Anti-Money Laundering – Have you assessed the risks?

A step-by-step explanation of a firm’s responsibilities under anti-money laundering regulations.

For many insolvency practitioners, anti-money laundering (AML) compliance starts and finishes with client identification procedures. But that simply isn’t sufficient to comply with current legislative requirements, nor to adequately protect you from becoming a professional enabler – a title none of us relish acquiring!

The area is under increasing regulatory scrutiny as the Recognised Professional Bodies (your AML supervisors) now have their own oversight regulator, the Office for Professional Body Anti-Money Laundering Supervisions (OPBAS), breathing down their necks. We IPs are likely to come under closer scrutiny from our AML supervisors, with a renewed focus on meaningful AML compliance.

So, aside from Customer Due Diligence (CDD) procedures, what do you need to do?

What are the risks faced by IPs?

Money laundering and terrorist financing are significant threats to any economy, particularly those operating globally. The UK is the world’s sixth largest economy, of which our financial services sector is a key component.

HM Treasury’s 2015 National Risk Assessment judged accountancy services to be at high risk of money laundering exploitation. The Treasury re-affirmed that view in 2017, concluding that ‘the inherent risks and vulnerabilities of accountancy services remain, due to the value of these services to those engaging in high-end money laundering… Company liquidation and associated services (including insolvency practice, which may be conducted by certain accountancy professionals) also pose a risk of criminals masking the audit trail of money laundered through a company and transferring the proceeds of crime…’.

Firm-wide risk assessment

First and foremost you must have a documented firm-wide risk assessment in place. This is a mandatory requirement under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR17), placed upon all ‘relevant persons’ (which includes IPs) and your supervisor may ask for sight of it at any time. Your risk assessment should:

  • identify the risk factors that apply specifically to your business and the way in which it operates
  • consider the frequency of occurrence of these risks, as well as their potential severity
  • explain how these risks are adequately managed and mitigated by the processes and procedures employed by your firm
  • be reviewed periodically and updated with new service lines and operational models
    used to educate and inform your staff

If you don’t know where to start or are pressed for time, ISS can assist you.

Oversight

Secondly, you need to consider who within your practice is going to take responsibility for production, operational oversight and periodic review of your policies, controls and procedures and whether this is going to be a formal compliance officer role, or an informal or shared function. Depending on the size and nature of your practice, either route may be appropriate. The key requirement is that someone (individual or group) needs to oversee this area. This is not the same function as the traditional money laundering reporting officer role, although these may be combined, if that works best for your firm.

Policies, controls and procedures

Regulation 19 of the MLR17 requires you to establish and maintain policies, controls and procedures to effectively mitigate and manage the risks of money laundering and terrorist financing identified in any risk assessment undertaken by the relevant person. These must be maintained in writing and must include:

  • risk management practices
  • internal controls
  • customer due diligence
  • reliance and record keeping
  • the monitoring and management of compliance with, and the internal communication of, such policies, controls and procedures

Do you have these policies in place? If not, we can help.

CPD and staff training

Those responsible for AML oversight must receive appropriate CPD on the conduct of their functions. Additionally, your whole team should be provided with periodic training, not just about the law in this area, but also about the specific risks presented to your business and the policies, controls and procedures that your firm has in place.

ISS can supply in-house and/or online learning modules for your officers and your team members, specifically tailored for your business and the risks it faces.

Beneficial owner and manager approval

It is a criminal offence for a person to act in the capacity of a beneficial owner, officer or manager of a relevant firm without the approval of an AML supervisor. Have all relevant owners and managers of your practice registered with your AML supervisor yet?

This requirement extends to any party with a controlling interest in the business (eg a shareholding in excess of 25%) and any principal, senior manager, or member of a management committee who is responsible for setting, approving or ensuring the firm’s compliance with the firm’s anti-money laundering policies and procedures.

 

We will be examining the legal requirements and the risks presented to practices in our forthcoming Intensive CPD / CPE Catch-Up Courses and discussing how practices may manage these.

For further information about how ISS may assist you in meeting your AML obligations, contact enquiries@insolvencysupportservices.com

R3 in Scotland Breakfast Seminar: An Insolvency Practitioner’s Duties and Obligations

Insolvency Support Services (ISS) is delighted to sponsor the upcoming R3 in Scotland Breakfast Seminar on An Insolvency Practitioner’s Duties and Obligations: a look at Doonin Plant vs SEPA.

