The purpose of this Section of the Handbook is to establish what identification information should be requested and whose identity should be verified. This Section also provides exemptions and concessions to these requirements in certain scenarios.

Guidance is also provided in this Section on:

(a) the timing of verification procedures;

(b) the means by which verification can be performed; and

(c) what to do when it is not possible to complete identification or verification of identity.

As with CDD requirements, under paragraphs 5 and 7 of the Code identification and verification of identity requirements apply at the outset of a customer relationship or one off transaction.

Where there is a change in the underlying principals or third parties on whose behalf a customer acts or there is a change in the beneficial ownership and control of a customer, licenceholders should treat these persons as new relationships. Both the CDD and identification and verification requirements must be applied.

Under paragraph 6 of the Code "Continuing Business Relationships", CDD information and verification of identity may be required on existing clients in certain circumstances. Whether or not CDD and verification procedures will need to be completed on existing clients in these circumstances will depend upon whether the licenceholder has already obtained the relevant information and documentation at the beginning or during the course of the relationship previously and whether, if it has been obtained, it is satisfactory.

Licenceholders will need to examine the information and documentation they already hold to determine whether it is necessary to make further enquiries either of the customer concerned or from other sources.

If the information and documentation has not already been obtained, or that obtained is unsatisfactory licenceholders must take steps to obtain such information or documentation.

The requirements at paragraph 6 of the Code do not require licenceholders to provide information regarding their suspicions to the customer.

If a licenceholder is in doubt regarding the tipping off provisions, they should contact the FCU for guidance.

Licenceholders must apply identification and verification of identity procedures in the following circumstances:

(a) A change in identification information of a customer;

(b) An absence of meaningful originator information on wire transfers (see Section 5.3 for more specific information on the requirements relating to wire transfers); or

(c) In respect of wire transfers, where a one-off payment in excess of Euro 1000 is to be made at the request of a non-account holding customer (see Section 5.3.3 for more specific information).

Such circumstances might also involve a broader review of CDD information / documentation held as outlined at Section 3.1 of the Handbook.

Determining that a customer is who they claim to be is a combination of being satisfied that:

(a) a person or entity exists on the basis of appropriate identification information; and

(b) the customer is that person or entity by verifying the information from reliable independent source documents or other data.

Below are the key principles that licenceholders should follow.

(a) Identifying customers and verifying identity is generally a cumulative process with more than one document or data source being required to verify all of the necessary components. Licenceholders will need to be prepared to accept a range of documents and data. However, licenceholders must be aware that some documents are more easily forged than others.

(b) In carrying out CDD procedures on customers, their affairs and their transactions, licenceholders should ensure that any documents in a foreign language are adequately translated into English, so that the true significance of the document can be appreciated. Where customers put forward documents with which a licenceholder is unfamiliar, either because of origin, format or language, the licenceholder must take reasonable steps to verify that the document is indeed genuine. This may include contacting the relevant authorities. A copy of the translation of the document in question must be obtained and kept with the identification evidence.

(c) Nationality and/or citizenship should be established to ensure that the applicant for business is not a national or citizen of a nation which is subject to sanctions by the United Nations or any other official body or relevant government which would prohibit such business being transacted. Nationality normally reflects a person's relationship with their state of origin while citizenship may reflect a country where they have the right to reside.

(d) Any photocopies of documents showing photographs and signatures should be plainly legible. In face-to-face situations, licenceholders should ensure employees check that a photograph represents a good likeness of the customer.

(e) In circumstances where an account holder appoints another person as an account signatory e.g. an expatriate appointing a member of his family, or company directors appointing a non-director as a signatory, or granting a power of attorney in favour of an individual, full identification procedures should also be carried out on the new account signatory or attorney.

(f) Irrespective of the type of business relationship, or whether the customer is a natural or legal person, where any doubt arises as to the identity or address of a customer in the course of a business relationship, licenceholders should re-verify the identity and address of the customer in accordance with the relevant procedures in this Section of the Handbook.

(g) Where any of the relevant information or documentation cannot be obtained in accordance with 4.13 of the Handbook, licenceholders should not enter into the business relationship with the applicant. In such circumstances, all documentation that has been obtained should be retained for at least 5 years from the relevant date as required by the Paragraph 11 of the Code.

(h) Where a licenceholder has knowledge, or reason to be suspicious, of money laundering or terrorist financing by an applicant and the business relationship has not proceeded, a suspicious transaction report must be made in accordance with the legislation. This requirement is irrespective of the type of customer.

4.2.1 Guarding against Fraud

Licenceholders must identify persons that have purported authority to act on behalf of a customer. For example, account signatories and those to whom powers of attorney have been granted, see 4.7.1 for the approach to be taken when there are numerous signatories. They must verify the authority of such persons to act and, where necessary, take reasonable measures to verify the person's identity.

Licenceholders must obtain the power of attorney (or other authority) that provides the individuals representing the applicant for business with the right to act on his/her behalf. Licenceholders must undertake identification and verification procedures for any individuals acting on behalf of the applicant for business in the normal way, unless it is possible to benefit from the concession described in Section 4.9.

Licenceholders must understand the nature of the relationship between any such individuals and the applicant for business.

4.2.2 Photocopying and certifying UK passports

Previously, photocopies of UK passports had to be in black and white only so that they could not be mistaken for actual passport pages. This is no longer required and licenceholders may accept either colour or black and white copies of UK passports when verifying the identity of individuals.

As defined in the paragraphs 2 and 7 of the Code, a "one-off transaction" means any transaction other than a transaction carried on in the course of an established business relationship between a licenceholder and a customer.

An "exempted one-off transaction" means a one-off transaction (whether a single transaction or a series of linked transactions) where the amount of the transaction or the aggregate of a series of linked transactions is less than:

(a) Euros 3,000 (or the equivalent thereof) in the case of a transaction or series of linked transactions entered into in the course of bookmaking or casino businesses; or

(b) Euros 15,000 (or the equivalent thereof) in any other case.

