aml compliance seminar current developments yiannis
play

AML & Compliance Seminar: Current Developments Yiannis - PowerPoint PPT Presentation

AML & Compliance Seminar: Current Developments Yiannis Pettemerides 1 Introduction Who am I? Who are you? Aim/Objective? 2 Introduction Introduction The Regulatory Authorities Stance The Monitoring Visit


  1. The Monitoring Visit • TIP 6: Be Prepared to be Challenged • TIP 7: If a True Deficiency has been Identified, Concentrate on the Plan to Remediate it and Not on the Argumentation • TIP 8: Always be Professional Even if the Regulator Falls Short of it • TIP 9: Do not be Aggressive But Also do not be Overly Submissive – Hold your Ground If you Believe Your Right • TIP 10: BoD Needs to be Involved and Available; Don’t Let the Compliance Officer on its Own

  2. 4 th AML Directive 35

  3. 4 th AML Directive – Beneficial Owners • Beneficial Owners: – In respect of corporate entities, the definition of the ultimate beneficial owner is further specified as “a natural person who ultimately holds a shareholding, controlling interest or ownership interest over 25% of the shares or the voting rights in a corporate entity”. – There may be cases where no natural person can be identified as the one who ultimately owns or has control over a legal entity. In such exceptional cases, obliged entities, having exhausted all other means of identification, and provided there are no grounds for suspicion, may consider the senior managing official (i.e. controlling person) to be the beneficial owner. 36

  4. 4 th AML Directive – Creation of National Central Register • Creation of National Central Register: – As per the new Directive, Member States will be required to hold satisfactory, accurate and current information on the beneficial owners of all corporate and other legal entities incorporated within their territory in a National Central Register (Need to be kept for 10 years after the Company has been Struck-off). – Obliged entities subject to the Directive, competent authorities and the Financial Intelligence Units will be able to access these interconnected Registers as well as any person or organization demonstrating "a legitimate interest," a term which is not defined and most certainly will raise issues in the future. – The name, the month and the year of birth, the nationality, the country of residence, the nature extent and the beneficial interest held, are some of the information that could be provided. 37

  5. 4 th AML Directive Expands beyond the EU Borders • Expands beyond the EU Borders: – Firms with majority-owned subsidiaries located in other countries where the minimum AML requirements are less strict than those of the Member State must implement the requirements of the Member State at those subsidiaries. 38

  6. 4 th AML Directive – Third Parties CDDs Reliance • Third Parties CDDs Reliance: –The AML Directive forbids reliance on third parties having their place of business in high-risk third countries 39

  7. 4 th AML Directive – Tax Crimes • Tax Crimes: – a provision of particular importance in the Directive, from now on, tax crimes (relating to both indirect and direct taxes) will be considered as “criminal activities” and will be punishable as predicate offences for money laundering. 40

  8. 4 th AML Directive – Responsible Party • Responsible Party: – The new directive states that the individual ultimately responsible for compliance should be a board member (in case the Compliance Officer is not already a member of the Board) with sufficient influence to be able to make recommendations and drive change where required. 41

  9. 4 th AML Directive - Fines • Fines: – One of the most significant changes under the 4th AML Directive is the imposition of even stricter penalties on obliged entities that are in breach of their obligations under the Directive. According to article 59, maximum administrative pecuniary penalties of at least twice the benefit obtained from the breach can be imposed on obligated entities that are in breach where the benefit is determinable, or at least 1.000.000 Euros. – Moreover, in cases relating to financial institutions or credit institutions maximum administrative pecuniary penalties of at least 5.000.000 Euros or 10% of the total annual turnover can be applicable 42