The excellent panel of speakers comprises Kirsten Fleming and Tim Cooper from Addleshaw Goddard and Alison York, Head of Legal at the Scottish Environment Protection Agency (SEPA).

R3 President, Stuart Frith, will also give an update on behalf of R3.

When: Friday 30 November 2018, 08:00 until 10:00
Where: Addleshaw Goddard LLP, 19 Canning Street , Edinburgh EH3 8EH

We look forward to catching up with you for an excellent breakfast seminar!

To book, please click here.

A Privacy Policy is not just for your website

An Insolvency Support Services (ISS) survey of 70 insolvency practitioners’ websites has revealed that only 25% contain any information about the rights of the various parties an insolvency practitioner will routinely process data about during the course of an insolvency engagement: debtors, directors, creditors, employees and other stakeholders.

While 80% of websites contained a privacy policy of sorts, 68% of these privacy policies related only to visitors’ use of the website and information collected about their website usage through cookies.

Most policies were found to be lengthy, generic templates which failed to adopt the “layering” approach recommended by the Information Commissioner’s Office. In one case, the privacy policy was labelled “US” and failed to mention the GDPR regulations at all!

Only 13% of the websites surveyed sought express permission for cookies and explained both the privacy policy in relation to the website and in relation to data held by the practice in connection with insolvency appointments.

Alison Curry, a director of ISS, commented: “These findings might not mean that practitioners are falling down in their GDPR obligations. They may be supplying the necessary information within privacy notices that are distributed by email or in hard copy during the course of insolvency proceedings. However, even if that is the case, these firms are missing an opportunity to make this information readily available at nominal additional cost and inconvenience, by placing it on their website. Of more concern would be if practitioners are failing to provide the relevant data subjects with an appropriate privacy notice, explaining their rights, the insolvency practitioner’s lawful basis for processing and the retention and destruction policies adopted by the practice.”

Do you have all the GDPR documentation that your firm needs in order to comply fully with the new legislation, both online and offline? ISS can assist you with insolvency-specific, layered, GDPR documents; including a full suite of policies, procedures and notices, which can be easily customised for use in your firm.

Was your firm surveyed? If you would like to know if yours was one of the firms surveyed, please get in touch for a no-obligation chat about our findings.

For further details, call 0845 6017570 or email enquiries@insolvencysupportservices.com

Research note:

Insolvency Support Services’ review surveyed the websites of 70 insolvency practitioners in London and South East England at the end of September 2018. Our main objective was to assess the extent to which insolvency practitioners’ have published a privacy policy on their website that satisfies GDPR requirements some four months after the new legislation came into force.

Intensive Insolvency CPD / CPE Catch Up Course

Looking to catch up on your CPD? It’s that time of year when we submit our licence applications and sign off that we have fulfilled our CPD obligations.

Join fellow professionals and the ISS Training team for an intensive two days and 12 hours of CPD / CPE in advance of your annual licence renewal.  It is only £495 plus VAT for the two days.

This course will cover key compliance areas for all insolvency professionals and provide optional streams to cater for the types of work your practice undertakes.  Choose the stream that suits your business and development need.  Delivered in a group, interactive format, you will have an opportunity to discuss with peers the issues you’ve encountered in practice and pick the brains of our compliance experts, Eileen Maclean and Alison Curry.

CPD Learning Outcomes

  • Clear and concise guidance to legislative and regulatory requirements governing each area
  • An opportunity to discuss current issues and best practice with fellow professionals
  • 12 hours of bespoke and relevant CPD/CPE to support your annual license renewal

Who should attend

This course is aimed at licenced Insolvency Practitioners and their staff, who are looking for a comprehensive introduction to the subject matter or an update to their technical knowledge and skills.

Speakers

Eileen Maclean MA Hons MIPA MABRP MBA, director of Insolvency Support Services Limited

Alison Curry LLB Hons MIPA, director of Insolvency Support Services Limited

Location and Date

Manchester, 21/22 November, 9.30am to 5.00pm

London, 5/6 December, 9.30am to 5.00pm

Cost

Half day course: £155 + VAT
Full day course: £295 + VAT
All four half day courses: just £495 + VAT

Fees include all course documentation, lunch and light refreshments

CPD

3-12 hours depending on modules attended

Course Outline

Day 1

Session 1: Know Your Customer:  Systems & Procedures Workshop
How you can improve your firm’s KYC in a cost effective and proportionate way to manage the risks presented by conflicts of interest and the AML regime.

