7.3.1 Credit Cards

Credit cards are a way of obtaining unsecured borrowing. As such, the initial risks are more related to fraud than to “classic” money laundering, but handling the criminal property arising as a result of fraud is also money laundering. Card issuers will, therefore, generally carry out some degree of credit check before accepting applications.

The money-laundering risk relates largely to the source and means by which repayment of the borrowing on the card is made. Payments may also be made by third parties. Such third party payments, especially if they are in cash or by debit cards from different locations or accounts, represent a higher level of money-laundering risk than when they come from the cardholder's bank account by means of cheque or direct debit.

Balances on cards may move into credit if cardholders repay too much, or where merchants pass credits/refunds across an account. Customers may ask for a refund of their credit balance. Issuance of a cheque by a card issuer can facilitate money laundering.

Cash may be withdrawn in another jurisdiction. This is, in any event, the case in respect of an amount up to the credit limit on the card. Where there is a credit balance, the amount that may be moved is correspondingly greater; it is possible for a cardholder to overpay substantially, and then to take the card abroad to be used. However, most card issuers limit the amount of cash that may be withdrawn.

Where several holders are able to use a card account, the card issuer may open itself to a money-laundering or terrorist-financing risk in providing a payment token to an individual in respect of whom it holds no information. The issuer would not know to whom it is advancing money, unless it has taken some steps in relation to the identity of all those entitled to use the card. Such steps might include ascertaining whether the primary or any secondary cardholder is resident in a high-risk jurisdiction or whether any primary or secondary cardholder is a politically exposed person.

Measures that a firm might consider for mitigating the risk associated with a credit card customer base include the following:

• Deciding whether to disallow persons so identified in the above two categories, or to subject them to enhanced due diligence, including full verification of identity of any secondary cardholder.
• Requiring the application process to include a statement of the relationship of a secondary cardholder to the primary cardholder based on defined alternatives (e.g. family member, carer, none).
• Deciding whether to disallow as a secondary cardholder on a personal account any relationship deemed unacceptable according to internal policy parameters, or where the address of the secondary cardholder differs from that of the primary cardholder, or to subject the application to additional enquiry, including verification of the secondary cardholder.
• Becoming a member of closed user groups sharing information to identify fraudulent applications, and checking both primary and secondary cardholder names and/or addresses against such databases.
• Deciding whether to decline to accept, or to undertake additional or enhanced due diligence on, corporate cardholders associated with an entity which is engaged in a high-risk activity, or is resident in a high-risk jurisdiction, or has been the subject of (responsible) negative publicity.
• Implementing ongoing transaction monitoring of accounts, periodic review and refinement of the parameters used for the purpose.
• In the event that monitoring or suspicious reporting identifies that a secondary cardholder has provided significant funds for credit to the account, either regularly or on a one-off basis, giving consideration to verifying the identity of that secondary cardholder where it has not already been undertaken.
• Deciding whether the cardholder should be able to withdraw cash from his card account.
• Deciding whether the card may be used abroad (and monitoring whether it is used abroad).

7.3.2 Electronic Money

Under the Electronic Money Regulations 2011 (Reg. 2(1)), electronic money is defined as:

Regulation 3 of the Electronic Money Regulations 2011 states that electronic money does not include:

1. Monetary value stored on instruments that can be used to acquire goods or services only:
   1. in or on the electronic money issuer's premises; or
   2. under a commercial agreement with the electronic money issuer, either within a limited network of service providers or for a limited range of goods or services.
2. Monetary value that is used to make payment transactions executed by means of any telecommunication, digital or IT device, where the goods or services purchased are delivered to, and are to be used through, a telecommunication, digital or IT device, provided that the telecommunication, digital or IT operator does not act only as an intermediary between the payment service user and the supplier of the goods and services.

Electronic money is a retail payment product that is used predominantly for making small-value payments and is currently growing in many jurisdictions. That the JMLSG has already included guidance in this area will be of interest to many international regulators seeking to develop their own regulations.