In the opinion of the Commission, the establishment of a mortgage does not constitute a one-off transaction.

Licenceholders must be vigilant at all times that the total of a series of linked transactions does not exceed the exempted limit of Euros 15,000, where business is being accepted under the exempted one-off transactions provisions. Where the limit of Euros 15,000 is exceeded, full CDD procedures must be applied immediately.

The Commission recognises the difficulty in defining a time scale that linked transactions may fall within, and has no objection to the previous UK standard of 3 months being adopted as the minimum acceptable standard.

However, licenceholders would be wise to adopt a flexible attitude on this issue and not apply this approach too rigidly, as an inflexible approach on linked transactions will give money launderers and those who wish to evade the CDD requirements the opportunity to structure transactions accordingly.

4.4.1 Natural Persons

The following requirements are relevant to situations where an individual is the applicant for business or where the applicant for business is a group of individuals. They also apply to situations where an individual is:

(a) an underlying principal of an applicant for business;

(b) acting on behalf of an applicant for business; or

(c) is a third party on whose behalf an applicant for business is acting.

Licenceholders should treat applicants for business who are sole traders or partnerships in the same way as personal applicants. In this case, the identity of each person who is a signatory must be established and verified.

Identification Information

Identification information that must be collected in respect of personal customers and other natural persons who need to be identified is comprised of the following:

(a) Legal name, any former names (e.g. maiden name) and any other names used.

(b) Permanent residential address including postcode if applicable.

(c) Date and place of birth.

(d) Nationality.

(e) Gender. Other than in the lowest risk cases, or to guard against the financial exclusion of Isle of Man residents, the standard requirement is also to obtain an official personal identification number or other unique identifier contained in an un-expired official document.

Other information that may be collected taking a risk-based approach

(a) Occupation and name of employer/source of income.

(b) Details of any public or high profile positions held.

4.4.2 Verifying the identity of direct personal customers

Licenceholders must:

(a) verify the identity of the individual;

(b) verify the residential address (including postcode if applicable) of the individual;

(c) verify the authority of any individuals purporting to act on behalf of an applicant for business and take reasonable measures to verify their identity.

Identity and address should each be verified. Methods of verifying identity and residential address include:

Identity (comprising name, [national identification number], nationality, date of birth and place of birth)

(a) Current valid passport bearing the photograph of the applicant.

(b) Current national identity card bearing the photograph of the applicant.

(c) Armed Forces ID card bearing the photograph of the applicant.

(d) Current valid provisional or full driving licence incorporating photographic evidence of identity.

(e) Known employer ID card bearing a photograph of the applicant (lower risk relationships and transactions only).

(f) Birth certificate (infants and minors only).

(g) Independent data sources, including electronic sources (face-to-face and lower risk relationships and transactions only).

Licenceholders should exercise caution regarding International Drivers' Permits/ International Drivers' Licences. These can be obtained from unauthorised and unscrupulous operators on the Internet who do not conduct any identification checks on the applicant for the Permit/Licence, and are marketed, for example, as a means of falsifying identity, avoiding driving fines and bans, and avoiding taking a driving test.

International Drivers' Permits can be genuine documents, but only when issued by competent national authorities to the holder of a valid domestic driving permit (i.e. national full driving licence) issued for use in the country of residence. The Permit effectively converts a national licence for international use in other countries where the national licence is not recognised. An International Driver's Permit is not a stand-alone document.

Residential address

(a) A recent account statement (i.e. no more than 3 months old) from a recognised bank, building society or credit card company or the most recent mortgage statement from a recognised lender.

(b) Photographic driving licence or national identity card containing current residential address if the document has not been used to verify identity.

(c) A recent rates, council tax or utility bill (recent in respect of utility bills is considered to be for the last quarter i.e. no more than 3 months old). Mobile telephone bills are not acceptable as evidence of address under any circumstances.

(d) Correspondence from an official independent source such as a central or local government department or agency.

(e) Independent data sources, including electronic sources.

(f) A record of a personal visit by a member of the licenceholder's staff to the applicant's residential address.

(g) Lawyer's confirmation of property purchase, or legal document recognising title to property.

(h) Tenancy agreement (lower risk relationships and transactions only).

(i) Checking a telephone directory (face-to-face low risk relationships only).

A non-residential address for a natural person is not acceptable under any circumstances. A "care of" address is also generally unacceptable other than on fully explained, clearly documented and time-limited basis. Such situations should be closely monitored by the licenceholder.

4.4.2.1 Independent electronic data sources

Independent electronic data sources can provide a wide range of confirmatory material without involving a customer, and are becoming increasingly accessible. However, where a licenceholder is seeking to verify identity (in a face-to-face or lower risk situation) or address using an independent electronic data source, an understanding of the depth, breadth and quality of the data accessed will be important.

Licenceholders should also guard against the greater risk of identity fraud when photographic evidence of identity cannot be obtained and matched against the customer in a face-to-face environment. In such circumstances, licenceholders must consider whether one or more of the identity fraud checks set out in Section 4.5 should be applied.

Where a licenceholder intends to use electronic data sources conducted by commercial agencies, it should ensure that the agency is registered with a data protection agency in the European Economic Area. Licenceholders should also satisfy themselves that the agency:

(a) uses a range of positive information sources that can be called upon to link a customer to both current and historical data;

(b) accesses negative information sources such as databases relating to fraud and deceased persons;

(c) accesses a wide range of alert data sources; and

(d) has transparent processes that enable a licenceholder to know what checks have been carried out, and what the results of these checks are.

Licenceholders should also ensure that:

(a) the source, scope and quality of the data are satisfactory. At least two matches of each component of an individual's identity or address must be obtained; and,

(b) processes allow the business to capture and store the information used to verify identity and/or address.

