Training Requirements

One of the key features of the Money Laundering Regulations 2017 is the essential element of training in line with Regulation 24.

The regulation itself states the following:

A relevant person (EAB or AMP) must—
(a) take appropriate measures to ensure that its relevant employees are—
(i) made aware of the law relating to money laundering and terrorist financing, and to the requirements of data protection, which are relevant to the implementation of these Regulations; and
(ii) regularly given training in how to recognise and deal with transactions and other activities or situations which may be related to money laundering or terrorist financing;

Firstly, who exactly is a relevant employee, well the Regulations defines that as someone whose work is:

(a) relevant to the relevant person’s compliance with any requirement in these Regulations, or
(b) otherwise capable of contributing to the —
(i) identification or mitigation of the risk of money laundering and terrorist financing to which the relevant person’s business is subject; or
(ii) prevention or detection of money laundering and terrorist financing in relation to the relevant person’s business.

Therefore, the definition is quite wide-ranging and for an EAB or AMP it must include all directors or senior partners, sales negotiators, lettings staff and all administrative staff who are concerned with the financial aspect of the business.

It must be understood that to breach Regulation 24 constitutes a criminal offence and a lack of training will almost certainly result in other regulatory breaches such as a company conducting ineffective Customer Due Diligence.

Training programmes should be relevant to each business so that employees understand the risks posed by the specific services they provide and the types of client they deal with, and so are able to appreciate, on a case-by-case basis, the approach they should be taking.

It is important to remember that an AML supervisor may check the adequacy of training to ascertain what has been provided. In 2014, Santander UK faced a Financial Conduct Authority (FCA) investigation that focused on their provision of investment services to retail customers, and one issue related to the adequacy of the training given to new investment advisers. The FCA looked in detail as to how the training had been provided and identified two deficiencies with the training.

Firstly, the self-assessment pre-course learning for compliance, which was tested on the first day of training, was marked at a 70% pass mark, whereas other courses were marked at an 80% pass mark. It was noted that if the pass rate had been 80%, 41% of advisers who completed the training would have failed the compliance assessment and could not have undertaken the course. Secondly, the FCA determined that the new advisers spent insufficient time using the systems that would become their platforms during the investment sales process. In feedback, the vast majority of the new advisers said that they felt this lack of training left them unprepared for their job role.

There are some key issues that arise out of the Santander case, such as exactly how effective is providing an employee with just an online e-learning programme. There is no opportunity to directly discuss matters relevant to their job role on a day-to-day basis and ask what is known in training circles as the “What if?” question and probe the trainer for direct answers. Too often delegates go away no better armed with what their legal requirements are prior to undertaking the training, and in a lot of cases even more confused. The danger with this approach to training is that it leaves both the employee and the business itself exposed to regulatory action.

When it comes to the knowledge that should be gained as a result of any AML training, further clarity was provided by way of sector-specific guidance on the 16th October 2020 by HMRC (read the guidance here).

The AML supervisor indicated that when any EAB or AMP is looking around for the provision of training services for their employees, they need to be sure that the course content covers as a minimum:

  • the staff member’s duties
  • the risks posed to the business
  • the business policies, controls and procedures
  • how to conduct customer due diligence and check sellers’ and buyers’ documents where this is part of their role
  • how to spot and deal with suspicious persons and activity
    document inspection and imposter detection, including the Home Office guidance
  • how to make internal reports, including disclosures of suspicious activity
  • data protection requirements
  • record-keeping
  • the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
  • Part 7 of the Proceeds of Crime Act; and sections 18 and 21A of the Terrorism Act

In terms of the frequency, the recommendation is that employees should receive training every 18 months or when regulatory changes require further training to be delivered.

The five training recommendations are:

1. Develop a regular training programme
2. Ensure sufficient time is allocated including an opportunity for the asking of questions
3. The training content must be relevant to the sector
4. Training records must be retained
5. Compulsory attendance

April 2021