13.4.1 Reluctance to Provide Information

Banks will find that, in practice, there is a pattern to the type of things that can go wrong, which needs to be included in awareness training for staff (see Chapter 14). Some of these things are included within this section. One example is any cases where new business or personal customers are reluctant to provide information on their normal activities, location and directors. It must be emphasised that this does not mean the customer is money laundering; they may just have inappropriate concerns about sharing their personal information. However, there have been cases of actual money laundering which would have been identified had the suspicion identified initially on the opening of the account been investigated thoroughly.

13.4.2 Conflicting Information

Another concern is new personal customers that supply incomplete, conflicting or incongruous information when establishing a relationship. Many customers will initially provide incomplete information; indeed, you have probably done so yourself. This would not be reason alone for enhanced due diligence to be conducted. However, if there are repeated problems, or information is regularly corrected, then this would raise additional awareness of the risks of inappropriate conduct.

Of course, the experienced money launderer will come prepared with all of the information that could possibly be requested, so it may be the customer who provides perfect information that actually becomes a cause for concern.

13.4.3 Provision of Key Data

Customers that do not provide addresses, phone or fax numbers, or those for whom the numbers provided relate to serviced office/accommodation addresses, are also high risk. The problem here is that the customer is not enabling the firm to make regular contact with them and may only be temporarily present where they are currently working. A firm can easily set up what appears to be an office in a serviced office suite or a pop-up office, then leave the following day. When the bank's officer arrives at the site they will see what appears to be a fully functioning business, not knowing that it will be closed the following day. The controls here are the same for money laundering and avoiding terrorist financing as the ones required by the firm to avoid fraud. The officer needs to think through the purpose of the process that they are conducting. If they are purely going through the motions, this will be known by the criminal fraternity and the firm will be targeted for the layering or placement of illegal funds.

Firms should always check phone numbers and addresses, making surprise visits where appropriate and reviewing phone listings which are publicly available. In many cases, firms will undertake credit reference agency searches to ensure that the customer has provided what appear to be consistent data sets.

13.4.4 Fraudulent Information

Firms need to be aware of the risks associated with identification documents, for example the problems caused by camouflage passports. A camouflage passport is a passport issued in the name of a non-existent country that is intended to look like a real country's passport. Such passports are also often sold with several matching documents, including an international driving licence and similar supporting identity papers.

Camouflage passports are generally issued in names of countries that no longer exist or have changed their name, for example Burma or Ceylon. Others use the names of places that exist but cannot issue passports, for example Zurich or New York. They can also be issued in the names of feasible but wholly fictitious countries, for example Koristan (which is a place in Turkey) or the Simon Islands (there is a St Simon's Island in the Caribbean).

It is important for the original passport to be seen, a photocopy is generally not enough. Of course, when you are subsequently checking documentation it will not be possible to know whether the officer of the bank actually received an original document or a copy, with observation and enquiry essentially being the only available true verification.

The firm may accept a copy of a passport or other identification document which has been duly authorised by a notary public and will always keep a copy of the passport on file. The date and time when the passport was received should ideally also be recorded to highlight that such procedures were undertaken prior to transactions actually being carried out.

You always need to be careful when checking passport or other documentation. Forged passports are, with regret, easily available and that enables the criminal to place their face onto a legitimate passport. The issue is always whether you can really link the face to the name. Just because you look like the passport does not mean that you actually have the true name as appearing on the passport. Of course, any other documents providing supporting evidence, for example utility or phone bills, can easily be forged as well. A recent example was reported in India in 2012, when it was alleged that a passport was obtained using a falsified birth certificate and was used to travel to 25 countries, including known tax havens. It is relatively easy to obtain a forged passport and indeed these may be actually cheaper to obtain than the real ones. There is a lot of evidence in a passport other than just the photograph page, including visas which may or may not include pictures. Forgers of passports are actually relatively predictable, so looking through at the work that would be required to produce a fake may also provide the firm with useful information.

It is also worthy of note that some countries allow their citizens to have more than one valid passport at a time. This is particularly common for businessmen who may need one passport to be held by an embassy to obtain a visa while they are travelling on another passport. If the firm considers this to be a relevant concern, a simple question on a questionnaire will elicit the information required.

