27.1.1 Overview

The problems of financial crime in Albania have been well documented. Perhaps the collapse of the series of pyramid schemes in 1997 specifically highlights the key concerns. These financial schemes, believed to be a means of laundering money, were allegedly linked to Kosovo drug gangs and the Italian mafia. The schemes became so popular that even the poorest members of the population became embroiled. They were attracted by the interest rates offered, which were an impossibly high 44% per month. The total amount of money invested in these schemes was almost 50% of the GDP of the country ($2 billion). The collapse of the schemes in early 1997 led to nationwide riots and the deaths of over 2,000 people.

Albania still has a large informal financial services sector, which, when combined with a cash economy, provides an environment in which financial crime can thrive. That the authorities have sought to address these concerns means that most of the key international requirements have now been implemented. Albania's most significant sources of money laundering still are thought to originate from corruption and organised crime. The European Commission's 2008 Progress Report stated that drug trafficking, organised crime and money laundering remained “serious concerns” and that Albania has made limited progress in its fight against money laundering.

The General Directorate for the Prevention of Money Laundering (GDPML) (Drejtoria e Bashkerendimit te Luftes Kunder Pastrimit te Parave, DBLKPP) operates as the Albanian national financial intelligence unit (FIU). It is the national centre for collecting, analysing and distributing information relating to potential money-laundering activities.

27.1.2 Key Legislation

Money laundering is criminalised by Article 287 and 287a of the Albanian Criminal Code. Instruction No. 28, dated 31st December, 2012, On The Reporting Methods, Procedures And The Preventive Measures Taken By The Subjects Of Law No. 9917, dated 19th May, 2008, On The Prevention Of Money Laundering And Terrorism Financing provides the compliance regime, while Law No. 157, dated 10th October, 2013, On The Measures Against Terrorism Financing provides the counter-terrorism financing regime – the third piece of legislation in this area since 2008. Regulation 44 On Measures Against Terrorism Financing provides additional guidance applicable to banks.

27.1.3 Legislative History

In 2006, the Council of Europe's Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism (MONEYVAL) conducted a mutual evaluation of Albania's anti-money-laundering/counter-terrorist-financing regime. The deficiencies identified by MONEYVAL, in May 2008, were addressed by the Albanian Parliament, which passed Law No. 9917, On Money Laundering and Terrorist Financing. The law entered into force in September 2008.

The law consolidated all previous legislation, which includes the Criminal Code of the Republic of Albania, 1995; Criminal Procedure Code of the Republic of Albania, 1995; Law No. 8610, 2000, On the Prevention of Money Laundering amended by Law No. 9084, 2003 entitled For Some Additional and Amendment in Law No. 8610, 2000, On the Prevention of Money Laundering (OPML) (now repealed) and also by Law No. 9258, 2004 On Measures for the Suppression of Terrorism Financing.

Law No. 8610 established an administrative FIU, and the General Directorate for the Prevention of Money Laundering to coordinate the detection and prevention of money-laundering activity in Albania. Under Law No. 9084, the financial intelligence unit became a quasi-independent agency within the Ministry of Finance.

27.1.4 FATF Assessment

The 2013 follow-up report stated that, although Albania has made considerable progress to tackle money laundering and the financing of terrorism, the risk of money laundering remains high. Albania has a history of organised crime, with clan-based and hierarchically organised networks that are allegedly involved in drug trafficking. The relative size of the cash-based informal economy facilitates the laundering and integration of proceeds of crime. There are a number of sectors identified with illegal practices, including illegal gambling establishments and exchange bureaux, as well as the vulnerabilities that relate to cross-border transportation of currency, which also put Albania at risk for money-laundering activity.

Additionally, the FATF stated that, “In June 2012, Albania made a high-level political commitment to work with the FATF and MONEYVAL to address its strategic money laundering deterrence and counter terrorist financing deficiencies. Albania has taken steps towards improving its regime. However, the FATF has determined that strategic money laundering deterrence and counter terrorist financing deficiencies remain.”

27.1.5 The Primary AML Investigation/Regulatory Authorities

27.1.6 Outline of Specific Money-laundering Offences

Money laundering was originally criminalised through Article 287 of the Albanian Criminal Code of 1995. Article 287 states that: “Disposing, transferring, concealing, obscuring the nature, source, or ownership of property derived from criminal activity” is an offence. Furthermore, Article 287a provides that “commission of financial transactions or other economical transactions for the purpose of money laundering, which are known to stem from criminal activity, and their recirculation and production for entrepreneurial or economic activity of any kind” is an offence.

The latest AML legislation, Law No. 10 391, provides that “Laundering of criminal offence proceeds” has the same meaning as provided by Article 287 of the Criminal Code.

Article 15 is the tipping off prohibition which prohibits employees of the subject from informing the customer, or any other person, about the verification procedures regarding suspicious cases, as well as any reporting made to the responsible authority.

Article 14 is the legal liability exemption for subjects or supervisory authorities, directors, officials or employees who are reporting criminal activity in good faith to the competent authority. This provision states that these entities shall be exempt from penal, civil or administrative liability arising from disclosure of professional or banking secrecy.

27.1.7 Penalties

Violation of Article 287 is punishable by three to ten years of imprisonment. Breach of Article 287a is punished by five to ten years of imprisonment, and if committed in collusion with others or repeatedly, is punished by seven to 15 years of imprisonment. If it has caused serious consequences, it is punishable by not less than 15 years of imprisonment.

For tipping off, natural persons shall be fined 2,500,000 Lek, and legal persons shall be fined 5,000,000 Lek.

27.1.8 Scope

Law No. 10 391 applies to a variety of financial institutions, including:

• Banking entities, and any other entity licensed or supervised by the Bank of Albania;
• Non-bank financial entities;
• Companies involved in life insurance or re-insurance, agents and their intermediaries as well as retirement funds; and
• Any other natural or legal person, in addition to the aforementioned ones, engaged in the administration of third parties' assets/managing the activities related to them.

27.1.9 Risk-based Approach

Albania adopted a risk-based approach to its anti-money-laundering policies and procedures with the enactment of Law No. 9917 On the Prevention of Money Laundering and Terrorism Financing (OPMLTF).

27.1.10 Role of the MLRO/Nominated Officer

By virtue of Article 10 of Law No. 10 391, reporting entities are obliged to nominate a responsible person and a deputy for the prevention of money laundering, at the administrative/management level in the central office and in every representative office, branch, subsidiary or agency, to which all employees shall report all suspicious facts, which may comprise a suspicion related to money laundering or terrorism financing. Compliance persons have ongoing access to all data kept in compliance with the AML legislation.

Furthermore, Regulation 44 provides that subjects shall assign one of their executive directors as the person responsible for accomplishing the duties related to the prevention of money laundering and terrorist financing.

27.1.11 Due Diligence

The AML legislation provides that entities should identify their customers and verify their identities by means of identification documents:

• Before establishing a business relationship.
• Where no business relationship has been established but the customer carries out, or is willing to carry out, the following:
  • a direct transfer inside or outside the country in an amount equal to or greater than 100,000 Lek or its equivalent in foreign currencies.
  • a transaction in an amount equal to:
    • not less than 200,000 Lek or its equivalent in foreign currencies to exchange offices or casinos.
    • not less that 1,500,000 Lek or its equivalent in foreign currency in the case of a sole transaction or several transactions linked to each other. If the amount of the transaction is unknown at the time it is executed, the identification shall be made as soon as the amount is made known and the aforementioned limit is reached.
• When there are doubts about the veracity of the identification data previously collected.
• In all cases when there is reasonable doubt for money laundering or terrorism financing.

Entities must identify and verify the identity of the beneficial owner.

Law No. 9917 strengthened customer due diligence by requiring the identification of all customers regardless of the size of their transactions. It is mandatory for reporting subjects to maintain ongoing due diligence of customers according to the KYC (Know Your Customer) procedures. Subjects must undertake enhanced due diligence on a risk-sensitive basis.

There is also a better definition of client, which includes any natural or legal person.

27.1.12 Ongoing Monitoring

Entities must carry out continuous monitoring of business relationships with their customers, in order to make sure that they are in conformity with the entity's information about the customers, the scope of their activity and their classification according to the level of risk they represent.

Entities must periodically update customer data in accordance with paragraph 1 of this Article and immediately when they have reason to suspect that the conditions and the actual situation of the customer have changed.

Entities are obliged to draft and apply internal regulations and guidelines that take into account the money-laundering and terrorism-financing risk, which can originate from customers or businesses, including, but not limited to:

• A customer's acceptance policy, and
• A policy for the application of procedures of enhanced due diligence in the case of high-risk customers and transactions.

27.1.13 Staff Training

Under Article 11, subjects have an obligation to train their employees on the prevention of money laundering and terrorism financing and organise periodic training programmes for their employees. Law No. 10 391 does not outline any specific training requirements, while the recent guidance specifies that subjects should periodically train their employees on the prevention of money laundering and terrorism financing, based on an annual plan of training, including acquaintance with the legal changes in this field.

27.1.14 Record-keeping

Entities must maintain documentation concerning identification, accounts and correspondence with the customer for five years from the date of closing the account or termination of the business relationship between the customer and the entity. At the request of the responsible authority, the documentation may be maintained for more than five years.

Entities must keep data registers, reports and documents related to financial transactions, national or international, regardless of whether the transaction has been executed in the name of the customer or of third parties, together with all supporting documentation, including account files and business correspondence, for five years from the date of the execution of the financial transaction. At the request of the responsible authority, the information may be kept for longer than five years, even if the account or the business relationship has been terminated.

Entities must maintain the data relating to transactions, including those specified in Article 10, with all the necessary details to allow the reestablishing of the entire cycle of transactions, with the aim of providing information to the responsible authority in accordance with this law and the sub-legal acts pursuant to it. This information shall be stored for five years from the date when the last financial transaction has been carried out. This information shall, upon a request from the responsible authority, be stored for longer than five years.

Entities must make sure that all customer and transaction data, as well as the information kept according to this article, shall immediately be made available upon request from the responsible authority.

27.1.15 Investigation and Reporting Requirements

Article 12 of Law No. 10 391 details the circumstances when subjects should report to the competent authority.

Entities submit a report to the responsible authority when they know or suspect that laundering of the proceeds of crime or terrorism financing is being committed, was committed or is being attempted. The report should be submitted immediately and not later than the period specified in any secondary legislation.

When the entity has been asked by a customer to carry out a transaction, and suspects that the transaction may be related to money laundering or terrorism financing, it should immediately report the case to the responsible authority and ask for instructions as to whether it should execute the transaction or not. The responsible authority shall be obliged to provide a response within 48 hours.

Entities are required to report to the responsible authority within the time limits set forth in any secondary legislation all cash transactions, equal to or greater than 1,500,000 Lek or its equivalent in other currencies, executed as a single transaction or as a series of linked transactions.

Banks and non-banking financial entities should report to the responsible authority in accordance with the time limits set forth in any secondary legislation all non-cash transactions, equal to or greater than 6,000,000 Lek or its equivalent in other currencies executed as a single transaction or as a series of linked transactions.

27.1.16 Penalties

The penalty for failing to apply customer due diligence measures is:

• For natural persons: from 100,000 Lek up to 500,000 Lek;
• For legal persons: from 500,000 Lek up to 1,500,000 Lek.

For failing to apply enhanced CDD measures, entities shall be fined:

• Natural persons: from 500,000 Lek up to 2,000,000 Lek;
• Legal persons: from 2,000,000 Lek up to 5,000,000 Lek.

In cases of failing to implement adequate internal controls, the fine is:

• Natural persons: from 300,000 Lek up to 1,500,000 Lek;
• Legal persons: from 1,000,000 Lek up to 3,000,000 Lek.

For failing to meet the reporting obligations, entities shall be fined:

• Natural persons: from 300,000 Lek up to 1,500,000 Lek;
• Legal persons: from 1,000,000 Lek up to 5,000,000 Lek.

In addition to the above penalties, when the entity is a legal person and the administrative violation is committed by:

• An employee or non-administrator of the entity, the person who has committed the violation shall be fined from 60,000 Lek up to 300,000 Lek;
• An administrator or a manager of the entity, the person who has committed the violation shall be fined from 100,000 Lek up to 500,000 Lek.

27.1.17 Case Studies

There have now been a number of cases reported and acted upon in Albania. The following is typical of the activity identified and acted upon.

The General Directorate for the Prevention of Money Laundering received a report that a politically exposed person (PEP) had signed a contract to buy an apartment for EUR 80,000. The financial investigation unit conducted further enquires, and identified the following:

• The PEP had made a transfer to another citizen with no apparent connection, who then bought an apartment on the same day as the PEP using the same notary.
• The PEP's brother had purchased a flat worth EUR 52,000 shortly before the PEP's purchase.
• The PEP had established a company shortly after the expiration of his mandate, as a sole partner, doing similar work to his work as a PEP. This company was a shareholder in another company located in a tax haven, which invested in Albania.

Further investigations showed that the PEP and the citizen to whom he apparently had no connection had previously lived together, the PEP had been charged with corruption and the two flats purchased were in the same building with identical contracts. Both contracts stated that 20% of the price was to be paid in cash, with the remainder to be paid through a bank loan. The market value of the property was actually 50% higher than the value paid, and besides the PEP, nobody involved had business activities.

The following conclusions were reached upon the processing of the additional information received from banks:

• Neither the PEP, his associate nor their families had received bank loans for property purchases;
• Their banking transactions were minimal in comparison to the assets purchased;
• In previous years, the PEP had made several transfers (in small amounts) in favour of his associate (an indicator that leads to the conclusion that they had known each other for several years);
• Before becoming a PEP, he had a job (from which he resigned) providing him with a salary higher than the one he received as a PEP (this indicator shows that he may have become a PEP in order to acquire money from corruption);
• The seller of the apartment purchased by the PEP's brother had paid EUR 92,000 in cash, although the sale value of the apartment was EUR 52,000.

Based on the above information, and taking into consideration the PEP's previous job, the grounded suspicion that the money invested in different ways really belonged to him and that the function held by the PEP provided numerous opportunities for corruption, the case was disseminated to the law-enforcement authorities.

27.2.1 Overview

Argentina is described by the USA State Department as a “major money-laundering country”. While it is making progress in developing its AML legal framework, it is still considered to be largely out of touch with international standards.

27.2.2 Key Legislation

The key Argentine money-laundering-deterrence and counter-terrorist-financing legislation is:

• Anti-money-laundering: Law No. 25.246, which has recently been amended by Law No. 26.683.
• Counter-terrorist financing: Law No. 26.268.

Resolution 228/2007, passed by the Financial Intelligence Unit, sets out the compliance requirements.

27.2.3 Legislative History

Money laundering was first criminalised in Argentina in 1989 under Article 25 of the Narcotics Law 23.737. Law No. 25.246 was enacted and came into force in 2000, and has since been amended four times. Supplementary rules and regulations have been implemented in order to bring alignment between Argentina and the global money-laundering standards together with the regulatory framework within South America.

On 11th September, 2007, the Argentine government enacted, through Decree 1225/2007, the National Anti-Money-Laundering and Counter-Terrorism Finance Agenda (the National Agenda) to serve as a roadmap for implementing money-laundering-deterrence and counter-terrorist-financing laws and regulations. This agenda provides the structure for the government of Argentina to improve existing legislation and regulation, and enhance inter-agency coordination.

On 17th June, 2011, the legislature of Argentina passed Law 26.683 (“The AML Act”) to amend the Criminal Code in order to update the criminal treatment of money laundering. The new law was adopted in response to pressure from the Financial Action Task Force.

27.2.4 FATF Assessment

Since February 2012, Argentina has taken substantial steps towards improving its money-laundering-deterrence and counter-terrorist-financing (AML/CFT) regime, including issuing a Presidential Decree creating a framework for freezing terrorist-related assets and issuing further FIU resolutions to reporting parties.

The FATF also welcomed Argentina's updated action plan on measures and milestones to assess Argentina's effective implementation of its money-laundering offence, but determined in June 2013 that certain strategic AML/CFT deficiencies remain. The Financial Action Task Force's third-round mutual evaluation report of Argentina found the country partially compliant or non-compliant with 46 of the 49 FATF Recommendations. Argentina is subject to an enhanced follow-up procedure during which the country is expected to immediately address deficiencies relating to its criminalisation of both money laundering and terrorist financing. The country is currently on the grey list, indicating that there is a lot of work still to do.

27.2.5 The Primary AML Investigation/Regulatory Authorities

27.2.6 Outline of Specific Money-laundering Offences

The Argentinian definition of money laundering, translated from Spanish, is:“Anyone who converts, transfers, administers, sells, manages, disguises or through any means puts in market circulation assets from a criminal offence, with the possible consequence that goods appear to have a legal origin, when its value exceeds the sum of three hundred thousand pesos, whether in a single act or repeated acts by various interlinked, shall be punished…”

In summary, the offence is converting, transferring, administering, selling, managing, disguising or, through any means, putting into market circulation assets derived from a crime involving a sum of over 300,000 pesos (approximately £42,000), therefore hiding its true origin and giving it a legitimate appearance.

27.2.7 Penalties

For money laundering as defined above, the penalty is imprisonment of three to ten years and a fine of two to ten times the amount of the transaction. However, this can be altered by one third of the maximum and half of the minimum in the following cases:

• When the offence is committed frequently;
• When the offence is committed by a member of a criminal gang;
• Where the offender is a public official who committed the offence in the course of duty (this can also result in a disqualification of three to ten years);
• Where the offender is acting in the course of an occupation requiring special authorisation (this can also result in a disqualification of three to ten years);
• Where the offender is assisting another criminal in laundering money, evading the authorities or hiding evidence (this carries a penalty of between six months' and three years' imprisonment);
• Where the value is less than 300,000 pesos (penalty between six months' and three years' imprisonment).

Judges can now make orders such as seizure of money-laundering-related assets (to compensate victims) before a conviction is obtained, provided the illegal origin has been proven. They can also order confidentiality regarding the identity of criminals and witnesses involved, to provide protection and encourage other people to come forward. Revealing the identity of a witness or accused after a judge has ordered anonymity carries a penalty of one to four years' imprisonment and a fine of 50,000 pesos.

It is also important to note that:

1. Previously, only someone who aided the criminal after the fact in hiding the origins of the money could be guilty of money laundering. Money laundering is now an autonomous crime, and you can be convicted for laundering your own money (“self-money laundering”). This legislative change closes a loophole by making money laundering a crime in itself, and not requiring it to be related to another offence.
2. The required threshold has been raised. Before this amendment came into force, only transactions (or a series of related transactions) exceeding 50,000 pesos could constitute money laundering. Transactions below 50,000 pesos could constitute only concealment, which was a lesser offence. Now, although the transaction must exceed 300,000 pesos, six times more than before, to receive the highest classification of severity, transactions involving lesser values are still punished as money laundering.

27.2.8 The Financing of Terrorism

The offence of the financing of terrorism is committed by anyone who collects goods or funds, either directly or indirectly, with the intention or knowledge that such goods or funds will be used to finance terror-related crime, either by a criminal organisation or by an individual. This offence is punishable by both imprisonment and a fine.

27.2.9 Scope

Twenty-three categories of organisation are bound by the requirements of the AML Act, including financial institutions, intermediaries, insurance companies and trustees.

Entities may establish operating procedures and appoint Compliance Officers to prevent money laundering and terrorism financing.

27.2.10 Risk-based Approach

Argentina has implemented the risk-based system as envisaged by the Financial Action Task Force, and in particular in relation to the required customer due diligence process. This is evidenced by the requirement for the systematic use of the risk matrix within financial institutions.

27.2.11 Role of the MLRO/Nominated Officer

Regulated entities must appoint a Compliance Officer, who is responsible for ensuring compliance and implementation of procedures to fulfil any legal obligations. They are also responsible for liaising with the FIU. The entity must notify the FIU in writing of the following information pertaining to the appointed Compliance Officer:

• Name
• ID
• Position
• Date of appointment
• CUID number
• Phone number
• Fax
• Email address
• Workplace.

The Compliance Officer must be completely independent and autonomous, as well as having unrestricted access to all the information required for performing their role. A deputy may be appointed to assist them.

The Compliance Officer will have the following obligations:

• To ensure compliance with policies established by the senior management to prevent, detect and report transactions that may be linked to money laundering and terrorism financing.
• To develop and implement procedures and controls to prevent, detect and report transactions that may be linked to the offences of money laundering and terrorism financing.
• To design and implement continuous training policies for officials and employees regarding their AML/CFT obligations.
• To analyse operations to detect any suspicious transactions.
• To develop systematic reporting of suspicious transactions.
• To maintain records of risk analysis and management of detected unusual transactions (regardless of whether they are reported to the FIU).
• To comply with the requirements made by the FIU.
• To monitor compliance with current regulations on the prevention of money laundering and terrorism financing.
• To ensure proper maintenance and storage of documentation.
• To pay special attention to the risk involved in trading relationships and related transactions with countries or territories which do not comply with the FATF regulations.

To fulfil the obligations outlined above, the Compliance Officer may be assisted by a Committee of Control and Prevention of Money Laundering and Terrorism Financing.

27.2.12 Due Diligence

CDD must be carried out for all “customers”, who are defined as all individuals or legal entities that establish, on a casual or permanent basis, a financial, economic or commercial contractual relationship. The minimum CDD requirements are detailed below.

27.2.13 Staff Training

The MLRO is required to implement a formal staff-training programme.

27.2.14 Record-keeping

Obligated parties are obliged to keep the following documentation in such a manner that a transaction can be reconstructed:

• CDD and any supplementary information must be kept for ten years from the end of the customer relationship.
• The original documents (or certified copies) relating to transactions or operations must be kept for ten years from the completion of the transactions or operations.
• The record of the analysis leading to a suspicious activity report must be kept for a period of ten years.
• Electronic documents and the requisite software related to transactions or operations shall be kept for a period of ten years (for the purpose of reconstruction of the operation).
• The information collected as a result of the preventative procedures shall be retained for at least five years, in such a manner that it allows the information and transactions to be reconstructed.

27.2.15 Investigation and Reporting Requirements

Reporting entities must report any suspicious conduct or activities relating to money laundering or terrorist financing to the FIU as soon as they find out about the suspicious conduct, by submitting a suspicious activity report (SAR). The FIU determines the reporting procedure, and the Compliance Officer is responsible for submitting the report.

Indicators of suspicion include, but are not exclusive to:

• An unusually high amount, complexity or an unusual pattern of transactions;
• A transaction structured to avoid reporting requirements;
• When the client shows an unusual disregard of the risks assumed and/or transaction costs involved with the transaction, particularly if they are unfamiliar;
• When transactions involve countries or jurisdictions considered “tax havens” or identified as non-cooperative by the Financial Action Task Force;
• Where complex corporate structures are employed for no apparent reason.

Regulated entities must retain all documentation supporting a SAR, and submit it to the FIU within 48 hours of being requested. The deadline to report potential money laundering shall be 150 days after the suspicious transaction was performed or attempted. The deadline to report potential financing of terrorism is 48 hours after the suspicious transaction was performed or attempted.

27.2.16 Purchase of Currency

On 7th June, 2010 the BCRA passed a law to prevent money laundering and tax avoidance. This law applies to local residents accessing the exchange market and places new restrictions on foreign currency savings and/or the acquisition of foreign assets.

Under these regulations, individuals or entities purchasing more than US$ 250,000 in aggregate per year must file a detailed asset justification report to the BCRA, and the financial entity involved in the sale of foreign currency shall also be required to verify that the amount of dollars purchased is consistent with the assets declared to the relevant tax authorities. However, the obligation to report does not apply if the purchases of foreign currency do not exceed US$ 5,000 per month.

In addition to this, any local resident purchasing more than US$ 20,000 of foreign currency per calendar month must do so through a bank transfer, an electronic payment or by cheque. The maximum threshold for purchases of foreign currency by local residents for foreign currency savings and/or the acquisition of foreign assets is US$ 2,000,000 per calendar month for both entities and individuals.

27.2.17 Penalties

Anyone acting in charge of a body which breaches these provisions can be fined an amount between one and ten times the total value of the property or transaction to which the infringement relates, unless the act constitutes a more serious crime. This penalty will also apply to the company itself. If it is not possible to establish the value of the property, the fine shall be between ten thousand dollars and one hundred thousand dollars. The offence is subject to a five-year limitation period, after which no charges can be brought.

27.2.18 Case Studies

In one case, two Mexican citizens were convicted of money laundering in Argentina, and given three-year suspended sentences. They flew from Mexico into Elegize Airport, Argentina, in October 2005, carrying suitcases with false bottoms.

Customs agents searching the suitcases found $648,000, which it later transpired did not belong to either of the men. The money was confiscated, and the pair were banned from engaging in business in Argentina. This case illustrates that, despite the current age of technology and sophisticated measures, systems and structures modern criminals use, money laundering can still be done in the most simple of ways and it pays to be vigilant about smuggling.

In another case, Argentina's Anti-Money-Laundering Office fined the local unit of HSBC Holdings plc 64 million pesos ($14 million) for failing to report suspicious company transactions in August 2012. The transactions, worth about 31.7 million pesos, took place from September to December 2007 and involved a company that said it had neither employees nor installations. The UIF based the penalty on the failure to comply with the “obligation to inform” established by Law 25.246. This case highlights the severity of the penalties which firms can incur if they fail to comply with their AML obligations.

27.3.1 Overview

A report prepared as part of a $3.2 million programme of research into money laundering and financing of terrorism in Australia found the country to have a robust money-laundering-deterrence framework, but noted that there is still work to do. Despite the regime, the number of prosecutions for money laundering in Australia has been relatively low, although prosecutions have increased considerably from five charges in 2003–04 to over 100 in 2010–11.

27.3.2 Key Legislation

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the AML/CTF Act), and subsequent amendments, provides the Australian AML/CFT legal framework. This is supplemented by Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) (“The Rules”), which were last updated in June 2012.

27.3.3 Legislative History

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the AML/CTF Act) is the current AML legislation in Australia, which came into force on 12th December, 2006. The Act was the first tranche of legislation which Australia adopted to reform its money-laundering-deterrence and counter-terrorist-financing regulatory regime. One of the main aims of this is to bring Australia in line with international standards, including standards set by the Financial Action Task Force (FATF). The Act is supplemented by The Rules.

Additional legislative provisions were developed in August 2007 to amend the Act. The provisions specify what “designated services” will trigger obligations under the Act. Further reforms were made in 2009 and 2012 following the review by the FATF. The Australian government is currently reviewing a further tranche of legislation, which had not been implemented at the time of this book going to print.

The Act implements a risk-based approach to regulation. This requires that reporting entities will use a risk-based approach to determine the way in which they meet their obligations based on their assessment of risk. When determining and putting in place appropriate risk-based systems and controls, the reporting entity must have regard to the nature, size and complexity of its business and the type of AML/CFT risk that it might reasonably face, considering its customer types, including any politically exposed persons, the types of designated services it provides, the methods by which it delivers designated services and the foreign jurisdictions with which it deals.

27.3.4 FATF Assessment

Australia was last reviewed in 2005, where it was found to be compliant with approximately half of the FATF Recommendations. However, this review was carried out before the implementation of the current AML law, which strengthened the regime. The process for the next review will likely commence in 2014.

27.3.5 The Primary AML Investigation/Regulatory Authorities

27.3.6 Outline of Specific Money-laundering Offences

It is an offence in Australia to deal with money or property that is either the proceeds of, or may become an instrument of, crime. A person deals with money or other property if they:

• Receive, possess, conceal or dispose of money or other property;
• Import into or export from Australia money or property; or
• Engage in banking transactions relating to money or other property.

It is also an offence to:

• Produce false or misleading information;
• Produce a false or misleading document;
• Forge a document for use in an applicable customer identification procedure;
• Provide or receive a designated service using a false customer name or customer anonymity;
• Structure a transaction to avoid a reporting obligation under this Act;
• Disclose information regarding a suspicious transaction report to anybody other than AUSTRAC.

“Proceeds of crime” is defined as any money or other property that is wholly or partly derived or realised, directly or indirectly, by any person from the commission of an offence against a law of the Commonwealth, a State, a Territory or a foreign country that may be dealt with as an indictable offence (even if it may, in some circumstances, be dealt with as a summary offence).

The prosecution does not have to prove what the underlying offence was, or who committed it, in order to obtain a money-laundering conviction.

In addition to the above, persons that:

• Aid, abet, counsel, procure the commission of a money-laundering offence; or
• Urge the commission of a money-laundering offence; or
• Conspire to commit a money-laundering offence

will be guilty of the principal money-laundering offence.

27.3.7 Penalties

Sections 400.3–400.8 of the Criminal Code set out a sliding scale of six money-laundering offences structured according to the value of the money or property involved. Section 400.3 applies where the value of the money or property is worth $1 million or more. At the bottom end of the scale, Section 400.8 applies to offences where the money or property is of any value.

Each section is further structured according to the element of fault involved. The most serious offence is committed where the money or property is, and the person believes it to be, the proceeds of crime, or intends that it will become an instrument of crime. The mid-level offence is committed in circumstances where the money or property is the proceeds of crime or there is a risk that it will become an instrument of crime and the person is reckless as to those facts. The lowest level offence is committed where the person is negligent as to the facts.

Penalties are on a sliding scale according to the value of the money or property and the seriousness of the fault element. The maximum penalty is 25 years' imprisonment or a fine of AUD 165,000, or both.

27.3.8 AML/CFT Programme

A reporting entity must put in place and maintain an AML/CFT programme. Generally, an AML/CFT programme must be divided into two distinct parts: Parts A and B.

27.3.9 Role of the MLRO/Nominated Officer

Part A must provide for the reporting entity to designate a person as the “AML/CTF Compliance Officer” at the management level. The AML/CTF Compliance Officer may have other duties in addition to their role as Compliance Officer.

27.3.10 Due Diligence

The Rules provide that different CDD requirements apply for different types of customer.

27.3.11 Ongoing Monitoring

Part A must be subject to regular independent review. The review may be carried out by either an internal or external party. The purpose of the review should be to:

• Assess the effectiveness of the Part A programme having regard to the ML/TF risk of the reporting entity;
• Assess whether the Part A programme complies with these Rules;
• Assess whether the Part A programme has been effectively implemented; and
• Assess whether the reporting entity has complied with its Part A programme.

The result of the review, including any report prepared, must be provided to the governing board and senior management.

A reporting entity must be able to determine whether any further KYC information should be collected in respect of customers for ongoing customer due diligence purposes, and whether and in what circumstances KYC information should be updated or verified for ongoing CDD purposes.

A reporting entity must also include a transaction-monitoring programme in Part A of its AML/CFT programme to identify, having regard to ML/TF risk, any transaction that appears to be suspicious. The transaction-monitoring programme should have regard to complex, unusual, large transactions and unusual patterns of transactions, which have no apparent economic or visible lawful purpose.

27.3.12 Staff Training

Part A must include an ML/TF risk awareness training programme. The ML/TF risk awareness training programme must be designed so that the reporting entity gives its employees appropriate training at appropriate intervals, having regard to the ML/TF risks it may reasonably face. It must be designed to enable employees to understand:

• The obligations of the reporting entity under the AML/CTF Act and Rules;
• The consequences of non-compliance with the AML/CTF Act and Rules;
• The type of ML/TF risk that the reporting entity might face and the potential consequences of such risk; and
• Those processes and procedures provided by the reporting entity's AML/CFT programme that are relevant to the work carried out by the employee.

Employees must be subject to an appropriate due diligence screening programme.

27.3.13 Record-keeping

A reporting entity must make a record of a designated service and related documentation, and keep these for seven years. It must also retain a record of an applicable customer identification procedure for seven years after the end of the reporting entity's relationship with the relevant customer. A reporting entity must retain a copy of its anti-money-laundering and counter-terrorism-financing programme.

27.3.14 Reporting Requirements

Reporting entities are required to enrol with AUSTRAC and to keep enrolment details up to date. A reporting entity must submit to AUSTRAC a report relating to the reporting entity's compliance with this Act, the regulations and the AML/CFT Rules during the reporting period. The report must cover the calendar year and be submitted by 31st March of the following year.

27.3.15 Suspicious Transaction Reporting

Part A of a reporting entity's AML/CFT programme must include:

• The obligations that apply to the reporting; and
• Appropriate systems and controls of the reporting entity designed to ensure compliance with the reporting obligations of the reporting entity.

A reporting entity must submit a suspicious transaction report to AUSTRAC if:

• It suspects a customer is not who they say they are;
• It suspects evasion of any taxation, money laundering or other law;
• It suspects involvement in terrorism financing.

The report should be submitted within 24 hours for any terrorism suspicions, and three business days for other issues.

A reporting entity must report a transaction that involves the transfer of physical or e-currency amounting to not less than AU$10,000 (“a threshold transaction”) to AUSTRAC within ten business days of it occurring.

27.3.16 Penalties

Pecuniary penalties are payable for contravention of civil penalty provisions. Authorised officers, customs officers and police officers may issue infringement notices for unreported cross-border movements of physical currency and bearer negotiable instruments.

In determining the pecuniary penalty, the Federal Court must have regard to all relevant matters, including:

• The nature and extent of the contravention;
• The nature and extent of any loss or damage suffered as a result of the contravention;
• The circumstances in which the contravention took place;
• Whether the person has previously been found by the Federal Court in proceedings under this Act to have engaged in any similar conduct;
• If the Federal Court considers that it is appropriate to do so, whether the person has previously been found by a court in proceedings under a law of a State or Territory to have engaged in any similar conduct;
• If the Federal Court considers that it is appropriate to do so, whether the person has previously been found by a court in a foreign country to have engaged in any similar conduct; and
• If the Federal Court considers that it is appropriate to do so, whether the person has previously been found by a court in proceedings under the Financial Transaction Reports Act 1988 to have engaged in any similar conduct.

The pecuniary penalty payable by a body corporate must not exceed 100,000 penalty units ($11,000,000). The pecuniary penalty payable by a person other than a body corporate must not exceed 20,000 penalty units ($2,200,000).

The AUSTRAC CEO is to monitor compliance by reporting entities with their obligations under this Act. The AUSTRAC CEO may give a remedial direction to a reporting entity that has contravened a civil penalty provision. The Federal Court may grant injunctions in relation to contraventions of civil penalty provisions.

27.3.17 Changes to AML/CFT Rules

Australian AML/CFT regulations are in the process of change as this book is going to print, a full description of which can be found at http://www.austrac.gov.au/draft-amlctf-rules.html.

27.3.18 Case Studies

As stated above, the Australian authorities have been active in taking action against money laundering and terrorist financing. The following two cases illustrate the type of transactions that have been identified in practice.

In a recent case, AUSTRAC information assisted authorities with an investigation into a company suspected of a multi-million-dollar duty-free fraud. The investigation resulted in the company and its two directors being convicted of fraud-related charges.

The investigation revealed that, over a three-year period, a complex arrangement was set up where the directors of the company, which traded as a duty-free store, sold large quantities of “underbond” cigarettes (cigarettes on which excise duty had not been paid).

The directors sold the cigarettes and profited by avoiding paying the required customs and excise duty. In total, authorities believe that the suspects evaded more than AUD 2.5 million in tax.

In accordance with AML/CFT reporting requirements, reporting entities submitted a range of financial transaction reports indicating suspicious activity by the company and its directors, involving currency exchange business and casinos. Authorities believe the suspects undertook a range of activities to launder and hide the substantial proceeds of the cigarette sales.

One of the directors travelled regularly to Cambodia and would visit currency exchange businesses in Australia to convert funds to US dollars before each trip. When converting currency amounts worth more than AUD 10,000, the two directors regularly refused to complete significant cash transaction reports (SCTRs), instead opting to structure the cash into smaller amounts to avoid the SCTR-reporting requirement.

This structuring activity led to a total of 44 suspect transaction reports (SUSTRs) being submitted about the two directors, with the majority coming from a currency exchange business. It was also reported that the suspects had asked reporting entities whether or not their transactions would be recorded and reported to the Australian Taxation Office (ATO), a further indication that they were involved in illegal activity and were concerned about attracting the attention of authorities.

AUSTRAC also received SUSTRs from a casino, highlighting one suspect's continued use of a casino account to deposit and withdraw funds, despite undertaking limited gambling activity. The reports indicated the suspect was a regular patron at the casino. While the suspect's gambling activity remained limited, the amounts gambled had increased substantially over an eight-year period. It was also reported that the suspect had collaborated with a number of third parties while depositing and withdrawing funds at the casino.

In all, AUSTRAC information showed that the two directors and associates made cash deposits worth more than AUD 20 million into their business banking account.

The company and its directors were convicted and ordered to repay the AUD 2.5 million in tax they had evaded. In addition, they were ordered to pay penalties of more than AUD 600,000, as well as the Commonwealth's legal costs of AUD 140,000. The convictions finalised a long-running and complex investigation.

In another case, an Australian-based mining company initiated an internal investigation after it was suspected an employee had stolen more than AUD 1.1 million over a three-year period. The company identified the suspect through internal audit processes and the matter was referred to law-enforcement authorities for further investigation.

The law-enforcement investigation revealed that the suspect, an accountant employed by the company, had abused his position of trust by systematically making a series of unauthorised international transfers over a three-year period. The transfers were made from a company account to a number of offshore accounts held in the suspect's name and a number of his family members' names.

A suspect transaction report (SUSTR) submitted by a bank suggested that an outgoing international funds transfer instruction (IFTI) of AUD 27,500 from the suspect's personal account appeared to be sourced from company funds. The suspect was the beneficiary of the IFTI and bank staff noticed that four days prior to the IFTI, the exact amount of AUD 27,500 was transferred into the suspect's account from a company account.

AUSTRAC analysis found a number of transaction reports linked to the suspect. These supported the allegation of theft and identified the significant extent of the financial activity undertaken by the suspect.

AUSTRAC information revealed that the suspect was the beneficiary of 17 outgoing IFTIs to India in amounts of between AUD 2,400 and AUD 33,400. Funds were sent from either the suspect's personal Australian-based bank account or from the company's account. In total, approximately AUD 300,000 was transferred, all believed to be the proceeds of the theft.

Law-enforcement officers contacted the suspect while he was overseas. The suspect surrendered to authorities on his return to Australia. The suspect was charged with ten counts of stealing and sentenced to seven years' imprisonment. After serving four years, the suspect was deported from Australia.

27.4.1 Overview

The location of the Bahamas as an offshore financial centre means that it attracts drug trafficking more than it does money laundering. As of 2007, 14 ML prosecutions had been instituted in the Bahamas and over $6.6 million of forfeited proceeds had been placed in the Confiscated Assets Fund.

27.4.2 Key Legislation

The Proceeds of Crime Act 2000 provides the main money-laundering offences, supplemented by various other statutes and the Central Bank of the Bahamas' AML guidelines. At the time of writing, the Compliance Commission Codes of Practice were being revised and no information regarding the changes had been released.

27.4.3 Legislative History

The first money-laundering-deterrence legislation passed related to drug trafficking. This was initially criminalised through the implementation of the Forfeiture of Proceeds of Drug Trafficking Act 1987.

The Bahamas was one of the first nations to incorporate into legislation the UN Convention Against the Illicit Trafficking of Narcotics and Psychotropic Substances. The IMF noted, in its review, that there was adherence with the FATF's “40 + 9” recommendations, which can be found in the preventative measures of the Central Bank of the Bahamas.

There are five main bodies of law that currently constitute the legal framework for money-laundering deterrence operating in the Bahamas:

• The Proceeds of Crime Act 2000;
• The Financial Intelligence Unit Act 2000;
• The Financial Transactions Reporting Act 2000, amended in 2003 by The Financial Transactions Reporting Regulations;
• The Anti Terrorism Act 2004;
• The Financial Transactions Reporting (Wire Transfers) Regulations 2009.

The Central Bank of the Bahamas issued revised AML/CFT guidelines in March 2011. The Securities Commission released its guidelines for Licensees/Registrants on the Prevention of Money Laundering and Countering Terrorist Financing.

27.4.4 FATF Assessment

The most recent FATF mutual assessment of the Bahamas, published in 2007, was positive, describing the regime as robust, coherent and comprehensive.

27.4.5 The Primary AML Investigation/Regulatory Authorities

27.4.6 Outline of Specific Money-laundering Offences

There are three main money-laundering offences in The Bahamas.

Section 40 of the Proceeds of Crime Act provides that “a person is guilty of the offence of money laundering if he uses, transfers, sends or delivers to any person or place any property which, in whole or in part, directly or indirectly represents proceeds of criminal conduct; or disposes of, converts, alters or otherwise deals with that property in any manner and by any means with the intent to conceal or disguise such property”. This offence can be committed on the basis of knowledge or reasonable grounds for suspicion that the property is the proceeds of crime.

It is also an offence for a person to assist another to retain or live off the proceeds of criminal conduct knowing, suspecting or having reasonable grounds to suspect that the other person is, or has been, engaged in, or has benefited from, criminal conduct.

A person is also guilty of an offence if he knows, suspects or has reasonable grounds to suspect that any property, in whole or in part, directly or indirectly represents another person's proceeds of criminal conduct, and he acquires or uses that property or has possession of it.

27.4.7 Defences

It is a defence for a person to prove that he or she did not know, suspect or have reasonable grounds to suspect that:

• The arrangement in question related to any person's proceeds of criminal conduct; or
• The arrangement facilitated the retention or control of any property by or on behalf of the suspected person; or
• By arrangement any property was used as mentioned above.

Furthermore, it is a defence for a person to prove that he intended to disclose to a police officer a suspicion, belief or matter that any funds or property were derived from, or used in connection with, criminal conduct, but there is a reasonable excuse for failing to do so.

27.4.8 Risk-based Approach

The guidelines prescribe the operation of a risk-based approach based on the development of a risk-rating framework which should include, as a minimum:

• Differentiation of client relationships by risk categories (such as high, moderate or low);
• Differentiation of client relationships by risk factors (such as products, client type/profession, country of domicile, complexity of ownership and legal structure, source of business, type of assets, size and volume of transactions, type of transactions, cash transactions, adherence to client activity profile);
• The Know Your Customer (KYC) documentation and due diligence information requirements appropriate for each risk category and risk factor; and
• A process for the approval of the downgrading/upgrading of risk ratings.