Electronic money is susceptible to the same risks of money laundering and terrorist financing as other retail payment products. Furthermore, where electronic money is limited to small-value payments, its use is less attractive to would-be launderers. For terrorist financing and other financial crime, electronic money offers a more accountable, and therefore less attractive, means of transferring money compared to cash.

The electronic money products in commercial use today do not provide the privacy or anonymity of cash, nor its utility. This is due to a number of factors. Products may, for example, be funded by payments from bank accounts or credit cards and therefore reveal the identity of the customer at the outset. The use of most electronic money products also tends to leave an electronic trail.

As issuers of electronic money usually occupy the position of intermediaries in the payment process, situated between two financial or credit institutions, they are often able to provide additional transaction information to law enforcement that complements identity data provided by other financial institutions. This may be equally or more valuable evidence than a repetition of the verification of identity process.

Fraud prevention and consumer protection concerns led to the placement of transaction, turnover and purse limits on products, limiting the risk to both issuer and consumer. These limits act to restrict the usefulness of the product for money laundering, and make unusual transactions more detectable.

The following factors will increase the risk of electronic money products being used for money laundering or terrorist financing:

• High, or no, transaction or purse limits. The higher the value and frequency of transactions, and the higher the purse limit, the greater the risk, particularly where customers are permitted to hold multiple purses; the EUR 15,000 [£12,500] threshold for occasional transactions provided in the Money Laundering Regulations 2007 may, in this context, provide a convenient comparator when assessing such risk.
• Frequent cross-border transactions, unless within a single scheme, can give rise to difficulties with information sharing. Dependence on counterparty systems increases the risk.
• Some merchant activity, such as betting and gaming, poses a higher risk of money laundering. This is because of the higher amounts of funds that are transacted and because of the opportunities presented within the merchant environment.
• Funding of purses by unverified parties presents a higher risk of money laundering, whether it is the customer who is unverified or a third party.
• Funding of purses using cash offers little or no audit trail of the source of the funds and hence presents a higher risk of money laundering.
• Funding of purses using electronic money products that have not been verified may present a higher risk of money laundering.
• The non-face-to-face nature of many products gives rise to increased risk.
• Segmentation of the business value chain, including use of multiple agents and outsourcing, in particular to overseas locations, may give rise to a higher risk.
• The technology adopted by the product may give rise to specific risks that should be assessed.

The systems and controls issuers put in place must be commensurate with the money-laundering and terrorist-financing risk they are exposed to. The detail of issuers' systems and controls will, therefore, vary. Examples include those that:

• Place limits on purse storage values, cumulative turnover or amounts transacted;
• Can detect money-laundering transaction patterns;
• Can identify multiple purses held by a single individual or group of individuals, such as the holding of multiple accounts or the “stockpiling” of pre-paid cards;
• Can look for indicators of accounts being opened with different issuers as well as attempts to pool funds from different sources;
• Can identify discrepancies between submitted and detected information;
• Restrict funding of electronic money products to funds drawn on accounts held at credit and financial institutions in the UK, the EU or a comparable jurisdiction, and allow redemption of electronic money only into accounts held at such institutions.

7.3.3 Wealth Management

Wealth management is the provision of banking and investment services in a closely managed relationship to high-net-worth clients. Such services will include bespoke product features tailored to a client's particular needs and may be provided from a wide range of facilities available to the client, including:

• Current account banking;
• High-value transactions;
• Use of sophisticated products;
• Non-standard investment solutions;
• Business conducted across different jurisdictions;
• Offshore and overseas companies, trusts or personal investment vehicles.

