new anti-money laundering directive - staying a step … · new anti-money laundering directive -...

New Anti-Money Laundering Directive -staying a step ahead

Tuesday 25th October 2016Pinsent Masons LLP

@uktisa

Adam Hodgkins Head of Member Engagement, TISA

Introduction

@uktisa

David HeffronPartner, Head of Financial Regulation

Pinsent Masons LLP

Chair@uktisa

Heading

• Introduction by Adam Hodgkins, Head of Member Engagement, TISA• Opening remarks by David Heffron, Partner Head of Financial Regulation, Pinsent Masons – Chair• David Swanney, Executive Secretary, Joint Money Laundering Steering Group ‘The role of the JMLSG and

how its guidance is developed’• Jimi MacDonald, Senior Manager - Financial Services Tax, PwC ‘The interaction between AML and the

Common Reporting Standard (CRS)’• Edwin Ferguson, Domestic Anti-Money Laundering, HM Treasury ‘4MLD’• Coffee Break• Mike O’Neill, Solicitor, Pinsent Masons LLP ‘Legal Aspects of AML/CRS’• John Thompson, Senior Policy Director, BBA ‘Consent Regime/new Criminal Finances Bill’• Timothy Ritson, Senior Business Development Representative, Callcredit ‘AML and identity verification for

FS firm’s’• Closing remarks by David Heffron, Chair

@uktisa

David Swanney, Executive Secretary

Joint Money Laundering Steering Group

@uktisa

An update from the JMLSG –

The impact of 4MLD on UK Regulations and the JMLSG Guidance

David SwanneyExecutive Secretary, JMLSG25 October2016

JMLSG Guidance (1)

• Legislative context• Money Laundering Regulations 2007 [replaced by 2016/17?]

• Proceeds of Crime Act 2002

• Terrorism Act 2000

• Counter-terrorism Act 2008 (Schedule 7)

• Financial sanctions Orders/Asset Freezing etc Act 2010

• Regulatory• FCA Rules - SYSC

• Industry Guidance (approved by Treasury Minister)• Joint Money Laundering Steering Group

7

JMLSG Guidance (2)

• Keeping Guidance up to date• Policy now on JMLSG website

• Every two years

• When change in law or regulation

• Otherwise, when events suggest amendment…..

• Implications of digital age….?

• We don’t usually anticipate change

• Past updates/revisions

• Original RBA version 2006

• Revised to reflect 2007 Regulations

• Revisions (mainly minor) in 2009, 2011 and 2013

• Additional review in 20148

8


• 4MLD -

• revises and updates 3MLD (basis of MLR 2007)

• implements FATF 2012 Revised Standards

• will require new transposing Regulations

• mandates ESAs to issue Guidelines on Risk Factors

• will require amended Guidance to reflect new Regulations and ESA Guidelines

• Changes from 3MLD might seem relatively limited, but some are quite fundamental

9

9


• Main features of 4MLD • Risk Based Approach - clearer articulation

• Amendment/removal:

• Simplified due diligence

• Enhanced due diligence

• Concept of third country ‘equivalence’

• Revised/additional provisions relating to PEPs

• Beneficial owners – more detail

• Lots of detail delegated to the ESAs to provide

10

10


• 4MLD changes

• RBA (articles 6-8)

• Big emphasis on ‘proportionate’

• Risk assessments required

• At EU level

• At national level

• At firm level

• Proportionate

• Documented

• Kept up to date

• Made available to supervisors

11

11


• 4MLD changes - RBA

• EU/National assessments –

• Large exercise – takes time

• But must be dynamic to be useful

• But - will all MS interpret the requirements the same way?

• What weight to be given to National Risk Assessments (and what does the EC overview add?)

• Issues flowing from UK AML Action Plan?

• How to ‘link’ the NRA to firms’ approaches

• Commission able to identify ‘high risk’ countries (art 10) – as FATF

12

12


• 4MLD changes

• Customer due diligence (articles 10-14)• Much as in 3MLD – extent, timing, existing customers

• Identify ‘person purporting to act on behalf of’ (art 13)

• CDD on risk sensitive basis

• Proposed amendment to 4MLD re use of electronic data?