  10. 4 th AML Directive - Emphasis on a Risk-Based Approach 43

  11. Risk Based Approach – Cyprus National Risk Assessment • The first National Risk Assessment of Money Laundering and Terrorist Financing Risks (NRA) for Cyprus was published on the website of the Ministry of Finance on 30 November 2018. The NRA falls within the actions undertaken by the Cypriot authorities in order to identify, assess and understand the country’s money laundering and terrorist financing threats and vulnerabilities. This was also in compliance with the relevant Recommendations of the Financial Action Task Force, as well as the provisions of the 4 th EU AML/CFT Directive, which have been transposed into domestic legislation. 44

  12. Risk Based Approach – Cyprus National Risk Assessment • The purpose of publishing the NRA is to inform the relevant stakeholders, including regulated entities, the most important national threats and vulnerabilities that have emerged in relation to money laundering and terrorist financing. In particular, the NRA provides appropriate information to the regulated entities in order to carry out their own risk assessment of money laundering and terrorist financing 45

  13. Risk Based Approach – Cyprus National Risk Assessment • Regulated Entities are expected to study the NRA as its content should be taken into account when assessing money laundering and terrorist financing risks, thereby improving the effectiveness of the measures and procedures applied. Based on the NRA results, an action plan which includes measures/actions to remedy the vulnerabilities identified and recorded in the NRA has been prepared. The implementation of these measures/actions by the competent supervisory authorities has already commenced in order to address the identified vulnerabilities and for which the Regulated Entities will be informed through relevant Circulars. 46

  14. Risk Based Approach – Framework • The word risk appears 149 times in the 4 th AML Directive, compared with 36 times in the 3 rd AML Directive. This is not a coincidence. The Directive puts a heavy emphasis on employing a risk-based approach to money laundering at every level. It directs states to commission national risk assessments, firms to develop risk-based policies, and practitioners to conduct CDD in a risk-based manner. 47

  15. Risk Based Approach – Framework • Emphasis on a risk-based approach: – The current regulations already incorporate a risk-based approach, but the new Directive goes even further and it seems to require more documentation of the risk assessment. For firms this means: • Requirement to demonstrate and document that risk assessments are conducted and kept up to date, taking into account risk factors including those relating to their customers, countries or geographic areas, products, services, transactions or delivery channels • Written money laundering policies and procedures that take the firm’s risk assessment into consideration • Internal audit teams, where necessary, to test the internal policies, controls and procedures • Training on how to conduct a risk-based CDD and ongoing monitoring 48

  16. Risk Based Approach – ESAs Guidelines Framework • The ESAs Guidelines on Anti-Money Laundering and Countering the Financing of Terrorism – 'The Risk Factors Guidelines’ of 2018 (issued in January 4 2018) 49

  17. Risk Based Approach - Background • The Financial organisation applies appropriate measures and procedures, on a risk based approach, so as to focus its effort in those areas where the risk of ML/TF appears to be higher (e.g. high risk clients) • A risk assessment needs to be prepared and maintained by the entity • The entity should assess and identify the products offered and are considered of higher AML/TF risk 50

  18. Risk Based Approach - Background • Adequate controls should be implemented to prevent AML from clients to whom high risk products are provided • Complexity of group structure is taken into consideration for client risk categorisation purposes • The risk of tax evasion should be adequately covered in the entity's policies and procedures and adequate controls should be in place to mitigate such risk 51

  19. Risk Based Approach - Background • Customers should be risk categorized • The entity should identify the risks it faces, and should design and implement appropriate measures and procedures for the correct management and mitigation • The MLCO should consult data, information and reports that are published in relevant international organisations (e.g. FATF, etc.) in performing its risk based approach 52

  20. Risk Based Approach - Background • A risk-based approach: – recognises that the money laundering or terrorist financing threat varies across clients, countries, services and financial instruments; – allows firms to differentiate between clients in a way that matches the risk of their particular business; – allows firms to apply their own approach in the formulation of policies, procedures and controls in response to the firm’s particular circumstances and characteristics; – helps to produce a more cost effective system; and – promotes the prioritisation of effort and actions of the firm in response to the likelihood of money laundering or terrorist financing occurring through the use of services provided by the firm. 53

