AML & Compliance Seminar: Current Developments Yiannis - - PowerPoint PPT Presentation

AML & Compliance Seminar: Current Developments

1

Yiannis Pettemerides

Introduction

• Who am I?
• Who are you?
• Aim/Objective?

2

Introduction

• Introduction
• The Regulatory Authorities Stance
• The Monitoring Visit
• Current and Upcoming Developments:
• 4th AML Directive (CY Law April

2018)

• 5th AML Directive (CY Law by

January 2020)

• 6th AML Directive (Currently

discussed at EU Level)

3

Introduction

4

Introduction

5

Introduction

6

The Regulatory Authorities Stance

7

The Regulatory Authorities Stance

The Regulatory Authorities Stance

The Regulatory Authorities Stance

The Regulatory Authorities Stance

• The Prevention and Suppression of Money Laundering and Terrorist Financing

Law of 2007-2018 (2018 voted by Parliament on April 3 2018)

• The Anti-Money Laundering CySEC Directive of 2016 (Updated new CySEC

Directive expected later in 2019)

• The Prevention and Suppression of Money Laundering Activities Directive to

the Members of ICPAC of 2013 (Updated new ICPAC Directive expected later in 2019)

• The Prevention of Money Laundering and Terrorist Financing Directive to the

Members of the CBA of 2015 (Updated new CBA Directive expected later in 2019)

11

The Regulatory Authorities Stance

• Costs of compliance never exceed the costs of non-compliance
• Reputation
• Licensing authorisation
• Name and shame
• Heavy fines
• Going concern considerations

12

The Regulatory Authorities Stance

• Known: 14 years imprisonment or a fine of up to €500.000 or both of

these penalties, in the case of a person who knows that the property is proceeds from a predicate offence, or

• Ought to have Known: 5 years imprisonment or a fine of up to €50.000
• r both of these penalties, in the case of a person who ought to have

known.

• Administrative fine: up to €1.000.000. In case the offenders’ benefit

from the breach exceeds €1.000.000, the administrative fine may increase up to twice the amount of the derived benefit.

13

The Monitoring Visit

• Monitoring Visits Scope:

– 2016 => Governance – 2017 => Client Acceptance – Identification & Verification – 2018 => Ongoing Monitoring & Economic Profile & Transaction Monitoring – 2019 => Risk Assessment & Economic Profile & Transaction Monitoring

The Monitoring Visit

• Expect a Regulatory AML monitoring visit:

– HR Entities => Every 1 year – MR Entities => Every 2 years – LR Entities => Every 3 years

The CySEC Monitoring Visit

• 1 week notice given; 1 day's notice given for special cases (i.e.

Panama Papers) or no notice at all (special investigations)

• Visit lasts for 2 days and involves a team of 3 reviewers
• 15 files review
• Exit meeting
• Findings’ letter and response from Entity for remediation for

any deficiencies identified – within 3 months

The CySEC Monitoring Visit

• Deliverables requested to be send before the meeting:

– List of clients using the below format:

• Name of customer (physical person or legal entity)
• Commencement of business relationship (i.e. Letter of

Engagement ASPs)

• Country of resident (for physical persons)
• Country of incorporation (for legal entities)
• Country of residence of BOs (for legal entities)
• Inclusion of customer/BO in the Panama Papers (yes/no)

The CySEC Monitoring Visit

• Deliverables requested to be send before the meeting:

– List of clients using the below format:

• Business activities of customer (for physical persons: special

notice for unemployed, student, retired)

• Description of business relationship
• Introduction of customer by an introducing broker/agent

(yes/no)

• High Net Worth Individuals - >Euro 3m (yes/no)
• Inclusion in Sanction Lists – EU/UN & US! (yes/no)

The CySEC Monitoring Visit

• Deliverables requested to be send before the meeting:

– List of clients using the below format:

• AML Risk categorisation (High, Normal, Low)
• Reasoning if AML Risk is High
• Submission of Internal Suspicious Reports
• Submission of MOKAS Reports
• Reliance on Eligible Third Parties for EDD
• Customers and/or BOs convicted or with charges/investigation

procedures against them for financial crime (yes/no)

The CySEC Monitoring Visit

• Deliverables requested to be send before the meeting:

– List of clients using the below format:

• Total inflows of money/assets
• Total outflows of money/assets
• Confirmation that total inflows/outflows of money/assets is

consistent to Economic Profile (yes/no)

• Amount of total cash transactions for the duration of the

relationship

The CySEC Monitoring Visit

• Deliverables requested to be send before the meeting:

– List of clients using the below format:

• Complete EDD data and information (yes/no)
• Complete construction of economic profile (yes/no)

The CySEC Monitoring Visit

• Deliverables requested to be send before the meeting:

– AML Manual – BoD Minutes when AML issues have been discussed – MLCO Annual Report – IA Annual Report – Group Structure – Organisational Chart – Trial Balance

The CySEC Monitoring Visit

• Deliverables requested to be send before the meeting:

– Monthly Prevention Statements – RBSF – Internal Suspicious Reports – MOKAS Reports – Corporate Bank Accounts bank statements (sample) – Clients’ Money Bank Accounts bank statements (sample) – Administration rights in CRM/Server

The ICPAC Monitoring Visit

• The information and documents that will be required for inspection

during the visit include the following:

– 1. Copies of professional stationery (for all offices) and fee note paper – 2. Partnership agreement or limited company statutory books – 3. All practicing certificates issued to the firm and/or the principals – 4. Firm's accounts for last two financial years and period to date (if not available, confirmation of total income from other sources, e.g. VAT returns, ledger, cashbook) – 5. Professional indemnity insurance (current schedule of cover, latest proposal form, latest policy, details of claims notified or pending)

The ICPAC Monitoring Visit

• The information and documents that will be required for inspection

during the visit include the following:

– 6. Continuing professional development records for all ICPAC practising certificate holders – 7. Continuity of practice agreement (where required) – 8. Office copies of fee notes issued in the last twelve months to date – 9. Bank account records (e.g. cash book and ledger) and bank statements for all

• ffice accounts, client accounts (held in firm’s name for holding client money),

bank accounts of clients controlled by the firm where a member of the firm acts as director or signatory (bank administration services)

The ICPAC Monitoring Visit

• The information and documents that will be required for inspection

during the visit include the following:

– 10. Where applicable (ASP firms), list of administrative services clients detailing name and nature of services provided to each client – 11. Signed statements from principals/staff relating to fitness and propriety (if any) – 12. Any AML manual and checklists in use – 13. Client files

The ICPAC Monitoring Visit

• The information and documents that will be required for inspection during the visit

include the following (below not currently requested but best to have readily available): – 14. Annual AML Officer Report – 15. Annual RBSF Questionnaire – 17. BoD Minutes when AML issues have been discussed – 18. Group Structure – 19. Organisational Chart – 20. Trial Balance – 21. Internal Suspicious Reports – 22. MOKAS Reports – 23. Administration rights in CRM/Server

The Monitoring Visit

The Monitoring Visit

• Not declaration of all clients
• Misleading information
• No identification of key client risk characteristics (i.e. PEPs, HR

Countries, Adverse Media, Convictions, Sanctions, etc.)

• No reporting or delay in reporting to MOKAS
• GoAML MOKAS Website
• Ministry of Finance (Directorate of Administration and Finance -

sanctionsunit@mof.gov.cy

• SoF/SoW identification and verification
• CDDS performed by a Third Person

29

The Monitoring Visit - CySEC

• Annual MLCO Report & BoD Minutes – 31st of March
• Annual IA Report & BoD Minutes – 30th of April
• Monthly Prevention Statements – 15th Day of Each Month
• Annual RBSF Questionnaire – 23rd May

30

The Monitoring Visit - ICPAC

• Annual AML Officer Report – 31st of March
• Annual RBSF Questionnaire – 31st December

31

The Monitoring Visit

The Monitoring Visit

• TIP 1: Need to Show Effort & Development
• TIP 2: Show Constructive Approach - There is Always Room for

Development

• TIP 3: You Know Your Clients Better than the Regulator Will Ever

Know Them

• TIP 4: Content is “King” But Package is “King-Kong” – Both

Applicable for Being Organised & Being an Effective Communicator

• TIP 5: The Regulator is About First to Support You and Then to

Police You

The Monitoring Visit

• TIP 6: Be Prepared to be Challenged
• TIP 7: If a True Deficiency has been Identified, Concentrate on

the Plan to Remediate it and Not on the Argumentation

• TIP 8: Always be Professional Even if the Regulator Falls Short
• f it
• TIP 9: Do not be Aggressive But Also do not be Overly

Submissive – Hold your Ground If you Believe Your Right

• TIP 10: BoD Needs to be Involved and Available; Don’t Let the

Compliance Officer on its Own

4th AML Directive

35

4th AML Directive – Beneficial Owners

• Beneficial Owners:

– In respect of corporate entities, the definition of the ultimate beneficial owner is further specified as “a natural person who ultimately holds a shareholding, controlling interest or ownership interest over 25% of the shares or the voting rights in a corporate entity”. – There may be cases where no natural person can be identified as the one who ultimately owns or has control over a legal entity. In such exceptional cases,

• bliged entities, having exhausted all other means of identification, and provided

there are no grounds for suspicion, may consider the senior managing official (i.e. controlling person) to be the beneficial owner.

36

4th AML Directive – Creation of National Central Register

• Creation of National Central Register:

– As per the new Directive, Member States will be required to hold satisfactory, accurate and current information on the beneficial owners of all corporate and

• ther legal entities incorporated within their territory in a National Central

Register (Need to be kept for 10 years after the Company has been Struck-off). – Obliged entities subject to the Directive, competent authorities and the Financial Intelligence Units will be able to access these interconnected Registers as well as any person or organization demonstrating "a legitimate interest," a term which is not defined and most certainly will raise issues in the future. – The name, the month and the year of birth, the nationality, the country of residence, the nature extent and the beneficial interest held, are some of the information that could be provided.

37

4th AML Directive Expands beyond the EU Borders

• Expands beyond the EU Borders:

– Firms with majority-owned subsidiaries located in other countries where the minimum AML requirements are less strict than those of the Member State must implement the requirements of the Member State at those subsidiaries.

