ECSH63415 - Regulation 24 - Training
Category Heading |
Description |
---|---|
The Law |
https://www.legislation.gov.uk/uksi/2017/692/regulation/24 |
What it means |
A relevant person/business must take appropriate measures to ensure
relevant employees are trained and made aware of ML and TF
A written record of the training provided must be maintained. |
Purpose |
To enable the business and its employees to demonstrate their awareness
of the risks of ML and TF, and their knowledge of the business's
procedures. |
Time Line |
This was also a requirement under MLR2007 (regulation 21). |
What to establish |
Failure to take appropriate measures to ensure relevant employees are
trained and made aware of ML & TF and to maintain training records in
writing is a breach of this regulation 24(1)(a) The business must have an appropriate training regime for its employees. (i) that gives an awareness of the law relating to ML and TF. (ii) enables them to recognise and deal with transactions, activities and situations which may be related to ML or TF. 24(1)(b) There must be a written record maintained by the business of training given to its employees. 24(2)(b) details a relevant employee for the purposes above is an employee in which their role is involved in the business's compliance with the MLRs or if they are capable to identify or mitigate(or prevent/detect)the risks of money laundering or terrorist financing specific to the business. 24(3)(a) The training must be relevant to the business and the risks it faces of ML and TF. |
How to test
compliance and evidence to obtain |
Consider whether there have been breaches of other regulations e.g.
poor quality RA or CDD shortcomings. This could indicate that training is
either not carried out or is insufficient. Ask the business to explain how
breaches occurred if training has been provided. View training material used - Maybe online Is the training "one size fits all" or tailored to specific roles? Establish how often training given/refreshed. Is there a training log showing who has completed training and when? Do staff sign anything to confirm their understanding of their obligations? Is there a planned training schedule? How are new members of staff treated? Is there a minimum level of training before they are operational? If training given by external body/third party obtain information of how and when. View certificates and/or online record Talk to members of staff who actually deal with customers e.g. sales staff or members of compliance team. Ask them what they know about ML/TF. View training logs and personnel files as appropriate. |
Scenario |
A cheque casher holds regular training sessions with its staff, but it hasn’t
kept a record of the dates and topics discussed. You interview a member
of staff and they explain how they would recognise a suspicious
transaction and how they would handle it. Whilst the measures appear to
be effective, the business hasn’t kept a record of training given to staff, a
breach of 24(1)(b). |
Best Practice |
Larger and more complex businesses must screen relevant employees
before they take up post. Understand the different roles and responsibilities of staff. |
AMP |
See HVD below. |
ASP |
Training needs to be given to all relevant staff and a written record must
be kept . You may find that some training is given but a written record is
not kept, which would be a breach of breach of 24(1)(b), as opposed to a
breach under 24(1)(a). If the ASP is a sole proprietor with no employees, that is to say, no-one else involved in completing the ASP activities then they do not need to have their own training record in writing, although we do sugeest that they do have a written record to aid their demonstration that they are up to-date with their knowledge and can demonstrate they have a good working knowledge. |
EAB |
Training needs to be given to all relevant staff and a written record must
be kept . You often find that some training is given but a written record is
not kept - breach of 24 (1) (b). |
LAB |
We are yet to undertake interventions in this sector but training must be
given to all staff and a written record kept. |
HVD |
Ensure training is extended to all members of staff who may accept or
monitor the receipt of payments from customers; this may include
receptionists and accounts clerks, not just salespersons and officers
directly involved in the sale or purchase. Drivers may be authorised to
make/receive cash payment on delivery; but note that these may be sub
contracted or agency staff and not regular employees. Note any changes in handwriting or staff initials on paperwork and cross reference to the number/names of relevant staff provided by the business. |
MSB |
In any principal, agent relationship the principal MUST ensure all of the
agents (including the officers, managers and beneficial owners of that
agent) that it uses to conduct its business are appropriately trained in
accordance with regulation 24 - This includes ensuring all are made aware
of the laws relating to MLTF and data protection requirements (once made
aware of the relevant law the ongoing requirement here is to ensure this is
"refreshed" or "updated" if any relevant law changes) AND regular training
on recognising and dealing with suspicious activity (regular is not defined
and we cannot be prescriptive over when this must take place other than
it is not a "one off" requirement)... scrutiny should be applied to what
training is provided to ensure "appropriate measures" have been taken
and this should include how the business satisfies itself the training has
been effective. Consideration must be given to all relevant activity undertaken and the sub-sector risks posed by each to ensure any training meets the definition of "appropriate measures" being taken and is not generic. |
TCSP |
Training needs to be given to all relevant staff and a written record must
be kept . You may find that some training is given but a written record is not kept, which would be a breach of breach of 24(1)(b), as opposed to a
breach under 24(1)(a). |
Further Reading |
Chapter 8 of Part 1 of JMLSG Guidance See part 8 of the CCAB AML Guidance 2020 Chapter 7 of EAB Guidance Chapter 7 of HVD Guidance Chapter 8 of MSB Guidance Chapter 7 of TCSP Guidance |
FAQs |
If a business has identified that an employee does not fall within the
definition of a ‘relevant employee’, will they still need to undergo AML
training? No, only a person within the definition of ‘relevant employee’ (as set out under Regulation 24(2)) will need to undergo AML training. If a beneficial owner, officer or manager (defined in guidance) has not had any AML training, HMRC are likely to contact the business to clarify whether this is indeed correct. At this point the business can respond to confirm that this is correct, and they have not had any AML training as they have not been identified as a ‘relevant employee’. If the business, however, has not identified an employee who we later believe is relevant, the business will have to deal with the consequences of that, particularly if it has been done in an attempt to evade MLR obligations. |