As mentioned above, the passport may include other information of interest to the bank. In the case discussed above, the allegation includes the fact that the individual travelled to a number of what might be termed high-risk countries. Such information would appear clearly in the passport, yet it is generally only the identification page that is copied and the other information is often ignored. Forged passports do not, for example, include visas that are affixed to the passport, rather they tend to have stamps on them (and then generally no more than three and not on more than two pages). The presence of complex visas including a picture that is the same as that appearing on the passport provides the bank with significant additional evidence, which, surprisingly, they often fail to recognise.

13.4.5 Diplomatic Passports

Another concern is diplomats generally, and in particular diplomatic passports from relatively small or new countries. Such passports may be genuine (i.e. genuinely issued after payment), however this does not mean that the holder is genuine or the name shown on the passport is the real one. The firm may not even have an awareness of what a passport from that country actually looks like or whether a diplomatic passport differs from a standard passport from that country.

The firm should always attempt to evaluate whether the other details given, together with the appearance and attitude of the customer, appear to be consistent with the information being provided. In the case of a diplomat, the person's persona should match whatever diplomatic post he/she is claiming to hold.

There are even websites which still offer to provide fake passports, although these are described as being for entertainment only and are not government documents. One website offers 100% privacy guaranteed and states:

“Welcome to FalseDocuments.cc – the unique producer of quality fake documents. We offer only high-quality fake passports, driver's licenses, ID cards and other products for the following countries: Australia, Belgium, Brazil, Canada, Finland, France, Germany, Italy, Netherlands, UK, USA and some others.”

I am sure that at the time of reading this work, this website will have been removed, but others will always spring up to take its place, albeit without such an obvious and potentially high-risk claim. The firm states that these documents are only to be used for entertainment; however, when they have left the firm, the use to which they are put is outside of the control of the producer. The question for the regulated or other firm confronted by such a document is whether they would be able to recognise a forged entertainment-only passport from a real passport obtained validly.

Of course, diplomats can commit money laundering or undertake terrorist financing, and such cases have been found. One former Russian diplomat who served as a procurement officer at the United Nations was found guilty of laundering more than $300,000 from what prosecutors said were secret payments from foreign companies seeking contracts to provide goods and services to the UN. He admitted accepting more than $1 million in the scheme and was sentenced to four years and three months' imprisonment and ordered to pay $73,671.

13.4.6 Financial Information

In the course of receiving corporate due diligence materials the firm will receive financial information regarding the nature of the business to be conducted. As will be discussed further in Chapter 16, firms should review such material to identify whether the level of activity appears consistent with the size and scope of the firm's activities.

It may be hard to identify what is unusual. If a client starts to receive funds from a new country that might be a concern, or they may just have started to win customers there. As a bank customer, I tend to notify my bank if something that could potentially be considered as being unusual is likely to occur in the short term, for example a receipt from a country we have not done business with before. They then put a note on the file that I have called and explained the transaction. Of course, a money launderer would actually do exactly the same thing!

13.4.7 Too Fast

Another area of suspicion is the rushing customer. If a group of accounts or relationships is opened by foreign nationals who visit an organisation together on the same day, then this is potentially a process designed to put due diligence procedures under pressure. There should be enhanced due diligence in such cases, even if this does mean there will be a delay in opening the account. A situation that is far more difficult to identify is where multiple accounts or relationships are opened on the same day by a group of foreign nationals at different banks/companies in the same city.

Similar suspicions should be aroused if multiple business relationships are opened by an individual using the same address, or different individuals using the same address. Additionally, definite suspicion should result if numerous accounts or relationships are established using variations of the same name, for example Risky Reward Limited, Reward Risk Limited and Risk reward Limited. Such names could be used to try to take the identity of the reputable risk management, recruitment and training firm Risk Reward Limited (www.riskrewardlimited.com).

13.7.1 Required CDD

The guidance aims to help a firm to determine the extent of CDD measures which it must undertake. CDD measures which a firm wishes to carry out must be determined on a risk-sensitive basis, taking into account the type of customer, business relationship, product or transaction. Firms must be able to demonstrate that their CDD procedures are appropriate in view of the risks of money laundering and terrorist financing.