38

4th AML Directive – Third Parties CDDs Reliance

• Third Parties CDDs Reliance:

–The AML Directive forbids reliance on third parties having their place of business in high-risk third countries

39

4th AML Directive – Tax Crimes

• Tax Crimes:

– a provision of particular importance in the Directive, from now on, tax crimes (relating to both indirect and direct taxes) will be considered as “criminal activities” and will be punishable as predicate offences for money laundering.

40

4th AML Directive – Responsible Party

• Responsible Party:

– The new directive states that the individual ultimately responsible for compliance should be a board member (in case the Compliance Officer is not already a member of the Board) with sufficient influence to be able to make recommendations and drive change where required.

41

4th AML Directive - Fines

• Fines:

– One of the most significant changes under the 4th AML Directive is the imposition of even stricter penalties on obliged entities that are in breach of their obligations under the Directive. According to article 59, maximum administrative pecuniary penalties of at least twice the benefit obtained from the breach can be imposed on obligated entities that are in breach where the benefit is determinable, or at least 1.000.000 Euros. – Moreover, in cases relating to financial institutions or credit institutions maximum administrative pecuniary penalties of at least 5.000.000 Euros or 10%

• f the total annual turnover can be applicable

42

4th AML Directive - Emphasis on a Risk-Based Approach

43

Risk Based Approach – Cyprus National Risk Assessment

• The first National Risk Assessment of Money Laundering and

Terrorist Financing Risks (NRA) for Cyprus was published on the website of the Ministry of Finance on 30 November 2018. The NRA falls within the actions undertaken by the Cypriot authorities in order to identify, assess and understand the country’s money laundering and terrorist financing threats and vulnerabilities. This was also in compliance with the relevant Recommendations of the Financial Action Task Force, as well as the provisions of the 4th EU AML/CFT Directive, which have been transposed into domestic legislation.

44

Risk Based Approach – Cyprus National Risk Assessment

• The purpose of publishing the NRA is to inform the

relevant stakeholders, including regulated entities, the most important national threats and vulnerabilities that have emerged in relation to money laundering and terrorist financing. In particular, the NRA provides appropriate information to the regulated entities in order to carry out their own risk assessment of money laundering and terrorist financing

45

Risk Based Approach – Cyprus National Risk Assessment

• Regulated Entities are expected to study the NRA as its content should

be taken into account when assessing money laundering and terrorist financing risks, thereby improving the effectiveness of the measures and procedures applied. Based on the NRA results, an action plan which includes measures/actions to remedy the vulnerabilities identified and recorded in the NRA has been prepared. The implementation of these measures/actions by the competent supervisory authorities has already commenced in order to address the identified vulnerabilities and for which the Regulated Entities will be informed through relevant Circulars.

46

Risk Based Approach – Framework

• The word risk appears 149 times in the 4th AML

Directive, compared with 36 times in the 3rd AML

• Directive. This is not a coincidence. The Directive puts a

heavy emphasis on employing a risk-based approach to money laundering at every level. It directs states to commission national risk assessments, firms to develop risk-based policies, and practitioners to conduct CDD in a risk-based manner.

47

Risk Based Approach – Framework

• Emphasis on a risk-based approach:

– The current regulations already incorporate a risk-based approach, but the new Directive goes even further and it seems to require more documentation of the risk

• assessment. For firms this means:
• Requirement to demonstrate and document that risk assessments are conducted

and kept up to date, taking into account risk factors including those relating to their customers, countries or geographic areas, products, services, transactions or delivery channels

• Written money laundering policies and procedures that take the firm’s risk

assessment into consideration

• Internal audit teams, where necessary, to test the internal policies, controls and

procedures

• Training on how to conduct a risk-based CDD and ongoing monitoring

48

Risk Based Approach – ESAs Guidelines Framework

• The ESAs Guidelines on Anti-Money Laundering and Countering the

Financing of Terrorism – 'The Risk Factors Guidelines’ of 2018 (issued in January 4 2018)

49

Risk Based Approach - Background

• The Financial organisation applies appropriate measures and

procedures, on a risk based approach, so as to focus its effort in those areas where the risk of ML/TF appears to be higher (e.g. high risk clients)

• A risk assessment needs to be prepared and maintained by the entity
• The entity should assess and identify the products offered and are

considered of higher AML/TF risk

50

Risk Based Approach - Background

• Adequate controls should be implemented to prevent AML from clients

to whom high risk products are provided

• Complexity of group structure is taken into consideration for client risk

categorisation purposes

• The risk of tax evasion should be adequately covered in the entity's

policies and procedures and adequate controls should be in place to mitigate such risk

51

Risk Based Approach - Background

• Customers should be risk categorized
• The entity should identify the risks it faces, and should design and

implement appropriate measures and procedures for the correct management and mitigation

• The MLCO should consult data, information and reports that are

published in relevant international organisations (e.g. FATF, etc.) in performing its risk based approach

52

Risk Based Approach - Background

• A risk-based approach:

– recognises that the money laundering or terrorist financing threat varies across clients, countries, services and financial instruments; – allows firms to differentiate between clients in a way that matches the risk of their particular business; – allows firms to apply their own approach in the formulation of policies, procedures and controls in response to the firm’s particular circumstances and characteristics; – helps to produce a more cost effective system; and – promotes the prioritisation of effort and actions of the firm in response to the likelihood of money laundering or terrorist financing occurring through the use

• f services provided by the firm.

53

Risk Based Approach - Background

• In assessing the most cost effective and proportionate way to manage the money

laundering and terrorist financing risks faced by the firm, a risk-based approach involves the following steps: – identifying and assessing the money laundering and terrorist financing risks emanating from particular clients, services and geographical areas of operation of the firm and its clients; – managing and mitigating the assessed risks by the application of appropriate and effective measures, procedures and controls; – continuous monitoring and improvements in the effective operation of the policies, procedures and controls; – documenting, in appropriate manuals and policies, the procedures and controls to ensure their uniform application across the firm.

54

Risk Based Approach - Background

• Consideration of these risk types should enable the firm to draw up a simple matrix
• f characteristics of the client or service which are considered to present a higher

than normal risk, and those which present a normal risk. Some clients may be considered to present a lower than normal risk, through long association and detailed knowledge, or on account of their status (e.g. listed, regulated, or government entities).

• This matrix can then be incorporated into client acceptance procedures, and as the

first step of the client due diligence process, it allows a money laundering or terrorist financing risk level to be assigned to ensure appropriate, but not excessive, client due diligence work is carried out.

• Enhanced due diligence should be carried out for those clients that are determined

to be higher risk.

55

Risk Based Approach - Background

• Business-wide risk assessments should help firms understand where they are

exposed to ML/TF risk and which areas of their business they should prioritise in the fight against ML/TF. To that end, and in line with Article 8 of Directive (EU) 2015/849, firms should identify and assess the ML/TF risk associated with the products and services they offer, the jurisdictions they operate in, the customers they attract and the transaction or delivery channels they use to service their

• customers. The steps firms take to identify and assess ML/TF risk across their

business must be proportionate to the nature and size of each firm. Firms that do not offer complex products or services and that have limited or no international exposure may not need an overly complex or sophisticated risk assessment.

56

Risk Based Approach - Background

• Firms should note that the risk factors listed in these

guidelines are not exhaustive, and that there is no expectation that firms will consider all risk factors in all cases.

• Firms must keep their risk assessment up to date and

under review.

57

Risk Based Approach - Background

• Firms should take a holistic view of the risk associated

with the situation and note that, unless Directive (EU) 2015/849 or national legislation states otherwise, the presence of isolated risk factors does not necessarily move a relationship into a higher or lower risk category.

58

Risk Based Approach - Background

• When identifying ML/TF risks associated with a business

relationship or occasional transaction, firms should consider relevant risk factors including who their customer is, the countries or geographical areas they

• perate in, the particular products, services and

transactions the customer requires and the channels the firm uses to deliver these products, services and transactions.

59

Risk Based Approach - Background

• Firms should note that the application of a risk-based

approach does not of itself require them to refuse, or terminate, business relationships with entire categories

• f customers that they associate with higher ML/TF risk,

as the risk associated with individual business relationships will vary, even within one category.

60

Risk Based Approach – Sources of Information

• Where possible, information about these ML/TF risk

factors should come from a variety of sources, whether these are accessed individually or through commercially available tools or databases that pool information from several sources. Firms should determine the type and numbers of sources on a risk-sensitive basis

61

Risk Based Approach – Sources of Information

• Firms should always consider the following sources of information:

– the European Commission’s supranational risk assessment; – information from government, such as the government’s national risk assessments, policy statements and alerts, and explanatory memorandums to relevant legislation; – information from regulators, such as guidance and the reasoning set out in regulatory fines; – information from Financial Intelligence Units (FIUs) and law enforcement agencies, such as threat reports, alerts and typologies; and – information obtained as part of the initial CDD process.

62

Risk Based Approach – Sources of Information

• Other sources of information firms may consider in this context may include, among
• thers:

– the firm’s own knowledge and professional expertise; – information from industry bodies, such as typologies and emerging risks; – information from civil society, such as corruption indices and country reports; – information from international standard-setting bodies such as mutual evaluation reports or legally non-binding blacklists; – information from credible and reliable open sources, such as reports in reputable newspapers; – information from credible and reliable commercial organisations, such as risk and intelligence reports; and – information from statistical organisations and academia.

63

Risk Based Approach – Weighting Risk Factors

• Firms should take a holistic view of the ML/TF risk factors they have

identified that, together, will determine the level of ML/TF risk associated with a business relationship or occasional transaction.

• As part of this assessment, firms may decide to weigh factors differently

depending on their relative importance.

• When weighting risk factors, firms should make an informed judgement about

the relevance of different risk factors in the context of a business relationship

• r occasional transaction. This often results in firms allocating different

‘scores’ to different factors; for example, firms may decide that a customer’s personal links to a jurisdiction associated with higher ML/TF risk is less relevant in light of the features of the product they seek.

