With the rate of financial fraud and scams on the rise in the UK, customer due diligence (CDD) and ‘know your client’ (KYC) checks are more important than ever. Thankfully, there are several specialist company service providers in the UK who are able to handle CDD and KYC checks on behalf of businesses, removing the cost and time overhead involved and ensuring legal compliance.
When registering a new business through a company formation specialist such as Uniwide Formations, we carry out rigorous checks to identify our customers in accordance with the Anti-Money Laundering (AML), KYC and CDD regulations. For this reason, we always request proof of our customers’ identities and addresses. In this article, we will explain why we carry out KYC and CDD checks, the role that company service providers play in this process, and what is involved in performing these important checks.
Why are KYC and CDD checks so important?
Certain companies are legally required to carry out identity checks to prevent financial fraud such as money laundering under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (SI 2017/692), otherwise referred to as the MLR 2017.
According to the accounting firm BDO, the amount of fraud committed in the UK increased by an alarming 104% to £2.3bn in 2023 compared to 2022. The authors of BDO’s latest FraudTrack 2024 report found that a substantial increase in the use of technology has “expanded the scale, reach and impact of cyber-enabled frauds, leading to large increases in reported online scams throughout 2022 and 2023”.
The legal sector in the UK is also extremely concerned about the rise in fraud, such as money laundering against law firms and their clients, causing the Solicitors Regulation Authority (SRA) to demand higher standards of customer due diligence and KYC checks. As a result, the SRA is now cracking down on law firms that do not comply with their strict AML due diligence and KYC requirements, with fines of up to 2% of their annual turnover.
The role of company service providers in KYC and CDD checks
There are several company service providers in the UK who can take care of your KYC and CDD checks using the latest technology, including Uniwide Formations. As one of the UK’s largest company formation specialists, we have a legal obligation to check the identity of our clients. You will need to have your identity verified by us if you are using our registered office address service or registering as a company, a company director, or a person with significant control (PSC). Before you register your new company with us, it is important to check the ID documents required.
How we verify your identity will depend on where you are located. If you are in the UK, we will carry out a digital ID check using our verification partner, Credas, through your smartphone. We will send you a link to the Credas app, and you just need to follow the instructions provided. The whole process is incredibly quick and easy to use, and it removes the need to send us your personal documents and wait for a response. If you are not a UK resident, or if you are not eligible for our digital ID checking service, we will send you an e-mail asking you to provide the necessary information and documents.
What is meant by KYC and CDD?
KYC stands for “know your client“, and CDD refers to customer due diligence (CDD). Both are checks that must be carried out by certain types of businesses to ensure that they are dealing with legitimate clients (new and existing) and that there is no risk of fraud, money laundering, or terrorist financing.
Who needs to carry out CDD and KYC checks?
Not everyone needs to carry out CDD and KYC checks on their clients. If you enter a supermarket to buy a loaf of bread, they don’t carry out a CDD check on you. But if you buy a property using the services of an estate agent and conveyancer, you will need to go through their AML due diligence processes.
You will need to carry out CDD and KYC checks if your business is covered by the MLR 2017. ‘Relevant persons’ covered by the MLR 2017 and who must carry out customer checks include:
- Credit providers not supervised by the Financial Conduct Authority (FCA)
- High-value dealers handling cash payments for goods totalling 10,000 euros or more on a single transaction or linked transactions
- Trust or company service providers that are not supervised by the FCA or a professional body
- Independent legal professionals
- Accountancies not supervised by a professional body
- Estate agents
- Bill payment service providers not supervised by the FCA
- Telecoms, digital and IT payment service providers not supervised by the FCA
- Art market participants buying or selling works of art where the transaction value (or a series of linked transactions) is 10,000 euros or more
- Letting agency businesses renting property or land valued at the equivalent of 10,000 euros or more a month.
The law also makes it clear that a relevant person must also carry out customer due diligence measures in relation to existing customers on a ‘risk-based approach’ and when they become aware that the risk profile of that customer has changed.
KYC and Customer Due Diligence (CDD)
KYC is about checking the identity of customers to ensure they are who they say they are, and CDD is about understanding their risk profile. Companies in the UK are required by law to carry out due diligence checks on clients in accordance with the MLR 2017.
It is the responsibility of ‘relevant persons’ to follow and adhere to the MLR 2017 to ensure that customer due diligence checks are carried out correctly.
The most important point to remember is that if you intend to enter into a business relationship with a client, you must carry out KYC and CDD checks in order to comply with the MLR 2017.
Regulation 28 of the MLR2017 states that a relevant person must:
- Identify the client (unless the identity of that customer is known to, and has been verified by, the relevant person)
- Verify the client’s identity and
- Assess (and, where appropriate, obtain information on) the purpose and intended nature of the business relationship or occasional transaction.
It is not just the identity of the customer that should be checked; any person purporting to act on behalf of the customer and any beneficial owner of the customer should be verified before you start a business relationship with them or start working on the transaction.
Depending on the situation, it may be necessary for your business to carry out simplified, standard, or enhanced due diligence checks.
Simplified due diligence
According to regulation 37 of the MLR 2017, a business may only need to carry out a simplified form of CDD checks if it can be shown that the business relationship or transaction involves a relatively low degree of risk of money laundering and terrorist financing. This involves a brief verification check of a customer’s identity and ongoing monitoring of their risk profile.
Standard due diligence
With standard due diligence, a business will need to collect customer information, verify the identity, assign the customer a risk rating, and carry out ongoing monitoring.
Enhanced due diligence (EDD)
In some cases, it may be necessary for a business to carry out more rigorous checks on prospective clients, referred to as ‘enhanced CDD’. This may be the case if:
- It has been identified that there is a high risk of money laundering or terrorist financing.
- There is a business relationship or transaction with a person established in a high-risk third country.
- The prospective client is a politically exposed person (PEP) or a family member or known close associate of a PEP.
- A client has provided false or stolen identification documents or information, and the relevant person proposes to continue to deal with that customer.
- The transaction is complex and unusually large, or there is an unusual pattern of transactions, and the transaction or transactions have no apparent economic or legal purpose or
- There is a higher risk of money laundering or terrorist financing.
Enhanced due diligence involves collecting additional information from the customer, requesting more proof of identity, verifying the source of funds or wealth and the ultimate beneficial owner (UBO), and ongoing monitoring.
How to carry out identification (ID) checks
To perform an identification check, you will first need to gather the customer’s basic information, including their full name, address, date of birth, and contact details. In most cases, businesses use KYC forms to request this information from the client. The next stage is checking any identity documents provided (e.g. driving licence, passport, utility bills, and bank statements) to ensure they correspond to the client and the information provided so far.
Once these initial checks have been carried out, Electronic Identity Verification (eIDV) can be used to properly verify the identity of the client. This involves the use of biometrics (e.g. facial recognition or fingerprints), automatic checks against official databases, and the use of technology to verify digital documents.
Electronic Identity Verification (eIDV) is carried out by company service providers who have the technology and processes to streamline the client onboarding process for you. This removes the time burden and risk of trying to verify the identity of customers. For example, eIDV providers such as Credas provide biometric facial recognition, international ID document checking, and NFC checking to verify passports.
KYC processes also involve checking official lists to see whether the prospective client is subject to sanctions or is a PEP.
Final words
KYC and CDD checks are crucial for reducing businesses’ exposure to significant financial crime and fraud. At Uniwide Formations, we ensure that your identity is verified through a straightforward and efficient process when using our services. By engaging with a service provider that specializes in digital and automated identity verification, your company can mitigate the risk of fraud and ensure legal compliance with the MLR 2017, making the process much easier and more efficient.