The risk-rating framework should provide for the periodic review of the customer relationship to allow the licensee to determine whether any adjustment should be made to the risk rating. The review of the risk rating for high-risk customers may be undertaken more frequently than for other customers, and a determination made by senior management as to whether the relationship should be continued. All decisions regarding high-risk relationships and the basis for these decisions should be documented.

Licensees should monitor both potential and existing customers.

27.4.9 Role of the MLRO/Nominated Officer

Licensed firms are required to appoint an MLRO. Under the March 2011 Guidelines, all licensees are required to:

• Introduce procedures for the prompt investigation of suspicions and, if appropriate, subsequent reporting to the FIU;
• Ensure that the MLRO and the Compliance Officer as well as any other persons appointed to assist them, have timely access to systems, customer records and all other relevant information which they require to discharge their duties;
• Establish close cooperation and liaise with the central bank;
• Notify the central bank of the name(s) of the MLRO and the Compliance Officer;
• Include in the notification a statement that the MLRO and the Compliance Officer are fit and proper persons;
• Notify the central bank where there are any changes to the MLRO and the Compliance Officer.

A licensee may choose to combine the functions of the Compliance Officer with that of the MLRO, depending upon the scale and nature of business. The roles might be assigned to its inspection, fraud or compliance functions.

The MLRO should be sufficiently senior to command the necessary authority. The MLRO is required to determine whether the information or other matters contained in the transaction report he or she has received gives rise to a knowledge or suspicion that a customer is engaged in money laundering or the financing of terrorism. In making this judgment, the MLRO should have timely access to all other relevant information such as customer identification data and other CDD information transaction records available for a licensee concerning the person or business to which the initial report relates. This may include a review of other transaction patterns and volumes through the account or accounts in the same name, the length of the business relationship and reference to identification records held.

If, after completing this review, the MLRO decides that the initial report gives rise to a knowledge or suspicion of money laundering or terrorist financing, then the MLRO must disclose information about the former to the FIU and about the latter to the Commissioner of Police.

It would be prudent, for the MLRO's own protection, for internal procedures to require that only written reports of suspicious transactions are submitted to the MLRO, who should record his or her determination in writing and the underlying reasons for their decisions.

27.4.10 Due Diligence

Customer identification is based on the following two important aspects of knowing your customer:

• Being satisfied that a prospective customer is who he/she claims to be and is the ultimate client; and
• Ensuring that sufficient information is obtained on the nature of the business that the customer expects to undertake, and any expected or predictable pattern of transactions.

This information should be updated as appropriate, and as opportunities arise.

Licensees should observe the following timeframes when seeking to verify the identity of their customers:

• In the case of prospective customers, licensees must verify customer identity before permitting such customers to become facility holders.
• Whenever the amount of cash involved in an occasional transaction exceeds $15,000, the identity of the person who conducts the transaction should be verified before the transaction is conducted.
• Whenever the amount of cash involved in an occasional transaction exceeds $15,000 and it appears that the person is conducting the transaction on behalf of another person, the identities of the third parties must be verified before the transaction is conducted.
• Whenever it appears that two or more (occasional) transactions are, or have been, deliberately structured to avoid lawful verification and the aggregate amount of cash involved in the transaction(s) exceeds $15,000, verification should be conducted as soon as practicable after the licensee becomes aware of the foregoing circumstances.
• Whenever a licensee knows, suspects or has reasonable grounds to suspect that a customer is conducting or proposes to conduct a transaction which involves the proceeds of criminal conduct; or is an attempt to avoid the enforcement of the POCA, verification should take place as soon as practicable after the licensee has knowledge or suspicion in respect of the relevant transaction.
• Whenever a licensee has reasonable grounds to suspect that financial services are related to, or are to be used to facilitate, an offence under the Anti-Terrorism Act, verification should take place as soon as practicable after such suspicions arise.

Where satisfactory evidence of identity is required, no transaction should be conducted over the facility pending receipt of identification evidence and information. Documents of title should not be issued, nor income remitted (though it may be re-invested) in the absence of evidence of identity.

27.4.11 Ongoing Monitoring

Licensees are required to make arrangements to verify, on a regular basis, compliance with internal policies, procedures and controls relating to money-laundering and terrorist-financing activities, in order to satisfy management that the requirements under the law and in these guidelines, to maintain such procedures, have been discharged. Larger licensees should assign this role to their Internal Audit Department. Smaller licensees may wish to introduce a regular review by the board of directors or their external auditors.

Licensees should monitor the conduct of the relationship/account to ensure that it is consistent with the nature of business stated when the relationship/account was opened, the extent of which will depend on the risk associated with the customer. They should be aware of any significant changes or inconsistencies compared to the original stated purpose of the account. Possible areas to monitor could be:

• Transaction type
• Frequency
• Amount
• Geographical origin/destination
• Account signatories.

27.4.12 Staff Training

Licensees should also establish and implement appropriate policies and procedures to ensure high standards are being followed when hiring employees. To this end, licensees should have in place screening procedures, which should involve making diligent and appropriate enquiries about the personal history of the potential employee and taking up appropriate references on the individual.

Licensees must take appropriate measures to make employees aware of:

• Policies and procedures put in place to detect and prevent money laundering and to counter the financing of terrorism, including those for identification, record-keeping, the detection of unusual and suspicious transactions and internal reporting; and
• The relevant legislation pertaining to AML/CFT, and to provide relevant employees with training in the recognition and handling of suspicious transactions.

At least once per year, financial institutions shall provide relevant employees with appropriate training in the recognition and handling of transactions carried out by persons who may be engaged in money laundering. The following is recommended:

27.4.13 Record-keeping

Financial institutions are required to retain records concerning customer identification and transactions for use as evidence in any investigation into money laundering or terrorist financing. The records prepared and maintained by a licensee on its customer relationships and transactions should be such that:

• The requirements of legislation are fully met;
• Competent third parties will be able to assess the licensee's observance of AML/CFT policies and procedures;
• Any transactions effected via the licensee can be reconstructed; and
• The licensee can satisfy court orders or enquiries from the appropriate authorities.

Regarding CDD, licensees must keep such records as are reasonably necessary to enable the nature of the evidence used for the purposes of that verification to be readily identified by the FIU. Records relating to the verification of the identity of facility holders must be retained for at least five years from the date a person ceases to be a facility holder, i.e. the end of the business relationship or the date of the last transaction.

Transaction records must be kept for a minimum period of five years after the transaction has been completed. The investigating authorities need to be able to compile a satisfactory audit trail for suspected laundered money or terrorist financing and to be able to establish a financial profile of any suspect account/facility.

At a minimum, the records relating to transactions which must be kept must include the following information:

• The nature of the transaction;
• Details of the transaction including the amount of the transaction, and the currency in which it was denominated;
• The date on which the transaction was conducted;
• Details of the parties to the transaction; and
• Where applicable, the facility through which the transaction was conducted, and any other facilities directly involved in the transaction.

Records of suspicions which were raised internally with the MLRO but not disclosed to the authorities should be retained for at least five years from the date of the transaction. Records of suspicions which the authorities have advised are of no interest should be retained for a similar period. Likewise, records of a licensee's findings of its enquiries into unusual activity should also be retained for a minimum of five years.

27.4.14 Suspicious Transaction Reporting

Where a transaction is inconsistent in amount, origin, destination or type with a client's known, legitimate business or personal activities, or has no apparent economic or visible lawful purpose, the transaction must be considered unusual, and the staff member put “on enquiry” as to whether the business relationship is being used for money-laundering purposes or to finance terrorism.

Where the staff member conducts enquiries and obtains what he considers to be a satisfactory explanation of the unusual transaction, or unusual pattern of transactions, he may conclude that there are no grounds for suspicion, and therefore take no further action as he is satisfied with matters. However, where the enquiries conducted by the staff member do not provide a satisfactory explanation of the transaction, he may conclude that there are grounds for suspicion requiring the filing of an STR to the FIU.

27.4.15 Penalties

Licensees should be aware that there are a number of offences which arise from failing to comply with certain obligations imposed under the AML Law and supplementary regulations, and criminal prosecution and/or penalties can be imposed. In particular, under the FIUA and The Financial Intelligence (Transactions Reporting) Regulations, where a financial institution fails to comply with the requirements of guidelines issued by the FIU or the central bank, these penalties can range from a fine of $10,000 on summary conviction or $50,000 for a first offence and $100,000 for any subsequent offence on conviction in the Supreme Court. Licensees should also be aware that the central bank also has authority under the Financial Transactions Reporting (Wire Transfers) Regulations to impose civil penalties of up to $2,000 for non-compliance with those laws and with the guidelines.

27.4.16 Case Studies

According to the US State Department Money Laundering Report 2012, there were no prosecutions or convictions for money laundering in the Bahamas in 2011.

27.5.1 Overview

Barbados had previously appeared on the list of countries that caused concern for a lack of compliance when assessed by the FATF. It has recently been deemed mostly compliant by both the FATF and the regional body the CFATF. The Caribbean Financial Action Task Force (CFATF) is an organisation of states and territories of the Caribbean basin which has agreed to implement common countermeasures against money laundering. The CFATF originated in early 1990 and holds observer status with the FATF.

The 2008 FATF assessment noted that, generally, serious crime in Barbados has been on the decline. With the advent of more stringent controls in financial institutions, there have been increased attempts at structuring transactions to avoid reporting thresholds, but these have been mitigated by financial institutions risk profiling their client bases.

27.5.2 Key Legislation

The Money Laundering and Financing of Terrorism (Prevention and Control) Act 2011-23 is the primary AML legislation. The Revised Central Bank AMLA Guidelines provide further money-laundering-deterrence guidance for banks.

27.5.3 Legislative History

Money laundering in Barbados was first criminalised in 1990 through the implementation of the Proceeds of Crime Act, CAP 143 (POCA). A more focussed treatment on money-laundering-deterrence legislation was introduced by the implementation of the Money Laundering (Prevention and Control) Act (CAP 129), 1998-38 (MLPCA).

In 2000, the Anti-Money Laundering Authority and the financial intelligence unit (FIU) were established to supervise the financial sector.

The key regulations operating in Barbados arise from the implementation of the following legislation:

• Money Laundering and Financing of Terrorism (Prevention and Control) Act 2002;
• Money Laundering and Financing of Terrorism (Prevention and Control) Act, 2011;
• Money Laundering (Prevention and Control) Act 1998;
• Anti-Terrorism Act 2000;
• Proceeds of Crime Act 1990;
• Drug Abuse (Prevention and Control) Act 1990;
• Mutual Assistance Criminal Matters Act 1992.

27.5.4 FATF Assessment

The 2008 evaluation found Barbados to be partially compliant or not compliant with 27 of the 40+9 recommendations. However, the 2012 Progress Report noted that most of the recommendations have been complied with within the new AML legislation. In addition to this, further legislation and guidelines are being considered.

27.5.5 The Primary AML Investigation/Regulatory Authorities

27.5.6 Outline of Specific Money-laundering Offences

Under the Money Laundering and Financing Of Terrorism (Prevention And Control) Act, Section 5, a person engages in money laundering where:

• The person engages, directly or indirectly, in a transaction that involves money or other property or a benefit that is proceeds of crime; or
• The person receives, possesses, conceals, disposes of or brings into, or sends out of, Barbados any money or other property or a benefit that is proceeds of crime.

Furthermore, a person engages in money laundering where he knows, or has reasonable grounds to suspect, that the property or benefit is derived or realised, directly or indirectly, from some form of unlawful activity or, where the person is:

• An individual other than a person referred to below, where he fails, without reasonable excuse, to take reasonable steps to ascertain whether or not the property or benefit is derived or realised, directly or indirectly, from some form of unlawful activity; or
• A financial institution or a non-financial business entity or professional, where the financial institution or non-financial business entity or professional fails to take reasonable steps to implement or apply procedures to control or combat money laundering.

27.5.7 Penalties

A person who engages in money laundering is guilty of an offence and is liable on:

• Summary conviction, to a fine of $200,000 or to imprisonment;
• Conviction on indictment, to a fine of $2,000,000 or to imprisonment for 25 years or to both.

A person who aids, abets, counsels or procures, the commission of, or conspires to commit, the offence of money laundering is guilty of an offence and is liable on:

• Summary conviction, to a fine of $150,000 or to imprisonment for four years or to both; or
• Conviction on indictment, to a fine of $1,500,000 or to imprisonment for 15 years or to both.

27.5.8 Scope

The AML Act applies to “financial institutions”, which means a person who conducts, as a business:

• Acceptance of deposits and other repayable funds from the public, including private banking.
• Lending, including consumer credit, mortgage credit, factoring (with or without recourse) and financing of commercial transactions, including forfeiting.
• Financial leasing other than with respect to arrangements relating to consumer products.
• Money or value transmission services.
• Issuing and managing means of payment, including credit and debit cards, travellers' cheques, money orders and bankers' drafts, and electronic money.
• Issuing financial guarantees and commitments.
• and various other financial institutions defined in the Act.

27.5.9 Risk-based Approach

Barbados has implemented a risk-based approach in line with the CFATF guidelines.

CBB and AMLA have together produced risk-based approach guidelines. AMLA oversees the national regulatory framework and makes the final decision on revisions to laws and guidelines.

It has also incorporated provisions for risk-based supervision. The licensees are themselves required to undergo risk profiling by the regulators. Similarly to the risk-based approach, there are advisory and obligatory requirements. The first allows financial institutions to find an equivalent measure in its origination, with comparable results.

27.5.10 Role of the MLRO/Nominated Officer

A financial institution shall:

• Identify a person to whom an employee is to report any information that comes to the attention of the employee in the course of his employment and gives rise to knowledge or suspicion by the employee that another person is engaged in money laundering or the financing of terrorism; and
• Enable the person identified in accordance with the above to have reasonable access to information that may be relevant to determining whether a sufficient basis exists to report the matter in accordance with the AML Act.

A report may be made by letter, facsimile or mechanical or electronic means.

The AMLA Guidelines expand on the role of the Compliance Officer. All licensees should designate a suitably qualified person with the appropriate level of authority, seniority and independence as Compliance Officer. The Compliance Officer should be independent of the receipt, transfer or payment of funds, or management of customer assets and should have timely and uninhibited access to customer identification, transaction records and other relevant information. The powers and reporting structure of the officer should be conducive to the effective and independent exercise of duties.

The Compliance Officer should:

• Undertake responsibility for developing compliance policies;
• Develop a programme to communicate policies and procedures within the entity;
• Monitor compliance with the licensee's internal AML programme;
• Receive internal reports and consider all such reports;
• Issue, in his/her own discretion, external reports to the authority as soon as practicable after determining that a transaction warrants reporting;
• Monitor the accounts of persons for whom a suspicious report has been made;
• Establish and maintain ongoing awareness and training programmes for staff at all levels;
• Establish standards for the frequency and means of training;
• Report at least annually to the board of directors (or relevant oversight body in the case of branch operations) on the operations and effectiveness of the systems and controls to combat money laundering and the financing of terrorism;
• Review compliance policies and procedures to reflect changes in legislation or international developments;
• Participate in the approval process for high-risk business lines and new products, including those involving new technologies; and
• Be available to discuss with the bank or the FIU matters pertaining to the AML/CFT function.

27.5.11 Due Diligence

Under the AML legislation, financial institutions are obliged to take reasonable measures to:

• Establish the true identity of a customer; and
• Verify the identity of a customer by means of reliable documents, data or information from an independent source, where:
  • the customer requests the institution to enter into a business arrangement or conduct an occasional transaction with the customer;
  • doubt exists about the veracity or adequacy of customer identification data previously obtained in respect of the customer; or
  • there is a suspicion of money laundering or financing of terrorism in connection with the customer.

The guidelines add that as part of their due diligence process, licensees should:

• Establish procedures for obtaining identification information on new customers so as to be satisfied that a prospective customer is who he claims to be.
• Use reasonable measures to verify and adequately document the identity of the customer or account holder at the outset of a business relationship. This process should include, where appropriate:
  • taking reasonable measures to understand the ownership and control structure of the customer;
  • obtaining reliable data or information from an independent source on the purpose and intended nature of the business relationship, the source of funds and source of wealth, where applicable; and
  • discontinuing the transaction if customer documentation information is not forthcoming at the outset of the relationship.

• Employ enhanced due diligence procedures for high-risk customers or transactions.
• Update identification records, on a risk-focussed basis, to ensure that all existing customer records are current and valid and conform to any new requirements.
• Monitor account activity throughout the life of the business relationship in accordance with Section 16 of the MLFTA.
• Review the existing records if there is a material change in how the account is operated or if there are doubts about previously obtained customer identification data.

Generally, licensees should not accept funds from prospective customers unless the necessary verification has been completed. In exceptional circumstances, where it would be essential not to interrupt the normal conduct of business (e.g. non-face-to-face business and securities transactions), verification may be completed after establishment of the business relationship. Should this be determined to be an acceptable risk, licensees should adopt risk-management procedures with respect to the conditions under which a customer may utilise the business relationship prior to verification. If the requirements are not met, and it is determined that the circumstances give rise to suspicion, the licensee should make a report to the authority.

27.5.12 Ongoing Monitoring

A financial institution shall exercise ongoing due diligence with respect to every business arrangement and closely examine the transactions conducted in the course of such an arrangement to determine whether the transactions are consistent with its knowledge of the relevant customer, his commercial activities, if any, and risk profile and, where required, the source of his funds.

27.5.13 Staff Training

A financial institution shall:

• Take appropriate measures for the purpose of making employees aware of the laws of Barbados relating to money laundering and the financing of terrorism, and the procedures and related policies established and maintained by the institution pursuant to this Part; and
• Provide employees with appropriate training in the recognition and handling of transactions involving money laundering or the financing of terrorism.

Regarding the overall training programme, a licensee should cover topics pertinent to its operations and should be informed by developments in international AML/CFT standards. Training should be general as well as specific to the area in which the trainees operate. As staff members move between jobs, their training needs for AML/CFT may change.

In order to provide evidence of compliance with the AML Act, at a minimum, a licensee should maintain the following information:

• Details and contents of the training programme provided to staff members;
• Names of staff receiving the training;
• Dates that training sessions were held;
• Test results carried out to measure staff understanding of money-laundering and terrorist-financing requirements; and
• An ongoing training plan.

27.5.14 Record-keeping

A financial institution shall establish and maintain business transaction records of all business transactions, and where evidence of the identity of a person is obtained, a record that indicates the nature of the evidence obtained and comprises either a copy of the evidence or such information as would enable a copy of the evidence to be obtained.

Records of business transactions shall be kept for a period of no less than five years from the termination of the business arrangement, the transaction, where the transaction is an occasional transaction, or such longer period as the authority may, in any specific case, direct.

Identity records shall be kept:

• Where evidence of the identity of a person is obtained pursuant to a business arrangement or the conduct of an occasional transaction, for as long as the records established in respect of the business arrangement or occasional transaction are kept; or
• In any other case, for a period of no less than five years from the making of the record.

The guidelines provide that licensees should maintain records related to unusual and suspicious business transactions for no less than five years. These should include:

• All reports made by staff to the Compliance Officer.
• The internal written findings of transactions investigated. This applies irrespective of whether a suspicious report was made.
• Consideration of those reports and of any action taken.
• Reports by the Compliance Officer to senior management and the board of directors.

27.5.15 Internal Reporting

To facilitate the detection of suspicious transactions, a licensee should:

• Require customers to declare the source and/or purpose of funds for business transactions in excess of threshold limits, or such lower amount as the licensee determines, to reasonably ascertain that funds are not the proceeds of criminal activity. Appendix 8 of the guidelines indicates a specimen of a Declaration Source of Funds (DSOF) form. Where electronic reports are employed instead of the form, they should capture the information included in the appendix and should be signed by the customer.
• Develop written policies, procedures and processes to provide guidance on the reporting chain and the procedures to follow when identifying and researching unusual transactions and reporting suspicious activities.
• Identify a suitably qualified and experienced person to whom unusual and suspicious reports are channelled. The person should have direct access to the appropriate records to determine the basis for reporting the matter to the authority.
• Require its staff to document in writing their suspicion about a transaction.
• Require documentation of internal enquiries.

27.5.16 Suspicious Transaction Reporting

A financial institution shall monitor and report to the Reports Director:

• Any business transaction where the identity of the person involved, the transaction or any other circumstance concerning the transaction gives the institution or any officer or employee of the institution reasonable grounds to suspect that the transaction:
  • involves proceeds of crime;
  • involves the financing of terrorism; or
  • is of a suspicious or an unusual nature.

• Any exchange of currency or instruction for the transfer of international funds, whether by telegraph or wire, into and out of Barbados, where the transaction appears to be of a suspicious or an unusual nature.

Subject to certain exceptions, where:

• A person transfers Barbadian currency or foreign currency into or out of Barbados; and
• The currency is more than $10, 000 in value,

the person shall make a report in respect of the transfer in accordance with this section unless permission for the transfer is obtained under the Exchange cap 71 Control Act.

27.5.17 Internal Policies

A financial institution shall:

• Develop and implement internal policies, procedures and controls to combat money laundering and the financing of terrorism;
• Develop audit functions to evaluate such policies, procedures and terrorism controls; and
• Develop a procedure to audit compliance with this Act.

27.5.18 Penalties

A financial institution or a non-financial business entity or professional who does not maintain business transaction records is guilty of an offence and is liable on conviction on indictment to a fine of $100,000.

A person who contravenes the reporting requirements is guilty of an offence and is liable:

• On summary conviction, to a fine of $10,000 or to imprisonment for two years;
• On conviction on indictment, to a fine of $200,000 or to imprisonment for five years.

A financial institution or a non-financial business entity or professional who does not make a suspicious transaction report as required under the Act, and in the case of a non-financial business entity or professional, by virtue of Section 4, is guilty of an offence and is liable on conviction on indictment to a fine of $100,000.

For other breaches of the AML Act and regulations, the financial institution can be fined $5,000 plus $500 per day the breach remains unremedied.

27.5.19 Case Studies

In December 2011, a Barbados-born baggage handler at JFK airport was convicted of drug trafficking and financial crimes. He targeted a daily flight from Barbados, and utilised secret panels inside planes and passengers' luggage to remove narcotics from the jurisdiction.

In May 2013, a pregnant woman was sentenced to 12 months in prison after she passed out 17 parcels of marijuana weighing half a pound at a Barbados hospital. She had arrived in Barbados from Trinidad, cleared immigration and was then interviewed by the police, arrested and taken to the hospital to be examined by a doctor. She said that she was pregnant and this was confirmed by ultrasound. The young woman also admitted that she had ingested drugs and tests revealed contraband in her digestive system.

She admitted in court that she was smuggling the ganja to support her family and pleaded guilty to possession of cannabis, possession with intent to supply, trafficking in the drug and importing the drug, having been paid $5,000 to do so.

27.6.1 Overview

According to the FATF, the money-laundering risks in Brazil are higher in relation to the border areas and the informal economy. The banking sector is perceived to face greater money-laundering risk in the business areas of foreign exchange and private banking.

Money-laundering risk has also been detected in the securities sector through the use of brokers to deposit funds and the conduct of stock market transactions. In the insurance sector, accumulation, life and pension/retirement products are perceived as being the most vulnerable to money laundering.

Some cases of illicit drugs being exchanged for precious stones have been detected, although this is uncommon, as profit margins for precious stones sold on the open market are relatively low because most of the precious stone trade conducted in Brazil is carried out on the wholesale export market and the retail market is residual. No money-laundering cases have been detected in the closed pension funds sector.

27.6.2 Key Legislation

The primary AML legislation in Brazil is Law 12,683 of 9th July, 2012, which provides substantial amendments to Law 9,613 of 1st March, 1998, but does not completely replace it. Therefore, a number of sections of Law 9,613 remain in force. Supplementary regulations can be found in various resolutions passed by COAF, which are highlighted in the relevant sections of this profile.

27.6.3 Legislative History

The previous anti-money-laundering legislation in Brazil was Law 9,613 of 1st March, 1998. However, this legislation had fundamental flaws for which Brazil has been widely criticised, in particular for the country's lack of speed in amending it! Ironically, on this point, despite passing the new legislation in July 2012, the date for it coming into force was postponed to the following year.

Under the old legislation, money laundering was only a criminal offence if it involved the proceeds of one of the following offences:

• Illicit trafficking in narcotic substances or similar drugs;
• Terrorism and its financing;
• Smuggling or trafficking in weapons, munitions or materials used for their production;
• Extortion through kidnapping;
• Acts against the public administration, including direct or indirect demands of benefits on behalf of oneself or others, as a condition or price for the performance or the omission of any administrative act;
• Acts against the Brazilian financial system;
• Acts committed by a criminal organisation; or
• Acts committed by an individual against a foreign public administration.

This meant that the proceeds of any of the offences not listed above could not be the subject of a money-laundering conviction, rendering the law grossly ineffective.

27.6.4 FATF Assessment

The most recent mutual evaluation of Brazil assessed the legislation which was in place in 2009. It found that the government of Brazil has been working on various initiatives to mitigate the risk of terrorist financing in its territory, although preventative measures against financial crime were much less robust outside of the banking (including money remittance and foreign exchange), securities and insurance sectors. While it was complementary of the progress Brazil had made, it did recognise that there were areas of deficiency, which is consistent with the present strengthening of the money-laundering legislation.

27.6.5 The Primary AML Investigation/Regulatory Authorities

27.6.6 Outline of Specific Money-laundering Offences

Law 12,683 makes it an offence to conceal or disguise the nature, source, location, disposition, movement or ownership of property, rights or values derived, directly or indirectly, from a criminal offence. It is also an offence to conceal or disguise the use of property, rights or values derived from a criminal offence, or to use, in economic or financial activity, assets, rights or valuables resulting from a criminal offence.

27.6.7 Penalties

The penalty for the offences outlined above is imprisonment for three to ten years and a fine. The penalty shall be increased by one- to two-thirds if the crimes are committed repeatedly or through a criminal organisation, but can be reduced by two-thirds or served in an open or semi-open prison if the participant spontaneously collaborates with the authorities, providing explanations that lead to the investigation of criminal offences, the identification of other participants or the location of the assets, rights and values of the crime involved.

27.6.8 Scope

The AML framework applies to individuals and entities who have, on a permanent or casual basis, together or separately, as principal or accessory activity any of the following:

• The reception, brokerage and investment of third parties' funds in Brazilian or foreign currency;
• The purchase and sale of foreign currency or gold as a financial asset;
• The custody, issuance, distribution, clearing, negotiation, brokerage or management of securities.

The framework also applies to the following individuals and entities:

• Stock exchanges, commodity exchanges and futures trading systems and the organised OTC market;
• Insurance companies, insurance brokers and institutions involved with private pension plans or social security;
• Payment or credit card administrators and “consórcios” (consumer funds commonly held and managed for the acquisition of consumer goods);
• Administrators or companies that use cards or any other electronic, magnetic or similar means, that allow fund transfers;
• Companies that engage in leasing and factoring activities;
• Companies that distribute any kind of property (including cash, real estate and goods) or services, or give discounts for the acquisition of such property or services by means of lotteries or similar methods;
• Branches or representatives of foreign entities that engage in any of the activities referred to in this article, which take place in Brazil, even if occasionally;
• All other legal entities engaged in the performance of activities that are dependent upon an authorisation from the agencies that regulate the stock exchange, financial and insurance markets;
• Any and all Brazilian or foreign individuals or entities which operate in Brazil in the capacity of agents, managers, representatives or proxies, commission agents, or represent in any other way the interests of foreign legal entities that engage in any of the activities referred to in this article;
• Individuals or entities engaged in real estate development activities or the sale of property;
• Individuals or companies that sell luxury or high-value goods, act as an intermediary or exercise commercialisation activities involving large amounts of resources in kind;
• The boards of trade and public records;
• Individuals or entities that provide, even if eventually advisory, services, consulting, bookkeeping, audit, advice or assistance of any kind, in operations involving:
  • the purchase and sale of real estate, commercial or industrial establishments or equity interests of any nature;
  • the management of funds, securities or other assets;
  • the opening or management of banks, savings, investments or securities;
  • the creation, operation or management of companies of any nature, foundations, trusts or similar structures;
  • corporate or real estate; and
  • the transfer or vesting procurement activities related to sports or arts professionals;

• Individuals or entities acting on promotion, brokerage, marketing, brokering or trading rights transfer for athletes, artists or fairs, exhibitions or similar events;
• Transport companies and custody services;
• Individuals or companies who sell goods with high value of a rural or animal nature, or who assist with their marketing; and
• Foreign branches of the entities mentioned above, through their parent companies in Brazil, for residents in the country.

These entities are obliged to:

• Adopt policies, procedures and internal controls consistent with their size and volume of transactions, enabling them to meet the provisions of this article in a disciplined manner.
• Register and keep their registration current in the supervisory and regulatory body or, failing this, the Council for Financial Activities Control (COAF), in the manner and under the conditions set by them.
• Comply with requests made by the COAF in frequency, form and conditions established by it, and preserve, under the law, the confidentiality of information provided.

27.6.9 Role of the MLRO/Nominated Officer

The institutions and entities mentioned in Article 1 shall inform the Central Bank of Brazil of the director or manager, as the case may be, who will be responsible for the implementation of, and compliance with, the provisions set forth in this Circular, as well as for the reports mentioned in Article 4.

27.6.10 Due Diligence

Instruction No. 301 of 16th April, 1999 provides various due diligence measures for securities companies, and there are alternative resolutions issued by the COAF for entities such as gambling companies and debt-collection companies. Circular No. 3098 of 11th June, 2003 was issued by the Central Bank of Brazil to address deposit records, cash withdrawals and orders of provision for withdrawals equal to or exceeding R$ 100,000 (one hundred thousand reals), and Circular No. 2852 of 3rd December, 1998 was issued to set forth the procedures to be followed in preventing and fighting activities related to the crimes defined in the money-laundering legislation.

27.6.11 Ongoing Monitoring

Institutions subject to the AML regulations must keep up-to-date records of all transactions, in Brazilian and foreign currency, involving securities, bonds, credit instruments, metals or any asset that may be converted into cash that exceeds the amount set forth by the competent authorities, and which shall be in accordance with the instructions issued by the relevant authorities. In addition to this, they must pay special attention to any transaction that, in view of the provisions set forth by the competent authorities, may represent serious indications of, or be related to, financial crime.

27.6.12 Record-keeping

Records of all transactions, in Brazilian and foreign currency, involving securities, bonds, credit instruments, metals or any asset that may be converted into cash that exceeds the amount set forth by the competent authorities shall also be made whenever an individual or legal entity, or their associates, executes, during the same calendar month, transactions with the same individual, legal entity, conglomerate or group that exceed, in the aggregate, the limits set forth by the competent authorities.

The CDD records and records of the transactions referred to in the previous paragraph shall be kept for a minimum period of five years, beginning on the date the account is closed or the date the transaction is concluded. However, the competent authorities may decide, at their own discretion, to extend this period.

The central bank will keep centralised registries forming a general database of current account holders and financial institution clients, as well as their representatives.

27.6.13 Suspicious Transaction Reporting

Obligated persons shall report to the COAF, within 24 hours, the proposal or completion of:

• All high-value transactions, accompanied by the identification required; and
• Transactions which appear to be connected to a crime.

They must notify the regulator or the body responsible for oversight of their activity or, failing that, the COAF, in frequency, form and conditions set by them, of the non-occurrence of proposed transactions or operations that should have been provided as above.

27.6.14 Penalties

There are various penalties for failure to comply with the above provisions, including:

• A warning.
• A variable monetary fine not exceeding:
  • twice the amount of the transaction;
  • twice the actual profit obtained or that would presumably be obtained by performing the operation; or
  • the amount of R$ 20,000,000 (twenty million reals).

• A temporary prohibition for up to ten years on holding any management position in a legal entity.
• The termination or suspension of authorisation for activity, operation or functioning.

27.6.15 Case Studies

In a recent case, a number of senior members of the Brazilian parliament were convicted of diverting public funds to buy political support for the government when it came to power. The scheme involved making monthly payments to politicians in exchange for their votes in Congress. Additionally, legislators, bank executives and business intermediaries were convicted of fraud, money laundering or conspiracy, as the high-profile case involved a wide range of individuals.

The politicians that were convicted of receiving the funds denied that they were selling their votes and said the money went to pay off campaign debts. However, it was found that illegal payments were made to buy political support.

This case highlighted major progress in Brazil, but also illustrates an important lesson for financial institutions. It is vital, when a potentially suspicious transaction is given a potentially legitimate explanation, that the institution conducts a thorough investigation into the relevant circumstances. It would have been easy to have taken the politicians' explanations at face value, and financial institutions need to exercise care when they apply a risk-based approach.

In another case, a high-flying Brazilian banker was sentenced to ten years in prison for attempting to bribe a police officer. He was under investigation for money laundering and tax evasion regarding the major corruption scandal outlined above, when he offered a police officer $1 million to drop the investigation. He was sentenced to ten years in prison, and to pay R$13.4 million ($5.6 million) in fines and compensation.

As part of the investigation, Brazil froze more than $2 billion in accounts outside the country. About $500 million in funds were blocked with the cooperation of the US government, highlighting the importance of international cooperation in the fight against money laundering.

27.7.1 Overview

Similarly to the Bahamas, the BVI's location makes it a gateway into the USA for drug trafficking. The USA has been critical of the BVI's money-laundering-deterrence regime, although this regime has been strengthened in recent years. The FATF has been generally supportive of the BVI's approach to AML law.

27.7.2 Key Legislation

The Proceeds of Criminal Conduct Act (PCCA) 1997, with numerous subsequent amendments, is the key statute with regards to money laundering. It is supplemented by the Anti-Money Laundering Regulations and the Anti-Money Laundering and Terrorist Financing Codes of Practice, which provide the compliance requirements.

27.7.3 Legislative History

The PCCA was aimed at improving the British Virgin Islands' legal systems and mechanisms to counter money laundering and other criminal activity. The specified regulatory framework pertaining to money laundering is found in the Anti-Money Laundering Regulations (AMLR) 2008 and the Anti-Money Laundering Financing Code of Practice 2008. Further amendments were made in 2009, 2010 and 2012.

The AMLR applies to people carrying on relevant business, which includes many entities providing banking, trust, insurance and legal services. These are also codified in the Anti-Money Laundering and Terrorist Financing Code of Practice 2008 which applies to every entity and professional, charity, non-profit-making institution, association or organisation. The MLRO provisions were amended in 2010.

27.7.4 FATF Assessment

The most recent assessment, published in 2008, noted that, although most of the competent authorities have adequate resources to carry out their functions, the Financial Services Commission (FSC) and the Anti-Drug and Violent Crimes Task Force have quantitatively inadequate human resources. On a more positive note, it also highlighted that, as a result of increased due diligence exercised by the banks and the financial services industry generally, the risks of money-laundering activity in the British Virgin Islands have decreased considerably. This proactive vigilance has, in effect, discouraged launderers from using these institutions to transfer illegal proceeds.

27.7.5 The Primary AML Investigation/Regulatory Authorities

27.7.6 Outline of Specific Money-laundering Offences

Under the PCCA, five primary money-laundering offences are defined:

1. Acquisition, possession or use of proceeds of criminal conduct. A person commits an offence if he acquires, transfers or uses any property or has possession of it which, in whole or in part, directly or indirectly represents the proceeds of his own criminal conduct. It is also an offence for a person who, knowing or suspecting that any property is the proceeds of someone else's criminal conduct, acquires, transfers or uses that property or has possession of it.
2. Assisting. A person commits an offence if he enters into, or is otherwise concerned in, an arrangement which he knows or suspects facilitates, whether by concealment, removal from BVI, transfer to nominees or other means, the acquiring, retention, use or control of proceeds of criminal conduct.
3. Concealing. A person commits an offence if, knowing or having reasonable grounds to suspect that, any property, in whole or in part, directly or indirectly, represents another person's proceeds of criminal conduct, he conceals or disguises that property or converts or transfers that property or removes it from BVI.
4. Tipping off. A person commits an offence if he knows or suspects that an investigation is being, or is about to be, conducted into money laundering and he discloses information to any other person which is likely to prejudice that investigation. It is also an offence if a person knows or suspects that a disclosure of suspicion has been made and he leaks information likely to prejudice any investigation which might be conducted following the disclosure. This offence extends to disclosures which would prejudice a confiscation investigation as well as a money-laundering investigation. Separate offences exist for interfering with documents and other materials relevant to an investigation.
5. Failure to disclose. A person commits an offence if he knows or suspects, or has reasonable grounds for knowing or suspecting, that another person is engaged in money laundering if:
   • the information on which the suspicion is based came to his attention in the course of his trade, profession, business or employment; and
   • he does not disclose his suspicion as required by the law as soon as it is reasonably practicable after it comes to his attention.

27.7.7 Defences

Those who obtained information about money laundering in privileged circumstances are protected by law. It is also a defence in such cases where it is another person's benefit in question that one intended to report the activity but had not yet done so with reasonable excuse.

27.7.8 Penalties

On conviction, a person can be liable for imprisonment and/or a fine of up to forty thousand dollars depending on the nature and severity of the offence committed. This figure has been increased from five thousand dollars in 2006, showing a massive increase and highlighting the British Virgin Islands' commitment to cracking down on money laundering.

27.7.9 Risk-based Approach

The BVI is keen to promote the use of an appropriate and proportionate risk-based approach to the detection and prevention of money laundering and terrorist financing, especially in relation to ensuring:

• Adequate customer due diligence;
• That measures adopted to effectively deal with such activities are commensurate with the risks identified; and
• A more efficient and effective use of resources to minimise burdens on customers.

The nature, form and extent of money-laundering deterrence and counter-terrorist-financing (AML/CFT) compliance controls will invariably depend on several factors, considering the status and circumstances of the entity or professional.

In developing a system of internal controls, an entity should adopt a holistic approach that takes the above factors into account. The factors operate as guidelines and adherence thereto will assist an entity or a professional in properly and effectively developing and establishing a strong AML/CFT regime that keeps the entity's or professional's name intact and insulates it or him against unwarranted criminal activity.

In assessing risks that may be associated with a customer, the following non-exhaustive considerations should be taken into account:

• Customers with complex structures where the nature of the “entity” or relationship sought makes it difficult to identify the actual beneficial owner or the person or persons with controlling interests.
• Customers who conduct their business relationships or transactions in unusual circumstances, such as where a significant and unexplained distance exists between the location of the customer and the entity, and/or frequent and unexplained movement of accounts to different entities or of funds between entities in different jurisdictions.
• Where there is insufficient commercial rationale for the transaction or business relationship.
• Where there is a request to associate undue levels of secrecy with a transaction or relationship, or a reluctance to provide information regarding the beneficial owners or controllers.
• Where intermediaries who are not subject to adequate AML/CFT compliance measures are used and in respect of whom there is inadequate supervision.

27.7.10 Role of the MLRO/Nominated Officer

The MLRO is a prescribed term within the AMLR and has specific responsibilities; there is also a requirement to appoint a senior person to the role. The requirement of seniority has been amended by the Anti-Money Laundering (Amendment) Regulations to mean:“A relevant person shall appoint a Money Laundering Reporting Officer who shall … be of sufficient seniority to perform the functions reposed on a Money Laundering Reporting Officer under the Code and these Regulations.”

To be appointed as Money Laundering Reporting Officer, a person must possess the following qualifications:

• They must, at a minimum, hold a diploma and have post-qualification experience of not less than three years;
• They must be fit and proper;
• They must have a broad knowledge of AML/CFT matters, including the relevant regional and international treaties (including United Nations Resolutions);
• They must have a good appreciation and understanding of British Virgin Islands' laws relating to money laundering and terrorist financing; and
• They must possess the ability to make independent and analytical decisions and not be easily susceptible to undue influence.

The 2010 amendment also inserted the requirement that an MLRO must:

• Be a natural person; and
• Have access to all relevant information and material of the relevant person to enable him to perform the functions reposed in him under the Code and these Regulations.

A relevant person shall, within 14 days of appointing a Money Laundering Reporting Officer, notify the agency and the Commission in writing of that fact, specifying the date of his appointment, and this requirement shall apply in every new appointment of a Money Laundering Reporting Officer.

The appointment of an MLRO may relate to an individual who:

• Is an employee of the relevant person;
• Is not an employee of the relevant person, but who is resident in the British Virgin Islands and meets the requirements to perform the functions of an MLRO; or
• May or may not be an employee of the relevant person, but who meets the requirements of this regulation and is resident in a jurisdiction that is recognised pursuant to the provisions of the Code.

The Money Laundering Reporting Officer shall be responsible for ensuring compliance by staff of the relevant person with:

• The provisions of all law relating to money laundering and terrorist financing;
• The provisions of any internal reporting procedures and manual of compliance relating to money laundering and terrorist financing; and
• Any additional reporting and related obligations provided in the Code.

The Money Laundering Reporting Officer shall, in addition, act as the liaison between the relevant person and the agency in matters relating to AML compliance.

27.7.11 Due Diligence

Every entity or professional shall engage in customer due diligence in its or his dealings with an applicant for business, irrespective of the nature or form of the business. A customer due diligence process requires an entity or a professional to:

• Enquire into and identify the applicant for business, or the intended customer, and verify their identity;
• Obtain information on the purpose and intended nature of the business relationship;
• Use reliable evidence through such inquiry as is necessary to verify the identity of the applicant for business or intended customer;
• Utilise such measures as are necessary to understand the circumstances and business of the applicant for business or the intended customer, including obtaining information on the source of wealth and funds, size and volume of the business and expected nature and level of the transaction sought;
• Conduct, where a business relationship exists, ongoing monitoring of that relationship and the transactions undertaken for purposes of making an assessment regarding consistency between the transactions undertaken by the customer and the circumstances and business of the customer; and
• Enquire into and identify that a person who purports to act on behalf of an applicant for business or a customer, which is a legal person or a partnership, trust or other legal arrangement, is so authorised, and verify the person's identity.

A relevant person shall establish and maintain identification procedures which require, as soon as is reasonably practical after first contact (including one-off transactions):

• The production by the applicant for business of satisfactory evidence of identity; or
• The taking by the relevant person of such measures as are specified in the identification procedures as will produce satisfactory evidence of the identity of the applicant for business.

