Are you ready for the 4th EU AML Directive?

Transcription

1 Are you ready for the 4th EU AML Directive? Breakfast Seminar 25 th April 2017 Agenda Introduction - Peter Haines, Global Head of GRC, CCL Academy Overview of the Final Published Guidance - Emma Gordon, Partner, Eversheds Sutherland Implications For Business - Bruce Viney, Global Head of FCC, CCL Academy What a Review of Your Existing AML Policies and Systems Should Include - Carwyn Evans, MD Consultancy Services, CCL Compliance Technology in Compliance - A New Era Dawns - Mark Dunn, Head of Entity Due Diligence and Monitoring, LexisNexis Q&A

2 Welcome Peter Haines Global Head of GRC, CCL Academy An overview 4 th EU Anti Money Laundering Directive 25 April 2017 Emma Gordon Partner

3 Overview of 4 th EU Anti Money Laundering Directive Outline Risk-based approach Beneficial ownership Politically exposed persons (PEPs) Impact on UK firms Eversheds Sutherland 25 April 2017 The 4th Money Laundering Directive 5 Risk-based approach

4 The risk-based approach in 4AMLD Member States are required to commission national risk assessments Firms are required to conduct AML risk assessments of their business and develop risk-based policies 4AMLD acknowledges measures should be adjusted according to level of risk presented in specific jurisdictions and sectors; clarifies situations when simplified CDD will be appropriate Risks are to be considered in light of variables set out in Annexes to 4AMLD European Commission acknowledged in July 2016 that Member States are not required to include specific list of EDD measures in national regulations Eversheds Sutherland 25 April 2017 The 4th Money Laundering Directive 7 The risk-based approach in 4AMLD (cont d.) Automatic exemptions no longer available Simplified due diligence not exemption from CDD Extra-territoriality The future for 5AMLD: Amendments in 5AMLD include strengthening 4AMLD s provisions on applying enhanced checks towards high-risk countries (including by clarifying the type of enhanced vigilance to be applied) 5AMLD takes steps to harmonise EDD measures at EU level to avoid or limit risk of forum-shopping between Member States Eversheds Sutherland 25 April 2017 The 4th Money Laundering Directive 8

5 Beneficial ownership Changes to beneficial ownership regime 4AMLD increases transparency around beneficial ownership of companies and trusts Identification of beneficial owner(s): adequate, accurate and current information made readily available to national authorities and obliged entities (4AML Directive term for designated bodies ) Procedure when beneficial owners cannot be identified Central registers of beneficial owners for natural and legal persons, in addition to information on trusts Controversial requirement: the idea was not present in the initial proposed draft from Commission, and was added by European Parliament later Eversheds Sutherland 25 April 2017 The 4th Money Laundering Directive 10

6 Changes to beneficial ownership regime (cont d) Proposed amendments in 5AMLD intend to improve transparency of beneficial ownership information by clarifying or strengthening certain of its features: What is registered Where the beneficial ownership is registered; and Who may access the information Amendments include making certain beneficial ownership information public, although this requirement may be subject to registration and payment of a fee PSC register Eversheds Sutherland 25 April 2017 The 4th Money Laundering Directive 11 Politically exposed persons

7 Politically exposed persons (PEPs) Further to the Application Report, 4AMLD incorporated FATF s revised recommendations on PEPs Extended definition of PEPs; includes domestic individuals with prominent positions in home country Due diligence procedure for extended definition of PEPs HM Treasury guidance Extension of time for monitoring risk FCA consultation on PEP guidance Eversheds Sutherland 25 April 2017 The 4th Money Laundering Directive 13 Impact on UK firms

8 Emma Gordon Partner One Wood Street London EC2V 7WS eversheds-sutherland.com 2017 Eversheds LLP Eversheds Sutherland (International) LLP is a limited liability partnership Implications for Business Bruce Viney Global Head of FCC, CCL Academy bviney@cclacademy.com

9 Are We Nearly There Yet? European Supervisory Authorities Warning February 2017 Joint opinion on the risks of ML and TF in the EU FS - FS is vulnerable to Money Laundering abuse due to: Systems and Controls Individual business relationships too close and personal Policies generally ok but implementation poor CDD as a box ticking exercise Risk Assessments Inadequate risk assessments due to lack of knowledge and experience Insufficient understanding of products and services risk Failure to understand risks of products and services Staff failing to identify higher risk factors

