AML guidance for Estate Agents

What is AML?

AML or anti-money laundering is the practice of identifying, preventing and deterring illegally gained funds from entering the financial system. These illicit funds can come from any criminal activity including corruption, bribery, tax evasion or false accounting.

Despite the efforts of law enforcement agencies around the world criminals are still capable of generating large sums of money. The problem criminals have is how they can spend it, with laws and regulations in place to prevent large cash purchases and deposits. Therefore, they turn to money laundering.

Money laundering is the method used to turn illicit funds, or dirty money, into legitimate sources and disguise the source of the funds.

Traditionally, there are three steps to money laundering; placement, layering and integration. Placement is where the money first enters the system, usually in small sums. Layering is where they use different methods to merge these sums together to make finding the original source indistinguishable. The final step, integration, is when the funds are used by the proprietor to make a legitimate purchase such as a property.

Anti-money laundering legislation’s aim is to make it harder and harder to integrate illicit funds into the financial system thus making criminal activity less attractive as well as reducing corruption and bribery.

The amount of illicit funds laundered through the UK is estimated to be £88bn according to our own research* while others have it much higher.

What Role Can Estate Agents Play in Preventing Money Laundering?

The property sector has often been the target of money laundering both to layer and integrate illicit funds. However, the frantic speed at which the market is moving and the strain it has placed on the property industry has made it more attractive to criminals looking to take advantage of over-worked property professionals.

Estate Agents can play a vital part in preventing money laundering by conducting thorough due diligence to both deter and identify suspicious activity. Both buyers and sellers can be involved in money laundering as a means of integrating and layering funds.

Under UK Law, Estate agents are required to carry out AML checks in line with regulations and guidance set out by HMRC. These checks include identifying the source of funds used to purchase a property and conducting identity checks on their customers. If an Estate Agent is suspicious that their client is attempting to launder illicit funds, they must report this to the National Crime Agency.

The primary legislation in the UK covering anti-money laundering and counter-terrorism financing is:
Proceeds of Crime Act 2002
Terrorism Act 2000
Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (referred to in this guidance as ‘the Regulations’)
Criminal Finances Act 2017
Terrorist Asset-Freezing Act 2010
Anti-terrorism, Crime and Security Act 2001
Counter terrorism Act 2008, Schedule 7

Estate Agents can be prosecuted if found to have aided or failed to prevent illicit funds from being laundered. Estate Agents aren’t expected to prevent all attempts to launder money, though they are expected to have in place robust procedures and processes.

Aside from meeting their regulatory requirements, Estate Agents can help reduce money laundering
by being proactive and aware of money laundering signs. By working together we can make the property sector less attractive to those looking to launder dirty money and help keep society safe.

What Are the Requirements for Estate Agents?

HMRC, which is the supervisory AML body for Estate Agents, has developed specific guidance for Estate Agents in order for them to meet their regulatory obligations.

The guidance covers eight specific areas which we will cover in this guide. We recommend that all Estate Agency owners and/or those responsible for compliance within their firm read this guidance thoroughly. The following information is an overview of this guidance in a more concise and easy to follow manner.

You need:

To be registered with HMRC
Have a Money Laundering Reporting Office (MLRO) and a Nominated Officer (who may be the MLRO)
Have a documented AML policy
Conduct Customer Due Diligence
Report suspicious activity
Maintain accurate records for audit
Make sure staff are aware and trained in your AML policies

Registering With HMRC

All Estate Agencies must be registered with HMRC before they can conduct any estate agency business. Estate Agents can register with HMRC online by visiting https://www.gov.uk/guidance/register-or-renew-your-money-laundering-supervision-with-hmrc

What does registration entail?

As part of the registration process, you will need to tell HMRC about your premises, pay any fees upfront and all responsible persons must pass both a Fit and Proper test and an Approval process. The application will not be reviewed until the fees have been paid.

Fit and Proper Tests

Responsible persons must also pass a fit and proper test which is a series of checks performed by HMRC to ensure they are capable of fulfilling the role. As part of this process HMRC will consider whether they have been convicted of or are being investigated for money laundering or other offences involving dishonesty, fraud or financial crime; been disqualified from acting as a company director; have been subject to a confiscation order under the Proceeds of Crime Act 2002 and their track record in regards to compliance within their existing and previous roles.

Approval

In addition to the fit and proper test, a responsible person must also be approved by HMRC. Approval is similar to the fit and proper process, but HMRC makes different checks.

How much does it cost to register with the HMRC?
How much you pay depends on the number of premises included in your application and additional fees for each person who is tested and approved. Currently, you pay £300 for each premise, £150 for each person tested and £40 for each person who goes through the approval process.