The identification procedures shall also:

• Require that, where satisfactory evidence of identity is not obtained by the relevant person, the business relationship or one-off transaction shall not proceed any further until such evidence is obtained.
• Require that, where the business relationship or one-off transaction subsists, the applicant for business appears to be acting for a third party in respect of that business relationship, that satisfactory evidence of the identity of the third party will be obtained, failing which the business relationship will be terminated.
• Include the full name (including any other names and aliases) and physical address of the applicant for business and, where they are acting for a third party, the full name (including any other names and aliases) and physical address of the third party.
• Provide for the assessment by the relevant person of the risk that any business relationship or one-off transaction may involve money laundering and shall be appropriate to the circumstances, having regard to the degree of risk assessed.
• Take into account the greater risk of money laundering which arises when the applicant for business is not engaged in a face-to-face relationship.

Satisfactory evidence of identity is defined as evidence which is reasonably capable of establishing, and, to the satisfaction of the person who obtains the evidence, does establish, that the applicant for business is the person he claims to be.

When satisfactory verification of evidence of identity is not obtained or produced, the business relationship and transactions shall not proceed any further. There are, however, exemptions available within the legislation where a relevant person assesses the applicant for business to be of normal or low risk and he has reasonable grounds for believing that the applicant for business is:

• A regulated person (national or foreign); or
• A legal practitioner or an accountant belonging to a professional body with adequate requirements.

A person carrying on relevant business is generally, in relation to a one-off transaction, not required to obtain evidence of the identity of an applicant for business where the amount to be paid by, or to, the applicant for business is less than ten thousand dollars or the equivalent amount in another currency.

27.7.12 Staff Training

There is a requirement that a relevant person shall provide education and training for all of its directors or, as the case may be, partners, all other persons involved in its management and all key staff, to ensure that they are aware of the money-laundering regulations and terrorist-financing obligations together with personal reporting obligations. The definition of “key staff” was changed by the 2010 Regulations to “an employee of a relevant person who deals with customers or clients and their transactions”. Staff should also be made aware of:

• The manual of compliance procedures or internal control systems and other requirements established pursuant to these Regulations and the Code;
• Their personal liability for failure to report information or suspicions in accordance with the requirements of these Regulations, the Code and any other enactment, including any established internal procedures.

Training should be provided at least once a year.

27.7.13 Record-keeping

A record must be maintained in the BVI which:

• Indicates the nature of the evidence obtained;
• Comprises a copy of the evidence or, where this is not reasonably practicable, contains such information as would enable a copy of the evidence to be obtained;
• Includes all transactions carried out by, or on behalf of, that person (such as records sufficient to identify the source and recipient of payments from which investigating authorities will be able to compile an audit trail for suspected money laundering);
• Includes all reports made by it to the agency and all inquiries relating to money laundering received by it from the agency.

The requirement is that records should be kept for at least five years after the ending of a customer relationship, defined in Regulation 10 and amended by the 2010 Regulations as:

• When all transactions relating to a one-off transaction or a series of linked transactions were completed; or
• When the business relationship was formally ended.

27.7.14 Reporting Requirements

The requirements are that each record of a report to the FIU should contain:

• The date of the report;
• The person who made the report;
• Any person to whom the report was forwarded;
• A reference by which any supporting evidence is identifiable; and
• Receipt of acknowledgment from the agency.

27.7.15 Suspicious Transaction Reporting

A relevant person shall establish written internal reporting procedures which, in relation to its relevant business, will:

• Enable its directors, or as the case may be, partners, all other persons involved in its management and all key staff, to know to whom they should report knowledge or suspicions of money laundering;
• Ensure that there is a clear reporting chain under which suspicions of money laundering will be passed to the Money Laundering Reporting Officer;
• Ensure that the Money Laundering Reporting Officer has reasonable access to all relevant information which may be of assistance to him and which is available to the relevant person; and
• Ensure full compliance with the requirements of the Code.

27.7.16 Penalties

A person on summary conviction, will be subject to a fine not exceeding 10,000 dollars (increased from 5,000 dollars by the 2010 amendment); and on conviction on indictment, to a fine not exceeding fifteen thousand dollars. In proceedings against a person for an offence under these Regulations, it shall be a defence for the person to prove that he took all reasonable steps and exercised due diligence to comply with the requirements of these Regulations.

By virtue of Section 27 of the PCCA, where a person fails to comply with or contravenes a provision of a Code of Practice, he commits an offence and is liable, on summary conviction, to a fine of up to 25,000 dollars – increased from 7,000 dollars in 2006.

Where an entity or a professional fails to comply with the PEP requirements outlined above, it or he commits an offence and is liable to be prosecuted under Section 27(4) of the Proceeds of Criminal Conduct Act 1997.

27.7.17 Case Studies

In a recent case a businessman was found guilty of a £400,000 tax evasion which was conducted through a BVI bank account. He declared an income of £35,000 to the UK authorities, although through a trust in Guernsey he set up a trust in the British Virgin Islands.

Customers paid into the trust while he instructed the trust to pay money into Jersey bank accounts. Also, large cash sums were drawn by him from British branches of the bank. This complex structure allowed him to hide money for eight years before the structure was exposed.

This case highlights how organisations need to be particularly wary of complex and seemingly unnecessary financial structures, particularly when they involve tax havens.

The British Virgin Islands Financial Intelligence Unit publishes quarterly reports on enforcement actions it has taken. In quarter four of 2012, it issued almost $40,000 in administrative fines, five cease and desist orders, two warning letters and an order for a fund to revalue its assets independently. By making this information public, the BVI FIU appears to be seeking prevention and deterrence as much as it is ordering punishment.

27.8.1 Overview

There are a variety of proposed changes to the AML law in Canada, which are outlined at the end of this section. The changes are extensive and would represent a major expansion to the Canadian AML regime.

27.8.2 Key Legislation

Money laundering is criminalised under the Canadian Criminal Code. The Proceeds of Crime (Money Laundering) and Terrorist Financing Act 2000, which has been subsequently amended (most recently in 2011), provides the key compliance requirements. These are further supplemented by the regulations provided for under this statute. This legislation is to be changed in the short term to make the legislation consistent with the current FATF regulations.

27.8.3 Legislative History

The current key legislation is the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) 2000, which was amended by the Proceeds of Crime Act 2006. This amendment enhanced the client identification, record-keeping and reporting measures applicable to financial institutions and intermediaries.

Furthermore, there are five sets of regulations under the PCMLTFA:

• The Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction Reporting Regulations;
• The Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations;
• The Cross-Border Currency and Monetary Instruments Reporting Regulations;
• The Proceeds of Crime (Money Laundering) and Terrorist Financing Registration Regulations;
• The Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations.

27.8.4 FATF Assessment

The most recent FATF assessment, published in 2008, was largely complimentary. It praised the strength and actions of the law-enforcement agencies, but noted that further steps could be taken to enhance the AML law and preventative measures, resulting in the changes described above. In relation to international cooperation in money-laundering deterrence and counter-terrorist-financing (AML/CFT) matters, Canada is broadly in line with the international standards.

27.8.5 The Primary AML Investigation/Regulatory Authorities

27.8.6 Outline of Specific Money-laundering Offences

Canadian AML legislation comprehensively covers the three stages of the money-laundering offence – placement, layering and integration. The burden of proof rests with the prosecution in any criminal proceedings. It must prove that wilful blindness or recklessness has taken place. The prosecution does not, however, have to prove that the perpetrator had actual knowledge of the exact origin of the illicit funds in question.

Under Section 462 of the Criminal Code:

The Attorney General has the power to issue search warrants or freezing orders to enforce the AML law.

27.8.7 Penalties

Everyone who commits an offence as outlined above is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years; or is guilty of an offence punishable on summary conviction.

“Proceeds of crime” means any property, benefit or advantage, within or outside Canada, obtained or derived directly or indirectly as a result of:

• The commission in Canada of a designated offence; or
• An act or omission anywhere that, if it had occurred in Canada, would have constituted a designated offence.

It should be noted that Alberta, British Columbia and Quebec have all enacted their own regional sector legislation.

27.8.8 Scope

Reporting entities must report suspicious and certain other transactions to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). This includes the following types of business:

• Financial entities such as banks or authorised foreign banks with respect to their operations in Canada, credit unions, caisses populaires, financial services cooperatives, credit union centrals (when they offer financial services to anyone other than a member entity of the credit union central), trust companies, loan companies and agents of the Crown that accept deposit liabilities);
• Life insurance companies, brokers and agents;
• Securities dealers;
• Money service businesses;
• Agents of the Crown that sell money orders;
• Accountants and accounting firms (when carrying out certain activities on behalf of their clients);
• Real estate brokers, sales representatives and developers (when carrying out certain activities);
• Casinos;
• Dealers in precious metals and stones;
• Public notaries and notary corporations of British Columbia (when carrying out certain activities on behalf of their clients); and
• For the purposes of suspicious transactions, employees of these reporting entities.

27.8.9 Compliance Regime

The implementation of a compliance regime is a legislative requirement and a good business practice for anyone subject to the Act and its regulations. A compliance regime will have to be tailored to fit the entity's individual needs. It should reflect the nature, size and complexity of the operations, and has to include the following:

• The appointment of a Compliance Officer.
• The development and application of compliance policies and procedures. These policies and procedures have to be in a written form and also need to be kept up to date. For any entity, they also have to be approved by a senior officer.
• An assessment and documentation of risks related to money laundering and terrorist financing needs to be conducted, as well as documenting and implementing mitigation measures to deal with those risks.
• If a firm has employees or agents or any other individuals authorised to act on its behalf, an ongoing compliance training programme needs to be implemented for them. The training programme has to be in writing and maintained (see Chapter 14).
• A review of the compliance policies and procedures needs to be conducted to test their effectiveness. The review has to cover the policies and procedures, the assessment of risks related to money laundering and terrorist financing and the training programme. The review has to be completed at least every two years.

27.8.10 Risk-based Approach

In Canada the required compliance regime has to include an assessment of the risks related to money laundering and terrorist financing in a manner that is appropriate to the nature and complexity of the firm concerned. This must be documented in writing. Such an assessment and documentation is in addition to the general client identification, record-keeping and reporting requirements, since it should focus on where the firm is most vulnerable to money laundering and terrorist financing.

In designing their control systems, institutions should consider internal controls such as:

• Focussing on the firm's specific operations (products, services, clients and geographic locations) that are more vulnerable to abuse by money launderers and criminals;
• Informing senior management of compliance initiatives, identified compliance deficiencies, corrective action taken and suspicious transaction reports filed;
• Providing for programme continuity despite changes in management, employees or structure that might occur;
• Focussing on meeting all regulatory record-keeping and reporting requirements, recommendations for anti-money-laundering and anti-terrorist-financing compliance and providing for timely updates in response to changes in requirements;
• Enabling the timely identification of reportable transactions and ensuring the accurate filing of required reports;
• Incorporating anti-money-laundering and anti-terrorist-financing compliance into job descriptions and performance evaluations of appropriate personnel; and
• Providing for adequate supervision of employees that handle currency transactions, provision of complete reports, monitoring for suspicious transactions or engaging in any other activity that forms part of the anti-money-laundering and anti-terrorist-financing programme.

27.8.11 Role of the MLRO/Nominated Officer

The individual appointed will be responsible for the implementation of the compliance regime. The Compliance Officer should have the authority and the resources necessary to discharge his or her responsibilities effectively. Depending on the type of business, the Compliance Officer should report, on a regular basis, to the board of directors or senior management, or to the owner or chief operator.

For a small business, the appointed officer could be a senior manager or the owner or operator of the business. An individual can be their own Compliance Officer or they may choose to appoint another individual to help implement a compliance regime.

In the case of a large business, the Compliance Officer should be from a senior level and have direct access to senior management and the board of directors. Furthermore, as a good governance practice, the appointed Compliance Officer in a large business should not be directly involved in the receipt, transfer or payment of funds.

For consistency and ongoing attention to the compliance regime, the appointed Compliance Officer may choose to delegate certain duties to other employees. For example, the officer may delegate to an individual in a local office or branch to ensure that compliance procedures are properly implemented at that location. However, where such delegation is made, the Compliance Officer retains responsibility for the implementation of the compliance regime.

27.8.12 Due Diligence

An entity must take the measures outlined below to identify individuals or entities, subject to the general exceptions. If the identity of an individual or an entity when they open an account cannot be established, then, in Canada, it is not possible for an institution to open the account.

The completion of a client risk assessment should be conducted where there is an ongoing relationship. An ongoing relationship is one where a client opens an account or undertakes multiple transactions over a time period with the firm, regardless of whether the transactions are related to each other. Where the firm's dealings with a client are limited to a single transaction, this is not considered to be an ongoing relationship. However, if the transaction seems suspicious, the money service or other relevant business still has to report it to FINTRAC.

27.8.13 Ongoing Monitoring

A reporting entity has to take reasonable measures to keep client identification information up to date. The frequency with which client identification information is to be updated will vary in accordance with the context in which transactions occur, and therefore could differ from one situation to the next. However, for high-risk situations, the frequency of keeping client identification information updated should be at least every two years.

A review of a firm's compliance policies and procedures should be carried out every two years. This is intended to help the firm to evaluate the need to modify existing policies and procedures or to implement new ones. The review, to be conducted by an internal or external auditor, could include:

• Interviews with those handling transactions and with their supervisors to determine their knowledge of the legislative requirements and the firm's policies and procedures.
• A review of the criteria and process for identifying and reporting suspicious transactions.
• A sampling of large cash transactions followed by a review of the reporting of such transactions.
• A sampling of international electronic funds transfers (if those are reportable by the reporting entity in question) followed by a review of the reporting of such transactions.
• A test of the validity and reasonableness of any exceptions to large cash transaction reports including the required annual report to FINTRAC (this is applicable only for financial entities which choose the alternative to large cash transactions for certain business clients).
• A test of the record-keeping system for compliance with the legislation.
• A test of the client identification procedures for compliance with the legislation.
• A review of the risk assessment.

The review process and its results have to be documented, along with corrective measures and follow-up actions. Within 30 days of the review, the MLRO or Compliance Officer is required to report the following in writing to one of the firm's senior officers:

• The findings of the above review;
• Any updates that were made to the policies and procedures during the review period;
• The status of implementation of the policies and procedures updates;
• A request for a response indicating corrective actions and a timeline for implementing such actions.

If the firm does not have an internal or external auditor, then it could conduct a “self-review”. If feasible, this self-review should be conducted by an individual who is independent of the reporting, record-keeping and compliance-monitoring functions. This could be an employee or an outside consultant. In other cases where such reviews are required in the absence of either an internal or external auditor, a peer conducts such a review.

27.8.14 Staff Training

As mentioned earlier, if a firm has employees, agents or other individuals authorised to act on behalf of the financial entity, the compliance regime has to include training. The training programme has to be in writing, kept up to date, and employees should be informed of any changes to AML policy. The training programme should be adjusted in a timely manner to reflect the entity's needs, and should be reviewed every two years.

The method of training may vary greatly depending on the size of the firm's business and the complexity of the subject matter. When assessing actual training needs, a firm should consider the following elements:

• Requirements under the AML Act and the penalties for non-compliance.
• Policies and procedures – are the employees aware of these?
• Background information on money laundering and terrorist financing.

27.8.15 Record-keeping

As a financial entity, the requirement is to keep the following records:

• Large cash transaction records;
• Account-opening records;
• Certain records about credit card accounts;
• Certain records created in the normal course of business;
• Certain records about the operation of an account;
• Foreign currency exchange transaction tickets;
• Certain records about transactions of $3,000 or more;
• Records about electronic funds transfers;
• Trust-related records (trust companies); and
• Suspicious transaction report records.

There are a few exceptions to the above for low-risk accounts.

27.8.16 Reporting Requirements

The following scenarios all have to be reported to FINTRAC:

• Suspicious transactions: Reporting entities have to report completed or attempted transactions if there are reasonable grounds to suspect that the transactions are related to the commission or attempted commission of a money-laundering offence or a terrorist-activity-financing offence.
• Large cash transactions: Reporting entities have to send large cash transaction reports to FINTRAC when they receive an amount of $10,000 or more in cash in the course of a single transaction.
• Electronic funds transfers (EFTs): Financial entities, money services businesses and casinos have to report incoming and outgoing international EFTs of $10,000 or more in a single transaction.
• Terrorist property: Reporting entities have to report to FINTRAC if they have property in their possession or control that they know is owned or controlled by, or on behalf of, a terrorist group within the meaning of the Criminal Code, or if they have property in their possession or control that they believe is owned or controlled by, or on behalf of, a person listed under the Regulations Implementing the United Nations Resolutions on the Suppression of Terrorism.

This information also has to be disclosed to the RCMP and CSIS.

• Casino disbursements: Casinos have to report disbursements of $10,000 or more, whether paid in cash or not, in the course of a single transaction.

27.8.17 Suspicious Transaction Reporting

The FINTRAC guidelines state that:

“Suspicious transactions are financial transactions [which a firm has] reasonable grounds to suspect are related to the commission of a money laundering (or a terrorist financing) offence. This includes transactions that you have reasonable grounds to suspect are related to the attempted commission of a money laundering (or a terrorist financing) offence. Furthermore, ‘Reasonable grounds to suspect’ is determined by what is reasonable in [the specific] circumstances, including normal business practices and systems within your industry.”

The FINTRAC guidelines provide an extensive, although not exhaustive, list of potentially suspicious behaviour, which includes scenarios such as the following:

• The client does not want correspondence sent to their home address.
• The client shows uncommon curiosity about a firm's internal systems, controls and policies.
• The client attempts to develop close rapport with staff.
• The client performs two or more cash transactions of less than $10,000 each just outside of 24 hours apart, seemingly to avoid the 24-hour rule connecting such transactions.
• The client alters the transaction after being asked for identity documents.
• The client asks the firm to hold or transmit large sums of money or other assets when this type of activity is unusual for this type of client.
• The transaction conducted is unnecessarily complex for its stated purpose.
• Where multiple transactions are carried out on the same day at the same branch but with an apparent attempt to use different tellers.

The STR requirement applies to both attempted transactions and transactions which have been completed. STRs must be sent to FINTRAC within 30 days of detection, and the contents of a report must not be disclosed to anybody. A report can be submitted electronically or in paper format.

27.8.18 Penalties

Failure to comply with Canadian legislative requirements can lead to criminal charges against a firm that is a reporting entity. The following are some of the penalties:

• Failure to report a suspicious transaction or failure to make a terrorist property report – conviction of this could lead to up to five years' imprisonment, to a fine of $2,000,000, or both.
• Failure to report a large cash transaction or an electronic funds transfer – conviction of this could lead to a fine of $500,000 for a first offence and $1,000,000 for each subsequent offence.
• Failure to retain records – conviction of this could lead to up to five years' imprisonment, to a fine of $500,000, or both.
• Failure to implement a compliance regime – conviction of this could lead to up to five years' imprisonment, to a fine of $500,000, or both.

Failure to comply with the relevant legislative requirements can lead to the following administrative monetary penalties against a reporting entity:

• Failure to implement any of the five elements of the compliance regime described in Section 3 could lead to an administrative monetary penalty of up to $100,000 for each one.
• Failure by an entity to report the required information to senior management within 30 days after the review of its compliance programme could lead to an administrative monetary penalty of up to $100,000.
• Failure to identify clients, keep records, monitor financial transactions and take mitigating measures in situations where risk of money laundering or terrorist financing is high could lead to an administrative monetary penalty of up to $100,000.

27.8.19 Changes to AML/CFT Rules

At the time of writing, the Department of Finance Canada is undertaking a consultation on extensive changes to Canadian anti-money-laundering law. The consultation opened in December 2011, and the deadline for comments on the proposed changes was 1st March, 2012. At present, the Department of Finance has published the comments received, but the legislation is not listed as being currently before parliament.

The proposed amendments include the following:

1. Requiring banks and casinos to keep identification records of persons authorised to sign for business accounts so that in the event of reasonable grounds to suspect that a transaction is related to a money-laundering or terrorist-financing offence, the bank or casino can also report to FINTRAC information as to those persons authorised to sign business accounts.
2. Expanding the identification and record-keeping requirements of introduced business relationships (i.e. between banks and securities brokers).
3. Increasing security requirements in connection with the receipt by customers of electronic bank statements (although this has nothing to do with AML/CFT).
4. Tightening non-face-to-face identification methods for credit and charge card companies.
5. Reviewing the requirement for reporting entities to keep evidence of client signatures when accounts are opened.
6. Expanding the definition of politically exposed persons (PEPs) to include close associates of the person. In Canada, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act varies the international definition of a PEP by limiting it to just foreign PEPs, whereas the FATF Recommendations do not include such a limitation.
7. Requiring life insurance companies to determine if clients are PEPs.
8. Requiring banks and securities dealers to determine if clients are PEPs.
9. Eliminating the reporting requirement for financial transactions between public issuers and reporting entities if the reporting issuer has assets of $75 million or more.
10. Requiring that corporate documents be current.
11. Changing the definition of “third party” to “instructing party” on the basis that reporting entities apparently do not comprehend what a third party means.
12. Eliminating the reporting monetary amount for international electronic fund transfers from $1,000 to $1. This is one of the most significant proposals, impacting not only the regulatory burden on reporting entities but also the privacy interests of Canadians.
13. Adopting the US definition of “prepaid access” for prepaid card and other such products and implementing prepaid access identification requirements for reporting entities and for cross-border currency reporting purposes. With respect to the latter, the definition of “monetary instrument” will be amended to include prepaid access products.
14. Expanding the identification and record-keeping requirements for life insurance companies and increasing the reporting requirements for life insurance companies.
15. Eliminating certain transactions from reporting for dealers in precious metals and stones and accountants.
16. Expanding what the 24-hour rule means to capture more transactions that are reportable by reporting entities.
17. Simplifying registration requirements for money services businesses.
18. Giving FINTRAC greater powers to require reporting entities to file required reports and increasing the administrative penalties for failures by reporting entities to do so.
19. Requiring reporting entities to document and keep records of each instance in which they undertook reasonable measures in client ID steps.
20. Allowing CBSA officers to question passengers departing from, or arriving in, Canada with respect to the importation and exportation of currency and other monetary instruments.
21. Expanding the information sharing among agencies, particularly for national security purposes.
22. Expanding the application of the AML regime to charities.
23. Implementing regulations to allow the Minister of Finance to issue directives in respect of AML issues.
24. Changing the law as it relates to what triggers a reportable suspicious transaction to broaden it by including activities (whether financial or not) that may be taken for a financial transaction, and it appears the change may also include eliminating the requirement that the person reporting must have reasonable grounds to suspect that the transaction is related to a money-laundering or terrorist-financing offence as defined in the Criminal Code.
25. Allowing the sharing of information to the CBSA from FINTRAC for offences under the Immigration and Refugee Protection Act, for example in situations of immigration fraud, misrepresentation as to permanent residence or other immigration-related offences.

In addition to these changes, a consultation open between November and December 2011 explored expanding the circumstances in which client identification is required and also expanding the reporting requirements for reporting entities. The proposals, if implemented, would apply to all reporting entities in Canada and not just financial institutions. As a result, all of the following would be affected: money services businesses, casinos, financial institutions, real estate brokers, notaries, accountants, lawyers (unless otherwise exempt), life insurance brokers, securities brokers and dealers in precious stones and metals.

The proposals would expand reporting requirements to include the reporting of “business relationships”, defined as any relationship between a reporting entity and a client whereby the reporting entity provides services in which there are financial activities or financial transactions. Under the proposals, the obligations will apply to business relationships irrespective of whether the reporting entity has an account with a client or has conducted a reportable transaction.

The proposals also eliminate the reporting exemption for known clients, expand the requirement to obtain beneficial ownership information and require more due diligence for high-risk clients and/or activities.

27.8.20 Case Studies

As stated earlier, Canada does take money-laundering deterrence seriously, and there have been cases reported locally of action being taken.

In Canada, there is no requirement for there to be intent to commit an act before a person can be convicted of a failure to report under the PCMLTFA. For example, in 2004, a truck driver was driving across Canada and mistakenly exited to the US border in the middle of the night in his truck. He had $70,000 in cash with him.

He turned around before reaching the US checkpoint and upon re-entering Canada, his funds were seized and forfeited to the Crown because he had failed to complete a report with the CBSA. The Federal Court of Canada decided that, based on numerous previous cases, there is no requirement to establish intent for the offence to be proven. It is also irrelevant who legally owns the currency or monetary instrument – the person in possession of the currency or monetary instrument is the person who is subject to the PCMLTFA reporting obligations.

With respect to a conveyance, the person who controls the conveyance is the responsible party for the purposes of reporting. Several recent cases have dealt with private jets entering Canada with unreported currency. The funds are routinely seized and the controller of the jet, usually the captain, is unwittingly implicated in an unreported importation of currency into Canada.

A recent Canadian case highlighted how transactions can be structured to avoid AML reporting requirements. Over two months, the criminal involved regularly travelled over 70 miles from the USA to Canada to conduct currency exchanges at a particular bank and money services business. The transactions never exceeded $10,000, to avoid the Canadian reporting threshold. However, given the frequency (sometimes twice a day) of the transactions and the fact a US citizen was travelling to Canada to do this, both the bank and the money services business filed suspicious transaction reports.

It later emerged that the individual had previous convictions for drug offences and was laundering the proceeds of crime.

This case highlights the need for constant vigilance, and that the reporting thresholds should be used as a rule of thumb and not applied rigidly.

27.9.1 Overview

The Cayman Islands has a strong cooperative AML regime, with agreements with both domestic and international bodies. The FATF and IMF reports, in 2007 and 2009 respectively, praised the Cayman Islands, although there is still seen to be room for improvement. Since 2010, the Cayman Islands has signed twelve information exchange agreements (including with Canada, Mexico, Japan, India and South Africa), bringing the total number of exchange agreements to 31, 19 of which are already in force. In November 2013, the most recent agreement – with the United Kingdom – was signed. More recently, under pressure from overseas, it appears to be surrendering much of its data secrecy mantle.

27.9.2 Key Legislation

In the Cayman Islands, the principal regulations and statutes are:

• The Proceeds of Crime Law 2008;
• The Money Laundering Regulations 2009; and
• The Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing in the Cayman Islands, issued in March 2010 and last updated in November 2011, which outline the compliance requirements.

27.9.3 Legislative History

The Proceeds of Crime Law 2008, was brought into force on 30th September, 2008 and repealed the Proceeds of Criminal Conduct Law and the money laundering sections of the Misuse of Drugs Law. These acts were, prior to the Proceeds of Crime Law, the main AML legislation. This Act, therefore, brings together in one place the anti-money-laundering legislative provisions for the Cayman Islands.

The Money Laundering Regulations (MLR) were originally issued in September 2000 under the Proceeds of Criminal Conduct Law (which has now been replaced by the Proceeds of Crime Law). The MLR place additional legal and administrative requirements on entities conducting “relevant financial business”.

The guidance notes are produced by The Guidance Notes Committee (GNC), which is the consultative body responsible for the review and updating of the Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing in the Cayman Islands. It is comprised of industry association representatives, government representatives and representatives from the Cayman Islands Monetary Authority. The guidance notes date back to 2001, and are frequently amended – the most recent guidance notes, which were released in March 2010, were updated in November 2011.

27.9.4 FATF Assessment

The most recent FATF assessment praised the Cayman Islands' AML regime. It noted that the Financial Reporting Authority is effective, and a focal point of the AML/CFT regime. Furthermore, it highlighted that there is a strong compliance culture in the Cayman Islands and that supervision is comprehensive, although it did note that there are some constraints posed by an inadequate quantity of human resources.

27.9.5 The Primary AML Investigation/Regulatory Authorities

27.9.6 Outline of Specific Money-laundering Offences

The money-laundering offences in the Cayman Islands are, in summary:

• Providing assistance to another in an arrangement which helps them to retain or control benefits of their criminal conduct. This may be by concealment, removal from the jurisdiction, transfer to nominees or otherwise. For a person to be convicted of this offence, they must know or suspect, or have reasonable grounds for knowing or suspecting, that the other person is someone who is, or has been, engaged in criminal conduct.
• The acquisition, possession or use (even temporarily) of property knowing that it represents the proceeds of criminal conduct.
• Concealing or disguising property which is the proceeds of criminal conduct, or converting or transferring that property or removing it from the jurisdiction. The section applies to a person's own proceeds of criminal conduct or where they know, or have reasonable grounds to suspect, that the property they are dealing with represents the proceeds of another's criminal conduct. A person commits an offence if they

“enter into or become concerned in an arrangement that facilitates the retention or control by or on behalf of another person of terrorist property by concealment, by removal from the jurisdiction or by transfer to nominees”.

• Tipping off the target or a third party about an investigation or proposed investigation into money laundering, any matter which is likely to prejudice such an investigation or a report to the reporting authority.
• Failure to make a disclosure to the reporting authority as soon as reasonably practicable after knowledge or suspicion of money laundering comes to a person's attention in the course of their trade, profession, business or employment.

It is not necessary for the original offence from which the proceeds stem to have been committed in the Cayman Islands if the conduct would also constitute an indictable offence had it taken place within the Islands, i.e. an offence which is sufficiently serious to be tried in the Grand Court.

Criminal property is defined as the benefit from criminal conduct. Benefit can be in whole or part, direct or indirect, and can include financial benefit or an interest in property. The term “criminal conduct” has now been expanded to cover all criminal offences, whereas previously, the offence of money laundering arose out of conduct that was limited to only indictable or serious criminal acts. Simply put, any person who benefits in some way from criminal activity may now be subject to a money-laundering prosecution.

Section 136(5) of the Proceeds of Crime Law 2008 states that the authorities can take the guidelines into account when assessing whether an offence has been committed.

No duty is imposed on a financial services provider to inquire into the criminal law of another country in which the conduct may have occurred. The question is whether the conduct amounts to an indictable offence in the Cayman Islands or would if it took place in the Cayman Islands. A financial services provider is not expected to know the exact nature of the criminal activity concerned or that the particular funds in question are definitely those which flow from the crime.

27.9.7 Defences

A defendant must prove that they did not suspect that an arrangement related to the proceeds of criminal conduct or that it facilitated the retention or control of the proceeds by the criminal.

Additionally:

• If a disclosure of the arrangement is made before the action in question, or volunteered as soon as it reasonably might be after the action, no offence is committed.
• A person making a report may continue the action without consent from the authorities. Whether or not it will be appropriate for the financial services provider to stop the relevant transaction must depend on the circumstances.
• An employee who makes a report to his employer in accordance with established internal procedures is specifically protected.
• Financial services providers are permitted to report their suspicions to the reporting authority but continue the business relationship or transaction. In carrying out transactions where an institution is considering making a suspicious activity report, the institution should consider duties owed to third parties, such as in the case of a constructive trustee. In such cases, it is recommended that independent legal advice is sought.
• If the person charged had a reasonable excuse for not disclosing the information or other matter in question, they cannot be convicted of failing to disclose.

A report of a suspicious activity made to the reporting authority does not give rise to any civil liability to the client or others and does not constitute, under Cayman Islands' law, a breach of a duty of confidentiality. There are statutory safeguards governing the use of information received by the reporting authority.

27.9.8 Penalties

Tipping off carries a maximum of five years' imprisonment and an unlimited fine. Failure to disclose knowledge or suspicion of money laundering carries a maximum penalty of two years' imprisonment and an unlimited fine. The other offences carry a maximum penalty of 14 years' imprisonment and an unlimited fine.

27.9.9 Scope

The definitions of relevant financial businesses are detailed in Regulation 4(1) of the MLR. These are:

• Banking or trust business carried on by a person who is a licensee under the Banks and Trust Companies Law;
• Building societies licensed under the Building Societies Law;
• Cooperatives licensed under the Cooperative Societies Law;
• Insurance business and the business of an insurance manager, an insurance agent, an insurance sub-agent or an insurance broker within the meaning of the Insurance Law;
• Mutual fund administration or the business of a regulated mutual fund regulated under the Mutual Funds Law;
• Company management as defined in the Companies Management Law; and
• Any of the activities set out in the Second Schedule of the Regulations.

27.9.10 Risk-based Approach

In applying the risk-based approach, entities in the Cayman Islands are required to look into the nature of the risk of the activity conducted. The highest risk category relates to those products or services where unlimited third party funds can be freely received, or where funds can be regularly paid to, or received from, third parties without evidence of identity of the third parties being taken.

Some of the lowest risk products are those in which funds can only be received from a named investor by means of a payment from an account held in the name of the investor, and where the funds can only be returned to the named investor. No third party funding or payments are possible. However, despite their apparent low risk, they are not immune from money laundering.

The geographical location of a financial services provider's customer base will also affect the money-laundering risk and terrorist-financing analysis. Such firms will need to ensure that additional Know Your Customer (KYC) and/or monitoring procedures are in place to manage the enhanced risks of money laundering that such relationships present.

27.9.11 Role of the MLRO/Nominated Officer

The “Appropriate Person” as defined in the legislation is generally referred to as the Money Laundering Reporting Officer (MLRO). Vigilance systems should enable staff to react effectively to suspicious circumstances by reporting them to the relevant MLRO within the organisation.

The MLRO should be a member of staff at management level who acts as the main point of contact with the reporting authority and who has the authority to ensure internal compliance with the regulations.

The requirement is that each firm should designate a suitably qualified and experienced person as MLRO at management level, to whom suspicious activity reports must be made by staff. It is generally expected that the MLRO would be carrying out a Compliance, Audit or Legal role within the financial services provider's business. It is also recommended that financial services providers identify a deputy, who should be a staff member of similar status and experience to the MLRO.

The MLRO should be well versed in the different types of transaction which the institution handles and which may give rise to opportunities for money laundering.

Where a financial services provider has no employees in the Cayman Islands, it may not be possible for a senior member of staff to be the MLRO. In these circumstances, the financial services provider may identify someone else as the appropriate person to whom a report should be made, provided that that person has the following characteristics:

• Is a natural person;
• Is autonomous (meaning the MLRO is the final decision maker as to whether to file an SAR);
• Is independent (meaning no vested interest in the underlying activity); and
• Has, and shall have, access to all relevant material in order to make an assessment as to whether the activity is or is not suspicious.

The MLRO should:

• Receive reports of any information or other matter which comes to the attention of a person handling relevant financial business and which gives rise to actual knowledge or a suspicion of money laundering;
• Consider and investigate such reports in light of relevant information in order to determine if the information or other matter does give rise to such knowledge or suspicion;
• Have reasonable access to other information which may assist in considering such a report;
• Make prompt disclosures to the FRA on the standard form (see Appendix J of the Guidance Notes);
• If, after considering a report, there is knowledge or a suspicion of money laundering, establish and maintain a register of money-laundering reports made by staff and maintain a register of reports to the FRA.

27.9.12 Due Diligence

Financial services providers may evidence that they are undertaking necessary due diligence by ensuring that the following systems are in place:

• Training of key staff (where a financial services provider has any staff);
• Procedures for the determination and confirmation of the true identity of customers requesting their services and the nature of business that the customer expects to conduct;
• Ongoing monitoring of business relationships;
• The recognition and reporting of suspicious activities to the reporting authority;
• Maintenance of records for the prescribed period of time;
• Close liaison with the reporting authority in relation to suspicious activity reporting and with the monetary authority on matters concerning vigilance policy and systems; and
• Ensuring that internal auditing and compliance departments regularly monitor and make recommendations for the update of vigilance systems.

The Regulations require that relevant persons should not form business relationships or carry out one-off transactions with, or for, another person unless they:

• Maintain procedures which establish the identity of the applicant for business;
• Maintain record-keeping procedures;
• Adopt appropriate internal controls and communication procedures;
• Comply with the identification and record-keeping requirements;
• Adopt appropriate measures to ensure that employees are aware of and comply with the procedures in place, and the enactments of money laundering;
• Provide appropriate training for employees;
• Establish internal reporting procedures.

There are two general important aspects of knowing your customer set out in Cayman guidance, which are to:

• Be satisfied that a prospective customer is who he/she claims to be, and is the ultimate client; and
• Ensure that sufficient information is obtained on the nature of the business that the customer expects to undertake, and any expected, or predictable, pattern of transactions.

27.9.13 Ongoing Monitoring

Once the identification procedures have been completed and the client relationship is established, there remains a requirement to monitor the conduct of the relationship/account to ensure that it is consistent with the nature of business stated when the relationship/account was opened.

Firms are required to develop and apply written policies and procedures for taking reasonable measures to ensure that documents, data or information collected during the identification process are kept up to date and relevant by undertaking routine reviews of existing records. This does not mean that there needs to be automatic renewal of expired identification where there is sufficient information to indicate that the identification of the customer can readily be verified by other means.

Monitoring to identify unusual transactions is required to spot inconsistency with the stated original purpose of the accounts. Possible areas to monitor could be:

• Transaction type
• Frequency
• Amount
• Geographical origin/destination
• Account signatories.

There is a specific requirement that, on a regular basis, a firm should conduct an AML/CFT audit to:

• Attest to the overall integrity and effectiveness of the AML/CFT systems and controls;
• Assess its risks and exposures with respect to size, business lines, customer base and geographic locations;
• Assess the adequacy of internal policies and procedures, including customer identification and verification, record-keeping and retention, reliance relationships and supporting documentation, and transaction monitoring;
• Test compliance with the relevant laws and regulations;
• Test transactions in all areas with emphasis on high-risk areas, products and services;
• Assess employees' knowledge of the laws, regulations, guidance and policies and procedures;
• Assess the adequacy, accuracy and completeness of training programmes; and
• Assess the adequacy of the procedures for identifying suspicious activity.

27.9.14 Staff Training

Staff should be adequately trained to enable them to identify such activity and be trained in the internal reporting systems required for compliance with the regulations. Staff training should be documented and will be subject to regulatory review. It is good practice for all institutions to maintain and regularly review their instruction manual for all employees relating to entry, verification and recording of customer information and reporting procedures.

27.9.15 Suspicious Transaction Reporting

Where a staff member conducts enquiries and obtains what he considers to be a satisfactory explanation of a complex or unusual large transaction, or unusual pattern of transactions, he may conclude that there are no grounds for suspicion, and therefore take no further action as he is satisfied with matters. However, where the enquiries conducted by the staff member do not provide a satisfactory explanation of the activity, he may conclude that there are grounds for “suspicion” requiring disclosure.

Previously, financial services providers had been required to make a report relating to suspicious activity based on knowledge or suspicion that a person was involved in money laundering. The requirement to report now arises if a person knows or suspects, or has reasonable grounds for knowing or suspecting, that another person is engaged in criminal conduct. As such, those in the regulated sector have an obligation to report all breaches of law, no matter their severity or even whether they are related to money laundering.

Indicators of potentially suspicious transactions include:

• Any unusual financial activity of the customer in the context of his own usual activities;
• Any unusually linked transactions;
• Any unusual method of settlement;
• Any unwillingness to provide the information requested.

If the MLRO decides that a disclosure should be made, a report, in standard form, should be sent to the reporting authority. The form should be completed in its entirety and any fields that are not applicable should be so indicated. It is important that the MLRO fills in the form to the fullest extent possible, providing as much relevant information and detail as they have available. This will provide more assurance that the information provided is of benefit to the FRA.

It is important to note that SARs must be filed with the Financial Reporting Authority (FRA) on a suspicious transaction even if the transaction did not proceed.

27.9.16 Penalties

The monetary authority will be examining the extent to which institutions are following the procedures during the course of on-site inspections and may take appropriate action as authorised by the regulatory laws, where warranted. In determining what action to take, the monetary authority will take into account the overall circumstances including the seriousness of the non-compliance, the number of instances of non-compliance and the failure to respond to any previous recommendations or warnings given by the monetary authority.

A person who breaches the AML compliance requirements can be liable, on summary conviction, to a fine of five thousand dollars, or on conviction on indictment, to a fine and to imprisonment for two years.

27.9.17 Case Studies

The Cayman Islands was recently used as a base for a half-a-billion-dollar international pyramid scheme, with a Cayman Islands resident cooperating with two US citizens to defraud almost 2,000 investors. The “Cash4Titles” plan involved lending money to borrowers who put up titles of their motor vehicles as security, but by the time it was closed down, old investors were being paid off by the income from new investors, essentially a standard Ponzi scheme.

Offshore companies were formed by the criminals to launder the illegal finances, which highlights the importance of corporate due diligence and ascertaining the exact purpose of a corporate client. This also highlights the Cayman Islands government's commitment to combating money laundering.

27.10.1 Overview

The People's Republic of China has recently sought to bring its AML provisions into alignment with other Asian jurisdictions with robust financial crime deterrence legislation and procedures, such as those that have been implemented in Singapore.

The position of China both geographically and economically has highlighted the need for stringency. Moreover, the strength of the money-laundering-deterrence regimes in its neighbouring jurisdictions has prompted an urgent response from China. In China, money laundering most commonly arises through the following channels:

• Cash smuggling;
• The use of legitimate banking systems – various deposit accounts;
• Underpriced export/counterfeit goods;
• Underground banking systems.

In recent years, there has been an increase in more technologically based crime due to the emergence of e-banking and e-currency.

27.10.2 Key Legislation

The relevant AML laws in China are:

• Anti-Money Laundering Law of the People's Republic of China 2006.
• The People's Bank of China Decree No.1 [2006] – The Rules for Anti-money Laundering by Financial Institutions.

Together, the AML laws and rules provide a procedural reference guide for financial institutions. The money-laundering offences are also found in the 1997 revision of the 1979 Penal Code under Articles 191, 312 and 349.

27.10.3 FATF Assessment

China was placed on an enhanced follow-up process as a result of partially compliant and non-compliant ratings in certain of the Core and Key Recommendations in its mutual evaluation report of 2007. However, it was removed from the enhanced follow-up measures in 2012 following progress in the AML regime.

27.10.4 The Primary AML Investigation/Regulatory Authorities

27.10.5 Outline of Specific Money-laundering Offences

The money-laundering offences are contained in the Chinese Penal Code.

Article 191 contains the drug and gang proceeds offence. An offence is conducted by whoever, while clearly knowing that the funds are proceeds illegally obtained from drug-related or gang-related crimes, commits any of the following acts in order to cover up or conceal the source or nature of the funds:

• Providing fund accounts;
• Helping to exchange property into cash or any financial negotiable instruments;
• Helping to transfer capital through transferring accounts or any other form of settlement;
• Helping to remit funds to any other country; or
• Covering up or concealing by any other means the nature or source of the illegally obtained proceeds and the gains derived therefrom.