10 European Supervisory Authorities Warning Joint opinion on the risks of ML and TF in the EU FS: Staff issues Low priority for senior management Remuneration focused on profit not compliance Insufficient awareness and expertise Inadequate training Staff not following procedures Other Lack of senior management buy in Increased competition from foreign internet platforms with inadequate AML and CTF controls High risk transactions being driven underground Lack of access to law enforcement intelligence Regulatory arbitrage - Seeking authorisation in less stringent states Compliance cost is challenging for small firms So.Are We Nearly There Yet? Many tier 1 firms have most of these controls in place already But they are clearly not working as needed Two clear (big) actions are needed: 1. Ensure that all policies, procedures and controls meet the requirements of the Directive 2. Ensure all staff have the knowledge, skills and attitude to ensure correct and complete application of these.

11 Risk - 139:36 The biggest challenge lies in understanding risk Ensure policies, procedures and controls define risk and the CDD categories and actions required Have a clear, usable framework for risk identification Ensure controls support these Remuneration linked to compliance as well as profit Train staff effectively, often and measurably Be clear risk is an ongoing exercise Audit the application of risk measurement and related CDD actions Risk CDD systems need to reflect the risks of: Customer type Geographic area Products Services Transaction types Delivery channels This means risk analyses must be carried out across these areas for all businesses Outcomes of the risk analyses must be incorporated into the CDD controls

12 Risk Existing clients need to be reassessed against the new risk criteria Monitoring systems and parameters may need to be recalibrated Procedures/controls must ensure large and unusual transactions are identified and thoroughly investigated Existing clients need to be reassessed against the change of scope, e.g. Gambling services Beneficial Owners Must ensure accurate, adequate and current information on Beneficial Owners Onboarding procedures need to ensure complete and accurate unwrapping. Complex unwrapping passed to a specialist unit? Procedures and controls must identify and reject shell companies

13 PEPs Controls must be in place to identify PEPs and those associated with them. Some banks have set up a High Risk Persons Unit : PEPs are sufficiently important and complex to require own unit PEPs are identified at onboarding All associated persons are correctly identified PEPs are continually tracked against clients and cross matched A PEP register is maintained and linked to the Beneficial Owner register PEP status is monitored and the register kept up to date PEPs Need appropriate measures for approval of business involving PEPs Training All relevant staff must understand, apply and follow up on CDD issues relating to PEPs

14 Other Tax evasion Tax evasion as a new predicate offence Policies etc. need to reflect this. Training on how to identify tax evasion; red flags etc. Audit Depending on size and nature of business An independent audit function Used to check, verify and instigate corrections AML Directive 5 An amending directive Instigated due to 2016 terror attacks and Panama papers The amendments will strengthen the following points: Designate virtual currency exchange platforms as obliged entities Set lower maximum transaction limits for certain pre-paid instruments Enable FIUs to request information on money laundering and terrorist financing from any obliged entity Enable FIUs and competent authorities to identify holders of bank and payment accounts Harmonise the EU approach towards high-risk third countries Improve access to beneficial ownership information Other minor changes

15 People The Fundamental Control The only control that really matters are people All other controls are designed and implemented by people People are the primary control failure point Three key drivers for people: Training Remuneration Internal ethics (conduct) People The Fundamental Control Training The Directive requires that staff be adequately and regularly trained Training must itself be risk-based It must be timely It must be targeted to need Focus must be on behaviour It must be effective and measured It must be a priority Box ticking training leads to box ticking compliance

16 People The Fundamental Control Remuneration And Conduct Remuneration must reward compliant behaviour And not reward non compliant behaviour Wrongly focused remuneration undermines compliance controls Right conduct is essential This must be clearly defined in the organisation Senior management must be seen to embody this Regular and frequent reinforcement of good conduct is essential. So Are We Nearly There Yet? FIs must ensure that they have met all the immediate requirements The impact on business of AML D 4 (and 5) is more than just putting the controls in place How these controls actually work will be the acid test Much more needs to be done to focus on the people requirements

17 Training Support If you need help with training your team on changes as a result of the implementation of the 4 th EU AML Directive, or more generally in relation to Financial Crime Prevention contact CCL Academy s training team: info@cclacademy.co.uk What a Review of Your Existing AML Policies and Systems Should Include Carwyn Evans MD Consultancy Services, CCL Compliance cevans@cclcompliance.com CCL Limited CCL Compliance Limited

