Body
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.
Legal affairs
National regulatory framework regarding AML and effective date of the regulations
Although the UK is no longer a member of the EU the UK Government has effectively transposed the Fifth Money Laundering Directive directly into UK law and this has been in force since 2021. The regulatory regime is therefore almost completely consistent with other EU states.
National regulator or relevant authority for AML controls
The UK does not have a simple central regulatory authority to monitor AML rather instead devolving responsibility to each relevant professional body. In the case of Solicitors this is the Solicitors Regulation Authority (“SRA”), financial institutions the Prudential Regulation Authority (“PRA”), etc.
Customer Due Diligence
Conduct of a typical KYC identification process
Customer Due Diligence is similarly devolved and individual professional bodies are responsible for putting in place an appropriate regulatory framework which then membership is expected to implement.
The KYC process in the UK is essentially risk based. There are no minimum standards. The normal methodology is some form of photo identification (passport/driving licence) plus two additional forms of identification usually utility bills verifying the applicant’s home address. If however it is clear that the person in question is for example a PEP (Politically Exposed Person) then it is expected that a more detailed enquiry will be undertaken to verify that person’s identity.
Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations
It is not possible to meet such requirements by simple reliance on a third party, all enquiring organisations are responsible for their own due diligence.
Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)
It is not legally possible to delegate the responsibility of customer due diligence to a third party even if the third party may be utilised in compiling any relevant information upon which an assessment is formally made. As above the legal responsibility remains the responsibility of the enquiring organisation.
Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence
There are no specific licence or registration requirements for any third party although clearly if any such party is seeking to provide appropriate services it will be commercially prudent for it to be fully appraised of the relevant regulations applying in that particular professional sector.
Further questions
Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)
N/A