In this article on anti-money laundering, Dominic Nixon and Rohan Bedi of PricewaterhouseCoopers analyse the final changes to the Financial Action Task Force (FATF) 40 recommendations. The revised Financial Action Task Force (FATF) 40 recommendations, published in June, now apply not only to money laundering but also to terrorist financing. The new recommendations advocate a risk-based approach to anti-money laundering (AML) and provide details on the customer due diligence process. They also clarify the standard of suspicious activity reporting and provide details on three key risk areas – politically exposed persons (PEPs), correspondent banking and non-face-to-face businesses. In addition, the recommendations create higher standards of transparency linked to beneficial ownership, bring non-financial businesses and professions, including lawyers and accountants, explicitly into the AML loop, and advocate a higher standard of international co-operation.The new FATF 40 significantly affects existing AML laws and will keep governments, enforcement and supervisors busy in fully implementing the changes – both legislative amendments and new administrative arrangements. This article highlights the important new points. The money laundering offenceRecommendation 1The revised FATF 40 recommendations require that, at a minimum, each country should incorporate a range of predicate offences within each of 20 designated categories. The list of 20 includes terrorism and terrorist financing, corruption and bribery, fraud, smuggling, insider trading and market manipulation. This is only a minimum list as it is the intention of the FATF to make AML legislation cover the proceeds of drug trafficking and all serious crimes. The more the predicate crimes listed in a country’s legislation, the better the ability to prosecute.Predicate offences for money laundering should extend to cover offences that occur in another country. Foreign predicate offences should be as wide as the domestic predicates. Tax evasion is not stated explicitly in the list of 20 predicate crimes although recommendation 13 highlights the importance of reporting suspicious transactions to avoid money launderers classifying their transactions as ‘tax matters’, and recommendation 40 talks of requirements for mutual legal assistance in criminal matters treaty (MLAT)-based co-operation on fiscal issues (such as foreign tax evasion). The UK goes a step further and recognises domestic and foreign tax evasion as a predicate crime for money laundering.Customer due diligenceRecommendation 5This is the most important recommendation. It defines customer due diligence (CDD) for financial institutions (FIs), with reference (during the consultation process) to the Basel Committee on Banking Supervision’s October 2001 paper, Guidance on Customer Due Diligence for Banks, although the Basel paper actually goes beyond the FATF 40 recommendations. However, the new FATF 40 is more risk-based. The requirements apply to all new and existing customers on the basis of materiality and risk, and state that financial institutions should conduct due diligence at appropriate times. This includes periodic reviews and following significant customer events (such as if an existing customer opens a new account or takes out a new product). Best practice suggests that updated information obtained through any meetings, discussions or other communication with the customer should be kept.The recommendation highlights the CDD requirements for occasional customers of FIs, and states that due diligence – such as identifying and verifying the identity of the customers – is required wherever there is a suspicion of money laundering or terrorist financing. The CDD measures outlined in the recommendations do not imply that FIs have to repeatedly identify and verify the identity of each customer every time that customer conducts a transaction. Rather, an institution is entitled to rely on the identification and verification steps that it has already undertaken unless it has doubts about the veracity of that information.The recommendation also lays down the measures to be taken with respect to existing customers and for legal persons (for example, private limited companies) or legal arrangements (such as trusts). It requires FIs to identify the identity of the beneficial owners by forming an understanding of the ownership and control structure and taking reasonable measures to verify the identity of such persons.If CDD cannot be done and an account is not opened, the transaction is not done or the relationship is terminated, the FI should consider filing a suspicious transaction report (STR). In addition to the fundamental obligations, it also deals with other issues such as the timing of verification. It is permissible under certain circumstances, where it is essential not to interrupt the normal conduct of business, for verification to be completed after the establishment of the business relationship. Examples include non-face-to-face business, securities transactions and life insurance business. For instance, for non-face-to-face business, FIs can accept the first transaction, perform verification and then allow other transactions.Financial institutions will need to adopt risk management procedures with respect to the conditions under which a customer may utilise the business relationship prior to verification. FIs should refer to the Basel CDD paper (section 2.2.6) for specific guidance on examples of risk management measures for non-face-to-face business.The new FATF 40 advocates a risk-based approach to AML. There are circumstances where the risk of money laundering or terrorist financing is lower (by reference to the risk for that customer, transaction or product type), where information on the identity of the customer and of the beneficial owner is publicly available, or where adequate checks and controls exist elsewhere in national systems. In these circumstances, countries may decide that FIs can apply reduced or simplified measures. Examples of customers where simplified or reduced CDD measures could apply are:where FIs are subject to requirements to combat money laundering and terrorist financing consistent with the FATF recommendations and are supervised for compliance with those controls;where the customer or the owner of the controlling interest is a public company that is subject to regulatory disclosure requirements, it is not necessary to seek to identify and verify the identity of any shareholder of that company;government administrations or enterprises; andsimplified or reduced CDD measures could also apply to the beneficial owners of pooled