Money laundering and terrorist financing not only have a corrosive, corrupting effect on society but also threaten the soundness and stability of financial services firms and of the economic system as a whole.
The recent penalties levied on major institutions, including Barclays, Standard Chartered, HSBC and BNP Paribas, have involved fines in the hundreds of millions and billions of dollars. The size of these penalties shows that compliance with sanctions and with money laundering and terrorist financing regulations continues to be a major challenge for the regulated community who must be able to demonstrate that their systems, procedures and internal controls are robust enough to prevent their businesses from being used for these illegal purposes.
Money laundering is the process of concealing the illicit origin of the proceeds of a crime. Terrorist financing is the collection or provision of funds for terrorist purposes. In the case of money laundering, the funds are always of illicit origin, whereas in the case of terrorist financing, funds may originate from both legal and illicit sources. The primary goal in the financing of terrorism is therefore not necessarily to conceal the sources of the money but to conceal both the funding activity and the nature of the funded activity.
The problem is global; money launderers and terrorist financiers, often with the help of expert legal and financial advisers, are highly creative in developing new methods to launder money and finance terrorism, exploiting loopholes in national AML/CTF systems and moving funds to or through jurisdictions with weaker frameworks.
Sanctions are legally enforceable measures against countries, organisations, individuals and other bodies designed to force compliance with international law, contain a threat to peace within a geographical boundary or to express condemnation of a country’s specific actions or policies.
Sanctions that financial services firms most frequently have to observe often have economic or military objectives and typically involve asset freezes, embargoes on the procurement of arms and related materials, and restrictions on the provision of financial services.
The sanctions setting bodies best known to the financial community are the United Nations Security Council (“UN”), the U.S. Treasury’s Office of Foreign Assets Control (“OFAC”), H.M. Treasury and the European Union (“EU”). Firms must also observe similar directives or advisories issued by the FATF, their national governments, central banks, law enforcement agencies and regulators.
A breach of sanctions is an offence in its own right and may also constitute a money laundering or terrorist financing offence.
Sanctions compliance is a formidable challenge for the financial services industry as the sanctions of multiple bodies may be in place at the same time, may differ from each other, and are often drafted in impenetrable “legalese”.
By way of example, notwithstanding the recent lifting of UN and EU sanctions on Iran, many firms remain cautious about resuming business with that country as the OFAC sanctions, which normally apply only to US persons, remain in place and continue to prohibit trades with Iran in US dollars.
Given the uncertainties, and the potentially severe penalties, many financial services firms will not deal with sanctioned persons at all, or only in very limited circumstances.
The key to AML/CTF and Sanctions compliance is effective customer due diligence (“CDD”). CDD involves verifying the identity of the customer and any beneficial owner on the basis of original or properly certified documents, data or information issued by or obtained from a reliable and independent source, and understanding the customer’s source of funds and wealth.
CDD must be carried out when establishing a business relationship or carrying out an occasional transaction, when money laundering or terrorist financing is suspected or when the veracity or adequacy of documents or information previously obtained for that purpose is in question. CDD also involves the monitoring of customer activity for signs of suspicious activity throughout the life of the business relationship.
By no means do all business relationships or occasional transactions present the same risks, as these may vary depending on the type of customer involved, the jurisdiction in which it resides or from where it derives its wealth, the type of product or service involved and the nature of the customer’s interaction with the financial institution.
Recognising that such risks may vary, and also the inefficiencies of a “one size fits all” approach, many jurisdictions allow or indeed insist on the application of a “risk-based” approach whereby the firm must determine for itself the level of CDD that is proportionate to the circumstances of each case.
The prerequisite for a risk-based approach is a preliminary risk assessment which must include identifying the customer and any beneficial owner, understanding the purpose and intended nature of the business relationship, and taking into consideration the nature of the customer, its ownership and control structure, its beneficial ownership; the customer’s country of origin, residence, nationality, place of incorporation or place of business, the relevant product, service or transaction involved and any other risks to which the firm may believe it is exposed.
In line with the FATF’s standards, the fourth Money Laundering Directive (“MLD4”) which entered into force on 26th June 2015, puts the risk-based approach at the centre of Europe’s AML/CTF regime. MLD4 recognises that the risk of money laundering and terrorist financing can vary and that Member States, competent authorities and firms within its scope have to identify and assess that risk with a view to deciding how best to manage it.
As required by MLD4, the European Supervisory Authorities have issued a Joint Consultation Paper – Risk Factor Guidelines - setting out guidelines to help firms identify, assess and manage the moneylaundering and terrorist financing risk associated with individual business relationships and occasional transactions in a risk-based, proportionate and effective way. It is intended that the guidelines will promote the development of a common understanding by firms and competent authorities across the EU of what the risk-based approach to AML/CTF entails and how it should be applied.
The Risk Factors Guidelines set out in Title II of the Joint Consultation Paper provide a non-exhaustive list of factors firms should consider when identifying, assessing and managing money laundering and terrorist financing risk. This is expanded upon by Title III which provides sectoral guidance for correspondent banks, retail banks, electronic money issuers, money remitters, wealth management, trade finance providers, life insurance undertakings, investment managers and providers of investment funds.
The guidelines are likely to be finalised in Spring 2016.