ICA Cert in AML - Unit 3 PDF

Unit 3 Anti Money Laundering and Combating the Financing of Terrorism in Practice Principal Author Sue Thornhill Contributing Author Pekka Dare Series Editors William B Howarth David Robson Andrew Clarke James Rickett First Edition October 2007 Fifteenth Edition December 2022 Published by: International Compliance Association Fort Dunlop 6th Floor Fort Parkway Birmingham ENGLAND B24 9FD www.int-comp.org All rights are reserved. No part of this publication may be reproduced, stored in a retrieval system, mechanical, photocopying, recording or otherwise, without the prior permission of International Compliance Association. While all reasonable care has been taken in the preparation of this manual, neither International Compliance Association nor any of the authors accept responsibility for any errors it may contain or for any loss sustained by any person placing reliance upon its contents. © 2022 International Compliance Association G093/14656 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice Learning objectives The purpose of this unit is to: z consider how to identify money laundering and terrorist financing activities z explain what is meant by CDD and look at the various measures covered by this term z discuss how client activity can be monitored by financial services firms z discuss how disguised ‘beneficial ownership’ can aid the money launderer and obfuscate the money trail z look at the particular risks associated with PEPs, and z explain how to recognise suspicious activity and what to do once suspicions are formed, bearing in mind the duty both to preserve client confidentiality and avoid ‘tipping off’ criminals. Read the unit to get Re-read and make your Try the tasks and an overview own notes self-assessment questions 1. Identifying money laundering and terrorist financing activities You are entitled to assume that clients of your organisation are honest unless and until information comes to your attention that leads you to either know or suspect criminality. Key learning point You are not expected to play the role of a detective. If an employee has become suspicious, a report to the MLRO should be made as quickly as possible. What you must do is to report any knowledge or any suspicion that you formulate during your regulated work and activities. Unless your role includes monitoring responsibilities – for example, MLRO, AML analyst or other person nominated to analyse and review customers, their accounts and/or transactions for unusual activity – you are not expected to actively search for information that may lead you to become suspicious. 102 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice Instead, you must: i. know your clients (this will be examined in more detail below) ii. remain alert to the threat of money laundering or terrorist financing iii. consider whether any activity is unusual and potentially suspicious, and iv. report when necessary – following your organisation’s reporting process. Important Knowing the purpose of each relationship with which you have an involvement will help you to identify unusual and potentially suspicious activity. It is very rare to identify money laundering activity through actual knowledge that property that is being handled definitely comes from a crime. This is because it is very uncommon that a firm or MLRO will have direct knowledge of the underlying or ‘predicate’ crime that created the criminal property. Criminals who open bank accounts, for instance, will generally not disclose that their wealth comes from drug dealing or fraud! Rather, criminals will adopt a cover story or provide false CDD information. Money laundering activity is usually identified in the following situations. i. Where there is no legitimate commercial rationale for the relationship. ii. Where the behaviour of the client is suspicious, for example where the client puts great pressure on you to follow instructions without providing you with all of the answers that you need. iii. Where there is unusual or irregular activity when compared with: z the historical pattern of relationship activity z what is known about the circumstances of the client z what is known about the commercial objectives of the relationship, and z comparing the client’s activity with others in a similar situation or business and industry. Identifying money laundering activity is a challenge. You increase your chances of meeting the challenge by ensuring that you are well placed to identify unusual and potentially suspicious activity. You do this by knowing your clients. Note This is usually referred to as the customer (or client) due diligence (CDD) requirement. Many AML regulations, laws and codes make reference to know your customer (KYC). KYC is another term for understanding the personal and financial circumstances of a client. 103 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice As we will see later in this unit, CDD information is invaluable in the recognition and determination of suspicion for a number of reasons. Despite this, it is common for employees of financial services businesses to have problems making determinations about suspicion even where there is substantial CDD information on file. There are a number of reasons for this, and the following situations are typical. Examples ‘I can’t point to a specific crime’ ‘I can’t prove a crime was committed’ There is no requirement for you to suspect a particular type of criminal conduct, or to prove a crime was committed. In fact, it is very rare that you will do so. It is enough for you to simply suspect ‘criminality’ in the broadest sense. Most legislation sets the reporting threshold at ‘reasonable grounds to believe’ or ‘reasonable grounds to suspect’ money laundering may be taking place. ‘No one aspect of the relationship is suspicious’ Very often it is a combination of factors or features within a relationship that will lead to a suspicion about the relationship as a whole. ‘The crime I suspect my client of having been involved in occurred before the AML laws were introduced’ You have an obligation to report knowledge or suspicion of criminality whenever it may have occurred. It is possible to commit the offence of money laundering by knowingly handling property that resulted from historic crimes. You must never assume that money laundering is not an issue with existing clients for whom you have handled property for some time. Key learning point Existing client relationships pose as great a money laundering threat as new relationships, if not a greater one as we often become complacent about them. 2. Customer due diligence (CDD) 2.1 What is CDD? In simple terms, CDD is a risk assessment. 