Article 312 provides that whoever knowingly conceals, transfers, purchases or helps to sell illegally acquired goods commits an offence.

Article 349 contains a further drug-related offence. This makes it an offence for anyone to shield offenders engaged in smuggling, trafficking, transporting or manufacturing narcotic drugs or to harbour, transfer or cover up for such offenders, narcotic drugs or their pecuniary and other gains from such criminal activities.

27.10.6 Penalties

For committing the drug or gang proceeds offence, in addition to the confiscation of the proceeds and gains, the perpetrator can be sentenced to imprisonment of up to five years and/or be fined between 5 and 20% of the amount of money laundered. If the circumstances are serious, the imprisonment will be between five and ten years and they will still have to pay the fine.

Where a company commits the offence, it shall be fined, and the persons who are directly in charge and the other persons who are directly responsible for the crime shall be sentenced to up to five years' imprisonment.

Knowingly concealing, transferring, purchasing or helping to sell goods is punishable by up to three years' imprisonment, criminal detention or public surveillance and possibly a fine.

A violation of Article 349 is punishable by imprisonment, criminal detention or public surveillance of up to three years. In more serious cases, this can be increased to up to ten years. Any conspirators to the crime are treated as joint offenders.

27.10.7 Scope

The Rules apply to:

• Commercial banks, city credit cooperatives, rural credit cooperatives, postal savings institutions and policy banks;
• Securities companies, future brokerage companies and fund-management companies;
• Insurance companies and insurance asset management companies;
• Trust and investment companies, financial asset management companies, finance companies, financial leasing companies, auto finance companies and money brokerage companies;
• Other financial institutions specified and announced by the People's Bank of China.

27.10.8 AML Regime

Under Article 15 of the AML Law, each financial institution is required to establish and implement an anti-money-laundering internal control programme. Persons in charge of the financial institution are required to take responsibility for the effective implementation of the internal control programme, and each financial institution is also required to establish a specialised unit or designate a unit to be responsible for anti-money-laundering tasks.

27.10.9 Role of the MLRO/Nominated Officer

Financial institutions and their branch offices are required to:

• Establish a sound anti-money-laundering internal control system;
• Establish a specialised unit or designate a unit to be responsible for anti-money-laundering tasks;
• Formulate internal operational procedures and control measures for anti-money-laundering tasks;
• Carry out staff training on anti-money laundering so as to strengthen their working capacities.

Responsible persons of financial institutions and their branch offices shall take responsibility in effective operation of the anti-money-laundering internal control system.

27.10.10 Due Diligence

Financial institutions shall establish and implement a customer identification system according to rules and regulations. The object of this system is:

• To identify a customer who wishes to establish business relations or requires occasional financial services above the prescribed amount, by requiring the customer to present an authentic and valid identity card or other identity documents, by verifying and registering such documents and by updating, in a timely manner, any change in a customer's identity information;
• To understand the purpose and nature of a customer's transaction and effectively identify beneficiaries of the transaction in line with relevant rules and regulations;
• To re-identify a customer when detecting any abnormal phenomenon in the process of business operation or suspecting the authenticity, validity or integrity of a customer's identity documents obtained previously;
• To make sure that an overseas financial institution with which it has a correspondent or similar relationship effectively conducts customer identification, and that it can obtain a customer's identity information from such overseas financial institutions.

27.10.11 Ongoing Monitoring

In cases where financial institutions have questions regarding the authenticity, validity or completeness of the ID of clients obtained previously, they shall re-establish the identification of clients. During the course of business relations, when changes are made to client ID information, updates to the records shall be completed without delay.

27.10.12 Staff Training

Financial institutions should conduct anti-money-laundering training in line with the requirements of prevention and monitoring of money laundering. As staff are bound by the AML requirements, the training must inform them of their obligations and the penalties for non-compliance.

27.10.13 Record-keeping

Financial institutions shall keep customers' identity records and transaction information such as a transaction's statistics, vouchers and accounting materials. Financial institutions and their staff shall keep confidential customer identity material and transaction information acquired when fulfilling their anti-money-laundering obligations, and shall provide such material and information to other institutions or individuals in strict accordance with relevant laws.

Financial institutions shall develop a system to keep information on client ID and trading records, as requested. Upon the completion of business relations, or the conclusion of trading, the client ID information and the trading records shall be kept for at least five years. When financial institutions go bankrupt and are dissolved, they shall transfer the information on client ID and trading records of clients to the agencies designated by the related department of the State Council.

27.10.14 Suspicious Transaction Reporting

Financial institutions shall report any large-value (denominated either in RMB or foreign currencies) and suspicious transactions to the China Anti-Money Laundering Monitoring and Analysis Centre. These reports will be confidential. In addition, when any suspicion of crime arises while carrying out its anti-money-laundering responsibilities, a financial institution shall promptly report, in a written form, to the local branch office of the People's Bank of China and the public security agency.

Financial institutions and their staff shall keep information of their anti-money-laundering work, such as reporting of suspicious transactions or cooperation with the People's Bank of China, confidential, and should not provide such information to their customers or other individuals, since this would be in violation of regulations.

When the People's Bank of China or any of its provincial branch offices finds that a suspicious transaction needs further investigation or verification, it can request from the financial institution information on the customer account(s) involved in the transaction, records of the transaction and other related material. The financial institution must cooperate with any requests made.

Furthermore, financial institutions must implement a system to enable the reporting of large-value trading and suspicious trading. In cases where the value of a single transaction or the accumulated value of transactions within a specified period of time exceeds the specified amount or suspicious transactions are spotted by financial institutions, the financial institutions should report to the information centre of the anti-money-laundering authority without delay.

27.10.15 Auditing Requirements

Financial institutions shall submit, in accordance with regulations issued by the People's Bank of China, anti-money-laundering statistical reports, information and material, and the anti-money-laundering-related content in their audit report.

27.10.16 Penalties

In cases where the staff of the anti-money-laundering authority and other departments and agencies that are responsible for regulating anti-money laundering are found to have committed any of the following acts, they will be subject to administrative sanctions:

• Investigating, inspecting or taking temporary freezing measures in violation of regulations;
• Disclosing national or commercial secrets or personal private details known to them in the course of work related to anti-money-laundering;
• Imposing administrative sanctions on related institutions and individuals in violation of regulations;
• Other acts of violation of regulations.

In cases where a financial institution is found to be guilty of any of the following acts, the anti-money-laundering authority shall request said financial institution to rectify the situation within a specified period of time:

• Failing to set up an internal control system for anti-money laundering, as requested;
• Failing to set up a special unit for anti-money laundering or to appoint an internal unit to be responsible for anti-money laundering, as requested;
• Failing to conduct anti-money-laundering training for its employees.

In cases where the violations are serious, recommendations will be given to the related financial regulatory authorities to request that disciplinary punishments be imposed on directors and senior managers that are directly responsible and other staff that are directly involved.

In cases where a financial institution is found to be guilty of any of the following acts, the anti-money-laundering authority shall request said financial institution to rectify the situation within a specified period of time:

• Failing to implement the duties relating to client identification, as requested;
• Failing to keep client ID information and trading records, as requested;
• Failing to report large-value trading or suspicious trading, as requested;
• Conducting trading for clients whose ID is not clear, or opening an anonymous account or account with fake names for a client;
• Disclosing related information in violation of the regulations on confidentiality;
• Refusing to aid, or hindering, an anti-money-laundering investigation or inspections;
• Refusing to provide investigation materials or providing false documents intentionally.

In cases where the wrongdoings are serious, a fine of between RMB 200,000 and RMB 500,000 shall be imposed, and the directors and senior managers that are directly responsible, and other working staff that are directly involved, shall be fined between RMB 10,000 and RMB 50,000.

In cases where the above-mentioned acts by a financial institution have resulted in money laundering occurring, a fine of between RMB 500,000 and RMB 5 million shall be imposed on the financial institution and the directors and senior managers that are directly responsible; other working staff that are directly involved will be fined between RMB 50,000 and RMB 500,000. In cases where the violation and consequences are serious, the anti-money-laundering authority may recommend to the related financial regulatory bodies that the financial institution involved should cease trading and undergo re-consolidation, or have its licence to conduct financial business suspended.

For directors, senior managers and other staff members of financial institutions that are directly involved in the acts mentioned in the previous two paragraphs, the anti-money-laundering authority may recommend to the related financial regulatory bodies that the financial institutions concerned impose on them disciplinary punishments, or it may recommend the cancellation of their post-assumption qualifications according to law, or prevent them from engaging in related financial business.

Additionally, under the rules the PBC can:

• Order the financial institution to suspend business and take remedial actions or revoke its business licence;
• Disqualify directors, senior executives and other employees held immediately accountable for the misconduct from holding any positions and ban them from working in the financial industry;
• Order financial institutions to issue a disciplinary warning to directors, senior executives and other employees held immediately accountable for the misconduct.

Violations of the provisions of this law which constitute crimes shall be subject to criminal liability investigation according to law.

27.10.17 Case Studies

The booming art market in China is suspected to be hiding millions of dollars of illicit funds, although this can be difficult to prove. Experts say that “show bidding”, which involves deliberately overpaying for poor art to inflate its resale value, is a technique used to launder criminal proceeds, and is successful because of the subjective nature of the value of art. Sometimes bribes are thought to pass through art transactions, so a percentage (if not all) of the value of the price of the artwork may actually be a bribe to the seller. The buyer and the seller may have an entirely different illicit relationship, but to an outside observer it would be impossible to prove that the pair had ever met.

Financial institutions need to be aware of this criminal activity, and transactions of this nature should be treated with extreme caution. In one high-profile incident, a Chinese businessman had a fake ancient jade burial suit made up. After getting a group of appraisers to verify its authenticity and value it at $375 million, he used the suit as security on a $100 million bank loan. A loan of this size with a worthless security could cripple a financial institution, so stringent, independent checks were carried out on every aspect of the situation. For this and a number of other, similar frauds, the businessman received a life sentence.

Another illicit financial market was uncovered recently in Hunan province. A simple internet search led the police to a billion-dollar illegal banking market, cutting out legitimate financial institutions altogether. This highlights the need for financial institutions to thoroughly investigate the source of wealth of their clients, and be aware that the assets clients declare may not truly reflect the assets they have to their name.

27.11.1 Overview

Denmark has made significant progress in its AML programme over recent years. The FATF, despite being critical in the past, has recognised that the changes Denmark has made have brought the country in line with the international AML standards.

27.11.2 Key Legislation

The Act on Measures to Prevent Money Laundering and Financing of Terrorism, passed in April 2012 as a consolidation of the 2011 version, is the current AML law.

27.11.3 Legislative History

The Third EC Directive on Money Laundering was implemented in Denmark by Danish Act No. 117 of 27th February, 2006 through the enactment of Measures to Prevent Money Laundering and Terrorist Financing, which entered into force on 1st March, 2006. The Act was later amended and consolidated by Danish Act No. 442 of 11th May, 2007.

Denmark has adopted a risk-based approach to AML, and the 2007 consolidated Act addressed areas such as enhanced customer due diligence and beneficial ownership. There are no strict guidelines which indicate signs of criminal activity at financial firms. Danish regulators are obliged to correct any misapprehensions that firms might have. In 2006, the Danish prosecutor's office published a non-exhaustive report indicating matters that might be indicative of money laundering or terrorist financing.

Denmark passed a new law in April 2012 – the Act on Measures to Prevent Money Laundering and Financing of Terrorism – which consolidated the Danish Act on Measures to Prevent Money Laundering and Financing of Terrorism of 15th April, 2011.

27.11.4 FATF Assessment

The 2006 assessment found Denmark to be partially compliant with the required AML standards. However, in October 2010 after a follow-up report, the FATF recognised that Denmark had made significant progress in addressing deficiencies identified in the previous report and removed the country from the regular follow-up process. The FATF agreed that Denmark should now report on any further improvements to its anti-money-laundering/combating the financing of terrorism (AML/CFT) system on a biennial basis.

However, the FATF did highlight in its follow-up report that doubts remain regarding the effectiveness of the STR reporting regime, and there are deficiencies in the process for identifying low-risk customers. Despite these issues, though, Denmark is described as, on the whole, largely compliant.

27.11.5 The Primary AML Investigation/Regulatory Authorities

27.11.6 Outline of Specific Money-laundering Offences

Money laundering is criminalised under Article 290 of the Criminal Code. Furthermore, Section 4 of the AML Act defines what constitutes “money laundering” under the Act. Money laundering shall mean:

• Unlawfully accepting or acquiring for oneself or others a share in profits, which are obtained by a punishable violation of the law (which also covers actions carried out by the person who committed the punishable violation of the law from which the profits originate);
• Unlawfully concealing, keeping, transporting, assisting in disposal or in a similar manner subsequently serving to ensure, for the benefit of another person, the profits of a punishable violation of the law; or
• Attempting or participating in such actions.

27.11.7 Financing of Terrorism

The Act and the Criminal Code define “financing of terrorism” as contributing “by instigation, advice or action to furthering the criminal activity or the common purpose of the group of persons or an association, which commits one or more of the offences as stated in s.114 which is directly or indirectly granting financial support to, provides or collects funds, or makes money available to a person, group or association that commits or intends to commit terrorist acts”. This carries a penalty of imprisonment for any term not exceeding six years.

Section 2 describes the ban against cash transactions. Retailers and auctioneers may not receive cash payments of DKK 100,000 or more irrespective of whether payment is effected in one instance or as several payments that seem to be mutually connected.

Section 27(1) is similar to the tipping-off offence which exists in common with all other countries that have implemented the EU Directive and FATF Recommendations. It is a prohibition which states that all undertakings, employees and all other persons shall be obliged to keep secret the fact that a notification or suspicion has been passed to the State Prosecutor for Serious Economic Crime. Once information has been reported, it may be passed on by virtue of Section 27(2–7) to:

• The authorities and organisations that supervise compliance with the Act.
• Undertakings belonging to the same group as defined by Article 2(12) of Directive 2002/87/EC (“a group of undertakings, which consists of a parent undertaking, its subsidiaries and the entities in which the parent undertaking or its subsidiaries hold a participation, as well as undertakings linked to each other by a relationship within the meaning of Article 12(1) of Directive 83/349/EEC”).
• Lawyers providing assistance in the planning or execution of transactions for their clients concerning purchase and sale of real property or undertakings, managing their clients' money, securities or other assets, opening or managing bank accounts, savings accounts or securities accounts, raising the necessary capital for establishment, operation or management of undertakings, or establishing, operating or managing undertakings, or who carry out a financial transaction or a transaction concerning real property, and State-authorised public accountants and registered public accountants if both the person divulging the information and the person receiving the information carry out their activities within the same legal unit or network.
• Persons or undertakings covered by Section 1(1), nos. 1–14 (which includes banks, mortgage-credit institutions, investment companies and investment management companies) provided:
  • that the information relates to an undertaking or person that is a customer of both the undertaking or person divulging the information and the undertaking or person receiving the information, and that the information relates to a transaction involving both parties;
  • that the undertaking or person divulging the information and the undertaking or person receiving the information have the same occupation;
  • that the undertaking or person divulging the information and the undertaking or person receiving the information are subject to uniform requirements as regards duty of confidentiality and protection of personal data; and
  • that the information exchanged is only applied for prevention of money laundering and financing of terrorism.

27.11.8 Penalties

Money laundering is punishable, under Article 290 of the Criminal Code, by 18 months' imprisonment, which can be increased to six years for serious or organised crimes.

Section 26 states that undertakings and persons subject to the Act shall provide information in good faith and shall not incur liability. Disclosure on information under the Act shall not be considered a breach of any duty of confidentiality.

27.11.9 Scope

The Act applies to various financial institutions including, but not exclusive to, banks, mortgage-credit institutions, investment companies, investment management companies, life assurance companies and lateral pension funds.

27.11.10 Role of the MLRO/Nominated Officer

Undertakings and persons have an obligation under Section 25(2) of the Act to appoint a person at management level to ensure that undertakings comply with their obligations under the Act and any subsequent regulations or directives. They must have access to customer information and other relevant information in order to ensure that the undertakings and persons comply with the obligations stipulated in this Act, under Section 25(3).

Employees should be informed by the person appointed under the sections above that their duties and obligations are stipulated under the Act. If there is no person able to perform the role, the duty falls on the employer.

27.11.11 Due Diligence

Part 4 of the Act details the customer due diligence requirements which relevant undertakings must carry out in order to identify the clients when they suspect money-laundering activity. Undertakings and persons under this Act are required to have knowledge of their customers; this will require customers to provide proof of identity when establishing a business relationship or when opening an account.

When a firm conducts single transactions or business with occasional customers, undertakings and persons covered by the Act must carry out due diligence, including proof of identity for each transaction of an amount corresponding to DKK 100,000 or more. The requirements concerning proof of identity apply irrespective of whether the transaction is completed in one or more related operations if these appear to be connected.

27.11.12 Ongoing Monitoring

There is a requirement for customer relationships to be monitored on a regular basis. Specifically, transactions undertaken throughout the course of the relationship should be monitored to ensure that the transactions being conducted are consistent with the undertaking's or person's knowledge of the customer and the customer's business and risk profile, including, where necessary, the source of funds.

Documents, data and other information about the customer should be kept up to date. The enhanced due diligence requirements also highlight the obligation to continuously monitor business relationships.

27.11.13 Staff Training

Undertakings and persons under the Act must prepare adequate written internal rules about customer due diligence, reporting, record-keeping, internal control, risk assessment, risk management, management controls and communication as well as training and instruction programmes for their employees in order to forestall and prevent money laundering and the financing of terrorism. Adequate written internal rules shall also be prepared on compliance with the Regulation of the European Parliament and of the Council on information on the payer accompanying transfers of funds, where this is relevant, and regulations containing rules on financial sanctions against countries, persons, groups, legal entities or bodies. This obligation rests with the employer, unless a person at management level has been appointed to ensure compliance with the Act.

Undertakings must appoint a person at management level to ensure that the undertaking complies with its obligations under the Act. Furthermore, employees should be informed that their duties and obligations are stipulated under the Act.

27.11.14 Record-keeping

Undertakings and all persons subject to the Act must store identity information for no more than five years after the customer relationship has ceased. Documents and records concerning transactions must also be stored so that they can be located for at least five years after performance of the transactions.

If an undertaking ceases activities, the last acting management shall ensure that identity information continues to be stored. In the case of bankruptcy, the court may decide the persons who may store identity information.

27.11.15 Suspicious Transaction Reporting

Undertakings and persons under the Act are required to pay special attention to customers' activities which, by their nature, can be associated with money laundering or the financing of terrorism. Special attention must be given to transactions which are particularly large and/or complex, unusual patterns of transactions for the customer and transactions which have connection to countries or territories where, pursuant to declarations from the Financial Action Task Force, there is deemed to be a special risk of money laundering or financing of terrorism. Any suspicion that a customer's transaction is associated with money laundering must be investigated, recorded and kept. Such suspicions must also be notified to members of the Danish Bar and Law Society, who will assess whether the suspicion is subject to reporting obligations and will immediately forward notification to the State Prosecutor for Serious Economic Crime.

If the suspicion relates to offences punishable by imprisonment for more than one year and the suspicion cannot be disproved, the State Prosecutor for Serious Economic Crime should be informed immediately.

If the suspicion is related to money laundering and the transaction has not already been carried out, the transaction shall be suspended until notification has been given to the State Prosecutor. If effectuation of the transaction cannot be avoided, or if it may harm the investigation, notification can be given immediately after effectuation.

If the suspicion is related to the financing of terrorism, transactions from the account or transactions from the person in question may only be carried out with the consent of the State Prosecutor for Serious Economic Crime. The Prosecutor shall decide, as soon as possible and no later than the end of the banking day following receipt of the notification, whether seizure is to be effected.

The police have authority under the Administration of Justice Act to demand any information necessary for investigation of the case from undertakings and other persons under this Act.

If the Danish FSA or Danish Commerce and Companies Agency learns of circumstances that are presumed to be associated with money laundering or the financing of terrorism, these authorities are under an obligation to notify the State Prosecutor of Serious Economic Crime.

The Danish FSA, when acting on the recommendations of the Financial Action Task Force, has set out specific regulations on the duties which apply to undertakings, requiring them to systematically submit information to the State Prosecutor concerning financial transactions with non-cooperative countries in connection with combating money laundering.

27.11.16 Penalties

Intentional or grossly negligent breaches of the above requirements will mean that undertakings and persons under the Act shall be subject to a fine. Intentional or grossly negligent violation of Section 35(2), which prohibits unlawfully divulging information to others, shall subject the undertakings or persons to a fine, unless more severe punishment is incurred under the regulations of the Criminal Code.

For particularly gross or extensive intentional violations regarding the ban against receiving cash payments of DKK 100,000 or more, breaches of reporting and investigating obligations and due diligence requirements which relate to proof of identity for regular customer relationships, occasional customers and transactions for a third party and record-keeping obligations, the penalty may be increased to imprisonment for up to six months.

In cases involving the failure to supply the Danish Commerce and Companies Agency and/or the Danish FSA with all information necessary for supervision and compliance with the Act, these bodies will be entitled, as a coercive measure, to impose daily or weekly fines on the person or undertaking responsible.

An intentional or grossly negligent violation of the record-keeping requirements will mean that undertakings shall be subject to a fine, unless more severe punishment is incurred under the regulations of the Danish Criminal Code.

Companies may incur criminal liability according to regulations in Chapter 5 of the Criminal Code.

27.11.17 Case Studies

Suspicious transaction reports have been used to good effect on a number of occasions in Denmark. In one case, an account was actually being used by the customer's husband to conduct various fraudulent activities: hiring out fictitious holiday homes and selling shares under various names, for example.

The alarm was raised when another customer, who had only ever made one previous transaction to the account, made 120 transfers in one week. Ongoing monitoring of the account's activity was key to securing a conviction here, as well as avoiding financial and reputational damage to the financial institution.

Reports have also been used to highlight overseas scams. In various cases, victims had transferred around DKK 200,000 to people they had never met, some of them believing they were starting a relationship with the recipient. Dating websites and other social media had been used to make contact, and often the victims did not realise they were the victims of fraud. Financial institutions should be aware that these situations do occur, and enhance the due diligence and monitoring procedures when large amounts of money are being transferred to foreign jurisdictions for no apparent reason.

Phishing is another criminal practice which has been reported in Denmark. Phishing is when a criminal accesses a customer's bank account without their knowledge or permission, and transfers money from there to another “interim account”. The owner of the interim account, or “mule”, is told that they will be paid to transfer the money to the recipient, but is actually facilitating the money-laundering process. In one case, the mule was recruited via an email about an extra job; he responded by registering his details on a website belonging to a company which, judging by its name, was engaged in fast money transfers. He was called and told that money from German car contracts had been deposited in his account. He then received an email with instructions, but when he wanted to withdraw the money from his account in order to follow them, the bank had frozen the money. He was later found guilty of attempted money laundering.

27.12.1 Overview

The existence of money-laundering activity in Finland is limited; however, it is still monitored, with Finland having effective legislation in place in accordance with its international obligations. In 2007, the FATF noted that there have been few convictions for money laundering, that the number of prosecutions for offences is low and that the number of sentences provided for money-laundering convictions in Finland is also low.

27.12.2 Key Legislation

The Act on Preventing and Clearing Money Laundering and Terrorist Financing 2008 provides the AML legislative framework.

27.12.3 Legislative History

The main anti-money-laundering legislation in Finland is the Act on Preventing and Clearing Money Laundering and Terrorist Financing (503/2008), (AMLA). The Act came into force on 1st August, 2008 and incorporates the Third EC Directive into national law. According to the Finnish Financial Supervisory Authority, the Act is supplemented by Government Decree 616/2008, supplemented by Government Decree 1204/2011, Decision by the Ministry of the Interior 156/2010 and Government Decision 1022/2010. However, only Government Decree 616/2008 is listed on the official website of government decrees. Standard 2.4 of the 2010 FIN-FSA Code of Conduct provides guidance on the customer due diligence (CDD) and reporting requirements.

27.12.4 FATF Assessment

The 2007 mutual assessment noted that Finland has a good legal structure to combat money laundering and terrorist financing, and that the related offences are quite broad. The due diligence requirements were, however, lacking, for example with regard to PEPs and beneficial owners, but in June 2013, the FATF removed Finland from the regular follow-up process to which it had previously been subject.

27.12.5 The Primary AML Investigation/Regulatory Authorities

27.12.6 Outline of Specific Money-laundering Offences

The definition of money laundering under the Act refers to Chapter 32, Sections 6–10 of the Penal Code (39/1889). Money laundering is defined in Section 6 of the Penal Code as the action of a person who:

• Receives
• Converts
• Conveys
• Transfers or
• Transmits property acquired through:
  • an offence;
  • the proceeds of crime; or
  • property replacing such property in order to:
    • conceal,
    • obliterate the illegal origin of such proceeds of property in order to assist the offender in evading the legal consequences of the offence, or
    • conceal or obliterate the true nature, origin, location or disposition of, or rights to, property acquired through an offence, the proceeds of an offence or property replacing such property, or assist another in such concealment or obliteration.

27.12.7 Penalties

The penalty for being found guilty of money laundering could be in the form of a fine or imprisonment for up to two years. The Code also states that even an attempt to undertake money laundering is punishable. The scope of the Act is addressed in the next section.

In cases of aggravated money laundering, where the property acquired has been very valuable or the offence is committed in a deliberate manner, the offender may face imprisonment for at least four, and up to six, years (Section 7 of the Penal Code).

Section 8 of the Penal Code states that a person who agrees with another on the commission of aggravated money laundering directed at the proceeds of bribery, the acceptance of a bribe or aggravated tax fraud or aggregated subsidy fraud or a property replacing such fraud shall be sentenced for conspiracy for the commission of aggravated money laundering to a fine or imprisonment for up to a year.

If the money laundering referred to in any of the above offences is considered to be petty when assessing the consideration of the value of money as a whole, the offender shall be sentenced solely to a fine for a money-laundering violation.

27.12.8 Scope

The AMLA applies to 24 different varieties of financial institution, including:

• Credit institutions;
• Branches of foreign credit and financial institutions;
• Investment firms;
• Branches of foreign investment firms;
• Limited liability companies or cooperatives engaged in restricted credit institution activities;
• Insurance companies and pension insurance companies;
• Gaming operators;
• Real estate businesses and apartment rental agencies;
• Auditors;
• Businesses or professions providing tax advice in particular;
• Businesses or professions providing money transmission or remittance services other than general payment transmission services;
• Businesses or professions performing external accounting functions;
• Businesses or professions dealing in goods, to the extent that payments are made in cash in an amount of EUR 15,000 or more, whether the transaction is executed in a single operation or in several operations which are linked.

27.12.9 Risk-based Approach

Finland has adopted a risk-based approach. Entities are under an obligation to assess the risks of money laundering and funding of terrorism, by taking into account the risks specifically related to their business, products, services, technological development and their clients' businesses and business activities.

Additionally, AMLA requires that supervised entities assess the adequacy of their CDD procedures on the basis of a documented risk analysis. Supervised entities should have adequate risk-management systems for assessing risk exposures to customers in their activities. Due diligence procedures and risk management for prevention of fraud, such as money laundering, need not be organised in a unit separated from the rest of the risk-management or business operations. Therefore, in Finland the unit may be integrated with the supervised entity's general risk-management and internal control functions. However, even though this is allowed, we would still expect firms to consider having the unit segregated from such functions and perhaps aligning it more closely to the legal, compliance and fraud investigation units.

27.12.10 Role of the MLRO/Nominated Officer

The 2010 Code of Practice introduced the concept of an MLRO, by providing that:“The organisational structure of the supervised entity shall include the appointment of a contact person responsible for the prevention of money laundering and terrorist financing. The position and duties of the supervised entity's contact person may vary according to the organisational structure of the entity. The contact person must be in an independent, preferably non-business, position with the powers and capacity to act in such practical matters related to the prevention of money laundering and terrorist financing as require immediate action, such as reporting suspicious transactions or responding to enquiries from authorities.”

27.12.11 Due Diligence

On the basis of a risk-based assessment, entities should identify whether to apply normal, reduced or enhanced CDD. In customer relationships where supervised entities, on good grounds, have come to the conclusion that the business conducted has only minor or no money-laundering and/or terrorist-financing risks, normal due diligence is sufficient. In certain situations, the AMLA allows simplified customer due diligence.

Parties subject to the reporting obligation are required to obtain information on their customers' transactions, the nature and extent of the customers' business and the grounds for the use of a service or product. Parties subject to the reporting obligation should pay particular attention to transactions which are unusual in respect of their structure or extent or the size or office of the parties subject to the reporting obligation. The same also applies if transactions have no apparent economic purpose or if they are inconsistent with the parties' experience or knowledge of the customers. If necessary, measures should be taken to establish the source of funds involved in a transaction.

Parties subject to the reporting obligation are required to identify a customer's identity when they:

• Establish a customer relationship with a new customer (regular customer relationship);
• Suspect that a previously identified regular customer's identification and verification data are not sufficient or reliable;
• Without establishing a customer relationship, carry out a single transaction that individually or as the sum of interrelated transactions amounts to at least EUR 15,000;
• Detect a suspicious transaction or suspect that funds included in the transaction are being used for terrorist financing; or
• Perform a transfer of funds exceeding EUR 1,000 in cash.

27.12.12 Ongoing Monitoring

Customer relationships must be continuously reviewed so as to monitor adequately the nature, extent and risks of the customers' transactions in order to ensure that the transactions conducted are consistent with parties' experience or knowledge of their customers and business. Such monitoring must be ongoing to ensure that parties subject to the reporting obligation detect any exceptional or unusual patterns or transactions.

The risk assessments must be updated regularly, taking into account any changes occurring in the services provided by the supervised entity and/or the activities of the customer (for example, introduction of new products, system changes and changes in customer ownership structure and business activities). The supervised entities shall be able to demonstrate to FIN-FSA that their customer due diligence and risk-management procedures are sufficient in relation to the existing risks and that the money-laundering and terrorist-financing risks related to the entity's nature of operations, customer relationships, products, services and to technical developments have been assessed.

Supervised entities should arrange adequate monitoring in light of the nature, extent and risks of customer operations. The ongoing monitoring shall be systematic and comprehensive, considering the scope of operations and the risks in customer relationships. The supervised entity shall have internal instructions for using ongoing monitoring procedures as well as adequate resources and internal control.

27.12.13 Staff Training

Supervised entities shall see to it that their employees are given proper training in order to ensure compliance with the provisions on preventing money laundering and terrorist financing. Regular, comprehensive training of employees should be arranged at all levels of the organisation, particularly for such groups of employees as are involved in customer relations, product development, clearing, safe-keeping and payment and/or settlement systems. All training should be recorded in a separate training register.

The obligation of protecting employees as referred to in the AMLA means that the employer should have adequate and appropriate procedures for protecting employees who report suspicious transactions to the financial intelligence unit. The obligation of protecting employees can be fulfilled through, among other things, instructions and internal training of employees, and ensuring that the identities of employees who undertake such reporting are not disclosed to customers.

Supervised entities shall also have internal instructions on customer due diligence procedures to be conducted and procedures adopted to ensure compliance with the obligation of obtaining information and reporting suspicious transactions to prevent money laundering and terrorist financing. The instructions shall be adapted to their own operations and services. The instructions should take into account, among other things, internal processes, distribution channels and products as well as outsourced activities and agent relationships. The instructions should also consider product and system developments and expansion of operations into new markets.

27.12.14 Record-keeping

Identification, identity verification and customer due diligence information should be documented and retained so that the supervised entity can later show the authorities how each customer was identified, which documents or what information was used as proof of identity and who carried out the customer identification. In addition, for customer due diligence and risk management of the customer relationship, the supervised entity should retain sufficient and essential information on the customer, its representatives, ownership structure and beneficial owners as well as members of a legal person's board of directors or corresponding decision-making body. The retention duty also applies to information on the nature of customer activities, the legal person's ordinary industry sector, the scope of operations and the services provided by the supervised entity and the use thereof.

Records must be kept of all customer due diligence data in a secure manner for a period of up to five years following the end of regular customer relationships. The data must be kept separate from the customer register, and must be removed five years after making a report, unless it is necessary to keep records of the data for a longer period (such as for the purpose of criminal investigation pending judicial proceedings). The need to keep records of data shall be reviewed no later than three years after the previous occasion on which it was reviewed.

When an occasional transaction amounts to over EUR 15,000 or to EUR 3,000 or more in cases of gaming activities, records must be kept of customer due diligence data for a period of five years following the carrying out of a transaction.

27.12.15 Suspicious Transaction Reporting

Compliance with the obligation to obtain information as referred to in the AMLA requires that supervised entities have adequate knowledge of their customers' activities so that they can detect unusual orders or transactions and report them. Parties that are subject to reporting obligations shall obtain information on their customers' transactions, the nature and extent of the customers' business and grounds for the use of a service or product. Monitoring should be arranged in view of the nature, extent and risks of the customer's transactions in order to ensure that the transaction being conducted is consistent with parties' experience and knowledge of the customers and their business.

Having detected an unusual transaction, a supervised entity is obliged, within reasonable means available, to examine the background of the transaction as well as the origin and purpose of funds included. Information may be obtained from, for example, official registers or the supervised entities' own registers or by requesting more detailed information on the transaction from the customer, such as contracts or other documents supporting the transaction. Supervised entities are also entitled to check customers' credit information.

Having fulfilled obligations to obtain information, parties subject to the reporting obligation shall immediately report a suspicious transaction or suspicion of terrorist financing to the financial intelligence unit. The report should generally be made electronically. It is only if there is a special reason preventing electronic delivery that the report may also be submitted in some other manner. Parties subject to the reporting obligation shall give the financial intelligence unit, free of charge, all the necessary information and documents that could be significant in clearing the suspicion.

Supervised entities should act without delay so that funds or other assets related to a suspicious transaction are not transferred beyond authority access. If their suspicions are aroused, supervised entities may, at their own discretion, take the following courses of action:

• Suspend a transaction for enquiries;
• Reject a transaction if, for example, the customer's identity cannot be reliably established;
• Execute a transaction if the supervised entity cannot leave the transaction unexecuted or suspension or rejection of the transaction would be likely to hinder discovery of the beneficiary of the transaction.

Supervised entities should inform the financial intelligence unit if:

• A transaction is suspicious even after enquiries have been made to fulfil the obligation to obtain information;
• A customer is unwilling to provide the requested information;
• The supervised entity considers the provided information unreliable;
• The supervised entity rejects the execution of a suspicious transaction;
• The supervised entity executes a suspicious transaction;
• The supervised entity, after execution of the transaction, obtains information that renders the transaction suspicious.

There are additional obligations where the suspicious transaction originates from a high-risk country.

When a suspicious transaction is reported to the financial intelligence unit, the report is not a report of an offence (investigation request). It is a report based on a supervised entity's detection of an unusual transaction or order in the financial market. No minimum amount (in money) has been specified for such a report. The supervised entity need not know or evaluate what kind of criminal offence may have been committed.

A commanding police officer working at the financial intelligence unit may give parties subject to the reporting obligation an order that they should refrain from conducting transactions with a customer for no more than five working days, if such a suspension is considered necessary to prevent what is clearly money laundering or terrorist financing from being conducted.

The financial intelligence unit may also give such an order at the request of a foreign authority responsible for preventing money laundering and terrorist financing.

27.12.16 Reporting Thresholds

The reporting and due diligence threshold is when the sum of a transaction amounts to EUR 15,000, whether the transaction is carried out in a single operation or several operations which are linked to each other. The threshold is EUR 3,000 for amounts which relate to the proceeds from gaming activities.

27.12.17 Penalties

Penalties can be imposed on those subject to reporting obligations for breaching provisions of the Act. Parties subject to reporting obligations are liable for the financial loss sustained by their customers as a result of clearing a transaction, reporting a suspicious transaction or suspending or refusing to conduct a transaction, only if the parties have failed to carry out such customer due diligence measures as can reasonably be required of them, considering the circumstances.

Parties who deliberately or through negligence fail to fulfil the obligation to conduct customer due diligence or the obligations to keep records of due diligence data shall be sentenced for violation of customer due diligence to a fine, unless a more severe punishment for the act is provided elsewhere in the law.

Anyone who deliberately or through negligence fails to make a report, discloses reporting to those subject to suspicion or fails to obtain relevant information under provisions under the Act shall be sentenced for violation of the obligation to report money laundering to a fine.

27.12.18 Case Studies

While we started this chapter stating that Finland was not a major centre for money laundering, cases can still occur. One of the largest criminal cases in Finnish legal history actually involved money laundering and various other financial crimes. After investigating over 200 suspects, nearly 100 people were prosecuted and ordered to repay over EUR 5.5 million in unpaid taxes. The crime stemmed from the construction industry, where a large criminal gang had maintained an extensive business with forged receipts, and by employing undocumented workers. The business was used as a cover for criminal proceeds, and the case led to 44 custodial prison sentences.

27.13.1 Overview

The 2012 US Department of State report on France notes that the country remains an attractive venue for money laundering because of “its sizable economy, political stability and sophisticated financial system”. As a consequence, the country has put in place comprehensive and effective systems of financial controls and is at the forefront of reform domestically and internationally to fight money laundering and terrorist financing.

27.13.2 Key Legislation

The money-laundering offence is contained within the French Penal Code. Furthermore, the Monetary and Financial Code (CMF, “The Code”) details obligations on regulated entities with regard to AML procedures, and the ACP guidelines provide further guidance.

27.13.3 Legislative History

France is a European Union (EU) country, and therefore is obliged to implement all three EU money-laundering directives. The First EU Money Laundering Directive (91/308/EEC) was transposed into French law in 2004 and the Second Directive (2001/97/EC) in 2006, with Decree No. 2006-736. According to the International Bar Association Anti-Money Laundering Forum, the Third EU Money Laundering Directive was transposed into French law via Ordinance No. 2009-104 issued on 30th January, 2009. Decree No. 2009-874 was enacted on 16th July, 2009 and Decree No. 2009-1087 on 2nd September, 2009 “in order to make the Third EU Directive effective”.

27.13.4 FATF Assessment

The third mutual evaluation of France, conducted in 2010, noted a variety of changes which strengthened the AML regime. However, although the suspicious transaction reporting (STR) and customer due diligence (CDD) requirements for financial institutions were largely compliant with FATF regulations, it also stated that a “considerable effort” was required with regards to non-financial institutions to achieve the same level of coverage.

27.13.5 The Primary AML Investigation/Regulatory Authorities

27.13.6 Outline of Specific Money-laundering Offences

By virtue of 324-1 of the French Penal Code, money laundering is defined as (translated from French):“The facilitation, by any means, of the false justification of the origin of property or income of the perpetrator of a crime or an offence which has brought it a direct or indirect benefit.”

Money laundering also covers the provision of assistance to an investment transaction, concealment or conversion from direct or indirect proceeds of crime or misdemeanour.

27.13.7 Penalties

Money laundering is punishable by five years' imprisonment and a fine of EUR 375,000. Aggravated money laundering, which involves organisations, repeat offenders or those in breach of professional obligations, is punishable by ten years' imprisonment and a fine of EUR 750,000.

Both of the fines mentioned above can be increased to half the value of the property or funds involved in money-laundering operations. Attempts carry the same penalty as completed offences.

27.13.8 Risk-based Approach

Entities should collect information related to the knowledge of the business relationship on the basis of a risk-based approach. The information gathered should be proportionate to the risk of money laundering and financing of terrorism presented by the customer. Relevant firms should establish a classification of the risks of their activities, depending on the degree of exposure to money laundering and terrorist financing judged by the particular nature of the products or services offered, the proposed transactions, distribution channels used and the characteristics of clients.

Compliance with these provisions should allow firms to make, if necessary, a further examination of the client's circumstances or a declaration to the authorities.

The implementation of the obligations of identification and verification of customer identity, Know Your Customer, the purpose and nature of the business relationship and constant vigilance is based on the distinction between a customer relationship and a casual business customer.

Financial institutions collect and analyse information related to their knowledge of customer business relationships. The information collected should be appropriate and proportionate to the risk of money laundering and terrorist financing presented by the customer and operations.

Financial institutions establish procedures for the implementation of the CDD measures on customers. These procedures must be adapted and updated regularly to detect cases in which an occasional customer becomes a business customer. Financial institutions must create a risk profile and take into account any evidence to change the risk profile of the business relationship and accordingly update this profile, in order to detect anomalies that could give rise to a strengthened review.

27.13.9 Role of the MLRO/Nominated Officer

The 2012 ACP guidelines state that “The financial service provider must ensure, within the framework of its internal control, compliance with the AML-CFT, including measures regarding the analysis, monitoring and control of the risks of money laundering and financing terrorism operations transmitting funds”. While it is not stated expressly, an MLRO could perform this role.

27.13.10 Due Diligence

The due diligence requirements differ depending on whether a customer is engaged in a business relationship. A business relationship is formed when a regulated person undertakes a professional or commercial relationship which is intended to last a certain duration, or when, in the absence of a contract, a customer receives financial services on a regular basis.

Conversely, an occasional customer is any person who addresses a regulated entity for the exclusive purpose of preparing or carrying out a specific operation or assists in the planning or execution of such an operation, whether it is performed in a single operation or several operations which appear to be linked.

In all cases, the duration is a key element of the business relationship. The concept of time is also found in the absence of a contract, with terms related to the intervention of a financial institution, such as “regularly” or “an operation with a continuing character”, mentioned in the CMF.

Where an entity is not able to identify its client or to obtain information on the purpose and nature of the business relationship, it should not perform any operation, regardless of the terms, and it should not engage in, or continue, a business relationship.

Before entering into a business relationship with a client or assisting in the planning or execution of a transaction, regulated entities must identify their clients and, where applicable, the beneficial owner of the business relationship by appropriate means and verify this identification upon presentation of any other documentary proof.

They should also apply the same conditions to their occasional customers and, where applicable, the beneficial owner of a customer where they suspect that the transaction might involve money laundering or terrorist financing or, under conditions set by Order in Council of State, if the operations are of a certain nature or exceed a certain amount.