  21. Risk Based Approach - Background • In assessing the most cost effective and proportionate way to manage the money laundering and terrorist financing risks faced by the firm, a risk-based approach involves the following steps: – identifying and assessing the money laundering and terrorist financing risks emanating from particular clients, services and geographical areas of operation of the firm and its clients; – managing and mitigating the assessed risks by the application of appropriate and effective measures, procedures and controls; – continuous monitoring and improvements in the effective operation of the policies, procedures and controls; – documenting, in appropriate manuals and policies, the procedures and controls to ensure their uniform application across the firm. 54

  22. Risk Based Approach - Background • Consideration of these risk types should enable the firm to draw up a simple matrix of characteristics of the client or service which are considered to present a higher than normal risk, and those which present a normal risk. Some clients may be considered to present a lower than normal risk, through long association and detailed knowledge, or on account of their status (e.g. listed, regulated, or government entities). • This matrix can then be incorporated into client acceptance procedures, and as the first step of the client due diligence process, it allows a money laundering or terrorist financing risk level to be assigned to ensure appropriate, but not excessive, client due diligence work is carried out. • Enhanced due diligence should be carried out for those clients that are determined to be higher risk. 55

  23. Risk Based Approach - Background • Business-wide risk assessments should help firms understand where they are exposed to ML/TF risk and which areas of their business they should prioritise in the fight against ML/TF. To that end, and in line with Article 8 of Directive (EU) 2015/849, firms should identify and assess the ML/TF risk associated with the products and services they offer, the jurisdictions they operate in, the customers they attract and the transaction or delivery channels they use to service their customers. The steps firms take to identify and assess ML/TF risk across their business must be proportionate to the nature and size of each firm. Firms that do not offer complex products or services and that have limited or no international exposure may not need an overly complex or sophisticated risk assessment. 56

  24. Risk Based Approach - Background • Firms should note that the risk factors listed in these guidelines are not exhaustive, and that there is no expectation that firms will consider all risk factors in all cases. • Firms must keep their risk assessment up to date and under review. 57

  25. Risk Based Approach - Background • Firms should take a holistic view of the risk associated with the situation and note that, unless Directive (EU) 2015/849 or national legislation states otherwise, the presence of isolated risk factors does not necessarily move a relationship into a higher or lower risk category. 58

  26. Risk Based Approach - Background • When identifying ML/TF risks associated with a business relationship or occasional transaction, firms should consider relevant risk factors including who their customer is, the countries or geographical areas they operate in, the particular products, services and transactions the customer requires and the channels the firm uses to deliver these products, services and transactions. 59

  27. Risk Based Approach - Background • Firms should note that the application of a risk-based approach does not of itself require them to refuse, or terminate, business relationships with entire categories of customers that they associate with higher ML/TF risk, as the risk associated with individual business relationships will vary, even within one category. 60

  28. Risk Based Approach – Sources of Information • Where possible, information about these ML/TF risk factors should come from a variety of sources, whether these are accessed individually or through commercially available tools or databases that pool information from several sources. Firms should determine the type and numbers of sources on a risk-sensitive basis 61

  29. Risk Based Approach – Sources of Information • Firms should always consider the following sources of information: – the European Commission’s supranational risk assessment; – information from government, such as the government’s national risk assessments, policy statements and alerts, and explanatory memorandums to relevant legislation; – information from regulators, such as guidance and the reasoning set out in regulatory fines; – information from Financial Intelligence Units (FIUs) and law enforcement agencies, such as threat reports, alerts and typologies; and – information obtained as part of the initial CDD process. 62

  30. Risk Based Approach – Sources of Information • Other sources of information firms may consider in this context may include, among others: – the firm’s own knowledge and professional expertise; – information from industry bodies, such as typologies and emerging risks; – information from civil society, such as corruption indices and country reports; – information from international standard-setting bodies such as mutual evaluation reports or legally non-binding blacklists; – information from credible and reliable open sources, such as reports in reputable newspapers; – information from credible and reliable commercial organisations, such as risk and intelligence reports; and – information from statistical organisations and academia. 63

