Associated persons and supply-chain mapping for ECCTA evidence teams.

The ECCTA associated-person definition includes employees, agents, subsidiaries, employees of subsidiaries, and other persons who perform services for or on behalf of the relevant body.

The Home Office guidance frames the assessment as one that depends on all the relevant circumstances. A mapping worksheet should therefore record the service performed, the entity receiving the service, the business owner, and any uncertainty.

A supplier being somewhere in the chain is not, by itself, the same as performing services for or on behalf of the relevant body. The review should ask what service was performed, for whom, under which contract or arrangement, and how the relationship is controlled.

Useful outcomes are not just included or excluded. A professional file should also capture pending, unclear, and needs-adviser-review states so uncertainty is not hidden.

Large-organisation scope can involve group aggregation, and associated-person analysis can include subsidiary undertakings and subsidiary employees. The worksheet should identify parent, subsidiary, branch, and counterparty relationships separately.

For each relationship, record whether the relevant service sits inside the entity group, outside it, or across both, and keep the source date for employee, turnover, and balance-sheet information used in any scope screen.

A useful associated-person worksheet includes relationship type, service description, contract owner, geography, relevant fraud scenarios, due-diligence status, policy or training coverage, attestation status, next chase date, and reviewer decision.

The worksheet should link each high-risk relationship to evidence items: due-diligence files, contractual controls, training records, monitoring outputs, issue remediation, attestations, and any replacement lineage.

Zero-login attestations can help collect dated responses from external parties without giving them internal workspace access.

Those responses should feed a human review gate. A response can support the evidence file, but it does not decide whether the person is associated, whether procedures were reasonable, or whether the organisation has a statutory defence.