4.4.2.2 Recording the evidence

Whichever method of the above is followed, in all cases either an original document or a certified copy of the relevant document or documents should be retained on file to evidence that verification has been undertaken.

Licenceholders must be able to produce evidence of the verification procedures followed, and the documentary evidence arising from such procedures.

4.4.3 Persons without standard identification documentation

Certain customers may be considered as less than standard risk, such as the elderly, the disabled, students and minors, and they may not be able to produce the usual types of evidence of identity, i.e. a driving licence or passport. In the main, such customers are local residents. In the case of the elderly and the disabled, the business relationship may be limited to the receipt of social security benefits; in the case of minors, the business relationship may be limited to periodic savings deposits linked to events such as birthdays or Christmas. Such business relationships would appear to represent a less than standard risk of money laundering activity.

To ensure that such customers are not unfairly prevented from accessing the financial services system in these circumstances, the Commission recommends that licenceholders adopt a flexible, common sense approach to the CDD process. Such customers are generally able to provide an original or certified copy of documents other than a passport or driving licence, preferably featuring a photograph, which cumulatively give licenceholders comfort regarding the identity of the customer.

The Commission recommends that licenceholders adopt a similarly flexible approach for such customers with regard to verification of name and address. Such customers are normally able to provide a number of alternative documents indicating their address which cumulatively give licenceholders comfort regarding the name and address of the customer.

However, the Commission would only expect such procedures to be applied in the limited circumstances described above, and that in each case there should be a review and sign-off procedure undertaken by a member of staff of suitable seniority within the licenceholder.

Although such customers are likely to represent less than standard risk, licenceholders should be mindful of, and vigilant for, any change in account activity which may alter the risk profile of the relationship. Such relationships must therefore be monitored adequately. The measures taken and the circumstances of each case must be recorded on an individual basis and records maintained in accordance with the Handbook.

In the absence of documentary evidence of identity or address, alternative ways of satisfying the requirements could include obtaining:

(a) A letter from the head of the household at which the individual resides confirming that the applicant lives at that address, setting out the relationship between the applicant and the head of household, together with evidence that the head of household resides at the address.

(b) A letter from a known nursing home or residential home for the elderly confirming residence of the applicant.

(c) A letter from a director or manager of a known Isle of Man employer that confirms residence at a stated Isle of Man address, and indicates the expected duration of employment. In the case of a seasonal worker, the worker's residential address in his/her country of origin should also be obtained and, if possible, also verified.

(d) In the case of a student, a letter from a principal of a known university or college that confirms residence at a stated address. The student's residential address in the Isle of Man should also be obtained.

4.4.4 Guarding against the exclusion of overseas residents

On occasions, an individual resident abroad may be unable to provide evidence of residential address using the sources set out in Section 4.4.2 of the Handbook. Examples of such individuals include residents of countries without postal deliveries and virtually no street addresses, who rely upon post office boxes or employers for delivery of mail. In such circumstances, the Commission recommends licenceholders adopt a flexible approach. The usefulness of documents such as utility bills as evidence of name and address may be of limited value. Licenceholders should seek verification through other means which cumulatively give comfort of the name and address of the applicant. The types of alternative methods used to verify name and address and the extent of measures taken must be determined taking into account the risk assessment required by Rule 9.4 of the Rule Book, in particular, any factors indicating that the relationship may pose a higher than standard risk. In each case there must be a review and signoff procedure undertaken by a member of staff of suitable seniority within the licenceholder.

Identification procedures should provide for alternative means of verifying an individual's residential address where an individual has a valid reason for being unable to produce more usual documentation and who would otherwise be excluded from accessing financial services and products in the Isle of Man. Alternative ways of verifying address may include obtaining:

(a) A suitably certified copy of a national identity card that includes residential address.

(b) A letter from a director or manager of a verified known overseas employer that confirms residence at a stated overseas address (or provides detailed directions to locate a place of residence).

There may also be circumstances where a customer's address is temporary accommodation and where normal address verification documents are not available. For example, an expatriate on a short term contract in the Middle East. Licenceholders should adopt flexible procedures to obtain verification by other means, e.g. copy of contract of employment, or banker's or employer's written confirmation.

Licenceholders must apply equally effective customer identification procedures for non-face-to-face relationship as for those available for interview. Where identity is verified remotely through documentary evidence, licenceholders will generally be unable to determine that the customer it is dealing with actually relates to the documentary evidence. Consequently, there is an increased risk of identity fraud.

Rule 9.6 of the Rule Book requires licenceholders to take adequate measures to compensate for any risk associated with non-face to face relationships. To guard against this increased risk of identity fraud when a customer relationship is established remotely a licenceholder must either:

(a) Obtain copies of documents that have been certified by a suitable certifier; or

(b) If suitably certified copy documents cannot be obtained, address can be verified using electronic data sources, and at least one of the following checks must be undertaken and recorded prior to full activation of the relationship:

(c) Require payment for the product or service to be drawn from an account in the customer's name at a credit institution in an equivalent jurisdiction.

(d) Send a letter by registered post to validate the address of the customer and ensure that the account is not activated until the signed acknowledgement of receipt is returned.

(e) Make a "physical" validation, e.g. an initial telephone call by a member of staff of the financial services business to a telephone number that has been independently validated.

(f) Requisition additional documents to complement those required for face-to-face customers.

(g) Internet sign-on following verification procedures where the customer uses security codes, tokens and/or other passwords which have been provided by mail (or secure delivery) to the named person at an independently verified address.

4.5.1 Suitable certifiers and the certification procedure Use of an independent suitable certifier guards against the risk that documentation provided does not correspond to the customer whose identity is being verified. However, for certification to be effective, the certifier will need to have seen the original documentation and have met the individual face-to-face.