Money launderers are attracted by the availability of complex products and services that operate internationally within a reputable and secure wealth management environment that is familiar with high-value transactions. The following factors contribute to the increased vulnerability of wealth management:

• Wealthy and powerful clients: Such clients may be reluctant or unwilling to provide adequate documents, details and explanations. The situation is exacerbated where the client enjoys a high public profile, and where they wield, or have recently wielded, political or economic power or influence.
• Multiple and complex accounts: Clients often have many accounts in more than one jurisdiction, impacting the firm's ability to identify true purpose.
• Cultures of confidentiality: Wealth management clients often seek reassurance that their confidential business will be conducted discreetly.
• Concealment: The misuse of services such as offshore trusts and the availability of structures such as shell companies helps to maintain an element of secrecy about beneficial ownership of funds.
• Countries with statutory banking secrecy and countries where corruption is known, or perceived, to be a common source of wealth.
• Movement of funds: The transmission of funds and other assets by private clients often involves high-value transactions, requiring rapid transfers to be made across accounts in different countries and regions of the world.
• The use of concentration accounts (i.e. multi-client pooled/omnibus-type accounts) to collect together funds from a variety of sources for onward transmission is seen as a potential major risk.
• Credit: The extension of credit to clients who use their assets as collateral also poses a money-laundering risk unless the lender is satisfied that the origin and source of the underlying asset is legitimate.
• Commercial activity conducted through a personal account, or personal activity conducted through a business account, so as to deceive the firm or its staff.

In addition to the standard identification requirement, as a minimum requirement to counter the perceived and actual risks, the firm, and those acting in support of the business, must exercise a greater degree of diligence throughout the relationship which will be beyond that needed for normal retail banking purposes. The firm must endeavour to understand the nature of the client's business and consider whether it is consistent and reasonable, including:

• The origins of the client's wealth;
• Where possible and appropriate, documentary evidence relating to the economic activity that gave rise to the wealth;
• The nature and type of transactions;
• The client's business and legitimate business structures;
• For corporate and trust structures, the chain of title, authority or control leading to the ultimate beneficial owner, settler and beneficiaries, if relevant and known;
• Where appropriate, the reasons a client is using complex structures;
• The use made by the client of products and services;
• The nature and level of business to be expected over the account.

The firm must be satisfied that a client's use of complex business structures and/or the use of trust and private investment vehicles has a genuine and legitimate purpose.

Visiting clients can be an important part of the overall customer due diligence process. In wealth management, relationship managers should generally visit their clients at their place of business in order to substantiate the type and volume of their business activity and income, or at their home if the business factor is not so relevant. The relationship manager who undertakes the visit should make a record by documenting:

• The date and time of the visit;
• The address or addresses visited;
• A summary of both the discussions and assessments;
• Any commitments or agreements;
• Any changes in client profile;
• The expectations for product usage, volumes and turnover going forward;
• Any international dimension to the client's activities and the risk status of the jurisdictions involved.

The relationship manager should then update the client's profile where appropriate.

7.3.4 General Insurers

General insurers should consider the following:

• Development of internal policies and procedures;
• Communication of those policies and procedures to all staff;
• Clear and written procedures in place to help staff identify the kinds of activities or customers that might arouse suspicion;
• Clear guidance to be given to all staff on the risk and implications of alerting potential or actual customers (or agents thereof) to the fact that a SAR has been submitted, i.e. the “tipping off” provision of POCA;
• Clear guidance to be given to all staff on the risk and implications of failing to report their suspicions;
• Short reporting lines between front-line staff and a nominated officer;
• Record-keeping, both of decisions made in the event of a suspicious claim being reported to evidence the making of the report and, in the event of a SAR not being made, the reasons why no notification was made;
• Screening procedures to ensure high standards on recruitment;
• Ongoing employee training to ensure employees recognise suspicious activities and understand the procedure in place internally to record suspicious activities;
• A system of testing compliance: this should be both independent and adequately resourced.

7.3.5 Execution-only Stockbrokers (ExOs)

Some ExO stockbrokers deal with high volumes of low-value customer transactions, whereas others direct their services towards higher net worth customers, and thus have fewer customers. Stockbroking customers may adopt a variety of trading patterns; the firm may be offering no advice and may have little or no knowledge of a particular customer's motives.

