(1) A relevant person must establish and maintain appropriate and risk-sensitive policies and procedures relating to -
(a) customer due diligence measures and ongoing monitoring;
(b) reporting;
(c) record-keeping;
(d) internal control;
(e) risk assessment and management;
(f) the monitoring and management of compliance with, and the internal communication of, such policies and procedures,
in order to prevent activities related to money laundering and terrorist financing.
(2) The policies and procedures referred to in paragraph (1) include policies and procedures -
(a) which provide for the identification and scrutiny of -
(i) complex or unusually large transactions;
(ii) unusual patterns of transactions which have no apparent economic or visible lawful purpose; and
(iii) any other activity which the relevant person regards as particularly likely by its nature to be related to money laundering or terrorist financing;
(b) which specify the taking of additional measures, where appropr