64

Risk Based Approach – Weighting Risk Factors

• Ultimately, the weight given to each of these factors is likely to vary from product to product

and customer to customer (or category of customer) and from one firm to another. When weighting risk factors, firms should ensure that: – weighting is not unduly influenced by just one factor; – economic or profit considerations do not influence the risk rating; – weighting does not lead to a situation where it is impossible for any business relationship to be classified as high risk; – the provisions of Directive (EU) 2015/849 or national legislation regarding situations that always present a high money laundering risk cannot be over-ruled by the firm’s weighting; and – they are able to over-ride any automatically generated risk scores where necessary. The rationale for the decision to over-ride such scores should be documented appropriately.

65

Risk Based Approach – Weighting Risk Factors

• Where a firm uses automated IT systems to allocate overall risk scores to

categorize business relationships or occasional transactions and does not develop these in house but purchases them from an external provider, it should understand how the system works and how it combines risk factors to achieve an overall risk score. A firm must always be able to satisfy itself that the scores allocated reflect the firm’s understanding of ML/TF risk and it should be able to demonstrate this to the competent authority.

66

Risk Based Approach - Monitoring

• Firms should keep their assessments of the ML/TF risk associated with individual

business relationships and occasional transactions as well as of the underlying factors under review to ensure their assessment of ML/TF risk remains up to date and relevant. Firms should assess information obtained as part of their ongoing monitoring of a business relationship and consider whether this affects the risk assessment.

• Firms should also ensure that they have systems and controls in place to identify

emerging ML/TF risks and that they can assess these risks and, where appropriate, incorporate them into their business-wide and individual risk assessments in a timely manner.

67

Risk Based Approach - Monitoring

• Examples of systems and controls firms should put in place to identify emerging

risks include:

– Processes to ensure that internal information is reviewed regularly to identify trends and emerging issues, in relation to both individual business relationships and the firm’s business. – Processes to capture and review information on risks relating to new products. – Engagement with other industry representatives and competent authorities (e.g. round tables, conferences and training providers), and processes to feed back any findings to relevant staff. – Establishing a culture of information sharing within the firm and strong company ethics.

68

Risk Based Approach - Monitoring

– Processes to ensure that the firm regularly reviews relevant information sources, in particular:

• regularly reviewing media reports that are relevant to the sectors or

jurisdictions in which the firm is active;

• regularly reviewing law enforcement alerts and reports;
• ensuring that the firm becomes aware of changes to terror alerts and

sanctions regimes as soon as they occur, for example by regularly reviewing terror alerts and looking for sanctions regime updates; and

• regularly reviewing thematic reviews and similar publications issued by

competent authorities.

69

Risk Based Approach - Monitoring

• Examples of systems and controls firms should put in place to ensure their

individual and business-wide risk assessments remains up to date may include:

– Setting a date on which the next risk assessment update will take place, for example on 1 March every year, to ensure new or emerging risks are included in risk assessments. Where the firm is aware that a new risk has emerged, or an existing one has increased, this should be reflected in risk assessments as soon as possible. – Carefully recording issues throughout the year that could have a bearing on risk assessments, such as internal suspicious transaction reports, compliance failures and intelligence from front office staff.

70

Risk Based Approach - Monitoring

• Firms should record and document their risk assessments of business

relationships, as well as any changes made to risk assessments as part of their reviews and monitoring, to ensure that they can demonstrate to the competent authorities that their risk assessments and associated risk management measures are adequate.

71

Risk Based Approach – High Risk Clients

72

Risk Based Approach – High Risk Clients

• HIGH RISK CLIENTS (minimum) - (Not ALL Automatic in 4th AML Directive):

– i. Non face to face customers (Not Automatic in 4th AML Directive), – ii. Accounts in the names of companies whose shares are in bearer form (Not Automatic in 4th AML Directive), – iii. Trusts accounts (Not Automatic in 4th AML Directive), – iv. Client accounts’ in the name of a third person (Not Automatic in 4th AML Directive), – v. Electronic gambling /gaming through the internet (Not Automatic in 4th AML Directive), – vi. Complex Structures/Transactions (4th AML Directive) – vii. Customers from high risk countries: FATF & EU HR & EU TAX (4th AML Directive), – viii. Politically exposed persons’ (4th AML Directive), – ix. Other High Risk as per Supervised Entity’s assessment (4th AML Directive)

73

Risk Based Approach – Low Risk Clients

• LOW RISK CLIENTS (Not Automatic in 4th AML Directive):

– i. Credit or financial institution covered by the EU Directive, – ii. Credit or financial institution carrying out one or more of the financial business activities as these are defined in Section 2 of the AML Law and which is situated in a country outside the EEA, which in accordance with a decision of the Advisory Authority for Combating Money Laundering and Terrorist Financing, imposes requirements equivalent to those laid down by the EU Directive and it is under supervision for compliance with those requirements, – iii. Listed companies whose securities are admitted to trading on a regulated market in a country

• f the European Economic Area or in a third country which is subject to disclosure requirements

consistent with community legislation, – iv. Domestic public authorities of countries of the EEA.

74

Risk Based Approach – Normal Risk Clients

• NORMAL RISK CLIENTS (Not Automatic in 4th AML Directive): :

– Everyone else

75

Risk Based Approach - PEPs

76

Risk Based Approach - PEPs

• PEPs (CRITICAL in 4th AML Directive):

– Politically exposed person’ means a natural person who is or who has been entrusted with prominent public functions and includes the following:

• (a) heads of State, heads of government, ministers and deputy or assistant ministers;
• (b) members of parliament or of similar legislative bodies;
• (c) members of the governing bodies of political parties;
• (d) members of Supreme courts, of constitutional courts or of other high-level judicial bodies, the

decisions of which are not subject to further appeal, except in exceptional circumstances;

• (e) members of courts of auditors or of the boards of central banks;
• (f) ambassadors, chargés d'affaires and high ranking officers in the armed forces;
• (g) members of the administrative, management or supervisory bodies of State-owned enterprises;
• (h) directors, deputy directors and members of the board or equivalent function of an international
• rganisation;
• (i) Mayors.

77

Risk Based Approach - PEPs

• PEPs (CRITICAL in 4th AML Directive):

– No public function referred to in points (a) to (i) shall be understood as covering middle-ranking

• r more junior officials;

– It must be noted that in the both the FATF and the 4th EU AML Directive, immediate family members and close associates of PEP’s are equally considered as PEP’s by virtue of their relationship with a PEP. – The 4th EU AML Directive provides a definition for both family members and close associates as follows: Paragraph 10 of Article 3: ‘family members’ includes the following:

• (a) the spouse, or a person considered to be equivalent to a spouse, of a politically exposed person;
• (b) the children and their spouses, or persons considered to be equivalent to a spouse, of a politically

exposed person;

• (c) the parents of a politically exposed person;

78

Risk Based Approach - PEPs

• PEPs (CRITICAL in 4th AML Directive): :

– 4th EU AML Directive, Paragraph 11 of article 3: ‘persons known to be close associates’ means:

• (a) natural persons who are known to have joint beneficial ownership of legal entities or legal

arrangements, or any other close business relations, with a politically exposed person;

• (b) natural persons who have sole beneficial ownership of a legal entity or legal arrangement which is

known to have been set up for the de facto benefit of a politically exposed person.

– Time limit of PEP status:

• According to the 4th EU AML Directive, article 22, where a politically exposed person is no longer

entrusted with a prominent public function by a Member State or a third country, or with a prominent public function by an international organisation, obliged entities shall, for at least 12 months, be required to take into account the continuing risk posed by that person and to apply appropriate and risk-sensitive measures until such time as that person is deemed to pose no further risk specific to politically exposed persons.

79

Risk Based Approach – High Risk Countries

80

Risk Based Approach – High Risk Countries

• EEA AML Equivalent (NOT APPLICABLE in 4th AML Directive):

– Australia – Brazil – Canada – Hong Kong – India – Japan – South Korea – Mexico – Singapore – Switzerland – South Africa – The United States of America

81

Risk Based Approach – High Risk Countries

• FATF Countries (CRITICAL in 4th AML Directive)
• Bahamas
• Botswana
• Cambodia
• Democratic People's Republic of Korea

(DPRK)

• Ethiopia
• Ghana
• Iran
• Pakistan
• Serbia
• Sri Lanka
• Syria
• Trinidad and Tobago
• Tunisia
• Yemen

82

Risk Based Approach – High Risk Countries

• Afghanistan
• American Samoa
• Bahamas
• Botswana
• Democratic People's Republic of Korea (DPRK)
• Ethiopia
• Ghana
• Guam
• Iran
• Iraq
• Libya
• Nigeria
• Pakistan
• Panama
• Puerto Rico
• Samoa
• Saudi Arabia
• Sri Lanka
• Syria
• Trinidad and Tobago
• Tunisia
• US Virgin Islands
• Yemen

83

• EU High Risk Third Countries (CRITICAL in 4th AML Directive):

Risk Based Approach – High Risk Countries

• EU Non-cooperative Tax Jurisdictions (CRITICAL in 4th AML

Directive):

• American Samoa
• Aruba
• Barbados
• Belize
• Bermuda
• Dominica
• Fiji
• Guam
• Marshall Islands
• Oman
• Samoa
• Trinidad and Tobago
• United Arab Emirates
• US Virgin Islands
• Vanuatu

84

Risk Based Approach – Other Risk Considerations

85

Risk Based Approach – Identification: Customer Risk Factors

• When identifying the risk associated with their customers, including their

customers’ beneficial owners, firms should consider the risk related to:

– the customer’s and the customer’s beneficial owner’s business or professional activity; – the customer’s and the customer’s beneficial owner’s reputation; and – the customer’s and the customer’s beneficial owner’s nature and behavior.

86

Risk Based Approach – Identification: Customer Risk Factors

• Risk factors that may be relevant when considering the risk associated with a

customer’s or a customer’s beneficial owner’s business or professional activity include:

– Does the customer or beneficial owner have links to sectors that are commonly associated with higher corruption risk, such as construction, pharmaceuticals and healthcare, the arms trade and defence, the extractive industries or public procurement? – Does the customer or beneficial owner have links to sectors that are associated with higher ML/TF risk, for example certain Money Service Businesses, casinos or dealers in precious metals? – Does the customer or beneficial owner have links to sectors that involve significant amounts of cash?