104 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice Definition: CDD CDD is defined in the Prevention and Suppression of Money Laundering and Terrorist Financing Laws as follows:26 (a) identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source … (b) identifying the beneficial owner’s identity and taking reasonable measures to verify that person’s identity so that the obliged entity is satisfied that it knows who the beneficial owner is, including, as regards legal persons, trusts, companies, foundations and similar legal arrangements, taking reasonable measures to understand the ownership and control structure of the customer; … (c) assessing and, depending on the case, obtaining information on the purpose and intended nature of the business relationship; (d) Conducting ongoing monitoring of the business relationship including scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the information and data in the possession of the obliged entity in relation to the customer, the business and risk profile of the customer, including where necessary, relating to the source of funds and ensuring that the documents, data or information held are kept up-to-date;27 Consider Having sufficient information about a client and making use of that information underpins all other aspects of a firm’s AML regime and is the most effective weapon against being used to launder the proceeds of crime. In addition to minimising the risk that your firm will be used for illicit activities, it provides protection against fraud, assists in enabling suspicious activity to be recognised and protects individual institutions from reputational and financial risks. Important The obligation to ‘know your customer’ also serves to protect genuine clients from being suspected of money laundering and helps to guard against their identities being stolen. 26. ICPAC, The Prevention and Suppression of Money Laundering and Terrorist Financing Laws of 2007–2021, 2021: https://www.icpac.org.cy/zePortal/WebFiles/SELK/WebDocuments/Pages/Laws/20220207%20-%20AML-CFT%20Law%20 %20English%20Consolidated%20up%20to%2061(I)%202021.pdf – accessed December 2021. 27. Caribbean Financial Action Task Force, ‘Recommendation 10: Customer due diligence’: https://www.cfatf-gafic.org/ index.php/documents/fatf-40r/376-fatf-recommendation-10-customer-due-diligence – accessed December 2021. 105 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice CDD should be part of a client profile that you maintain in order to potentially identify anything that appears out of line with previous expectations and could therefore be considered grounds for suspicion. 2.2 The practical application of CDD As in all areas of firms’ AML regimes, regulation allows and expects a risk-based approach to be applied to CDD. Regulators and industry guidance provide direction in this area by: z setting out scenarios that could warrant an ‘automatic’ low-risk categorisation allowing for ‘simplified due diligence’ (see section 3 below) z mandating certain circumstances as higher risk and requiring enhanced due diligence, e.g. PEP clients (see section 4 below) z providing guidance on the ‘ingredients’ firms should take into account to assess the money laundering risk in all other circumstances, and z providing some assistance on the actual requirements for CDD in the various risk categories. It is worth restating the fundamental reasoning behind CDD. CDD is the foundation of a good AML regime because it assists in the prevention and detection of criminal activity and those behind such activity. Hence, it is important that firms ensure they have: z identified the client (including beneficial owners) z verified that identity, and z recorded ‘on file’ sufficient additional information (at least the reason for the relationship) and data on their clients to assist in the detection of potentially suspicious activity. The type of additional information may include the type of business they are engaged in, the industry, whether they are new or established, or in the case of an individual, the stage of life they are in, the counterparties they deal with (both the people they pay and those from whom they will get paid), the geographical area(s) in which they operate, and the expected turnover on the account(s) – money in and out, values, volumes and frequency. It is also expected that this will be carried out in a risk-based fashion in order that firms can allocate resources to CDD appropriately. Example For example, the level of CDD and resources applied to a salaried individual working for a multinational company who wants a credit card should differ considerably to those applied to a politician based in a country with a reputation for high levels of corruption and poor regulation, who is seeking a series of products such as trade finance and large term deposits. In some firms, applying appropriate CDD may be relatively straightforward, where the client base is small and the product offering and geographic footprint are limited. For 106 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice others it presents a considerable challenge to differentiate the risk posed by the many types of potential client. Key learning point It goes without saying that CDD must be completed in all cases before any transactions are completed for any client. 2.3 Examples of typical scenarios and the level of CDD to be applied The examples below set out some scenarios that pose particular risk situations that may require a different approach to CDD. Example Mrs A wishes to open a joint current account with her husband. She works in a call centre and her husband is an employed plumber. They are resident in the country where they are opening the account and will be depositing an initial sum of $2,500. They expect to deposit savings of around $1,000 monthly from salary payments. The above is a good example where a standard set of due diligence procedures would apply. Example Mrs B wants to open current and savings accounts with an initial deposit of £12,000. She is a Filipino national but resident in the UK where she is a senior diplomat. This may well be an enhanced due diligence scenario. Whether Mrs B is a PEP would have to be determined and if so, this would necessitate enhanced due diligence requiring a more in-depth consideration as to Mrs B’s actual source of wealth. 