Regulated entities must verify the identity of the customer and, where appropriate, the identity and powers of persons acting on behalf thereof, under the following conditions.

27.13.11 Ongoing Monitoring

The financial institution needs to ensure, as part of its internal control, that it complies with the CDD requirements, that it has knowledge of purpose, nature and circumstances of its business relationships and that it is constantly vigilant regarding potential money laundering by implementing procedures and adequate internal controls. Financial institutions must be able to justify the measures taken to the CPA.

The PSP shall have in place systems for monitoring and analysing their business relationships, based on knowledge of their customers, especially to detect transactions that are anomalous with respect to the profile of the business relationship and which may warrant further examination. This monitoring and analysis must consider the risks identified by the risk classification.

In practice, the PSP should set predetermined limits at which it seeks additional information on individual or multiple operations regarding the same business relationship, when they involve cross-border transactions. There should also be an upper limit at which the PSP should refuse to facilitate a transaction.

The ACP may review the transactions falling into these categories.

27.13.12 Staff Training

Entities should provide regular training and information to their personnel in respect of the obligations within the AML framework.

27.13.13 Record-keeping

Reporting entities should retain all documents relating to CDD for five years, starting from the termination of the business relationship or closure of the account. Enhanced CDD documents should be kept for longer. They should also keep any documents relating to transactions made by customers for five years, starting from the date of the transaction.

27.13.14 Reporting Requirements

Firms are required to declare any deposits or transactions involving sums which they know, suspect or have reasonable grounds to suspect come from an offence punishable by imprisonment exceeding one year or form part of terrorist financing or involve tax evasion to TRACFIN.

They are also required to report any transaction for which the identity of the customer or the beneficial owner remains uncertain despite the CDD requirements being carried out. Entities are required to refrain from conducting any operation which they suspect to be related to money laundering or terrorist financing until they have made the requisite declaration.

When an operation which should be the subject of a declaration has already been carried out, either because it was impossible to delay it or because a delay would have hindered the subsequent investigation, or if it appears after the transaction has been completed that it should be reported, the PSP shall inform the authorities as soon as possible.

27.13.15 Penalties

The National Commission may impose one of the following administrative penalties:

• A warning;
• A reprimand;
• A temporary ban on performing activity for a period not exceeding five years;
• The cancellation of registration or of the business card.

A temporary ban may include a suspension. If, within five years of the imposition of a sanction, the sanctioned person commits an offence or perpetrates misconduct resulting in the imposition of new sanctions, these new sanctions shall be more severe than those imposed previously.

The committee may decide, either instead of or in addition to these penalties, to impose a financial penalty depending on the severity of the breaches committed. This penalty cannot exceed five million euros, and is collected by the Treasury. The committee may also recover costs from the person sanctioned.

The committee may decide to publish the sanction, at the expense of the person penalised, in any relevant newspapers or publications.

27.13.16 Case Studies

The “Franceafrique” cases are a source of ongoing speculation about large-scale money laundering and financial crime. There are various unanswered questions regarding France's relationship with its former African colonies, and the extent of the finances involved from comparatively poor jurisdictions raises questions about the legitimacy of the funds involved. For example, French judges recently revealed that:

• The family of Congolese President Denis Sassou-Nguesso has 112 French bank accounts, often worth hundreds of thousands of euros each, and which allegedly paid for 91 suits from a single tailor.
• The Bongo clan of Gabon owns real estate totalling some 21 million euros, most of it in the ritzy Golden Triangle section of Paris.
• The Obiang family from the tiny West African nation of Equatorial Guinea recently had 5 million euros' worth of cars seized.

There have been charges brought against former government aides, suggesting that this scandal could go high into the French government. At the time of writing investigations were ongoing, but the outcome will be received with interest.

The small regional French bank Société Marseillaise de Crédit was found guilty of money laundering, along with the National Bank of Pakistan, in December 2008. The crimes took place in the late nineties and involved stolen or fraudulent cheques shuttled between France and Israel and via various bank accounts. The French bank was fined EUR 100,000, and one of its directors received an eight-month suspended prison sentence.

The French regulator has identified a number of case studies to provide practical guidance for financial institutions. For example:

• Customers identified as “casual” have made over 20 fund transmissions within a year. The relationship between the bank and the customer should have been classified as a business relationship.
• Over a period of two years, a customer made 28 transfers worth a total of almost one million euros. In addition to this, some of these transfers were made on consecutive days. The regulator advised that the customer should have been considered a business customer.
• Where a financial institution issues a loyalty card which is used numerous times by the customer, procedures should be in place to ascertain whether or not a business relationship exists.

27.14.1 Overview

Germany has generated a relatively large number of prosecutions for money laundering and also orders to confiscate assets, although the recent FATF review identified that its money-laundering-deterrence regime did have shortfalls. However, having recently introduced a new financial crime deterrence regime, Germany looks likely to become a strong country with regards to AML.

27.14.2 Key Legislation

Geldwäschereigesetz, or the Money Laundering Act, is the main AML-compliance legislation. The money-laundering offence is contained in the Penal Code.

27.14.3 Legislative History

Germany successfully implemented the Third EU Money Laundering Directive on 13th August, 2008 through the Gesetz zur Ergänzung der Bekämpfung der Geldwäsche und der Terrorismusfinanzierung (Geldwäschebekämpfungsergänzungsgesetz – GwBekErgG). The Act came into force on 21st August, 2008. However, German AML law saw a major overhaul in financial crime regulation in December 2011, with the introduction of GwG (the AML Act).

A further revision will be required to fully comply with the revised EU Money Laundering Directive (see Chapter 4).

27.14.4 FATF Assessment

The 2009 FATF assessment noted that the anti-money-laundering and counter-terrorist-financing framework operating in Germany was not fully in line with the then current FATF Recommendations, which have themselves subsequently been revised.

The FATF identified weaknesses in the legal framework and in sanctioning for non-compliance with the FATF anti-money-laundering and counter-terrorist-financing recommendations. It further highlighted a number of factors specific to Germany, such as its large economy and financial centre and 400–560 billion euro informal (cash) sector, which make the country susceptible to money laundering. However, it also highlighted that Germany's strong legal tradition, the rule of law, its political environment and having an effective single financial regulator all reduce the risk of the German financial system being used for money laundering or terrorist financing.

27.14.5 The Primary AML Investigation/Regulatory Authorities

27.14.6 Outline of Specific Money-laundering Offences

According to Section 261 of the Penal Code, money laundering is committed by anybody who “hides an object which is a proceed of an unlawful act, conceals its origin or obstructs or endangers the investigation of its origin, its being found, its confiscation, its deprivation or its being officially secured”. Any third party or assistant can also be punished, as can anyone who attempts this.

27.14.7 Penalties

The penalty for money laundering is imprisonment from three months to five years. In especially serious cases the punishment shall be imprisonment from six months to ten years. An especially serious case exists, as a rule, if the perpetrator acts professionally or as a member of a gang which has been formed for the continued commission of money laundering.

Anyone who recklessly does not recognise that the subject derives from an unlawful act shall be punished with imprisonment not exceeding two years or a fine.

27.14.8 Scope

The AML Act applies to a large number of institutions, including, but not exclusive to:

• Banks
• Financial services institutions
• Insurance companies
• Lawyers
• Trustees
• Real estate agents.

27.14.9 Risk-based Approach

Firms are required to be able to demonstrate to the authorities that the extent of the measures adopted by them is appropriate in view of the risks of money laundering and terrorist financing.

27.14.10 Role of the MLRO/Nominated Officer

The new AML law re-introduced the requirement for the appointment of an MLRO. The MLRO must be a senior member of the company, and acts as the contact for the law-enforcement agencies and other authorities. A deputy should be appointed to take responsibility whenever the MLRO is absent.

The Money Laundering Reporting Officer shall have unrestricted access to all information, data, records and systems which may be required to perform their duties. The extent of the use of data and information by the MLRO shall only be to the extent that is necessary to enable the MLRO to perform their tasks. The MLRO must also be granted sufficient powers to enable them to carry out their functions.

27.14.11 Due Diligence

German due diligence consists of four parts:

1. The identification of the contractor or customer.
2. The gathering of information on the purpose and intended nature of the business relationship.
3. Investigation as to whether the customer has a beneficial owner. If this is the case, then the requirements under German law are to identify the ownership and control structure of the customer.
4. Continuous monitoring of the business relationship, including monitoring the transactions carried out to ensure that they are coherent with the existing information about the customer and, if there is a beneficial owner, that it is in accordance with the business and customer profile. This information should be updated at reasonable intervals.

These provisions must be met:

• In the case of establishing a business relationship.
• In the case of an existing business relationship, for a transaction valued at EUR 15,000 or more, or which, if multiple transactions are carried out, when aggregated represents an amount worth EUR 15,000 or more, provided that there is evidence that they are linked.
• When a transfer of funds is made outside of a business relationship with an amount valued at EUR 1,000 or more.
• When there is evidence that the funds, regardless of the amount, are involved in money laundering or terrorist financing.
• If there is doubt following the CDD process.

If these requirements are not met, the business relationship has not been established and no transaction should be performed by the firm. If a business relationship already exists, the requirement is that it must be terminated. How this would then be achieved without tipping off the customer is a matter open to debate!

In fulfilling the CDD requirements, the entity should have regard to the risk posed by the customer, relationship or proposed transaction. The entity should be able to demonstrate, on request, that the scope of the measures taken by it regarding the risks of money laundering and terrorist financing is reasonable.

27.14.12 Ongoing Monitoring

Firms are obliged to incorporate internal safeguards, such as:

• Appointing an MLRO, as discussed above;
• Developing and updating appropriate business and customer-related security systems and controls that serve to prevent money laundering and terrorist financing, and ensuring they combat the latest ML technology;
• Staff training;
• Employing appropriate risk-based measures to verify the reliability of the workforce.

This final requirement is perhaps more stringent than applies in other jurisdictions and would normally rely on work conducted either by the risk-management function or the internal audit function. Given that the internal audit requirements globally have been extended to also incorporate reliability, these financial crime requirements might be considered to fit within such a framework.

27.14.13 Staff Training

Regulated entities are required to implement procedures and programmes to inform the employees about:

• Current developments and methods of money laundering and terrorist financing;
• Techniques used to prevent money laundering and terrorist financing;
• Existing obligations under the AML law.

The above should be implemented through appropriate measures. Generally, we would recommend that any such training includes a short examination to ensure that staff have achieved the learning objectives set.

27.14.14 Record-keeping

Records of all identification documentation and other documents used to complete CDD must be kept.

The records can be stored as reproductions on an image carrier or on other media. The data stored should not be altered during the retention period, and should be available in a readable format within a reasonable period.

The records referred to above and other evidence of business relationships and transactions should be kept for at least five years. The retention period in the case of establishing a business relationship begins at the end of the calendar year in which the business relationship ends. In other cases (e.g. one-off transactions), the period begins at the end of the calendar year in which the transaction occurred.

27.14.15 Suspicious Transaction Reporting

If there is any reason for suspicion that the assets involved in a transaction or business relationship have been acquired through money laundering or terrorist financing, the reporting entity must, regardless of the value of the assets involved, report this to the FIU. This report should be made immediately, by telephone, fax or electronic transmission.

The transaction should not be commenced or continued without permission from the authorities, unless two business days have passed since the submission of the report. If the transaction cannot be postponed before a report is submitted, the report must be submitted as soon as possible.

27.14.16 Penalties

Breach of the AML requirements is punishable by a fine of up to one hundred thousand euros.

27.14.17 Case Studies

A recent German case reached an anti-climatic conclusion when the statute of limitations time barred a six-year investigation into a $150 million money-laundering case. The case involved four German banking executives and a Danish lawyer who had been assisting a former Russian government minister selling assets which he was alleged to have control of through offshore companies, thereby concealing the identity of the true owner.

The assets were held by the bank in trust for the lawyer, but German prosecutors alleged that the true owner was the former Russian minister, through a complicated corporate structure designed to conceal a transfer from State to private ownership.

Prosecutors offered to resolve the case by accepting payments ranging from EUR 5,000 to EUR 40,000 from four of the defendants, who all maintained their innocence, because the investigation was soon to be time-barred by the statute of limitations. When you consider that it is suspected that $150 million was laundered over a number of years, the settlements seem relatively generous.

Despite the outcome of the investigation, this case highlights the need for financial institutions to investigate thoroughly the beneficial owner of assets, particularly when complex corporate structures are employed. Additionally, it also illustrates how vital international cooperation is to successful AML investigations, particularly when funds are being moved cross-border. There has been some speculation as to whether a lack of coherence between German and Russian authorities may have caused the delays which ultimately scuppered this investigation, so it is important for financial institutions to consider their relationships with the other countries involved when assessing the risk attributed to their clients.

27.15.1 Overview

The scope of the Guernsey money-laundering-deterrence programme is wide – rather than specifying particular businesses or industries, it applies to “all financial services businesses”. The Bailiwick of Guernsey has a strong money-laundering-deterrence regime, although at times it has been criticised for relying too much on foreign law-enforcement agencies.

27.15.2 Key Legislation

It is always worth remembering that Guernsey, just like Jersey, Alderney and Sark, is not a member of the EU and therefore does not have to comply with European legislation.

The primary money-laundering legislation in Guernsey is the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law 1999. The compliance legislation is found in the Criminal Justice (Proceeds of Crime) (Financial Services Businesses) (Bailiwick of Guernsey) Regulations 2007, which were last updated in 2010, and the supplementary AML Handbook. The latest version of the handbook was released in April 2013.

27.15.3 Legislative History

Several major revisions have been made to the AML framework in Guernsey as it attempts to move forward with the rest of the world's integrated financial structures and confirm its commitment to legislating in line with current developments.

The full list of relevant legislation referred to in the Guernsey AML Handbook is as follows:

• The Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law 1999, as amended;
• The Drug Trafficking (Bailiwick of Guernsey) Law 2000, as amended;
• The Terrorism and Crime (Bailiwick of Guernsey) Law 2002, as amended;
• The Transfer of Funds (Guernsey) Ordinance 2007;
• The Transfer of Funds (Alderney) Ordinance 2007;
• The Transfer of Funds (Sark) Ordinance 2007;
• The Disclosure (Bailiwick of Guernsey) Law 2007, as amended;
• The Disclosure (Bailiwick of Guernsey) Regulations 2007, as amended;
• The Terrorism and Crime (Bailiwick of Guernsey) Regulations 2007, as amended;
• The Registration of Non-Regulated Financial Services Businesses (Bailiwick of Guernsey) Law 2008, as amended;
• The Terrorist Asset-Freezing (Bailiwick of Guernsey) Law 2011;
• The Al-Qaida and Taliban (Freezing of Funds) (Guernsey) Ordinance 2011.

The Commission has written to the managing directors of all financial services businesses, seeking comments on proposed changes to the AML framework, including a substantial amount of the AML legislation and regulations. These consultations closed in July 2012, but the outcome had not been announced at the time of finalisation of this text.

27.15.4 FATF Assessment

Guernsey is not a member of the FATF. However, it is a member of the Group of International Finance Centre Supervisors (GIFCS), a body that is an observer to the FATF. The GIFCS conducts evaluations of its members' anti-money-laundering and counter-terrorist-financing systems.

The IMF conducted an assessment of Guernsey's compliance with the FATF AML standards in 2010. It found that:“Guernsey's comprehensive AML/CFT legal framework provides a sound basis for an effective AML/CFT regime. Most shortcomings identified during the assessment are technical in nature. Some of these deficiencies were addressed by the authorities immediately after the onsite visit. Money laundering and the financing of terrorism are criminalized fully in line with the FATF standard and the legal framework provides an ability to freeze and confiscate assets in appropriate circumstances. As of the assessment date [2010], there had been no prosecutions or convictions for terrorist financing.”

27.15.5 The Primary AML Investigation/Regulatory Authorities

27.15.6 Outline of Specific Money-laundering Offences

The following are recognised as criminal offences in Guernsey:

• Facilitating the retention or control of the proceeds of crime (i.e. if the factual matrix had occurred in Guernsey it would have constituted a criminal offence in Guernsey which is capable of being prosecuted on indictment).
• Acquiring, possessing or using the proceeds of crime directly or indirectly to secure funds or investments.
• Concealing or transferring out of Guernsey property representing the proceeds of crime for the purpose of assisting a person either to avoid prosecution or the making of a confiscation order.
• Failure to disclose information gathered in the course of business that another person is engaged in money laundering.
• Disclosure to a person of information that is likely to prejudice an investigation into money laundering, knowing or suspecting that the investigation is being, or is about to be, conducted – “tipping off”.

27.15.7 Penalties

The penalty for any of the first three offences in the above list is a maximum of 14 years' imprisonment and/or an unlimited fine. The penalty for either of the final two offences is five years' imprisonment and/or a fine.

27.15.8 Scope

Guernsey's anti-money-laundering and countering the financing of terrorism (AML/CFT) legislation (and, by extension, the handbook) applies to all financial services businesses conducting financial services business in Guernsey. This includes Guernsey-based branches and offices of companies incorporated outside Guernsey conducting financial services business in Guernsey.

27.15.9 Risk-based Approach

On direction from the relevant authorities, Guernsey has adopted a risk-based approach. A financial services business must:

• Carry out a suitable and sufficient business risk assessment as soon as reasonably practicable;
• Regularly review its business risk assessment so as to keep it up to date and, where, as a result of that review, changes to the business risk assessment are required, it must make those changes;
• Prior to the establishment of a business relationship or the carrying out of an occasional transaction, undertake a risk assessment of that proposed business relationship or occasional transaction;
• Regularly review any risk assessment carried out so as to keep it up to date and, where changes to that risk assessment are required, it must make those changes; and
• Ensure that its policies, procedures and controls on forestalling, preventing and detecting money laundering and terrorist financing are appropriate and effective, having regard to the assessed risk.

27.15.10 Role of the MLRO/Nominated Officer

The requirements for a Money Laundering Reporting Officer (MLRO) are set out under The Criminal Justice (Proceeds of Crime) (Financial Services Businesses) (Bailiwick of Guernsey) Regulations. An MLRO is defined as a manager, partner or director who is:

• Appointed by a financial services business to have responsibility for compliance with policies, procedures and controls to forestall, prevent and detect money laundering and terrorist financing; and
• Nominated by a financial services business to receive disclosures under Part I of the Disclosure Law and Section 15 of the Terrorism Law.

In addition to this, the MLRO must:

• Be employed by the financial services business. In the case of managed or administered businesses, it is acceptable for an employee of the manager or administrator of the business to be appointed as the MLRO/deputy MLRO.
• Be resident in Guernsey.
• Be the main point of contact with the Financial Intelligence Service (FIS) in the handling of disclosures.
• Have sufficient resources to perform their duties.
• Have access to the CDD records.
• Be available on a day-to-day basis.
• Receive full cooperation from all staff.
• Report directly to the board.
• Have regular contact with the board to ensure that the board is able to satisfy itself that all statutory obligations and provisions in the handbook are being met and that the financial services business is taking sufficiently robust measures to protect itself against the potential risk of being used for money laundering and/or terrorist financing.
• Be fully aware of both their obligations and those of the financial services business under the Regulations, the relevant enactments and the AML Handbook.

The obligation on the firm is to appoint a person of at least management level as the Money Laundering Reporting Officer and to provide the name and title of that person to the Commission and the Financial Intelligence Service as soon as is reasonably practicable. In any event, reporting must be within 14 days starting from the date of that person's appointment.

They are also required to nominate another person (“nominated officer”) to receive disclosures in the absence of the Money Laundering Reporting Officer, and ensure that any relevant employee is aware of the name of that nominated officer.

Firms must ensure that where a relevant employee is required to make a disclosure, that this is done by way of a report to the Money Laundering Reporting Officer, or, in their absence, to a nominated officer.

Firms must also ensure that the Money Laundering Reporting Officer, or in their absence a nominated officer, in determining whether or not he is required to make a report to the authorities, takes into account all relevant information. The MLRO or nominated officer must be given prompt access to any other information which may be of assistance to them in considering any report.

Finally, there is a requirement for the firm to ensure that it establishes and maintains such other appropriate and effective procedures and controls as are necessary to ensure compliance with requirements to make disclosures.

27.15.11 Due Diligence

The purpose of the CDD programme is to establish that any customer, beneficial owner or underlying principal is the person that he claims to be. This has two elements – the entity must be satisfied that:

• A person exists, which must be concluded on the basis of appropriate identification data; and
• The customer, beneficial owner or underlying principal is that person. This should be achieved through verifying, from identification data, satisfactory confirmatory evidence of appropriate components of their identity.

CDD should be carried out when:

• Establishing a business relationship;
• Carrying out an occasional transaction;
• Where the financial services business knows or suspects, or has reasonable grounds for knowing or suspecting, that any party to a business relationship is engaged in money laundering or terrorist financing or is carrying out a transaction on behalf of somebody who is;
• Where the financial services business has doubts about the veracity or adequacy of previously obtained identification data.

The procedures required to be conducted are as follows:

• The customer shall be identified and their identity verified using identification data;
• Any person purporting to act on behalf of the customer shall be identified and their identity and their authority to so act shall be verified;
• The beneficial owner and underlying principal shall be identified and reasonable measures shall be taken to verify such identity using identification data and such measures shall include, in the case of a legal person or legal arrangement, measures to understand the ownership and control structure of the customer;
• A determination shall be made as to whether the customer is acting on behalf of another person and, if the customer is so acting, reasonable measures shall be taken to obtain sufficient identification data to identify and verify the identity of that other person;
• Information shall be obtained on the purpose and intended nature of each business relationship;
• A determination shall be made as to whether the customer, beneficial owner and any underlying principal is a politically exposed person.

Generally, there is an obligation on a financial services business to have regard to any relevant rules and guidance in the handbook in determining what constitutes reasonable measures.

27.15.12 Ongoing Monitoring

Reporting entities are required to ensure a detailed approach that does not omit data that could prove useful for future transactions or reference. The requirements are as follows:

• To review identification data to ensure they are kept up to date and relevant, in particular for high-risk relationships or customers in respect of whom there is a high risk.
• To scrutinise any transactions or other activity, paying particular attention to all:
  • complex transactions;
  • transactions which are both large and unusual; and
  • unusual patterns of transactions, which have no apparent economic purpose or no apparent lawful purpose.

• To ensure that the way in which identification data are recorded and stored is such as to facilitate the ongoing monitoring of each business relationship.

The extent of any monitoring carried out under this regulation and the frequency at which it is carried out shall be determined on a risk-sensitive basis including whether or not the business relationship is a high-risk relationship.

The requirement to conduct ongoing CDD ensures that a financial services business is aware of any changes in the development of the business relationship. The extent of the ongoing CDD measures must be determined on a risk-sensitive basis, but a financial services business must bear in mind that as the business relationship develops, the risk of money laundering or terrorist financing may change.

27.15.13 Staff Training

The Regulations provide that a financial services business is required to maintain appropriate and effective procedures, when hiring employees, for the purpose of ensuring high standards of employee probity and competence.

A financial services business is also required to ensure that relevant employees receive comprehensive ongoing training in:

• The relevant enactments, regulations and the handbook;
• The personal obligations of employees and their potential criminal liability under the regulations and the relevant enactments;
• The implications of non-compliance by employees with any rules or guidance made for the purposes of the Regulations; and
• Its policies, procedures and controls for the purposes of forestalling, preventing and detecting money laundering and terrorist financing.

In addition, a financial services business must, in ensuring that relevant employees receive the ongoing training required under the Regulations, in particular ensure that they are kept informed of:

• The CDD requirements and the requirements for the internal and external reporting of suspicion;
• The criminal and regulatory sanctions in place for failing to report information in accordance with policies, procedures and controls;
• The identity and responsibilities of the MLRO;
• The principal vulnerabilities of the products and services offered by the financial services business; and
• New developments, including information on current money-laundering and terrorist-financing techniques, methods, trends and typologies.

A financial services business must, in providing the training required under the Regulations:

• Provide appropriate training to enable relevant employees adequately and responsibly to assess the information that is required for them to judge whether an activity or business relationship is suspicious in the circumstances;
• Provide relevant employees with a document outlining their own obligations and potential criminal liability and those of the financial services business under the relevant enactments and the Regulations;
• Prepare and provide relevant employees with a copy, in any format, of the financial services business's policies, procedures and controls manual for AML/CFT; and
• Ensure that its employees are fully aware of legislative requirements.

The board and senior management are responsible for the effectiveness and appropriateness of the financial services business policies, procedures and controls to counter money laundering and terrorist financing. In addition to the general training provided to relevant employees, a detailed level of additional training must be provided to the board and senior management to provide a clear explanation and understanding of:

• The relevant enactments and the Regulations and information on the offences and the related penalties, including potential director and shareholder liability;
• The CDD and record-keeping requirements; and
• The internal and external suspicion reporting procedures.

The frequency of training should be determined on a risk-based approach, with those employees with responsibility for the handling of business relationships or transactions receiving more frequent training.

27.15.14 Record-keeping

27.15.15 Internal Requirements

A financial services business must, in addition to complying with the preceding requirements of these Regulations:

• Establish such other policies, procedures and controls as may be appropriate and effective for the purposes of forestalling, preventing and detecting money laundering and terrorist financing.
• Establish and maintain an effective policy, for which responsibility must be taken by the board, for the review of its compliance with the requirements of these Regulations, and such policy shall include provision as to the extent and frequency of such reviews.
• Ensure that a review of its compliance with these Regulations is discussed and minuted at a meeting of the board at appropriate intervals, and in considering what is appropriate, a financial services business must have regard to the risk, taking into account the size, nature and complexity of the financial services business, its customers, products and services, and the ways in which it provides those products and services.
• Ensure that any of its branch offices and, where it is a body corporate, any body corporate of which it is the majority shareholder, which, in either case, is a financial services business in any country or territory outside the Bailiwick, complies there with the requirements of these Regulations, and any requirements under the law applicable in that country or territory which are consistent with the Financial Action Task Force Recommendations on Money Laundering.

A financial services business must also ensure that there are appropriate and effective policies, procedures and controls in place which provide for the board to meet its obligations relating to compliance review, in particular the board must:

• Ensure that the compliance review policy takes into account the size, nature and complexity of the business and includes a requirement for sample testing of the effectiveness and adequacy of the policies, procedures and controls.
• Consider whether it would be appropriate to maintain a separate audit function to assess the adequacy and effectiveness of the area of compliance.
• Ensure that when a review of compliance is discussed by the board at appropriate intervals the necessary action is taken to remedy any identified deficiencies.
• Ensure that the financial services business is meeting its obligation that its branches and subsidiaries operating outside the Bailiwick comply with the Regulations and applicable local law which is consistent with the FATF Recommendations.
• Provide adequate resources from within the financial services business, within the group or externally to ensure that the AML/CFT policies, procedures and controls of the financial services business are subject to regular monitoring and testing as required by the Regulations.
• Provide adequate resources to enable the MLRO to perform their duties; and take appropriate measures to keep abreast of and guard against the use of technological developments and new methodologies in money-laundering and terrorist-financing schemes.

The board may delegate some or all of its duties but must retain responsibility for the review of overall compliance with AML/CFT requirements.

27.15.16 Suspicious Transaction Reporting

Monitoring of the activity of a business relationship must be carried out on the basis of a risk-based approach, with high-risk relationships being subjected to an appropriate frequency of scrutiny, which must be greater than may be appropriate for low-risk relationships. Scrutiny of transactions and activity must be undertaken throughout the course of the business relationship to ensure that the transactions and activity being conducted are consistent with the financial services business's knowledge of the customer, their business, source of funds and source of wealth. When monitoring complex, unusual and large transactions or unusual patterns of transactions, a financial services business must examine the background and purpose of such transactions and record such findings in writing.

Information contained in internal reports made to an MLRO must be disclosed to the FIS where the MLRO knows or suspects, or has reasonable grounds for knowing or suspecting as a result of the report, that a person is engaged in money laundering or terrorist financing.

It is a criminal offence for anyone employed by a financial services business to fail to report, where they have knowledge, suspicion or reasonable grounds for knowledge or suspicion, that another person is laundering the proceeds of any criminal conduct or is carrying out terrorist financing.

What may constitute reasonable grounds for knowledge or suspicion will be determined from facts or circumstances from which an honest and reasonable person engaged in a financial services business would have inferred knowledge or formed the suspicion that another was engaged in money laundering or terrorist financing.

27.15.17 Penalties

Any person who contravenes any requirement of the Regulations shall be guilty of an offence and liable:

• On conviction on indictment, to imprisonment not exceeding a term of five years or a fine, or both;
• On summary conviction, to imprisonment for a term not exceeding six months or a fine not exceeding £10,000, or both.

The same penalties apply to anybody who makes a dishonest or misleading statement in purported compliance with the Regulations.

27.15.18 Case Studies

It emerged during investigations into another criminal, “X”, that some of the proceeds of a $12 million fraud had been laundered through the defendant's bank account. The defendant initially denied all knowledge of any criminal proceeds. He said that the relationship between X and himself was purely professional, and that although he had deposited money from X into his bank account, these transfers involved legitimate commission X had earned and the defendant made no money out of this. He also, in a somewhat contradictory manner, admitted to receiving a large personal loan from X. The police advised him to distance himself from X, as X was believed to be a criminal. The defendant was also warned that he was in danger of being prosecuted himself.

However, this warning fell on deaf ears. Immediately afterwards, the defendant attempted to open another account in Switzerland through one of his companies, with X as the signatory. He then made various payments to himself and X over the following years, including through an account in Jersey after his Guernsey account was frozen. During this time, he maintained contact with X, as well as attempting to unfreeze the Guernsey account for X's benefit.

X was convicted of 33 counts of criminal deception in February 2006. The defendant, however, was not arrested until December 2009, when he claimed that the payments to himself and X were reimbursements of legitimate expenses incurred at X's request, payments at X's own request or repayments on the large loan X had granted him. However, he did admit, after seeing the police's evidence, that he suspected X was involved in fraud.

Following numerous years of investigation and confiscation proceedings, the defendant was charged with money laundering in November 2009. He was convicted and sentenced to two and a half years' imprisonment.

This case illustrates the need for constant monitoring of customer relationships by financial institutions, particularly between clients with seemingly legitimate professional relationships. It would have been easy for a bank to take its eye off the ball when the police investigation had started, but in this case the transactions which ultimately led to the conviction actually occurred after the police had warned the defendant of the trouble he was getting himself into. Ongoing monitoring is therefore essential to a bank's AML policy.

27.16.1 Overview

Hong Kong has recently implemented specific money-laundering-deterrence legislation, prior to which the AML requirements were contained in various articles incorporated within drug-trafficking legislation. Having also submitted two progress reports since the last Financial Action Task Force (FATF) assessment, Hong Kong is committed to bringing its AML regime into line with worldwide standards.

27.16.2 Key Legislation

The current law operating in Hong Kong is Cap 615 – Anti-Money Laundering And Counter-Terrorist Financing (Financial Institutions) Ordinance. This is supplemented by guidelines which were last updated in July 2012.

27.16.3 Legislative History

The Drug Trafficking (Recovery of Proceeds) Ordinance Cap 405 (DTROP) came into force in 1989, followed by the Drug Trafficking and Organised Crime (Amendment) Ordinance 2002. 1994 saw the enactment of the Organised Serious Crime Ordinance Cap 455 (OSCO).

In 2002, United Nations (Anti Terrorism Measures) Ordinance Cap 575 (UNATMO) was brought into force in accordance with the mandatory requirements of UN S/RES/1373 (2001).

On 22nd February, 2012, the Hong Kong government introduced the UNATMO Bill into the Hong Kong Legislative Committee for its first reading. Specifically, the UNATMO Bill aimed to amend Hong Kong's existing United Nations (Anti-Terrorism) Ordinance Cap 575 (UNATMO) by:

• Repealing the definition of “funds” and replacing it with the broader term “property” so as to criminalise all assets and not simply funds;
• Expanding the definition of “terrorist act” to cover the intended coercion of international organisations;
• Criminalising the collection (in addition to the provision or making available) of funds for terrorists and terrorist organisations to cover the collection of property or the solicitation of financial (or related) services for such persons and organisations; and
• Making consequential amendments to the AMLO and Rules of the High Court.

The Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance Cap 615 was introduced on 1st April, 2012 and represented a major overhaul of AML law in Hong Kong. The latest guidelines were introduced in July 2012.

The 2012 guidelines reiterate that the four main pieces of legislation in Hong Kong that are concerned with ML/TF are the AMLO, the Drug Trafficking (Recovery of Proceeds) Ordinance (the DTROP), the Organised and Serious Crimes Ordinance (the OSCO) and the United Nations (Anti-Terrorism Measures) Ordinance (the UNATMO).

27.16.4 FATF Assessment

The 2008 mutual evaluation found that Hong Kong has a good legal structure to combat money laundering (ML) and terrorist financing (TF), and that the ML offence is broad and almost fully meets the FATF requirements. However, there were some weaknesses in the compliance provisions, such as the PEP provisions for certain financial institutions.

Since the 2008 report on Hong Kong, Hong Kong has submitted two progress reports to the FATF on improvement actions taken or planned by Hong Kong to implement the FATF's earlier recommendations. In October 2012, the FATF recognised that Hong Kong had made significant progress in addressing the deficiencies identified in the 2008 Mutual Evaluation Report. The FATF agreed that Hong Kong, China should now report on any further improvements to its anti-money-laundering/combating the financing of terrorism (AML/CFT) system on a biennial update basis, essentially removing it from the regular follow-up process based on updated procedures agreed by the FATF in October 2009.

The next review should be conducted in 2014 to assess how effectively Hong Kong has implemented the Recommendations (including the latest changes).

27.16.5 The Primary AML Investigation/Regulatory Authorities

27.16.6 Outline of Specific Money-laundering Offences

The term “money laundering” is defined in Section 1 of Part 1 of Schedule 1 to the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance, Cap. 615 (the AMLO), and means an act intended to have the effect of making any property:

• That is the proceeds obtained from the commission of an indictable offence under the laws of Hong Kong, or of any conduct which if it had occurred in Hong Kong would constitute an indictable offence under the laws of Hong Kong; or
• That in whole or in part, directly or indirectly, represents such proceeds

appear not to represent such proceeds.

27.16.7 Financing of Terrorism

The definition of terrorist financing was amended in 2012.

The term “terrorist financing” is defined in Section 1 of Part 1 of Schedule 1 to the AMLO and means:

1. The provision or collection, by any means, directly or indirectly, of any property:
   1. with the intention that the property be used; or
   2. knowing that the property will be used, in whole or in part, to commit one or more terrorist acts (whether or not the property is actually so used); or
2. The making available of any property or financial (or related) services, by any means, directly or indirectly, to or for the benefit of a person knowing that, or being reckless as to whether, the person is a terrorist or terrorist associate; or
3. The collection of property or solicitation of financial (or related) services, by any means, directly or indirectly, for the benefit of a person knowing that, or being reckless as to whether, the person is a terrorist or terrorist associate.

The key change in this section from previous legislation is that the word “property” has been used to replace the word “funds”, consequently expanding the scope of the legislation.

27.16.8 Defences

A safe harbour defence arises for those submitting suspicious transaction reports to the JFIU. A person may deal with suspected proceeds, whether before or after making a suspicious transaction report, where a suspicious transaction report is made, providing that:

• The transaction or transactions subsequently occurs with the consent of an authorised officer; or
• A suspicious transaction report was made after the transaction, on the person's initiative, or as soon as it was reasonable for the person to make it.

If no suspicious transaction report has been made, it will be a defence if the accused can show:

• He/she intended to disclose knowledge/suspicions;
• There is a reasonable excuse for his/her failure to do so.

27.16.9 Scope

The guidelines apply to financial institutions.

27.16.10 Risk-based Approach

Financial institutions should determine the extent of customer due diligence (CDD) measures and ongoing monitoring, using a risk-based approach, depending upon the background of the customer and the product, transaction or service used by that customer. This will ensure that the preventive or mitigating measures are commensurate with the risks identified. The measures must, however, comply with the legal requirements of the AMLO.

This approach will enable financial institutions to subject customers to proportionate controls and oversight by determining:

• The extent of the due diligence to be performed on the direct customer; the extent of the measures to be undertaken to verify the identity of any beneficial owner and any person purporting to act on behalf of the customer;
• The level of ongoing monitoring to be applied to the relationship; and
• Measures to mitigate any risks identified.

27.16.11 Role of the MLRO/Nominated Officer

Financial institutions are required to appoint a Compliance Officer (CO) and a Money Laundering Reporting Officer (MLRO). These functions can be performed by the same person.

In order that the CO and MLRO can discharge their responsibilities effectively, senior management should, as far as practicable, ensure that the CO and MLRO are:

• Independent of all operational and business functions (subject to size and resources of the financial institution);
• Normally based in Hong Kong;
• Of a sufficient level of seniority and authority within the financial institution;
• Provided with regular contact with, and when required, direct access to, senior management to ensure that senior management is able to satisfy itself that the statutory obligations are being met and that the business is taking sufficiently robust measures to protect itself against the risks of ML/TF;
• Fully conversant in the financial institution's statutory and regulatory requirements and the ML/TF risks arising from the financial institution's business;
• Capable of accessing, on a timely basis, all available information (both from internal sources such as CDD records and external sources such as circulars from RAs); and
• Equipped with sufficient resources, including staff and appropriate cover for the absence of the CO and MLRO (i.e. an alternate or deputy CO and MLRO who should, where practicable, have the same status).

The principal function of the CO is to act as the focal point within a financial institution for the oversight of all activities relating to the prevention and detection of ML/TF and providing support and guidance to the senior management to ensure that ML/TF risks are adequately managed. In particular, the CO should assume responsibility for:

• Developing and/or continuously reviewing the financial institution's AML/CFT systems to ensure they remain up to date and meet current statutory and regulatory requirements; and
• The oversight of all aspects of the financial institution's AML/CFT systems, which include monitoring effectiveness and enhancing the controls and procedures where necessary.

The MLRO should play an active role in the identification and reporting of suspicious transactions. Principal functions performed are expected to include:

• Reviewing all internal disclosures and exception reports and, in light of all available relevant information, determining whether or not it is necessary to make a report to the JFIU;
• Maintaining all records related to such internal reviews;
• Providing guidance on how to avoid “tipping off” if any disclosure is made; and
• Acting as the main point of contact with the JFIU, law enforcement, and any other competent authorities in relation to ML/TF prevention and detection, investigation or compliance.

It is the responsibility of the MLRO to consider all internal disclosures he receives in the light of full access to all relevant documentation and other parties. However, the MLRO should not simply be a passive recipient of ad hoc reports of suspicious transactions. Rather, the MLRO should play an active role in the identification and reporting of suspicious transactions.

27.16.12 Due Diligence

CDD must be carried out:

• Before establishing a business relationship with the customer;
• Before carrying out for the customer an occasional transaction involving an amount equal to or above $120,000 or an equivalent amount in any other currency, whether the transaction is carried out in a single operation or in several operations that appear to the financial institution to be linked;
• In addition to the above, before carrying out for the customer an occasional transaction that is a wire transfer involving an amount equal to or above $8,000 or an equivalent amount in any other currency, whether the transaction is carried out in a single operation or in several operations that appear to the financial institution to be linked;
• When the financial institution suspects that the customer or the customer's account is involved in money laundering or terrorist financing;
• When the financial institution doubts the veracity or adequacy of any information previously obtained for the purpose of identifying the customer or for the purpose of verifying the customer's identity.

A financial institution may verify the identity of a customer and any beneficial owner of the customer after establishing a business relationship with the customer if:

• This is necessary not to interrupt the normal conduct of business with regard to the customer; and
• Any risk of money laundering or terrorist financing that may be caused by carrying out the verification after establishing the business relationship is effectively managed.

A financial institution must complete the verification as soon as reasonably practicable after establishing the business relationship.

If a financial institution cannot comply with the CDD requirements, it:

• Must not establish a business relationship or carry out any occasional transaction with that customer; or
• If it has already established a business relationship with that customer, must terminate the business relationship as soon as reasonably practicable, taking into account tipping-off requirements and obligations.

27.16.13 Ongoing Monitoring

Financial institutions must continuously monitor their business relationships with customers by:

• Reviewing, from time to time, documents, data and information relating to each customer that have been obtained by the financial institution for the purpose of complying with the requirements imposed to ensure that they are up to date and relevant;
• Conducting appropriate scrutiny of transactions carried out for the customer to ensure that they are consistent with the financial institution's knowledge of the customer and the customer's business and risk profile, and with its knowledge of the source of the customer's funds; and
• Identifying transactions that:
  • are complex, unusually large in amount or of an unusual pattern; and
  • have no apparent economic or lawful purpose, and
  • examining the background and purposes of those transactions and setting out findings in writing.

27.16.14 Staff Training

Financial institutions must establish, maintain and operate appropriate procedures in order to be satisfied of the integrity of any new employees.

Financial institutions should establish and maintain procedures to ensure that:

• All staff are made aware of the identity of the MLRO and of the procedures to follow when making an internal disclosure report; and
• All disclosure reports must reach the MLRO without undue delay.

Staff should be made aware of:

• Their financial institution's and their own personal statutory obligations and the possible consequences for failure to report suspicious transactions under the DTROP, the OSCO and the UNATMO;
• Any other statutory and regulatory obligations that concern their financial institution and themselves under the DTROP, the OSCO, the UNATMO, the UNSO and the AMLO, and the possible consequences of breaches of these obligations;
• The financial institution's policies and procedures relating to AML/CFT, including suspicious transaction identification and reporting; and
• Any new and emerging techniques, methods and trends in ML/TF to the extent that such information is needed by the staff to carry out their particular roles in the financial institution with respect to AML/CFT.

Additionally, specific training could be given depending on the role of the employee. Financial institutions should monitor the effectiveness of the training by testing staff and monitoring compliance with the systems which are in place.