ExO customers are also free to spread their activities across a variety of brokers for perfectly valid reasons, and often do. Each broker may therefore actually have little in terms of transaction history from which to identify unusual behaviour. Many firms provide ExO stockbroking services on a non-face-to-face basis, including via the internet.

In view of the above, whilst stockbroking might be regarded as being of lower risk compared to many financial products and services, the risk is not as low as in providing investment management services to the same types of customer from similar jurisdictions.

7.3.6 Asset Finance

Generally with asset finance, no monies are advanced to the customer, but are paid into a supplier's bank account to fund the purchase of an asset which is made available under contract to the customer. Repayments by the customer are usually made from other bank accounts by direct debit. Risk is also associated with hire purchase and lease products, as they could be used for layering.

Given that a loan does not result in the borrower receiving funds from the lender, but the use of assets, the initial transaction is not very susceptible to money laundering. The main money-laundering risk arises through the acceleration of an agreed repayment schedule.

Asset finance products, therefore, generally carry a low inherent money-laundering risk. An asset finance company will normally only accept payment of instalments from the customer named on the agreement, and in the case of overpayment will only make repayment to the customer named on the agreement.

All asset finance providers should carry out full credit searches on the businesses they transact with. Additional steps to verify identity will vary across the three markets, as set out below. Note that this may well go beyond what is required by the current money-laundering regulations, certainly in relation to low-risk areas which can now rely on simplified due diligence (SDD). However, these additional measures will still be important for fraud purposes.

7.3.7 Corporate Finance

As with any financial service activity, corporate finance business can be used to launder money.

Money-laundering activity through corporate finance will not usually involve the placement stage of money laundering, as the transaction will involve funds or assets already within the financial system. However, corporate finance could be involved in the layering or integration stages of money laundering. It could also involve the concealment, use and possession of criminal property and arrangements to do so, or terrorist funding.

The money-laundering risks associated with corporate finance relate to the transfer of assets between parties, in exchange for cash or other assets. The assets can take the form of securities or other corporate instruments.

Where there is less transparency over the ownership of the customer, for example, where ownership or control is vested in other entities such as trusts or special purpose vehicles (SPVs), or less of an industry profile or less independent means of verification of the customer, a firm should consider how this affects the ML/TF risk presented. It will, in certain circumstances, be appropriate to conduct additional due diligence, over and above the firm's standard evidence.

Firms have an obligation to verify the identity of all beneficial owners. They should also know and understand any associations the customer may have with other jurisdictions, and may also consider whether they should verify the identity of other owners or controllers.

Firms should maintain file notes setting out the basis on which they are able to confirm the structure and the identity of the customer and individuals concerned.

7.3.8 Trade Finance

A key risk around trade finance business is that seemingly legitimate transactions and associated documents can be constructed simply to justify the movement of funds between parties, or to show a paper trail for non-existent or fraudulent goods. In particular, the level and type of documentation received by a firm is dictated principally by the applicant or instructing party, and, because of the diversity of documentation, firms may not be expert in many types of the documents received as a result of trade finance business when standard forms are not used.

Such a risk is probably greatest where the parties to an underlying commercial trade transaction are in league to disguise the true nature of a transaction. In such instances, methods used by criminals to transfer funds illegally range from over and under invoicing, to the presentation of false documents or spurious calls under default instruments. In more complex situations, for example where asset securitisation is used, trade receivables can be generated from fictitious parties or fabricated transactions (albeit the use of asset securitisation in trade finance is a very limited activity). The use of copy documents, particularly documents of title, should be discouraged.

The Financial Action Task Force (FATF), regulators and others have identified misuse of the trade system as one of the methods by which criminal organisations and terrorist financiers move money for the purpose of disguising its origins and integrating it into the legitimate economy. FATF typology studies indicate that criminal organisations and terrorist groups exploit vulnerabilities in the international trade system to move value for illegal purposes. Cases identified include: illicit trafficking in narcotic drugs; illicit trafficking in stolen or other goods; corruption and bribery; fraud; counterfeiting/piracy of products; and smuggling. More complicated schemes integrate these fraudulent practices into a complex web of transactions and movements of goods and money.

