AML & KYC
Anti Money Laundering
Most professional businesses (accountants, banks, lawyers, insurance companies, asset finance businesses etc.) will have Anti-Money Laundering (AML) Policy and Procedures in place and these are usually in compliance with The Money Laundering, Terrorist Financing, and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR).
Those businesses who are required to comply with the AML procedures will not only be actively preventing but also taking the appropriate measures to guard against being used as a medium for money laundering activities and terrorism financing activities and any other activity that facilitates money laundering or the funding of terrorist or criminal activities. In ANL/KYC section we will look at some of the issues for financiers whether they are a bank, trade finance house or IF company. In fact anyone involved in lending money or taking deposits will have to understand the issues and deploy resources to the task
If you are on the receiving end of a request for information, then hopefully after reading through this you willthe request is made - appreciate the reasons as to why and cooperate. It is in everyone's interest to get this right.
Know Your Customer
Ideally the business has an established Know-Your-Client (KYC) policy to ensure that the identities of all new and existing clients are verified to a reasonable level of certainty. This will include all individual clients, all directors and shareholders and every board member of charities. In the case of shareholders a good level to start at is those with a stake holding of 25% or more of the client companies as well as all partners of client partnerships. Identities will are invariably be checked either online or face-to face or by a combination of both.
Only recognized online identity verification agencies should be used and then those which use data from multiple sources over a period of time. A number of on-line firms offer this service. Every new inquiry should be checked on-line and this should cover AML, Politically Exposed Persons (PEPs), sanction checks, ID and KYC checks. These commercial firms offering this service normally have processes that allow the inquirer to capture and store the information they use to check and verify an identity.
So what should the business be seeking as part of the customer due diligence process ?
Any individual should be expected to provide the following:
In person
• A passport or driver’s license or government issued document featuring a matching photograph of the individual and a full name and date of birth
• A recent original utility bill or government issued document with the same and address matching those provided by the individual.
Not in person
As in person but additionally:
•Any government issued document that provides the date of birth, NI or Tax number or other such government identifier.
• Other forms of identity confirmation, such as evidence of a long standing relationship with the client, or a letter of assurance from independent and reliable persons or organisations, who have dealt with the client for some time, may also provide a reasonable level of certainty.
If a business fails to verify the identity of a client with reasonable certainty it would be a prudent not establish a business relationship or proceed with any transaction with the prospective client. If a potential or existing client either refuses to provide the information described above when requested, or appears to have intentionally provided misleading information, then the business should refuse to commence a relationship with the client or proceed with the transaction requested.
What should you be doing on AML & KYC
To counter some of the risks a business ought to consider the following:
• The business will need to know the identities of all new and existing clients and this information will have to be verified to a reasonable level of certainty
• Adopt a risk-based approach to the monitoring of client tax and accounting affairs
• Any suspicious activity should be reported and all AML activities recorded
• Appoint an internal Money Laundering Reporting Officer (MLRO) to coordinate the AML policies and procedures of the business and ideally a deputy who can cover during any absence by the MLRO.
• Ensure that all employees who meet or contact clients and potential new clients formally acknowledge prior to any such meetings taking place, that they read and understood their employer’s AML policy and procedures.
More tips and advice
Risk Assessment and On-going Monitoring
All businesses hopefully take a risk-based approach in monitoring the financial activities of its clients and this should be carried out whilst conducting any business with the client. Financial assessments can be made in a variety of ways and one of the better options of keeping up to date is to use one of the recognized ‘on-line’ firms who can provide up to date reports.
It is a matter for the individual business as to how they determine a high risk client. One set of criteria that could be applied is as follows:
• Clients with businesses that handle large amount of cash (i.e. involving €15,000 euros or more, or the sterling equivalent) or complex unusually large transactions.
• Clients with larger one-off transactions or a number of transactions carried out by the same customer within a short space of time.
• Clients with complex business ownership structures with the potential to conceal underlying beneficiaries.
• Clients based in or conducting business in or through, a high-risk jurisdiction, or a jurisdiction with known higher levels of corruption, organised crime or drug production/distribution.
• Situations where the source of funds cannot be easily verified.
• Unusual patterns of transactions that have no apparent economic or visible lawful purpose.
• Money sent to or received from areas known to have high levels of criminality or terrorist activity.
Most businesses will conduct ongoing monitoring of the customer relationships to ensure that the documents and all other relevant information held evidencing the customer’s identity etc. are kept up to date. The following are examples of changes in a client’s situation that may be considered suspicious:
• A sudden increase in business from an existing customer;
• Uncharacteristic transactions which are not in keeping with the customer’s known activities;
• Peaks of activity at particular locations or at particular times;
• Unfamiliar or untypical types of customer or transaction.
Whenever there is cause for suspicion, the client should be asked to identify and verify the source or destination of the transactions, whether they be individuals or a company’s beneficial owners.
At all times those employees involved on a day to day basis with clients must be fully conversant and comply with the MLR conditions on “tipping off”.
Remember no action need be taken if there is no cause for suspicion. If someone is suspicious then better raise the matter then face the consequences
Internal controls & Communications
Most firms will always have at least one MLRO on duty at any one time and as aback up a trained relief MLRO would ideally be temporarily appointed where the permanent MLRO is likely to be absent from the office
Monitoring and managing Compliance
The MLRO should regularly monitor their internal procedures to ensure they are being carried out in accordance and that monitoring could include the following:
• client identity verification;
• reporting suspicious transactions;
• record keeping.
The MLRO will also monitor any developments in the MLR and the requirements of the MLR supervisory body. Changes should be made to the AML policies and procedures of the business when appropriate to ensure compliance.
Clients should be reviewed annually for AML compliance and any new trading partner of a client should be approved only after checks have taken place on the bone fides of the client’s new supplier/buyer
Suspicious Activity Reporting
A Suspicious Activity Report (SAR) must be made to the National Crime Agency (NCA) as soon as the knowledge or suspicion that criminal proceeds exist, arises. This should be instigated after consultation with the senior management of the firm that will be filing the SAR.
Some firms may allow the MLRO to be solely responsible for deciding whether or not the suspicion of illegal activity is great enough to submit a SAR. For the sake of good order the MLRO should notify their employer’s board of directors immediately.
Further details on NCA and SARS can be found at
http://www.nationalcrimeagency.gov.uk/about-us/what-we-do/economic-crime/ukfiu/how-to-report-sars
Record Keeping
Records of all identity checks should be maintained for up to five years after the termination of the business relationship or five years from the date when the transaction was completed and ensure that all documents, data and information held in evidence of customer identity is kept up to date.
Copies of any SAR, together with any supporting documentation filed should be maintained for five years from the date of filing the SAR.
All records must be handled in confidence, stored securely, and be capable of being retrieved without undue delay.
Training
Employers should review and adapt their training programs to suit the needs of business.
All MLRO and employees should receive regular accredited training. On-line training is available that explains amongst other things The Money Laundering, Terrorist Financing, and Transfer of Funds (Information on the Payer) Regulations 2017, The Proceeds of Crime Act 2002 and section 18 and 21A Terrorism Act 2000 (or nay mandatory or statutory re-enactment thereof), and how these affect the firm, its clients and its employees.
All employees should receive training on their responsibilities in relation to money laundering legislation and be aware of how to identify and deal with transactions that may involve money laundering.