• Derogation for some e-money products (art 12)

13

13


• 4MLD changes

• Simplified due diligence (articles 15-17)• No longer linked to entity type – but to ‘areas of lower risk’

• Some categories removed – pooled accounts, other regulated entities

• Based on ‘risk factors’ (Annex II)

• Guidelines to come from ESAs

• Will all member states approach these the same way?

• Will all firms approach these the same way?

• Need for guidance to introduce consistency

14

14


• 4MLD changes

• Enhanced due diligence (articles 18-24)• Much similar to 3MLD – assessed high risk, complex/unusual transactions, correspondent

banking, PEPs

• Identified high risk countries

• Other assessed high risk relationships

• Based on ‘risk factors’ (Annex III)

• Non face to face now a risk factor

• Guidelines to come from ESAs



• Need for guidance to introduce consistency15

15


• 4MLD changes

• Enhanced due diligence (articles 18-24)• Correspondent banking – much as 3MLD (but new definition problematic)

• No relationships with shell banks (article 24)

• PEPs (more)



• Need for guidance to introduce consistency – not least on what EDD actually means, and how this can reflect the perceived risk……

16

16


• 4MLD changes • PEPs (articles 20-23)

• Now include domestic ones – all one category – but still no lists….

• All subject to EDD - no ability to ‘aim off’ for domestic ones

• Source of wealth and source of funds

• Insurers must take reasonable measures to see if beneficiary a PEP

• PEPs still defined as individuals – not corporate entities

• ‘Close associates’ includes those owing/controlling an entity which ‘is known to be set up… for the de facto benefit of a PEP’ (art 3)

17

17


• 4MLD changes • Annex III does not include the existence of a PEP making a customer higher risk – may be

common sense, but not spelled out

• Need for clarity on what EDD means, and how much this can vary across individual, or types, for PEPs (Domestic? Foreign?)

• ‘Walker’ amendment (introducing s333U to FSMA) mandates FCA to issue guidance on domestic PEPs…..?

18

18


• 4MLD changes - detail delegated to ESAs

• Guidelines on risk factors• SDD – in addition to the factor in Annex II

• EDD – in addition to the factors in Annex III

• Opinion on the ML/TF risks affecting the EU financial sector

• Regulatory technical standards• Where can’t apply group policy

• AML SPOC for electronic money issuers

• Risk based supervision, and sanctions and penalties

• A lot of deliverables in a relatively short timescale……• but draft guidelines on risk factors published in October 2015 for comment – final version awaited

19

19


• 4MLD changes

• Reliance (articles 25-29)• A lot as in 3MLD

• Still the responsibility of the ‘relying’ party

• Wide scope (in theory) – any regulated entity in a country previously regarded as ‘equivalent’ (but see next slide)

• MS will prohibit reliance on entities in ‘high risk’ countries

• But – exemption for branches/subsidiaries in such countries, where group-wide policies are applied (article 45)

• Copies of ID material etc to be available ‘immediately, upon request’

20

20


• 4MLD changes

• Equivalence• Concept not referred to

• Aim is to get firms to focus on wider risks in a relationship, and not just ‘tick up’ someone from a particular jurisdiction because it is ‘equivalent’

• Commission to be empowered to compile ‘black lists’? Just copied FATF?

• Could lead to a lot of reinventing wheels

• Implications for smaller firms….

21

21


• 4MLD changes

• Beneficial owners (articles 30-31)

• Central register• Corporates (art 30)

• Trusts (art 31)

• Must be adequate, accurate, current [‘up to date’ for trusts]…

• Can’t just rely exclusively on the register

• Corporates/trustees must hold details themselves

• Definition of Control includes ‘by/via other means’(art 3)

22

22


• 4MLD changes

• Other matters (articles 32-46)

• Reporting – a lot as 3MLD (art 32-39)

• Record retention (art 40)

• Five years, as before

• Additional five years (maximum?)….

• Implement group-wide policies (art 45)

• including for data protection (?)

• MS shall ‘ensure’ that sharing information within a group ‘is allowed’

• Employee awareness (art 46)

23

23


• Implementation of 4MLD in the UK

• In terms of timing

• 4MLD must be implemented by 26 June 2017

• Commission seeking to bring forward to 1 January 2017

• MER 2018 – Spring? Summer?