Suitable persons to certify evidence of identity include: (a) a member of the judiciary, a senior civil servant, or a serving police or customs officer;

(a) an officer of an embassy, consulate or high commission of the country of issue of documentary evidence of identity;

(c) a lawyer or notary public who is a member of a recognised professional body;

(d) an actuary who is a member of a recognised professional body;

(e) an accountant who is a member of a recognised professional body;

(f) a company secretary who is a member of a recognised professional body;

(g) a director, company secretary or manager of a business regulated on the Isle of Man or an external regulated business as defined in the Code.

The certifier must sign and date the copy document (printing his/her name clearly in capitals underneath) and clearly indicate his/her position or capacity on it and provide his contact details. The certifier must state that it is a true copy of the original, that the photograph is a true likeness of the individual concerned.

The certifier may complete a covering letter or document, which is then attached to the copy identification document(s) i.e. the certification is not written on the copy identification document itself as long as the covering letter or document contains the information specified in the paragraph above, and it is clear in the letter itself that it refers to the attached document beyond any doubt.

In order to comply with Rule 9.6(4) of the Rule Book licenceholders must satisfy themselves as to the suitability of a certifier based on the assessed risk of the business relationship and the reliance to be placed on the certified documents. In determining the certifier's suitability, a licenceholder may consider factors such as the stature and track record of the certifier, previous experience of accepting certifications from certifiers in that profession or jurisdiction, the adequacy of the AML/CFT framework in place in the jurisdiction in which the certifier is located and the extent to which the AML/CFT framework applies to the certifier.

Licenceholders must exercise caution when considering certified copy documents, especially where such documents originate from a country perceived to represent a high risk, or from unregulated entities in any jurisdiction.

In any circumstances where a licenceholder is unsure of the authenticity of certified documents, or that the documents do relate to the customer, one or more of the checks contained in Section 4.5 must be undertaken and recorded.

In respect of intra-group business, staff of the introducing group company must have sight of original documents and take photocopies for forwarding to the Isle of Man licenceholder. Directors, the company secretary and managers of the introducing group company who are known to the licenceholder can certify such documents, following the above certification procedure.

Rule 9.6 of the Rule Book provides for specific requirements where the applicant for business is a legal arrangement defined as an express trust or any other arrangement which has similar legal effect (such as a fiducie, treuhand or fideicomiso).

Express trusts cannot form business relationships themselves. Where a trustee of an express trust is the applicant for business or is an underlying principal of an applicant for business, or is a third party on whose behalf an applicant for business is acting, the requirements below must be followed.

4.6.1 Identification information required for a trust

(a) Name of trust.

(b) Date of establishment.

(c) Official identification number where applicable (e.g. tax identification number or registered charity number).

(d) Identification information of trustee(s) or other persons controlling or having power to direct the activities of the applicant in line with the guidance for individuals and legal persons.

(e) Mailing address(es) of trustee(s) (or other persons controlling the applicant).

(f) Identification information of any persons whose wishes the trustees may be expected to take into account.

(g) Identification information of any other parties including the protector(s) and enforcer(s).

(h) Identification information of any person(s) purporting to act on behalf of the trustee(s) in line with the guidance for individuals and legal persons.

(i) Identification information of any person by whom binding obligations may be imposed on the applicant in line with the guidance for individuals and legal persons.

(j) Identification information of settlor(s) (or other person making the arrangement) in line with the guidance for individuals and legal persons.

(k) Identification information of known beneficiaries in line with the guidance for individuals and legal persons. Known beneficiaries means those persons or that class of persons who can, from the terms of the trust instrument, be identified as having a reasonable expectation to benefit from the trust capital or income.

Other information that may be collected taking a risk-based approach

(a) Identification information of any other beneficiaries and persons who are the object of a power that the trustee has identified as presenting a higher risk in line with the guidance for individuals and legal persons.

4.6.2 Verifying the trust and placing reliance on the Trustees

A licenceholder must verify the name and date of establishment of the express trust.

A licenceholder must also verify the legal status of the applicant for business to ensure that satisfactory evidence of the appointment of the trustee, and the nature of its duties is obtained. The most direct method of satisfying this requirement is to review the appropriate parts of the trust deed.

A licenceholder must verify the identity of the following:

(a) the trustee(s) or other persons controlling or having power to direct the activities of the applicant in line with the guidance for individuals and legal persons. Identification evidence can be waived for any trustee(s) who could be treated as acceptable applicants under paragraph 5(4) of the Code;

(b) any person(s) whose wishes the trustees may be expected to take into account;

(c) any other parties including the protector(s) and enforcer(s);

(d) any person(s) purporting to act on behalf of the trustee(s) and verify that that person is authorised to do so (see 4.7.1 of the Handbook for the approach to be taken when there are numerous signatories). In order to verify that the person is authorised a licenceholder may obtain a copy (certified in accordance with Section 4.5.1) of the resolution of the board of the trustee (or other authority) that provides any individuals representing the trustee with the right to act on the trustee's behalf;

(e) any person(s) by whom binding obligations may be imposed on the applicant and verify that that person is authorised to do so;

(f) the settlor(s) (or other person making the arrangement) i.e. the initial settlors and any persons subsequently settling funds into the trust;

(g) beneficiaries at the time they come to benefit from the trust. This includes where payments are made directly to beneficiaries and when payments are made to the trustees, licenceholders must establish whether the payment is intended for a beneficiary of a trust and if so obtain verification documents; and

(h) any potential beneficiaries that the trustee has identified as presenting higher risk, including those presenting increased money laundering, terrorist financing, reputational or other risk.

A licenceholder must require the trustee to notify it of any changes to the above.