87

Risk Based Approach – Identification: Customer Risk Factors

• Risk factors that may be relevant when considering the risk associated with a

customer’s or a customer’s beneficial owner’s business or professional activity include:

– Where the customer is a legal person or a legal arrangement, what is the purpose of their establishment? For example, what is the nature of their business? – Does the customer have political connections, for example, are they a Politically Exposed Person (PEP), or is their beneficial owner a PEP? Does the customer or beneficial owner have any other relevant links to a PEP, for example are any of the customer’s directors PEPs and, if so, do these PEPs exercise significant control over the customer or beneficial owner? Where a customer or their beneficial owner is a PEP, firms must always apply EDD measures in line with Article 20 of Directive (EU) 2015/849.

88

Risk Based Approach – Identification: Customer Risk Factors

• Risk factors that may be relevant when considering the risk associated with a

customer’s or a customer’s beneficial owner’s business or professional activity include:

– Does the customer or beneficial owner hold another prominent position or enjoy a high public profile that might enable them to abuse this position for private gain? For example, are they senior local or regional public officials with the ability to influence the awarding of public contracts, decision-making members of high-profile sporting bodies or individuals who are known to influence the government and other senior decision-makers? – Is the customer a legal person subject to enforceable disclosure requirements that ensure that reliable information about the customer’s beneficial owner is publicly available, for example public companies listed on stock exchanges that make such disclosure a condition for listing?

89

Risk Based Approach – Identification: Customer Risk Factors

• Risk factors that may be relevant when considering the risk associated with a

customer’s or a customer’s beneficial owner’s business or professional activity include:

– Is the customer a credit or financial institution acting on its own account from a jurisdiction with an effective AML/CFT regime and is it supervised for compliance with local AML/CFT obligations? Is there evidence that the customer has been subject to supervisory sanctions or enforcement for failure to comply with AML/CFT obligations or wider conduct requirements in recent years? – Is the customer a public administration or enterprise from a jurisdiction with low levels of corruption? – Is the customer’s or the beneficial owner’s background consistent with what the firm knows about their former, current or planned business activity, their business’s turnover, the source of funds and the customer’s or beneficial owner’s source of wealth?

90

Risk Based Approach – Identification: Customer Risk Factors

• Risk factors that may be relevant when considering the risk associated with a

customer’s or beneficial owners’ reputation:

– Are there adverse media reports or other relevant sources of information about the customer, for example are there any allegations of criminality or terrorism against the customer or the beneficial owner? If so, are these reliable and credible? Firms should determine the credibility of allegations on the basis of the quality and independence of the source of the data and the persistence of reporting of these allegations, among

• ther considerations. Firms should note that the absence of criminal convictions alone

may not be sufficient to dismiss allegations of wrongdoing. – Does the firm know if the customer or beneficial owner has been the subject of a suspicious transactions report in the past?

91

Risk Based Approach – Identification: Customer Risk Factors

• Risk factors that may be relevant when considering the risk associated with a

customer’s or beneficial owners’ reputation:

– Has the customer, beneficial owner or anyone publicly known to be closely associated with them had their assets frozen due to administrative or criminal proceedings or allegations of terrorism or terrorist financing? Does the firm have reasonable grounds to suspect that the customer or beneficial owner or anyone publicly known to be closely associated with them has, at some point in the past, been subject to such an asset freeze? – Does the firm have any in-house information about the customer’s or the beneficial

• wner’s integrity, obtained, for example, in the course of a long-standing business

relationship?

92

Risk Based Approach – Identification: Customer Risk Factors

• Risk factors that may be relevant when considering the risk associated with a

customer’s or beneficial owner’s nature and behaviour; firms should note that not all of these risk factors will be apparent at the outset; they may emerge only once a business relationship has been established:

– Does the customer have legitimate reasons for being unable to provide robust evidence

• f their identity, perhaps because they are an asylum seeker?5

– Does the firm have any doubts about the veracity or accuracy of the customer’s or beneficial owner’s identity? – Are there indications that the customer might seek to avoid the establishment of a business relationship? For example, does the customer look to carry out one transaction or several one-off transactions where the establishment of a business relationship might make more economic sense?

93

Risk Based Approach – Identification: Customer Risk Factors

• Risk factors that may be relevant when considering the risk associated with a

customer’s or beneficial owner’s nature and behaviour; firms should note that not all of these risk factors will be apparent at the outset; they may emerge only once a business relationship has been established:

– Is the customer’s ownership and control structure transparent and does it make sense? If the customer’s ownership and control structure is complex or opaque, is there an obvious commercial or lawful rationale? – Does the customer issue bearer shares or does it have nominee shareholders? – Is the customer a legal person or arrangement that could be used as an asset-holding vehicle? – Is there a sound reason for changes in the customer’s ownership and control structure?

94

Risk Based Approach – Identification: Customer Risk Factors

• Risk factors that may be relevant when considering the risk associated with a

customer’s or beneficial owner’s nature and behaviour; firms should note that not all of these risk factors will be apparent at the outset; they may emerge only once a business relationship has been established:

– Does the customer request transactions that are complex, unusually or unexpectedly large or have an unusual or unexpected pattern without an apparent economic or lawful purpose or a sound commercial rationale? Are there grounds to suspect that the customer is trying to evade specific thresholds such as those set out in Article 11(b) of Directive (EU) 2015/849 and national law where applicable? – Does the customer request unnecessary or unreasonable levels of secrecy? For example, is the customer reluctant to share CDD information, or do they appear to want to disguise the true nature of their business?

95

Risk Based Approach – Identification: Customer Risk Factors

• Risk factors that may be relevant when considering the risk associated with a

customer’s or beneficial owner’s nature and behaviour; firms should note that not all of these risk factors will be apparent at the outset; they may emerge only once a business relationship has been established:

– Can the customer’s or beneficial owner’s source of wealth or source of funds be easily explained, for example through their occupation, inheritance or investments? Is the explanation plausible? – Does the customer use the products and services they have taken out as expected when the business relationship was first established? – Is the customer a non-profit organisation whose activities could be abused for terrorist financing purposes?

96

Risk Based Approach – Identification: Customer Risk Factors

• Risk factors that may be relevant when considering the risk associated with a

customer’s or beneficial owner’s nature and behaviour; firms should note that not all of these risk factors will be apparent at the outset; they may emerge only once a business relationship has been established:

– Where the customer is a non-resident, could their needs be better serviced elsewhere? Is there a sound economic and lawful rationale for the customer requesting the type of financial service sought? Firms should note that Article 16 of Directive 2014/92/EU creates a right for customers who are legally resident in the Union to obtain a basic payment account, but this right applies

• nly to the extent that credit institutions can comply with their AML/CFT obligations.

97

Risk Based Approach – Identification: Countries and Geographical Areas Risk Factors

• When identifying the risk associated with countries and geographical areas, firms

should consider the risk related to:

– the jurisdictions in which the customer and beneficial owner are based; – the jurisdictions that are the customer’s and beneficial owner’s main places of business; and – the jurisdictions to which the customer and beneficial owner have relevant personal links.

98

Risk Based Approach – Identification: Countries and Geographical Areas Risk Factors

• Firms should note that the nature and purpose of the business relationship will
• ften determine the relative importance of individual country and geographical risk

factors; for example:

– Where the funds used in the business relationship have been generated abroad, the level of predicate offences to money laundering and the effectiveness of a country’s legal system will be particularly relevant. – Where funds are received from, or sent to, jurisdictions where groups committing terrorist offences are known to be operating, firms should consider to what extent this could be expected to or might give rise to suspicion, based on what the firm knows about the purpose and nature of the business relationship. – Where the customer is a credit or financial institution, firms should pay particular attention to the adequacy of the country’s AML/CFT regime and the effectiveness of AML/CFT supervision.

99

Risk Based Approach – Identification: Countries and Geographical Areas Risk Factors

• Firms should note that the nature and purpose of the business relationship will
• ften determine the relative importance of individual country and geographical risk

factors; for example:

– Where the customer is a legal vehicle or trust, firms should take into account the extent to which the country in which the customer and, where applicable, the beneficial

• wner are registered effectively complies with international tax transparency

standards.

100

Risk Based Approach – Identification: Countries and Geographical Areas Risk Factors

• Risk factors firms should consider when identifying the effectiveness of a

jurisdiction’s AML/CFT regime include:

– Has the country been identified by the Commission as having strategic deficiencies in its AML/CFT regime, in line with Article 9 of Directive (EU) 2015/849? Where firms deal with natural or legal persons resident or established in third countries that the Commission has identified as presenting a high ML/TF risk, firms must always apply EDD measures.

101

Risk Based Approach – Identification: Countries and Geographical Areas Risk Factors

• Risk factors firms should consider when identifying the effectiveness of a

jurisdiction’s AML/CFT regime include:

– Is there information from more than one credible and reliable source about the quality of the jurisdiction’s AML/CFT controls, including information about the quality and effectiveness of regulatory enforcement and oversight? Examples of possible sources include mutual evaluation reports by the Financial Action Task Force (FATF) or FATF-style Regional Bodies (FSRBs) (a good starting point is the executive summary and key findings and the assessment of compliance with Recommendations 10, 26 and 27 and Immediate Outcomes 3 and 4), the FATF’s list of high-risk and non- cooperative jurisdictions, International Monetary Fund (IMF) assessments and Financial Sector Assessment Programme (FSAP) reports. Firms should note that membership of the FATF or an FSRB (e.g. Moneyval) does not, of itself, mean that the jurisdiction’s AML/CFT regime is adequate and effective.

102

Risk Based Approach – Identification: Countries and Geographical Areas Risk Factors

• Risk factors firms should consider when identifying the level of terrorist financing

risk associated with a jurisdiction include:

– Is there information, for example from law enforcement or credible and reliable open media sources, suggesting that a jurisdiction provides funding or support for terrorist activities or that groups committing terrorist offences are known to be operating in the country or territory? – Is the jurisdiction subject to financial sanctions, embargoes or measures that are related to terrorism, financing of terrorism or proliferation issued by, for example, the United Nations or the European Union?

