Monetary Authority & Regulatory Framework

You cannot treat all clients equally. You must perform a comprehensive Business Risk Assessment (BRA) to identify where your specific business is vulnerable to money laundering.

• Requirement: you must document your inherent risks (Geographic, Product, Customer, Delivery Channel) and assess the effectiveness of you controls to determine our residual risk

• Support: Verify by Tiller allows you to put in place a robust, effective and repeatable customer onboarding process. The digital onboarding process provided by Verify by Tiller allows you to understand and control your risk exposure and easily document and manage that risk

You must verify the identity of your customers before a business relationship is established.

• Requirement: Identify the identity of customers and understand who you are dealing with and the nature of the business they intend to conduct.

• Screening: Verify by Tiller performs comprehensive screening against international sanction lists, PEP databases, enforcement databases and adverse Media sources, helping you build an accurate risk profile for your client

• Ongoing Monitoring: CDD is not a one-off event. You must monitor your client's behaviour throughout the relationship to ensure they match the client profile establish during onboarding. Verify will rescreen all your clients daily and provide the tools to automatically perform periodic reviews and update expired documentation.

For high-risk scenarios, standard checks are insufficient.

• Requirement: For Politically Exposed Persons (PEPs), clients from "High-Risk Third Countries," or complex/unusual activities, you must establish their Source of Wealth (SoW), verifying how the client acquired their total net worth, not just the funds in the current transaction.

• Solution: Verify by Tiller will help you identify high-risk scenarios by capturing and verifying country of residence and even geolocation of the individual. It will also fully screen them to identify PEPs from an array of global sources or individuals with adverse media indicating a high-risk profile. The platform also provides customisable digital client forms to aid in the capture of Source of Wealth information and also the upload of required supporting documentary evidence by the client. This allows you to quickly and efficiently perform the more complex checks and record keeping required for EDD.

The regulation imposes a strict statutory duty to retain documents for a specific period to ensure they are available for use in any financial crime investigation.

• Requirement: All CDD documents, risk assessments, and transaction records must be retrievable without delay and must be kept for 5 years.

• Support: Verify by Tiller generates a comprehensive Client Report in PDF format at the end of the onboarding. It contains all information captured during the onboarding including identity documents and selfie images used to verify the person resenting the id document. It also contains the results of all checks performed and the findings as well as the actions taken in response to those findings. This report is clear evidence of the compliance process followed, and it allows you to easily store it for immediate retrieval at any time in the future. The same information can be easily exported via our AOI for inclusion into any of your existing systems to automatically aid in the centralisation of all your records

• Requirement: Your MLRO must establish a process to receive internal suspicious activity reports (SARs) and, where appropriate, file them with the Financial Intelligence Agency (FIA).

• Support: The Verify by Tiller platform make it significantly easier for your MLRO to be made aware of exceptions during the onboarding process or arising out of ongoing monitoring. It provides all the evidence derived from the information provided by the client and the check and findings that were automatically performed. This makes it easier to collate the supporting information for the SARs report and providing the audit history which may be needed for any follow-up activities.

Yes, provided the source is authoritative. Verify by Tiller satisfies Regulation 6(2) by prioritizing NFC chip extraction from e-Passports. This data is cryptographically signed by the issuing government, making it the most "independent" and "reliable" source available, far exceeding the evidentiary value of a photocopied passport delivered by email.

POCR imposes a strict chronological order. Verify by Tiller enforces this via "Referal Alerts" in the workflow. You can configure your process so that a client account cannot be opened (or a risk rating finalized) until the ID verification and screening steps are marked as "Complete" or "Accepted". This prevents the operational error of trading with an unverified entity, which is a direct breach of Regulation 8.

Historically, yes, but modern technology mitigates this. While Regulation 11(1)(a) requires EDD where the customer is not physically present, Verify by Tiller uses biometric liveness detection to replicate the security of a face-to-face meeting. This allows you to justify treating standard non-face-to-face applicants as "Standard Risk" rather than "High Risk" in your Business Risk Assessment.

Although at present Verify by Tiller cannot identify the Beneficial Owner behind a complex corporate structure (however the feature is coming soon in our KYB module), Verify can send individual digital verification links to each UBO already known (e.g., shareholders >10% or 25%), ensuring every controlling individual is verified to the same standard as a retail client.

The regulation requires "risk management procedures" to determine if a customer is a PEP. Verify by Tiller screens every applicant against global PEP lists (Tier 1-4) automatically. If a match is found, the system flags the profile for manual review. This ensures you never inadvertently onboard a PEP without the "Senior Management Approval" mandated by law.

For high-risk or PEP clients, Verify by Tiller allows the use of custom digital forms to capture "Source of Wealth" in the onboarding journey. It compels the user to declare the origin of their funds and upload supporting evidence (e.g., sale of shares, inheritance letters) before the application can proceed, ensuring you have the evidence required by Regulation 11(4)(b).

While Tiller is an onboarding tool, it sets the baseline for this monitoring. By establishing a robust "Client Profile" (expected activity, turnover, source of funds) at the start, Verify by Tiller provides the benchmark against which your transaction monitoring team can judge if a future transaction is "unusual," as required by Regulation 11(2).

Yes. Manual files often go stale. Verify by Tiller has a "expiry management" feature. It tracks the expiry dates of passports or ID cards and can automatically prompt the customer (or your team) to provide a new document before the old one expires, ensuring you remain compliant with Regulation 12 continuously.

To meet the strict liability of Sanctions laws, Verify by Tiller performs Daily Delta Screening. It can re-screens your entire client base every 24 hours against the latest UK Consolidated List and over 100 other sanction lists and information sourced from over 1,600 official government websites. This ensures that if a client is designated overnight, you know about it immediately, satisfying the requirement to stop dealing with them.

Yes. This is a critical component of Regulation 12 "Ongoing Monitoring." Because Tiller re-screens daily, if an existing client is elected to office or appears in adverse media, the system generates an alert. This allows you to move the client from "Standard" to "High Risk" and apply the necessary EDD retroactively.

Absolutely. Digging through paper files or disparate drives causes delays. Verify by Tiller consolidates all ID data, screening results, and risk decisions into a single digital profile. You can export a "Client Report" in seconds, satisfying the "without undue delay" requirement during an FIA investigation or BMA audit. The same information is also made available instantly via our API to any of your other systems

Your data obligations persist. Verify by Tiller allows for the secure export/archiving of data to your own servers to meet the 5-year rule post-relationship. The same information is also made available via our API to allow all data to be archived in your core systems.

No, Regulation 16 says you must establish the policy. Verify by Tiller is the engine that executes it. The platform is configurable, allowing you to map your specific Risk Appetite Statement (e.g., "We need to capture SoW") into the workflow logic, ensuring your operational reality matches your written manual.

No, using Tiller is Outsourcing, not Reliance (which refers to relying on another regulated firm like a bank). Under POCR, you retain responsibility. Verify by Tiller supports this by giving you full visibility and control. It doesn't make the decision for you; it presents the data (matches, ID validity) so your Compliance Officer can make the final decision, keeping you on the right side of the law.

Indirectly, yes. Regulation 18 requires staff to be aware of the laws and procedures. Verify by Tiller helps you standardizes your procedures. By guiding staff through a mandatory, linear workflow (Upload > Screen > Review > Approve), it ensures that even junior staff follow the correct compliant process every time, reducing the risk of human error or "shortcut taking."