Rule 9.6 of the Rule Book provides for specific requirements where the applicant for business is a legal person which includes any body corporate or unincorporated which is capable of establishing a permanent customer relationship with a licenceholder or otherwise own property. This includes entities such as foundations, anstalts, partnerships, associations or any similar bodies.

The Commission is aware that some licenceholders may consider an application from a company formed and administered by regulated Corporate Service Providers ("CSPs") as direct corporate business where the CSP is providing directors, a secretary and other management services. Nevertheless, despite the corporate entity being a separate legal person in its own right, licenceholders must "lift the corporate veil" and know the identity of the underlying customer, i.e. the beneficial owner.

For corporations and partnerships the principal requirement is to look behind the institution to identify those who have control over the business and the company's/partnership's assets, including those who have ultimate control and ultimate principal ownership. For corporations, particular attention must be paid to principal shareholders, signatories, or others who inject a significant proportion of the capital or financial support, or otherwise exercise control. Rule 9.6 of the Rule Book does not provide a concession for companies administered by CSPs. Licenceholders must still obtain CDD information and documentation for the directors and signatories of companies administered by CSPs.

Where the owner is another corporate entity or trust, the objective is to undertake reasonable measures to look behind that company or entity and to verify the identity of the principals. What constitutes control for this purpose will depend on the nature of the institution, and may rest in those who are mandated to manage funds, accounts or investments without requiring further authorisation, and who would be in a position to override internal procedures and control mechanisms.

Where a company is listed on a recognised stock exchange or is a subsidiary of such a company, then only the company itself may be considered as the principal whose identity needs to be verified. However consideration must be given to whether there is effective control of a listed company by an individual, small group of individuals or another corporate entity or trust. If this is the case, then those controllers must also be considered to be principals and verified accordingly.

Where the business relationship with the applicant company does not proceed, all relevant documentation should be retained for at least 5 years as required by the Code. Where a suspicion of money laundering or terrorist financing has arisen a report must be made to the FCU. Licenceholders must also take reasonable steps to verify the identity, reputation and relationship of any person purporting to act on behalf of a corporate customer if that agent is not an officer of the corporate entity.

Licenceholders must conduct periodic checks to ensure the corporate information held is correct and up to date, such as conducting company searches, or seeking copies of resolutions appointing directors or noting the resignation of directors. The frequency of such checks for particular business relationships will be determined from the risk assessment as required in Rule 9.4 of the Rule Book.

4.7.1 Identification information required for Legal Persons

(a) Name of entity.

(b) Any trading names.

(c) Date and country of incorporation/registration.

(d) Official identification number.

(e) Whether listed and where.

(f) Registered office address.

(g) Principal place of business/operations (if different from registered office).

(h) Mailing address (if different from registered office).

(i) Name of regulator (if applicable).

(j) Identification information on the underlying principals i.e. persons exercising control over the management of the legal person and any person(s) having power to direct the activities of the legal person. This will include directors or persons in equivalent role and account signatories.

(k) Identification information of any person(s) purporting to act on behalf of the legal person or by whom binding obligations may be imposed on the legal person, in line with the guidance for individuals. This will include persons holding powers of attorney.

(l) Obtain identification information on the beneficial owners i.e. any individual who ultimately owns or controls the customer, or on whose behalf a transaction or activity is being conducted. For legal persons not listed on a recognised stock exchange, this includes (but is not restricted to) any individual who ultimately owns of controls (whether directly or indirectly) more than 25% of the shares of voting rights in the legal person. For all legal persons this includes any individual who otherwise exercises control over the management of the legal person e.g. persons with less than 25% of the shares or voting rights but who nevertheless hold a controlling interest.

Provided there is no suspicion of money laundering or terrorist financing, where there are numerous directors and/or signatories, licenceholders may determine those individuals to be identified using a risk based approach. Except in the case of a CSP carrying out regulated activities, licenceholders should identify the signatories and, where different, directors of the applicant company as follows:

(a) For standard risk business, at least two of the signatories and, where different, two directors.

(b) For business deemed to be of higher risk, all the directors and signatories.

4.7.2 Verifying the identity of the legal person

Licenceholders must verify the following:

(a) Name;

(b) Official identification number;

(c) Date and country of incorporation;

(d) Registered office address of the legal person; and

(e) Address of the principal place of business where this is different to the registered office.

Acceptable means of verifying identity include:

(a) Obtaining the Certificate of Incorporation or equivalent e.g. a certified copy of the partnership agreement (where it is impractical or impossible to obtain sight of the original, licenceholders may accept a copy certified in accordance with Section 4.5.1);

(b) Reviewing a copy of the latest report and accounts if available (audited, where possible);

(c) Conducting and recording an enquiry by a business information service, or an undertaking from a reputable and known firm of lawyers or accountants confirming the documents submitted;

(d) Undertaking a company registry search, including confirmation that the institution has not been, or is not in the process of being dissolved, struck off, wound up or terminated;

(e) Utilising independent electronic data sources;

(f) Personal visit to the principal place of business. Whichever method(s) is/are used, all of the required information must be verified.

4.7.3 Verifying the identity of associated persons

Where a company is not quoted on a regulated exchange the following underlying principals and beneficial owners must have their identity verified:

(a) Any person who ultimately owns or controls (whether directly or indirectly) more than 25% of the shares of voting rights in the legal person.

(b) Any person who exercises control over the management of the legal person this includes persons with less than 25% of the shares or voting rights but who nevertheless hold a controlling interest;

(c) Any person(s) having power to direct the activities of the legal person. This includes directors or persons in equivalent roles and account signatories. (where there are numerous directors and / or signatories, the guidance on determining who should be identified and their identity verified at 4.7.1 may be followed); and

(d) any person(s) purporting to act on behalf of the legal person or by whom binding obligations may be imposed on the legal person.

In the case of a CSP carrying out regulated activities, the above includes any person who is to act as a director or secretary of a client company (unless such services are to be provided by the CSP licenceholder.)