27.16.15 Record-keeping

27.16.16 Suspicious Transaction Reporting

The following is a (non-exhaustive) list of examples of situations that might give rise to suspicion in certain circumstances:

• Transactions or instructions which have no apparent legitimate purpose and/or appear not to have a commercial rationale;
• Transactions, instructions or activity that involve apparently unnecessary complexity or which do not constitute the most logical, convenient or secure way to do business;
• Where the customer refuses to provide the information requested without reasonable explanation or otherwise refuses to cooperate with the CDD and/or ongoing monitoring process;
• The extensive use of trusts or offshore structures in circumstances where the customer's needs are inconsistent with the use of such services;
• Unnecessary routing of funds or other property from/to third parties or through third party accounts.

All suspicious activity should be reported to the MLRO and must be documented (in urgent cases this may follow an initial discussion by telephone). The report must include the full details of the customer and as much information as possible giving rise to the suspicion. The MLRO must acknowledge receipt of the report and at the same time provide a reminder of the obligation regarding tipping off. The tipping-off provision includes circumstances where a suspicion has been raised internally, but has not yet been reported to the JFIU. The MLRO then assesses the situation with regard to all the circumstances.

If, after completing the evaluation, the MLRO decides that there are grounds for knowledge or suspicion, he should disclose the information to the JFIU as soon as it is reasonable to do so after his evaluation is complete, together with the information on which that knowledge or suspicion is based. Providing they act in good faith in deciding not to file an STR with the JFIU, it is unlikely that there will be any criminal liability for failing to report if an MLRO concludes that there is no suspicion after taking into account all available information. It is, however, vital for MLROs to keep proper records of their deliberations and actions taken to demonstrate they have acted in a reasonable manner.

27.16.17 Penalties

Generally, if a financial institution breaches the regulations, the sanctions in Hong Kong are:

• To publicly reprimand the financial institution;
• To order the financial institution to take, by a date specified by the relevant authority, any action specified by the relevant authority for the purpose of remedying the contravention; and
• To order the financial institution to pay a pecuniary penalty not exceeding the amount that is the greater of
  • $10,000,000; or
  • three times the amount of the profit gained, or costs avoided, by the financial institution as a result of the contravention.

If a financial institution fails to comply with an order to take remedial action made under subsection (1), the relevant authority may further order the financial institution to pay a daily pecuniary penalty not exceeding $100,000 for each day on which the failure continues after the date specified in the order as being the date by which the remedial action must be taken.

If a financial institution or any of its officers knowingly breaches the CDD requirements, the financial institution commits an offence and is liable:

• On conviction on indictment, to a fine of $1,000,000 and to imprisonment for two years; or
• On summary conviction, to a fine at level 6 and to imprisonment for six months.

If a financial institution or any of its officers, with intent to defraud any relevant authority, breaches the CDD requirements, the financial institution commits an offence and is liable:

• On conviction on indictment, to a fine of $1,000,000 and to imprisonment for seven years; or
• On summary conviction, to a fine of $500,000 and to imprisonment for one year.

If a person who is an employee of a financial institution or is employed to work for a financial institution or is concerned in the management of a financial institution knowingly causes or knowingly permits the financial institution to breach the CDD requirements, the person commits an offence and is liable:

• On conviction on indictment, to a fine of $1,000,000 and to imprisonment for two years; or
• On summary conviction to a fine at level 6 and to imprisonment for six months.

If a person who is an employee of a financial institution or is employed to work for a financial institution or is concerned in the management of a financial institution, with intent to defraud the financial institution or any relevant authority, causes or permits the financial institution to breach the CDD requirements, the person commits an offence and is liable:

• On conviction on indictment, to a fine of $1,000,000 and to imprisonment for seven years; or
• On summary conviction, to a fine of $500,000 and to imprisonment for one year.

Sections 25A of the DTROP and the OSCO make it an offence to fail to disclose where a person knows or suspects that property represents the proceeds of drug trafficking or of an indictable offence respectively. Likewise, Section 12 of the UNATMO makes it an offence to fail to disclose knowledge or suspicion of terrorist property. Under the DTROP and the OSCO, failure to report knowledge or suspicion carries a maximum penalty of three months' imprisonment and a fine of $50,000.

27.16.18 Case Studies

In the early 1990s, the ICAC conducted an undercover investigation into bribery and corruption at the Television and Entertainment Licensing Authority. Following suspicions of corruption, an undercover agent joined the organisation to find evidence of corruption from the inside. After a number of months working for the TELA, the agent found himself befriending various senior members of the company, who revealed the scale of corruption within the organisation. In one instance, the agent arrived at work to find a $30,000 watch on his desk, which was indicative of the way business was being done. Bribes were being given to members of TELA to forge the requisite documents, which were then approved by the two most senior members of the organisation – who were running the whole corruption ring.

The bribes were paid through a middle man. The first half was paid when the application was submitted, with the balance being paid when it was approved. By employing a middle man, there was no need for the two leaders to ever meet the beneficiary, or even for the parties to find out each other's identities. Furthermore, because all of the bribes were settled in cash, there was never any record of them, making them virtually impossible to trace. For these reasons, it took a nine-month undercover investigation to secure convictions against the guilty parties.

Hong Kong authorities convicted 166 people of money laundering in 2012. There have been two recent court cases in which a young delivery man from Guangdong province and a 61-year-old Hong Kong public housing tenant received jail terms of about ten years for laundering billions of dollars.

In another case in September 2012, a woman was convicted of money laundering in Hong Kong. She was the accounting manager of a company which, between August 2002 and March 2004, forged the sales figures by $300 million by submitting false overseas sales invoices. She used a circulation fund of $68 million transmitted through her own account to generate false sales. This highlights the need for financial institutions to thoroughly investigate the source of funds of their clients, as well as to conduct ongoing monitoring. This may have indicated that the funds were originating from one account.

27.17.1 Overview

As a leader among the emerging economies in Asia with a strongly growing economy and demography, India faces a range of money-laundering and terrorist-financing risks. The main sources of money laundering in India result from a range of illegal activities committed within and outside the country, mainly drug trafficking, fraud, including counterfeiting of Indian currency, transnational organised crime, human trafficking and corruption.

India is considered a drug-transit country due to its strategic location between the countries of the Golden Triangle and the Golden Crescent. India is the world's largest producer of legal opium gum for pharmaceutical preparations, but it is estimated that between 20 and 30% of the opium crop is diverted. The illicit cultivation is believed to be mainly located in the areas of Arunachal Pradesh and Himachal Pradesh in the north of India.

27.17.2 Key Legislation

The Prevention of Money Laundering Act 2002 (PMLA) forms the core of the legal framework put in place by India to combat money laundering. The PMLA and the Rules notified thereunder came into force with effect from 1st July, 2005, and there were amendments in 2009. Circular DBOD.NO.AML.BC.58/14.01.001/2004–05, dated 29th November, 2004, provides additional KYC guidance for banks.

It has been reported that further amendments were drafted in 2011 to expand the scope of the money-laundering legislation, but these were not available at the time of writing.

27.17.3 Legislative History

The AML/CFT regime in India is relatively young. The Prevention of Money Laundering Act 2002 (PMLA) came into force in 2005 and was amended in 2009. The Unlawful Activities (Prevention) Act 1967 (UAPA) was amended in 2004 to criminalise, inter alia, terrorist financing. The UAPA was further amended in December 2008 to broaden its scope and to bring the legislation more in line with the requirements of the United Nations Convention for the Suppression of the Financing of Terrorism (FT Convention).

27.17.4 FATF Assessment

From mid-2009, India has increased its focus on money laundering and the use of the ML provisions. There are some important and, in some instances, long-standing legal issues, such as the threshold condition for domestic predicate offences, that remain to be resolved. Effectiveness concerns were primarily raised by the absence of any ML convictions.

Recently, India's serious commitment to combating terrorism in all its forms was acknowledged by the FATF. From a law-enforcement perspective, this commitment is reflected in an active pursuit of the financial aspects of terrorism. At the prosecutorial level, an appropriate focus on FT can be observed. At the June 2013 Plenary meeting, the FATF decided that India had reached a satisfactory level of compliance with all of the core and key Recommendations and could be removed from the regular follow-up process.

27.17.5 The Primary AML Investigation/Regulatory Authorities

27.17.6 Outline of Specific Money-laundering Offences

Section 3 of the Prevention of Money Laundering Act 2002 defines the offence of money laundering as:“Whosoever directly or indirectly attempts to indulge or knowingly assists or knowingly is a party or is actually involved in any process or activity connected with the proceeds of crime and projecting it as untainted property shall be guilty of the offence of money laundering.”

27.17.7 Penalties

Section 4 of the Prevention of Money Laundering Act 2002 specifies punishment for money laundering as:“Whoever commits the offence of money laundering shall be punishable with rigorous imprisonment for a term which shall not be less than three years but which may extend to seven years and shall also be liable to a fine which may extend to five lakh rupees.”

Where the proceeds of crime involved in money laundering relate to any of the various firearms offences, the provisions of this section shall remain the same, except that the words “which may extend to ten years”, shall replace the words “which may extend to seven years”.

27.17.8 Scope

The PMLA and rules apply to banking companies, financial institutions and intermediaries.

27.17.9 Risk-based Approach

Clients should be categorised by firms into low, medium or high risk depending on the characteristics of the relationship.

Banks may prepare a profile for each new customer based on risk categorisation. The customer profile may contain information relating to a customer's identity, social/financial status, nature of business activity, information about their clients' business and their location, etc. The nature and extent of due diligence will depend on the risk perceived by the bank. However, while preparing customer profiles, banks should take care to seek only such information from the customer which is relevant to the risk category and is not intrusive. The customer profile will be a confidential document and details contained therein shall not be divulged for cross selling or any other purposes.

27.17.10 Role of the MLRO/Nominated Officer

Banks may appoint a senior management officer to be designated as Principal Officer. The Principal Officer shall be located at the head/corporate office of the bank and shall be responsible for monitoring and reporting of all transactions and sharing of information as required under the law. They should maintain close liaison with enforcement agencies, banks and any other institution involved in the fight against money laundering and combating the financing of terrorism.

27.17.11 Due Diligence

Every banking company, financial institution and intermediary shall, at the time of commencement of an account-based relationship, identify its clients, verify their identity and obtain information on the purpose and intended nature of the business relationship.

In all other cases, identity should be verified while carrying out:

• A transaction of an amount equal to or exceeding fifty thousand rupees, whether conducted as a single transaction or several transactions that appear to be connected; or
• Any international money transfer operations.

A “client” shall be taken to mean a person that engages in a financial transaction or activity with a banking company, financial institution or intermediary, and includes a person on whose behalf the person that engages in the transaction or activity is acting.

27.17.12 Ongoing Monitoring

Ongoing monitoring is an essential element of any firm maintaining effective Know Your Customer (KYC) procedures. Banks can effectively control and reduce their risk only if they have an understanding of the normal and reasonable activity of the customer, so that they have the means of identifying transactions that fall outside the regular pattern of activity. However, the extent of monitoring will depend on the risk sensitivity of the account.

Banks should pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose. The bank may prescribe threshold limits for a particular category of accounts and pay particular attention to the transactions which exceed these limits.

Transactions that involve large amounts of cash inconsistent with the normal and expected activity of the customer should particularly attract the attention of the bank. Very high account turnover inconsistent with the size of the balance maintained may indicate to a firm that funds are being washed through the account.

High-risk accounts have to be subjected by a firm to intensified monitoring. Every bank should set key indicators for such accounts, taking note of the background of the customer, such as the country of origin, sources of funds, the type of transactions involved and other risk factors. Banks should put in place a system of periodical review of risk categorisation of accounts and the need for applying enhanced due diligence measures.

Banks should ensure that a record of transactions in the accounts is preserved and maintained as required in terms of Section 12 of the PMLA 2002. They should also ensure that transactions of a suspicious nature and/or any other type of transaction notified under Section 12 of the PMLA 2002, are reported to the appropriate law-enforcement authority.

27.17.13 Record-keeping

Every banking company, financial institution and intermediary shall maintain records of identity and current address or addresses including permanent address or addresses of its clients, the nature of business of the clients and their financial status.

The records of the identity of clients shall be maintained for a period of ten years from the date of cessation of the transactions between the client and the banking company or financial institution or intermediary.

Every banking company, financial institution and intermediary shall:

• Maintain a record of all transactions, the nature and value of which may be prescribed, whether such transactions comprise a single transaction or a series of transactions integrally connected to each other, and where such series of transactions take place within a month;
• Furnish information of transactions referred to above to the Director within such time as may be prescribed;
• Verify and maintain the records of the identity of all its clients, in such a manner as may be prescribed.

Where the Principal Officer of a banking company, financial institution or intermediary has reason to believe that a single transaction or series of transactions integrally connected to each other have been valued below the prescribed value so as to defeat the provisions of this section, such officer shall furnish information in respect of such transactions to the Director within the prescribed time.

The transaction records referred to above shall be maintained for a period of ten years from the date of said transactions between the clients and the banking company, financial institution or intermediary.

The identity records referred to above shall be maintained for a period of ten years from the date of cessation of transactions between the clients and the banking company, financial institution or intermediary.

Every banking company, financial institution or intermediary shall maintain a record of all transactions, including records of:

• All cash transactions with a value of more than ten lakh rupees, or its equivalent in foreign currency;
• All series of cash transactions integrally connected to each other which have been valued below ten lakh rupees, or its equivalent in foreign currency, where such a series of transactions has taken place within a month;
• All transactions involving receipts by non-profit organisations with a value of more than ten lakh rupees, or its equivalent in foreign currency;
• All cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine or where any forgery of a valuable security or a document has taken place facilitating the transactions;
• All suspicious transactions whether or not made in cash and by way of:
  • deposits and credits, withdrawals into or from any accounts in whatsoever name they are referred to in any currency maintained by way of:
    • cheques including third party cheques, pay orders, demand drafts, cashiers' cheques or any other instrument of payment of money including electronic receipts or credits and electronic payments or debits, or
    • traveller's cheques, or
    • transfer from one account within the same banking company, financial institution or intermediary, including from or to Nostro and Vostro accounts, or
    • any other mode by whatsoever name it is referred to;
  • credits or debits into or from any non-monetary accounts such as d-mat accounts, security accounts in any currency maintained by the banking company, financial institution or intermediary;
  • money transfers or remittances in favour of the firm's own clients or non-clients from India or abroad and to third party beneficiaries in India or abroad, including transactions on its own account in any currency by any of the following:
    • payment orders,
    • cashiers' cheques,
    • demand drafts,
    • telegraphic or wire transfers or electronic remittances or transfers,
    • internet transfers,
    • Automated Clearing House remittances,
    • lock-box-driven transfers or remittances,
    • remittances for credit or loading to electronic cards, or any other mode of money transfer by whatsoever name it is called;
  • loans and advances including credit or loan substitutes, investments and contingent liabilities by way of:
    • subscription to debt instruments such as commercial paper, certificates of deposit, preferential shares, debentures, securitised participation, inter-bank participation or any other investments in securities or the like in whatever form and name they are referred to,
    • purchase and negotiation of bills, cheques and other instruments,
    • foreign exchange contracts, currency, interest rate and commodity instruments and any other derivative instrument by whatsoever name it is called,
    • letters of credit, standby letters of credit, guarantees, comfort letters, solvency certificates and any other instrument for settlement and/or credit support;
• Collection services in any currency by way of collection of bills, cheques, instruments or any other mode of collection in whatsoever name it is referred to.

The records referred to above shall contain all necessary information specified by the regulator to permit reconstruction of individual transactions, including the following information:

• The nature of the transaction;
• The amount of the transaction and the currency in which it was denominated;
• The date on which the transaction was conducted; and
• The parties to the transaction.

27.17.14 Reporting Requirements

The Director may, either on their own judgment or on an application made by any authority, officer or person, call for records and may make such inquiry or cause such inquiry to be made, as he thinks fit.

27.17.15 Internal Requirements

Every banking company, financial institution and intermediary shall formulate and implement a client identification programme that it considers appropriate to enable it to determine the true identity of its clients as per the requirements under the PMLA.

27.17.16 Suspicious Transaction Reporting

Every banking company, financial institution and intermediary shall furnish to the FIU–IND information of all suspicious transactions whether or not made in cash.

A suspicious transaction means a transaction, including an attempted transaction, whether or not made in cash which, to a person acting in good faith:

• Gives rise to a reasonable ground of suspicion that it may involve proceeds of an offence specified in the Schedule to the Act, regardless of the value involved; or
• Appears to be made in circumstances of unusual or unjustified complexity; or
• Appears to have no economic rationale or bona fide purpose; or
• Gives rise to a reasonable ground of suspicion that it may involve financing of the activities relating to terrorism.

India has set out a series of broad categories that give reason for suspicion. The examples set out as being suspicious transactions in respect of a banking company are as follows:

27.17.17 Penalties

If the Director, in the course of any inquiry, finds that a banking company, financial institution or an intermediary or any of its officers has failed to comply with the record-keeping provisions, then, without prejudice to any other action that may be taken under any other provisions of this Act, he may, by an order, levy a fine on such banking company or financial institution or intermediary which shall not be less than ten thousand rupees but may extend to one lakh rupees for each failure.

27.17.18 Case Studies

A major bank in India was fined Rs 5 lakh after it was found that it had inadequate KYC procedures in place. The FIU investigated the bank after a report was submitted alleging that Rs 72 lakh in cash had been deposited at the bank by a mystery customer, who then received pay orders, deposited them in multiple accounts and withdrew the cash immediately. The accounts then disappeared as soon as the cash was withdrawn. In response to this, the bank was audited, and the conclusion was reached that Know Your Customer guidelines were not being followed, resulting in the Rs 5 lakh fine.

27.18.1 Overview

The Isle of Man, despite not being an FATF member, has a strong money-laundering-deterrence regime which is largely compliant with international standards. It regularly updates its legislation and guidance to retain a strong reputation for AML enforcement.

27.18.2 Key Legislation

The Money Laundering and Terrorist Financing Code 2013 provides the current enforceable AML legislation in the Isle of Man. In addition to this, the AML Handbook provides further guidance.

27.18.3 Legislative History

The Isle of Man legislative framework for anti-money laundering and countering the financing of terrorism (AML/CFT) has been in place and effective since 1990. This legislation has been regularly updated to deal with new threats that have emerged. New legislation has strengthened the Isle of Man's defences against all crimes, money laundering and international terrorism, for example, the Criminal Justice (Money Laundering Offences) Act 1998, which amended the Criminal Justice Act 1990, the Proceeds of Crime Act, the Anti-Terrorism and Crime Act 2003 and the Terrorism (Finance) Act 2009.

The recent legislation updated the Proceeds of Crime (Money Laundering) Code 2010 (AML Code) and the Prevention of Terrorist Financing Code 2011 (CFT Code), together referred to as “the Codes”.

27.18.4 FATF Assessment

Like Guernsey, the Isle of Man is not an FATF member. However, it is a member of the Group of International Finance Centre Supervisors (GIFCS), a body that is an observer to the FATF. The most recent IMF report found that the Isle of Man has brought its AML/CFT preventive measures largely into compliance with the FATF Recommendations, and that all IOM financial institutions are well supervised for AML/CFT purposes. The Financial Crime Unit (FCU), acting as the financial intelligence unit (FIU), performs its role adequately, but will require additional resources. The IOM authorities actively engage in international cooperation.

27.18.5 The Primary AML Investigation/Regulatory Authorities

27.18.6 Outline of Specific Money-laundering Offences

A person commits an offence if they enter into, or become concerned in, an arrangement which they know or suspect facilitates (by whatever means) the acquisition, retention, use or control of criminal property by, or on behalf of, another person.

In addition, a person commits an offence if they:

• Acquire criminal property;
• Use criminal property;
• Have possession of criminal property.

27.18.7 Defences

There is a safe harbour available if that person or another person has made a disclosure:

• To a constable or customs officer serving (in either case) with the Financial Crime Unit of the Isle of Man Constabulary; or
• To a nominated officer,

of information that came to that person in the course of business in the regulated sector.

27.18.8 Scope

Any entity which carries out a regulated activity, as specified in the Regulated Activities Order 2011, must apply for a licence to be regulated by the FSC. This includes various financial and investment businesses. There are certain exempted businesses under the Financial Services (Exemptions) Regulations 2011.

27.18.9 Risk-based Approach

The Financial Supervision Commission recommends a risk-based approach which is proportionate to the scale of business operations. However, licence holders should avoid rigid internal systems of control as these can encourage the development of a “tick box” mentality that can be counter-productive. Internal systems should require employees to properly consider the risks posed by individual customers and relationships and to react appropriately. When considering how best to monitor customer transactions and behaviour, a licence holder should take into account:

• The size and complexity of its business;
• Its business risk assessment;
• The nature of its systems and controls;
• The monitoring procedures that already exist to satisfy other business needs; and
• The nature of the products and services and the means of delivery.

Methods to be considered include:

• Simple exception reports to advise supervisors/operations managers of large transactions for their review;
• More complex exception reports to advise the MLRO, or other appropriate staff, of customers and transactions matching certain predetermined criteria;
• Computerised transaction-monitoring systems.

27.18.10 Role of the MLRO/Nominated Officer

Licence holders are required to appoint an MLRO and an Officer, but the Commission expects licence holders to appoint the same individual to both of these roles. In essence, the role of the MLRO and the Officer is the same, so MLRO is used as a blanket term.

The MLRO is the person who is nominated to ultimately receive internal reports and who considers any report in the light of all other relevant information for the purpose of determining whether or not it gives rise to knowledge or a suspicion of money laundering and/or terrorist financing.

Licence holders are also required to appoint a Deputy MLRO to cover for any absence of the MLRO. The Deputy MLRO should be of similar status and experience to the MLRO. For the avoidance of doubt, the Deputy MLRO should cover all of the MLRO's responsibilities in their absence, including those under the CFT Code. MLROs and Deputy MLROs should not be placed in any situation of conflict of interest.

In order that they can carry out their responsibilities effectively, the MLRO and Deputy MLRO should:

• Normally be resident in the Isle of Man;
• Have a sufficient level of seniority, independence and authority within the business;
• Be carrying out a compliance, audit or legal role;
• Have sufficient resources, including sufficient time and support staff;
• Have regular contact with, and ready access to, the board and other members of senior management to ensure that executive management is able to satisfy itself that the statutory obligations are being met and that the business is taking sufficiently robust measures to protect itself against the risk of money laundering and terrorist financing;
• Be fully aware of both their own and their organisation's AML/CFT obligations; and
• Have access to all relevant information which may be of assistance in evaluating STRs.

Licence holders must notify the Commission of the proposed appointment and identity of the MLRO and Deputy MLRO and any subsequent changes.

The responsibilities of the MLRO will normally include:

• Undertaking the internal review of all suspicions in light of all available relevant information and determining whether or not such suspicions have substance and require disclosure to the FCU;
• Maintaining all related records;
• Giving guidance on how to avoid tipping off the customer if any disclosure is made and managing any resulting constructive trust scenarios;
• Providing support and guidance to the board and senior management to ensure that money-laundering and terrorist-financing risks are adequately managed;
• Liaising with the FCU and, if required, the Commission and participating in any other third party enquiries in relation to money-laundering or terrorist-financing prevention and detection, investigation or compliance; and
• Providing reports and other information to senior management.

27.18.11 Due Diligence

A risk-based approach to CDD is one that takes a number of discrete steps in assessing the most effective and proportionate way to manage the money-laundering and terrorist-financing risks faced by a licence holder.

The risk assessment of a particular customer will determine:

• The extent of identification information to be sought;
• Any additional information that needs to be requested;
• How that information will be verified and for whom; and
• The extent to which the relationship will be monitored.

It will also help to guard against identity theft.

Unless it is obvious from the product being provided, the following must be established:

• The purpose and intended nature of the relationship;
• The expected type, volume and value of activity;
• The expected geographical sphere of the activity;
• The activity providing the source of funds for the relationship and geographical sphere of the activity;
• Details of any existing relationships with the product/service provider.

27.18.12 Ongoing Monitoring

Entities should have adequate systems to monitor risk on an ongoing basis. Licence holders must monitor the conduct and activities of the customer to ensure that they are consistent with the nature of business, the risk profile, source of funding and estimated turnover that was determined when the relationship was established.

Where the basis of the relationship changes significantly, licence holders must carry out further CDD procedures to ensure that the revised risk and basis of the relationship is fully understood. Ongoing monitoring procedures must take account of these changes.

Licence holders must ensure that any updated CDD information obtained through meetings, discussions or other methods of communication with the customer is recorded and retained with the customer's records. That information must be available to the MLRO.

27.18.13 Staff Training

Training should be structured to ensure compliance with all of the requirements of the applicable legislation at least annually. Each licence holder can tailor its training programmes to suit its own needs and those of its employees to whom it is delivered, depending on size, resources and the type of business it undertakes. In particular, training should cover the following.

27.18.14 Record-keeping

The records prepared and maintained by any financial services business must be such that:

• Supervisors, auditors and law-enforcement agencies will be able to assess the effectiveness of the AML/CFT policies and procedures that are maintained by a licence holder;
• Any transactions or instructions effected via the licence holder on behalf of any individual customer can be reconstructed;
• The audit trail for funds entering and leaving the Isle of Man is clear and complete;
• Any customer can be properly identified and located;
• A CDD profile can be established for all customers for whom there is a business relationship;
• All suspicions received internally, and STRs made externally, can be identified;
• The rationale for not passing on any internal suspicions to the FCU can be understood; and
• A licence holder can satisfy, within a reasonable time frame, any enquiries or court orders from the appropriate authorities as to disclosure of information.

27.18.15 Suspicious Transaction Reporting

It is an offence to fail to disclose, where a person knows or suspects or has reasonable grounds for knowing or suspecting, that a terrorist-financing offence has been committed. Once knowledge or suspicion or reasonable grounds for knowledge or suspicion have been formed, the following general principles must be applied:

• In the event of suspicion of money laundering or terrorist financing, a disclosure must be made even where there has been no transaction by or through the licence holder.
• Disclosures must be made as soon as is reasonably practical after the suspicion was first identified.

It is the responsibility of the MLRO (or, if appropriate, the Deputy MLRO) to consider all internal disclosures he/she receives in light of full access to all relevant documentation and other parties. If, after completing the evaluation, the MLRO decides that there are grounds for knowledge, suspicion or reasonable grounds to suspect money laundering or terrorist financing or attempted money laundering or attempted terrorist financing, he should disclose the information to the FCU as soon as practicable after his evaluation is complete.

27.18.16 Penalties

Failure to comply with the AML Code is a criminal offence. On summary conviction, the AML Code carries a maximum custodial period of six months or a fine not exceeding £5,000 or both. On conviction on information, it carries a maximum custodial period of two years or a fine or both.

Failure to comply with the CFT Code is also a criminal offence. On summary conviction, the CFT Code carries a maximum custodial period of 12 months or a fine not exceeding £5,000 or both. On conviction on information, it carries a maximum custodial period of two years or a fine or both.

In determining whether an offence has been committed, a court may take account of any relevant supervisory or regulatory guidance which applies to that person and which is given by a competent authority. Failure to comply with the minimum requirements of the handbook may be regarded by the Commission as an indication of:

• Conduct that is not in the best economic interests or which damages the reputation of the Isle of Man;
• Lack of fitness and propriety; and/or
• A failure to comply with certain fundamental principles within the Codes.

This may, therefore, result in regulatory action at the discretion of the Commission and, in extreme cases, it may result in revocation of a licence.

27.18.17 Case Studies

A multi-millionaire was sentenced to six years in prison after being convicted of money laundering in the Isle of Man. His business interests included the Miss World competition, and he was listed in the Sunday Times Rich List. The businessman utilised complex international corporate structures to transfer funds from Switzerland to the Isle of Man, with the help of his wife. The money originated from a false accounting scheme, whereby shares in a company were sold at hugely inflated prices on the strength of falsified sales figures and records, meaning that vast sums of money were made on worthless shares. The money was then laundered through Swiss and Isle of Man bank accounts, the value of which ran into millions of pounds. This case illustrates the need for vigilance when money is being moved between jurisdictions, especially when “tax havens” are involved.

27.19.1 Overview

According to the US Report on Japan, although the Japanese government continues to strengthen legal institutions to permit more effective enforcement of anti-money-laundering/counter-terrorist-financing (AML/CFT) laws, Japan's compliance with international standards specific to financial institutions is notably deficient. The domestic crime rate in Japan is generally low, although, in common with other countries, the number of prosecutions regarding money-laundering cases is increasing steeply, but this still remains relatively low. The Japanese AML framework does have strengths, but on the whole there are still improvements needed to bring it up to international standards.

27.19.2 Key Legislation

The Anti-Drug Special Provisions Law and the Act on Punishment of Organised Crimes outline the money-laundering offences. The Act on Prevention of Transfer of Criminal Proceeds outlines the compliance requirements.

27.19.3 Legislative History

Japan's money-laundering legislation rested heavily on the predicate offences surrounding drug trafficking and other related offences until 1999. This emphasis stemmed from the fact that the main authority was contained in the law concerning Special Provisions for Narcotics and Psychotropic Control. 1999 saw the enactment of The Punishment of Organised Crime, Control of Crime Proceeds and Matters (Act No 136 of 1999).

The most recent legislative developments have been consolidated through the Act on the Prevention of the Transfer of Criminal Proceeds (Act No 22 of 2007). The key current legislation is:

• The Act on the Prevention of the Transfer of Criminal Proceeds (Act No 22 of 2007);
• The Punishment of Organised Crime, Control of Crime Proceeds and Matters (Act No 136 of 1999);
• The UN Convention on Terrorist Financing was incorporated through the Punishment of Financing of Offences through Public Intimidation (Law No 67 of 2002).

An additional law to prevent diversion of criminal proceeds went into full force on 1st March, 2008. Its primary purpose is to prevent money laundering. Until its implementation, the law covered mainly financial institutions. It now applies to real estate agents, precious metal dealers and jewellers as well as judicial scriveners, administrative scriveners, certified public accountants and licensed tax accountants.

In April 2011, Japan amended its basic AML law, the Criminal Proceeds Act, to improve customer due diligence (CDD) requirements. These requirements came into effect in April 2013.

Furthermore, Japan has not implemented a risk-based approach to AML/CFT, and there is currently no requirement for enhanced due diligence for higher-risk customers, business relationships and transactions. Although the April 2011 amendments to the Criminal Proceeds Act refer to a higher risk, they only require financial institutions to verify a customer's assets and income where there is a suspicion of the use of a false identity. There is no requirement to take into account any risks posed by the business itself. The current regulations also do not authorise simplified due diligence, though there are exemptions to the identification obligation on the grounds that the customer or transaction poses no or little risk of money laundering or terrorist financing.

27.19.4 FATF Assessment

The 2008 mutual evaluation found that although the ML legal provisions are sound, the CDD and STR requirements as well as the investigations carried out by JAFIC could all be significantly improved.

27.19.5 The Primary AML Investigation/Regulatory Authorities

27.19.6 Outline of Specific Money-laundering Offences

The Anti-Drug Special Provisions Law defines the act of money laundering as a new crime, in that it has such aspects as encouraging further (drug) crimes.

The following acts are criminalised:

• The act of “disguising facts with respect to acquisition or disposition of drug crime proceeds etc.”;
• The act of “concealing drug crime proceeds etc.”;
• The act of “disguising facts with respect to the source of drug crime proceeds etc.”;
• The act of “knowingly receiving drug crime proceeds etc”.

According to the Act on Punishment of Organised Crimes, in addition to the acts of disguising, concealing and receiving stipulated in the Anti-Drug Special Provisions Law, managing an enterprise by using criminal proceeds shall be punished as another type of money-laundering crime.

The range of crimes that generate criminal proceeds is stipulated in the attachment to the Act on Punishment of Organised Crimes, to which illicit businesses such as unauthorised entertainment and amusement businesses and unlicensed banking were added in the amendment to the law enforced in July 2011.

27.19.7 Penalties

Any person who conceals facts concerning the acquisition or disposition of drug offence proceeds, the drug offence proceeds themselves or facts concerning the source of drug offence proceeds is liable to imprisonment for not more than five years or a fine not exceeding JPY 3,000,000, or both. Attempts are punishable by the same sanctions, and any person who intentionally prepares to commit one of these offences is liable to a term of imprisonment not exceeding two years or a fine not exceeding JPY 500,000.

Any person who knowingly receives drug offence proceeds is liable to imprisonment for not more than five years or a fine not exceeding JPY 1,000,000, or both.

A person who disguises facts with respect to acquisition or disposition of crime proceeds or the like, or who conceals crime proceeds or the like shall be imprisoned with labour for not more than five years or fined not more than JPY 3,000,000, or both. The same shall apply to any person who disguises facts with respect to the source of crime proceeds or the like. A person who, with intent to commit this offence, prepares for such offence shall be imprisoned with labour for not more than two years or fined not more than JPY 500,000.

Any person who knowingly receives crime proceeds or the like shall be imprisoned with labour for not more than three years or fined not more than JPY 1,000,000, or both; provided that this shall not apply to a person who receives any property offered for the performance of an obligation under a law or regulation or offered for the performance of an obligation under a contract (such contract shall be limited to that under which a creditor is to offer substantial property interest) at the time of the conclusion of which such person did not know that the obligation under such contract would be performed with crime proceeds or the like.

Drug crime proceeds shall be confiscated. If they cannot be confiscated because, for example, they have already been consumed or the right thereof has been transferred, collection of equivalent value will be ordered. However, the system of confiscation and collection of equivalent value provided in the Act on Punishment of Organised Crime is subject to the discretion of the court, unlike the system provided in the Anti-Drug Special Provisions Law.

At the time of the enactment of the Act on Punishment of Organised Crime, it was stipulated that so-called “crime victim property”, such as proceeds obtained through crime concerning property etc., may not be confiscated in consideration of damage claims by victims. However, the law was partially revised (enforced in December 2006) to enable confiscation in certain cases where the crime is considerably organised or it would be difficult to recover the damage by civil proceedings due to money laundering or other reasons.

27.19.8 Scope

Business operators who are required to take the measures outlined in this section are called “specified business operators”, the scope of which is defined in line with the FATF Recommendations as well as in consideration of business practices in Japan. Generally, financial institutions etc. had already been obliged to undertake identical measures by other Japanese legal provisions.

27.19.9 Risk-based Approach

Japan is not at present implementing an AML/CFT risk-based approach, therefore there is no provision mandating enhanced due diligence for customers that pose a higher risk within business relationships and transactions, or authorised simplified due diligence.

27.19.10 Due Diligence

Financial institutions are required to conduct CDD when a business relationship begins. In addition to this, there are certain specified transactions requiring CDD:

• The conclusion of deposit/savings contracts;
• Large cash transactions exceeding JPY 2,000,000;
• Cash remittance exceeding JPY 100,000.

27.19.11 Staff Training

The amendment of the Act on Prevention of Transfer of Criminal Proceeds requires entities to develop education and training systems for employees.

27.19.12 Record-keeping

Entities should prepare and keep records of identification data and measures taken for CDD for seven years from the day when the transactions were completed or terminated, and prepare and keep records of the dates and details of transactions for seven years.

27.19.13 Suspicious Transaction Reporting

Entities are required to report transactions that are suspected of being related to criminal proceeds to the competent authority. When conducting a cross-border payment, they should notify the receiving institutions of certain items, such as the name and the account number.

Specified business operators are required to file an STR to a corresponding supervising authority when they suspect, during the course of their business, that assets they have received are criminal proceeds or that their client has committed an offence of concealment of criminal proceeds. Specified business operators are expected to judge whether the concerned transaction is a suspicious transaction with their own knowledge and experience of their industries, taking into account the form of transaction, client attributes, conditions surrounding the transaction and other factors.

27.19.14 Penalties

Persons who have failed to submit reports or materials, or submit false reports or materials, or who have refused on-site inspections shall be punished with imprisonment with labour for not more than one year or a fine of not more than JPY 3,000,000, or both. A person who violates an order for rectification shall be punished with imprisonment with labour for not more than two years or a fine of not more than JPY 3,000,000, or both.

Moreover, to complement the supervisory function, the National Public Safety Commission is authorised to state its opinion to competent administrative authorities (and make necessary inspections on business operators) when it detects violations.

27.19.15 Case Studies

One of the most prominent cases of financial crime in Japan is known as the “Furikome Fraud”, which cost over 20,000 victims JPY 2.75 billion in 2008. The main financial institutions utilised were remittance transfer service providers, although banks also need to be equally vigilant to this practice.

The fraud was carried about using (usually stolen) mobile telephones, so that the victim did not suspect fraud. A phone call was made to a relative of the victim from their own phone, and the criminal spoke quickly and in generic language (“it's me” was a common opening phrase). The sense of panic in their voice, as well as background noise, created enough worry for the relative to comply with the criminal's instructions, which were to transfer funds into the criminal's bank account. The criminals usually called elderly relatives, some of whom had dementia and many of whom were unfamiliar with modern technology, to further heighten the sense of worry and the need for compliance. The reasons given included settling a parking ticket and avoiding blackmail, and once the funds were transferred, the account was usually closed down shortly afterwards.

Financial institutions have a part to play in preventing this type of fraud. The indicative signs that accounts were being closed down quickly after a transfer was made, with funds being transferred from a wide range of seemingly unconnected private personal (rather than corporate) accounts and funds being transferred from elderly people, can all be caught by ongoing monitoring of clients and their accounts, and implementing effective due diligence procedures to link the criminals to these accounts. The implementation of such procedures will enable the authorities to bring the criminals to justice.

27.20.1 Overview

Financial services is a key sector of Jersey's economy, accounting for approximately half of the total economic activity and a quarter of the workforce (approximately 13,400 employed). Financial services expertise and international reputation have been significant in attracting business to Jersey, as has the close working relationship with the UK financial system and the availability of favourable tax arrangements, in a developed, stable and well-regulated jurisdiction. In common with other offshore UK jurisdictions, Jersey is not a member of the EU and therefore has some advantages over other countries.

A substantial proportion (believed to be around 90% in some sectors) of customer relationships are established with non-residents. Arising from the nature of services provided and the typically non-resident, non-face-to-face nature of much of the client relationships, Jersey's financial sector is inherently exposed to the risk of money laundering, but the island has put in place a comprehensive and robust AML/CFT legal framework with a high level of compliance with almost all aspects of the FATF Recommendations.

27.20.2 Key Legislation

The Proceeds of Crime Law 1999 outlines the main money-laundering offences. The Money Laundering (Jersey) Order 2008 outlines AML requirements, which are expanded on within the AML Handbook. Minor amendments were made in August 2013 under the Money Laundering (Amendment No. 5) (Jersey) Order 2013.

27.20.3 Legislative History

Several overarching provisions have been implemented to combat money laundering and terrorist financing. The first enactment on the island of Jersey was made in 1988 for money laundering, and in 1990 a further Order addressed terrorist financing. These have all been updated as the money-laundering offence broadened in scope and the culpability for the offence also extended.

27.20.4 FATF Assessment

Jersey is not an FATF member, but observes the FATF requirements through its membership of the Group of International Finance Centre Supervisors (GIFCS).

A 2010 assessment by the Financial Stability Board, in response to a call from the G20, rated Jersey as “demonstrating sufficiently strong adherence” to the relevant international standards. In 2008, the United Kingdom government publicly confirmed that it considered Jersey to have EU-equivalent AML/CFT systems.

27.20.5 The Primary AML Investigation/Regulatory Authorities

27.20.6 Outline of Specific Money-laundering Offences

It is an offence to assist another to retain benefit of criminal conduct. This offence is committed by someone who knows or suspects that “A” is a person who is, or has been, engaged in criminal conduct or has benefited from criminal conduct. This is quite a broad scope and so defences for such an offence are probably hard to apply. The offence rests heavily on mere suspicion of criminal conduct.

The following are also money-laundering offences:

• The acquisition, possession or use of proceeds of criminal conduct;
• Concealing or transferring proceeds of criminal conduct.

27.20.7 Scope

The Money Laundering (Jersey) Order 2008 applies to a person carrying on financial services business in, or from within, Jersey, and a Jersey body corporate or limited liability partnership (LLP) carrying on financial services business anywhere in the world (a “relevant person”).

27.20.8 Risk-based Approach

The risk-based approach is widely adopted within the Jersey regulations. The 2010 guidelines that appear in the Jersey Financial Services Commission Handbook were written with the express aim of instructing financial service businesses on how they subscribe to the risk-based approach laid down by the FATF. The handbook provides excellent supplementary guidance to the statutory rules.

27.20.9 Role of the MLRO/Nominated Officer

The law requires firms to appoint both a Money Laundering Compliance Officer (MLCO) and a Money Laundering Reporting Officer (MLRO). The MLCO should ensure that the AML requirements are being complied with, whereas the MLRO should consider reports of suspicious transactions. The two roles can be performed by the same person.

The MLCO is someone who:

• Develops and maintains systems and controls (including policies and procedures) in line with evolving requirements;
• Undertakes regular reviews (including testing) of compliance with policies and procedures to counter money laundering and the financing of terrorism;
• Advises the board on anti-money-laundering and financing of terrorism compliance issues that need to be brought to its attention;
• Reports periodically, as appropriate, to the board on compliance with the business's systems and controls;
• Responds promptly to requests for information made by the Commission and the JFCU.

The MLRO should:

• Receive and consider reports;
• Have sufficient experience and skills;
• Have appropriate independence;
• Have a sufficient level of seniority and authority within the business;
• Have sufficient resources, including sufficient time, and (if appropriate) be supported by deputy MLROs;
• Be able to raise issues directly with the board; and
• Be fully aware of both his and the business's obligations.

A relevant person may designate one or more individuals (other than the reporting officer) to whom reports may be made in the first instance, for onward transmission to the reporting officer. They must be of an appropriate level of seniority and have all the necessary access to any records needed to carry out their role.

Under Paragraph 7, a relevant person must give the Commission written notice within one month after the date if:

• An appointment has been made, or
• An appointment ceases.

When an MLRO position is due to become vacant, a member from the board must be appointed on a temporary basis in order to comply with the statutory requirement that all financial businesses must have an MLRO in place at all times.

27.20.10 Due Diligence

A relevant person must apply identification measures before the establishment of a business relationship or before carrying out a one-off transaction, or as soon as reasonably practicable after the establishment of a business relationship if it is necessary not to interrupt the normal conduct of business, and there is little risk of money laundering occurring as a result of completing such identification after the establishment of that relationship. They must also apply CDD where they suspect money laundering or they have doubts about the adequacy of the documents previously obtained under CDD measures.

