CCAB sets out elevated AML standards for the accountancy sector
CCAB sets out elevated AML standards for the accountancy sector
Background and context
On 17 May 2022, the Consultative Committee of Accountancy Bodies (“CCAB”) - comprised of five UK professional services supervisory bodies[1] – published updated Anti-Money Laundering (“AML”) guidance for the accountancy sector to align with AML standards set out in the EU’s 5th AML Directive.
The key amendments made to the guidance are:
- Reducing the timeframe considered to be “as soon as reasonably practicable” in the context of reporting discrepancies in the Persons of Significant Control (“PSC”) register to Companies House from 30 calendar days to 15 working days;
- Changing statements from “should” to “must” in various instances, including within guidance for controls such as business wide risk assessment (“BWRA”), customer due diligence (“CDD”) and treatment of politically exposed persons (“PEPs”); and
- Including clarifications with respect to the application of enhanced due diligence (“EDD”) measures and reference to the UK’s high-risk third country lists.
What does this mean for firms regulated/supervised by the ICAEW, ACCA, CIPFA, ICAS and Chartered Accountants Ireland?
In BDO’s view, the shift in terminology from “should” to “must” within nine discrete guidance elements is a stepwise change and places obligation, rather than merely expectation, onto supervised firms. The repercussions associated with a breach of requirements (compared to formerly a breach of best practice) are expected to be more severe. In H1 2022 we have seen financial and professional services regulators/supervisors alike levy sizeable fines for non-compliance with requirements, and thus we expect that CCAB-supervised firms will likely want to pay close attention to these new obligations.
The impact of these wording changes have the potential to be widespread across firms’ economic crime framework, ranging from policy/procedure enhancements to deployment of additional training to introducing new controls. Some prospective downstream impacts of these changes for consideration by firms are as follows:
Control area |
CCAB paragraph |
New requirement |
Potential downstream impacts for consideration by firms |
Risk Assessment |
3.6.5 |
Firms must consider information from its AML supervisory authority when conducting the BWRA |
|
3.6.9 |
Firms must have procedures that require the BWRA to include an assessment of money laundering and terrorist financing risk upon the introduction of any new service/product |
|
|
CDD |
Appendix B, paragraph 1.2 |
For verification purposes, the original document (or an acceptably certified copy) must be seen, and a copy retained |
|
5.1.9 |
Where an individual is believed to be acting on behalf of another person, that person must also be identified |
||
5.5.1 |
If there are delays in CDD, the firm must still gather enough information to enable them to form a general understanding of the client’s identity to assess the risk of ML/TF |
||
Simplified due diligence (“SDD”) |
5.3.6 |
The firm must set out circumstances under which SDD provisions cannot be applied (e.g. suspicion of ML/TF or where the firm no longer considers there is a low risk of ML/TF) |
|
PEPs |
5.3.12 |
Appropriate risk management systems and procedures must be put in place to determine whether potential clients (or beneficial owners) are PEPs or PEPs by association |
|
People and resourcing |
3.6.10 |
Before introducing any new ways of working (such as a remote/hybrid model), firms must consider whether new controls, policies or procedures are required to mitigate any additional ML/TF risk which this may bring |
|
3.6.22 |
Firms must consider the skills, knowledge, expertise, conduct and integrity of all relevant employees both before and during their appointment |
|
In addition to changing wording from “should” to “must”, the updated CCAB guidance also:
- Defines “as soon as reasonably practicable” in the context of reporting discrepancies in the PSC register to Companies House to be 15 working days, rather than 30 days. This timeframe should allow firms sufficient time to internally discuss the identified discrepancy and determine whether it is material and reportable. The UK Government considers that material and reportable discrepancies are factual errors such a missing PSC or an incorrect correspondence address, rather than typos[2]
- Clarifies that EDD measures must be applied in relation to an occasional transaction or business relationship where either the client or another of the parties to the transaction are established in a high-risk third country and in relation to a business relationship with a client established in a high-risk third country; and
- Makes explicit reference to UK high risk third country lists (applicable following Brexit).
The shortening of the timeframe for reporting of discrepancies from 30 calendar days to 15 working days may warrant firms to re-visit the efficiency of escalation channels (such as how frequently relevant governance forums convene) to ensure that potentially material discrepancies are promptly identified, discussed internally, recorded and reported.
The clarifications with respect to EDD measures and high risk third country lists are likely to warrant updates to relevant procedures as well as staff training.
Finally, in BDO’s view it is vital for firms’ Senior Management to implement and communicate a strong compliance culture in order to embed the new expectations.
How can BDO help?
BDO’s Economic Crime Advisory team work closely with AML-regulated firms across a wide range of sectors, including professional services firms. We have a deep understanding of their businesses and the specific environments in which they operate, enabling us to act as a strategic partner, providing clear advice which is both balanced and constructive.
Our team benefits from individuals who have extensive experience in professional services firms, and recently one of team completed a six-month secondment into the Compliance function of a professional services firms to enhance its anti-financial crime target operating model . In addition to our dedicated Economic Crime Advisory team, our Head of Economic Crime has acted as the Chair of Accountancy Europe’s AML working party and is the chair of the CCAB Economic Crime Panel.
We have experience in reviewing and helping firms across the professional services sector to enhance their economic crime frameworks, including risk assessments; due diligence measures; and governance and training controls. Our services include, but are not limited to:
- Evaluating and/or enhancing the design of the BWRA to meet regulatory requirements and supervisory expectations;
- Reviewing and enhancing relevant policies and procedures, including onboarding, ID&V, ongoing monitoring and alert investigation;
- Designing and/or deploying economic crime technical training for all/any lines of defence, including senior management; and
- Supporting firms on the implementation of an effective and robust three lines of defence model
Please do not hesitate to contact a member of our Economic Crime Advisory team if you have any questions regarding how the updated CCAB guidance may affect your AML framework.
[1] The Institute of Chartered Accountants in England and Wales (“ICAEW”), the Association of Chartered Certified Accountants (“ACCA”), the Chartered Institute of Public Finance and Accountancy (“CIPFA”), the Institute of Chartered Accountants of Scotland (“ICAS”) and Chartered Accountants Ireland
[2] Further details with respect to what the UK Government considers to be a discrepancy which should be reported can be found on the UK Government website https://www.gov.uk/guidance/report-a-discrepancy-about-a-beneficial-owner-on-the-psc-register-by-an-obliged-entity#what-a-discrepancy-is