Identity Policy

are required to identify and verify the relevant to each , these will include the Customer, their Controlling Parties (including Beneficial Owners) and any Introducers. The extent of identification and verification is not prescribed by the regulator's guidance and is left to the "reasoned judgements" of each organisation.

The regulator's guidance also requires that the persons related to a relationship which has been assessed as "Higher Risk" should undergo ECDD and therefore more stringent identification and verification should take place.

Identity Policies give organisations somewhere to define which components of an entity's information should be identified and verified depending on the entity's context within the relationship.

• Natural Person

• Legal Person

• Legal Arrangement

• Foundation

Each section lists the identity components that are relevant to that entity type. e.g: the Natural Person section includes Date of Birth, whereas Legal Person section includes Incorporation Date instead.

Within each section, there are four columns representing different contexts that an entity might be found in:

• Beneficial Owner

Beside each identity component the organisation can state whether it needs to be identified or verified under CDD (Colour coded blue) and ECDD (Colour coded Red).

"Following ML/FT risk assessments, whether at the point of an initial risk assessment or after a review, relevant persons must determine and adopt appropriate and effective risk sensitive procedures and controls which enable them to manage and mitigate their ML/FT risks. This means that heightened (or in the case of CDD, enhanced) measures should be taken to manage and mitigate situations in which the ML/FT risk is higher and Code concessions must not be applied. Less stringent measures may be applied in situations with lower ML/FT risk."

Relevant Legislation/Guidance