27.20.11 Ongoing Monitoring

A relevant person is required to apply ongoing monitoring during a business relationship. This means ensuring that all documents are kept up to date and relevant by undertaking reviews of existing records, including, but without prejudice to the generality of the foregoing, reviews where any inconsistency has been discovered. This should be carried out at times that are appropriate, having regard to the degree of risk of money laundering and taking into account the type of customer, business relationship, product or transaction concerned, when any suspicion arises.

A relevant person must maintain adequate procedures for monitoring and testing the effectiveness of the following actions:

• The CDD policies and procedures;
• The measures taken to prevent and detect money laundering; and
• The training provided to staff.

27.20.12 Staff Training

A relevant person must maintain appropriate policies and procedures relating to:

• Customer due diligence measures;
• Reporting in accordance with the relevant AML law;
• Record-keeping;
• Screening of employees;
• Internal control;
• Risk assessment and management; and
• The monitoring and management of compliance with, and the internal communication of, such policies and procedures in respect of that person's financial services business in order to prevent and detect money laundering.

“Appropriate policies and procedures” means policies and procedures that are appropriate having regard to the degree of risk of money laundering and taking into account the type of customers, business relationships, products or transactions with which the relevant person's business is concerned. It must also include policies and procedures for the identification and scrutiny of:

• Complex or unusually large transactions;
• Unusual patterns of transactions which have no apparent economic or visible lawful purpose; and
• Any other activity which the relevant person regards as particularly likely by its nature to be related to the risk of money laundering.

Additionally, the firm should identify:

• The requirement to take additional measures, where appropriate, to prevent the use for money laundering of products and transactions which are susceptible to anonymity, including measures to prevent the misuse of technological developments in money laundering.
• Whether a customer, a beneficial owner or controller of a customer, a third party for whom a customer is acting, a beneficial owner or controller of a third party or a person acting, or purporting to act, on behalf of a customer, is a politically exposed person.
• Whether a business relationship or transaction, or proposed business relationship or transaction, is with a person connected with a country or territory that does not apply, or insufficiently applies, the FATF Recommendations.
• Whether a business relationship or transaction, or proposed business relationship or transaction, is with a person connected with a country or territory that is subject to measures for purposes connected with the prevention and detection of money laundering, such measures being imposed by one or more countries or sanctioned by the European Union or the United Nations.

“Scrutiny” includes scrutinising the background and purpose of transactions and activities.

A relevant person must take appropriate measures from time to time for the purposes of making employees whose duties relate to the provision of financial services business aware of the following matters:

• The AML policies and procedures that are maintained by that person and relate to the business; and
• The enactments in Jersey relating to money laundering and any relevant Code of Practice.

A relevant person must provide those employees from time to time with training in the recognition and handling of:

• Transactions carried out by, or on behalf of, any person who is, or appears to be, engaged in money laundering; and
• Other conduct that indicates that a person is, or appears to be, engaged in money laundering.

Such training shall include the provision of information on current money-laundering techniques, methods and trends.

27.20.13 Record-keeping

A relevant person must keep the records specified below. A record comprises:

• A copy of the evidence of identity obtained pursuant to the application of customer due diligence measures or information that enables a copy of such evidence to be obtained;
• All the supporting documents, data or information that have been obtained in respect of a business relationship or one-off transaction following the application of customer due diligence measures;
• Details relating to each transaction carried out by the relevant person in the course of any business relationship or one-off transaction.

Records must also include sufficient information to enable the reconstruction of individual transactions, in such a manner that those records can be made available on a timely basis to the Commission, police officer or customs officer for the purposes of complying with a requirement under any enactment.

Records must contain the following details of each transaction carried out with, or for, a customer in the course of financial services business:

• The name and address of the customer;
• If a monetary transaction, the kind of currency and the amount;
• If the transaction involves a customer's account, the number, name or other identifier for the account;
• The date of the transaction;
• Details of the counterparty, including account details;
• The nature of the transaction; and
• Details of the transaction.

Adequate recording of details of transactions may be demonstrated by including (where appropriate):

• Valuation(s) and price(s);
• The form (e.g. cash, cheque, electronic transfer) in which funds are transferred;
• Memoranda of instruction(s) and authority(ies);
• Memoranda of purchase and sale;
• Custody of title documentation; and
• Other records in support of transaction records where these are necessary to enable a clear and complete audit trail of fund or asset movements to be established.

Adequate recording of details of transactions may be demonstrated by recording all transactions undertaken on behalf of a customer within that customer's records, enabling a complete transaction history for each customer to be easily constructed. For example, a customer's records should include all requests for wire transfer transactions where settlement is provided other than from funds drawn from a customer's account with the relevant person.

27.20.14 Suspicious Transaction Reporting

Financial institutions and other organisations regulated by the Jersey Financial Services Commission undertaking relevant business have an obligation to report where they have knowledge, suspicion or reasonable grounds for suspecting money laundering or terrorist financing. The format, timing and content of what the Jersey Financial Services Commission considers to be a good SAR are specified in the guidance, and should follow the basis outlined below.

If it is made to a designated person, that person must consider it, in the light of all other relevant information, for the purpose of determining whether or not the information or other matter contained in the report does give rise to knowledge, suspicion or reasonable grounds for knowledge or suspicion that another person is engaged in money laundering.

If a report is made to a designated person, the report must generally be forwarded by the designated person to the reporting officer.

If a report is made or forwarded to the reporting officer, it must be considered by the reporting officer, in the light of all other relevant information, for the purpose of determining whether or not the information or other matter contained in the report does give rise to knowledge, suspicion or reasonable grounds for knowledge or suspicion that another person is engaged in money laundering.

Any designated person through whom the report is made must have access to all other relevant information that may be of assistance to the reporting officer or that designated person, including, in particular, the records that a relevant person must keep.

If it is decided that a disclosure needs to be made, there must be procedures for the person to disclose to a designated police officer or designated customs officer as soon as is practicable, using the form set out in the Schedule to the Order.

Reports must contain the identity of the person making the report.

Section 22 considers reports that do not need to be forwarded:

• If a designated person, on considering a report, concludes that it does not give rise to knowledge, suspicion or reasonable grounds for knowledge or suspicion that another person is engaged in money laundering, the designated person need not forward it to the reporting officer.
• If a designated person, on considering a report, has concluded that it does give rise to knowledge, suspicion or reasonable grounds for knowledge or suspicion that another person is engaged in money laundering, the reporting officer need not consider whether that other person is engaged in money laundering.

27.20.15 Penalties

Failure to comply with the Money Laundering Order is a criminal offence, and in determining whether a relevant person has complied with any of the legal requirements of the Order, the court is required to take account of the guidance provided by the handbook. The sanction for failing to comply with the Money Laundering Order may be an unlimited fine or up to two years' imprisonment, or both.

Where a breach of the Money Laundering Order by a body corporate is proved to have been committed with the consent of, or to be attributable to any neglect on the part of, a director, manager or other similar officer, that individual, as well as the body corporate, shall be guilty of the offence and subject to criminal sanctions.

The consequences of non-compliance with the regulatory requirements that are set through the Supervisory Bodies Law could include an investigation by, or on behalf of, the Commission, the imposition of regulatory sanctions and criminal prosecution of the business and its employees. Regulatory sanctions include:

• Issuing a public statement;
• Imposing a direction and making this public; and
• Revocation of a licence.

In addition to this, the ability of a relevant person that is regulated by the Commission under the regulatory laws to demonstrate compliance with the regulatory requirements will be directly relevant to its regulated status and any assessment of fitness and propriety of its principals.

27.20.16 Case Studies

A lawyer in Jersey was convicted of money laundering involving assets valued at over £1 million. The funds, which were falsely represented as payment for legal services, originated from the lawyer's father – a convicted money launderer who is reported to have laundered £27 million. A transaction of this size between relatives should arouse suspicion for a financial institution, particularly when convicted financial criminals are moving funds of that size.

Jersey has been targeted as a money-laundering centre for funds originating in India and Nigeria, after a criminal was convicted of orchestrating a £28-million money-laundering scheme. The funds were laundered through the Jersey branch of the Bank of India, in a deal with a late Nigerian military dictator. This illustrates the need to conduct enhanced due diligence for PEPs, to avoid the possibility of corruption and abuse of power.

27.21.1 Overview

Kenya has been slow to implement a comprehensive AML regime. As such, its attempts to comply with the international regime to combat money laundering have currently fallen short of international best practice. Its primary concern has been to focus more on the poverty that the country is affected by and to solve the further problems relating to various diseases that have been virtually wiped out in other, more developed countries.

27.21.2 Key Legislation

The Proceeds of Crime and Anti-Money Laundering Act 2009 provides the relevant AML law. This is supplemented by the CBK Guidelines.

27.21.3 Legislative History

The Proceeds of Crime and Anti-Money Laundering Act 2009 came into effect on 28th June, 2010. The Act:

• Criminalises money laundering;
• Provides for both criminal and civil restraint, seizure and forfeiture;
• Places an obligation on financial institutions to:
  • monitor and report suspected money-laundering activity,
  • verify customer identity (KYC),
  • establish and maintain customer records, and
  • establish and maintain internal reporting procedures;

• Establishes the Financial Reporting Centre (financial intelligence unit), the Asset Recovery Centre and the Criminal Assets Recovery Fund;
• Provides for procedures that facilitate international assistance with investigations and proceedings related to money-laundering offences.

Furthermore, there are various other pieces of relevant legislation:

• Prevention of Organised Crime 2007;
• Banking Act 1995 (with amendments through 2003);
• Banking (Amendment) Act 2006;
• Central Bank of Kenya Act 1966 (with amendments through 2003).

27.21.4 FATF Assessment

Kenya was severely criticised by the FATF in June 2012, which issued a statement saying “Despite Kenya's high-level political commitment to work with the FATF and ESAAMLG to address its strategic AML/CFT deficiencies, Kenya has not made sufficient progress in implementing its action plan, and certain strategic AML/CFT deficiencies remain.” It added “Taking into account Kenya's continued lack of progress, in particular in enacting the CFT legislation, if Kenya does not take significant actions by October 2012, the FATF will call upon its members to apply countermeasures proportionate to the risks associated with Kenya.”

27.21.5 The Primary AML Investigation/Regulatory Authorities

27.21.6 Outline of Specific Money-laundering Offences

It is an offence for any person to enter into an agreement or engage in any arrangement or transaction with anyone in connection with property that forms part of the proceeds of crime, whether that agreement, arrangement or transaction is legally enforceable or not and whose effect is to:

• Conceal or disguise the nature, source, location, disposition, movement or ownership of the said property;
• Enable or assist any person who has committed or commits an offence, whether in Kenya or elsewhere, to avoid prosecution;
• Remove or diminish any property acquired directly, or indirectly, as a result of the commission of an offence.

27.21.7 Defences

If a person is charged with committing a money-laundering offence, it is a defence that he had reported a suspicion to the authorities or, if the person is an employee of a reporting institution, in accordance with his obligations.

27.21.8 Penalties

A person found guilty of money laundering, acquisition, possession or use of criminal proceeds or financial promotion of a crime can be liable:

• In the case of a natural person, to imprisonment for a term not exceeding 14 years, or a fine not exceeding five million shillings or the amount of the value of the property involved in the offence, whichever is the higher, or to both the fine and imprisonment; and
• In the case of a body corporate, to a fine not exceeding twenty-five million shillings, or the amount of the value of the property involved in the offence, whichever is the higher.

A person who contravenes any of the provisions of sections relating to failure to report suspicion, tipping off or misuse of information is, on conviction, liable:

• In the case of a natural person, to imprisonment for a term not exceeding seven years, or a fine not exceeding two million, five hundred thousand shillings, or to both; and
• In the case of a body corporate, to a fine not exceeding ten million shillings, or the amount of the value of the property involved in the offence, whichever is the higher.

27.21.9 Risk-based Approach

Institutions should put in place effective anti-money-laundering programmes that address the risks posed by money launderers, and enhance the ability of the institution to identify, monitor and deter persons from attempting to gain access to, or make use of, the financial system. Such programmes should be documented and should establish clear responsibilities and accountabilities to ensure that policies, procedures and controls are introduced and maintained.

A programme should, amongst other things, address the following issues:

• Internal policies, procedures and controls instituted that are based upon the financial institution's money-laundering risk assessment;
• Designate an AML Compliance Officer and detail the role he/she will play in the day-to-day AML supervision of the institution;
• Provide for and document policies and procedures to perform independent testing/audit, to measure compliance with the relevant AML laws and regulations;
• Provide for and document AML training for appropriate personnel;
• Provide for adequate screening policies and procedures to ensure high ethical and professional standards when hiring staff.

27.21.10 Internal Controls

The board of directors of an institution operating in Kenya is expected to ensure that management:

• Establishes adequate internal control measures to address potential money-laundering and terrorist-financing risks.
• Obtains, verifies and maintains proper identification of customers wishing to open accounts or make transactions, whether directly or through proxy.
• Obtains and maintains adequate records such as: copies or records of official identification documents like passports, identity cards, driving licences or similar documents; statements of accounts, account files and business correspondence including the results of any inquiries to establish the background and purpose of any complex, unusually large transactions, for a minimum of seven years, regarding the sources of funds and details of transactions in order to:
  • enable the identification of unusual or suspicious transactions, and
  • reconstruct individual transactions.

• Trains staff on a regular basis in the prevention, detection and control of money laundering and the identification of suspicious transactions.
• Monitors and reports any suspicious transactions or activities to the Central Bank of Kenya that may indicate money laundering or other attempts to conceal the true identity of customers or ownership of assets.
• Cooperates with national law-enforcement agencies by taking appropriate measures which are consistent with the law where there are reasonable grounds for suspecting money laundering.
• While taking into account the sensitive nature of extraterritorial anti-money-laundering laws and regulations, ensures that its overseas branches and subsidiaries are aware of the reporting requirements as directed by the Central Bank of Kenya with regard to suspicious transaction reporting and sanctions reporting.

27.21.11 Role of the MLRO/Nominated Officer

Procedures and responsibilities for monitoring compliance with, and effectiveness of, anti-money-laundering policies and procedures should be clearly laid down by institutions in the form of policy documents and internal procedural manuals. Institutions should appoint a Compliance Officer to undertake this function and the officer should have the necessary authority to carry out the function. Institutions should provide the Compliance Officer with the necessary access to systems and records to enable the Officer to fulfil his/her responsibilities.

The functions of the Compliance Officer shall be, amongst others:

• To receive and vet suspicious activity reports from staff;
• To file suspicious transaction reports with the Central Bank of Kenya;
• To be the central point of contact with the Central Bank of Kenya for anti-money-laundering purposes;
• To develop the institution's anti-money-laundering compliance programme;
• To ensure that the anti-money-laundering compliance programme is followed and enforced within the institution;
• To coordinate training of staff in anti-money-laundering awareness and detection methods; and
• To maintain close cooperation and liaison with the Central Bank of Kenya.

27.21.12 Risk Assessment

Institutions shall undertake a Money Laundering and Financing of Terrorism Risk Assessment. The Assessment should provide the means for identifying the degree of potential money laundering and financing of terrorism risks associated with specific customers and transactions, thereby allowing the institution to focus on customers and transactions that potentially pose a greater risk of money laundering and terrorism financing. Institutions should take into consideration the findings of the country's National Money Laundering and Terrorism Risk Assessment.

When preparing a risk assessment, an institution should consider factors such as:

• The number and volume of transactions per customer;
• The nature of the customer relationship; and
• Whether, for example, the institution's interaction with customers is face-to-face or non-face-to-face, such as electronic banking (for example, internet banking, mobile banking).

27.21.13 Due Diligence

In all circumstances, any business entity operating within the financial sector requires basic information on its customers. The nature and extent of this information will vary according to the type of business. It shall also depend on whether the business is being introduced by a financial intermediary and the type of customer involved. An institution shall take measures to satisfy itself as to the true identity of any applicant seeking to enter into a business relationship with it, or to carry out a transaction or series of transactions with it, by requiring the applicant to produce an official record for the purposes of establishing the true identity of the applicant.

Furthermore, an institution should establish, to its satisfaction, that it is dealing with a person that actually exists. It should identify those persons who are empowered to undertake the transactions, whether on their own behalf or on behalf of others. When a business relationship is being established, the nature of business that the customer expects to conduct with the institution concerned should be ascertained, so as to determine what might be expected as the customer's normal activity levels. In order to judge whether a transaction is or is not suspicious, an institution needs to have a clear understanding of the pattern of its customer's business.

27.21.14 Ongoing Monitoring

Institutions should verify, on a regular basis, compliance with policies, procedures and controls relating to money-laundering activities, in order to ensure that the requirement to maintain such procedures has been discharged.

Ongoing monitoring of account activity and transactions should be conducted on a risk-sensitive basis. Institutions can only effectively control and reduce their risk if they have an understanding of normal and reasonable activity of their customers. This enables them to have the means of identifying transactions which fall outside the regular pattern of an account's activity. This can be done by establishing limits for a particular class or category of accounts and paying particular attention to transactions that exceed these limits.

27.21.15 Staff Training

Each institution should institute specific “Know Your Employee” controls designed to deter internal fraud and abuse of the institution which require employees to:

• Follow a code of ethics;
• Avoid and disclose conflicts of interest;
• Maintain good credit ratings;
• Adhere to policies on rotation of duties and mandatory vacations;
• Require the use of employee identification cards for access to secure areas.

27.21.16 Investigation and Reporting Requirements

The Financial Reporting Centre was formed under the POC Act 2009. Section 24 lists its functions and provides the full ambit of its role in a very logical and sequential fashion. The list includes, but is not exclusive to, stating that the Centre:

• Shall receive and analyse reports of unusual or suspicious transactions made by reporting institutions;
• May instruct any reporting institution to take such steps as may be appropriate to facilitate any investigation undertaken or to be undertaken by the Centre, including providing documents and other relevant information;
• Shall design training requirements and may provide such training for any reporting institution in respect of transactions, record-keeping and reporting obligations in accordance with the provisions of this Act;
• Shall create and maintain a database of all reports of suspicious transactions, related government information and such other materials as the Director may, from time to time, determine to be relevant to the work of the Centre;
• Shall draft the regulations required by this Act, in consultation with the board, for submission to the Minister for his approval, prior to publication in the Gazette;
• Shall set anti-money-laundering policies in consultation with the board;
• Shall maintain proper books of accounts;
• Shall have power to compel the production of, or to obtain access to, all records, documents or information relevant to monitoring compliance outside the scope of on-site inspection (inserted by the 2012 amendment).

27.21.17 Penalties

It is an offence for an institution to fail to:

• Monitor and report suspected money-laundering activity;
• Verify customer identity;
• Establish and maintain customer records;
• Establish and maintain internal reporting procedures.

The penalty on conviction for any of the above is a fine not exceeding 10% of the amount of the monetary instruments involved in the offence.

The Act accords immunity or protection to institutions and officers in respect of obligations carried out under the Act in good faith, such as the reporting of suspicious transactions.

27.21.18 Case Studies

The Goldenberg scandal was a series of financial crimes in Kenya which cost the government $500 million. The perpetrator proposed to the government that he set up a formal gold and diamond exchange, to prevent the precious metals and jewellery being sold on the black market. He then charged the government 35% of the export price as commission. Despite various discrepancies, such as the invoices not matching the receipts and being provided in various currencies but from the same source, the Kenyan government paid the invoices. Shortly afterwards, the criminal set up his own commercial bank, thereby avoiding the invoice problem.

It later emerged that the criminal was buying foreign currency in the local market and representing it as foreign exchange earnings. The invoices submitted were nearly 300 times more expensive than the actual cost of gold, and, of course, were fraudulent. It later emerged that the companies the criminal was exporting to were fictitious, apart from one – which was later bought by the criminal.

Concurrent with this, the criminal was running a series of other scams. One took advantage of an export “incentive package” provided by the Kenyan government for exporters. The criminal claimed to be an exporter, and was paid hundreds of millions of dollars in pre-shipment finance, for which he then negotiated delays in repayment (and never repaid a substantial amount). He also took advantage of a scheme which allowed exporters to retain a portion of their foreign exchange earnings, by convincing the government to allow him to retain all of his earnings – the most any other business was allowed was 50%. This gained him $75 million. He also received a $210 million loan secured against an account in London, which he said he would make available to the Kenyan government, but never did.

Many of the proceeds of the scam were never recovered. However, it is known that very sophisticated financial structures were employed, involving two banks controlled by the criminal and eight separate companies. He then obtained funds from the Central Bank of Kenya using his two banks and the eight companies by overdrawing the account of the first bank at the Central Bank of Kenya and then covering the overdraft using fraudulent transfers in favour of that bank, issued by his other bank and the companies. The criminal would then carry out this fraudulent rotation of funds all over again to cover the overdraft created in the second bank.

27.22.1 Overview

Approximately 90% of Liechtenstein's financial services business is provided to non-residents. This creates a particular money-laundering risk, in response to which the authorities and the financial sector firms have developed risk-based mitigating measures. Accordingly, an increasingly stringent series of rules has been implemented.

27.22.2 Key Legislation

Money laundering is criminalised under the Criminal Code. The Due Diligence Act and the Due Diligence Ordinance provide the compliance requirements.

27.22.3 Legislative History

Liechtenstein first implemented anti-money-laundering laws in 1990, with the passage of specific EU provisions, in order to have a more integrated set of legislative arrangements. Liechtenstein also has a customs union agreement with Switzerland. Milestones in the fight against money laundering and terrorist financing include:

• Liechtenstein becoming a State Party to the Convention of the Council of Europe on Money Laundering, Search, Seizure, and Confiscation of the Proceeds from Crime (1990);
• Implementation of the First EU Money Laundering Directive (1995);
• The Due Diligence Act entering into force (1997);
• Total revision of the Liechtenstein Mutual Legal Assistance Act (2000);
• The establishment of the Liechtenstein Financial Intelligence Unit (2001);
• The Mutual Legal Assistance Treaty with the United States and adoption of the “Counterterrorism Package” (2002);
• Tightening of the Law on Professional Due Diligence in Financial Transactions (Due Diligence Act) (2004);
• The establishment of the Liechtenstein Financial Market Authority through enactment of the Financial Market Authority Act (2004);
• Implementation of the Second EU Money Laundering Directive (2005);
• Partial revision of the Mutual Legal Assistance Act (2008);
• Implementation of the Third EU Money Laundering Directive (2008);
• The signing of a Criminal Law Convention on Corruption and a Second Additional Protocol to the European Convention on Mutual Assistance in Criminal Matters (2009);
• Liechtenstein becoming a member of the Group of States against Corruption (GRECO), the monitoring body established by the Council of Europe to improve the capacity of countries to prevent and combat corruption (2010).

Money laundering is criminalised through Article 165 StGB. Article 1.6 was added in 2003, making the financing of terrorism a predicate offence. In December 2008, Parliament passed a new legislative package which includes a comprehensive review of the Due Diligence Act (DDA) as well as partial amendments to the Criminal Code including document fraud and market manipulation.

AML/CFT legal requirements are expanded and specified in the Government's Due Diligence Ordinance (DDO). This was originally introduced on 11th January, 2005, and an updated version came into force on 1st March, 2009.

27.22.4 FATF Assessment

Liechtenstein is a member of MONEYVAL. The assessment of the implementation of anti-money-laundering and counter-terrorist-financing (AML/CFT) measures in Liechtenstein was conducted by the IMF and adopted by MONEYVAL. The IMF report in 2007 noted that provisions regarding CDD are broadly in line with the international standard, but, whether conducted directly or through intermediaries, they need to be strengthened further in some areas. On the whole, Liechtenstein is making good progress (especially as it was listed as an uncooperative country until 2001), but there is still work to do.

27.22.5 The Primary AML Investigation/Regulatory Authorities

27.22.6 Outline of Specific Money-laundering Offences

The offence of money laundering is committed by:

• Anyone who hides asset components originating from a crime, or conceals their origin, in particular by providing false information in legal transactions concerning the origin or the true nature of the ownership or other rights pertaining to the power of disposal over, the transfer of, or concerning the location of such asset components; and
• Anyone who appropriates or takes into safekeeping asset components originating from a crime committed by another person, whether with the intention merely to hold them in safekeeping, to invest them or to manage them, or who converts, realises or transfers such asset components to a third party.

Proceeds are considered criminal if they have been obtained through an offence or received for the perpetration of an offence, including assets that represent the value of the assets originally obtained or received. Therefore, both direct and converted proceeds are covered. Furthermore, “asset components” is understood in a broad sense and would include tangible as well as intangible property and all assets representing financial value, including claims and interests in such assets. The offence of money laundering, therefore, extends to any type of property, regardless of its value, that represents the proceeds of crime.

27.22.7 Penalties

Liechtenstein has adopted a combined approach, listing all felonies and a number of misdemeanours as predicate offences for money laundering. Felonies are intentional offences sanctioned with life imprisonment or imprisonment of more than three years, whereby the maximum sanction is the determining factor for the differentiation between felonies and misdemeanours. Misdemeanours listed as predicate offences for money laundering relate to terrorist financing, official corruption and misconduct by public officials, and offences under the Narcotics Act, including sale or procurement of narcotics, financing narcotic trafficking or the procurement of financing of narcotics.

The penalty for hiding or concealing the origin of criminal assets is imprisonment for up to three years and a fine. For anyone who appropriates or takes into safekeeping laundered assets, the penalty is two years' imprisonment and a fine. If the assets of a criminal organisation are involved, the penalty is three years' imprisonment, and for any of the above offences committed by a gang, or where the value of the assets is above CHF 75,000, the penalty is up to five years' imprisonment.

Only a few criminal offences are punished with stricter sanctions (up to ten years for counterfeiting currency, for breach of trust with particularly heavy damage, for fraud with particularly heavy damage, for fraud as a business and for fraudulent bankruptcy with particularly heavy damage). No penalties have actually been imposed by Liechtenstein courts for money laundering, and only seven prosecutions have been made.

27.22.8 Scope

The DDA applies to all financial institutions holding a licence, including, but not exclusive to:

• Banks and finance companies;
• E-money institutions;
• Asset management companies;
• Investment undertakings; and
• Insurance undertakings.

Financial transactions relevant to DDA encompass:

• Accepting or safekeeping third parties' assets;
• Assisting in the acceptance, investment or transfer of such assets; and
• Establishing, or acting as an organ of, a legal entity on the account of a third party (legal person, company, trust, association or asset entity) that does not operate commercially in the domiciliary state (holding companies excluded).

The following are considered equivalent to financial transactions:

• Transactions exceeding CHF 25,000 made by dealers in high-value goods and by auctioneers when payments are in cash, whether the transaction is operated in one or in several linked steps; and
• Granting of admission to a casino to a visitor.

27.22.9 Risk-based Approach

The prime area of vulnerability for Liechtenstein appears to occur in the layering stage of money laundering. The risk-based approach to money-laundering deterrence has been fully adopted in Liechtenstein. This means that the perception of risk within a potential customer determines the extent to which a firm considers it necessary to conduct due diligence or enhanced due diligence assessments.

A high proportion of Liechtenstein's financial service business involves private cross-border banking, which falls within the FATF's definition of “higher-risk” business.

27.22.10 Role of the MLRO/Nominated Officer

Persons subject to due diligence must appoint a contact person with the FMA, as well as Compliance and Investigating Officers (Article 22 DDA):

The Compliance Officer shall (Article 30 DDO):

• Support and advise the management in the implementation of due diligence legislation and the design of the corresponding internal organisation, but without relieving the management of its responsibility in this regard;
• Draw up internal instructions; and
• Plan and monitor the internal basic and continuing training of employees involved with business relationships.

The Investigating Officer conducts inspections in order to review records and assess completion of due diligence requirements, notably with regard to reporting obligations and responses to domestic authorities' information requests (Article 31 DDO).

The Compliance Officer and the Investigating Officer shall have a sound knowledge in matters of the prevention and combating of money laundering, predicate offences of money laundering, organised crime and terrorist financing, and be familiar with the current developments in these areas. The responsibilities of the Compliance Officer and the Investigating Officer may be transferred to suitably qualified external persons or offices.

27.22.11 Due Diligence

Financial institutions must obtain prescribed customer due diligence (CDD) information for legal persons, companies, trusts, other associations and asset entities. All information and documents required to establish and verify the identity of the contracting party and the beneficial owner shall be available, in full and in due form, at the time the business relationship is initiated. If it is necessary to maintain normal business, it may exceptionally be deemed sufficient if the information and documents required are made available as soon as possible after the business relationship has been initiated. In this event, the person or entity subject to due diligence shall ensure that no funds are transferred in the meantime.

There is no CDD requirement for low-risk, occasional transactions. Activities shall be deemed to be occasional if the individual activity does not exceed the value of CHF 1,000 and no more than 100 transactions per year are carried out.

27.22.12 Ongoing Monitoring

If, despite repeating the process of establishing and verifying the identity of the contracting party or beneficial owner, doubts remain as to the information provided by them, the persons or entities subject to due diligence shall discontinue the business relationship and adequately document the outflow of assets.

The business profile shall contain the following information:

• The contracting party and beneficial owner;
• Authorised agents and bodies acting in dealings with the persons or entities subject to due diligence;
• The economic background and origin of the assets deposited;
• The profession and business activity of the effective depositor of the assets; and
• The intended use of the assets.

The degree of detail of the information shall take account of the risk involved in the business relationship. Simple inquiries shall serve to assess the plausibility of circumstances or transactions that deviate from the business profile. For this reason, the person or entity subject to due diligence shall obtain, evaluate and document such information as is useful in ascertaining the background to such transactions, to identify how plausible they are.

27.22.13 Staff Training

The persons or entities subject to due diligence shall ensure that employees involved with business relationships receive up-to-date and comprehensive basic and continuing training. The knowledge imparted shall encompass the regulations on preventing and combating money laundering, predicate offences of money laundering, organised crime and terrorist financing, in particular:

• The obligations arising out of the Act and this Ordinance;
• The relevant provisions of the Criminal Code; and
• The internal instructions.

27.22.14 Record-keeping

The due diligence files shall contain the documents and records prepared and used in order to comply with the CDD provisions. They shall, in particular, include:

• The documents and records used to establish and verify the identity of the contracting party and the beneficial owner;
• The business profile;
• The records of any inquiries carried out as well as all documents and records used in this regard;
• Records describing transactions and, if applicable, the asset balance; and
• Any reports made to the FIU.

The due diligence files shall be prepared and kept in such a manner that:

• The required due diligence obligations can be complied with at any time;
• They enable third parties with sufficient expertise to form a reliable judgment of compliance with the legal requirements; and
• Requests from the responsible domestic authorities and courts, auditors and auditing offices can be fully met within a reasonable period of time.

The due diligence files may be stored in written, electronic or similar form provided that:

• They match the documents on which they are based;
• They are available at all times; and
• They can be rendered readable at any time.

The integrity and legibility of image and data storage media kept shall be checked regularly. The due diligence files shall be stored at a location within Liechtenstein that is accessible at any time.

The following information shall be added to records:

• The names of the persons entrusted with making the records;
• The nature and scope of the documents recorded;
• The place and date of recording;
• Any damage to the documents, image and data storage media identified during recording or storage.

Customer-related documents and receipts must be kept for at least ten years after the business relationship has ended or the transaction has been completed.

27.22.15 Suspicious Transaction Reporting

Where suspicion of money laundering, a predicate offence of money laundering, organised crime or terrorist financing exists, the persons subject to due diligence must immediately report, in writing, to the financial intelligence unit (FIU). Likewise, all offices of the National Administration and the FMA are subject to the obligation to report to the FIU.

The report shall contain all information required for the FIU to evaluate the matter. The FIU shall confirm, in writing, the date of receipt of the report. It may request further information after receiving the report. Such information shall be submitted without delay. The FIU may issue a standardised report form.

27.22.16 Penalties

Infringements of the DDA lead to severe punishment. Persons who do not meet their obligations and, for example, fail to carry out identification or documentation correctly may be punished by the Princely Court of Justice by up to six months' imprisonment or a fine of up to 360 daily rates. Daily rates are calculated with reference to the net income of the individual, so 360 daily rates is likely to equate to approximately a year's salary.

27.22.17 Case Studies

According to the US State Department Money Laundering Report 2012, there were seven prosecutions for money laundering from 19th October, 2010 to 31st October, 2011, but no convictions.

27.23.1 Overview

Drug trafficking is noted by the authorities as the main source of illegal proceeds in Malaysia. Authorities highlight illegal proceeds from corruption as a significant money-laundering risk in addition to a range of predicate offences that generate significant proceeds of crime. Malaysia has a significant informal remittance sector. Although elements of the AML framework in Malaysia are stringent, there is still work to be done to bring it up to international standards.

27.23.2 Key Legislation

The two main sources of anti-money-laundering legislation in place in Malaysia are the Anti-Money Laundering and Counter Financing of Terrorism Act 2001 (AMLATFA) and the Standard Guidelines on Anti-Money Laundering and Counter Financing of Terrorism.

27.23.3 Legislative History

There have been various amendments to the AMLATFA since its introduction. Furthermore, the Bank Negara Malaysia is vested with comprehensive legal powers to regulate and supervise the financial system, under various pieces of legislation including:

• Islamic Banking Act 1983;
• Banking and Financial Institutions Act 1989;
• Money-Changing Act 1998;
• Central Bank of Malaysia Act 2009;
• Money Services Business Act 2011.

In 2006 the regulatory framework was amended, making changes to AML legislation among other statutory instruments. This came into force during the following year. In March 2007, at the initiation of the NCC, Malaysia enacted amendments to five different pieces of legislation: the AMLA (now known as the AMLATFA since it now includes terrorist financing), the Penal Code, the Subordinate Courts Act, the Courts of Judicature Act and the Criminal Procedure Code. The number of predicate offences for money laundering was expanded from 219 to 223.

Moreover, the amendments impose penalties for terrorist acts, allow for the forfeiture of terrorist-related assets, allow for the prosecution of individuals who have provided material support for terrorists, expand the use of wiretaps and other surveillance of terrorist suspects and permit video testimony in terrorist cases. This enabled Malaysia to accede to the UN Convention for the Suppression of the Financing of Terrorism.

27.23.4 FATF Assessment

The APG Mutual Evaluation Report on Malaysia in 2007 noted that while the customer due diligence regime in Malaysia shows a high degree of technical compliance with FATF standards, the level of implementation of requirements to identify and verify beneficial ownership of corporate customers is unclear. While the legal provisions are in line with FATF standards, there are some concerns that implementation by the financial institutions may not yet be in compliance with the legal requirements. There were other issues regarding CDD and PEPs, although the effectiveness of the FIU was praised. It described the level of success of the Malaysian AML framework as “varied”.

27.23.5 The Primary AML Investigation/Regulatory Authorities

27.23.6 Outline of Specific Money-laundering Offences

Money laundering is defined under Section 3(1) of AMLATFA as the act of a person who:

• Engages, directly or indirectly, in a transaction that involves proceeds of any unlawful activity;
• Acquires, receives, possesses, disguises, transfers, converts, exchanges, carries, disposes, uses, removes from or brings into Malaysia proceeds of any unlawful activity; or
• Conceals, disguises or impedes the establishment of the true nature, origin, location, movement, disposition, title of, rights with respect to or ownership of proceeds of any activity.

It is to be inferred from objective factual circumstances that the person knows, or has reason to believe, that property may be the proceeds from any unlawful activity. A person will also be guilty of the offence of money laundering if, without reasonable excuse, they fail to take reasonable steps to establish whether or not the property is proceeds from any unlawful activity.

The “Terrorism Financing Offence” is also defined under the same section, as any offence which essentially includes:

• Providing or collecting property for carrying out an act of terrorism;
• Providing services for terrorism purposes;
• Arranging for retention or control of terrorist property; or
• Dealing with terrorist property.

In order to find an individual to be guilty of financing terrorism, the authorities will focus on the determination of the individual's actions or the use of funds, which may have derived from legitimate sources.

27.23.7 Penalties

Any person who engages in, or attempts to engage in, or abets the commission of money laundering commits an offence and shall, on conviction, be liable to a fine not exceeding five million ringgit or to imprisonment for a term not exceeding five years, or to both.

Tipping off is punished by a fine of RM 1 million or a one-year jail term, or both.

The falsification, concealment and destruction of documents can be punished by a fine of RM 1 million or a one-year jail term, or both. A further fine of RM 1,000 per day will be imposed for each day during which the offence continues after conviction.

27.23.8 Risk-based Approach

The Standard Guidelines supplement the AMLATFA and both sources have been drawn up in accordance with international standards recommended by the Financial Action Task Force's 40 Recommendations on Money Laundering together with the nine Special Recommendations on Terrorist Financing. Collectively, the laws, policies and practices adopt a risk-based approach to combating money laundering.

27.23.9 Role of the MLRO/Nominated Officer

Senior management of reporting entities have a responsibility to appoint a Compliance Officer who is “fit and proper” to carry out AML/CFT responsibilities and can effectively discharge them. Similar to an MLRO, the Compliance Officer's role is to act as the reference point for AML/CFT matters, including employees' training and reporting of suspicious transactions. It is the Compliance Officer's role to submit suspicious transaction reports to the financial intelligence unit in Bank Negara Malaysia. The appointed Compliance Officer is the single point of reference for the financial intelligence unit in Bank Negara Malaysia with regards to AML/CFT matters.

It is important that the Compliance Officer who is appointed by the reporting institution has the necessary knowledge and expertise to carry out his responsibilities, which include the following:

• AML/CFT obligations required under the relevant laws and regulations;
• The latest developments in money-laundering and financing terrorism techniques;
• The AML/CFT measures undertaken in industry;
• Timely access to customer due diligence documentation and other relevant information.

Reporting institutions must inform the financial intelligence unit in Bank Negara Malaysia, in writing, if there is an appointment or change of the Compliance Officer. The name, designation, office address, office telephone number, fax and email address must all be sent to the FIU.

The role of the Compliance Officer should be clearly defined and documented. The role of the Compliance Officer is to ensure:

• The reporting institution's compliance with the AML/CFT requirements;
• Implementation of the AML/CFT policies;
• That the appropriate AML/CFT procedures, including customer acceptance policy, customer due diligence, record-keeping, ongoing monitoring, reporting of suspicious transactions and combating the financing of terrorism are implemented effectively;
• That the AML/CFT mechanism is regularly assessed to ensure that it is effective and sufficient to address any change in money-laundering and financing of terrorism trends;
• That the channel of communication from the respective employees to the branch/subsidiary Compliance Officer and subsequently to the Compliance Officer is secured and that information is kept confidential;
• That all employees are aware of the reporting institution's AML/CFT measures, including policies, control mechanisms and the channel of reporting;
• That suspicious transaction reports generated internally by the branch/subsidiary Compliance Officers are appropriately evaluated before submission to the financial intelligence unit in Bank Negara Malaysia; and
• The identification of money-laundering and financing of terrorism risks associated with new products or services or arising from the reporting institution's operational changes, including the introduction of new technology and processes.

27.23.10 Due Diligence

Customer due diligence must be carried out when:

• Establishing a business relationship with any customer;
• Carrying out cash or an occasional transaction which involves a sum in excess of the amount specified by Bank Negara Malaysia under its sectoral guidelines or relevant circular (RM 50,000 for banking transactions at the time of writing);
• There is any suspicion of money-laundering activity or the financing of terrorism;
• The institution has any reason to doubt the veracity or adequacy of previously obtained information.

The minimum customer due diligence requirement which reporting institutions must conduct includes the following:

• Identification and verification of the customer;
• Identification and verification of beneficial ownership and control of transactions;
• Collection of information on the purpose and intended nature of the business relationship/transaction;
• Ongoing due diligence and scrutiny to ensure the information provided is updated and relevant.

When dealing with customers during the customer due diligence processes, reporting institutions must pay particular attention to the behaviour of customers. The unwillingness of customers to provide certain information may be grounds for suspicion. In the event that existing customers fail to provide certain information, or indeed refuse to update certain information, business transactions and relations should cease with that customer. A suspicious transaction report should also be lodged with the financial intelligence unit at Bank Negara Malaysia.

In certain situations where the risks of money laundering and financing of terrorism are low and verification is not possible at the point of establishing a business relationship, the reporting institution may allow its customer due diligence process to be completed no later than 14 days (or the period specified in Bank Negara Malaysia's sectoral guidelines, where applicable) after the business relationship has been established to permit some flexibility for its customer to furnish the relevant documents. The risk of delaying verification is an issue which reporting institutions should address by establishing internal procedures.

27.23.11 Ongoing Monitoring

The reporting institution should take the necessary measures to ensure that the records of existing customers, including customer profiles, remain updated and relevant. In addition, further evidence in identifying existing customers should be obtained to ensure compliance with the reporting institution's current customer due diligence standards. The reporting institution should conduct regular reviews on existing records of customers, especially when:

• A significant transaction is to take place;
• There is a material change in the way the account is operated;
• The customer's documentation standards change substantially; or
• It discovers that the information held on the customer is insufficient.

Effective monitoring should enable reporting entities to detect money laundering or the financing of terrorism through analysing the transaction patterns or activities of the customers. Ongoing customer due diligence should examine and clarify:

• The economic background and purpose of any transaction;
• Business relationships that appear unusual;
• Business relationships that have no apparent economic purpose;
• Transactions where the legality of the transaction is not clear, especially with regards to complex and large transactions or high-risk customers.

All findings must be documented and made available to Bank Negara Malaysia and the relevant supervisory authority upon request. An effective customer due diligence process, where ongoing monitoring is carried out, should include the following:

• An accurate and updated information-management system containing customer transactions and business profiles;
• An information-management system to provide timely information to the reporting institution on suspicious activity;
• Internal criteria “red flags” to detect suspicious transactions guided by examples of suspicious transactions provided by Bank Negara Malaysia or other competent authorities and international organisations. Any “red flags” should be subjected to ongoing monitoring or enhanced due diligence;
• Ongoing due diligence and monitoring of transactions for business relationships with customers from countries highlighted by internationally recognised AML/CFT bodies such as the FATF as insufficiently implementing internationally accepted AML/CFT standards.