103

Risk Based Approach – Identification: Countries and Geographical Areas Risk Factors

• Risk factors firms should consider when identifying a jurisdiction’s level of

transparency and tax compliance include:

– Is there information from more than one credible and reliable source that the country has been deemed compliant with international tax transparency and information sharing standards? Is there evidence that relevant rules are effectively implemented in practice? Examples of possible sources include reports by the Global Forum on Transparency and the Exchange of Information for Tax Purposes of the Organisation for Economic Co-operation and Development (OECD), which rate jurisdictions for tax transparency and information sharing purposes; assessments of the jurisdiction’s commitment to automatic exchange of information based on the Common Reporting Standard; assessments of compliance with FATF Recommendations 9, 24 and 25 and Immediate Outcomes 2 and 5 by the FATF or FSRBs; and IMF assessments (e.g. IMF staff assessments of offshore financial centres).

104

Risk Based Approach – Identification: Countries and Geographical Areas Risk Factors

• Risk factors firms should consider when identifying a jurisdiction’s level of

transparency and tax compliance include:

– Has the jurisdiction committed to, and effectively implemented, the Common Reporting Standard on Automatic Exchange of Information, which the G20 adopted in 2014? – Has the jurisdiction put in place reliable and accessible beneficial ownership registers?

105

Risk Based Approach – Identification: Countries and Geographical Areas Risk Factors

• Risk factors firms should consider when identifying the risk associated with the level
• f predicate offences to money laundering include:

– Is there information from credible and reliable public sources about the level of predicate offences to money laundering listed in Article 3(4) of Directive (EU) 2015/849, for example corruption, organised crime, tax crime and serious fraud? Examples include corruption perceptions indices; OECD country reports on the implementation of the OECD’s anti-bribery convention; and the United Nations Office

• n Drugs and Crime World Drug Report.

– Is there information from more than one credible and reliable source about the capacity of the jurisdiction’s investigative and judicial system effectively to investigate and prosecute these offences?

106

Risk Based Approach – Identification: Products, Services and Transactions Risk Factors

• When identifying the risk associated with their products, services or transactions,

firms should consider the risk related to:

– the level of transparency, or opaqueness, the product, service or transaction affords; – the complexity of the product, service or transaction; and – the value or size of the product, service or transaction.

107

Risk Based Approach – Identification: Products, Services and Transactions Risk Factors

• Risk factors that may be relevant when considering the risk associated with a

product, service or transaction’s transparency include:

– To what extent do products or services allow the customer or beneficial owner or beneficiary structures to remain anonymous, or facilitate hiding their identity? Examples

• f such products and services include bearer shares, fiduciary deposits, offshore vehicles

and certain trusts, and legal entities such as foundations that can be structured in such a way as to take advantage of anonymity and allow dealings with shell companies or companies with nominee shareholders. – To what extent is it possible for a third party that is not part of the business relationship to give instructions, for example in the case of certain correspondent banking relationships?

108

Risk Based Approach – Identification: Products, Services and Transactions Risk Factors

• Risk factors that may be relevant when considering the risk associated with a

product, service or transaction’s complexity include:

– To what extent is the transaction complex and does it involve multiple parties or multiple jurisdictions, for example in the case of certain trade finance transactions? Are transactions straightforward, for example are regular payments made into a pension fund? – To what extent do products or services allow payments from third parties or accept

• verpayments where this is would not normally be expected? Where third party

payments are expected, does the firm know the third party’s identity, for example is it a state benefit authority or a guarantor? Or are products and services funded exclusively by fund transfers from the customer’s own account at another financial institution that is subject to AML/CFT standards and oversight that are comparable to those required under Directive (EU) 2015/849?

109

Risk Based Approach – Identification: Products, Services and Transactions Risk Factors

• Risk factors that may be relevant when considering the risk associated with a

product, service or transaction’s complexity include:

– Does the firm understand the risks associated with its new or innovative product or service, in particular where this involves the use of new technologies or payment methods?

110

Risk Based Approach – Identification: Products, Services and Transactions Risk Factors

• Risk factors that may be relevant when considering the risk associated with a product,

service or transaction’s value or size include: – To what extent are products or services cash intensive, as are many payment services but also certain current accounts? – To what extent do products or services facilitate or encourage high-value transactions? Are there any caps on transaction values or levels of premium that could limit the use of the product or service for ML/TF purposes?

111

Risk Based Approach – Identification: Delivery Channel Risk Factors

• When identifying the risk associated with the way in which the customer obtains

the products or services they require, firms should consider the risk related to:

– the extent to which the business relationship is conducted on a non-face-to- face basis; and – any introducers or intermediaries the firm might use and the nature of their relationship with the firm.

112

Risk Based Approach – Identification: Delivery Channel Risk Factors

• When assessing the risk associated with the way in which the customer obtains the

products or services, firms should consider a number of factors including:

– Is the customer physically present for identification purposes? If they are not, has the firm used a reliable form of non-face-to-face CDD? Has it taken steps to prevent impersonation or identity fraud? – Has the customer been introduced by another part of the same financial group and, if so, to what extent can the firm rely on this introduction as reassurance that the customer will not expose the firm to excessive ML/TF risk? What has the firm done to satisfy itself that the group entity applies CDD measures to European Economic Area (EEA) standards in line with Article 28 of Directive (EU) 2015/849?

113

Risk Based Approach – Identification: Delivery Channel Risk Factors

• When assessing the risk associated with the way in which the customer obtains the

products or services, firms should consider a number of factors including:

– Has the customer been introduced by a third party, for example a bank that is not part of the same group, and is the third party a financial institution or is its main business activity unrelated to financial service provision? What has the firm done to be satisfied that:

• the third party applies CDD measures and keeps records to EEA standards and that it is

supervised for compliance with comparable AML/CFT obligations in line with Article 26 of Directive (EU) 2015/849;

• the third party will provide, immediately upon request, relevant copies of identification and

verification data, inter alia in line with Article 27 of Directive (EU) 2015/849; and

• the quality of the third party’s CDD measures is such that it can be relied upon?

114

Risk Based Approach – Identification: Delivery Channel Risk Factors

• When assessing the risk associated with the way in which the customer obtains the

products or services, firms should consider a number of factors including:

– Has the customer been introduced through a tied agent, that is, without direct firm contact? To what extent can the firm be satisfied that the agent has obtained enough information so that the firm knows its customer and the level of risk associated with the business relationship? – If independent or tied agents are used, to what extent are they involved on an ongoing basis in the conduct of business? How does this affect the firm’s knowledge of the customer and ongoing risk management?

115

Risk Based Approach – Identification: Delivery Channel Risk Factors

• When assessing the risk associated with the way in which the customer obtains the

products or services, firms should consider a number of factors including:

– Where a firm uses an intermediary:

• Are they a regulated person subject to AML obligations that are consistent with those of Directive

(EU) 2015/849?

• Are they subject to effective AML supervision? Are there any indications that the intermediary’s

level of compliance with applicable AML legislation or regulation is inadequate, for example has the intermediary been sanctioned for breaches of AML/CFT obligations?

• Are they based in a jurisdiction associated with higher ML/TF risk? Where a third party is based in

a high-risk third country that the Commission has identified as having strategic deficiencies, firms must not rely on that intermediary. However, to the extent permitted by national legislation, reliance may be possible provided that the intermediary is a branch or majority-owned subsidiary

• f another firm established in the Union, and the firm is confident that the intermediary fully

complies with group- wide policies and procedures in line with Article 45 of Directive (EU) 2015/849.

116

Risk Based Approach

Quiz 1:

• Mr Bill Clinton, has approached you and also met in

person as to become your client.

• All relevant CDD procedures have been performed

and found adequate.

• Mr Clinton used to be the President of the US until

2001 and does not have any other political appointments since then.

• Are you allowed to accept him as a client?
• If Yes, What is the AML Risk Classification (H/M/L)

and Why?

117

Risk Based Approach

Quiz 2:

• Mr Bertrand Delanoe, has approached you and also

met in person as to become your client.

• All relevant CDD procedures have been performed

and found adequate.

• Mr Delanoe used to be the mayor of Paris until 2014

and does not have any other political appointments since then.

• Are you allowed to accept him as a client?
• If Yes, What is the AML Risk Classification (H/M/L)

and Why?

118

Risk Based Approach

Quiz 3:

• Mr Ayman Mohammed Rabie al-Zawahiri, has

approached you and also met in person as to become your client.

• All relevant CDD procedures have been performed

and found adequate.

• Mr al-Zawahiri is from Afghanistan, the current head
• f al-Qaeda and also identified by your background

check that his in the UN/EU/US Sanctions Lists.

• Are you allowed to accept him as a client?
• If Yes, What is the AML Risk Classification (H/M/L)

and Why?

119

Risk Based Approach

Quiz 4:

• Mr Alexis Tsipras, has approached you and also met in

person as to become your client.

• All relevant CDD procedures have been performed and

found adequate.

• Mr Tsipras is the current Prime Minister of Greece but

since you have met her in person is thus not considered Non-Face-To-Face client for your risk assessment.

• Are you allowed to accept her as a client?
• If Yes, What is the AML Risk Classification (H/M/L) and

Why?

120

Risk Based Approach

Quiz 5:

• Mr Al Capone, has approached you and also met in

person as to become your client.

• All relevant CDD procedures have been performed and

found adequate.

• From the background check performed it has been

identified that Mr Capone has been sentenced to jail for 11 years in the US for tax evasion.

• Are you allowed to accept him as a client?
• If Yes, What is the AML Risk Classification (H/M/L) and

Why?