Session 2: SIPs Update
Refresh your knowledge of these key regulatory requirements.

Session 3:
Choose from:

Option A: Current issues in IVAs
Join Alison for an examination of the current regulatory focus and developments in IVA practice.

Or 

Option B: Current issues in MVL
Eileen presents an overview of the particular risks incumbent in MVL work and how these can be effectively managed.

Day 2

Session 1: Understanding Vulnerability
Vulnerability, and particularly the impact of mental health problems, has never been higher profile. Consider what adjustments your business operations require, to assist your clients and avoid adverse PR.

Session 2:
Choose from:

Option A: Bankruptcy Update
Alison leads the discussion on how practice within the Official Receivers is developing and examines the real impacts of bankruptcy on those you assist with their debt situation.

Or

Option B: Sectoral Challenges
With retail failure seldom out of the news, the hospitality sector struggling to recover its footing and the construction industry facing faltering house prices, Eileen will look at some sector-specific challenges faced by UK businesses and the owners and creditors you advise.

Session 3: Data Privacy Workshop
Data privacy cuts across all areas of practice management. Understand what steps you need to take, both as an insolvency professional and as a business person.

 

CPI and CPPI exam success for ISS Training students

ISS Training is delighted to congratulate its CPI and CPPI students on their success in the June 2018 CPI and CPPI exam sitting.  Our students achieved great results, including one distinction and three merits, and we are thrilled that all of their hard work paid off.  Well done, class of 2018!

Enrolment for the 2019 session is now open. For full details of the classes and dates for CPI click here and for CPPI click here.

If you would like to discuss your options, please speak to us at any time on 0845 601 7570 or courses@insolvencysupportservices.com

Announcement regarding Insolvency Support Services (ISS)       

Please note that with effect from 1 July 2018, the business of Insolvency Support Services under the business lines ISS Training, ISS Compliance, ISS Outsourcing and ISS Practice Support has transferred to a new limited company SC601201.  The company previously registered as Insolvency Support Services Limited (SC357810) has changed its name to Dunedin Advisory Limited.

Dunedin Advisory retains responsibility for the Accountant in Bankruptcy contract and remains as a provider of outsourced bankruptcy services.  Formal appointments in the name of Christine Convy and Jenn Stewart, and court reporting duties remain with Dunedin Advisory Limited.  Enquiries regarding any case matters previously dealt with by Insolvency Support Services Limited should now be directed to Dunedin Advisory, contact details for which can be found at https://dunedinadvisory.com

Insolvency Support Services Limited’s new details are as follows:

Registered address: 12 Castle Terrace, Edinburgh, EH1 2DP

Registered number: SC601201

Director: Eileen Maclean

VAT number: 299 2513 64

Customers

All contracts for training services have been assigned to Insolvency Support Services and will be honoured as contracted.   Any sums paid in advance for course bookings made before 1 July 2018 have been transferred to the new company in full.  Cancellation terms and all other terms and conditions of booking are unchanged.

Customers will be contacted individually with details of our new bank account for payments in respect of bookings made on or after 1 July 2018.

Suppliers

All invoices in relation to supplies to Insolvency Support Services Limited from 1 July 2018 onwards should be addressed to:

Insolvency Support Services Limited

12 Castle Terrace

Edinburgh

EH1 2PD

and submitted electronically via enquiries@insolvencysupportservices.com.  Standard payment terms are 30 days, unless otherwise agreed.

Continuity of Service

The team at ISS will continue to provide the same breadth and high standards of training, compliance, outsourcing and practice management services that you have come to expect.  We look forward to working with our valued existing customers and new contacts.

If you would like any further information, please contact Eileen Maclean at emm@insolvencysupportservices.com or on 07957 600538.

Are you geared up for your GDPR responsibilities?

Alison Curry reviews the requirements for IPs under Europe’s biggest change to data protection in more than two decades.

Any substantive change to business legislation requires insolvency practitioners to take a dual approach: we must consider both our own business responsibilities and make sure that the legislation permeates our approach to insolvency appointments. And so it is with the General Data Protection Regulation (GDPR).