In the case of associations, clubs, societies, charities, church bodies, institutes, mutual and friendly societies, co-operative and provident societies, those with ultimate control will often include members of the governing body or committee plus executives. In the case of central and local government departments and agencies, this will include persons exercising control or significant influence over the department or agency.

Licenceholders must obtain an appropriately certified copy of the board resolution or power of attorney (or other authority) that provides the individuals representing the corporate customer with the right to act on the institution's behalf.

4.7.3.1 Bearer Shares

Licenceholders must take particular care to record the details of bearer shares received or delivered other than through a recognised clearing or safe custody system, including the source and destination.

To reduce the opportunity for bearer shares to be used to obscure information on beneficial ownership, the Commission expects all licenceholders to immobilise bearer shares and take them into safe custody. A third party who meets the criteria to be a person in paragraph 5(5) of the Code, and who gives the licenceholder an undertaking that he will not release the bearer shares or allow their transfer of ownership without the prior knowledge of the licenceholder can hold the shares on behalf of the licenceholder.

Should a prospective or existing customer refuse to allow the immobilisation of the bearer shares, the licenceholder must not proceed any further with the business relationship, and must consider making a suspicious transaction report to the FCU.

Where the product or service is an employee benefit scheme or arrangement, an employee share option plan or a pension scheme or arrangement then the sponsoring employer, the trustee and any other person who has control over the business relationship, for example the administrator or the scheme manager, is the principal to be identified and verified in accordance with the requirements of this chapter.

Under paragraphs 5(4) and 5(5) of the Code where a licenceholder has reasonable grounds for believing that an applicant for business is:

(a) A person regulated by the Commission or the IPA; or

(b) An Isle of Man advocate, legal professional or qualified accountant; or

(c) A person who acts in the course of external regulated business and is based or incorporated in or formed under the law of a country that is included in Schedule 2 of the Code;

there is no requirement to verify the identity of the applicant for business or its management when they are acting in the capacity of the applicant for business. Such applicants are referred to as Acceptable Applicants. Where an applicant for business is a nominee company of an acceptable applicant, the licenceholder needs to ensure that the nominee company falls within the definition of paragraph 5(5) of the Code before treating the nominee company as an acceptable applicant in its own capacity.

The licenceholder must know the identity of the applicant for business i.e. licenceholders must obtain identification information as described at 4.4.1 in respect of individuals, 4.6.1 in respect of trusts and 4.7.1 in respect of legal persons. Licenceholders must also know the nature and intended purpose of the relationship. Licenceholders must obtain and retain documentation establishing that the applicant is entitled to benefit from the concession. An Acceptable Applicant's Certificate may be used for this purpose. A template is provided at Appendix D. Under paragraphs 5(6) and 5(7) of the Code the Acceptable Applicants concession does not apply in the following circumstances:

(a) where a licenceholder has reason to believe that a country, albeit one listed in Schedule 2 of the Code, does not apply, or insufficiently applies the FATF Recommendations to the applicant's business;

(b) whenever there is a suspicion of money laundering or terrorist financing; or

(c) where a licenceholder becomes aware of anything which causes them to doubt the identity or bona fides of the applicant for business or beneficial owner.

The Commission is aware that for administrative purposes, life companies sometimes use policy identifiers when investing funds to back the life company's policyholder liabilities. For the avoidance of doubt, where the life company is the legal and beneficial owner of the funds and the policy holder has not been led to believe that they have rights over the account or investment, the life company is the applicant for business.

For products or services where the money laundering and terrorist financing risk has been assessed to be at its lowest e.g. for savings accounts, a concession is available. Where:

(a) All initial and future payments are made from a financial services product or account in the name of the customer that is held with another local regulated financial services business or regulated financial services business in an equivalent jurisdiction; and

(b) No initial or future payments may be made by or received from third parties; and

(c) The funds can only be repaid to the customer; and

(d) Cash payments are not permitted with the exception of face-to-face withdrawals by the customer where evidence of identity is required to be produced before the withdrawal can be made; and

(e) There is no suspicion of money laundering or terrorist financing,

a licenceholder may take the view that satisfactory verification has been achieved without the need for additional evidence of identity or address. However, the concession will be in respect of this product or service only.

Where this limited means of verification is used, a record must be maintained indicating the basis for the risk assessment together with details of the financial services product or account from which the payment is drawn. Care must be taken when relying on payments to be made by direct debit or debit card to ensure that the account against which the funds are drawn is verified as being in the name of the applicant for business e.g. by sight of a bank statement.

Confirmation that a bank account is held in a customer's name may be obtained in a number of ways, including:

(a) Requiring sight of a bank statement for the relevant bank account; or

(b) Requiring sight of a blank cancelled cheque or paying-in slip for the relevant bank account, which has the customer's account number and name printed on it; or

(c) Retaining a copy of the remittance advice for the transfer of incoming funds from the remitting bank, which contains the customer's name and originating account number.

Where a licenceholder receives a banker's draft or building society cheque which does not have the customer's name and account number printed on it, other supporting documentation must be obtained from the bank or building society. The customer's consent may be required for such additional documentation to be provided.

A later application from the customer for a higher risk product or service will require additional verification of identity, date and place of birth, address and nationality at that time.

If reliance is being placed on intermediaries and introducers to undertake the processing of the application, the procedures set out in Sections 4.11 and 4.12 must be followed.

Paragraph 8 of the Code allows licenceholders to place reliance on an introducer to obtain CDD information and verification required by Sections 4.4 to 4.7. These circumstances are known as "eligibly introduced" relationships.

Under paragraph 8(7) of the Code, the ultimate responsibility for ensuring that CDD procedures requirements are met, remains with the licenceholder.

This concession does not apply to outsourcing or agency relationships i.e. where the agent is acting under a contractual arrangement with the financial institution to carry out its CDD functions.