2.4 ‘Ongoing’ monitoring and CDD While ‘ongoing’ monitoring of a business relationship is a general regulatory requirement seen as applying to the transactions conducted over the accounts of a client, it is also – either by actual regulation or expectation – related to keeping the CDD data and information a firm retains on clients relevant and up to date. Again, this is accepted to be on a risk-sensitive basis. Extract: Regulation 28 Customer due diligence measures Regulation 28 of the UK 2017 Regulations specifically states that: (11) The relevant person must conduct ongoing monitoring of a business relationship, including– 107 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice (a) scrutiny of transactions undertaken throughout the course of the relationship (including, where necessary, the source of funds) to ensure that the transactions are consistent with the relevant person’s knowledge of the customer, the customer’s business and risk profile; (b) undertaking reviews of existing records and keeping the documents or information obtained for the purpose of applying customer due diligence measures up-to-date.28 Ensuring that customer information is relevant and up to date is also a requirement contained within data protection legislation and regulation. ‘Ongoing’ monitoring of client business relationships and scrutiny of transactions must be undertaken throughout the course of that relationship to ensure that transactions being conducted are consistent with the institution’s knowledge of the customer, their business and risk profile, including, where necessary, the source of funds. This does not mean reviewing each and every transaction. Firms are, instead, to adopt a risk-based programme of monitoring that will ensure that those relationships and transactions, which are identified as being higher risk, are reviewed more frequently than those that are identified as being a lower risk. Think about In practice, this means that some transactions and relationships may be reviewed as they are instructed or daily, weekly or monthly. Others will be reviewed retrospectively and as part of annual checks. In order to conduct ongoing monitoring of higher-risk business and relationships, firms may use systemic screening tools to identify these risks and to route them for further consideration and approval. This form of automated screening may include the use of internal ‘bad guys’ lists to which the names and accounts of high-risk relationships are added to supplement other lists of sanctioned names, along with entities that are prescribed by laws and regulations. Alternatively, firms may implement enhanced due diligence checks during which transactions are manually reviewed together with the data that is held on record for each client profile. There is generally no expectation for firms to re-verify the identity of a client (unless there are doubts or new information – e.g., the previous identity document used is missing or no record of it was retained or there is a new executive director or partner of a firm), however, legislation might state the need for the information to be ‘up to date’. In some countries, this may include the need to obtain an up-to-date identification document, if the original documents have expired – this is not a blanket rule in all countries, and you should check in your own country or with your compliance department. This ‘ongoing’ monitoring has seen the emergence in many firms of periodic customer reviews which, in a risk sensitive environment, create their own challenges around the following questions. 28. The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017: https://www.legislation.gov.uk/uksi/2017/692/part/3/made – accessed December 2021. 108 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice Questions z What should such a review comprise? z When should it occur? z Should it apply across all clients? It is clearly common sense to be able to identify when a client’s behaviour would make a firm reconsider the money laundering risk associated with them (e.g., they become a PEP or adverse media information emerges linking them to criminal conduct). Important The challenge is how, in a risk-sensitive way, this monitoring of clients’ behaviour, as well as keeping their data and information up to date, can be made operationally effective yet efficient. 3. Simplified due diligence Most AML regulations now allow for a form of simplified due diligence in the lowest-risk situations. Definition: Simplified due diligence For example, in the UK the JMLSG, which issues guidance to UK firms, provides the following definition of simplified due diligence in guidance revised in 2017: 5.4.1 A firm may apply SDD measures in relation to a particular business relationship or transaction if it determines that, taking into account its risk assessment, the business relationship or transaction presents a low degree of risk of ML/TF.29 Extract: Simplified CDD measures The Interpretive Notes to Recommendation 10 of the FATF Recommendations clarify the requirements in the following terms. The simplified measures should be commensurate with the lower risk factors (e.g. the simplified measures could relate only to customer acceptance measures or to aspects of ongoing monitoring). Examples of possible measures are: z Verifying the identity of the customer and the beneficial owner after the establishment of the business relationship (e.g. if account transactions rise above a defined monetary threshold). z Reducing the frequency of customer identification updates. 29. JMLSG, Prevention of money laundering/combating terrorist financing, 2020 Revised Version Part I, June 2020: https://www.jmlsg.org.uk/guidance/current-guidance/ – accessed December 2021. 109 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice z Reducing the degree of ongoing monitoring and scrutinising transactions based on a reasonable monetary threshold. z Not collecting specific information or carrying out specific measures to understand the purpose and intended nature of the business relationship, but inferring the purpose and nature from the type of transaction or business relationship established.30 Example This approach may provide opportunities to reduce costs and remove paperwork from account-opening processes. For example, in respect of a simple term-assurance life insurance policy, minimal documents and information may be collected at account opening, with greater checks in place at the claim pay-out stage. The 5MLD links the risk-based approach to the application of CDD in that enhanced CDD measures must be used where higher risk is identified. A non-exhaustive list of factors and types of potentially higher risk is set out in the Annexes of the Directive. Important Specific examples of situations which allow SDD to be applied may be outlined in the legislation. For any other situations, it is important to note that any decision to apply SDD must be carefully documented and be justifiable in the eyes of the regulators. 