Handshake

AML for Entities

A customer that is not a private individual can come in many forms such as a public authority, limited company or a charity. All customer types come with their own unique risks. The level of due diligence, defined by your risk based approach, will need to reflect this.

The factors which make up an entity’s identity can differ depending on the type of entity, it will include the type of entity and its legal and organisational structure. In general, you will want to determine the full name of the organisation, if it is a registered company or organisation its registered number, country of incorporation and business address, details of the contact that you are dealing with and names of the beneficial owners should also be gathered.

For simplified due diligence you only need to identify the business and may except this information directly from the clients. Steps should be taken to verify the factors that make the customer fall in to the simplified due diligence catagory, such as being FCA registered.

Standard due diligence requires the gathering of further information so that you can understand the customer you are taking on. Select the relevant section on the left for information regarding the specific entity type.

All entities also need to be checked to ensure that they are not subject to financial sanctions and this extends further to any companies identified during the due diligence process as being a parent or subsidiary company. In addition, any individual who is identified as a beneficial owner or having controlling influence on an entity should be checked against financial sanctions and a list of Politically Exposed Persons.

Company Listed on a Recognised Stock Exchange

Being a listed company, and therefore enabling the use of simplified due diligence, is not limited to regulated UK markets. This refers to companies listed on any recognised market which subjects companies to disclosure obligations meeting international standards and are equivalent to obligations in the EU.

Where the market is located within the EEA, if they are regulated under MiFID, there are no requirements to check the market meets these requirements. The steps taken to confirm the market status should be recorded.

Outside of the EEA, the steps taken to understand if the market meets the requirements to enable simplified due diligence to be used should be recorded.

Should the market not meet the required criteria then the process for a private unlisted company should be followed.

Regulated Business

Where a financial services firm is subject to the Money Laundering Regulations and regulated by the FCA simplified due diligence can be applied. This can also be used for financial services businesses in the EU or equivalent jurisdiction where they are regulated by an equivalent regulator.

Details to Collect

Below is the information you may wish to collect for a customer who is a company.

Company Information

Understanding the name of your client including any previous or trading as names is important for obtaining a clear picture on you client. This will also be useful should you need to undertake any further research.

  • Registered Name
  • Previous Names
  • Trading As
  • Registered Address
  • Previous Address (if at current address for less than desired period)
  • Operational Address
  • Contact Address
  • Incorporation number
  • Date of incorporation
  • Country of incorporation
  • Entity Type
  • Nature of business
  • Listing Exchange or Regulating Authority and Registration ID
  • Contact name
  • Contact telephone number
  • Contact email address

Additional Information

  • Geographic Location

The location in which your client is living or working may be a factor in increasing the risk they bring. In some countries the approach to anti-money laundering and the prevention of bribery and corruption is not sufficiently enforced. This could result in a potential for criminal funds to filter through your business.


  • Face to Face/Remote

The method in which a client is interacted with will adjust the associated risk. Having a relationship where a client is never met face to face is at higher risk for fraud and steps should be taken to minimise the risk.


  • Service Required

It may be that your business only provides a single core service and therefore the level of risk will be consistent. However, where different product or services are offered you may wish to adapt the level of due diligence undertaken based on this risk.


Client Activity

  • Type of Transaction
  • Volume
  • Value

Understanding what will be normal for your client will enable you to identify when something abnormal happens.  There may be a valid reason for changes in your client’s activity such as a significant increase in the amounts going through your business.  However, it could be an indicator to a change in the risk the client brings warranting a higher level of due diligence.