Are you exposing yourself to TCSP risks?

aat comment

Some accountants don’t know they’re carrying out TCSP activities, which leaves them vulnerable to exploitation and disciplinary action.

*This article has been updated to provide clearer guidance around a firm’s inclusion on the HMRC TCSP register.

Trust and Company Service Providers (TCSPs) play a crucial role in the global financial landscape, assisting clients in establishing and managing trusts, companies and other corporate entities.

Many TCSP clients create intricate ownership structures that involve multiple offshore entities and nominee shareholders or directors. This complexity can obscure the flow of funds and make it challenging to detect and prevent money laundering activities.

As such, TCSPs are at a high risk of being exploited for illicit purposes, including money laundering and terrorist financing, with that risk increasing when provided with other financial, legal, or accounting services. 

What is a TCSP?

Under the money laundering regulations, a trust or company service provider is any company or sole practitioner whose business is to:

  • form firms, ie companies, limited partnerships or other legal persons
  • act, or arrange for another person to act, as:
    • a director or secretary of a company;
    • a partner or partnership; or
    • in a similar capacity in relation to other legal persons
  • provide a registered office, business address, correspondence address or administrative address for a company, partnership or other legal person or arrangement 
  • act, or arrange for another person to act, as a trustee of an express trust or similar legal arrangement
  • act, or arrange for another person to act, as a nominee shareholder for another person, unless the other person is a company listed on a regulated market which is subject to acceptable disclosure requirements.

HMRC’s TCSP register

Firms (including sole practitioners) providing any TCSP services that are not registered with the Financial Conduct Authority (FCA) must be included on HMRC’s TCSP register maintained under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017). Firms are prohibited from providing TCSP services unless they are on HMRC’s TCSP register.

To be included on HMRC’s TCSP register, firms must be registered with a supervisory authority under the MLR 2017. Firms that are registered with a professional body supervisor under the MLR 2017 do not need to separately apply to HMRC for supervision.

Professional body supervisors notify HMRC of all the firms (including sole practitioners) they supervise that perform trust or company service work by sending HMRC the name and address of each business and confirming they are ‘fit and proper’. HMRC will then review this information and may carry out further checks before confirming approval.

AAT notifies HMRC of all licensed members who are approved to provide Company Secretarial Services (trust or company services) and have registered their firm, or firms, with AAT for AML supervision to be included in the register. If you are an AAT licensed member providing TCSP services, please ensure you have been approved to provide Company Secretarial Services (trust or company services) as a specific area under your licence and have told AAT about of each of your firms providing TCSP services.

Any AAT member who is in public practice and is providing trust or company services whilst not on the register may be subject to disciplinary action by AAT and/or criminal or civil penalties by HMRC.

What do TCSP activities include, and what are the risks?

AAT is aware of instances where some accountants were unaware that they were carrying out TCSP activities.

According to the results of a 2022 thematic review of TCSP activities, the most common misconception is that providing a registered office address for clients is a low-risk administrative service which does not fall into the TCSP category.

However, a sole practitioner or firm is considered as providing TCSP services even if those services are ancillary to other accounting services or are provided on a one-off basis.

AAT is also aware that some firms believe they’re not acting as TCSPs as they do not provide services to trusts. However, it’s important to note that some of the services that fall under TCSP apply to companies, limited partnerships and other legal persons.

Risk characteristics

The Accountancy AML Supervisors Group Risk Outlook identifies the risks of TCSP services in the accountancy sector as being highest when coupled with other high-risk services or high-risk factors, such as a client in a high-risk country. There is also a high risk when a new client approaches a firm for a one-off company formation, with no ongoing services required.

Accountancy sector firms that offer registered office or nominee directorships are also at risk of exploitation as those services can enable the concealment of beneficial ownership. Law enforcement has indicated that many investigations into money laundering have led to complex corporate structures. By creating structures that disguise the ownership of assets, the accountant may be either wittingly or unwittingly involved in ‘integration’ of the illicit funds into the legitimate economy.