accounts held by designated non-financial businesses or professions, provided that those businesses or professions are subject to requirements to combat money laundering and terrorist financing consistent with the FATF recommendations and are subject to effective systems for monitoring and ensuring their compliance with those requirements.Simplified CDD or reduced measures could also be acceptable for various types of products or transactions, and the new FATF gives examples linked to insurance, pensions, superannuation or similar schemes.Countries could also decide whether FIs could apply these simplified measures only to customers in its own jurisdiction or allow them for customers from any other jurisdiction. Simplified CDD measures are not acceptable whenever there is suspicion of money laundering or terrorist financing, or specific higher-risk scenarios apply.Politically exposed persons (PEPs)Recommendation 6The FATF is concerned about the risks that FIs and financial centres face when the proceeds of corruption or abuse of public funds are routed through their organisations and centres. This recommendation discusses risk management systems and the role of senior management of FIs, among others. The glossary defines a PEP to include family members and close associates of persons who perform public functions for a state (such as head of state, senior politicians and judges), but clarifies that it is not intended to cover middle-ranking or more junior individuals. Countries are encouraged to extend the requirements of recommendation 6 to individuals who hold prominent public functions in their own country.Correspondent banking and shell banksRecommendation 7 and 18Recommendation 7 sets out due diligence criteria, including the role of senior management of FIs. In relation to cross-border correspondent banking and other similar relationships, it lays down enhanced due diligence measures that highlight the risks of ‘payable-through-accounts’ (where accounts are held at a bank by a foreign financial institution to permit its customers to engage in banking activities in that country).Recommendation 18 adds that countries should not allow the establishment of shell banks nor allow their financial institutions to have correspondent relations with such banks either directly or indirectly via payable-through-accounts.Electronic and other non-face-to-face financial servicesRecommendation 8As in the previous FATF 40, recommendation 8 requires that FIs should pay special attention to new technologies that favour anonymity, that is, non-face-to-face relationships. Annex 1 of the consultation report lists possible measures to manage money laundering risk. It is important to note that the requirement of face-to-face verification for all new customers (measure 2) to ascertain their identity has been rejected by the British Bankers’ Association and the Wolfsberg Group of Banks (a group of 11 international banks that co-operate on anti-money laundering issues). These industry groups believe that online financial services per se do not present new specific risks of money laundering, beyond the risks applicable to all non-face-to-face relationships, provided full due diligence checks are applied. Specifically, they do not lead to greater anonymity during account opening; electronic verification and ongoing monitoring can be more vigorous and effective.Third-party CDDRecommendation 9The new FATF 40 allows third parties to conduct CDD (for example, executing brokers and affiliated banks/clearing brokers), provided the ultimate responsibility for customer identification and verification is still with the FI. This recommendation does not apply to outsourcing or agency relationships (this assumes similar AML requirements and all documentation is received and hence the onus for CDD remains with the FI). This recommendation also does not apply to relationships, accounts or transactions between FIs on behalf of their clients. Those relationships are addressed by recommendations 5 and 7. Suspicious transaction reportingRecommendation 13The FATF requires mandatory STR for proceeds of a criminal activity and to funds related to terrorist financing. All suspicious transactions, including attempted transactions, should be reported regardless of the amount of the transaction. The recommendation specifies that there must be a ‘direct legal requirement to report’, and states clearly that reasonable grounds to suspect is now the explicit standard for STR purposes. Non-transactional behaviour also needs to be monitored – for example, a change in address needs to be checked for identity theft, especially if it is repeated after a few weeks. Tipping offRecommendation 14As in the previous FATF 40, the new recommendations require laws to give protection to those filing STRs and to prevent tipping off of the customer that an STR or related information is being reported. It now clarifies that if the institution reasonably believes that performing the CDD process will tip off the customer or potential customer on a possible STR investigation, it may choose not to pursue that process, and should file a STR. The interpretative note clarifies that where lawyers, notaries, other independent legal professionals and accountants acting as independent legal professionals seek to dissuade a client from engaging in illegal activity, this does not amount to tipping off.Regulation and supervisionRecommendations 23–25All countries need adequate measures to ensure that FIs and other businesses and professions are complying with their obligations. The required measures take into account the risks and the regulatory structures that already exist in the relevant sectors. The required measures are: (i) FIs and casinos should not be owned or managed by criminals; (ii) the regulatory and supervisory measures applicable to banks, insurance and securities firms for prudential purposes also apply to them when combating money laundering and terrorist financing; (iii) bureaux de change and money remittance businesses must at a minimum be licensed or registered, and monitored for compliance; (iv) other FIs should be regulated and subject to supervision or oversight having regard to the risk of money laundering or terrorist financing; (v) casinos must be licensed and supervised; and (vi) on a risk-sensitive basis, other businesses and professions must have effective systems for monitoring and ensuring compliance, which could either be by a government authority or by a self-regulatory organisation. In addition, competent authorities must establish guidelines and provide feedback to assist financial institutions and designated non-financial