18 How To Structure Your Review Any firm subject to significant change in legislation or regulation should conduct a thorough review, analysing the impact of those changes on the business. Your review should include the following elements: Gap Analysis Training Review of P&Ps Group companies and reliance Assess RBA CCL Limited CCL Compliance Limited Gap Analysis Begin your review with a Gap analysis, by assessing the impact that MLD4 will have on your business. Understand your current state and define your target state by mapping your current systems and controls against the coming legislation and regulations. Some of the potential gaps to consider: Do your policies and procedures align with the new requirements? Are AML/CTF risks identified appropriately within your business? How will correspondent banking relationships impact my firm? Are your customers appropriately risk profiled, and thus managed accordingly? Does your current MI suite provide timely and relevant data to management? Is your training programme adequate for the forthcoming regime? Do you have sufficient resources to manage the key risk areas facing your business? CCL Limited CCL Compliance Limited

19 Policies And Procedures Your policies and procedures need to be up to date without erroneous references. They must be risk sensitive in order to align with the risk-based approach. Update the revised definitions within MLD4. Update the SAR requirements in your documentation. Ensure the PEP definitions and processes are aligned. Policies and procedures should be approved and supported by senior management in order to be implemented effectively. Ensure that data retention processes are aligned with the 5 year retention requirements Ensure that all relevant staff have access to the policies and procedures. CCL Limited CCL Compliance Limited Risk-based Approach Your AML and CTF risk management framework should be subject to periodic effectiveness reviews, which can also tie in with your preparedness for MLD4. Revisit your business risk assessment to ensure that it matches your business and that it captures any changes to products or customers outlined in MLD4. Review your customer risk assessment, including risk scoring methodology and override mechanisms. Consider how the inclusion of domestic PEPs impact your existing controls. Devise a sensible and appropriate risk-based monitoring programme. Assign achievable periods for risk-based ongoing CDD. CCL Limited CCL Compliance Limited

20 Group Companies and Reliance Consider whether your firm has any subsidiaries or branches that will get drawn into the equivalence requirements. Review your distribution channels for incidence of referral customers from third parties. Where you rely on 3 rd parties, including Group members, to carry out your CDD for your customers, ensure that their standards and controls are equivalent to MLD4. Also ensure that you can obtain the CDD information from the 3 rd party in a timely manner. Where 3 rd party reliance is in place, implement periodic supervision of the 3 rd party and the effectiveness of its control provision. CCL Limited CCL Compliance Limited Training Training is a crucial element of controlling the risk of money laundering and financing of terrorism. Review the training programme within your organisation: Is it aligned with the MLD4 requirements? Does it include up to date definitions and references to the correct regulations and legislation? Is the training risk-based enough? Is the training material tailored to the recipients? Consider whether firm-wide training is required to help embed the revised AML control framework Do customer-facing employees need specific procedural training or workshops? What should be the frequency of training? CCL Limited CCL Compliance Limited

21 Implementation Support CCL s team of expert compliance consultants can help your firm by: Conducting a full review of your control framework Reviewing and updating your documentation Reviewing your policies and procedures To discuss your Firm s requirements contact Carwyn Evans, cevans@cclcompliance.com, CCL Limited CCL Compliance Limited Technology in compliance a new era dawns Insights into advancements in compliance technology Mark Dunn Segment Leader, Entity Due Diligence & Monitoring