HMRC has published guidance on Understanding risks and taking action for trust and company service providers. We recommend that all TCSP providers read the guidance, but for the two most common TCSP services AAT firms provide, the risks include:

Company Formation

A company formation agent is a business involved in the supply of the service of forming companies for, and/or selling formed companies to customers.

Where a formation agent is forming companies for UK-based owner managers and established professionals, they may judge this to be low risk. However, the supply of many companies at the same time, or in close succession, may be indicative of a higher level of risk.

The companies may be being used to open many bank accounts across different jurisdictions to facilitate the movement of funds.

Requests for ‘aged’ companies, as opposed to newly formed companies, may indicate that they are required to give the impression of an established business that may be used for fraudulent purposes (this risk may have increased as a result of the Covid-19 pandemic).

When providing UK entities for offshore intermediaries, consideration should be given to the location of the intermediary, the frequency of the requests and the commercial purpose of the structures being formed.

Providing a registered office, business address, correspondence address or administrative address

The provision of office services to a business that does not maintain a physical presence at your premises can present a number of risks to your business. It is important that you establish an appropriate risk assessment to monitor and differentiate between the provision of services that are out of scope of the regulations, for example the letting of physical office space where the user is in regular attendance and can be easily contacted and where the user is not in regular attendance and therefore cannot necessarily be easily contacted.

From a risk perspective if you are providing a virtual office service to a local resident who operates a peripatetic business, is known to you and regularly collects post in person, this is a lower risk than providing a service to a business where the owners are not known to you, are not local, do not regularly collect their post or the person collecting the post regularly changes. This risk may be increased if you are supplying this service to a non-UK based intermediary.

If the business is operated or owned by a non-UK resident company or person you may need to consider what risk that presents and what is the appropriate level of due diligence in these circumstances.

If you are receiving large volumes of mail for a customer, do you have enough knowledge to judge if this is to be expected for this kind of business, for example mail order services? Virtual office addresses can be used in investment frauds particularly those that are promoted with long-term returns.

If you are being asked to supply multiple addresses to the same or connected businesses, does your risk assessment measure if this request has a commercial basis? Use of multiple addresses can be used create an impression that a business is more substantial than it is, or to create an impression that their customers are dealing with a company with a local presence.

For further guidance on TCSP risk, the UKFIU’s latest SARs in Action magazine contains an alert published by the National Economic Crime Centre (NECC) around the high-risk behaviours and typologies associated with the TCSP sector, and includes a list of indicators for potentially suspicious companies formed by TCSPs.

What due diligence is needed?

Firms are required to carry out a firm-wide risk assessment that takes into account the customer base and the nature of the services the firm provides so that policies, controls and procedures can be put in place to counter any risk of the firm being exploited for money laundering, terrorist financing or proliferation financing (ML/TF/PF)purposes.

TCSPs must identify who their customers and beneficial owners are, and what levels of due diligence are appropriate. Policies, controls and procedures should document the firm’s approach when dealing with intermediaries and when placing reliance on third parties or accepting due diligence undertaken by others.

To mitigate ML/TF/PF risks, TCSPs should conduct thorough background checks, verify the source of funds, and regularly update client information. Enhanced due diligence is necessary when dealing with high-risk clients, high-risk jurisdictions, or politically exposed persons (PEPs).

Maintaining detailed records of client interactions, transactions and corporate structures is essential. These records should be readily available for regulatory inspections and audits.

TCSPs should adopt a risk-based approach to their services. This involves assessing the specific ML/TF/PF risks associated with each client and tailoring their due diligence and compliance efforts accordingly.

When risk assessing a client, firms should consider location, complexity, sources of wealth, PEP status, nature of services and client’s business, and transparency when risk assessing a client. Those holding client money should always consider the handling of client money, along with the nature of the client’s business, the purpose of the business relationship and sources of wealth.

AAT Comment offers news and opinion on the world of business and finance from the Association of Accounting Technicians.

Related articles