What does GDPR do?

The data processing regime exists to ensure that the data privacy of EU citizens is protected. It imposes strict safeguards on the use of personal data by businesses and even higher duties where that data is particularly sensitive (or ‘special category’ as it is now called).

Jargon busting

Personal data is classified as any information from which a natural person can be identified directly or indirectly; so the application of GDPR is broad. It includes, for example, the names and addresses of individual creditors, the pay details of employees and the personal details of a company’s directors.

The definition of data processing is similarly wide and includes (among other things) the collection, organisation, storage, alteration, retrieval, use, dissemination and, perhaps most surprisingly, destruction of data.

A data controller is any natural or legal person that determines the purposes and means of processing personal data. That will necessarily include an insolvency practitioner in respect of personal data contained in their case files.

A data processor is a natural or legal person that processes personal data on behalf of a controller. So if you instruct an Employment Rights Act claims handler, for instance, they are likely to be a data processor.

Any processing of the personal data, whether by data controller or data processor, must comply with GDPR. Both data controllers and processors may be joint and severally liable in the case of any breach.

Legal bases

It is a requirement that data may only be processed where one or more of the specified legal bases apply, and these must be specified in advance of the processing commencing. You can specify more than one legal basis, but you cannot change the stated basis of processing once it has been defined.

What do I need to do?

GDPR requires organisations to demonstrate compliance with the principles set out in the legislation. In essence, businesses must demonstrate that the data is: needed; relevant and accurate; held securely and only for as long as is necessary; how and why it is held; and that it is only shared as necessary.

Your business must document what personal data it holds, on what basis and in what capacity, and by whom it will be processed. As a minimum, you will need a data processing register, register of data processors and a data breach register, though ideally, you should consider documented policies to deal with data security and breaches, retention and destruction, subject access requests and processor oversight. If you process sensitive (special category) data, which is likely to be the case, you must also have a documented policy describing your processing.

You must make available privacy notices that are relevant to the various categories of data subjects you encounter (business contacts, advice clients, personal insolvency clients, directors, shareholders, staff members etc), setting out your approach to personal data handing.

GDPR upon appointment

Prior to and upon appointment, you must understand and assess the risks that GDPR presents. Your checklists or work programmes should document GDPR considerations and their potential impact and you should be able to demonstrate that the entity’s current GDPR approach has been assessed, any risks are identified and, wherever possible, minimised.

If the entity’s personal data processing will continue post-appointment, you will need to assess the GDPR risks and ensure that the entity has in place the necessary consents and appropriate controls and policies surrounding its data processing.

If personal data is likely to be transferred as part of a going concern sale, you should check whether that data is transferable and whether consent to transfer has been given or is required, with the benefit of legal advice.

Existing cases

Data subjects may be notified of changes to the relevant privacy policy by way of a link to your website on the next opportunity for communication. It seems you do not need to contact individual data subjects in closed cases, however, you should consider how you will deal with any subject access requests relating to these appointments and satisfy yourself that personal data is securely stored.

Assistance

There is lots of generic advice out there, but little if any of that is insolvency-specific. That’s where we can help. We have designed policy documents for insolvency practitioners, a GDPR checklist for use on appointments and sample privacy notices for the different categories of people that insolvency practitioners will encounter. Our full suite of GDPR documents is available for £1,850 (plus VAT). We can also provide Data Protection Impact Assessment screening, in-house training and support staff training and induction. If you would like to know more about how we can tailor our services to help you meet your GDPR obligations, please contact Alison Curry at ac@insolvencysupportservices.com.

 

Alison Curry is a licensed insolvency practitioner at Insolvency Support Services Ltd, with over 20 years of practice experience, including six years as head of regulatory standards at the Insolvency Practitioners Association.

This article first appeared in Recovery News, the newsletter of R3, the Association of Business Recovery Professionals.

GDPR: practical support for IPs – supporting your business and issues on appointment

One of our recent webinars considered the forthcoming provisions of GDPR and the practical implications for IPs, in terms of our own businesses and those of the insolvent entities to which we are appointed. There is lots of generic advice out there, but little if any that is insolvency-specific. That’s where we can help.

We are designing policy and process documents for insolvency practitioners, a GDPR checklist for use on appointments and sample privacy notices for the different categories of people that insolvency practitioners will encounter. We can also provide bespoke webinars to support regular staff training and induction.