For example, an Estate Agency with three premises with a single nominated officer would need to pay £1090. There is a slight discount for agencies with a turnover of less than £5,000 who will receive a £120 refund once their application has been approved.

How long do applications take?

HMRC aim to review all new applications within 45 days, but it may take longer if they additional information from you.

How often do I need to renew my application?

You will need to renew your application every year. The same fees apply at renewal as they do when first applying.

Do I need to inform HMRC of any new premises/officers?

Yes, you will need to let HMRC know of any new premises or officers. New officers will be subject to the same approval process

Appointing a Nominated Officer

Every business must have a Nominated Officer.

If your firm has multiple premises, that use branches or agents, have a high volume of customers, carry out international trade or have complex ways to deliver services you will also need to also appoint a Compliance Officer (often known as a Money Laundering Reporting Officer; MLRO) as well as a Nominated Officer.

HMRC recommend that the MRLO and Nominated Officer aren’t the same person and expect the MLRO to hold a senior role in the firm ideally at the board level. Neither role needs to be a dedicated position but they are expected to be able to carry out their role without detriment should they have multiple responsibilities.

You must inform HMRC of the names of your MRLO and Nominated Officer (if different) within 14 days of the appointment and if there is a change in the post holder. All MRLOs and Nominated Officers will need to pass a ‘Fit and Proper’ test and ‘Approval’ as referred to above.

Role of the Nominated Officer?
The key role of the Nominated Officer is to receive reports of suspicious activity from staff and decide whether to report them to the National Crime Agency. It is expected that a Nominated Officer has the authority to independently decide whether to proceed with transactions or not if they suspect possible money laundering

Role of the MLRO

The MLRO will be responsible for the business’s compliance with the regulations, including:

carrying out a regular audit on compliance with the regulations such as:
- actively checking adherence to the policies, controls and procedures
- reviewing how effective these are
- recommending and implementing improvements following such
- reviews

ensuring compliance throughout the business (including subsidiaries and
branches) with anti-money laundering legislation and policies, controls
and procedures
having oversight of relevant staff screening (for these purposes, “relevant
staff” are persons involved in the identification of risk, controls and
procedures to reduce risk and to ensure your compliance with the
Regulations).*

Creating an AML Policy

All Estate Agencies are expected to have robust and rigorous policies, controls and procedures in place to prevent money laundering which all employees can easily access and have been made aware of.

What needs to go into an AML policy

While each firm is free to construct a policy as they feel appropriate to their size and nature of business, HMRC has made it clear that they expect a policy must:

Make clear who has responsibility for maintaining, managing and monitoring the policies, controls and procedures.
Explain how will carry out Customer Due Diligence checks and conduct ongoing monitoring
Explain how you will identify if a customer or beneficial owner is a politically exposed person or a family member/close associate of a politically exposed person
Explain what additional measures you will take undertake as part of Enhanced Due Diligence
Explain what training you will provide to staff and make them aware of AML policies and procedures
Explain how you ensure policies, procedures and controls are followed
How you intend on keeping accurate, up-to-date retention and keeping of records
Evidence of an appropriate risk assessment relative to size and nature of the business
Explain how you plan on reviewing and reviewing the effectiveness of your AML policy and risk assessment

Larger firms and more complex firms will be expected to provide greater detail on their procedures and the roles and responsibilities within the firm including at board level.

What is a Risk Assessment?

HMRC may ask you to provide them with evidence of your risk assessment. Your risk assessment should form the basis of your controls and procedures. Using a risk-based approach you will be expected to have balanced the costs to your business and customers with a realistic assessment of the risk that criminals may exploit the business for money laundering and terrorist financing. If, for example, you often work with international sellers and buyers it should be clear you understand the associated risks and the necessary steps required to minimise that risk should be included in your policy, procedures and controls.

How often will HMRC review my policy?

There is no set schedule for when you will receive a visit from HMRC who are responsible for supervising over 30,000 businesses. Between 2019 to 2020 HMRC completed 2,000 interventions, issued penalties totalling £9.1 million and stopped 89 non-compliant businesses and individuals from trading. While this figure is less than 10%, Estate Agency Businesses were fined £1,072,000 for non-compliance second only to Money Service Businesses. You will be contacted in advance of a review which could be in person or office-based.

Customer Due Diligence

The minimum due diligence requirements highlight the responsibility companies have to ‘complete customer due diligence on all customers and beneficial owners before entering into a business relationship or occasional transaction.’

There are three different levels of due diligence as defined in the MLR 2017:

Simplified Due Diligence (SDD)

A firm can conduct simplified due diligence when dealing with a low-risk client such as a firm that is already regulated or a public body. Simplified Due Diligence only requires that you identify your client.