  31. Risk Based Approach – Weighting Risk Factors • Firms should take a holistic view of the ML/TF risk factors they have identified that, together, will determine the level of ML/TF risk associated with a business relationship or occasional transaction. • As part of this assessment, firms may decide to weigh factors differently depending on their relative importance. • When weighting risk factors, firms should make an informed judgement about the relevance of different risk factors in the context of a business relationship or occasional transaction. This often results in firms allocating different ‘scores’ to different factors; for example, firms may decide that a customer’s personal links to a jurisdiction associated with higher ML/TF risk is less relevant in light of the features of the product they seek. 64

  32. Risk Based Approach – Weighting Risk Factors • Ultimately, the weight given to each of these factors is likely to vary from product to product and customer to customer (or category of customer) and from one firm to another. When weighting risk factors, firms should ensure that: – weighting is not unduly influenced by just one factor; – economic or profit considerations do not influence the risk rating; – weighting does not lead to a situation where it is impossible for any business relationship to be classified as high risk; – the provisions of Directive (EU) 2015/849 or national legislation regarding situations that always present a high money laundering risk cannot be over-ruled by the firm’s weighting; and – they are able to over-ride any automatically generated risk scores where necessary. The rationale for the decision to over-ride such scores should be documented appropriately. 65

  33. Risk Based Approach – Weighting Risk Factors • Where a firm uses automated IT systems to allocate overall risk scores to categorize business relationships or occasional transactions and does not develop these in house but purchases them from an external provider, it should understand how the system works and how it combines risk factors to achieve an overall risk score. A firm must always be able to satisfy itself that the scores allocated reflect the firm’s understanding of ML/TF risk and it should be able to demonstrate this to the competent authority. 66

  34. Risk Based Approach - Monitoring • Firms should keep their assessments of the ML/TF risk associated with individual business relationships and occasional transactions as well as of the underlying factors under review to ensure their assessment of ML/TF risk remains up to date and relevant. Firms should assess information obtained as part of their ongoing monitoring of a business relationship and consider whether this affects the risk assessment. • Firms should also ensure that they have systems and controls in place to identify emerging ML/TF risks and that they can assess these risks and, where appropriate, incorporate them into their business-wide and individual risk assessments in a timely manner. 67

  35. Risk Based Approach - Monitoring • Examples of systems and controls firms should put in place to identify emerging risks include: – Processes to ensure that internal information is reviewed regularly to identify trends and emerging issues, in relation to both individual business relationships and the firm’s business. – Processes to capture and review information on risks relating to new products. – Engagement with other industry representatives and competent authorities (e.g. round tables, conferences and training providers), and processes to feed back any findings to relevant staff. – Establishing a culture of information sharing within the firm and strong company ethics. 68

  36. Risk Based Approach - Monitoring – Processes to ensure that the firm regularly reviews relevant information sources, in particular: • regularly reviewing media reports that are relevant to the sectors or jurisdictions in which the firm is active; • regularly reviewing law enforcement alerts and reports; • ensuring that the firm becomes aware of changes to terror alerts and sanctions regimes as soon as they occur, for example by regularly reviewing terror alerts and looking for sanctions regime updates; and • regularly reviewing thematic reviews and similar publications issued by competent authorities. 69

  37. Risk Based Approach - Monitoring • Examples of systems and controls firms should put in place to ensure their individual and business-wide risk assessments remains up to date may include: – Setting a date on which the next risk assessment update will take place, for example on 1 March every year, to ensure new or emerging risks are included in risk assessments. Where the firm is aware that a new risk has emerged, or an existing one has increased, this should be reflected in risk assessments as soon as possible. – Carefully recording issues throughout the year that could have a bearing on risk assessments, such as internal suspicious transaction reports, compliance failures and intelligence from front office staff. 70