4.11.1 Eligibility status for Eligible Introducers

An Eligible Introducer is one of the following:

(a) a person licensed to carry out banking business within the meaning of the Banking Act 1998.

(b) a person licensed to carry out investment business within the meaning of the Investment Business Act 1991.

(c) a building society within the meaning of Section 7 of the Industrial and Building Societies Act 1892 which is authorised under Section 2 of the Building Societies Act 1986.

(d) a UK building society to which Section 2 of the Building Societies Act 1986 applies by virtue of Section 4A of that Act and which is authorised under Section 2 of that Act

(e) a fiduciary licensed under the Corporate Service Providers Act 2000.

(f) a person authorised to carry out insurance business within the meaning of the Insurance Act 1986.

(g) the trustee of a retirement benefits scheme that is authorised under the Retirement Benefits Schemes Act 2000.

(h) a retirement benefit schemes administrator who is registered under the Retirement Benefits Schemes Act 2000.

(i) an advocate, a registered legal practitioner within the meaning of the Legal Practitioners Registration Act 1986 or an accountant, where the licenceholder is satisfied that the rules of the introducer's professional body embody requirements equivalent to the Code.

(j) a person who acts in the course of an external regulated business and is based or incorporated in or formed under the law of a country that is included in the list at Schedule 2 of the Code.

Licenceholders must obtain satisfactory evidence to identify the status and eligibility of introducers. Such evidence may comprise corroboration from the introducer's regulatory authority, or evidence from the introducer itself of such regulation.

If licenceholders are aware of any cases where introducers have incorrectly been treated as eligible, they must take steps to obtain suitable CDD information and verification documents in accordance with the Handbook.

4.11.2 Conditions when the Eligible Introducer concession applies

Paragraph 8 of the Code does not introduce an exemption from a licenceholder's obligations but is merely an administrative measure that reduces or eliminates duplication of effort and documentation subject to the following conditions:

(1) The licenceholder has obtained all the CDD information on the applicant for business and the beneficial owner at the outset. This information may be obtained from the Eligible Introducer. (

2) The licenceholder knows the nature and intended purposes of the relationship at the outset.

(3) The licenceholder knows the source of funds and where required the source of wealth at the outset. This information may be obtained from the Eligible Introducer.

(4) The licenceholder has satisfied itself that the Eligible Introducer is regulated and supervised for, and has measures in place to comply with CDD requirements in line with the Handbook.

(5) The licenceholder has assessed the CDD procedures of the Eligible Introducer as being satisfactory as per paragraph 8(7) of the Code. Adequate steps to determine whether CDD procedures are satisfactory may include:

- A review of the Eligible Introducer's AML/CFT policies and procedure;

- Enquiries concerning the Eligible Introducer's stature and regulatory track record and the extent to which any group standards are applied and audited;

- Independent review of the Eligible Introducer's procedures by external auditors or other experts.

(6) Under paragraph 8(8) of the Code licenceholders must test procedures to ensure CDD information and documentation is produced upon demand and without undue delay. Testing must be conducted on a random and periodic basis.

(7) Written terms of business are in place between the Eligible Introducer and the licenceholder which comply with paragraphs 8(6) and 8(8) of the Code and Rule 9.10 of the Rule Book requiring the Eligible Introducer to:

(a) Verify the identity of all applicants for business and beneficial owners;

(b) Establish and maintain a record of CDD information and verification documents for at least 5 years as per paragraph 11(1) of the Code;

(d) Establish and maintain records of all transactions between the -

(i) Eligible Introducer and the applicant for business;

(ii) licenceholder and the Eligible Introducer; and

(iii) licenceholder and the applicant for business if the Eligible Introducer has received copies of records relating to those transactions, If the records are concerned with or arise out of the introduction (whether directly or indirectly) for at least 5 years as per paragraph 11(1) of the Code;

(e) Enable the licenceholder rights to test the Eligible Introducer's compliance with the CDD requirements;

(f) Supply upon request verification documents for applicants for business or beneficial owners. This must not require the consent of the customer or a third party such as a court;

(g) Inform the licenceholder of each case where he is not required or has been unable to verify the identity of the beneficial owner or applicant for business; and,

(h) Notify the licenceholder if he is no longer able to comply with any aspect of the terms of business, including the requirement to supply relevant CDD documentation on request (because of a change in the law or contract terms with a customer, or if the Eligible Introducer has ceased to do business with the customer or has ceased trading, or for any other reason) and provide the licenceholder with the records or copies of the records.

4.11.3 Use of Terms of Business or Eligible Introducer's Certificate ("EIC")

Licenceholders can either put written terms of business in place with an Eligible Introducer without EICs having to be produced for each client or block of clients; or licenceholders can use EICs for each client or block of clients. Whichever format is used it must comply with the requirements of the Code and the Rule Book.

A template for an EIC which complies with the requirement in the Code for a written terms of business is contained in Appendix E. The EIC at Appendix E is intended as an example / template for licenceholders to use all, or part, as they see appropriate and to tailor to their individual needs, design, corporate style, identity etc.

The proforma EIC is divided into 6 sections. Section 1 must be completed for all business introduced using an EIC. Licenceholders may tailor Section 1 to their own corporate style with the use of logos etc, though the text of Section 1 must not be altered as this satisfies the Code requirement for written terms of business to be in place between the licenceholder and the Eligible Introducer. Sections 2, 3, 4 and 5 have been designed as a central point for identification and relationship information.

The Commission recognises that some businesses may have designed and created their own forms to obtain the relevant information. Provided all the relevant information is collected these forms will be just as acceptable to use as the example in Appendix E.

Where a "block" of business is being introduced, Section 1 of the EIC, accompanied by a schedule listing all the clients' details or relevant copies of Section 2, 3 and 4 for each client may be accepted.

