We seem to be asked more and more by institutions that they need to clear 'ML or 'AML' regulations on their side. Banks, lawyers, listed businesses like car showrooms and just look on the jobs page and you will see it filled with companies advertising for jobs in these areas. So, once we pass over our intimate details holding personal details such as a bank statement or passport, what obligations are these institutions under to keep this information safe? Of course, there will be laws between the government and institution but do they go far enough to protect the individual. Do you recall reading a satisfying assurance along the lines of ‘we will keep your information safe and away from third parties and securely destroy it after X time', before we hand over these personal details or indeed should they need to? I often wonder what happens to this information, is it sitting on a server ready to be leaked on the deep dark web? Is it there already? I am not sure what the answer is for institutions but perhaps it’s time for the Government to look at consumer cyber laws.
The AML regime was established to prevent or minimise the risk that ML poses to the financial sector and to report such activities in order to assist in the detection and prevention of ML, and to penalise those who fail to implement AML. The Proceeds of Crime Act (“POCA”) is the primary Act which deals with the offence of ML and the confiscation of proceeds of crime. Businesses to obtain the following information: full name of customer; permanent address and proof of same; date and place of birth; nationality; place of business/occupation; occupational income (where applicable); a signature; purpose and intended nature of purpose and source of funds; and any other information which may be relevant.