  38. Risk Based Approach - Monitoring • Firms should record and document their risk assessments of business relationships, as well as any changes made to risk assessments as part of their reviews and monitoring, to ensure that they can demonstrate to the competent authorities that their risk assessments and associated risk management measures are adequate. 71

  39. Risk Based Approach – High Risk Clients 72

  40. Risk Based Approach – High Risk Clients • HIGH RISK CLIENTS (minimum) - (Not ALL Automatic in 4 th AML Directive): – i. Non face to face customers (Not Automatic in 4 th AML Directive), – ii. Accounts in the names of companies whose shares are in bearer form (Not Automatic in 4 th AML Directive), – iii. Trusts accounts (Not Automatic in 4 th AML Directive), – iv. Client accounts’ in the name of a third person (Not Automatic in 4 th AML Directive), – v. Electronic gambling /gaming through the internet (Not Automatic in 4 th AML Directive), – vi. Complex Structures/Transactions (4 th AML Directive) – vii. Customers from high risk countries: FATF & EU HR & EU TAX (4 th AML Directive), – viii. Politically exposed persons’ (4 th AML Directive), – ix. Other High Risk as per Supervised Entity’s assessment (4 th AML Directive) 73

  41. Risk Based Approach – Low Risk Clients • LOW RISK CLIENTS (Not Automatic in 4 th AML Directive): – i. Credit or financial institution covered by the EU Directive, – ii. Credit or financial institution carrying out one or more of the financial business activities as these are defined in Section 2 of the AML Law and which is situated in a country outside the EEA, which in accordance with a decision of the Advisory Authority for Combating Money Laundering and Terrorist Financing, imposes requirements equivalent to those laid down by the EU Directive and it is under supervision for compliance with those requirements, – iii. Listed companies whose securities are admitted to trading on a regulated market in a country of the European Economic Area or in a third country which is subject to disclosure requirements consistent with community legislation, – iv. Domestic public authorities of countries of the EEA. 74

  42. Risk Based Approach – Normal Risk Clients • NORMAL RISK CLIENTS (Not Automatic in 4 th AML Directive): : – Everyone else 75

  43. Risk Based Approach - PEPs 76

  44. Risk Based Approach - PEPs • PEPs (CRITICAL in 4 th AML Directive): – Politically exposed person’ means a natural person who is or who has been entrusted with prominent public functions and includes the following: • (a) heads of State, heads of government, ministers and deputy or assistant ministers; • (b) members of parliament or of similar legislative bodies; • (c) members of the governing bodies of political parties; • (d) members of Supreme courts, of constitutional courts or of other high-level judicial bodies, the decisions of which are not subject to further appeal, except in exceptional circumstances; • (e) members of courts of auditors or of the boards of central banks; • (f) ambassadors, chargés d'affaires and high ranking officers in the armed forces; • (g) members of the administrative, management or supervisory bodies of State-owned enterprises; • (h) directors, deputy directors and members of the board or equivalent function of an international organisation; • (i) Mayors. 77

  45. Risk Based Approach - PEPs • PEPs (CRITICAL in 4 th AML Directive): – No public function referred to in points (a) to (i) shall be understood as covering middle-ranking or more junior officials; – It must be noted that in the both the FATF and the 4th EU AML Directive, immediate family members and close associates of PEP’s are equally considered as PEP’s by virtue of their relationship with a PEP. – The 4 th EU AML Directive provides a definition for both family members and close associates as follows: Paragraph 10 of Article 3: ‘family members’ includes the following: • (a) the spouse, or a person considered to be equivalent to a spouse, of a politically exposed person; • (b) the children and their spouses, or persons considered to be equivalent to a spouse, of a politically exposed person; • (c) the parents of a politically exposed person; 78