22 Entity Due Diligence and Monitoring Technology to mitigate increasing business risks 43 44

23 Mitigating reputational risk British banks handled vast sums of laundered Russian money The Guardian, March 20, 2017 World s Biggest Banks Fined $321 Billion Since Financial Crisis Bloomberg, March 2, Mitigating regulatory risk JAPAN - Management thereof comply with requirements for due diligence and continuous monitoring as specified Extract from Comprehensive Guidelines for Supervision of Financial Instruments Business Operators, etc. (Securities Business Division, Supervisory Bureau, Financial Services Agency) JAPAN - Execution of due diligence regarding a joint venture partner company Extract from Anti-Corruption Guidance (Japan International Cooperation Agency) USA - Comprehensive due diligence demonstrates a genuine commitment to uncovering and preventing FCPA violations. A Resource Guide to the U.S. Foreign Corrupt Practices Act (US DoJ, SEC) USA - An effective risk management process throughout the life cycle of the relationship includes proper due diligence in selecting a third party. Extract from Third-Party Relationships Risk Management Guidance (US OCC) UK - The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks. Extract from Bribery Act 2010 Guidance (UK Ministry of Justice) UK - Reasonable procedures for undertaking due diligence on potential projects, acquisitions, business partners, agents, representatives, distributors, sub-contractors and suppliers Extract from Deferred Prosecution Agreements Code of Practice (UK Serious Fraud Office, Crown Prosecution Service) UK - Due diligence processes and reporting are essential management tools that improve risk identification and longterm social, environmental as well as financial performance Transparency in Supply Chains etc. A practical guide (Guidance issued under section 54(9) of the Modern Slavery Act 2015) (UK Home Office) UK - Most firms failed to demonstrate adequate systems and controls for assessing bribery and corruption risks in relation to dealing with and monitoring third party relationships, such as relationships with agents or introducers. Thematic Review (UK Financial Conduct Authority,) BRAZIL - To decrease the chances that the company may become involved in cases of corruption or fraud in tenders and contracts, depending on the actions of third parties, it is important to adopt appropriate checks for contracting and supervising suppliers, service providers, intermediaries and associates, among others, primarily in situations of high risk to integrity Extract from Brazil Clean Company Act Integrity Program Guidelines for Private Companies (Merrill Brink translation) SWEDEN - Companies shall have knowledge of, and when needed, perform a due diligence review and verify the integrity of agents and other cooperation partners before agreements are executed or other forms of cooperation commenced. Extract from Code of Business Conduct (The Swedish Anti-Corruption Institute) SWITZERLAND - Particular due diligence has to be applied for the selection and assignment of local agents. Extract from Preventing corruption Information for Swiss businesses operating abroad (State Secretariat for Economic Affairs (SECO)) AUSTRALIA - The body corporate proves that it exercised due diligence to prevent the conduct, or the authorisation or permission. Extract from Criminal Code Act 1995 (ComLaw) NEW ZEALAND - Due diligence is an important part of good corporate governance and as such, due diligence with respect to corruption prevention will often form part of an organisation s wider due diligence model Extract from Saying No to Bribery and Corruption -A guide for New Zealand Businesses (Ministry of Justice) 46

24 Mitigating financial and strategic risk Real GDP Growth IMF Data Mapper (October) High growth Transparency International Corruption Perceptions Index (January 2017) Perceived as high risk Financial Mitigate the risks of financial penalties, debarment and loss of business Strategic Ensure ongoing business process efficiency and support effective execution of business strategy to sustain competitive edge 47 How does RegTech help? Evolving technology to drive compliance efficiencies 48

25 RegTech Primary Themes Efficiency and collaboration Technology that allows more efficient methods of sharing information Alternative reporting methods Technology that allows data to be provided (or taken) in a different way. The cloud/cloud computing On-demand computing services delivered over the Internet. Online platforms Technology that helps different parties communicate. Shared utilities Technology that allows firms to share services (such as a Know Your Customer utility) via the cloud and/or online platforms. Shared solutions can reduce the burden and regulatory costs for the industry by increasing scalability and flexibility. Feedback Statement: Call for input on supporting the development and adopters of RegTech (Financial Conduct Authority, July 2016) 49 RegTech Primary Themes Integrate, standardise and understand Technology that drives efficiencies by closing the gap between intention and interpretation Semantic tech and data point models Technology that converts regulatory text into a programming language Application Programme Interface (API) Technology that allows systems to interact consistently, in this case over the internet. Shared data ontology A formal naming and definition of the types, properties, and interrelationships of entities. Robo-Handbook A more interactive FCA Handbook better tailored to the firm s permissions could make compliance and reporting requirements clearer. Feedback Statement: Call for input on supporting the development and adopters of RegTech (Financial Conduct Authority, July 2016) 50

26 RegTech Primary Themes Predict, learn and simplify Technology that simplifies data, allows better decision making and the creation of adaptive automation Big data analytics Advanced analytics solutions that can interpret vast amounts of structured and unstructured data that could be stored in data lakes (storage repositories). Modelling/visualisation technology Technology that allows the simulation of actions and interactions to assess their effects on the system as a whole. Risk and compliance monitoring Technology that allows an always-on, non-invasive surveillance of transactions, behaviourand communications. Machine learning and cognitive technology Technology that learns from data and pattern recognition to refactor / change algorithms (e.g. artificial intelligence). Feedback Statement: Call for input on supporting the development and adopters of RegTech (Financial Conduct Authority, July 2016) 51 RegTech Primary Themes New directions Technology that allows regulation and compliance processes to be looked at differently Blockchain/distributed ledger This securely records and encrypts verified data that can be safely shared across a network held in a distributed database. Biometrics Technology that measures and analyses people s physical and behavioural characteristics. Inbuilt compliance Regulatory requirements can be coded into automated rules applied when relevant. System monitoring and visualisation Technology that captures and traces all messages created by systems and their interactions. Feedback Statement: Call for input on supporting the development and adopters of RegTech (Financial Conduct Authority, July 2016) 52

