aml/cft risk management. pmlftr prevention of money laundering & funding of terrorism...
TRANSCRIPT
AML/CFTRISK MANAGEMENT
PMLFTRPrevention of Money Laundering & Funding of Terrorism
Regulations Subject persons = carrying out relevant activity/financial
business
Relevant activity = activity of legal or natural persons when acting in the exercise of their professional activities/ on behalf of and for their clients
Implementing Procedures assist subject persons Require subject persons to manage their ML/FT risks
Binding as from the date on which they’re issued
Failures to comply administrative penalty: 250 – 2500€
Money Laundering Enables the perpetrators to make legitimate economic use of the criminal proceeds
By disguising the source, changing the form, moving the funds
Usually three stages:
1) The placement stage
Introduced into the financial system by breaking up large amounts of cash into less conspicuous smaller sums
2) The layering stage
Engages in a series of conversions or movements of the funds to distance them from the source
3) The integration stage
Integrating the funds by investing in real estates, luxury goods, etc…
Funding of Terrorism
Process by which terrorist organizations or individual terrorists are funded in order to be able to carry out acts of terrorism
Take place through:
1) Funds deriving from legitimate sources
2) Combination of lawful and unlawful sources
The ultimate aim is to obtain resources to support terrorist operations
Customer Due Diligence
Determine who the applicant for business/the customer/the beneficial owner is
Verify whether such person is the person he purports to be
Identification and verification of the applicant of business
Identification and verification of the beneficial owners
Identification and verification when the applicant for business does not act as a principal
Obtaining information on the purpose and intended nature of the business relationship
Conducting ongoing monitoring of the business relationship
Establishing the source of wealth and source of funds
Setting up a customer acceptance policy and ensuring that the applicant for business meets the requirements set out in such policy
Prohibited to keep anonymous accounts or accounts in fictious names
Documents, data, or information obtained from a reliable and independent resource
Business relationship must comprise 3 important elements
1) Relationship must be of a business, professional or commercial nature
2) Relationship must subsist for a period of time
3) One of the persons involved in the relationship must be a subject person
Identification
With respect to a natural person:
Official full name
Place & Date of birth
Permanent residential address
Identity reference number
nationality
Verification of the obtained documents through:
A government authority
Department or agency
A regulated utility company
A subject person carrying out relevant financial business
Where the applicant for business is present for verification:
A valid unexpired passport
A valid unexpired national or other government issued ID-card
A valid unexpired driving licence
Verification of the residential address:
A recent statement from a recognized credit institution
A recent utility bill
Correspondence from a central or local government authority
A record of a visit to the address by a senior official of the subject person
Any government-issued document
Documents other than official government issued documents, must not be more than 6 months old.
Identification & verification of the beneficial owner
Who is the beneficial owner?
Natural person who ultimately owns or controls the customer
Natural person on whose behalf or for the benefit of whom a transaction is being conducted
Includes all natural persons who own or control (direct or indirect ownership/bearer shareholding) more than 25% of the shares or voting rights
Includes also persons with less than 25% who exercise control over the management
Shadow directors
Measures: Request more information directly from the applicant for business
Written declaration about the existence of such persons
Signed by applicant for business and the beneficial owner
Or signed declaration that he is not aware of the existence of such persons
Ensure that the applicant for business is duly authorized to act on behalf of the beneficial owner
Principal must be identified by usual verification procedures
When the principal is a public company:
Official full name
Registration number
Date of incorporation
Registered address
Certificate of incorporation
Confirmation, that the public company is not on the process of being dissolved, struck off, wound up or determinate
Most recent version of the MaA’s
All directors must be identified
When the principal is a private company same procedures as public
Establishment of ownership and control structure Copy of shareholder register
Information from independent sources
Latest audited financial statements
Also relevant for the risk profile: Nature and details of the business
Origin of the funds
Source of wealth
Be not satisfied with a generic transcription
Simplified Due Diligence
Applicant of business need not to be identified or verified
Need not to obtain information relating the purpose or intended nature of business relationship
Persons, which are authorized to undertake relevant financial business (credit institutions, insurance business, investment firms, etc.)
