The UK Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 were enacted on 26 June 2017.

Section 18 specifies that in identifying and assessing the risks of money laundering and terrorist financing to which its business is subject reference must be had to the following:-
(i)  its customers;
(ii) the countries or geographic areas in which it operates;
(iii) its products or services;
(iv) its transactions; and
(v) its delivery channels.

In deciding what steps are appropriate, the firm/entity must take into account the size and nature of its business.

Policies and controls and procedures to mitigate and manage effectively the risks of money laundering and terrorist financing identified in any risk assessment undertaken are to include:-
(i) regularly review and update the policies, controls and procedures
(ii) maintain a record in writing of the policies, controls and procedures
(iii) any changes to those policies, controls and procedures made the steps taken to communicate those policies, controls and procedures, or any changes to them, within the relevant person’s business.

The policies, controls and procedures adopted must be—
(i) proportionate with regard to the size and nature of the relevant person’s business, and
(ii) approved by its senior management.

The policies, controls and procedures must include—
(i) risk management practices;
(ii) internal controls
(iii) customer due diligence
(iv) reliance and record keeping
(v) the monitoring and management of compliance with, and the internal communication of, such policies, controls and procedures.