businesses and professions.Institutional measuresRecommendations 26–32The recommendations require countries to establish financial intelligence units (FIUs) – government units created explicitly to monitor money laundering – that will receive STRs, and to consider membership of the Egmont Group of FIUs, an organisation aimed at promoting co-operation between various FIUs. The FIUs should provide feedback on STRs and other information – the Hong Kong FIU is a good example of this in Asia. The recommendations draw attention to the Egmont Group principles for exchange of information between FIUs for money laundering cases. The recommendations require countries to designate law enforcement agencies for AML/ combating the financing of terrorism (CFT) investigations, and for financial supervisors to have a role in AML/CFT. These authorities should have appropriate duties and powers, the necessary resources, and effective mechanisms to co-operate and co-ordinate. To ensure systems are effective and that this can be reviewed, comprehensive AML/CFT statistics must be kept, for example, the number of STR received, and data on prosecutions and convictions.Non-financial businesses and professionsRecommendation 12New non-financial businesses now have explicit AML requirements, such as CDD and record keeping, in specified situations. The list includes casinos (including internet casinos), real estate agents, dealers in precious metals/stones, lawyers, notaries and other independent legal professionals and accountants (this refers to sole practitioners, partners or employed professionals within professional firms), trust and company service providers. The last category provides as one of its services ‘acting as (or arranging for another person to act as) a nominee shareholder for another person’. This has been exploited repeatedly by money launderers.Notably, advisers or entities that only provide investment advice and which do not themselves handle client funds, have been left out of the final list of such businesses on which AML obligations are explicitly recommended. Also, lawyers and accountants offering investment advice are only covered by AML requirements for ‘managing of client money, securities or other assets’, which does not cover advising on investments. However, FIs are covered by AML requirements including providing various investment services for a client, whereby the FI handles and invests the client’s money or funds. This could extend to the provision of investment advice, where this is linked to the adviser handling client funds.However, recommendation 16 states that STRs for all the above non-financial businesses are subject to certain qualifications made. For example, particular professionals are exempted from reporting where legal professional privilege or professional secrecy applies, and accountants are required to report for specified situations outlined in recommendation 12 and strongly encouraged for other activities including auditing.Meanwhile, recommendation 20 suggests that countries consider applying FATF 40 to businesses and professions other than designated ones above, if they pose a money laundering or terrorist financing risk. Corporate vehicles Recommendations 33–34One of the objectives of the consultation process was to deal with the risk of nominee shareholders and directors where the beneficial owner is someone engaged in illegal activities. The recommendations require countries to ensure that for legal persons, bearer shares and legal arrangements, measures are taken to facilitate financial institution access to information relating to beneficial ownership and control. In particular, countries must be able to show that companies issuing bearer shares cannot be misused for money laundering.International co-operationRecommendations 35–40Several of the recommendations in the international co-operation section have been developed and refined, with recommendation 36 on mutual legal assistance being expanded to cover several concepts that are in the 25 non-cooperative countries and territories (NCCT) criteria. The most significant addition is recommendation 40, which deals with international co-operation other than mutual legal assistance and extradition – for example, co-operation between administrative and law enforcement authorities concerned with combating money laundering and terrorist financing, including FIUs. This prescribes the need for the widest possible co-operation and for clear and effective gateways amounting to a ‘spontaneous or upon request information exchange’ via MLATs including fiscal information.Impact on AsiaThe impact on Asia is significant considering that Asian FIs are lagging behind their US/UK counterparts in many respects. The impact of the new FATF 40 has been discussed in our earlier article in AsiaRisk in April 2003, but it also includes the following:FIs should note the list of 20 minimum predicate offences for money laundering;FIs should review their CDD processes to ensure compliance with the now explicit definition of the process;if CDD is not done and the transaction is terminated, FIs should consider filing a STR;FIs can complete verification after the establishment of the business relationship in certain situations;FIs should adopt a risk-based approach to AML. This allows simplified CDD in certain situations;FIs should review the money laundering risk in their non face-to-face businesses;FIs should note the role of senior management for PEPs and correspondent banking accounts;FIs should note the requirements for third-party CDD;FIs in countries that have not adopted the reporting standards ‘direct legal requirement to report’ and ‘reasonable grounds to suspect’ need to retrain their staff to meet the required standards;if a FI reasonably believes that CDD will cause tipping off, it may choose not to follow the process and file a STR; andFIs have a heightened responsibility to be vigilant in monitoring for beneficial ownership information given the new requirements for better institutional availability of such information. Dominic Nixon is Asia head for AML and Rohan Bedi is head of AML services, Singapore, at PricewaterhouseCoopers in Singapore. Email: email@example.com, firstname.lastname@example.orgAsia Risk...
Start a FREE trial or subscribe to continue reading:
Start a 4 week free trial
Try Risk.net's premium content for a limited period. Register now for your FREE trial to one of our leading brands.
*not available to previous trialists or subscribers.
Log In or Subscribe Now
Subscribe to Risk.net Business now to access all our premium news & features content for 1 year.
Pay by Credit Card for immediate access.