  46. Risk Based Approach - PEPs • PEPs (CRITICAL in 4 th AML Directive): : – 4 th EU AML Directive, Paragraph 11 of article 3: ‘persons known to be close associates’ means: • (a) natural persons who are known to have joint beneficial ownership of legal entities or legal arrangements, or any other close business relations, with a politically exposed person; • (b) natural persons who have sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of a politically exposed person. – Time limit of PEP status: • According to the 4th EU AML Directive, article 22, where a politically exposed person is no longer entrusted with a prominent public function by a Member State or a third country, or with a prominent public function by an international organisation, obliged entities shall, for at least 12 months, be required to take into account the continuing risk posed by that person and to apply appropriate and risk-sensitive measures until such time as that person is deemed to pose no further risk specific to politically exposed persons. 79

  47. Risk Based Approach – High Risk Countries 80

  48. Risk Based Approach – High Risk Countries EEA AML Equivalent (NOT APPLICABLE in 4 th AML Directive): • – Australia – Brazil – Canada – Hong Kong – India – Japan – South Korea – Mexico – Singapore – Switzerland – South Africa – The United States of America 81

  49. Risk Based Approach – High Risk Countries • FATF Countries (CRITICAL in 4 th AML Directive)  Bahamas  Pakistan  Botswana  Serbia  Cambodia  Sri Lanka  Democratic People's Republic of Korea  Syria (DPRK)  Trinidad and Tobago  Ethiopia  Tunisia  Ghana  Yemen  Iran 82

  50. Risk Based Approach – High Risk Countries • EU High Risk Third Countries (CRITICAL in 4 th AML Directive):  Afghanistan  Pakistan  American Samoa  Panama  Bahamas  Puerto Rico  Botswana  Samoa  Democratic People's Republic of Korea (DPRK)  Saudi Arabia  Ethiopia  Sri Lanka  Ghana  Syria  Guam  Trinidad and Tobago  Iran  Tunisia  Iraq  US Virgin Islands  Libya  Yemen  Nigeria 83

  51. Risk Based Approach – High Risk Countries • EU Non-cooperative Tax Jurisdictions (CRITICAL in 4th AML Directive):  American Samoa  Marshall Islands  Aruba  Oman  Barbados  Samoa  Belize  Trinidad and Tobago  Bermuda  United Arab Emirates  Dominica  US Virgin Islands  Fiji  Vanuatu  Guam 84

  52. Risk Based Approach – Other Risk Considerations 85

  53. Risk Based Approach – Identification: Customer Risk Factors • When identifying the risk associated with their customers, including their customers’ beneficial owners, firms should consider the risk related to: – the customer’s and the customer’s beneficial owner’s business or professional activity; – the customer’s and the customer’s beneficial owner’s reputation; and – the customer’s and the customer’s beneficial owner’s nature and behavior. 86

  54. Risk Based Approach – Identification: Customer Risk Factors • Risk factors that may be relevant when considering the risk associated with a customer’s or a customer’s beneficial owner’s business or professional activity include: – Does the customer or beneficial owner have links to sectors that are commonly associated with higher corruption risk, such as construction, pharmaceuticals and healthcare, the arms trade and defence, the extractive industries or public procurement? – Does the customer or beneficial owner have links to sectors that are associated with higher ML/TF risk, for example certain Money Service Businesses, casinos or dealers in precious metals? – Does the customer or beneficial owner have links to sectors that involve significant amounts of cash? 87

  55. Risk Based Approach – Identification: Customer Risk Factors • Risk factors that may be relevant when considering the risk associated with a customer’s or a customer’s beneficial owner’s business or professional activity include: – Where the customer is a legal person or a legal arrangement, what is the purpose of their establishment? For example, what is the nature of their business? – Does the customer have political connections, for example, are they a Politically Exposed Person (PEP), or is their beneficial owner a PEP? Does the customer or beneficial owner have any other relevant links to a PEP, for example are any of the customer’s directors PEPs and, if so, do these PEPs exercise significant control over the customer or beneficial owner? Where a customer or their beneficial owner is a PEP, firms must always apply EDD measures in line with Article 20 of Directive (EU) 2015/849. 88