• In terms of content of Guidance

• Timing dictated by HMT timetable

• Focus on the way risk is addressed

• How Guidance supports ‘effectiveness’ of regime

24

24


• Questions?

[email protected]

www.jmlsg.org.uk

25

25

mailto:[email protected]

http://www.jmlsg.org.uk/

Jimi MacDonald, Senior Manager

PwC

@uktisa

Interaction between AML rules and the Common Reporting Standard (CRS)

25 October 2016

PwC

Current state of play…

• CRS went live on 1 January 2016 for early adopters

• Impacts Financial Institutions and Non Financial Institutions

• Requirements apply to ALL individual and entity account holders and controlling persons of passive non financial entities that are tax resident in participating jurisdictions – resulting in due diligence requirements

• Requirements are similar to FATCA except for the focus on reporting individuals and entities that are tax resident in participating CRS jurisdictions

Note: The United States is currently treated as a Non Participating jurisdiction.

Anguilla, Argentina, Barbados, Belgium, Bermuda, British Virgin Islands, Bulgaria, Cayman Islands, Colombia, Croatia, Curaçao, Cyprus, Czech Republic, Denmark, Estonia, Faroe Islands, Finland, France, Germany, Gibraltar, Greece, Greenland, Guernsey, Hungary, Iceland, India, Ireland, Isle of Man, Italy, Jersey, Korea, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Mexico, Montserrat, Netherlands, Niue, Norway, Poland, Portugal, Romania, San Marino, Seychelles, Slovak Republic, Slovenia, South Africa, Spain, Sweden, Trinidad and Tobago, Turks and Caicos Islands, United Kingdom

First reporting by 2017

Early adopters

Albania, Andorra, Antigua and Barbuda, Aruba, Australia, Austria, The Bahamas, Bahrain, Belize, Brazil, Brunei Darussalam, Canada, Chile, China, Cook Islands, Costa Rica, Dominica, Ghana, Grenada, Hong Kong (China), Indonesia, Israel, Japan, Kuwait, Lebanon, Marshall Islands, Macao (China), Malaysia, Mauritius, Monaco, Nauru, New Zealand, Panama, Qatar, Russia, Saint Kitts and Nevis, Samoa, Saint Lucia, Saint Vincent and the Grenadines, Saudi Arabia, Singapore, Sint Maarten, Switzerland, Turkey, United Arab Emirates, Uruguay, Vanuatu

First reporting by 2018

CRS committed

Azerbaijan, Belarus, Holy See, Honduras, Jamaica, Kosovo, MoldovaVietnam, Algeria, Angola. Cambodia. Georgia, Philippines, Thailand,Uzbekistan. Armenia. Cabo Verde, Dominican Republic, Guyana, Haiti,Iraq, Kazakhstan. Montenegro, Nicaragua, Paraguay, Peru. Serbia, TaiwanTunisia, Turkmenistan, Ukraine

No timeline

Not committed

28

PwC

Refresh - what is CRS and how does it work?

Non-UK tax resident person has an account with a UK Financial Institution

HMRC automatically forward information to the tax authorities globally

UK Financial Institution discloses financial

account data to HMRC

Foreign tax authorities examines UK data and

may make enquiries

…holds an account with…Non-UK tax resident individual or entity…

…United Kingdom Financial Institution

First reporting will be completed in 2017

29

PwC

Applies due diligence

How do Financial Institutions identify reportable investors?

Entity status: Reporting FI

Entity status:Non-Reporting FI

Entity status:Active NFE

No reporting

Investor

Financial Institution (FI)

Non-Financial Entity (NFE)

Individual

Are there any Controlling Persons

which a are Reportable Persons?

Is the individual a Reportable Person?

Entity status: Passive NFE

Individual

No reporting

Report

No reporting

Report YES

YES

NO

Is the entity a Reportable Person ?

