Motor Finance JMLSG Update
The Joint Money Laundering Steering Group (JMLSG) have updated an annex in their sector guidance for motor finance (Annex 11-1). It can be difficult for practitioners to understand what has actually been updated in these scenarios so below we provide a summary of the changes made in the JMLSG guidance.
1. The occasional transaction limit (when CDD must be carried out) has been increased from €10,000 to €15,000. To note this is for a single transaction or transactions that appear to be linked. Practical questions:
Have you reflected this monetary change in our procedures and systems?
How are you tracking exchange rate fluctuations?
How are you identifying potential ‘linked’ transactions?
2. Any transaction with someone from a high risk third country should be subject to EDD. Do you have processes for identifying and keeping up with changes to countries on this list?
3. There is now a clear split between due diligence requirements on individuals and businesses, with a new section for businesses. It focuses on the identification and verification of ultimate beneficial owners (UBOs). Key messages include:
Regarding the verification of UBOs a firm cannot solely rely on information contained on Companies House. This makes sense as Companies House is simply self-declaration.
If a firm uses Companies House data and notes a discrepancy between what is on Companies House and what the customer advises, an update must be provided to Companies House.
Firms may want to verify the identity of directors or controllers – dependent on risk.
Regarding obtaining digital ID, to start with firms need to assess whether this is suitable for its client base. If this is the case, firms need to be satisfied the digital ID service provider’s solution is reliable, accurate, independent of the customer and capable of providing a suitable level of assurance to the firm.
Generally speaking a single database – e.g. electoral register check – is not enough on its own to verify identity.
Tests using biometric data e.g. matching photos or live video against ID are specifically listed as examples of how to prove identity.
Practical takeaway questions:
Do you have a clear risk-based process for verifying the identity of UBOs, Controllers and Directors?
If you use Companies House as a data source, do you have a process for reporting discrepancies to Companies House?
Do you fully understand how an outsourced digital ID provider verifies the identity of individuals? For example, how many databases do they use.
4. Firms can rely on a third party to conduct due diligence on their behalf – accountability remains with the firm. However, there must be an explicit arrangement that enables the firm to access the underlying due diligence immediately. If you use a third party for your due diligence requirements – is such a provision stated in the contract? If so, have you ever tested this arrangement?