The FATF's June 2006 study notes that the basic techniques of trade-based money laundering include:

• Over invoicing: By misrepresenting the price of the goods in the invoice and other documentation (stating it at above the true value) the seller gains excess value as a result of the payment.
• Under invoicing: By misrepresenting the price of the goods in the invoice and other documentation (stating it at below the true value) the buyer gains excess value when the payment is made.
• Multiple invoicing: By issuing more than one invoice for the same goods, a seller can justify the receipt of multiple payments. This will be harder to detect if the colluding parties use more than one financial institution to facilitate the payments/transactions.
• Short shipping: The seller ships less than the invoiced quantity or quality of goods, thereby misrepresenting the true value of goods in the documents. The effect is similar to over invoicing.
• Over shipping: The seller ships more than the invoiced quantity or quality of goods, thereby misrepresenting the true value of goods in the documents. The effect is similar to under invoicing.
• Deliberate obfuscation of the type of goods: Parties may structure a transaction in a way to avoid alerting any suspicion to financial institutions or to other third parties which become involved. This may simply involve omitting information from the relevant documentation or deliberately disguising or falsifying it. This activity may or may not involve a degree of collusion between the parties involved and may be for a variety of reasons or purposes.
• Phantom shipping: No goods are shipped and all documentation is completely falsified.

Generally, these techniques involve fraud by one party against another, but may also depend upon collusion between the seller and buyer, since the intended outcome of the trade is to obtain value in excess of what would be expected from an arm's length transaction, or to move funds from point A to point B without being detected or accounted for by the authorities. The collusion may arise, for example, because the parties are controlled by the same persons, or because the parties are attempting to evade taxes on some part of the transaction.

Where the nature of a transaction displays higher risk characteristics than normal business undertaken for the customer (instructing party), for example, the buyer falls into a higher risk category, then the firm should consider undertaking additional due diligence in line with its risk policies. Some of the checks firms could undertake (not all of which may be applicable or available in each case) include:

• Making enquiries, as appropriate, into the ownership and background of the other parties to the transaction, e.g. the beneficiary(ies), agents, shipping lines, and taking further steps to verify information or the identity of key individuals as the case demands.
• Seeking information from the instructing party about the frequency of trade and the quality of the business relationships existing between the parties to the transaction. This should be documented to assist future due diligence.
• Checking the transaction against warning notices from external public sources, for example the ICC's International Maritime Bureau.
• Referring the transaction to external agencies specialising in search and validation services in respect of bills of lading, shipping services and commodity prices, for example the ICC Commercial Crime Services.
• Checking details of the source of goods.
• Checking public source information for prices of goods such as commodities – where the contract price is significantly different from the market (say 25%) then consider further investigation.
• Attending and recording relationship meetings with the instructing party; visiting them by arrangement.
• For export letters of credit, referring details to other group resources on the ground in the country of origin, to seek corroboration.
• Checks into the verification of shipments after the UCP operation is over, drawn at random from a sample of transactions, across a cross-section of the bank's trade finance clients. This may help to identify spurious transactions where buyers and sellers act in collusion.

The enhanced due diligence should be designed to understand the nature of the transaction, the related trade cycle for the goods involved, the appropriateness of the transaction structure, the legitimacy of the payment flows and what control mechanisms exist.

7.3.9 Correspondent Banking

The correspondent often has no direct relationship with the underlying parties to a transaction and is therefore not in a position to verify their identities. Correspondents often have limited information regarding the nature or purpose of the underlying transactions, particularly when processing electronic payments or clearing cheques. For these reasons, correspondent banking is, in the main, non-face-to-face business and must be regarded as high risk from a money-laundering and/or terrorist-financing perspective. Firms undertaking such business are required by the ML Regulations “to apply on a risk-sensitive basis enhanced customer due diligence measures”.