Report YES

NO

No reporting

No reporting

Report YES

NO

Is the entity a Reportable Person ? Reporting Financial

Institution

30

PwC

Due diligence requirements for ‘new’ investors

Collect documentation and classify investors

Determine whether an account is in scope

Test reasonableness of information received

Classify investors and store information

FIs must identify if the ‘account’ is in scope for AEoI and classify the relevant investor

Ongoing monitoring for changes in circumstance

1 2 3 4

Selected challenges Considerations

• Obtaining information from investors ‘upon account opening’ can be challenging

• Local country implementation rules may provide guidance on the practicalities of obtaining this information (e.g. within 90 days)

• Alignment with existing investor due diligence processes (e.g. AML) may impact when and how this information is obtained as it is not always a ‘day one’ event

• Investor ‘experience’ may suffer as a result of information requests

• Design of forms can be difficult and US W-series forms are not appropriate for CRS• Investors can find technical language hard to follow and lead to incomplete forms being provided back (see

next slide for considerations on an alternative approach)

• Investors will need to be classified under US FATCA and CRS.

• This presents a challenge of managing multiple classifications for investors.• Investors may have to be labelled as reportable for one regime but not the other(s) requiring management

of multiple classifications for investors.

• Monitoring of changes in circumstance to determine if they impact the tax residency status of investors under CRS

• Tax residency is potentially more fluid than citizenship (relevant for FATCA) as such the status of investors could change more often.

• Current process for monitoring changes in circumstance may need to be enhanced.

31

PwC

How could AML information be used for new investor onboarding?

Request investors tax residency information using a self-certification

Most Financial Institutions have requested a self-certification to classify investors appropriately for CRS. This information should be tested for ‘reasonableness’ which is often by reference to AML or other information gathered for due diligence purposes.

Step 1

Step 2

Step 3

Step 4

Determine if the entity is reportable

Determine if the entity is a Passive NFE

Confirm that the investor is a non-reportable person using information on file or that is publicly available.

Broadly this would include investors that are:

(i) A Regularly Traded entity;

(ii) A Related Entity to a regularly traded entity;

(iii) a Governmental Entity;

(iv) an International Organisation;

(v) a Central Bank; or

(vi) a Financial Institution.

OR

AML‘Other’

information

Validation of investor self-certifications Classification of investors

The UK Guidance Notes (AEIM103440) provide an exception to the requirement to obtain a self-certification where “…the financial institution can reasonably determine, based on information in its possession or that is publicly available, that the Account Holder is not a Reportable Person.”

Confirm reasonableness and any ‘reason to know’ that the self-certification is unreliable

32

PwC

Validation of self-certifications using AML information

Request investors tax residency information using a self-certificationStep 1

Step 2

Step 3

Step 4

Determine if the entity is reportable

Determine if the entity is a Passive NFE

Has information been gathered that could indicate a different residency for tax purposes?

Has an investor indicated a non-reportable status (e.g. regularly traded) – does this line up with other information gathered (e.g. evidence of listing for certain Active NFEs?)

“Obtain a self-certification, which may be part of the account opening documentation, that allows the Reporting Financial Institution to determine the Account Holder's residence(s) for tax purposes and confirm the reasonableness of such self-certification based on the information obtained by the Reporting Financial Institution in connection with the opening of the account, including any documentation collected pursuant to AML/KYC Procedures.”

Does AML information support identification of Controlling Persons? Furthermore, does this support their claimed residency(ies) for tax purposes?

33

Confirm reasonableness and any ‘reason to know’ that the self-certification is unreliable

To what extent can AML information support reasonableness checks?

AML

Selected challengesSelf-certification process

PwC

Classification of investors using AML and ‘other’ information

• Certain investors may be reluctant to complete CRS self-certifications and responses in the industry have varied in both quality and consistency.

• Some organisations have considered alterative approaches to classifying investors for CRS purposes reducing the number of investors that are required to complete self-certification form.

• The focus is often on using AML and other information to identify non-reportable investor types, however, choosing not to obtain a self-certification may often result in a greater risk if misclassifying investors.