121

Common Pitfalls

122

Client Acceptance – Identification & Verification

• Client Acceptance:

– Identification & Verification – Customer Due Diligence (CDDs) – Enhanced Due Diligence (EDDs)

123

Client Acceptance – Identification & Verification

• Who is the client to identify/verify?
• When identification/verification needs to be performed?
• Verification Documents Format – Original or Certified True Copies
• Language of Documents – Greek or English or Summary Translation

(not true/full translation)

• Identification of Documents Expiration

124

Intermediary Shareholder(s) Identification & Verification – Legal Entity

• 1. INDERMEDIARY SHAREHOLDERS - GROUP STRUCTURE (Only

shareholding to be validated – Different approach to the CBC Directive)

125

Company Identification & Verification – Legal Entity

• 1. REGISTERED NAME
• 2. TRADE/BRAND NAME(S)
• 3. INTERNAL IDENTIFICATION CODE(S)
• 4. INCORPORATION COUNTRY
• 5. COMPANY’S HOUSE REGISTRAR

NUMBER

• 6. COMPANY HOUSE GOOD

STANDING

• 7. REGISTERED ADDRESS
• 8. BUSINESS ADDRESS ( < 6/3 months)
• 9. CONTACT DETAILS
• 10. TAX ID
• 11. RISK DATABASE SEARCH
• 12. BUSINESS PROFILE SUMMARY
• 13. RISK CATEGORISATION AND

REASONING

• 14. DATE OF CDD FINALISATION
• 15. DATE OF ACCOUNT OPENING

126

Shareholder(s)/Director(s)/Authorised Person(s) Identification & Verification – Physical Person

• 1. NAME OF BO(S)
• 2. DATE OF BIRTH
• 3. PLACE OF BIRTH
• 4. PASSPORT/ID NUMBER
• 5. NATIONALITY
• 6. RESIDENTIAL ADDRESS (< 6/3

months)

• 7. CONTACT DETAILS
• 8. TAX ID
• 9. RISK DATABASE SEARCH
• 10. BUSINESS PROFILE SUMMARY

127

EDD Additional Procedures – PEPs

• Defining the reason the client is a PEP and the additional risk the Firm

will be exposed to

• Senior Management (Board Member) approval is obtained and

forwarded to the AML Officer before the establishment (and thereon the continuance) of the business relationship or if a risk re-classification is considered

• Account is subject to Annual Ongoing Monitoring
• Assessment of business reputation (i.e. Reference Letter from an

EEA/Equivalent Third Person - Accountant, Lawyer, Service Provider)

• Establishment of Economic Profile (publicly available data, reliable &

independent data)

128

EDD Additional Procedures – High Risk Countries

• Defining the reason the client coming from a High Risk Country and the

additional risk the Firm will be exposed to

• Senior Management (Board Member) approval is obtained and

forwarded to the AML Officer before the establishment (and thereon the continuance) of the business relationship or if a risk re-classification is considered

• Account is subject to Continuous Ongoing Monitoring
• Assessment of business reputation (i.e. Reference Letter from an

EEA/Equivalent Third Person - Accountant, Lawyer, Service Provider)

• Establishment of Economic Profile (publicly available data, reliable &

independent data)

129

EDD Additional Procedures (Any of the below) – Non Face to Face

• Confirmation Letter from an EEA/Equivalent Credit/Financial Institution confirming

name and address

• Reference Letter from an EEA/Equivalent Third Person (Accountant, Lawyer, Service

Provider)

• Independently Verified Phone confirmation (i.e. electronic verification solution)
• Independently Verifies Mail confirmation (i.e. electronic verification solution,

Registered Post)

• Certification of identity and residence documents from an EEA/Equivalent

Credit/Financial Institution

• 1st Deposit from an EEA/Equivalent Credit Institution (Payment Institutions

considerations)

• Communication via Video Call

130

EDD Additional Procedures – Cash Transactions

• Ensure that the economic profile of the client justifies

transactions in cash. (i.e. occupation/employer/other-activities in which they receive significant receipts in cash, jurisdictions with limited or no banking services, source of funds and source

• f wealth that justifies cash transactions). Ensure consistency
• f the economic profile of the client and the assessment made

by the entity regarding the specific transaction.

131

EDD Additional Procedures – Trusts

• CDDS need to be performed for all: Trustee, UBO, Settlor,

Protector.

• Purpose of establishing the trust
• Type of trust (ex. fixed/discretionary, purpose trust)
• Extracts from trust agreement
• Cyprus Trusts Registry: Ensure that the trust (if it is a Cypriot

trust) is registered at the Regulator Trust Registry

132

Client Acceptance – Economic Profile & Transaction Monitoring & Ongoing Monitoring

• Client Acceptance:

– Economic Profile – Transactions Monitoring – Ongoing Monitoring

133

Economic Profile

• PRINCIPAL ACTIVITIES: Ensure the principal activities of the company are

verified/consistent to government authorities official documents (i.e. Memorandum and Articles of Association, Audited Financial Statements) and these are consistent (and if not then adequately disposed) with the company’s economic profile quantitative information (i.e. source of funds, source of wealth, size of income, size

• f wealth, expected turnover, etc).
• COUNTRY(IES) OF ACTIVITIES: Ensure the country(ies) of activities are consistent

(and if not then adequately disposed) with the client identification documents (i.e. nationality, residential address, etc).

134

Economic Profile

• PURPOSE OF A/C OPENING (NATURE OF TRANSACTION): Ensure the purpose of A/C
• pening (nature of transaction) country(ies) is consistent with the entity's trading

products /services offered.

• SOURCE(S) OF FUNDS: Ensure the source(s) of funds is consistent (and if not then

adequately disposed) with the client economic profile qualitative information (i.e. principal activities, etc). Source of funds means the origin of the funds involved in a business relationship or occasional transaction. It includes both the activity that generated the funds used in the business relationship, for example the customer’s salary, as well as the means through which the customer's funds were transferred. This corresponds to total assets yearly movements for Companies.

135

Economic Profile

• SOURCE(S) OF WEALTH: Ensure the source(s) of wealth is consistent (and if not then

adequately disposed) with the client economic profile qualitative information (i.e. principal activities, etc). Source of wealth means the origin of the customer’s total wealth, for example inheritance or savings. This corresponds to total assets for Companies.

• SIZE OF INCOME: Ensure the size of income is consistent (and if not then adequately

disposed) with the client economic profile qualitative information (i.e. principal activities, etc).

• SIZE OF WEALTH: Ensure the source(s) of funds is consistent (and if not then

adequately disposed) with the client economic profile qualitative information (i.e. principal activities, etc).

136

Economic Profile

• EXPECTED TURNOVER: Ensure the expected turnover is consistent (and if not then

adequately disposed by the entity) with the client economic profile qualitative information (i.e. principal activities, etc). Turnover means the total inflows and total

• utflows.

137

Economic Profile

• DEPOSITS/INCOMING FUNDS: Bank country location (i.e. EEA/non-EEA), Bank A/C

number, Institution Name, Beneficiary, etc). Mean of deposit transfer (i.e. cash, bank wire, processing/electronic-money transfer). Ensure if a processing/electronic- money transfer company (i.e. Safecharge, PayPal, Skrill, etc) is used, that the entity can establish the initial bank identity/information.

• WITHDRAWALS/OUTGOING TRANSFERS: Bank country location (i.e. EEA/non-EEA),

Bank A/C number, Institution Name, Beneficiary, etc). Mean of withdrawal transfer (i.e. cash, bank wire, processing/electronic-money transfer). Ensure if a processing/electronic-money transfer company (i.e. Safecharge, PayPal, Skrill, etc) is used, that the entity can establish the initial bank identity/information.

138

Ongoing monitoring

• Duration (Requirements & Industry Practice) for CDDs & EDDs ONLY:

– High Risk – Annually – Normal Risk – Every 3 years – Low Risk – Every 4 years

• Economic Profile / Transaction Monitoring – On a Continuous Basis

139

Client Acceptance

Quiz 1 - Watch for the Middleman and not for the Politically Exposed Person (PEP): Facts of the Case

 XYZ ASP Ltd, is a middle size Fiduciary Firm in Cyprus.  Mr Donald, a prominent American businessman and lawyer by profession, has approached the Firm requesting the incorporation, directorships’ appointments and bank administration services, of 6 companies with Euro 1k issued share capital for each company (i.e. total of Euro 6k), with the principal activities to invest, on the behalf of prominent investors, in the real estate property of Eastern Europe.  The Fiduciary Firm performs full Know your Client (KYC) verification of Mr Donald, by obtaining all the required identification and economic profile data and also performing a full background check for the said individual as to identify any PEP, sanctions and adverse media positive matches. All the procedures performed, do not identify anything suspicious or negative as not to accept Mr Donald as client.

140

Client Acceptance

Quiz 1 - Watch for the Middleman and not for the Politically Exposed Person (PEP): Facts of the Case

 The Fiduciary Firm, incorporates the 6 companies requested by the client, with Mr Donald as the sole Beneficial Shareholder (BO) and immediately there are funds deposited in the bank accounts of each of the 6 companies for Euro 10m (i.e. total of Euro 60m). Each of the funds are shown as loans payable, for 1% interest, to a common investor Mr Vladimir from Russia. The funds are then immediately invested in commercial property in Easter Europe.  During a Regulatory monitoring inspection from CySEC, it is identified that Mr Vladimir (the sole investor) is a PEP (ex-mayor of a Russian city) and has a criminal history and sentences by Russian courts on embezzlement, money laundering, and being involved in a criminal organisation.  The Fiduciary Firm is reported to the BoD of CySEC for not performing adequate KYC procedures and also the specific BO (Mr Donald) and the sole investor (Mr Vladimir) are reported by CySEC to MOKAS.

141

Client Acceptance

Quiz 1 - Watch for the Middleman and not for the Politically Exposed Person (PEP): 1.What are the red flags identified which might indicate money laundering activity and/or terrorist financing in this case?

 No economic substance in the business setting of the 6 companies of having only 1 sole investor (Mr Vladimir) for all 6 companies and the only return sought, for a total of Euro 60m investment, to be 1%.  BO (Mr Donald) is a prominent lawyer and the principal activities sought for the 6 Cyprus incorporated companies as to invest in real estate, do not tight directly to his primary profession of being a lawyer.  BO only invested Euro 6k in total to all 6 companies and the sole investor invested Euro 60m in total to all 6 companies, so a question arises on who the real BO is in all 6 companies.