Where a relationship presents higher money laundering or terrorist financing risk, licenceholders must consider whether it is appropriate to rely solely upon the EIC or terms of business provided by the Eligible Introducer containing the necessary information.

4.11.4 The conditions when the Eligible Introducer concession does not apply

Under paragraphs 8(5) and 8(9) of the Code the Eligible Introducer's concession must not be applied where:

(a) The licenceholder has reason to believe that a country, albeit one listed in Schedule 2 of the Code, does not apply, or insufficiently applies the FATF Recommendations to the business of the Eligible Introducer. This would include where the licenceholder has reason to believe that the Eligible Introducer's supervisor does not have adequate powers to monitor and ensure compliance by the Eligible Introducers with AML/CFT requirements.

(b) The licenceholder knows or suspects that the Eligible Introducer, the customer or any third party on whose behalf the customer is acting is engaged in money laundering or terrorist financing.

(c) The licenceholder has any reason to doubt the identity of the applicant for business, the Eligible Introducer or the beneficial owner.

(d) The licenceholder has any reason to doubt the bona fides of the applicant for business, the Eligible Introducer or the beneficial owner.

(d) The licenceholder is not satisfied that CDD information or documentation will be made available upon request and without delay.

4.11.5 Introductions from non-Eligible Introducers Where applicants for business are introduced to licenceholders via non-Eligible Introducers, licenceholders must identify and verify the identity of the applicant themselves.

Licenceholders may request non-Eligible Introducers to obtain information or documentation from the applicant and pass it to the licenceholder at the outset. However, a licenceholder cannot rely on any form of undertaking or certificate from a non-Eligible Introducer concerning identification or verification of the applicant for business.

Financial services businesses frequently hold funds or assets on behalf of their customers with licenceholders. For the purpose of the Handbook such financial services businesses are referred to as intermediaries. Examples of intermediaries include:

(a) Fund managers.

(b) Private client stockbrokers.

(c) Investment management firms.

(d) Overseas banks (typically Swiss banks) that place deposits on a fiduciary basis with Isle of Man banks1.

(e) Open ended or closed-ended investment companies, trustees of unit trust and general partners of limited partnerships that wish to establish banking facilities or appoint investment managers for a collective investment fund.

(f) Trustees of occupational pension schemes, retirement benefit schemes, or share option plans.

(g) Advocates, registered legal practitioners and accountants operating pooled bank accounts.

Where an intermediary acting on behalf of underlying customers falls under the definition of an Acceptable Applicant, the licenceholder can regard the intermediary as its customer. The CDD obligations regarding the persons for whom the intermediary is acting rests with the intermediary.

A licenceholder must however satisfy itself that:

(a) the intermediary qualifies as an Acceptable Applicant under paragraph 5(5) of the Code;

(b) the intermediary maintains AML/CFT procedures at least in line with the Code and the Rule Book; and,

(c) confirmation is obtained from the intermediary that all the necessary CDD checks have been conducted by them on the underlying client base.

A licenceholder must not rely on the concession where it has knowledge or suspicion that the intermediary, or any third party on whose behalf the intermediary is acting, is engaged in money laundering or terrorist financing.

A licenceholder must request the following information from the intermediary in respect of the proposed relationship

(a) The general nature of the intermediary's underlying customer base for the proposed relationship, such as:

- whether institutional or private client;

- the geographical location of the customer base;

- the nature of the services that the intermediary provides to its customers; and

- whether relationships are conducted face-to-face.

(b) The intermediary's risk assessment of its customer base including whether it has any relationships with PEPs or shell banks.

Where an intermediary relationship involving a pooled account includes the funds of higher risk customers, a licenceholder must establish that the intermediary has systems in place requiring:

(a) that such accounts must not be used for higher risk customers and that designated accounts must be established for such customers; and

(b) that CDD information and documentation is provided at the outset to the licenceholder for all higher risk customers.

Relationships involving intermediaries must not be abused and licenceholders must satisfy themselves that the primary motive for the use of these facilities is not for the circumvention of CDD procedures.

Licenceholders must complete identification and verification procedures before a business relationship is entered into.

Exceptionally, where there is little risk of money laundering or terrorist financing occurring, the Code allows that it may be carried out as soon as reasonably practicable if it is essential not to interrupt the normal conduct of business (e.g. securities transactions where companies and intermediaries may be required to perform transactions very rapidly, according to the market conditions at the time the customer is contacting them, and the performance of the transaction may be required before verification of identity is completed).

If licenceholders do not complete the identification and verification process at outset then the following controls must be followed:

(a) senior management must authorise the establishment of any relationships benefiting from this concession and monitor those relationships to ensure that verification of identity is carried out as soon as reasonably practicable; and

(b) money laundering and terrorist financing risks must be effectively managed (for example there must be no payment from the account or return of proceeds on disposal of property); and

(c) procedures must be in place for managing relationships where funds or assets have been received from customers for whom verification of identity cannot be completed. Such procedures must include a set of measures such as a limitation of the number, types and/or amount of transactions that can be performed and the monitoring of large or complex transactions being carried out outside of expected norms for that type of relationship.

Licenceholders must satisfy themselves that the primary motive for the use of this concession is not for the circumvention of CDD procedures.

4.13.1 Failure to complete verification of identity

Verification of identity, once begun, should be pursued through to conclusion within a reasonable timeframe. If a prospective customer does not pursue an application, or verification cannot be concluded within a reasonable timeframe and without adequate explanation, paragraph 6(5) of the Code requires that the business relationship and transactions shall not proceed any further. Furthermore, a licenceholder must assess whether the circumstances are in themselves suspicious. In such circumstances licenceholders must consider making a disclosure to the FCU based on the information in their possession and, if a disclosure is made, must obtain FCU consent before any funds are moved out of the account.