Skip to content
  • There are no suggestions because the search field is empty.

CoSec Compliance Rules

Each eFiling account is restricted to a single authorised account holder. You cannot add more than one person to an account. We are only able to speak to the verified account holder over the phone, even if other individuals, such as directors are involved. This policy helps ensure that sensitive information and instructions are communicated solely with the authorised individual, reducing the risk of unauthorised access or misuse. If the account holder is on the phone with us, completes security, and confirms that they want to pass the call to another person (such as their co-director), it is acceptable to speak to the second person, provided the account holder has completed security and both individuals are in the same room. If someone other than the account holder emails us from the email address on file, that is acceptable. Since the email is coming from the account's email address, it is assumed that the account holder has given permission for this individual to communicate on their behalf.   What if a non-account holder has been cc'd on an email? If you notice someone has been cc’d on the email, please use the macro /cc’d. This macro requests the account holder’s permission to accept instructions from the individuals cc’d in the email. However, note that we are still unable to speak to those individuals over the phone due to security restrictions. We are not allowed to cc non-account holders to an email. Only the customer can cc non-account holders.  When using the macro 'cc'd', communication is limited to the email thread where the account holder is copied. If the cc'd individual starts a new email thread, you are not permitted to take instructions from them, as the account holder is no longer included and has not consented to continue the conversation separately. Macro: ‘cc’d’ I noticed that you’ve included some individuals in our email thread regarding the requested transactions. Could you please confirm if I have permission to engage with these individuals directly within this email thread only, should they provide instructions or clarifications about the transactions? Please note that I’m unable to communicate with anyone other than the account manager by phone, as we do not have security measures in place for them. However, I am happy to respond to their emails.   Why do we complete compliance? In accordance with recent training, every member of CoSec has completed AML (Anti-Money Laundering) training in January 2025. This training follows guidance written by HMRC for businesses it supervises: Trust or company service provider guidance for money laundering supervision - GOV.UK Almost all businesses supervised by HMRC for anti-money laundering purposes are subject to "fit and proper" or approval requirements under the Regulations. These requirements ensure that businesses’ beneficial owners, officers, and managers are appropriate individuals to undertake those roles. Relevant persons must pass the appropriate test before the business can register, and remain registered, with HMRC.   What are the security questions?  You always need to pass 3 security questions with the caller.  Email Address Full Residential Address (not just the postcode) Date of birth If this information is missing, you can ask one of the following: Personal security questions on file (i.e. first three letters of…) Last 4 digits of the primary card on file IMPORTANT: Never ask ‘Am I speaking with [account holder name]’. They must always confirm this first. If you are not speaking to the customer, NEVER confirm who the account holder is. Calling from the ‘phone number on file’ is not a security question. Any friend, family member or acquaintance could be calling. However, if there are no other possible security questions on file, you can ask for the telephone number on the account.   What is the process for when a customer is Blacklisted? There is a designated macro labeled /blacklisted to use when responding to customers from blacklisted countries. Please follow these steps: Add the order to the Refunds Sheet and select "Blacklisted" as the reason for the refund. Include a note in eFiling that clearly explains why the country is considered blacklisted. If you're unsure or need assistance, please reach out to the Compliance team. They can handle this on your behalf.