The reliance regime is in place and well utilised with the objective of avoiding the unnecessary duplication of effort. No value is added by undertaking the same identification measures and customer due diligence in relation to a mutual customer, provided, of course, such measures were undertaken properly the first time around. As such, subject to compliance with the terms of the MLO, financial institutions and other businesses in the finance industry can rely on third parties to provide certain elements of client due diligence, provided (in general terms) that:
- the information is obtained immediately;
- the evidence is available from the third party upon request;
- the third party is regulated and supervised for Anti-Money Laundering/Countering the Financing of Terrorism.
Article 16 of the MLO governs the reliance regime, in conjunction with the Handbook for the Prevention and Detection of Money Laundering and the Financing of Terrorism for regulated Financial Services Businesses (Handbook). All of the conditions and requirements set out in this framework are aimed at obtaining the information upfront, being able to access the information from the obliged person on demand and ensuring that the obliged person has actually undertaken identification measures properly, so that it is appropriate to rely on them. When utilising the reliance regime, a risk assessment must still be performed by the relevant person for every customer, because it must be determined what elements of identification should be obtained in respect of that particular customer before it can be assessed whether the obliged person has fully performed such measures.
The key message from the JFSC is that the reliance regime should not be seen as a panacea or used on a blanket basis, but is to be utilised in certain strictly limited circumstances. It will not always be appropriate to place reliance on an obliged person, even if available. Undertaking a robust customer risk assessment is both a statutory and regulatory requirement – know your customer. The JFSC’s view is that this should be the guiding principle in terms of any relationship between a relevant person and its customer, before a relevant person begins to consider placing reliance. Further, it is incumbent upon the relevant person to investigate and understand the measures taken by the obliged person as well as to assess the risk posed by making use of the reliance regime itself. There needs to be a clear assessment and understanding of what steps and measures the obliged person undertakes and whether such measures are applied properly. These assessments, in relation to both the customer and the obliged person, must be carefully documented. A written assurance setting out certain details specified by the MLO must be obtained from the obliged person and the obliged person should continue to be assessed and tested by the relevant person, at regular intervals, to ensure it remains appropriate for the relevant person to continue to place reliance.
It is interesting to note that use of the reliance regime has decreased slightly overall in the finance industry since 2017. Why is this? Perhaps it is because placing reliance on an obliged person does not absolve the relevant person from undertaking a customer risk assessment itself at the outset of any relationship and, actually, the relevant person must also satisfy itself as to the adequacy of the measures taken by the obliged person and its performance in discharging its own customer diligence obligations. This process requires robust governance and oversight at all levels with careful record keeping to be undertaken throughout. So whilst the process of reliance avoids the need for duplication of identification measures in respect of a mutual customer, it is an involved process that requires the right questions to be asked of an obliged person to ensure adequate information and evidence can be gathered to perform thorough risk assessments. Although it may avoid duplication for customers, the workload of a relevant person is not necessarily alleviated through use of the reliance regime. Indeed, the JFSC has taken the opportunity to reiterate in its recent feedback paper that “management of financial crime risk is non-negotiable” and the management of such risk remains with the relevant person at all times, notwithstanding any reliance placed.
We welcome the commentary of the JFSC as a helpful reminder that AML compliance should be placed at the heart of the customer relationship in the fight against financial crime.