JMLSG launches a consultation on proposed revisions to Part 1 of its Guidance

On 28 January 2025, the Joint Money Laundering Steering Group (JMLSG) launched a consultation on proposed revisions to Part 1 of its Guidance.

KEY FEATURES

• The JMLSG has proposed enhancements to its Guidance to be more prescriptive regarding intra-group/group company outsourcing, applying customer due diligence (CDD) to group companies, and court-appointed deputies and intermediaries acting on behalf of customers.
• The inclusion of additional examples and scenarios enhances the clarity of Part 1 of the JMLSG Guidance to assist firms in achieving regulatory compliance in these areas.  
• The proposed changes will be beneficial for firms that outsource within their group or deal with court-appointed deputies and intermediaries acting on behalf of customers.
• These changes guide firms to ensure they have the appropriate controls and apply the proper level of due diligence in these instances.
• The JMLSG provides additional context to help firms easily adhere to regulatory obligations, a positive development.

The full consultation is on the JMLSG website, where four documents highlight the proposed tracked changes.

• https://www.jmlsg.org.uk/consultations/consultation-part-i-january-2025/

The JMLSG is accepting comments on the planned updates until 28th March 2025.  Comments can be made via email to caroljsmit@jmlsg.org.uk.

Below, is an outline of the key proposed changes and practical takeaway questions in the order in which they appear in Part 1 of the JMLSG Guidance.

CHAPTER 2 – INTERNAL CONTROLS

Addition of three new paragraphs concerning intra-group and group companies under 2.22-2.24:

At the end of Chapter 2, proposed updates outline a firm’s required internal controls when outsourcing within its group or group companies.

1. 2.22: UK firms must ensure compliance with all UK AML, CTF, and sanctions obligations where there are UK branches or UK subsidiaries.
• This includes addressing intra-group and external outsourcing arrangements relevant to the firm’s financial crime systems and controls.
• How does your firm ensure compliance with UK AML, CTF, and sanctions obligations when outsourcing within your group?
2. 2.23: The MLRO or SMF17 must have the authority to take necessary actions when material AML/CTF risks arise in intra-group or group company outsourcing arrangements.
• Consider your firm’s delegation process with intra-group or group company outsourcing arrangements.
• How is the MLRO’s authority clearly defined, communicated and documented?
3. 2.24: Firms outsourcing activities to other group companies or headquarters should ensure that risk-based mechanisms, such as service level agreements, are implemented to address AML/CTF risks.
• JMLSG provides 5 examples where this would be expected, including reporting AML/CTF management information (e.g., KPIs, KRIs), information on AML/CTF training, details of compliance monitoring/testing or audits, and escalation protocols.

How does your firm implement risk-based mechanisms within intra-group or group company relationships? How could these controls be strengthened?

Chapter 5 – Customer due diligence

The proposed revisions include four new paragraphs in Chapter 5 relating to group companies, local authorities and professional deputies and intermediaries.

Application of CDD measures:

Proposed new paragraphs under 5.3.138A and 5.3.138B relate to regulated financial services firms subject to ML Regulations (or equivalent) and the appropriate level of due diligence to apply to group companies.

1. 5.3.138A: A risk-based approach should determine the level of CDD to be applied in establishing business relationships or occasional transactions with another regulated firm in the same group. SDD may be used where the group company is subject to the MLRs or equivalent.
2. 5.3.138B: If a group company in a non-equivalent or high-risk third country follows group-wide policies equivalent to the UK MLRs, the extent of CDD/EDD measures could consider factors such as the nature of its activities and the associated risks.

• How does your firm currently apply due diligence to group companies?
• Consider your firm’s approach to determining the appropriate level of CDD for business relationships or transactions with other regulated firms within the same group. How is the risk-based approach justified and documented?

Other considerations

Court of Protection orders and court-appointed deputies:

Proposed revisions to this section go further to outline CDD measures applied to court-appointed deputies and professional power of attorneys, providing firms with an outline of how to approach the due diligence of these individuals.

In instances where local authorities and professional deputies are appointed by the Court of Protection (or equivalent in Scotland and Northern Ireland), firms should:

1. Verify the deputy’s identity and authority,
2. Take a risk-based and anti-fraud approach to verify the identity and authority of authorised officers (where nominated),
3. Apply this approach to newly appointed deputies handling account closures.

In the above instances and for professional power of attorneys (e.g., solicitors), due diligence should be conducted on the individual’s professional rather than personal capacity unless their personal capacity is considered relevant.

• What processes does your firm have in place for applying CDD to court-appointed deputies and professional power of attorneys?
• How do you satisfy your obligations while considering potential customer vulnerability?

Multipartite relationships, including reliance on third parties - (ii) Where the intermediary is the customer's agent.

This section of the Guidance relates to instances where intermediaries are agents of the customer and details the firm’s due diligence obligations in these instances.

• 15.6.36: This new paragraph outlines a firm’s requirement to clearly identify and document who its customers are and which underlying parties it has a business relationship with, ensuring it applies risk-based CDD measures to the appropriate parties.
• 5.6.38: Paragraph 5.6.38 outlines a firm’s obligation to carry out CDD measures when taking instructions from or acting on behalf of an underlying customer.
• The proposed revision includes an additional sentence noting that simplified due diligence may be applied where the underlying party is a low-risk firm customer.
• What is your firm’s process for identifying and documenting customers and underlying parties?
• How is the appropriate level of due diligence of intermediaries determined?
• In the instance of mutual parties, how do you currently consider their risk rating in determining the level of due diligence to apply?

 Source

• https://www.jmlsg.org.uk/consultations/consultation-part-i-january-2025/

• https://www.avyse.co.uk/insights/understanding-the-latest-jmlsg-consultation-key-updates-and-implications-for-amlctf-compliance