We live, today, within a global economy – one which allows for the easy and immediate transfer of funds from one financial institution to another. This has inevitably facilitated the way in which proceeds can be laundered internationally.

In my previous article entitled 'Anti-Money Laundering – Know your customer!', I highlighted the importance of customer due diligence ('CDD') procedures and delved into the standard elements thereof as the general archetype for all subject persons to follow, as per the Prevention of Money Laundering and Funding of Terrorism Regulations, 2008 (the 'Regulations'). Today, I seek to follow from such discussion placing particular focus, however, on the extent of CDD required to be undertaken by subject persons.

The Regulations do not simply detail CDD as a 'one size fits all' formula, but provide insight into the risk-sensitive nature thereof, consequently outlining the reality that no one customer is the same. This understanding is essential to all subject persons, as it will ultimately affect the type and extent of CDD to be applied in respect of each individual customer.

Specifically, the Regulations distinguish between situations which represent a high risk of money laundering or funding of terrorism ('ML/FT'), thereby necessitating the application of enhanced due diligence ('EDD'), and situations which represent a low risk of ML/FT, thereby allowing subject persons to opt for simplified due diligence ('SDD').

Put simply, EDD must be applied in respect of four specific types of business relationships: (i) non face-to-face customers (ii) politically exposed persons ('PEPs'), (iii) individuals operating in non-reputable jurisdictions and (iv) cross-border correspondent banking relationships – and naturally, whenever there is a suspicion of ML/FT irrespective of the type of relationship involved.

In addition to the standard mandatory CDD measures therefore, each of the above-mentioned situations consequently requires the application of one or more of the following EDD measures: (i) receipt of additional identification documentation confirming the address of the customer (which address cannot be restricted to a P.O. Box number), such as a utility bill or bank reference (which bank reference should subsequently be followed up by a call to the relevant bank to verify its legitimacy), (ii) verification of any identification document supplied by the customer, which may be obtained by requesting certification of same, as well as (iii) ensuring that the first payment or transaction into the account is carried out through an account held by the customer in his name with a credit institution authorised under the Banking Act or in another Member State of the Community or in a reputable jurisdiction. As another precaution, and as matter of good practise, you would also do well to carry out your own independent searches on the customer to further verify the information provided.

While the Regulations specifically set out the circumstances in which EDD measures must be applied, they do not impose the exact type or number of measures to be taken. Subject persons must therefore use discretion in respect of each customer, and apply EDD on a risk-sensitive basis, ensuring that whatever line of action is taken, it is tailored to suit the ML/FT risk of the customer.

On the other hand, the Regulations also recognise situations which by their nature represent a low risk of ML/FT, such that subject persons are entitled to do away with standard CDD measures altogether. This means that there is no obligation to identify or verify the customer, obtain information relating to the purpose or intended nature of the business relationship or carry out ongoing monitoring of that relationship.

Briefly, the categories of customers which may be subject to SDD include (i) entities carrying out relevant financial business as per the Regulations, (ii) entities listed on a regulated market, (iii) beneficial owners of pooled accounts, (iv) domestic and foreign public authorities (subject to certain criteria) and (v) any legal person who represents a low risk of ML/FT. By way of product categorisation, electronic money products as well as certain insurance policies and pension schemes also qualify for SDD.

In applying SDD, therefore, the subject person's main obligation is to gather sufficient information to establish that the applicant for business does, in fact, qualify under any of the above-mentioned categories, such as a copy of the customer's relevant licence.

As can be seen, different business relationships require different levels of due diligence. Subject persons are therefore obliged to approach each individual customer - whether new or previously existing - on a case-by-case basis, and determine the type and extent of due diligence required, in respect of the particular risks posed thereby.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.