There are, however, a number of new requirements which will all require time and resource to ensure compliance. These can be broken down into ten different requirements, each with corresponding pressures and challenges.
As my colleague Graeme Port covered last week, the changes to risk assessments will be a major challenge, particularly for smaller firms or those who have not conducted risk assessments in the past. A National Risk Assessment will be published in 2018, replacing the 2015 assessment. In the interim, UK supervisory bodies will be producing their own, looking at their respective industry verticals. Below that, each firm must also ensure that they carry out their own respective risk assessment. These written risk assessments must be kept up to date and be available to the regulator upon request.
Prior to AML4, we had been accustomed to certain customers only being subject to Simplified Due Diligence (SDD). Under AML 4 this carte blanche approach to groups of customers will disappear, with firms taking a risk based approach to each customer on their individual merits. Critically, this must be justifiable to regulators. When onboarding customers that pose a lower risk of money laundering, firms must still be able to illustrate how the customer presents a lower degree of risk. This allows for resource to be focused on those customers or transactions that pose a higher degree of risk. When onboarding customers from countries that are deemed to be at a high risk of money laundering, Enhanced Due Diligence (EDD) must be used.
A public record of Persons with Significant Control (PSC) of companies must be created. The UK has already enacted this piece of legislation (from 2016) and the information is available to regulators, banks, law firms and other entities that have a legitimate interest in the information. Similar registers must now be created by all member states. The information on this register must be kept up to date for regulators to maintain accurate and current information on beneficial ownership.
The definition of a Politically Exposed Person (PEP) has altered and expanded slightly and takes into consideration the families of known PEPs. EDD will be required on all PEPs for at least 18 months after they have ceased to be so, up from the current 12 months. Moreover, domestic based PEPs will now be treated in the same manner as foreign PEPs. Previously foreign based PEPs had been subject to EDD, but firms will now take a risk based approach for both foreign and domestic to determine the level of due diligence required. Firms also cannot discriminate or turn away customers on the basis that they are PEPs. One of the key requirements of AML4 is that a risk based approach must be applied to every customer and controls put in place to monitor and deal with that risk.
Firms must keep records of all their customers up to five years after their business relationship has ended. In certain circumstances this can be increased to ten years.
Undoubtedly one of the key changes is the move towards operating a risk based approach. Prior to the introduction of AML4 it was possible for MLROs or Compliance Managers to decline a customer on the basis that their threat level was too high. This is no longer permissible. Each customer’s risk level must be determined and then the relevant controls put in place to manage that level of risk. As well as executing a risk based approach, the assessments themselves must be documented and kept up to date, with risk factors such as jurisdiction and source of wealth captured.
It is well known that money launderers will use complex structures and base companies in foreign jurisdictions where it is difficult or in some cases impossible to determine the ultimate beneficial owner (UBO) of a company. This was highlighted by the Panama Papers release, which showcased how far wealthy individuals can go to hide their wealth. To be included as a UBO, individuals must have a 25% shareholding in a company.
The new directive states that the individual ultimately responsible for compliance should be a board member with sufficient influence to be able to make recommendations and drive change where required.
We have already seen significant fines being handed down to banks and financial service institutions who have failed to adhere to their own money laundering policies. Following the introduction of AML 4, the same sanctions will also now be feasible in the legal and professional service space – with the introduction of OPBAS reflecting the intent to standardise supervision and regulation across verticals. As well as naming and shaming of individual firms, they can also be fined up to 10% of annual turnover. The importance of having a senior professional at board level is also highlighted here as individuals can face fines of up to €5,000,000.
Firms can still use Customer Due Diligence (CDD) provided by a third party, as long as they are covered by the Money Laundering Regulations. However, the rules for using a third party are strict. As well as being covered by AML 4 the third party must also hand over all information, and confirm in writing that they have undertaken appropriate levels of due diligence.
The above ten points highlight that for all firms, and especially those that have not been subject to regulations such as AML4 in the past, that without careful planning and strict adherence to the regulations as they have been written, it is very easy to fall foul of the new regulations.
While supervisory bodies are keen to help those that reach out for assistance, any divergence from the letter of the law can lead to sanctions. It is therefore imperative that firms in the regulated sectors, such as legal and professional service firms, have plans in place now to ensure their continued adherence to the new regulations.
Both the UK and EU have made it clear that they are determined to clamp down on money laundering and the sectors must now respond with concrete proposals in place that will adequately take into consideration each of the above ten points.
Alex has worked with Encompass since 2012 and re-located to Glasgow in 2015 for the company's launch in the UK and establishment of the UK operation.
As Vice President of Product & Marketing, Alex oversees both teams from our APAC headquarters in Sydney. Previously, Alex was Marketing and Innovation Manager for the Institute of Executive Coaching and Leadership in Sydney and Hong Kong, and prior to that marketed software company The Distillery. She holds degrees in Japanese and Marketing, as well as Digital Marketing qualifications from ADMA and Product Marketing from UC Berkeley.
Encompass’ intelligent process automation conducts live document and data collection, analysis and integration from public and premium sources to bring transparency to complex corporate structures and ultimate beneficial ownership, delivering the most accurate and complete KYC on demand.