142

Client Acceptance

Quiz 1 - Watch for the Middleman and not for the Politically Exposed Person (PEP): 2.What are the risks and the potential threats that the firm may be faced with in this situation?

 The Fiduciary Firm has been reported to the CySEC BoD, on the grounds of aiding money laundering due to the insufficient performance of KYC for this specific client, and with the risk of severe disciplinary measures to be decided against the Firm.  The Fiduciary Firm has been reported to MOKAS, and will be part of an investigation and the possibility of criminal proceedings against them, on the grounds of aiding money laundering due to the insufficient performance of KYC for this specific client.

143

Client Acceptance

Quiz 1 - Watch for the Middleman and not for the Politically Exposed Person (PEP): 3.What KYC/Due Diligence work could the firm have carried out and when?

 The Fiduciary Firm, should have recognised and implement appropriate KYC procedures as to mitigate the risk that corrupt PEPs are firstly concerned about hiding their identity and secondly about hiding their assets. The real risky PEPs are the suits, the middlemen, the associates who stand in the shadows and are almost always the ones involved in the account openings. These people are the PEPs you really need to look out for. In fact, the political figure is arguably the last person you need to watch out for. As such, an effective PEP risk mitigation solution should not merely provide a long list of officeholders’ names and positions but in order to identify risk critically and methodically, it must also provide the identities of all those ‘exposed persons’ that surround the PEP.  The Fiduciary Firm should have assessed the economic substance of the transactions and the reasoning of why the identified BO (Mr Donald) has only invested a total of Euro 6k and the Sole Investor (Mr Vladimir) has invested a total of Euro 60m (with only 1% return), as such critically assessing on who the real BO is.

144

Client Acceptance

Quiz 1 - Watch for the Middleman and not for the Politically Exposed Person (PEP): 3.What KYC/Due Diligence work could the firm have carried out and when?

 A full KYC procedure, should have been performed, not only on the BO but also on the Sole Investor.  Source of Funds and Source of Wealth, for the Sole Investor (Mr Vladimir), should have been identified and thoroughly examined in terms of legitimacy of source.  The Fiduciary Firm, should have established monitoring procedures on the following:  i. ensure clients due diligence information is up to date as existing clients sometimes become PEPs after they enter a business relationship;  ii. ensure internal procedures include employee ongoing training programmes, addressing effective ways of determining whether clients are PEPs;  iii. use of the internet and media as sources of information for the determination, monitoring and verification of information in relation to PEPs;

145

Client Acceptance

Quiz 1 - Watch for the Middleman and not for the Politically Exposed Person (PEP): 3.What KYC/Due Diligence work could the firm have carried out and when?

 iv. use of available commercial databases, but do not fall into the trap of wrongly assuming that if a name is (not) in such a database then the client is (not) a PEP;  v. use of countries’ published lists of domestic PEPs;  vi. use in-house developed databases as a tool to assist in the determination of who is a PEP;  vii. use countries’ asset disclosure systems applying to those individuals who hold prominent public functions;  viii. use of self-declarations by a client of their PEP status, while noting that such procedure would shift the financial organisation’s obligation to their client, which is not an acceptable practice; and  ix. use general information publicised by competent authorities (e.g. the level of corruption in the country, the level of income for certain types of positions).

146

Client Acceptance

Quiz 1 - Watch for the Middleman and not for the Politically Exposed Person (PEP): 4.What steps may the firm undertake to mitigate its risks and possible exposure?

 The Fiduciary Firm should re-visit its KYC procedure based on the recommendation in Part 3 above.  The Fiduciary Firm should fully and openly cooperate, both with CySEC and MOKAS as relevant, for the investigation currently in place for Mr Donald and Mr Vladimir.

147

Client Acceptance

Quiz 2 - European Commission Funding Fraud: Facts of the Case

 ABC ASP Ltd, is a small size Fiduciary Firm in Cyprus.  Ms Angela, a German national, approaches the Fiduciary Firm requesting for the incorporation, directorships’ appointments and bank administration services, of a Cyprus Company that will be involved in the construction of a Food Packaging Factory for a related Company in Bulgaria. The construction project, will be subsidised by 50% from funds from the European Commission under the European Union (EU) Plan of aiding the employment in poor regions of Europe. Ms Angela, informs the Fiduciary Firm, that one

• f the conditions set by European Commission, in approving the 50% subsidy, are that

the costs of construction of the Food Packaging Factory be audited by an EU Audit Firm; in this respect, the ASP also arranges for the introduction to Ms Angela of a suitable Audit Firm, which she accepts to engage.

148

Client Acceptance

Quiz 2 - European Commission Funding Fraud: Facts of the Case

 The Fiduciary Firm performs full Know your Client (KYC) verification of Ms Angela, by

• btaining all the required identification and economic profile data and also performing a

full background check for the said individual as to identify any PEP, sanctions and adverse media positive matches. All the procedures performed, do not identify anything suspicious or negative as not to accept Ms Angela as client.  The Fiduciary Firm, incorporates the Cyprus Company requested by the client, with Ms Angela as the sole Beneficial Shareholder (BO) and with share capital issued and paid in a Cyprus Bank for Euro 5m. Both Source of Funds and Source of Wealth have been adequately identified and established and have been considered acceptable by the Fiduciary Firm.  The Cyprus Company, very soon signs a number of contracts with a number of Asian suppliers for the provision of materials required for the construction of the Food Packaging Factory for the related Company in Bulgaria. The total invoices value for the purchase of all the material is for Euro 5m. The Cyprus Company then sells all the material to the related Company in Bulgaria for a total price of Euro 10m.

149

Client Acceptance

Quiz 2 - European Commission Funding Fraud: Facts of the Case

 The introduced Audit Firm, performs the first year-end audit of the Cyprus Company and issues a “Clean Audit Opinion”. Soon after, Ms Angela requests the Fiduciary Firm to liquidate the Company and close all the bank accounts. The Fiduciary Firm, proceeds with her request and liquidates the Company.  In the same year, the European Anti-Fraud Office (OLAF) informs CySEC and ICPAC, that it is currently investigating ABC ASP Ltd, the Audit Firm and their client, Ms Angela, with the charges that they have colluded to defraud the European Commission and fraudulently applying and receiving a subsidy of Euro 5m (i.e. 50% of total cost of Euro 10m invoiced by the Cyprus Company to the Bulgarian Company) instead of only entitled for subsidy of Euro 2.5m (i.e. 50% of the actual cost of Euro 5m initially invoiced by the Asian Supplies to the Cyprus Company).

150

Client Acceptance

Quiz 2 - European Commission Funding Fraud: 1.What are the red flags identified which might indicate money laundering activity and/or terrorist financing in this case?

 No economic substance in the business setting of the Cyprus Company as to act as the middle-man between the Asian Suppliers and the Bulgarian Company and under a 100% mark-up pricing.  Significant EU funding involved in the business transactions between all the parties involved.  Immediate liquidation request of the Cyprus Company and closure of its bank accounts, in the second year of its operation and by only performing 1 single business transaction.

151

Client Acceptance

Quiz 2 - European Commission Funding Fraud: 2.What are the risks and the potential threats that the firm may be faced with in this situation?

 The Fiduciary Firm has been reported by OLAF to the BoD of CySEC, on the grounds of aiding a funding fraud scheme against the EU, and with the risk of severe disciplinary measures to be brought against the Firm.  The Fiduciary Firm has been reported by OLAF to the Cyprus Police, on the grounds of aiding a funding fraud scheme against the EU, and with the risk of severe criminal measures to be brought against the Firm.

152

Client Acceptance

Quiz 2 - European Commission Funding Fraud: 3.What KYC/Due Diligence work could the firm have carried out and when?

 The Fiduciary Firm should have assessed the economic substance in the business setting

• f the Cyprus Company as to act as the middle-man between the Asian Suppliers and the

Bulgarian Company and under a 100% mark-up pricing (i.e. from a Euro 5m purchase cost to a Euro 10m revenue income).  The Fiduciary Firm, should have identified as a significant fraud risk that there is EU funding involved.  The request for the immediate liquidation of the Cyprus Company and closure of its bank accounts, in the second year of its operation and by only performing 1 single business transaction, should have been identified as suspicious by the Fiduciary Firm and both an Internal Suspicious Report and MOKAS Report should have been submitted.

153

Client Acceptance

Quiz 2 - European Commission Funding Fraud: 4.What steps may the firm undertake to mitigate its risks and possible exposure?

 The Fiduciary should re-visit its KYC procedure based on the recommendations in Part 3 above.  The Fiduciary Firm should fully and openly cooperate, with CySEC, MOKAS, Cyprus Police and OLAF as relevant, for the investigation currently in place for Ms Angela.

154

Client Acceptance

Quiz 3 - Source of Funds and Source of Wealth: Facts of the Case

 TBC ASP Ltd, is a large size Fiduciary Firm in Cyprus.  Mr Emmanuel, a French national, approaches the Fiduciary Firm requesting for the incorporation, directorships’ appointments and bank administration services, of a Cyprus Company that will be involved in the financing of other Group Companies involved in the investment of real estate in France.  The Fiduciary Firm performs full Know your Client (KYC) verification of Mr Emmanuel, by

• btaining all the required identification and economic profile data and also performing a

full background check for the said individual as to identify any Politically Exposed Persons (PEP), sanctions and adverse media positive matches. All the procedures performed, do not identify anything suspicious or negative as not to accept Mr Emmanuel as client. However, it has been identified, during the background check, that Mr Emmanuel is a Senior Government Official in the Ministry of Interior in France.