  56. Risk Based Approach – Identification: Customer Risk Factors • Risk factors that may be relevant when considering the risk associated with a customer’s or a customer’s beneficial owner’s business or professional activity include: – Does the customer or beneficial owner hold another prominent position or enjoy a high public profile that might enable them to abuse this position for private gain? For example, are they senior local or regional public officials with the ability to influence the awarding of public contracts, decision-making members of high-profile sporting bodies or individuals who are known to influence the government and other senior decision-makers? – Is the customer a legal person subject to enforceable disclosure requirements that ensure that reliable information about the customer’s beneficial owner is publicly available, for example public companies listed on stock exchanges that make such disclosure a condition for listing? 89

  57. Risk Based Approach – Identification: Customer Risk Factors • Risk factors that may be relevant when considering the risk associated with a customer’s or a customer’s beneficial owner’s business or professional activity include: – Is the customer a credit or financial institution acting on its own account from a jurisdiction with an effective AML/CFT regime and is it supervised for compliance with local AML/CFT obligations? Is there evidence that the customer has been subject to supervisory sanctions or enforcement for failure to comply with AML/CFT obligations or wider conduct requirements in recent years? – Is the customer a public administration or enterprise from a jurisdiction with low levels of corruption? – Is the customer’s or the beneficial owner’s background consistent with what the firm knows about their former, current or planned business activity, their business’s turnover, the source of funds and the customer’s or beneficial owner’s source of 90 wealth?

  58. Risk Based Approach – Identification: Customer Risk Factors • Risk factors that may be relevant when considering the risk associated with a customer’s or beneficial owners’ reputation: – Are there adverse media reports or other relevant sources of information about the customer, for example are there any allegations of criminality or terrorism against the customer or the beneficial owner? If so, are these reliable and credible? Firms should determine the credibility of allegations on the basis of the quality and independence of the source of the data and the persistence of reporting of these allegations, among other considerations. Firms should note that the absence of criminal convictions alone may not be sufficient to dismiss allegations of wrongdoing. – Does the firm know if the customer or beneficial owner has been the subject of a suspicious transactions report in the past? 91

  59. Risk Based Approach – Identification: Customer Risk Factors • Risk factors that may be relevant when considering the risk associated with a customer’s or beneficial owners’ reputation: – Has the customer, beneficial owner or anyone publicly known to be closely associated with them had their assets frozen due to administrative or criminal proceedings or allegations of terrorism or terrorist financing? Does the firm have reasonable grounds to suspect that the customer or beneficial owner or anyone publicly known to be closely associated with them has, at some point in the past, been subject to such an asset freeze? – Does the firm have any in-house information about the customer’s or the beneficial owner’s integrity, obtained, for example, in the course of a long-standing business relationship? 92

  60. Risk Based Approach – Identification: Customer Risk Factors • Risk factors that may be relevant when considering the risk associated with a customer’s or beneficial owner’s nature and behaviour; firms should note that not all of these risk factors will be apparent at the outset; they may emerge only once a business relationship has been established: – Does the customer have legitimate reasons for being unable to provide robust evidence of their identity, perhaps because they are an asylum seeker?5 – Does the firm have any doubts about the veracity or accuracy of the customer’s or beneficial owner’s identity? – Are there indications that the customer might seek to avoid the establishment of a business relationship? For example, does the customer look to carry out one transaction or several one-off transactions where the establishment of a business relationship might make more economic sense? 93

