Posted: 11th April 2016
If you’re an MLRO, or otherwise involved in the management of financial crime risk in your firm, 2016 continues to be an extremely busy time for you.
New protections for Suspicious Activity Reporters; the first UK Deferred Prosecution Agreement; imminent legislation for the People with Significant Control (PSC) register; the first national risk assessment on the domestic risks of money laundering and terrorist financing; and ongoing industry debate over de-risking. These are just a few changes likely to have come across your desk during this time.
Then there’s 4AMLD…
…or the 4th Anti-Money Laundering Directive, compliance with which is required from mid-2017. This latest directive extends across EU member states and, due to the intervening decade between 3AMLD and 4AMLD, the drivers influencing change are numerous and include the need for:
- Global consistency on AML and counter financing of terrorism measures in an increasingly connected world
- A wider range of criminality linked to money laundering requiring coverage
- Incorporation of a wider range of businesses
- Consistency on beneficial owner checks
- A review of suspicious reporting rules
In industry terms, the deadline to embed the directive isn’t far off, and so now is the time to gain a view of the changes within your firm that will be necessary to achieve compliance.
Preparing appropriately at this stage will allow you to adhere to regulatory requirements whilst protecting customers and wider society and maintaining the commerciality of your business model. In fact, this legislative change can be used to the benefit of your business (think greater customer advocacy, reputation and the reduced likelihood of future remedial work and enforcement). To do this, clear sight of the implications is imperative. So what are they?
The changes affecting your business
Four key areas for you to examine further prior to the rules coming into force include:
The need to take a risk-based approach
This was introduced by 3AMLD, but 4AMLD is explicit in the requirement for firms to apply it across the board. Member states will be required to evidence that they understand, and continue to mitigate against, money laundering and terrorist financing activity.
The sheer variety of methods by which individuals and terrorist organisations defraud institutions and launder money means, that for governance to be effective, the keyword must be ‘proportionality’.
A ‘proportionate approach’ to a specific risk could incorporate consideration of factors such as customer demographic, geographical location, product type, the nature of transactions and their delivery channels. This will help to ensure an appropriate balance between the risks presented, the methods and costs of prevention, and the need to prevent them.
Are all levels of your business aware of this upcoming requirement, and the behavioural changes that it will require? Is this an opportunity to ensure your firm’s approach is more risk based?
4AMLD will clarify where approval by senior managers is due, for example, with regards to ultra-high value or high risk transactions, and will also address and reiterate the principles of outsourcing; namely that the responsibility to manage money laundering risk falls ultimately to the obliged entity.
Consider how your firm monitors outsourced decisions being made, and ensure that you have a compliance function that is knowledgeable and empowered to voice concerns. If this function is monitoring third parties, then it will only be as effective as the view they can gain of those parties’ activities. Ensure that effective MI is provided as part of your agreement. Being more intrusive in the monitoring of third parties may be necessary to avoid regulatory or legal implications in the future.
Customer due diligence (CDD) changes
Obliged entities are already required to distinguish between high risk and lower risk customers and apply the requisite level of due diligence, however, 4AMLD will further set out the factors which must be taken into account before the firm may apply simplified customer due diligence (SDD). This will come with the need to evidence why the firm asserted that a particular customer was low risk (or low enough risk that SDD would suffice).
Those looking to establish guidelines for their firms must be aware of the potential need to evidence the decision making process to the regulator or law enforcement, rather than simply grouping customers into cohorts.
How clear is your view of the transactions taking place in your firm? What about past customers or customers you currently deal with? Obliged entities should review their customer registers with regards to high value transactions and customers where the following is not established:
- The identity of customer
- The identity of the beneficial owner (see below)
- The nature of the relationship
- Evidence of ongoing monitoring of activities
Changes to PEPs (Politically Exposed Persons) definitions and procedures
PEPs will now include individuals trusted with public functions both domestically and abroad (previously just abroad), and so the need for firms to perform enhanced due diligence and monitoring will be extended. This will subsequently increase the burden on firms conducting their own research.
How will including domestic PEPs impact your AML programme? If you are in doubt about your firm’s current level of compliance, obtaining an independent assessment of your proposed post-4AMLD approach may provide you with the assurance you need. This review could then also form part of how you evidence your AML activity.
4AMLD provides some clarity on how to identify the beneficial owner of a customer:
- For a corporate, a beneficial owner is anyone with decisive control of the entity you are considering dealing with
- A shareholding of 25% or more constitutes beneficial ownership
- Where the beneficial owner cannot be established or is unclear, evidence of why this is the case should be retained by the obliged entity, and accessible in case of regulatory scrutiny
- In the case of trusts, the beneficial owner could include the settlor, trustee(s), protectors, beneficiaries and any other person with ultimate control over the trust
Consider how equipped your firm is to make these distinctions. Do you need to update your due diligence policies and procedures? How will you embed understanding on this front into your business at the appropriate levels? Establishing (and being realistic about) any changes required to training and competency programmes could be key to ensuring you are prepared across your business.
One example of the emphasis placed on beneficial ownership relates to the US Financial Crimes Enforcement Network (FinCEN) who recently proposed additional AML regulations for investment advisers with the intention of addressing money laundering vulnerabilities in the US. Here, criminals attempt to gain access to the financial system through these advisers as a means of avoiding detection.
Now that it looks like FinCEN’s bill will be passed, this is a good indicator that there will be an increased level of expectation that beneficial ownership checks will be conducted by any business facilitating financial transactions with the US.
It’s clear that the implementation of 4AMLD demonstrates a continual raising of standards and the importance of a risk based approach to the prevention of money laundering and terrorist financing.
It is therefore imperative that requirements are embraced at every level of your business, as it’s through the effective collaboration of the strategic business areas, including c-suite, non-executives, senior management, MLROs and the front line, that firms will successfully ensure they are prepared for implementation.
SIGN UP FOR REGULAR INSIGHT
Keeping up-to-date with the latest industry topics and regulatory issues can be quite time-consuming!
Thankfully, our regulatory experts are here to help you stay on top of it all. Fill in the short form below to receive a monthly round-up of our insight, news and analysis.