155

Client Acceptance

Quiz 3 - Source of Funds and Source of Wealth: Facts of the Case

 In this respect, the client is categorised as High Risk for AML purposes, due to his PEP status, and also enhanced due diligence procedures are performed as to ensure compliance with the AML relevant requirements for PEP clients. More specifically, his source of funds and source of wealth are identified and established through obtaining his recent Tax Return and Capital Statement, submitted in the French Tax Authorities, declaring an annual income from sources of employment and investment returns of Euro 1m and total wealth of around Euro 10m.  The Fiduciary Firm, incorporates the Cyprus Company requested by the client, with Mr Emmanuel as the sole Beneficial Shareholder (BO) and with share capital issued and paid in a Cyprus Bank for Euro 2m through a direct bank wire transfer from a French Bank.  The Cyprus Company, then immediately provides financing of Euro 2m to a number of Group Companies in France, with a total interest charge of 5%.

156

Client Acceptance

Quiz 3 - Source of Funds and Source of Wealth: Facts of the Case

 In the second year of operations of the Cyprus Company, there is an increase in the share capital of the Company of Euro 20m, paid as a bank wire from a Marshal Islands Company’s bank account to the Cyprus Company’s bank account in Cyprus; the Marshal Island’s Company is identified as 100% owned by Mr Emmanuel. Immediately after, the whole Euro 20m are provided as financing to a number of Group Companies in France, with a total interest charge of 5%.  The Fiduciary Firm, identifies the economic profile discrepancy of the Euro 22m total share capital issued and paid in the Cyprus Company, versus the identified and established total wealth of Mr Emmanuel of Euro 10m. The Fiduciary Firm, contacts Mr Emmanuel for explanations on the discrepancy and also for the provision of additional support of the total additional capital funding of Euro 20m. Mr Emmanuel, provides the Fiduciary Firm with a confirmation signed by the Directors of his 100% owned Company in Marshal Islands. The Fiduciary Firm accepts the evidence provided and files the confirmation in the KYC file of Mr Emmanuel.

157

Client Acceptance

Quiz 3 - Source of Funds and Source of Wealth: Facts of the Case

 A week after, a Senior Partner of the Fiduciary Firm, watches in the news that Mr Emmanuel, a Senior Government Official in the Ministry of Interior in France, has been arrested by the French Authorities on the criminal accusations of obtaining Euro 20m bribes from a Construction Company in France as to approve them as successful contractors for a Euro 200m construction project of a new government building in France.

158

Client Acceptance

Quiz 3 - Source of Funds and Source of Wealth: 1.What are the red flags identified which might indicate money laundering activity and/or terrorist financing in this case?

 The PEP status has not been initially declared to the Fiduciary Firm by the client and only identified thereafter when the Fiduciary Firm performed its own background check.  There was a significant discrepancy in the Economic Profile of the client, following the establishment of the business relationship (i.e. Euro 22m total investment in the Cyprus Company versus a Euro 10m declared wealth in the French Tax Authorities).  The Euro 20m additional capital, has been bank wired from an offshore Company and bank account in Marshal Islands and thereafter transferred to a French Company and bank account through the Cyprus Company and bank account.  The only evidence forwarded, for the support of the additional Euro 20m funding, was an internal confirmation signed by the Directors of a related Group Company of the client.

159

Client Acceptance

Quiz 3 - Source of Funds and Source of Wealth: 2.What are the risks and the potential threats that the firm may be faced with in this situation?

 The Fiduciary Firm may face disciplinary procedures from CySEC, on the grounds of failing to adopt appropriate KYC procedures for its clients.  The Fiduciary Firm may face criminal procedures from the French Authorities, on the grounds of aiding or not identifying the money laundering performed by his client.

160

Client Acceptance

Quiz 3 - Source of Funds and Source of Wealth: 3.What KYC/Due Diligence work could the firm have carried out and when?

 The Fiduciary Firm, should have requested for adequate explanations from their client, after they have identified his PEP status through their own background checks, on the reasoning of why his PEP status has not been initially communicate to the Fiduciary Firm by the client directly.  The Fiduciary Firm, should have obtained independent evidence of justifying the legitimacy of the additional Euro 20m funding from the client and not accept the signed confirmation coming from the client’s Marshal Islands Company’s Directors.  The Fiduciary Firm, should have identified as suspicious the additional Euro 20m funding from the Marshal Island’s Company and the insufficient explanation/evidence provided by the client and should have raised and submit both an Internal Suspicious Report and MOKAS Report for this specific client.

161

Client Acceptance

Quiz 3 - Source of Funds and Source of Wealth: 4.What steps may the firm undertake to mitigate its risks and possible exposure?

 The Fiduciary Firm, should re-visit its KYC procedure based on the recommendations in Part 3 above.  The Fiduciary Firm, should immediately raise and submit an Internal Suspicious Report and MOKAS report for Mr Emmanuel.  The Fiduciary Firm, should fully and openly cooperate, with CySEC, MOKAS, and the French Authorities, for the investigation currently in place for Mr Emmanuel.

162

5th AML Directive - CY Law by January 2020

163

EU 5th AML Directive Main Changes

• The Fifth Directive is more of a series of amendments to the

structure of the Fourth Directive, adding various additional provisions that weren’t included in the text of 4AMLD. The main changes are focused on enhanced powers for direct access to information and increased transparency around beneficial ownership information and trusts.

164

EU 5th AML Directive Main Changes

• 5MLD will bring in changes including:

– Regulating virtual currencies and pre-paid cards to prevent terrorist financing – Improving safeguards for financial transactions to and from high risk countries – Ensuring centralised national bank and payment account registers or central data retrieval systems are accessible in all member states

165

EU 5th AML Directive Main Changes

• Key dates for 5MLD implementation

– 10 January 2020 – Beneficial ownership for corporates to be set up by – 10 March 2020 – Beneficial ownership of trusts to be set up by – 10 September 2020 – Centralised automated mechanisms to allow identification of those who hold or control payment accounts and bank accounts to be set up by

166

EU 5th AML Directive Main Changes

• Regulating Bitcoin

– Bitcoin, like other cryptocurrencies, has caused a bit of a problem for money laundering prevention. Some regulators have taken a fearful approach, worried it allows criminals to more easily transfer illicit cash around the world whereas

• thers have welcomed its openness and transparency, particularly the
• pportunities in banking and finance presented by the new technology of

blockchain. – Under 5AMLD, virtual currencies such as Bitcoin will have a legal definition. Virtual currency platforms and wallet providers will also become regulated entities under the scope of the directive. While many already conduct due diligence and report suspicious transactions, the Fifth Directive will make it a legal requirement.

167

EU 5th AML Directive Main Changes

• Prepaid cards

– The Fourth Directive already cut the spending limits on prepaid

• cards. The Fifth Directive amendments will lower the

requirement for customer verification from €250 to €150, and even to €50 for some remote transactions. The use of anonymous prepaid cards issued outside the EU may also be prohibited unless the jurisdiction is considered to have equivalent money laundering legislation to the EU.

168

EU 5th AML Directive Main Changes

• Registers of Beneficial Ownership

– The Fourth Directive introduced the requirement for Registers of Beneficial Ownership. The Fifth Directive proposes to go further by allowing public access to these records, even without having to demonstrate any kind of ‘legitimate interest’. Trusts will also be required to meet greater transparency obligations, including the beneficial ownership requirements. Where an entity poses a significant money laundering or tax evasion risk, the threshold for identifying beneficial ownership may be reduced from 25% to 10%.

169

EU 5th AML Directive Main Changes

• Enhanced due diligence

– The Fifth Directive will require enhanced due diligence when dealing with transactions from high risk countries. As well as obtaining evidence of the source

• f funds and source of wealth, information on beneficial ownership and

background to the intended transaction must also be recorded. The EU may also designate a ‘blacklist’ of high risk countries for money laundering. – The Fifth Money-Laundering Directive also looks set to amend the ‘reliable and independent source’ requirement for verification of customer information to include ‘where available, electronic identification means’. This suggests that not

• nly will the source have to be reliable and independent, it will also have to be

electronic.

170

EU 5th AML Directive Main Changes

• Increased reach

– The Fifth Directive has been extended to cover all forms of tax advisory service, lettings agents and art dealers. Access will also be available to members of the public to request information on the real owners of firms operating in the EU, a measure aimed at quashing letterbox companies established solely to launder money and hide wealth. Whistleblowers who report money laundering will have also have increased protection and the right to anonymity.

171

6th AML Directive - Currently discussed at EU Level

172

EU 6th AML Directive Main Changes

• Where the Fourth Directive focused on risk and the Fifth

Directive focuses transparency, the upcoming Sixth Directive will focus on criminal offences and penalties.

173

EU 6th AML Directive Main Changes

• Key changes expected in the Sixth Directive include:

– Defining all 22 predicate money laundering offences and harmonising the criminal nature of money laundering across the EU – Staff anti-money laundering training on recognising all predicate

• ffences

– Aiding and attempting to commit money laundering will be an

• ffence

– Providing a comprehensive definition of money laundering

174

EU 6th AML Directive Main Changes

• Key changes expected in the Sixth Directive include:

– Imposing a minimum five year prison sentence for serious

• ffences

– Extending criminal liability to legal persons – Aggravating circumstances can be applied for convictions relating to serious offences such as corruption and human trafficking

175

EU 6th AML Directive Main Changes

• Key changes expected in the Sixth Directive include:

– Bosses may be personally liable for corporate crimes under new ‘Failure to supervise’ offences – Penalties for money laundering offences could include prohibition from public welfare benefits, bans from conducting business or forced wind-up of businesses through which the

• ffences were committed

176

EU 6th AML Directive Main Changes

• The Sixth Directive – increasing accountability for companies

– Overall, the Sixth Directive will do even more to put professional money launderers out of business. The judicial closing of companies involved in laundering and significant bans on individuals involved will aid the crackdown. The new offences of failing to supervise and potential prosecution of individuals who allow criminal liability to amass in a company will enable better targeting of larger companies who fail to crack down on money laundering.

177

EU 6th AML Directive Main Changes

• The Sixth Directive – increasing accountability for companies

– The passage of the Fourth, Fifth and Sixth money laundering directives in quick succession should make all businesses sit up and take notice, particularly if they are dealing with high-risk industries or those who are high risk themselves. Comprehensive training, risk assessments and internal procedures will be crucial. Companies who are still lagging behind in getting themselves in line with the Fourth Directive will have to work quickly because there isn’t much more time to spare.

178