Standard Due Diligence (CDD)

Standard Due Diligence requires firms to verify that both parties to the property sale are who they say they are. You must carry out customer due diligence on all customers, even if you knew them before they became your customers. As a minimum, you should obtain a private individual’s given and family name, date of birth and residential address. You must then verify their identity using evidence issued by a recognised body, for example, a Government department and includes security features that prevent tampering, counterfeiting and forgery. In the next section we cover how our IDV tech can help you achieve this.

Enhanced Due Diligence (EDD)

Enhanced due diligence applies in situations that are high risk. It involves taking additional measures to identify and verify the seller and buyer’s identity and conducting additional ongoing monitoring. What constitutes Enhanced Due Diligence should be defined in your AML policy and while there isn’t a checklist a firm can simply adhere to, HMRC does give some guidance within clause 4.68. HMRC examples of additional measures a firm can take to ensure Enhanced Due Diligence has taken place.

Obtaining additional information or evidence to establish the identity from independent sources such as more documentation on identity or address or electronic verification alongside manual checks
Taking additional measures to verify the documents supplied such as by checking them against additional independent sources, or requiring that copies of the customer’s documentation are certified by a bank, financial institution, lawyer or notary who are competent at document inspection and impostor detection, or a person from a regulated industry or in a position of trust
If receiving payment, ensuring it is made through a bank account in the name of the person you are dealing with taking more steps to understand the history, ownership, and financial situation of the parties to the transaction n the case of a politically exposed person establish the source of wealth (origin of the customer’s overall wealth) and source of funds (origin of the funding of the transaction)
Carrying out more scrutiny of the business relationship and satisfying yourself that it is consistent with the stated purpose more regular and stringent ongoing monitoring checks (as per the business’ policies and procedures)

For further guidance regarding PEPs and Sanctions read our online guide

How Do You Identify High-Risk Customers?

The FCA defines high-risk customers as:

Customers linked to higher-risk countries or business sectors
Customers who have unnecessarily complex or opaque beneficial ownership structures
Transactions that are unusual, lack an obvious economic or lawful purpose, are complex or large or might lend themselves to anonymity

Identifying high-risk customers doesn’t end after an initial risk assessment either. A customer’s status can change at any point during you’re the entire transaction and you should be looking out for common warning signs such as:

Instructions that feel too good to be true
If an agent wins an instruction that just feels too good to be true, it can be a warning sign that something isn’t right. If everything feels too easy – if the transaction is unusually large, or the seller appears happy to take a significantly lower amount for the property than a valuation suggests – it’s time to take a close look at what’s going on. It might be nothing. But it could be something.

Cash only buyers
Not all cash-only purchases are a cause for concern and don’t automatically make the transaction high-risk. If the buyer is vague as to the source of funds then suspicions should be raised and additional due diligence is undertaken.
Strange funding sources
Even if the purchase isn’t cash-only, the source of funding can still be suspicious. For example, if the money is being provided by one person but being registered in another’s name, that’s a red flag. If the funds are coming from a completely unknown third party, that’s another red flag; and if funds are coming from a number of different sources, that to needs looking into

Unusual transaction parameters
If the buying transaction goes off the expected track in any way, it can be a laundering warning sign. If a home’s sale price is unusually high or low; if a buyer tries to mislead a lender about the value of a property; if the buyer and seller make direct payments between each other; and if there are an unusually
large number of nominees or parties involved with the property or the purchase, agents should increase their due diligence and ensure everything is above board.

Unusual ownership records
If a property has changed ownership a lot, it’s worth examining closely. That’s because short-term ownership and sudden or unexplained changes in ownership are things commonly found in money laundering cases. Agents should cross-reference the ownership timelines and dates shown on the Title Register document in order to assess their validity.
Inconsistencies or hesitations
If a client is reluctant to provide information for the sale, it’s a big warning sign. As too are inconsistencies in the information when it’s provided. Both instances suggest that someone is trying to hide something or at least conceal the true motivations for the sale. The best thing an agent can do is work to verify every stakeholder’s identity before continuing with the transaction process.

Identity Verification

HMRC’s guidance also stipulate the way businesses should use technology designed to assist them in establishing whether identity verification documents are authentic. Here’s how Credas can help you meet these requirements

Clause 4.101 of MLR 2017
Merely carrying out electronic records checks on limited information, such as the name and address of a person you have not seen, does not mean that you have verified that the person you are dealing with is who they say they are. You must ensure that the checks you use show that you have identified the customer, verified the identity and that they are, in fact, the same person that is using your services (to protect against impersonation)

How we help:
Fortunately, IDV technology such as the Credas portal and mobile app take users through a specific process which requires them to prove they are ‘real and present’ by performing a ‘liveness’ test. These
include a series of real-time instructions users need to follow while completing the verification process. Combined with the other ID checks outlined below, this ‘liveness’ test provides verification.