27 Entity Due Diligence and Monitoring Aligning resources to risk assessment and mitigation 53 Develop a consistent and efficient process 54

28 Aligning technology resources to risk assessment Customer risk factors (A, B, C) Countries and geographic areas factors Products, services and transactions risk factors Delivery Channel Risk Factors A. Business or professional activity For example: Does the customer or beneficial owner have links to sectors that are associated with higher corruption risk, such as construction, pharmaceuticals and healthcare, arms trade and defence, extractive industries and public procurement? B. Reputation For example: Are there any adverse media reports or other relevant information sources about the customer? For example, are there any allegations of criminality or terrorism against the customer or their beneficial owners? C. Nature and behavior For example: Is the customer s ownership and control structure transparent and does it make sense? If the customer s ownership and control structure is complex or opaque, is there an obvious commercial or lawful rationale? Extract: JMLSG Guidance :2017 REVISION Draft/14 March 2017 (Consultation closes 28 th April, 2017) (Joint Money Laundering Steering Group, March 2017) 55 Aligning technology resources to risk assessment Hig h Outsourced solutions Proprietary/Integrated solutions Risk Assessment Aggregated subscription services Individual Subscription Services Low Due Diligence Resources Hig h 56

29 Aligning technology resources Due Diligence Tasks Anti-Money Laundering Customer due diligence Anti-Bribery & Corruption Third-party due diligence Supplier Risk Management Supplier due diligence Mergers & Acquisitions M&A due diligence Sponsor/Donor Third=party due diligence Identity Verification Verify individual s identity Corporate Registers Verify company keydata, management team, corporate and ownership structure Check and monitor if company, subsidiaries, directors or owners are Sanctions & Warnings sanctioned or on regulatory or law enforcement watchlists Politically Exposed Persons Negative News Legal Check and monitor if directors or owners are PEPs with government connections at risk of corruption Check and monitor reputation risk against media archives Check for any legal cases that flag potential risks 57 Develop a consistent process Third-party due diligence Work towards a consistent and efficient due diligence process Checklist 1. Set clear requirements and objectives and define ROI 2. Try before you buy (trial/test/compare/benchmark) 3. Prepare for change (scaleable, flexible tech/integration) 4. Leverage integration and customisation options 5. Consider level of IT commitment needed 6. Consider local language availability 7. Ensure sufficient training and support available 8. Generate management intelligence and audit data 9. Build in regular reviews with business stakeholders 10. Build in regular reviews with vendors 58

30 Resources Pop by our stand downstairs to pick up your free copy of our AML Directive, Beneficial Ownership, or Cloud outsourcing whitepapers. 59 We help our customers mitigate business risks, meet their strategic goals and regulatory requirements. Our due diligence solutions are efficient, flexible and cost-effective. We deliver interconnected and flexible product modules aligned to the customer workflow including: PEP, watch list and negative news screening Enhanced due diligence and reporting Media monitoring of supply-chain and third-party risk (PESTLE) Outsourced due diligence, compliance and risk advisory Content integration and data feeds into proprietary systems Contact us for a free trial or demonstration of our compliance and due diligence solutions: / / mark.dunn@lexisnexis.co.uk 60

31 Thank you for attending Click Questions to edit for Master the Panel? title style Peter Haines - Global Head of GRC, CCL Academy Emma Gordon - Partner, Eversheds Sutherland Bruce Viney - Global Head of FCC, CCL Academy Carwyn Evans - MD Consultancy Services, CCL Compliance Mark Dunn - Head of Entity Due Diligence and Monitoring, LexisNexis LexisNexis Business Insight For Solutions further information, please contact us on: t e info@cclacademy.com 61 Thank you for attending Click Thank to you edit for Master attending title style w: e: info@cclacademy.co.uk w: e: bis@lexisnexis.co.uk For further information, please contact us on: t e info@cclacademy.com