4. Enhanced due diligence Where high-risk clients or countries are involved, regulations will normally require you to go further than the standard identification (e.g., passport and utility bill). Consider The emergence of websites supplying fake documents, such as bank statements and utility bills, presents new challenges for verification. Additional checks may be appropriate for high-risk clients and additional information must be collected to get a full picture of the individual or entity. Example As an example, source of wealth descriptions that are not acceptable include: ‘savings’, ‘profits from investments’, ‘inheritance’, ‘business dealing’ or ‘sale of business’ as they are insufficient proof that wealth is legitimate and not the product of criminal activity. 30. FATF, International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, updated March 2022: https://www.fatf-gafi.org/media/fatf/documents/recommendations/pdfs/FATF% – accessed December 2021. 110 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice Additional information must be gathered to demonstrate that adequate due diligence has been undertaken. Further steps must sometimes be taken to gain assurance that wealth has not been obtained from criminal activity. In a case where the source of wealth is obvious (e.g., a monthly salary that is credited to the account), there is no further corroboration required. There could also be instances where more detailed corroboration is required, such as client interviews, background checks and documentary evidence – all of which are valid approaches to corroborating the source of wealth and funds. In considering exactly what steps are appropriate, it is worthwhile considering how well, with hindsight, the following questions could be answered. Question z Are you convinced that the funds and wealth can be reasonably explained and established to be legitimate? z Can you independently obtain the evidence of the client’s source of wealth for higher-risk accounts and relationships? z Are you able to establish the relationship between the client and the third party where accounts are funded by a third party? z Do you continue asking for information, and persist in seeking clarity wherever the circumstances are unclear or account structures are complex? There is a wide array of sound practices to enable one to answer these questions and satisfy oneself that a customer’s source of wealth has been corroborated. These could include: z in-depth interviewing z collection of documentary information, or z reference to publicly available information from reliable sources. Note It is important to remember that CDD and enhanced due diligence (EDD) are not ‘tick-box’ exercises. Every case, particularly high-risk cases requiring EDD, must be risk assessed on its own merits and appropriate identification and verification of information must be obtained. 5. Plausibility testing Plausibility testing is quite simply using common sense when applying CDD. Consider the following example. Example: Plausibility test – personal banking z 24-year-old single UK national who has been resident in the UAE for 12 months. z Wants to open current and savings accounts. 111 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice z Previously banked with a rival high street bank in the UAE but is unhappy with their service. z Lists occupation as IT Consultant with approximately AED150,000 ($41,000) income. z Has a property in the UAE valued at 5 million Dirhams and one in Germany valued at €13 million – both properties are rented and he has no mortgages. Plausible or not? On the face of it not plausible: z A lot of assets for his age. z How were the property purchases funded without mortgages? z How long has he had the properties? z What else does he receive from his employer? There may be a fully rational explanation, but unless you ask the question you will not know. Note As we can see, CDD is never a ‘tick-box’ operation, even at a low-risk, routine level. Each case should be treated on its merits and appropriate enquiries made and verified. 6. Monitoring client activity In a risk-based approach an organisation will determine how best to meet requirements on keeping client information up to date and monitoring client activity. Activity should be considered as not just transactions but all parts of the relationship with a client. 6.1 A risk-based framework for monitoring client’s activity A risk-based framework will consider the inherent risks of the products, services and volume of activity expected for each client. Methodologies applied for the detection and management of unusual activity relating to money laundering and terrorist financing should: z compare the account/transaction history with a specific profile z compare the account/transaction history with established money laundering and terrorist financing criteria/scenarios z set up the process for comparing transactions against risk models to reveal patterns of transactions for a ‘normal’ client, rather than designating certain transactions as unusual (e.g., not all large transactions are unusual) z generate an alert where appropriate z track alerts to ensure that they are actioned and that any suspicions are reported as required z be available for audit, and z provide appropriate management information and statistics. 