Clause 4.103 of MLR 2017
Viewing a photo document over the internet or a “selfie” of a person holding identification documents or the use of Skype or similar, is not an appropriate form of customer due diligence as you will not be able to identify fakes or forgeries. The use of facial recognition software does not address this issue.

How we help:
Our facial recognition technology used by Credas compares the person in the photographic ID document with the selfie taken to ensure a complete match. What’s more, the document authentication tool on our portal and app uses Optical Character Recognition (OCR) to confirm that the document hasn’t been
tampered with, while the NFC chip reading makes the authentication 100% complete. Our ID verification
software performs a series of broader data checks, including PEPs, Sanctions, address, DOB, mortality and more.

Clause 4.104

HMRC also gives guidance as including recommendation of using an IDSP that has been certified against a government recognised programme and it standards are regularly reviewed and meet said standards.

How we help:
Credas is a certified against the Government’s Digital Identity and Attributes Trust Framework the only accreditations recognised in the UK for Identity Service providers. We are also ISO 27001 Certified and Cyber Essentials approved meaning we meet government and trade body recognised data security standards.

Record Keeping

There are clear minimum requirements expected by HMRC in regards to record-keeping which includes customer and transactional data as well as policies document, internal audits and training records.

Transactional and contractual records should be kept for a minimum of 5 years after the end of the business relationship or from the date of an occasional transaction was completed. Any evidence obtained by yourself or a third party to carry out sufficient customer due diligence should also be retained for the same period. Any information relating to actions taken in respect to internal and external suspicion reports should also be kept on file.

Records should also be kept up to date in regards to ongoing business relationships such as a developer you sell houses on behalf of, to ensure documentation is up-to-date and relevant.

Records can be kept either as hard copies or in an electronic format, with electronic records subject to regular and routine backup with off-site storage. If someone carries out customer due diligence on your behalf they are subject to the criteria and you should you wish to move to another service or should that service go into liquidation any records should easily available to you

Staff Training

As part of your responsibilities, you must ensure that all staff members who deal with your customers, money, or are involved in compliance receive regular training and are aware of any changes to regulations and/or your procedures and policies.

What should be covered in the training?

HMRC has provided some guidance as to what they feel should be covered as a minimum. You should be able to evidence that staff have received training that covers:

The staff member’s duties
The risks posed to the business
Your specific AML policies and procedures
How to conduct customer due diligence and how the business verifies customer IDs
How to spot and deal with suspicious customers and activity including internal and/or disclosures of suspicious activity
Record keeping and data protection requirements
Important legislation such as the Proceeds of Crime Act, MLR 2017 and
Sections 18 and 21A of the Terrorism Act

How should training be delivered?

The format of the training can range from face-to-face training, webinars and conferences. HMRC themselves have produced a number of free webinars to cover the basics. While these may be sufficient to cover the fundamentals of AML, your staff should be trained in your specific procedures.

What does regular mean?

As it is advised that your risk assessment is reviewed annually the same principle could be applied to training and awareness as a minimum. Whether the risk assessment has changed or not staff should be aware that a review has taken place and the findings of that review. What is important is that any changes to your policy and procedures or regulations are communicated without delay and all staff have received sufficient and evidenced training.

Reporting Suspicious Activity

Under the Proceeds of Crime Act, professional and regulated entities such as Estate Agencies are required to make a Suspicious Activity Report (SAR) as soon as possible after you know or suspect that money laundering or terrorist financing is happening.

Under section 330 POCA, individuals in the regulated sector commit an offence if they fail to make a disclosure in cases where they have knowledge or suspicion, or reasonable grounds for suspicion, that another person is engaged in money laundering. Under section 330 this is punishable by a maximum penalty on indictment, of up to 5 years imprisonment

What counts as suspicious activity?

Earlier in this document, we outlined some typical money laundering warning signs but there are many more. The threshold for suspicion is low but in R v Da Silva [2006] EWCA Crim 1654 it was noted that “a vague feeling of unease would not suffice.”

It is also not your role to gather evidence, outside of your standard procedures, to confirm your suspicions; this is the role of the authorities. By donning your deerstalker, you could jeopardise any future investigation or inadvertently tip them off.

Can I continue a transaction after submitting a SAR?

Yes, but you will need to ask the NCA for a Defence Against Money Laundering (DAML) before proceeding. If you don’t get a reply from the NCA within seven working days and think you’ve correctly reported the activity, you can choose to assume a defence is granted. A DAML only covers the particular
transaction detailed in the report and does not give clearance to working with a customer in general. Submitting a SARs does protect you against any failures in procedures and policies to prevent money laundering.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_UA-77550291-23	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

Contents

A GUIDE TO AML FOR ESTATE AGENTS

DOWNLOAD THE GUIDE