CRS non-reportable entity type Potential investor types Application to AML and other information gathered

Financial Institution Banks, asset managers, investmentfunds, custodians

FCA or equivalent regulated status may indicate FI statusIRS list of registered FIs for FATCA

A Regularly Traded entity and a related Entity to a regularly traded entity

Listed entities and subsidiaries of listed entities

Evidence of listing on a stock exchange

Governmental Entity Government or wholly owned agency or instrumentality of a government in another participating jurisdiction

Evidence that investor is a government or government owned entity

International organisation International organisation or wholly owned agency or instrumentality thereof

Evidence that the investor is a supranational organisations

Central Bank Evidence that the investor is a central bank

Potential application

34

PwC

Points to consider

AML

CRS FATCA

Others

Selected considerations

35

• Consider where crossover between regimes exists

• Assess current investor onboarding processes to determine whether using AML information could create efficiencies

• Map AML and other information to indicative CRS investor classifications

• Could technology be used to make the process more efficient (e.g. electronic self-certification validation)?

• Consider whether changes to investor information requests could improve experience – feedback in the industry is that forms are complicated and hard to complete

Questions…

No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in

this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not

accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to

act, in reliance on the information contained in this publication or for any decision based on it.

© 2016 PricewaterhouseCoopers LLP. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers LLP (a

limited liability partnership in the United Kingdom) which is a member firm of PricewaterhouseCoopers International Limited,

each member firm of which is a separate legal entity.

Jimi MacdonaldSenior Manager - Operational Taxes

E-mail: [email protected]

Tel.: 020 7804 3042

Edwin Ferguson Domestic Anti-Money Laundering

HM Treasury

@uktisa

Mike O’Neill, Solicitor

Pinsent Masons LLP

@uktisa

Legal Aspects of AML and CRS

TISA

Anti—Money Laundering Seminar

24 October 2016

Michael O’Neill

Current AML Regime

MLD3

Money Laundering Regulations

2007

POCA 2002

TACT 2000

JMLSG Guidance

FCA (SYSC 6.3 and

FC Guidance)

Concealment

Disguising

Conversion

Transfer

Removal

Criminal Sanctions

Regulatory Obligations

Systems and Controls

Customer Due Diligence

Beneficial Ownership

MLRO

Obligations under MLD3

• Regulated Firms

• SYSC 6

– Adequate policies and procedures which are comprehensive and

proportionate

• Risk based analysis

– Regular assessment of adequacy of systems and controls

– Training

– MI to senior management

– MLRO

Money Laundering Offences

The process by which the proceeds of crime are dealt with in a way

to disguise their criminal origins

Section 327 POCA –“the basic money

laundering offence”

Section 328 POCA –“aiding and abetting”

Section 329 POCA –“acquiring proceeds of

crime”

Knowledge or Suspicion of Money Laundering

Sanctions – Current AML Regime

Increasing use of non-financial sanctions

The FCA has fined Sonali Bank (UK) Limited (the "Bank") £3,250,600 and

restricted it from accepting deposits from new customers for 168 days for breach

of Principles 3 and 11 because of serious failings in its anti-money laundering

systems. The MLRO and compliance officer was also fined £17,900 and

prohibited from performing MLRO or compliance oversight functions at regulated

firms.

Due-Diligence On-going Monitoring

Governance

Policies and Procedures

Culture of Compliance

The (not so distant) Future

1 January 2017

MLD4

ScopeBeneficial Ownership Information

CDDRisk Based Approach

Information Sharing

Whistleblowing Sanctions*

MLD5

*Commission proposes to harmonise

definitions of money laundering and the

sanctions applied

Brexit and AML obligations

Transposition is mandatory, so on Brexit Day, MLD4 will be part of

UK national law. The UK is likely to retain the wording of MLD4

because it will want to retain equivalence with EU standards when the

UK is outside the block;

The UK is a member of the FATF and is assessed against FATF

standards. MLD4 is heavily influenced by the recommendations of

FATF, so alignment with international FATF standards can be

secured by the continuation of MLD4; and

The UK is ahead of the European curve on AML law and has often

'gold plated' EU legislation. The UK will have the legislation in place

and the political will to combat money laundering, even when it is out of

the EU.

What should firms be doing now?

• Review of AML policies and procedures to ensure

compliance with MLD4

• Governance Arrangements

– Is there sufficient ‘buy-in’ from senior management?

• Review existing risk assessments

– e.g. domestic PEPs

• Ensure that training of employees is up-to-date and

relevant.

• Is everything fully documented?