Correspondent banking relationships, if poorly controlled, can allow other financial service firms with inadequate AML/CFT systems and controls, and customers of those firms, direct access to international banking systems.

The following risk indicators should be considered both when initiating a relationship, and on a continuing basis thereafter, to determine the levels of risk-based due diligence that should be undertaken:

• The respondent's domicile: The jurisdiction where the respondent is based and/or where its ultimate parent is headquartered may present greater risk (or may mitigate the risk, depending on the circumstances). Certain jurisdictions are recognised internationally as having inadequate anti-money-laundering standards, insufficient regulatory supervision, or presenting greater risk for crime, corruption or terrorist financing. Other jurisdictions, however, such as many members of the Financial Action Task Force (FATF), have more robust regulatory environments, representing lower risks.
• The respondent's ownership and management structures: The location of owners, their corporate legal form and/or a lack of transparency of the ultimate beneficial ownership are indicative of the risk the respondent presents. Account should be taken of whether the respondent is publicly or privately owned; if publicly held, whether its shares are traded on a recognised market or exchange in a jurisdiction with a satisfactory regulatory regime, or, if privately owned, the identity of any beneficial owners and controllers. Similarly, the location and experience of management may indicate additional concerns, as would unduly frequent management turnover. The involvement of PEPs in the management or ownership of certain respondents may also increase the risk.
• The respondent's business and customer base: The type of business the respondent engages in, as well as the type of markets it serves, is indicative of the risk the respondent presents.
• Downstream correspondent clearing: A downstream correspondent clearer is a respondent that receives correspondent banking services from a correspondent and itself provides correspondent banking services to other financial institutions in the same currency as the account it maintains with its correspondent. When these services are offered to a respondent that is itself a downstream correspondent clearer, a correspondent should, on a risk-based approach, take reasonable steps to understand the types and risks of financial institutions to whom the respondent offers such services, special care being taken to ensure there are no shell bank customers, and consider the degree to which the respondent examines the anti-money-laundering/terrorist-financing controls of those financial institutions.

All correspondent banking relationships with respondents from non-EEA States must be subject to an appropriate level of due diligence, which, at a minimum, meets the requirements laid down in Regulation 14(3) of the ML Regulations and additionally will ensure that a correspondent is comfortable conducting business with/for a particular respondent (and hence its underlying customers) given the respondent's risk profile.

In assessing the level of due diligence to be carried out in respect of a particular respondent, the correspondent must consider:

• Regulatory status and history: The primary regulatory body responsible for overseeing or supervising the respondent and the quality of that supervision. If circumstances warrant, a correspondent should also consider publicly available materials to ascertain whether the respondent has been the subject of any criminal case or adverse regulatory action in the recent past.
• AML/CFT controls: A correspondent should establish whether the respondent is itself regulated for money-laundering/terrorist-financing prevention and, if so, whether the respondent is required to verify the identity of its customers and apply other AML/CFT controls to FATF standards/equivalent to those laid down in the Money Laundering Directive. Where this is not the case, additional due diligence should be undertaken to ascertain and assess the effectiveness of the respondent's internal policy on money-laundering/terrorist-financing prevention and its Know Your Customer and activity monitoring controls and procedures.
• Shell banks: Whether the respondent has confirmed that it will not provide banking services to, or engage in business with, shell banks.

Prior to establishing a new correspondent relationship, a person from senior management and independent from the officer sponsoring the relationship must approve the setting up of the respondent's account. For higher risk relationships, the correspondent's compliance (or MLRO) function should also satisfy itself that the risks are acceptable.

