Customer due diligence measures meaning

October 2022 saw the UK government introduce a new security framework via T(S)A 2021. This has since been bolstered by regulations that set out the precise security measures providers must undertake, together with a Code of Practice for telecoms providers that provides a good practice guide for effective telecoms security. The telecoms security rules present particular challenges for providers of public electronic communications networks or services (public telecoms providers), bringing extra compliance obligations, markedly increased risk and a series of key questions to address. Comprehensive due diligence should be carried out to identify the appropriate next steps to achieve compliance. Six key considerations Just because your business is not categorised as a Tier 1, 2 or 3 provider does not mean the rules will not affect you. Although suppliers to public telecoms providers are not directly regulated under the telecoms security rules, they will still be affected, as Tier 1 and Tier 2 providers are required contractually to flow down specific measures to their suppliers....

In this issue: Economic crime and corporate transparency Corporate governance Environmental, social and governance issues Share purchase agreement Daily and weekly news alerts New and updated content Dates for your diary Trackers Latest Q&As Useful information Economic crime and corporate transparency Government departments update ECCTA guidance on AML information sharing measures The Home Office, HM Treasury, the Ministry of Justice, Companies House, the Serious Fraud Office and the Department for Business and Trade have revised guidance on information sharing measures under the Economic Crime and Corporate Transparency Act 2023 (ECCTA 2023). Released on 3 October 2025, the update details how anti-money laundering (AML) regulated firms can share customer data, either directly or via third-party intermediaries, to prevent, detect and investigate economic crime. It outlines warning and request requirements for direct exchanges, practical points such as cross-sector sharing mechanisms, and obligations for reporting to law enforcement, compliance with the UK General Data Protection Regulation...

When concluded, these standards will establish the compliance framework in full across the whole of the EU and are anticipated to deliver significant changes for all AML-obliged entities. The RTS will centre on four core areas of AML compliance: risk profile evaluation, the choice of entities to be directly overseen by the newly created AMLA, customer due diligence, and a new penalties regime. On 6 March 2025, the EBA opened a consultation on the draft RTS, during which stakeholders could submit feedback. It closed on 6 June 2025, and it is unclear whether, and in what manner, the EBA will reflect the input from stakeholders received and act on it in shaping the definitive RTS (EBA launches consultation on AML/CFT RTS, LNB News 06/03/2025 41). Regulatory steps After the AML package was published, the European Commission sent the EBA a call for advice. Such a call is a formal request from the Commission for technical input on drafting RTS and guidelines, which are needed to implement the regulations...

This Practice Note sets out your responsibilities for enhanced due diligence (EDD) and how to apply them in everyday professional practice. It aligns with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), SI 2017/692, as amended. The guidance provided is of general application. You should determine whether the MLR 2017 impose additional or varied requirements for your sector, and whether your regulatory body sets any extra, sector-specific obligations relating to EDD...

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), SI 2017/692, as amended, place obligations on organisations regarding beneficial owners. This Practice Note: explains: the meaning of beneficial ownership who falls within the definition of a beneficial owner the customer due diligence (CDD) measures required covers: when certain customers must provide details of their beneficial owners what can be accessed from beneficial ownership registers provides guidance on: how you can/should rely on information from these registers when carrying out CDD the duty to report inconsistencies in beneficial ownership information This Practice Note is not a guide for corporate bodies or trusts on their own beneficial ownership obligations under the MLR 2017. The guidance here is of general application. Check whether...

This Checklist is aimed at professionals advising financial services firms on meeting the UK’s anti-money laundering (AML), counter-terrorist financing (CTF), and countering proliferation financing (CPF) legal and regulatory framework that applies to them. It sits within a broader series covering the obligations to undertake customer due diligence (CDD)-often called ‘know your customer’ or ‘KYC’-as required by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, SI 2017/692 (MLRs), together with the accompanying guidance issued by the Financial Conduct Authority (FCA) and the Joint Money Laundering Steering Group (JMLSG). This Checklist concentrates on the duties to perform enhanced customer due diligence (EDD), both in generally higher-risk scenarios and in particular situations involving unusual transactions, high-risk third countries, and correspondent relationships. For detail on applying EDD to politically exposed persons, see: AML/CTF checklist-politically exposed persons (PEPs) for financial services firms. For additional checklists on CDD obligations, see: Anti-money laundering and counter-terrorist financing (AML/CTF)-overview. What is enhanced due diligence (EDD)? The majority of firms...

This Agreement is entered into on [ date ]. Parties [ Customer ], a company incorporated in [ England ] with registered number [ company number ], whose registered office is at [ address ] (Customer); and [ Supplier ], a company incorporated in [ England ] with registered number [ company number ], whose registered office is at [ address ] (Supplier). Each of the Customer and the Supplier is a party; together, the Supplier and the Customer are the parties. BACKGROUND The Customer intends to delegate to the Supplier the delivery and oversight of its [ describe function ] services. At present, the Customer’s needs are met [ internally OR by an associated company ] [ by insert name of existing supplier ]. The Supplier has expertise in designing, developing and deploying [ describe function ] services and has accepted responsibility for delivering and managing the relevant elements of the Customer’s functions. The...

This Agreement is entered into on [ date ]... Parties [ Customer ], a company incorporated in [ England ], with registered number [ company number ], whose registered office is located at [ address ] (Customer); [ Supplier ], a company incorporated in [ England ], with registered number [ company number ], whose registered office is located at [ address ] (Supplier). Each of the Customer and the Supplier is a party; together, they constitute the parties... BACKGROUND The Customer intends to outsource the delivery and management of its [ describe function ] services to the Supplier, alongside the Customer’s appointment of several other service providers to deliver related and/or interdependent services, with whom the Supplier will be required to collaborate (together with any third party the Customer may appoint to provide overarching co-ordination and management of its multi-supplier ecosystem on a service integration and management (SIAM) basis)... The Customer’s requirements are currently fulfilled [...