112 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice Case study: 9/11 attacks The terrorists of the 9/11 attacks were able to blend into the global financial system undetected. In essence, the 19 hijackers opened 24 accounts and a review of the related transactional activity illustrated: z direct transfers to and from foreign jurisdictions, e.g., UAE, Saudi Arabia, Germany z a majority of the withdrawals were from debit cards and occurred immediately following a deposit into the account z very few cheque transactions were made z the transactions were generally below reporting requirements z a series of withdrawals were made at the same ATM machines by groups of the hijackers, and z numerous balance enquiries were made. This highlights key behavioural activity of terrorists, providing an indication of some of the concerns firms need to bear in mind when monitoring their account-holding and one-off customers. Extract: AML Transaction Monitoring Systems In 2007 the FSA in the UK – (now the FCA) – published a comprehensive report, Automated Anti Money Laundering Transaction Monitoring Systems, which stated: 9. Senior management should be in a position to monitor the performance of [transaction monitoring (TM)] systems, particularly at firms that are experiencing operational or performance issues with their systems, so that issues are resolved in a timely fashion. 10. Close involvement of the project management process by major business unit stakeholders and IT departments is an important component of successful system implementation.31 Simple exception systems, for example, may be annotated to record enquiries and conclusions reached, and the sign-off by a manager, and then filed for future audit scrutiny. Exception reports advise supervisors of recent large and other unusual transactions for their review. This applies to all types of transfers and firms will need to set exception procedures and reports tailored to the nature and level of their business activity. More sophisticated monitoring systems are likely to incorporate a ‘case management’ facility that will track or control all output and record enquiries and conclusions reached. Important Every aspect of the transaction monitoring process must be actively managed, regularly reviewed and effectively maintained to combat financial crime and stop terrorism. 31. FSA, Automated Anti Money Laundering Transaction Monitoring Systems, July 2007: https://www.fca.org.uk/ publication/archive/fsa-aml-systems.pdf – accessed December 2021. 113 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice In 2013 the Hong Kong Monetary Authority (HKMA) published a Guidance Paper on Transaction Screening, Transaction Monitoring and Suspicious Transaction Reporting.32 The guidance paper assists in not only meeting the legal and regulatory obligations, but also implementing effective measures to further mitigate money laundering/terrorist financing risks. Consider Regulators and others also publish or discuss high-risk indicators (also known as ‘red flags’). Consideration should be given to incorporating these into automated screening/monitoring systems as appropriate. It will be useful to show regulators during a review how their guidance is incorporated in your firm’s processes. 6.2 Managing the output and recording the results Whether simple exception reporting or sophisticated automated monitoring systems are applied, they will all produce details of transactions or activity that require further evaluation. Depending on the circumstances, such evaluation may be carried out by operational managers and supervisors or by the MLRO and his/her own team. Irrespective of how the evaluation is undertaken, the MLRO must ensure that control procedures are in place to ensure that all reports are evaluated, the results recorded, and records retained for future review by auditors and regulators. Extract: Reporting and Review In its review the FSA concluded that: 11. There should be a clear allocation of responsibilities for reviewing, investigating and reporting details of alerts generated by TM systems. Those responsible for this work should have appropriate levels of skill and be subject to effective operational control and quality assurance processes.33 In the case of simple exception systems in an operational area, computer produced reports may simply be annotated to record enquiries made and the conclusions reached, signed off by a manager and then filed for future audit scrutiny. Where more sophisticated monitoring systems are installed, they are likely to incorporate a ‘case management’ facility that will track/control all output and record enquiries made and conclusions reached. 7. Recent emerging thoughts on CDD In June 2011 the FSA in the UK published the results of its thematic review titled Banks’ Management of High Money Laundering Risk Situations (this included PEPs, correspondent 32. HKMA, Guidance Paper on Transaction Screening, Transaction Monitoring and Suspicious Transaction Reporting, December 2013: http://www.hkma.gov.hk/media/eng/doc/key-functions/banking-stability/aml-cft/Gudiance_ Paper_20131216.pdf – accessed December 2021. 33. FSA, Automated Anti Money Laundering Transaction Monitoring Systems. 114 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice banking and wire transfers). As a general finding it is evident that the regulatory bar has been raised as regards the level of enhanced due diligence expected in high-risk scenarios. The new FATF Recommendations issued in February 2012 have also raised these expectations and regulators have already indicated they will be adopting these new Recommendations as the benchmark for organisations to match. Additionally, 5MLD promotes the risk-based approach extensively and clearly puts the onus on an organisation to fully understand the risks its clients present and how CDD is a key component of mitigating these risks. Case studies There have been some high-profile cases recently in the UK involving big fines for firms that have failed to meet CDD requirements, including: z Habib Bank (£525,000 for the bank and a £17,500 fine for its MLRO), z EFG Private Bank and Guaranty Trust Bank, and, z more recently, Sonali bank – fined £3,250,600 (after a 30% early settlement discount) and £17,900 fine for MLRO (after a 30% early settlement discount). Think about While the above may be a few years old, they are all still relevant today. New guidance continues to be provided to enhance firms’ understanding of the requirements, and to ‘raise the bar’ on expectations. Also, many firms and individuals continue to be fined for lapses in in their programmes. 8. Beneficial owners The application of CDD is required when a firm covered by money laundering regulations enters into a business relationship with a client or, at times, a potential client. 8.1 ‘Beneficial ownership’, ‘complex structures’ and ‘unwrapping’ Definition: Beneficial ownership Beneficial ownership can be defined as the natural person who ultimately owns or controls a customer (whether through direct or indirect ownership and control, including through bearer share holdings), or the natural person on whose behalf a transaction or activity is being conducted, or the natural person who exercises ultimate effective control over the management of a legal entity. 