  61. Risk Based Approach – Identification: Customer Risk Factors • Risk factors that may be relevant when considering the risk associated with a customer’s or beneficial owner’s nature and behaviour; firms should note that not all of these risk factors will be apparent at the outset; they may emerge only once a business relationship has been established: – Is the customer’s ownership and control structure transparent and does it make sense? If the customer’s ownership and control structure is complex or opaque, is there an obvious commercial or lawful rationale? – Does the customer issue bearer shares or does it have nominee shareholders? – Is the customer a legal person or arrangement that could be used as an asset-holding vehicle? – Is there a sound reason for changes in the customer’s ownership and control structure? 94

  62. Risk Based Approach – Identification: Customer Risk Factors • Risk factors that may be relevant when considering the risk associated with a customer’s or beneficial owner’s nature and behaviour; firms should note that not all of these risk factors will be apparent at the outset; they may emerge only once a business relationship has been established: – Does the customer request transactions that are complex, unusually or unexpectedly large or have an unusual or unexpected pattern without an apparent economic or lawful purpose or a sound commercial rationale? Are there grounds to suspect that the customer is trying to evade specific thresholds such as those set out in Article 11(b) of Directive (EU) 2015/849 and national law where applicable? – Does the customer request unnecessary or unreasonable levels of secrecy? For example, is the customer reluctant to share CDD information, or do they appear to want to disguise the true nature of their business? 95

  63. Risk Based Approach – Identification: Customer Risk Factors • Risk factors that may be relevant when considering the risk associated with a customer’s or beneficial owner’s nature and behaviour; firms should note that not all of these risk factors will be apparent at the outset; they may emerge only once a business relationship has been established: – Can the customer’s or beneficial owner’s source of wealth or source of funds be easily explained, for example through their occupation, inheritance or investments? Is the explanation plausible? – Does the customer use the products and services they have taken out as expected when the business relationship was first established? – Is the customer a non-profit organisation whose activities could be abused for terrorist financing purposes? 96

  64. Risk Based Approach – Identification: Customer Risk Factors • Risk factors that may be relevant when considering the risk associated with a customer’s or beneficial owner’s nature and behaviour; firms should note that not all of these risk factors will be apparent at the outset; they may emerge only once a business relationship has been established: – Where the customer is a non-resident, could their needs be better serviced elsewhere? Is there a sound economic and lawful rationale for the customer requesting the type of financial service sought? Firms should note that Article 16 of Directive 2014/92/EU creates a right for customers who are legally resident in the Union to obtain a basic payment account, but this right applies only to the extent that credit institutions can comply with their AML/CFT obligations. 97

  65. Risk Based Approach – Identification: Countries and Geographical Areas Risk Factors • When identifying the risk associated with countries and geographical areas, firms should consider the risk related to: – the jurisdictions in which the customer and beneficial owner are based; – the jurisdictions that are the customer’s and beneficial owner’s main places of business; and – the jurisdictions to which the customer and beneficial owner have relevant personal links. 98

  66. Risk Based Approach – Identification: Countries and Geographical Areas Risk Factors • Firms should note that the nature and purpose of the business relationship will often determine the relative importance of individual country and geographical risk factors; for example: – Where the funds used in the business relationship have been generated abroad, the level of predicate offences to money laundering and the effectiveness of a country’s legal system will be particularly relevant. – Where funds are received from, or sent to, jurisdictions where groups committing terrorist offences are known to be operating, firms should consider to what extent this could be expected to or might give rise to suspicion, based on what the firm knows about the purpose and nature of the business relationship. – Where the customer is a credit or financial institution, firms should pay particular attention to the adequacy of the country’s AML/CFT regime and the effectiveness of AML/CFT supervision. 99

  67. Risk Based Approach – Identification: Countries and Geographical Areas Risk Factors • Firms should note that the nature and purpose of the business relationship will often determine the relative importance of individual country and geographical risk factors; for example: – Where the customer is a legal vehicle or trust, firms should take into account the extent to which the country in which the customer and, where applicable, the beneficial owner are registered effectively complies with international tax transparency standards. 100

Recommend


More recommend