APPLICATION AND TIMING OF CUSTOMER DUE DILIGENCE MEASURES (WHEN) 5.8 Identification and verification of identity procedures (together termed as “ID

procedures”) should normally be completedbeforeentering into abusiness relationship. This applies also to occasional transactions. ID procedures are also required at other times, for example, when there is a suspicion ofmoney laundering orterrorist financingor where there are doubts about the sufficiency of identification information already held. If it is concluded the information held is insufficient, the businessshould remedy this as soon as is practicable. Should a suspicion be developed about theclient,businesseswill need to consider whether they are satisfied that the information already held is sufficient and up to date or whether any additional or updated information is required in respect of theclient(s)in question in order that the information required by Regulation 5 (customer due diligence) is met. In particular, in any case where suspicion is developed,simplified due diligence may no be longer be applied. This means ifsimplified due diligence had been applied, additional information will need to be collected in accordance withbusinesses’risk- based procedures.Businessesmust bear in mind in conducting thiscustomer due diligencework the need to avoid disclosing that amoney launderingreport has been made, or that an investigation is underway, or may be commenced (see section 2.17- 2.21 Tipping Off).

5.9 The2007 Regulationsallow for completion of ID procedures ’during the

establishment of abusiness relationship’ rather than before if the measures are completed as soon as practicable after the initial contactbut onlywhen such a process is necessary not to interrupt the normal conduct of business and there is little risk ofmoney launderingorterrorist financingoccurring.Guidanceon how this might reasonably be applied in the case of provision of thedefined servicesis provided below, although this is not intended to be prescriptive, or exclusive. Businesses should not complete any assignment for aclient(eg, including transfer ofclient monies or delivery of work product) beforecustomer due diligencehas been carried out in full in accordance with thebusinesses’procedures.

5.10 If procedures are not completed before entering abusiness relationship,businesses and theirclientsmay suffer considerable cost and inconvenience in having to

terminate a relationship if ID procedures either cannot be completed, or where the results are unsatisfactory.

5.11 Customer due diligenceshould also be completed before undertaking occasional services for theclientthat do not form part of an ongoingbusiness relationship. Businessesmust understand why theclientrequires the service, the identities of other parties that might be involved, and any potential formoney launderingthat may arise.

When delay may be acceptable

5.12 In forming newbusiness relationships, there are some cases where delaymaybe acceptable, such as in urgent insolvency appointments, and urgent appointments that involve ascertaining the legal position of aclientor defending theclientin legal proceedings.

5.13 In such cases,businessesshould still gather enough information to allow them to at least form a basic assessment of the identity of theclientandmoney launderingrisk and to complete other acceptance formalities such as considering the potential for conflicts of interest.

5.14 In other cases, where the majority of information required has been collected before entering abusiness relationship, short time extensions to complete collection of remaining information may be acceptable, provided this is caused only by

administrative or logistical issues, and not by any reluctance of theclientto provide the information and is necessary not to interrupt the normal course of business. Such extensions should be exceptional, rather than the norm. It is recommended that such extensions of time are considered and agreed by a member of senior management or theMLROto ensure the reasons for the extension are valid and do not give rise to concern over the risk category of theclientor the potential formoney laundering suspicion.

5.15 If evidence is delayed (rather than refused),businessesshould consider;  the credibility of theclient’sexplanation,

 the length of delay,

 whether the delay is in itself reasonable grounds for suspicion ofmoney launderingrequiring a report toSOCAand/or a factor indicating against acceptance of theclientand engagement, and

 documenting the reasons for delay and steps taken. Non-compliance through client refusal

5.16 If a prospectiveclient refuses to provide evidence of identity or other information properly requested as part ofcustomer due diligence, thebusiness relationshipor occasional transaction must not proceed any further and any existing relationship with theclientmust be terminated (but see sections 5.56 – 5.59 on insolvency cases). Consideration must be given as to whether a report needs to be made to SOCAunderPOCAorTA 2000.

5.17 Where the appointment is of either a lawyer orrelevant professional advisorin the course of ascertaining the legal position for theclient, or performing the task of defending or representing theclient in or concerning legal proceedings (including advice on instigating or avoiding proceedings) the requirement to cease acting and consider reporting toSOCAdoes not apply althoughcustomer due diligence information will still need to be collected within the time constraints in Regulation 9. Businessesare advised to consider the position very carefully before applying this exception to ensure that the type of work and their professional status fall within the definitions set out in Regulations 11(2) and (3).

Continuing customer due diligence

5.18 In addition to considerations before entering abusiness relationship,customer due diligencemust be exercised on an ongoing basis during the relationship, as part of regular monitoring ofmoney launderingrisks or occasioned by theclientundergoing significant changes.Businessesmay wish to consider reviewingcustomer due diligenceand otherclientinformation on a periodic basis, as well as in response to perceived risks.

5.19 Changes such as the appointment of new senior managers or shareholders and/ or controlling parties, changes in theclient’sstrategy or changes of business profile should promptbusinessesto re-applycustomer due diligenceprocedures. These may differ from those adopted for a newclient, and although there may be a change in focus the objective remains the same: to have a sound understanding of the client’sidentity and activities in order to assess risks ofmoney launderingand to have accurate underlying records.