115 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice Consider The identification of beneficial owners and the practicalities of ‘unwrapping’ sometimes complex structures to ascertain such beneficial owners is another challenging area of CDD. The money laundering risk associated with certain complex structures is the perceived ability for criminals, parties under sanctions and PEPs to hide behind/inside such opaque structures. Difficulties include complex structures, lack of beneficial ownership registries and businesses set up with nominee directors or shareholders, or constituted by bearer shares. 8.1.1 Beneficial owners Identification of beneficial owners can prove difficult for firms, particularly where the corporate entity is incorporated in an under-developed jurisdiction. In many jurisdictions there is no publicly available register of company ownership, or if a register is available, it may be inaccurate. Regulations in most jurisdictions normally require that beneficial owners who own or control more than 25% of body corporates or partnerships who have more than a 25% beneficial interest in a trust are identified, and that risk-based and adequate measures are taken to verify their identities. Think about The 25% requirement has developed as the norm for business practice in many jurisdictions (check the threshold in your own jurisdiction). This figure is not set in stone though and it is up to each individual firm to risk-assess and set the appropriate threshold for its business. It may be that different thresholds come into play for different risk levels of clients, e.g., for high-risk clients you may decide it would be appropriate to identify all beneficial owners. Unwrapping beneficial ownership where the shareholders are not natural persons involves further examination until either a natural person or a publicly listed company is identified (or it is ascertained to be a majority-owned subsidiary of such a listed company). It should then be established whether any such natural person(s) or company holds a proportionate interest of 25% or more of the original applicant or exercises management control over the original applicant for business (i.e., is the ultimate beneficial owner). As part of the 5MLD, the European Parliament agreed to increase the transparency about who really owns companies and trusts to prevent money laundering and terrorist financing via opaque structures by making a beneficial ownership public register. The beneficial ownership register for entities, such as companies and trusts, should allow for public scrutiny and contribute to the prevention of money laundering and terrorist financing by allowing competent authorities, financial intelligence units (FIUs) and professional sectors subject to AML rules (bank, lawyers, etc.) access to the data. In addition, anyone who can demonstrate a legitimate interest and requirement for the data will also be granted access which can be obtained via a written request. 116 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice Note Many other countries around the world are also implementing beneficial ownership registries to create transparency following large scale data leaks such as the Panama, Pandora and Paradise Papers, each of which has brought into question the transparency of beneficial ownership. 8.1.2 Complex structures Most regulators expect firms to have considered the risk posed by ‘complex structures’ and that there may at times be a possible legitimate purpose for the structure, as opposed to being a means for criminals to hide themselves and/or their activities behind such structures. Consider The common difference between a potentially legitimate structure and others is the fact that there is a risk of criminal ownership or activity when the business need for such a structure is non-existent. The key, therefore, is to focus attention in these areas of ‘unduly complex structures’ rather than the sheer number of layers. 9. Politically exposed person risk (PEP risk) One of the most prominent risks to have been highlighted over the past decade in the financial services sector has been the risk posed by corrupt public officials and their associates and family members. There have been a number of damaging high-profile money laundering scandals involving PEPs. The danger posed to a financial services business by PEPs is simply that the business may be exposed to property that has been generated by corruption. A PEP is an individual who is or has been entrusted with a prominent public function and the definition is extended to include their immediate family members and close associates. Important Knowing whether or not a client is a PEP is an essential element of CDD for all relationships. Once a business has ascertained that an existing or prospective client is a PEP it must then take the necessary action to reduce the associated risks. The most important CDD elements in mitigating the risk posed by PEPs are: i. geography ii. source of wealth iii. source of funds, and iv. commercial rationale for the arrangement/relationship. 117 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice Extract: Enhanced CDD – PEPs A Regulatory Notice issued by the Monetary Authority of Singapore (MAS) in April 2015 helpfully provides the following guidance: 8.2... [A bank] shall implement appropriate internal risk management systems, policies, procedures and controls to determine if a customer, any natural person appointed to act on behalf of the customer, any connected party of the customer or any beneficial owner of the customer is a politically exposed person, or a family member or close associate of a politically exposed person. As regards practical application, the MAS notice requires: 8.3... [A bank] shall … perform at least the following enhanced CDD measures where a customer or any beneficial owner of the customer is determined by the bank to be a politically exposed person, or a family member or close associate of a politically exposed person under paragraph: (a) obtain approval from the bank’s senior management to establish or continue business relations with the customer; (b) establish, by appropriate and reasonable means, the source of wealth and source of funds of the customer and any beneficial owner of the customer; and (c) conduct, during the course of business relations with the customer, enhanced monitoring of business relations with the customer. In particular, the bank shall increase the degree and nature of monitoring of the business relations with and transactions for the customer, in order to determine whether they appear unusual or suspicious.34 The Third EU Money Laundering Directive (3MLD) originally established that enhanced CDD is required for PEPs, who include all persons ‘who are or have been entrusted with prominent public functions and close family members or close associates of such persons’. The Fourth EU Money Laundering Directive (4MLD) removed a previous anomaly of not treating ‘domestic’ PEPs as PEPS. ‘Domestic’ is defined as a person from your own jurisdiction. In practice this is unlikely to have any major impact for most firms as it is likely that such ‘domestic’ clients are probably already risk-rated as ‘high’ given the reputational issues of dealing with such clients. Other countries have also changed the wording to remove the difference. Firms might assess local PEPs as lower risk than foreign PEPs if there is reasonable and justifiable rationale to do so. Any such measures must be challenged, assessed, validated and documented. The 5MLD requires EU member states to compile and publicly release a functional PEP list which will be made up of prominent politically exposed public functions. This requirement extends to accredited international organisations. Functional PEP lists can be rare and may 34. MAS Notice SFA04-N02, 24 April 2015: https://www.mas.gov.sg/-/media/MAS/Regulations-and-Financial-Stability/ Regulations-Guidance-and-Licensing/Securities-Futures-and-Fund-Management/Regulations-Guidance-and-Licensing/ Notices/MAS-Notice-SFA04N02--April-2015.pdf – accessed December 2021. 118 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice need a little explaining; these feature the name of positions that are considered ‘politically exposed’ but may not name an individual fulfilling the role as this may periodically change. Note Such enhanced procedures include the ability to determine whether a customer is a PEP, the requirement to take ‘reasonable’ measures to establish the source of the funds and wealth, and obtaining senior management approval for establishing the business relationship. Important SARs can also make a major contribution to the task of identifying corrupt PEPs and assist dedicated law enforcement teams in preventing money laundering by those involved in corruption or allegations of bribery. Think about When considering the extent of the risk of corruption of particular PEPs, financial services businesses should have regard to the Transparency International (TI) Corruption Perceptions Index (CPI). Transparency International is a non-governmental organisation that has made considerable efforts to educate the public and the private sector internationally on the dangers of corruption. Its CPI ranks countries and territories on the basis of how corrupt their public sector is perceived to be. It is a composite index – a combination of 13 polls – drawing on corruption-related data collected by a variety of reputable institutions. The CPI reflects the views of observers from around the world, including experts living and working in the countries and territories. The TI CPI lists 180 countries, each of which is awarded a corruption perception score. A score of 100 indicates a perception that bribe requests are never made, while a score of 0 indicates a perception that bribe requests are always made. In the latest report (2022),35 more than two thirds of the countries featured on the index were awarded a score of less than 50, with the average overall score being 43 out of 100. This demonstrates just how large the problem of corruption and the laundering of its proceeds is. 10. Reporting suspicious activity The duty to report suspicious activity, including possible terrorist financing activity, rests with every employee within the financial sector, the professions and a number of non financial businesses. 10.1 What is suspicious activity? As we saw in Unit 1, section 1.4, the level of evidence required to form a suspicion is relatively low. Any possible suspicious activity must be reported as set out in your own organisation’s policy and procedure on reporting. 35. Transparency International, ‘Corruption Perceptions Index 2021’: https://www.transparency.org/en/cpi/2022 – accessed February 2022. 119 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice Examples: Suspicious activity Common examples of suspicious activity may include: z a transaction that is unusually large given what we know about the client z an activity or type of transaction that is out of line with that normally seen on the client’s account, or compared to similar profiles of other customers, or z an inconsistency or discrepancies in the CDD provided. 10.2 The suspicious activity reporting process All SARs should be made in writing as this provides the employee with statutory protection, particularly if the MLRO/nominated officer subsequently decides not to report the suspicion to the authorities. (In some jurisdictions the term Suspicious Transaction Report – STR – is used rather than ‘SAR’). Your own organisation will have a process and probably a standard template for a SAR that, once completed, will give the MLRO/nominated officer all of the information that they initially need to investigate your report. Activity Investigate what the process is and the documentation, detail and information required by your MLRO/nominated officer when submitting a SAR. There is often a misconception about who a person can talk to about any suspicion they have. The answer should be confirmed in an organisation’s policy. z The MLRO/nominated officer will probably be the first on the list. They will provide guidance on how best to proceed. z In many cases it is advisable to speak to the relationship manager, under direction from the MLRO/nominated officer. z Making routine commercial enquiries of a client is acceptable as this may actually remove any suspicion you have. Again this must be sensitively handled under direction from the MLRO/nominated officer. Case study: HSBC v Shah When considering submitting a SAR it is well worth noting the case of HSBC v Shah. This was a landmark case in the area of suspicious activity reporting, the anonymity of staff making the report and tipping off, which was considered by the UK courts. A judgment was handed down by the High Court in May 2012. 