If you would like to know more about how we can help you meet your data processing obligations, please contact Alison Curry at ac@insolvencysupportservices.com

We can offer several options to help meet your specific needs:

  • GDPR checklist on Insolvency Appointment: priced at £500 plus VAT
  • Package of Sample Privacy Notices: priced at £750 plus VAT
    o Employees
    o Directors, shareholders and owners
    o Debtor clients
    o Creditors, book debtors and employees of insolvent entities
    o Marketing and Contacts
  • Package of Sample Policies and Registers: priced at £750 plus VAT
    o Data Processing Registers for Insolvency Practices
    o Data Breach Register
    o Sample Policies:
    – Employees (IP practice staff)
    – Confidentiality and Data Security
    – Special Category Data
    – Data Security Breach
    – Data Retention and Destruction
    – Subject Access Requests
    – Vulnerable Clients

Or purchase the complete package for £1,850 plus VAT

We can also offer bespoke webinars to support regular staff training and induction from £750 plus VAT.

Please contact Alison Curry at ac@insolvencysupportservices.com to discuss your requirements.

And don’t forget that our GDPR webinar: A practical approach to GDPR for IPs is still available for £50 plus VAT per view. Contact courses@insolvencysupportservices.com to register.

Extensive new training programme for 2018

We are delighted to launch our comprehensive new directory of courses for 2018.

As always, our programme includes brand new courses, perennial favourites, and exam training.

ISS Training Team expands across UK

Our training team has expanded, with Eileen Maclean joined by Alison Curry. Specialising in insolvency law and regulation in England & Wales, Alison will be leading our course offering for IPs south of the border.

Guest Speakers

We have invited several well-respected guest speakers from the worlds of tax, VAT and law to join us on some of our courses to provide complementary expertise and perspective. And we have again teamed up with experts in the fields of marketing and professional development to give you wider, relevant learning and development opportunities.

One Hour Series

These short online courses proved incredibly popular when we introduced them in 2017. Have a look at our full programme of webinars, presented in three series: Technical Shorts; Business Insolvency and Protecting Your Licence. There are 16 to choose from in total.

Locations

We train across the UK, with courses in Edinburgh, Glasgow, Manchester, Leeds and London.

Bespoke Training

We also offer bespoke in-house training, tailored to the specific requirements of your organisation. Clients find this especially valuable when they have a business need, require a confidential environment for training or have a team they wish to develop. All our open courses can be run as bespoke, or speak to us about designing a programme to match your needs.

 

To find out more, visit https://insolvencysupportservices.com/iss-training and to book places on any courses speak to Danielle Kelly on 0845 601 7570 or email courses@insolvencysupportservices.com

Alison Curry, former Head of Regulatory Standards at the IPA, joins Insolvency Support Services

 

We are delighted to announce that senior industry professional Alison Curry has joined Insolvency Support Services (ISS) as a Director in a move that expands our services across the UK.

Alison is very well-known for her work on developing regulatory standards during her time as Head of Regulatory Standards at the Insolvency Practitioners Association (IPA) and the numerous courses and events at which she delivered informative presentations to IPA members and the broader profession.

Specialising in insolvency law and regulation in England and Wales, Alison has a proven track record of regulatory drafting, project management and implementation of organisational change.

Alison commented: “I am delighted to be joining the team at ISS. This is an exciting opportunity to extend the highly regarded ISS offering across the UK, in all ISS service lines: Training, Outsourcing, Practice Support and Compliance. My experience with the Insolvency (England & Wales) Rules 2016 will also assist in our helping practitioners assimilate the similar changes which are due to take place in Scotland.”

Based in the South East of England, Alison will be delivering training and client support throughout the UK. Her first training course, a New SIPs Update 2018 webinar, will take place on Friday 16 February. This will be followed by a brand new IVA Masterclass, which she will be running in Glasgow on 14 March.

Eileen Maclean, Executive Director of ISS, said: “Alison’s appointment adds further depth to our growing team, enabling us to service increasing client demand across the UK, and supports our aim of being the UK’s centre of excellence for insolvency support services.“

Alison can be contacted at ac@insolvencysupportservices.com or on 01592 323460

For more information about the New SIPs Update 2018 webinar and IVA Masterclass and to book, please call 0845 601 7570 or email courses@insolvencysupportservices.com