ECSH32610 - Desk based interventions

Introduction

Desk-based interventions are carried out where you review business records, documents, or information away from a business’s premises.Ìý

Desk-based interventions can be conducted alongside other types of interventions, such as face-to-face visits or telephone calls. Alternatively, desk-based interventions can be conducted without any other intervention to check a business’s compliance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017). For example, desk-based interventions could be solely undertaken through correspondence by letter or email (where the appropriate protocol is in place � see ECSH32812.

Compliance desk-based interventions

A desk-based intervention (or DBI) is a type of desk-based compliance check which is approached in the same way as a face-to-face visit, but interviews of key personnel (for example, the Nominated Officer for the business) are carried out desk-based, for example, by phone or Teams calls.

The Project Initiation Document (PID) in Caseflow will specify if your compliance check should be conducted by DBI. For example, this may be the case where you are working a case on an aspect or follow up warning letter campaign (ECSH32600).

If you intend to change the intervention approach set out in the PID, for example escalation of a DBI to a face-to-face visit or de-escalation of a face-to-face visit to a DBI, follow the guidance set out under the subheading “The intervention approach� in the link to ECSH32600 above. Any divergence from the planned approach will require escalation through your manager and authorisation by the G7 Compliance Leads.

How desk-based interventions are conducted

Desk-based interventions are usually conducted by requesting information and/or documents from the business.

(This content has been withheld because of exemptions in the Freedom of Information Act 2000)�

As part of your desk-based checks, you may review the business’s:

  • Application to register.
  • Risk assessment.
  • Anti-money laundering training.
  • Customer due diligence records.
  • Transaction records.
  • Internal controls and compliance monitoring.
  • Record keeping, reliance and compliance with the General Data Protection Regulation.
  • Internal reporting processes.

This list is not exhaustive.

What to consider

You should consider how you will address the risks, following the appropriate Standard Work Instructions (SWI) in the Knowledge Library.

You must consider if the risks can be effectively addressed and tested by a DBI or whether a visit to the business premises is necessary. Ensure you follow the guidance set out under the subheading “The intervention approach� in ECSH32600.

You should consider what information you need at each stage of your compliance check. For example, you may need to carry out desk-based checks prior to a face-to-face intervention to help you prepare and plan your interview (ECSH32825).

Additionally, you may need to carry out desk-based checks after a visit. For example, to test additional records or request additional information. It will depend on the circumstances of your case (ECSH33700).

You will need to consider what information needs to be sent to you and how this will be done., for example, Dropbox or a data handler.Ìý Both options must be requested through the relevant team.Ìý

(This content has been withheld because of exemptions in the Freedom of Information Act 2000)

You must consider the volume of records you need to see, if they will contain sensitive information (for example bank statements or an individual's ID documents) and any cost or additional burden this may present the business.Ìý You must always consider how you will use the information to gain assurance that the business is complying with MLR 2017.Ìý

Ìý