120 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice There is a mass of publicly available information on this case, but the highlights are that Shah filed a complaint against HSBC for delaying payments; this caused him considerable financial loss and he claimed that the bank had also failed to disclose why the payments had been delayed. It is important to remember that the name of a member of staff submitting a SAR should not be disclosed to the authorities. The UK Court of Appeal ruled that a bank does not have to disclose the identity of employees who make internal SARs. Note It is never too late to submit a SAR. You are obliged however to report as soon as reasonably practical once you have formed a suspicion. 11. Client confidentiality The confidentiality of the affairs of your clients is very important. Key learning point All financial services businesses owe their clients a contractual obligation to maintain the confidentiality of their personal information. Any breach of this confidentiality can lead to legal action and in certain jurisdictions, including Switzerland, it is in fact a crime to breach client confidentiality. Question How then can you reconcile the obligation to report your knowledge and suspicions about clients with the duty of confidentiality that you owe to them? The answer is very straightforward. The law provides you and your organisation with complete protection against any action for breach of client confidentiality in the event that you report knowledge or suspicion of criminal conduct in ‘good faith’. In other words, an exception is made to the duty of client confidentiality in order that individuals can help in the fight against crime and money laundering. This is sometimes known as the safe harbour clause. 12. Handling the risk of tipping off Definition: Tipping off The offence of tipping off is committed by a person who discloses information that is likely to prejudice an actual or a proposed investigation. This can be either before or after a SAR/STR is made to law 121 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice enforcement, and includes circumstances where the offender knows or suspects that there is either an investigation or a proposed investigation or that a disclosure has been made to law enforcement. The offence is widely misunderstood. It is mistakenly assumed that enquiries should not be made of clients at the time that a concern is first developed for fear that such enquiries might expose an employee to tipping the client off. This is not the case. Think about While enquiries must be handled with care, an employee will only be in danger of committing a tipping off offence if they either know that a report has been made or know that an investigation is underway or is planned, and they tell the client about this. This should never be the case at the stage before a suspicion is formulated. Activity The wording of the offence differs slightly from country to country. In some, the offence occurs if there is an ‘intent to prejudice an investigation underway’. Check the wording in your country and ensure you understand it completely. Tipping off does, however, become a very real danger once a SAR is made to law enforcement, after which all communications between a financial service business, its employees and suspected clients must be handled with care. Again, it does not mean you cannot talk to the client, but conversations must not include the topic of the investigation or SAR. All employees should look for guidance from either the MLRO or from management on how to deal with suspect clients. Important It is also important to stress that the offence can be committed by communicating prejudicial information to people other than the suspect. Communications with representatives of suspected launderers, such as family members and lawyers and other third parties such as journalists, must also be treated in the same way. 122 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice Learning outcomes At the end of this unit you should: z know how to look for unusual activity that might indicate money laundering and be aware of the importance of CDD in helping to identify such activity z appreciate the differences between a firm’s standard CDD and simplified and enhanced due diligence, and be able to identify which should be applied to a given client, on the basis of the evidence available z be able to explain the use of plausibility testing, the role of a risk-based framework for monitoring client activity, the use of automated transaction monitoring systems and the importance of evaluating the output of such systems z understand what is meant by the term ‘beneficial owner’ and why it is important to ‘unwrap’ corporate structures – which are often complex – that hide the true beneficial owner of property z be able to define ‘PEP risk’, identify the key elements of CDD for mitigating the risks posed by PEPs and appreciate the need to apply enhanced due diligence when accepting a PEP client and throughout the relationship z understand the kinds of activity that should lead you to formulate suspicions about certain clients and be able to follow the suspicious activity reporting process mandated in your firm z appreciate the importance of client confidentiality in financial services businesses and the circumstances in which you have a ‘safe harbour’ for breaching that confidentiality, and z understand what is meant by ‘tipping off’ and the circumstances in which it may occur, but appreciate that normal client enquiries do not constitute tipping off and are often key to uncovering criminal activity. 123 Unit 3: Anti Money Laundering and Combating the Financing of Terrorism in Practice Tasks 1. Investigate what CDD policies and procedures are in place in your firm, or a firm of which you are aware, in your jurisdiction. 2. Read the OFAC report on HSBC’s AML failings and consider how your firm handles the risks identified: https://home.treasury.gov/news/press-releases/ tg1799. 3. Review the internal guidance notes or memos issued by your organisation relating to the process and obligation of reporting suspicious activity or transactions. 4. Draft a bullet list of key points you would include in a note to staff reminding them of the requirement to avoid the offence of tipping off. 5. Investigate your firm’s process for handling PEPs. 124

ICA Cert in AML - Unit 3 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue