1. Introduction
2017 saw changes to the legislation concerning money laundering in the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLR 2017) for short. MLR 2017 broadened the definition of money laundering and increased the range of activities caught by the statutory framework. It not an issue for banks and the financial sector but applies to all companies and institutions including universities. These new obligations require universities to establish internal procedures to prevent the use of their services for money laundering.
More recently, in September 2025, The Economic Crime and Corporate Transparency Act 2023 (ECCTA) introduced a ‘Failure to Prevent Fraud’ offence, meaning an organisation will be guilty of certain criminal offences, including money laundering, if that offence is committed by a ‘senior manager’ acting within the actual or apparent scope of their authority, or an ‘associated person’.
2. Scope of the Policy
This policy applies to all University of Derby group employees and any associated person. An ‘associated person’ includes employees, agents, subsidiaries, or any person who otherwise performs services for or on behalf of the organisation. The policy sets out the procedures that must be followed to enable the University to comply with its legal obligations. University employees who need to be the most vigilant are those dealing with the receipt or outlay of funds whether in the form of cash, cheques or bank transfer.
3. Definition of money laundering
Money laundering is the process of taking profits from crime and corruption and transforming them into legitimate assets. It takes criminally derived ‘dirty’ funds and converts them into other assets so they can be reintroduced into legal commerce. This process conceals the true origin or ownership of the funds and so ‘cleans’ them. The legislation defines the offences relating to money laundering as:
- Concealing, disguising, converting or removing criminal property from the UK;
- Entering into an arrangement which the person who knows or suspects or facilitates (by whatever means) the acquisition, retention, use or control of criminal property by or on behalf of another person;
- Acquiring, using or having possession of criminal property;
- Making a disclosure which is likely to prejudice a money laundering investigation.
Money laundering regulations apply to cash transactions in excess of 10,000 Euros. However, the Proceeds of Crime Act applies to all transactions – cheques, cash, bank transfers, property and equipment to individuals or agents or third parties.
The University of Derby will adopt a risk-based approach to anti-money laundering and in how they conduct due diligence.
Risk assessment: the University appointed Money Laundering Reporting Officer (MLRO) will analyse the University’s potential exposure to money laundering or terrorist financing. A written AML risk report covering all University activities including customers, countries of operation, products and services, transactions, delivery channels and size and nature of business will be produced.
Risk mitigation: policies will be proportionate to the risks identified and approved by University Executive Board. To include relevant controls, customer due diligence procedures, reporting, record keeping and monitoring.
Level of Customer Due Diligence (CDD): to undertake CDD appropriate to the risk with specific attention on high-risk jurisdictions which make enhanced due diligence compulsory.
Politically Exposed Persons (PEPs): to undertake due diligence of individuals who are trusted with prominent functions in the UK and overseas.
As part of the risk-based approach, the University will periodically update the risk assessment and review the policies and procedures to ensure they take account of the changing risks and vulnerabilities of the University.
Assessment of risk will be made by the Money Laundering Reporting Officer (MLRO). For the University of Derby, the nominated MLRO is the Chief Finance Officer Susan Ambler, email s.ambler@derby.ac.uk.
4. Example risks to which University of Derby may be exposed
While much of the University’s financial activity could be considered relatively low-risk from the perspective of money laundering, all staff need to be vigilant against the financial crime and fraud risks of day-to-day transactions. Any suspicions must be reported promptly to the MLRO.
Examples:
It would be considered suspicious if a customer purchased a product by overpaying and then requesting the excess be transferred into a different account.
It could be considered suspicious for a debt to be settled by an independent third party. However, it is normal in a university context for student debt, in the form of tuition fees or living expenses, to be settled by a third party e.g. a parent.
BUFDG guidance suggests that particular care be focused on:
- Any payments in cash
- Applicants from high-risk countries
- Requests for refunds – particularly to a different account or individual to the payer
- Overpayments
- Failure to take up places
- Agents – who do not fit in with normal procedures relating to deposits and tuition fees
- Identity fraud
5. Student and customer identification – “know your customer”
It is important that procedures and controls are in place to identify the student, customer or other third party dealing with the University.
In the case of students, passports, visas, birth certificates and correspondence with students at their home address can provide helpful evidence. For student sponsors or other paying fees on behalf of the student, proofs such as letters or documents proving name, address and relationship with the student are required.
If the sponsor for the student is a company, a letter on company headed paper explaining the relationship between the company and the student and that permission has been given to pay tuition fees or accommodation fees by that company is required.
For other non-student debt, if the organisation is not known to the University ‘engagement lead’ relevant KYC checks such as review of letter headed documents, websites or credit checks can help to verify the validity of the potential customer.
6. Controls to mitigate risk
The University will pursue a policy of maximising online payments. All payments by students for tuition fees and accommodation will be made through online payment systems thereby removing acceptance of cash.
Payments by third party:
Where identified, details to be checked over €10,000.
A student should not be permitted to pay the fees of another student who is not present at the time.
Refunds of payments made in respect of either student or non-student debt, by students or by third parties, will only be made by the same method and to the same account as the original payment was made.
There will be no cash refunds.
Students must make arrangements to cover their living expenses prior to arrival. This includes setting up their bank accounts.
If a donor or third party sends funds in excess of requested tuition fees, the excess can either be repaid to the donor using the same bank details or, with the permission in writing of the donor, be used to fund University of Derby accommodation due. The excess cannot be transferred to the student.
Fees paid in advance for foreign students who have subsequently been refused a visa are only refundable providing appropriate documentary evidence is available to demonstrate the circumstances. Refunds should only be made to the person and account making the original payment or in the case of a transfer by payment to the new university.
7. Procedure for individuals who have carried out KYC checks and are still suspicious of a transaction
When suspected money laundering activity is identified, this must be disclosed immediately via the Report Suspected Money Laundering form or directly to the MLRO.
Once the activity has been reported, no further discussions regarding the suspicious activities should be undertaken unless instructed by the MLRO. This will avoid making a disclosure which may prejudice a money laundering investigation.
8. Duties of the Money Laundering Reporting Officer
The MLRO will consider the report, and any other available internal information considered relevant, such as:
- Other transaction patterns and volumes
- The number of any one-off transactions and linked one-off transactions
- Any KYC evidence held
- Undertake such other reasonable enquiries appropriate, e.g. review of chargeback activity in order to ensure that all available information is considered in deciding whether a report to the National Crime Agency (NCA) is required.
The MLRO should keep a copy of all reported suspicious transactions together with additional backup and reasons for final conclusions, whether reported to the NCS or not, for a minimum of 2 years (5 year for all instances reported to the NCA).
9. Advice to members of staff in identifying money laundering
It is not possible to give a definitive list of ways to spot money laundering or how to decide whether to make a report to the MLRO. The following are examples of risk factors which may be considered:
- A secretive person or business e.g. that refuses to provide requested information without a reasonable explanation
- Is the customer or student requesting a large cash transaction – especially where the cash is used notes or small denominations
- Payment of any substantial sum in cash
- Concerns about the honesty, integrity or identity of the people involved
- Involvement of an unconnected third party without a logical reason or explanation
- Overpayments for no apparent reason
- Absence of any legitimate source for the funds received
- Significant changes in the size, nature, frequency of transactions with a customer that is without reasonable explanation
- Cancellation, reversal or request for refunds of earlier transactions
- Requests for account details outside the normal course of business
- Requests for payments or refunds after funds have been paid into the University account by a third party
- Any other significantly unusual activity that gives rise to reasonable suspicion about the motives of individuals.
10. Conclusion
Instances of suspected money laundering are likely to be rare given the nature of services provided by the University. However, awareness of the legislative requirements is key, as failure to comply would have serious implications for both the University and individuals concerned.
Last reviewed: 05/09/2025
Policy Owner: Finance