Correspondents are required by Regulation 14(3) of the ML Regulations to subject respondents from non-EEA States to enhanced customer due diligence, but should consider doing so whenever the respondent has been considered to present a greater money-laundering/terrorist-financing risk. The enhanced due diligence process should involve further consideration of the following elements designed to ensure that the correspondent has secured a greater level of understanding:

• Respondent's ownership and management: For all beneficial owners and controllers, the sources of wealth and background, including their reputation in the marketplace, as well as recent material ownership changes (e.g. in the last three years). Similarly, a more detailed understanding of the experience of each member of executive management as well as recent material changes in the executive management structure (e.g. within the last three years).
• Respondent's business: Gather sufficient information about the respondent to understand fully the nature of its business. In addition, determine from publicly available information the reputation of the respondent and the quality of its supervision.
• PEP involvement: If a PEP appears to have a material interest or management role in a respondent, then the correspondent should ensure it has an understanding of that person's role in the respondent.
• Respondent's anti-money-laundering/terrorist-financing controls: An assessment of the quality of the respondent's AML/CFT and customer identification controls, including whether these controls meet internationally recognised standards. The extent to which a correspondent should enquire will depend upon the perceived risks.
• Document the relationship: Document the respective responsibilities of the respondent and correspondent.

7.3.10 Wholesale Markets

Traded products are usually traded on regulated markets, or between regulated parties, or with regulated parties acting as agent or principal. However, the characteristics of products, which facilitate the rapid and sometimes opaque transfer of ownership, the ability to change the nature of an asset and market mechanisms that potentially extend the audit trail, together with a diverse international customer base, have specific money-laundering risks that need to be addressed and managed appropriately.

One of the most significant risks associated with the wholesale markets and traded products is where a transaction involves payment in cash and/or third party payments.

Given the global flows of funds in the wholesale financial markets, it is important to recognise that although customers may remit funds from credit institutions, a firm could still be used to launder money. Traded products might, for example, be used as a means of changing assets rapidly into a different form, possibly using multiple brokers to disguise total wealth and ultimate origin of the funds or assets, or as savings and investment vehicles for money launderers and other criminals.

Firms dealing in traded products in the wholesale markets do not generally accept cash deposits or provide personal accounts that facilitate money transmission and/or third-party funding that is not related to specific underlying investment transactions. In the money markets, however, customers may request payments to third parties (e.g. FX payments to suppliers) and the associated ML risks need to be considered by the firm. There may also be third party funding of transactions in the commodities markets. Also, where a bank is lending funds to a customer to purchase a physical commodity and the customer hedges the risks associated with the transaction in the derivatives market through a broker, the bank may guarantee the payment of margin to that broker; this results in a flow of money between the broker and bank on the customer's behalf.

The extent to which certain products are subject to margin or option premium payment arrangements will affect the level of risk. The nature and form of any margin will need to be taken into account by the firm, through its risk-based approach, when identifying the customer and determining appropriate payment procedures.

OTC and exchange-based trading can also present very different money-laundering risk profiles. Exchanges that are regulated in equivalent jurisdictions, are transparent and have a central counterparty to clear trades can largely be seen as carrying a lower generic money-laundering risk. OTC business may, generally, be less well regulated and it is not possible to make the same generalisations concerning the money-laundering risk as with exchange-traded products. For example, trades that are executed as OTC but then are cleared centrally have a different risk profile to trades that are executed and settled OTC.

Therefore, from an AML/CFT perspective:

• If the firm is acting as principal with another exchange member, the exchange member is the firm's customer.
• Where an exchange-based trade is randomly and automatically matched with an equal and opposite exchange-based trade, it is recognised that, due to market mechanisms, the name of the other exchange member(s) may not be known. In these situations, where all the parties are members of the exchange and there is a CCP to match and settle the trades, the firm cannot know and therefore does not need to verify the identity of the other exchange member.
• Where a firm is acting as principal with a non-exchange member, the non-exchange member is the firm's customer.
• Where a firm is acting as agent for another party, the party for whom the firm is acting will be the firm's customer.
• Where the firm is acting for another party who is an intermediary for underlying third parties, the intermediary will be the customer of the firm, provided simplified due diligence can be applied.