CRS

• The OECD developed the Common Reporting Standard (CRS) which

calls on jurisdictions to:

1. obtain information from their financial institutions; and

2. automatically exchange that information with other jurisdictions

• The first information exchange date will be: September 2017

• The UK signed the Multilateral Competent Authority Agreement

(MCAA), which provides legal basis for CRS

• The European Council adopted Directive 2011/16/EU on

administrative cooperation (DAC) for better cooperation between tax

administrations in the EU – information exchanged from 1 January 2016

International Tax Compliance Regulations 2015/878

• In force from 15 April 2015

• The Regulations consolidate various requirements for the automatic

exchange of tax information:

– adopts the DAC (exchange of information with the EU);

– incorporates the CRS (by introducing obligations on financial institutions to

maintain accounts and report information in a specified manner to HMRC);

– implements the UK's automatic exchange of information agreements with

non-EU jurisdictions; and

– introduces penalty provisions for breaching the obligations.

The two most important aspects of the regulations for regulated firms are:

1. Due diligence procedures to identify reportable accounts

2. Sanctions for non-compliance

Due diligence procedures

Firms are required to establish and maintain due diligence procedures to

identify reportable accounts.

Pre-existing individual accountsReview all existing accounts.

• Lower value accounts an indicia search or rely on a

permanent residence address test.

• Higher value accounts a paper record search and a

‘reason to know’ test.

No de minimis.

New individual accountsSelf-certification.

No de minimis.

Pre-existing entity accountsDetermine whether the entity is a reportable person or a

passive NFE (in which case confirm residency of

controlling persons through available information or may

need self-certification).

$250,000 de minimis.

New entity accountsControlling persons of passive

NFEs will need self-certification.

No de minimis.

Sanctions

Regulation Failure or breach Penalty

Reg. 13(1) Failure to identify specified clients (financial institutions or relevant

persons) or failing to submit client exchange of tax information

notifications (including for overseas persons)

£3,000

Reg. 13(2) Failure to comply with any obligation under the regulations £300

Red. 14 If there is a penalty imposed under reg. 13, the person is further

liable for each subsequent day that the failure continues

(after 30 days, HMRC can make an application to the tribunal for an

increased daily penalty under reg. 21)

£60 for each such

day

Reg. 15 When complying with reg. 6 (reporting obligation), the person

provides inaccurate information where:

(a) it is due to a failure to comply with the DD requirements or

if provision of inaccurate information is deliberate;

(b) the person knew of the inaccuracy; or

(c) the person discovered the inaccuracy and failed to take

reasonable steps to inform HMRC

£3,000

Reg. 16 When identifying payments, the person fails to report a payment or

fails to set out a payment accurately.

£300 per failure,

subject to £3,000

calendar year cap

Pinsent Masons LLP is a limited liability partnership registered in England & Wales (registered number: OC333653) authorised and regulated by

the Solicitors Regulation Authority, and by the appropriate regulatory body in the other jurisdictions in which it operates. The word ‘partner’, used in

relation to the LLP, refers to a member of the LLP or an employee or consultant of the LLP or any affiliated firm of equivalent standing. A list of the

members of the LLP, and of those non-members who are designated as partners, is displayed at the LLP’s registered office: 30 Crown Place,

London EC2A 4ES, United Kingdom. We use 'Pinsent Masons' to refer to Pinsent Masons LLP, its subsidiaries and any affiliates which it or its

partners operate as separate businesses for regulatory or other reasons. Reference to 'Pinsent Masons' is to Pinsent Masons LLP and/or one or

more of those subsidiaries or affiliates as the context requires. © Pinsent Masons LLP 2016

For a full list of our locations around the globe please visit our websites: www.pinsentmasons.com and www.Out-Law.com

John Thompson, Senior Policy Director

BBA

@uktisa

Timothy Ritson, Senior Business Development Representative

CallCredit

@uktisa

Thank You!

TISADakota House

25 Falcon CourtPreston Farm Business Park

STOCKTON-ON-TEESTS18 3TX

www.tisa.uk.com01642 666999

[email protected]

@uktisa

new anti-money laundering directive - staying a step … · new anti-money laundering directive -...

Documents