Enhanced Due Diligence
Additional measures to CDD measures Questionnaire
Certified copies
Clearance certificate
Relevant for customers which by their business represent a higher risk
Applicant for business has not been physically present (non face-to-face customers)
In relation to cross border correspondent banking relationships
In relation with PEPs
Political Exposed Persons (PEPs) Natural person, who is or has been entrusted with prominent public functions
Immediate family members
The spouse or any partner
Children, their spouses or partners
The parents
Heads of states, heads of government, ministers and deputy, assistant ministers and parliamentary secretaries
Members of Parliament
Members of the courts
Members of courts of auditors, Audit Committees, board of the central bank
Ambassadors and management of boards of State owned corporations
Domestic PEPs still pose a higher risk but if residing in Malta EDDs are not mandatory required
Mandatory risk procedures
A customer acceptance policy, as a minimum, should include:
Description of the type of customer
Identification of the risk indicators
Customer background
Country of origin
Business activities
Products
Linked accounts or activities
Requirement for the application of EDD measures
Customer Risk Generally based on the persons economic activity and/or source of wealth
Categories of customers whose activities may pose a higher risk Customers conducting their business relationship or transactions in unusual
circumstances
Where the structure or nature of the entity or relationship makes it difficult to identify the true owner
Cash intensive business
Charities or “not for profit” organizations
Use of intermediaries
PEPs
Customers who are subject to sanctions or other economic measures
Product/Service Risk Potentially higher risk including the following
International corresponding banking service
International private banking services
Service involving banknote and precious metal trading and delivery
Services that inherently provide more anonymity
Online banking
Stored value cards
International wire transfers
Private investment companies and trusts
Interface Risk
Channel through which a subject person establishes a business relationship and through which transactions are carried out
Use of internet for the provision of services
Higher level of anonymity
Through agents or providers
Geographical Risk
Dependent on the geographical location of the business/economic activity and the source of wealth/funds of the business relationship
Countries that pose a higher risk: Countries subject to sanctions, embargoes or similar measures
Identified by credible sources as lacking appropriate AML/CFT laws
Identified as providing funding or support for terrorist activities
Identified as having significant levels of corruption or other criminal activity
Identifying a customer as posing a higher risk of ML/FT does not automatically mean that such a person is a money launderer or terrorist financier
A customer who is identified as presenting a low risk of ML/FT does not exclude the possibility that such customer may attempt to launder money or fund terrorism
In the event of a change of circumstances the respective control is modified accordingly
Recording procedures To be able to demonstrate to the FIAU that the measures adopted are appropriate
Of utmost importance that the processes are duly recording in writing
Records should contain all relevant information of the specific CDD measures
Internal reports made to the MLRO
Reports by the subject person to the FIAU
Record of AML/CFT training
Records at least for period of 5 years Commence from the date on which the business relationship is determined
MLRO
Functions of the MLRO may not be:
Outsourced
Carried out by a non-executive director
Carried out by a person who only occupies the position of company secretary and does not hold any other position within the organization
Carried out by a person who undertakes internal audit functions
The MLRO must have a senior position within the institution
Must have a direct reporting line to the Board of Directors
Must also have the authority to act independently in carrying out his responsibilities
Have full and unlimited access to all records, data, documentation and information of the subject person for the purposes of fulfilling his responsibilities
Internal reporting procedures:
Any knowledge or suspicion of ML/FT should be reported directly to the MLRO
Internal reports should be submitted in a written form
Reporting line as short as possible
Ensure that no essential information is overlooked
Annual Compliance Report Contents of the annual Compliance Report:
“The Report” requires the completion of general details on the subject persons, as well as information which includes:
Information on internal suspicious reports
An overview of the policies and procedures on internal control, risk assessment and risk management
An overview of the manner through which the MLRO would have assessed internal compliance
Information concerning the AML/CFT training attended by the MLRO
Signed by a high-ranking officer and the MLRO
Awareness, training and vetting of employees
Procedures to prevent ML/FT cannot be implemented effectively unless employees are made fully aware of their obligations and are provided with the necessary training.
Employees should be made aware of:
CDD measures
Record keeping procedures
Internal reporting
Policies and Procedures on risk assessment and management
The provisions of the PMLFTR
The implementing procedures
Training programmes for employees should include ongoing refresher courses
Training programmes for employees should take place every year
Subject persons must provide training to new employees
Reputable jurisdiction
“any country having appropriate legislative measures for the prevention of money laundering and the funding of terrorism recognized as laying down internationally accepted standards for the prevention of ML/FT
Take into account that country’s membership of, or any declaration or accreditation by, any international organization recognized as laying down internationally accepted standards for the prevention of ML/FT
useful: FATF, Money Val or similar
Non-reputable jurisdictions
FIAU Guidance Note on High Risk and Non-Cooperative Jurisdictions Appendix IV
Clearly establishes that certain jurisdictions listed in the FATF public documents shall not be considered to be a reputable jurisdiction
Member states of the European Community may be automatically presumed to satisfy the criteria of “reputable jurisdictions” Appendix III
These third countries are currently considered by EU member states as having equivalent AML/CFT systems to the EU
Offences and Penalties
Not maintaining appropriate procedures for CDD, record keeping & reporting or not provide necessary training to the employees Fine not exceeding 50 000€ or 2years imprisonment
Committed to the lack of supervision Not less than 2500€, not more than 5000€, accumulated not more than 50
000€
False declaration or false description of the production AfB liable to a fine not exceeding 50 000€ or 2years imprisonment
Contravention on information on the payee accompanying transfers of funds Not less than 250€, not more than 2500€
Contravention with regulation 15(6) and 15(11) Not less than 250€, not more than 2500€, accumulated not more than 12 500€
Information has not been transmitted to the FIAU Not exceeding 50 000€ or 2 years imprisonment
Failure to comply with the provisions of any procedures or guidance Not less than 250€, not more than 2500€, accumulated not more than 12 500€
Committing any act of money laundering Not exceeding 2 329 373,40€ or 14 years imprisonment
Disclosure that an investigation/attachment order has been made or applied for Not exceeding 11 646,87€ or imprisonment of 12 month
Acting in contravention of a freezing order Not exceeding 11 646,87€ or imprisonment of 12 month
Committing any act of Funding of Terrorism Not exceeding 11 646,87 or 4 years imprisonment