Certification and third-party reliance on our client due diligence

A regulated lawyer may certify or verify the identity of an individual who is well known to them. If you are certifying documents yourself, you must:

1. Be confident that you have no AML concerns about the individual.
2. Use the firm's standard lawyer certification form, which meets regulatory requirements for verifying a client's name and address.
3. Remember that certification only covers basic identity verification. Sanctions checks, PEP screening, and electronic address verification will still be carried out by the Clients Team.

In practice, Keystone prefers to undertake its own AML checks, and certification should only be used where this is unavoidable (for example, where a client cannot provide certified documents in another way). It is always better to obtain proper identification documents over certifying someone's identity. Treat certification as an exception, not the norm.

If the certifier is a third-party lawyer, you should, where possible, satisfy yourself that the certifier has no AML concerns about the individual. You must not use a certifier if you doubt the reliability or integrity of their certification.

Keystone does not permit third parties to rely on our AML checks. The scope and depth of our checks are tailored to our own risk-based assessment, which may differ from the requirements of another organisation.

We are, however, willing to confirm to third parties that we have conducted our own checks. In such cases, you may state:

"Keystone Law complies with all applicable financial crime regulations, including those under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 as amended. However, kindly note that such matters are Keystone Law's own obligations and all other parties in the regulated sector bear the same obligations and should make their own enquiries. Third parties may not rely on Keystone Law's internal checks and own risk assessments of clients, funds or matters. We may provide our client's ID&V documents with the client's consent to do so, but whether they are satisfactory according to your own AML policies, controls and procedures is up to you alone to decide. You may not rely on any risk assessment undertaken by this firm and on this basis we cannot share the same with you."

This wording avoids suggesting that our checks are sufficient for the purposes of another regulated entity, while still reassuring them that our own compliance obligations have been met.