notes at paragraph 6.5, the basic underlying principle is that the solicitor must be satisfied that the client (individual or corporate entity) is who they say they are and, in order for a solicitor to limit any potential exposure s/he may have under the 2010 act, there should be identification evidence on file to support this:
“The general principle is that a solicitor should establish satisfactorily that he is dealing with a real person or organisation (natural, corporate or legal) and obtain identification evidence sufficient to establish that the client is that person or organisation.”
Identification is a process by which a solicitor obtains information from the client to establish who the client is. Besides the basic identification documentation such as a passport, other supporting identity information can be accumulated over time (for example, family circumstances, business career, physical appearance, and so on). Verification is the means by which a solicitor establishes that this information is correct based on evidence provided by the client or obtained by the solicitor independently of the client. Chapters 5 and 6 of the Society’s guidance notes provide detailed guidance in respect of both aspects of this statutory obligation.
Finally, as a matter of best practice and risk management, the Society is of the view that solicitors ought to identify all clients to whom they wish to provide any legal service. Chapter 6 of the Society’s guidance notes provides guidance in this respect.