CDD measures must be carried out by firms when they:

• Establish a business relationship;
• Carry out an occasional transaction;
• Suspect money laundering or terrorist funding;
• Doubt the veracity of documents, data or information previously obtained for the purpose of identification or verification.

CDD procedures that must be conducted include:

1. Identifying the customer and verifying their identity: The firm identifies the customer by obtaining a range of information about them. The verification of the identity consists of the firm verifying some of this information against documents, data or information obtained from a reliable independent source.

2. Identifying the beneficial owner, where relevant, and verifying their identity: A beneficial owner is normally an individual who ultimately owns or controls the customer or on whose behalf a transaction or activity is being conducted. In respect of private individuals, the customer himself is the beneficial owner, unless there are features of the transaction or surrounding circumstances that indicate otherwise. Therefore, there is no requirement on firms to make proactive searches for beneficial owners in such cases, but they should make appropriate enquiries where it appears that the customer is not acting on his own behalf.

   Where an individual is required to be identified as a beneficial owner or where a customer who is a private individual is fronting for another individual who is the beneficial owner, the firm should obtain the same information about that beneficial owner as it would for a customer. The identity of a customer must be verified on the basis of documents, data or information obtained from a reliable independent source. The obligation to verify the identity of a beneficial owner is for the firm to take risk-based and adequate measures so that it is satisfied that it knows who the beneficial owner is. It is up to each firm whether it makes use of records of beneficial owners in the public domain (if any exist), asks its customers for relevant data or obtains the information otherwise. There is no specific requirement to have regard to particular types of evidence.

   In lower risk situations, therefore, it may be reasonable for firms to be satisfied as to the beneficial owner's identity based on information supplied by the customer. This includes information provided by the customer (including trustees or other representatives whose identities have been verified) as to their identity, and confirmation that they are known to the customer. While this may be provided orally or in writing, any information received orally should be recorded in written form by the firm.

3. Obtaining information on the purpose and intended nature of the business relationship: A firm must understand the purpose, and indeed the nature, of the business relationship or transaction. In some instances this will be self-evident, but in many cases the firm may have to obtain information in this regard. Depending on the firm's risk assessment of the situation, information that might be relevant includes some or all of the following:
   1. The nature and details of the business/occupation/employment;
   2. A record of changes of address;
   3. The expected source and origin of the funds to be used in the relationship;
   4. Initial and ongoing sources of wealth income (particularly within a private banking or wealth management relationship);
   5. Copies of recent and current financial statements;
   6. The various relationships between signatories and with underlying beneficial owners;
   7. The anticipated level and nature of the activity that is to be undertaken through the relationship.

13.7.2 Quality and Quantity of CDD

Evidence of identity can take a number of forms. In the UK rules in respect of individuals, much weight is placed on so-called “identity documents”, such as passports and photo card driving licences, and these are often the easiest way of being reasonably satisfied as to someone's identity. It is also possible to be reasonably satisfied of a customer's identity based on other forms of confirmation, including written assurances from persons or organisations that have dealt with the customer for some time.

How much information to ask for, and what to verify, in order to be reasonably satisfied as to a customer's identity are matters of judgment for the firm. These must be exercised on a risk-based approach, taking into account the following factors:

• The nature of the product or service sought by the customer (are there any other products or services to which they can migrate without further identity verification?).
• The nature and length of any existing or previous relationship with the customer and the firm.
• The nature and extent of assurances from other regulated firms that may be relied on.
• Whether the customer is physically present.

13.7.3 Documentary Evidence Used as Part of KYC

Documentation purporting to offer evidence of identity may emanate from a number of sources, with differing levels of reliability and integrity. The broad hierarchy of documents includes:

• Certain documents issued by government departments and agencies or by a court;
• Certain documents issued by other public bodies or local authorities;
• Certain documents issued by regulated firms in the financial services sector;
• Certain documents issued by those subject to ML Regulations or equivalent legislation;
• Documents issued by other organisations.

Firms should recognise the fact that some documents are more easily forged than others. If suspicions are raised in relation to any document offered, firms should take practical and proportionate steps to establish whether the document has been lost or stolen. Thus, firms must also have in place procedures, and be prepared to accept a range of documents. They may also wish to employ electronic checks, either on their own or in tandem with documentary evidence.

Of course, the UK rules meet the requirements of the EU discussed previously and are also consistent with the FATF rules.