27.23.12 Staff Training

Reporting institutions should conduct awareness and training programmes on AML/CFT practices and measures for their employees, depending on the role of the employee. Senior management must ensure proper channels for communication are in place for all levels of employees. Employees must also be made aware that they will be held personally liable for any failure to observe the internal AML/CFT requirements.

Key training for all employees should, at a basic level, include training on the relevant guidelines on AML/CFT issued by Bank Negara Malaysia and the reporting institutions' own internal AML/CFT policies and procedures.

The Guidelines are quite thorough and highlight the type of training which should be conducted for employees appropriate to their levels of responsibility in detecting money laundering and the financing of terrorism. Particular guidance is given to the following levels of employees.

27.23.13 Record-keeping

Reporting institutions are required to keep all relevant records, including any material business correspondence and documents relating to transactions, in particular those obtained during customer due diligence procedures, for at least six years after the transaction has been completed or after the business relationship with a customer has ended. Records can be retained for longer if the records are being used for ongoing investigations or prosecutions in court.

The type of documents that should be retained is those which enable an audit trail on an individual transaction. Transactions should be traceable by Bank Negara Malaysia, the relevant supervisory and law-enforcement agency. Records should be kept in a manner in which the records are secure and retrievable on request in a timely manner, and must enable the reporting institution to establish the history, circumstances and reconstruction of each transaction. The records should, at a minimum, include the following:

• The identity of the customer;
• The identity of the beneficiary;
• The identity of the person conducting the transaction, where applicable;
• The type of transaction (e.g. deposit or withdrawal);
• The form of transaction (e.g. by cheque or by cash);
• The instruction and the origin and destination of fund transfers;
• The amount and type of currency.

27.23.14 Investigation and Reporting Requirements

The reporting institution is required to promptly submit a suspicious transaction report to the financial intelligence unit in Bank Negara Malaysia when any of its employees suspect, or have reason to suspect, that the transaction or attempted transaction involves proceeds from an unlawful activity or the customer is involved in money laundering or the financing of terrorism. The reporting institution should provide the necessary information surrounding the suspicious transaction, as required in the suspicious transaction report form. The reporting institution must establish a reporting system for the submission of suspicious transaction reports to the financial intelligence unit in Bank Negara Malaysia.

The Compliance Officer is responsible for liaising with, and submitting reports to, Bank Negara Malaysia. Upon receiving any internal suspicious transaction report, whether from the head office, branch or subsidiary, the Compliance Officer should evaluate the grounds for suspicion and, if suspicion is confirmed, promptly submit the suspicious transaction report to the financial intelligence unit in Bank Negara Malaysia. In cases where the Compliance Officer decides that there are no reasonable grounds for suspicion, he should document his decision, ensure it is supported by the relevant documents and file the report.

The reporting institution should ensure that the suspicious transaction reporting mechanism is operated in a secure environment to maintain confidentiality and preserve secrecy. The disclosure of any information or matter which has been obtained by any person within the reporting institution, in the performance of his duties or the exercise of his functions, is an offence under the AMLATFA.

27.23.15 Reporting Thresholds

The Guidelines do not give a transaction value as a default level at which all transactions should be reported. Thus, it does not matter how high or low the value of a transaction is, a suspicious transaction report must be submitted if there is reason to suspect that the transaction involves illegal proceeds or that the customer may be involved in money laundering.

27.23.16 Penalties

Any person who contravenes any provision or regulation made, or any specification or requirement made, or any order in writing, direction, instruction or notice given, or any limit, term, condition or restriction imposed, in the exercise of any power conferred under or pursuant to any provision commits an offence and shall, on conviction, if no penalty is expressly provided for the offence or the regulation, be liable to a fine not exceeding RM 250,000.

An officer of a reporting institution must take all reasonable steps to ensure its compliance with the reporting obligation. Failure of a reporting institution to comply with any of the requirements will result in Bank Negara Malaysia taking the appropriate enforcement action, including obtaining a Court order against any or all of the officers or employees of the reporting institution on terms that the Court deems necessary to enforce compliance.

Notwithstanding any Court order, the financial intelligence unit in Bank Negara Malaysia may direct or enter into an agreement with the reporting institution to implement any action plan to ensure compliance with reporting requirements. Failure of an officer to take reasonable steps to ensure compliance, or failure of a reporting institution to implement any action plan as agreed to ensure compliance, will result in the officer or officers being personally liable to a fine not exceeding RM 100, 000 or to imprisonment for a term not exceeding six months, or to both.

In the case of a continuing offence, a further fine may be imposed on the reporting institution not exceeding RM 1,000 for each day during which the offence continues after conviction. Bank Negara Malaysia is authorised to compound, with the consent of the Public Prosecutor, any offence under the regulations by accepting from the person reasonably suspected of having committed the offence such amount not exceeding 50% of the amount of the maximum fine for that offence, including the daily fine, if any, in the case of a continuing offence.

Any institution that fails or refuses to comply with or contravenes any direction or guidelines issued to it by the relevant regulatory or supervisory authority, or discloses a direction or guideline issued to it, commits an offence and shall, on conviction, be liable to a fine not exceeding RM 100,000.

27.23.17 Case Studies

A 62-year-old former executive director of a pharmaceutical company recently became the first person to be convicted of money laundering in Malaysia. She was charged with eight counts of money laundering involving RM 41.3 million, amongst other financial offences, and sentenced to three years' imprisonment and fined over RM 6 million.

She laundered the proceeds of unlawful activities using a joint bank account to hide the true depository. Furthermore, she used her company accounts and the accounts of five other firms, forming a complex transaction trail, to disguise the origin of the funds. In addition to this, she assisted a colleague in forging promissory notes worth RM 37 million.

This case illustrates the need to proceed cautiously, even if a customer is low-risk. A 62-year-old female would probably be identified as a low-risk customer with regards to money laundering and other financial crimes, but her position of seniority – she was an executive – suggests that she may be in an ideal position to commit a financial crime. Therefore, thorough due diligence should be conducted on any such customer, and the risk categories applied should be under continual review.

27.24.1 Overview

Mexico faces an unprecedented threat to its national security and stability from drug trafficking and organised crime. Powerful drug cartels, resorting to extreme violence, have extended their activities across various parts of the country, and these activities pose significant challenges to the government. In response to the financial power of these cartels, the Mexican government has instituted unprecedented measures to support law-enforcement activities against organised crime and drug trafficking. There is strong political and institutional commitment to tackle crime and money laundering in Mexico, which has driven the legislative changes.

27.24.2 Key Legislation

Article 400 Bis of the Criminal Code contains the money-laundering offence and is complemented by the Federal Law against Organised Crime. The Federal Law on the Prevention and Identification of Transactions with Proceeds of Illicit Origin passed in July 2013, and the subsequent Regulations of the Federal Law on the Prevention and Identification of Transactions with Proceeds of Illicit Origin outline the money-laundering framework.

27.24.3 Legislative History

Money laundering has been an offence in Mexico since 1989. The offence was originally set forth as a fiscal offence under Article 115 Bis of the Federal Fiscal Code. Money laundering and terrorist financing were finally criminalised in 1996, the crime relating to “Operations with Resources from Illegal Origins” under Article 400 Bis of the Federal Criminal Code. Consequently, Article 115 Bis of the Federal Fiscal Code was repealed.

Article 400 Bis of the Criminal Code introduced more procedural elements to the offence and is now complemented by Mexico's Federal Law Against Organised Crime (LFDO). The LFDO was updated in June 2012.

In May 2004, Mexican authorities issued more detailed AML/CFT regulations and extended compliance to non-bank financial institutions. The Attorney's Office has released information pertaining to its plans to map the criminal economy and the corresponding flow of illicit funds.

In April 2012, the Mexican Senate approved the latest anti-money-laundering legislation, which came into force in July 2013.

27.24.4 FATF Assessment

The 2008 mutual evaluation noted that Mexico is making good progress in developing its system for combating ML and TF and that the AML/CFT preventive measures are comprehensive, contain risk-based elements and are being implemented across principal sectors of the financial system. Nonetheless, AML/CFT regulations are still evolving and could benefit from further development.

A 2011 report by the IMF stated that Mexico has “Efficient functioning of key national AML/CFT agencies; improved compliance and enforcement; periodic reporting by national AML/CFT institutions”.

27.24.5 The Primary AML Investigation/Regulatory Authorities

27.24.6 Outline of Specific Money-laundering Offences

Money laundering is committed by anyone who, by themselves or through another person:

• Acquires;
• Disposes of;
• Manages;
• Takes custody of;
• Changes;
• Gives as security;
• Invests;
• Transports or transfers within the national territory of the latter to a foreign territory or conversely, resources, rights or property of any kind, knowing that they represent the proceeds of unlawful activity, with any of the following purposes:
  • hiding or trying to hide;
  • concealing or impeding knowledge of the origin, location, destination or ownership of such resources, rights or property; or
  • encouraging any illegal activity.

The SHCP describes money laundering as “a process to conceal or disguise the existence, origin or the use of funds generated by illegal activities to effect their integration into the economy with the appearance of legitimacy”.

27.24.7 Penalties

The penalty for money laundering is five to 15 years' imprisonment and one thousand to 5,000 days of fines.

Members of a criminal gang can be punished by virtue of the fact that they have organised themselves with the intention to commit an offence. Subject to appropriate penalties for the offence or offences committed, the members of a criminal gang can be liable to the following penalties:

In cases of drug crime:

• A person having management or supervision functions within the gang, from twenty to 40 years' imprisonment and 525,000 days of fines; or
• Any other member, from ten to 20 years in prison and 250–12,500 days of fines.

These penalties shall be increased by up to one half, where:

• Any public servant is involved in carrying out the offences referred to as organised crime. In addition, such a public servant shall be removed from post and disqualified from holding any public office or commission; or
• Minors are used to commit any of the offences.

27.24.8 Risk-based Approach

The FIU indicated that it has adopted a risk-management approach to its activities that include a five-step process:

1. Identify risks.
2. Analyse risks.
3. Plan actions accordingly.
4. Track and report the evolution of the identifiable risks.
5. Control the status of risks and learn from the outcomes.

Furthermore, under the new legislation, financial institutions have various obligations:

• They must take proper measures and establish procedures to prevent and detect any acts, omissions or transactions that may involve money-laundering activity.
• They must submit to the SHCP, through the proper federal regulatory agencies authorised to oversee compliance with the above-mentioned obligations, reports on any vulnerable activities in which they engage in the event they suspect that any actions, transactions or services provided to their clients and users, or any actions undertaken by their board members, top executives, officers, employees and legal representatives may involve money-laundering activity.
• They must deliver all information and documentation relating to the actions, transactions and services mentioned above to the SHCP.
• They must preserve all information and documentation regarding the identity of their current or former clients and users, as well as the information relating to all actions, transactions and services reported as set forth above for ten years, this without prejudice to any of the provisions of all other applicable laws and regulations.

27.24.9 Role of the MLRO/Nominated Officer

If a financial institution has more than 25 members of staff, it is required to have a compliance committee, with a senior executive appointed as a Compliance Officer to lead the committee. If it has fewer than 25 members of staff, a single Compliance Officer can be appointed. The functions to be carried out by the committee or the Compliance Officer are:

• To submit the AML/CFT policies to the audit committee for approval.
• To receive the results and implement recommendations of internal auditing on their review of AML/CFT.
• To be aware of high-risk customers and transactions through the Compliance Officer.
• To establish and disseminate criteria for classification of customers based on degree of risk.
• To disseminate to appropriate staff officially recognised lists issued by international agencies or authorities from other countries of persons linked to terrorism or terrorist financing, or to other illegal activities, and the list of PEPs.
• To consider and decide whether suspicious transaction reports should be sent to the FIU.
• To approve AML/CFT training programmes.
• To inform the relevant section of the financial institution of inappropriate conduct or compliance by directors, officers, employees or agents, so that the corresponding disciplinary measures may be carried out.
• To resolve all other matters submitted to its consideration pertaining to the application of these provisions.

27.24.10 Due Diligence

Mexico has gradually applied a risk-based approach to its due diligence processes. It monitors all transactions, and reports suspicious transactions to the local financial intelligence unit, including transactions of US$ 10,000 and over. The AML/CFT regulations only require customer identification and related AML/CFT requirements when transactions are equal to or in excess of US$ 3,000.

27.24.11 Ongoing Monitoring

Financial institutions are required to update customer information, including the monitoring of transaction profiles, on the basis of ML and FT risks. Some of the key provisions are described below:

• Financial institutions should have customer identification policies that, inter alia, require procedures to update customer information;
• In the case of concentration/master accounts, financial institutions should closely monitor transactions;
• Financial institutions should establish mechanisms to monitor cash transactions above a certain threshold (US$3,000);
• Financial institutions should establish more strict monitoring mechanisms with respect to customers whose line of business or activity is related to industrial, commercial or service sectors that involve large amounts of US$ cash;
• For customers classified as high risk, including PEPs, financial institutions must establish mechanisms to update customer identification files at least once a year;
• KYC policies must include, at a minimum, procedures to establish customer transaction profiles and to develop systems to monitor client transactions in order to detect inconsistencies with such transactions;
• Monitoring of customer transactions should be strengthened when there are concerns that a person is acting for another or there are doubts about information provided by a client;
• Financial institutions should have automated systems to, inter alia, detect and monitor small, structured monetary transactions below the CTR threshold (US$ 10,000).

27.24.12 Staff Training

Financial institutions are required to have training and employee dissemination programmes that must include, at a minimum, courses given at least once per year, which must be specially focussed on officers and employees who work in the areas of customer service or funds management. These courses must cover, inter alia, customer identification and Know Your Customer policies, occasional customer identification policies and criteria, measures and procedures developed by the institution for the compliance with these provisions. Financial institutions are also required to inform staff about techniques, methods and trends for the prevention, detection and reporting of unusual and suspicious transactions.

Institutions must issue participation certificates to the officers and employees that attend training courses. These participants will be tested on the knowledge acquired, and measures will be taken with respect to those that fail to achieve satisfactory results. Officers and employees that will work in customer service or funds management areas must receive related training before assuming the position or upon beginning work.

In practice, many financial institutions have ongoing training programmes for their staff, including e-learning on AML/CFT. On average, employees get between three and ten hours of training every year.

27.24.13 Record-keeping

Financial institutions are required by the new law to keep records for at least ten years on identification of their clients, transactions undertaken and services provided.

27.24.14 Investigation and Reporting Requirements

The following reports are required.

27.24.15 Penalties

For money laundering, the penalties range from a fine equal to 200 to 100,000 times the daily minimum Mexican salary, or from 10% to 100% of the value of the act or transaction. Additionally, there are fixed penalties ranging from 100,000 to 500,000 pesos, as well as between six months' and 16 years' imprisonment.

In the case of a breach of the obligations under the 2013 Act, different types of penalties ranging from administrative fines to imprisonment (from two to eight years, when committing crimes involving the presentation of false, altered or illegible information) are established.

A fine equivalent to between 200 and 2,000 days at the general minimum wage (GMW) will apply in the following cases:

• Failure to meet the requirements issued by the SHCP;
• Failure to comply with client identification and keeping of information obligations;
• Failure to submit notices on time (provided that such notice is filed within a term of 30 days following the due date);
• Submission of notices that do not meet the requirements of the Act.

A penalty from 10,000 to 65,000 days at GMW, or 10% of the value of the transaction, will be imposed for the lack of presentation of notices or for carrying out prohibited cash transactions.

27.24.16 Case Studies

In July 2012, Mexican regulators imposed the biggest fine in their history on HSBC's Mexican subsidiary, for failing to comply with AML regulations. In the same week, the chief Compliance Officer of HSBC resigned following allegations of money laundering involving the proceeds of drug trafficking in Mexico being allowed to pass through the bank. The £17.7 million fine was over half of the annual profit of the Mexican subsidiary, which said it acknowledged that it had failed to report 39 suspicious transactions and was late in reporting almost 2,000 others. The severity of this fine highlights Mexico's commitment to distancing itself from its associations with drug money, and that the country is keen to end the cycles of corruption and criminal activity carried out by gangs within the territory.

In the past decade, politics in Mexico has become entangled with money laundering and criminal organisations. A governor in Mexico throughout the nineties was arrested in 2001 and subsequently pleaded guilty to money laundering. During his time in office, areas which he governed were used as a half-way point for flights bringing cocaine from Colombia to the US–Mexico border. It is believed that the funds relating to the governor's conviction were related to the drug trafficking which blighted Mexico throughout the decade, and continues even to this day.

27.25.1 Overview

The financial sector is dominated by private banking and fund management, although these are primarily with overseas European customers. Monaco's banking and financial system is linked to that of France, although the authorities within Monaco are responsible for enforcement. No particular trends in money laundering in the Principality were identified by the IMF in 2008, and it is believed that, like any major financial centre, Monaco has to deal with very sophisticated forms of money laundering that are mainly concerned with the second and third stages of the process: layering and integration.

27.25.2 Key Legislation

The money-laundering offence is found in Monaco's Penal Code. Act 1362 of 3rd August, 2009 on the fight against money laundering, terrorist financing and corruption and Sovereign Order 2318 of 3rd August, 2009, setting the conditions for application of the Act, provide the AML framework.

27.25.3 Legislative History

On 3rd August, 2009, the Parliament in Monaco enacted a new law – Law No. 1362 on Money Laundering, Financing of Terrorism and Corruption. This was amended in 2011.

Sovereign Order 2318 of 3rd August, 2009 sets the conditions for application of Act 1362 of 3rd August, 2009 on the fight against money laundering, terrorist financing and corruption. This was amended by Sovereign Order 3.450 of 15th September, 2011. This Order also repealed various previous Sovereign Orders from 1994 to 2004.

27.25.4 FATF Assessment

The IMF reported in 2008 on Monaco's compliance with the FATF regulations. It noted that, although the AML framework was satisfactory, it was not detailed or supported by adequate secondary legislation. However, this report was made before the introduction of the 2009 legislative changes, which highlight Monaco's commitment to maintaining international standards.

The report also noted that supervision of the financial institutions, in particular on-site supervision, needs to be significantly strengthened, as does the number of staff assigned for this purpose, as AML/CFT supervision is weak. On the whole, it considered the Monaco framework to be satisfactory but in need of expansion – which is what happened following the report.

27.25.5 The Primary AML Investigation/Regulatory Authorities

27.25.6 Outline of Specific Money-laundering Offences

Money laundering is committed by:

• Any person who knowingly assists in the conversion or transfer of property, with the knowledge that the property is the proceeds of crime, with the aim of dissimulating or disguising the origin of the said property or of assisting any person involved in the committing of the main offence in escaping the legal consequences of their actions;
• Any person who knowingly participates in the dissimulation or disguising of the true nature, origin, location, disposal, movement or ownership of property or rights relating to the property where the originator knows that the property is the proceeds of crime;
• Any person who has knowingly acquired, retained or used property or capital knowing, at the time when they received it, that the property was the proceeds of crime, without prejudice to legal provisions concerning the handling of stolen goods;
• Any person who has knowingly participated in one of the offences listed above or in any other association, agreement, attempt or collusion by providing assistance, help or advice with a view to committing the offence.

The intentional element of an offence may be deduced from objective factual circumstances.

Monaco law recognises as aggravating circumstances – and accordingly punishes with a heavier sentence – offenders who:

• Act as a member of a criminal organisation;
• Take part in other international organised criminal activities;
• Perform public duties which help them to commit the offence;
• Involve minors in committing the offence; or
• Have been convicted by a foreign court of a money-laundering offence.

27.25.7 Penalties

Money laundering shall be punished by imprisonment for five to ten years and a fine of EUR 18,000 to 90,000, the maximum of which may be increased tenfold. If there are aggravating circumstances, as outlined above, the penalty shall be ten to 20 years' imprisonment and a fine of EUR 18,000 to 90,000, the maximum of which may be increased twentyfold.

Attempting any of these offences will incur the same penalties as completing the offence, and it will be the same if there is an agreement or conspiracy to commit them.

The court shall order the confiscation of assets and funds of illicit origin or of goods and capital whose value matches that of the assets and funds of illicit origin. It may also order the confiscation of property or personal property acquired using these funds. The assets and funds of illicit origin can also be confiscated when they are held by a third party who knew, or should have known, of their illicit origin.

27.25.8 Scope

Organisations and persons carrying out financial activities are not subject to the provisions if the activities:

• Generate a turnover which does not exceed EUR 750,000;
• Are limited to transactions which must not exceed a maximum amount per client and per transaction of EUR 1,500 and the transaction must be carried out in a single operation or several operations appearing as related;
• Do not constitute the main activity and generate a turnover not exceeding 3% of the total turnover of the organisation or person concerned.

27.25.9 Risk-based Approach

Professionals shall decide on and implement a policy and procedures prior to initiating any business relations. These procedures must be suited to the activities that they carry out and allow them to be fully involved in the prevention of the risk of money laundering, terrorist financing and corruption. They should enable entities to become familiar with the characteristics of new clients, and to adequately examine their background, relationships and the transactions they carry out.

This policy and these procedures shall establish distinctions and requirements at different levels on the basis of objective criteria set by each professional, taking into account, in particular, the characteristics of the services and products that they offer and those of the clients targeted, so as to define an appropriate scale of risks.

27.25.10 Role of the MLRO/Nominated Officer

In Monaco, the MLRO must:

• Ensure compliance by the professional with all of its obligations with regard to the prevention of money laundering, terrorist financing and corruption;
• Have professional experience at senior level and, within the establishment employing them, the necessary power to ensure effective and independent exercising of their authority;
• Meet the conditions for good character which are required to fully exercise their authority and that their number and qualifications, as well as the means made available to them, are adapted to the activities, size and locations of the professional firm;
• Be appointed by the effective management body of each professional firm;
• Implement adequate administrative organisation and adequate internal controls;
• Have the power to propose all necessary or appropriate measures to the management of the organisation;
• Organise and implement, under their own authority, procedures for the analysis of written reports;
• Monitor the training and awareness of personnel;
• Act as the designated correspondent for the Service d'Information et de Contrôle sur les Circuits Financiers for all questions concerning the prevention of money laundering, terrorist financing and corruption;
• Establish and send an activity report to the management body of the professional firm, at least once a year, on the conditions under which the prevention of money laundering, terrorist financing and corruption have been enforced. This should include details on the adequacy of the AML provisions, as well as various other prescribed criteria. A copy of this annual activity report is to be sent to the Service d'Information et de Contrôle sur les Circuits Financiers and, if applicable, to the professional's auditors.

27.25.11 Due Diligence

Regulated entities must, when forming business relations, identify their usual clients as well as their agents and check the identities of each of them using substantiating documents of which they shall keep a copy. Said organisations or persons shall do the same for occasional clients, when:

• They wish to undertake a transfer of funds;
• They wish to undertake a transaction, the amount of which reaches or exceeds EUR 15,000, whether carried out in one or several seemingly related operations;
• They wish to perform an operation, even of an amount below the said sum, where there is a suspicion of money laundering, terrorist financing or corruption; or
• The said organisation or person has doubts as to the truth or accuracy of data identifying a client with whom it already has business relations.

Business relations are entered into when:

• A professional and a client conclude a contract under which several successive operations are carried out between them during a specific or indefinite period, or which create permanent obligations;
• A client regularly and repeatedly requests the intervention of the same professional to perform successive distinct financial operations.

Entities are also required to conduct CDD if they believe the information given is misleading.

With a view to identifying the intended purpose and nature of the business relations, professionals are to familiarise themselves with, and record, the types of operation that the client requests, as well as any information which is relevant to determine the purpose of these relations. This information, including, in particular, details on the origin of clients' assets and their business background must be supported with documents, data or reliable sources of information.

27.25.12 Ongoing Monitoring

The organisations must exercise constant due diligence with regard to business relations:

• By examining the transactions or operations concluded at any time during these relations and, if necessary, the origin of funds, so as to check that they are consistent with regard to the knowledge that the said organisations or persons have of their clients, their socioeconomic background, their commercial activities and their risk profile.
• By keeping documents, data or information held up to date through a continual and attentive examination of operations or transactions carried out. The updating of the identification data requires that new data be verified using a substantiating document, a copy of which must be kept.

The persons shall also adopt a monitoring system which allows atypical operations to be detected. The monitoring system must:

• Cover all client accounts and their operations.
• Be based on precise and relevant criteria fixed by each professional, taking into account, in particular, the characteristics of the services and products that they offer and those of the clients targeted, and should be sufficiently discriminating as to allow atypical operations to be effectively detected.
• Allow these operations to be detected rapidly.
• Produce written reports describing atypical operations which have been detected and the criteria provided for in the second point of this paragraph upon which they are based. These reports are to be sent to the MLRO.
• Be automated, except if the professional can demonstrate that the nature and volume of the operations to be monitored do not require it or that alterative means implemented do not require it. The said means must have been approved beforehand by the Service d'Information et de Contrôle sur les Circuits Financiers.
• Be subject to an initial validation procedure and a regular re-examination of its relevance with a view to adapting it, if necessary, according to developments in activities, the clientele or the environment.

When the organisations cannot fulfil these obligations, they may neither form nor maintain business relations. They shall consider whether SICCFIN should be informed.

27.25.13 Staff Training

The obligation to train and to raise awareness with regard to the prevention of money laundering, terrorist financing and corruption concerns members of the firm's personnel whose duties:

• Include being in contact with clients or for whom operations expose them to the risk of being faced with attempts at money laundering, terrorist financing or corruption; or
• Consist of developing procedures or computer tools or other tools that are to be applied to activities which are sensitive in view of this risk.

Training, awareness-raising and the provision of regular information to personnel have the particular aim of ensuring that they:

• Acquire knowledge and develop the critical approach necessary to detect atypical operations;
• Acquire the knowledge of procedures which is necessary to react to such operations in an adequate way;
• Include the problems of prevention of money laundering, terrorist financing and corruption in procedures or tools developed to be applied to activities which are considered as being sensitive in the light of such a risk.

27.25.14 Record-keeping

Regulated entities are required to:

• Keep for at least five years after ending relations with regular or occasional clients a copy of all substantiating documents which were subsequently used for identification and to check identity;
• Keep for a period of at least five years from the performance of an operation or transaction a copy of recordings, accounting books, commercial correspondence and documents concerning the operations or transactions carried out, so as to be able to precisely reconstruct them;
• Keep records in such a manner that the entity is able to meet any requests for further information from SICCFIN within the prescribed times;
• Be able to respond quickly and fully to any request for information from the Service d'Information et de Contrôle sur les Circuits Financiers for the purposes of determining whether they have, or have had, a business relationship with a given natural or legal person in the course of the last five years and the nature of these relations.

SICCFIN may request an extension to periods for storage of information where the information relates to an investigation in progress.

All information and documents concerning bureau de change operations whose total amount reaches or exceeds EUR 1,500 must be entered in a register. This information includes the client's identity, the nature of the operation, the currency or currencies involved, the amount changed and the rate applied.

All natural persons entering or leaving the territory of the Principality in possession of cash or bearer instruments whose total amount is more than EUR 10,000 must, on request from the monitoring authority, make a declaration using the form established for this purpose.

27.25.15 Suspicious Transaction Reporting

Regulated entities are required to declare to SICCFIN all sums held in their accounts and all operations which there is sufficient reason to suspect might be related to money laundering, terrorist financing or corruption. This declaration must be submitted in writing before the operation is carried out, and must give details of the facts which constitute the evidence upon which the said organisations or persons have based the declaration. It shall indicate, if applicable, the time within which the operation is to be carried out. If circumstances so require, the declaration may be made in advance by fax or appropriate electronic means.

Professionals are to implement appropriate procedures in order to carry out the analysis as soon as possible. This should be coordinated by the person responsible for the prevention of money laundering and terrorist financing, to determine whether these operations or facts should be reported to SICCFIN. The written report, its analysis and, if applicable, the declaration of suspicion to which this analysis has led are to be kept and held at the disposal of SICCFIN.

27.25.16 Penalties

Entities which breach the AML requirements can be subject to professional and criminal penalties.

27.25.17 Case Studies

A lawyer based in Monaco was convicted of money laundering in July 2009, in connection with the takeover of Derby County Football Club. The lawyer received over £80,000 from one of the directors involved with the takeover, which represented a share of the commission due to the director. The lawyer then transferred it through one of his own companies, registered in the Isle of Man, back to the director. The use of various companies, registered in tax havens, was made to conceal the true path of the funds, making them look legitimate. Two other men were convicted of financial crimes during this takeover, making a total of four complicit in this money-laundering network.

Financial institutions should be aware that criminals don't work alone, particularly when funds are being transferred through a variety of accounts and countries. Furthermore, despite the fact that lawyers are bound by a strict code of conduct and are often entrusted with sensitive information, a lawyer was instrumental in laundering the money involved in this case. Therefore, financial institutions should not be overly trusting of anybody based on their profession, as corruption can spread to even seemingly unlikely places.

27.26.1 Overview

The economy of Morocco, which is considered a free economy, is based on the sector of phosphate mines, the transactions of Moroccans who live abroad and tourism. Casablanca is considered the centre of trade and industry in Morocco, and it also includes the largest port. Morocco is considered the biggest African market in the fishing industry, and it is the biggest silver market in Africa. It ranks second internationally in exporting phosphate.

Morocco is a member of a large number of significant international and regional organisations, such as the United Nations (1956), the League of Arab States (1958) and the Group of 77 (1964). Morocco is also a founding member of the Organisation of the Islamic Conference (1969), the Arab Maghreb Union (1989), the World Trade Organisation (1995), the Mediterranean Dialogue (1995) and MENAFATF (30th November, 2004). In the framework of anti-corruption and anti-bribery efforts, Morocco has initiated a number of measures at the legislative and judicial levels to contain the problem. This initiative has come from reformist workshops whose main purpose is the eradication of corruption through a strategy that mainly aims to punish bribers and not to hesitate in activating judicial follow-ups for those involved.

27.26.2 Key Legislation

Article 574 of the Criminal Code provides the money-laundering offence. The AML regulations are contained in Law No. 13.10, as well as the Moroccan Commercial Code.

27.26.3 Legislative History

Law No. 13.10, published in the Official Gazette on 24th January, 2011, amended and supplemented certain provisions of the Penal Code, the Criminal Procedure Code and Law No. 43.05 on the fight against money laundering.

27.26.4 FATF Assessment

Previous FATF assessments had found that the anti-money-laundering (AML) system in Morocco was still in its comparative infancy, with the combating culture absent in financial institutions and designated non-financial businesses and professions (DNFBPs) as this concept is still recent and no direct expertise is present in this regard. However, credit institutions do have a type of culture of prudence, vigilance and caution to protect the banking system from any illicit use.

However, in October 2013 the FATF removed Morocco from its enhanced monitoring process, commending the country for establishing the legal and regulatory framework to meet its commitments in its Action Plan regarding the strategic deficiencies that the FATF had identified in February 2010.

27.26.5 The Primary AML Investigation/Regulatory Authorities

27.26.6 Outline of Specific Money-laundering Offences

The following acts constitute money laundering, when committed intentionally and knowingly:

• The act of acquiring, holding, using, converting, transferring or transporting of goods or products for the purpose of concealing or disguising the true nature or the illicit origin of the property, in the interests of the author or others when they are the product of an offence listed below;
• The concealment or disguise of the true nature, source, location, disposition, movement or ownership of property or rights with respect to the author, knowing that they are the products of an offence listed below;
• Aiding any person involved in the commission of an offence listed below to evade the legal consequences of his actions;
• The facilitation, by any means, of false justification of the origin of goods or products of the author of any of the offences listed below, which has brought it profit directly or indirectly;
• Providing assistance or advice to an operation on the care, investment, concealment, conversion or transfer, direct or indirect, with regard to any of the offences listed below;
• The act of attempting to commit the acts listed below.

The relevant offences are:

• Illicit trafficking in narcotic drugs and psychotropic substances;
• Trafficking in human beings;
• The smuggling of migrants;
• Illicit trafficking in arms and ammunition;
• Bribery, extortion, influence peddling and embezzlement of public and private property;
• Terrorism offences;
• Counterfeiting or forgery of currency or monetary instruments of public credit or other means of payment;
• Membership of an organisation formed or established for the purpose of preparing or committing an act or acts of terrorism;
• Sexual exploitation;
• Concealment of things from a crime or misdemeanour;
• Breach of trust;
• Fraud;
• Offences relating to industrial property;
• Offences relating to copyright and neighbouring rights;
• Offences against the environment;
• Murder, violence and other assault;
• Kidnapping, illegal restraint and hostage-taking;
• Theft and extortion;
• Smuggling;
• Fraud involving goods and foodstuffs;
• Forgery and theft or improper use of functions, titles or names;
• Diversion, degradation of aircraft or ships or other means of transport, degradation of air navigation facilities, land and sea or destruction, degradation or deterioration of media;
• Using, in the exercise of a profession or function, inside information to make or knowingly permit to carry on one or more market operations.

There is also a series of penalties in Morocco contained within the data protection regulations, which readers will need to be aware of. Indeed, data integrity is taken extremely seriously in Morocco, in particular in relation to personal data.

27.26.7 Penalties

Money laundering is punishable:

• For individuals by imprisonment of between two and five years together with a fine of 20,000 to 100,000 dirhams;
• For corporate bodies by a fine of 500,000 to 3,000,000 dirhams, without prejudice to the penalties which may be imposed against their officers and agents involved in the offences.

Prison sentences and fines are doubled in the following circumstances:

• the offences are committed using facilities afforded by the exercise of a professional activity;
• the person engages habitually in money-laundering operations;
• the offence is committed by an organised gang;
• repeat offender who commits the offence had a previous conviction for a similar offence within the previous five years.

In cases where a conviction is made for an offence of money laundering, the penalty includes the total confiscation of things, objects and property used, or that might have been used, in the conduct of the offence or that are the product of the offence, or the equivalent of such things, goods or products, subject to the rights of bona fide third parties.

Those guilty of money laundering also incur one or more of the following additional penalties:

• The dissolution of the corporation;
• The publication, by all appropriate means, of convictions.

The author of the offence of money laundering may also be sentenced to temporary or permanent disqualification to exercise, directly or indirectly, one or more professions or activities during the year in which the offence was committed.

27.26.8 Scope

The following financial institutions are obliged to comply with the AML framework:

• Bank Al-Maghrib;
• Credit institutions and similar bodies;
• Banks and offshore holding companies;
• Financial companies;
• Intermediation companies in the transfer of funds;
• Exchange offices;
• Insurance companies and reinsurance intermediaries in insurance and reinsurance;
• Corporate managers of financial assets;
• Brokers;
• Auditors, external accountants and tax advisors;
• Persons who are members of an independent legal profession when participating on behalf of their client and for the account of the latter, a financial or real estate transaction, or when they assist their client in the preparation or execution of operations relating to:
  • the purchase and sale of real property or business entities;
  • the management of funds, securities or other assets belonging to the client;
  • the opening or management of bank, savings or securities accounts;
  • the organisation of contributions necessary for the creation, management or operation of companies or similar structures;
  • the creation, operation or management of trusts, companies or similar structures;

• Persons operating or managing casinos or gambling establishments, including casinos and gambling establishments on the internet;
• Real estate agents and brokers, when transactions for their clients concern the purchase or sale of real estate;
• Dealers in precious stones and metals when the transaction is in cash and the amount is greater than 150,000 dirhams, as well as people who habitually engage in the trade of antiquities and works of art;
• Service providers involved in the creation, organisation and domiciliation of companies.

27.26.9 Risk-based Approach

Financial institutions are obliged to:

• Put in place a risk-management system; and
• Establish a means of preventing the risks inherent in the use of new technologies for the purpose of money laundering.

27.26.10 Role of the MLRO/Nominated Officer

The regulations do not provide specifically for an MLRO. However, they do provide that financial institutions must provide the UTRF with the identity of directors and officers authorised to carry out suspicious transaction reports and to liaise with the said unit, and a description of the internal vigilance they implement in order to ensure compliance with the provisions of this chapter. This is not dissimilar to the role of an MLRO.

27.26.11 Due Diligence

Financial institutions are required to collect all the information to identify and verify the identity of their usual or occasional customers and beneficial owners. They must not perform operations where the identity of the persons concerned could not be verified or if said identity is incomplete or obviously fictitious.

In addition to this, financial institutions are obliged to:

• Ensure the purpose and nature of the business relationship contemplated;
• Learn about the origin of the funds;
• Neither establish nor maintain a relationship in cases where they have not been able to identify or verify the customers or beneficial owners or to obtain information on the purpose and nature of the business relationship;
• Check, before opening an account, if the applicant has other accounts on their books;
• Learn about the reasons behind the request to open a new account;
• Identify and verify the identity of persons for whom an account is opened when it appears that the people who requested the opening of the account did not act on their own behalf.

27.26.12 Ongoing Monitoring

Financial institutions are obliged to:

• Ensure regular updating of client records;
• Ensure that transactions by their clients are in perfect harmony with their knowledge of these customers, their activities and their risk profiles;
• Provide special monitoring and set up a vigilance device suitable for operations with high-risk customers.

27.26.13 Record-keeping

Without prejudice to enacting more stringent requirements, every entity should retain documents relating to transactions conducted by their clients for ten years from the date of their execution. They should also maintain records for ten years on the identity of their usual or occasional customers from the date of the transaction or the termination of their relationship with them, as well as outsourcers referred to in Article 5 above and beneficial owners.

27.26.14 Internal Requirements

Financial institutions must establish and maintain effective internal vigilance, detection, monitoring and management of the risks associated with money laundering.

27.26.15 Suspicious Transaction Reporting

Financial institutions are required to make a suspicious transaction report to the unit on:

• All sums, operations or attempted execution of transactions suspected of being related to one or more of the money-laundering offences;
• Any transaction where the identity of the payer or the payee is doubtful.

Obligated persons must provide to the unit the identity of directors and officers authorised to carry out suspicious transaction reports and to liaise with the said unit, and a description of the internal vigilance they implement in order to ensure compliance with the provisions of this chapter.

Any declaration of suspicion must be made in writing. However, in an emergency, it may be made orally, subject to confirmation in writing. The FIU will acknowledge receipt of the written declaration of suspicion.

When reporting suspicion regarding a transaction that has not yet been executed, the report must indicate the period of execution of this operation, which cannot exceed two working days from the date of receipt by the unit of such declaration.

Reporting suspicions also covers operations that have already been executed when it was impossible to suspend their execution. Likewise, when it appeared, after the completion of the transaction, that the amounts in question came from money laundering.

The UTRF may oppose the execution of any transaction that is the subject of a suspicious transaction report. The execution of this transaction is deferred for a period not exceeding two working days from the date of receipt by the unit of such declaration.

27.26.16 Penalties

For failure to comply with these obligations, institutions may be sentenced to a fine ranging from 100,000 to 500,000 dirhams.

27.26.17 Case Studies

There was only one conviction for money laundering in Morocco between November 2010 and October 2011, while five prosecutions in the same time period failed to result in a conviction.

27.27.1 Overview

Nigeria has been widely criticised by the FATF for its poor AML framework. The latest legislation has not yet been assessed by the FATF, so it will be noted with interest whether the organisation feels that the new law matches the political commitments made by Nigeria.

27.27.2 Key Legislation

The Money Laundering (Prohibition) Act 2011 provides the money-laundering offences and the AML framework. The Terrorism Prevention Act 2011 outlines the CFT requirements.

27.27.3 Legislative History

The Money Laundering (Prohibition) Act 2004 was repealed by the 2011 Act.

27.27.4 FATF Assessment

In February 2011, the Financial Action Task Force (FATF) expressed dissatisfaction on Nigeria's handling of its anti-money-laundering (AML) policies. It had previously delisted Nigeria from the list of non-cooperative countries in 2006.

It therefore classified the country, among others, as a high risk to the world's financial system. The FATF judged that, although Nigeria had put in place a high-level political commitment to work with the FATF and to address its strategic anti-money-laundering and combating financing of terrorism deficiencies, it was still not satisfied that Nigeria had made sufficient progress in the implementation of its action plan, and that certain deficiencies remain.

In October 2013, the FATF reviewed Nigeria's progress, welcomed the significant progress made in improving its AML/CFT regime and noted that Nigeria has established the legal and regulatory framework to meet the commitments made in 2010. As a result, Nigeria is no longer subject to the FATF's enhanced monitoring process.

27.27.5 The Primary AML Investigation/Regulatory Authorities

27.27.6 Outline of Specific Money-laundering Offences

The money-laundering offence states that a person commits an offence if he/she:

• Conceals, removes from the jurisdiction, transfers to nominees or otherwise retains the proceeds of a crime or an illegal act on behalf of another person, while knowing or suspecting that other person to be engaged in criminal conduct or to have benefited from criminal conduct; or
• Knowing that any property, either in whole or in part, directly or indirectly represents another person's proceeds of criminal conduct, acquires or uses that property or possession of it.

The drug-trafficking offence is committed by any person who:

• Converts or transfers resources or properties derived directly from illicit traffic in narcotic drugs and psychotropic substances or participation in an organised criminal group; or
• Collaborates in concealing or disguising the genuine nature, origin, location. disposition, movement or ownership of the resources, property or right thereto derived directly or indirectly from the acts specified above.

27.27.7 Penalties

The penalty for money laundering is imprisonment for not less than five years or a fine equivalent to five times the value of the proceeds of the criminal conduct, or both.

Anyone convicted of drug trafficking is liable for imprisonment for a term not less than five years but not more than ten years. It is irrelevant if the various acts constituting the offence were committed in different countries or places.

Depending which aspect of the tipping-off offence is committed, individuals will be liable to imprisonment for a term of not less than two years but not more than three years or to a fine of N 500,000 and not more than N 3,000,000, increasable by up to 25% of the excess for accepting a payment over the amount prescribed above. They may also be banned indefinitely or for a period of five years from practising the profession which provided the opportunity for the offence to be committed.

A financial institution or corporate body will be liable to a fine of not less than N 3,000,000 or more than N 25,000,000, as well as, if the offence was a result of an oversight or procedural flaw, disciplinary action regarding its compliance with its professional and administrative regulations. It may also be wound up and all its assets and properties forfeited to the federal government.

27.27.8 Scope

A designated non-financial institution whose business involves cash transactions is required, before commencing business with a new customer, to submit to the Ministry a declaration of its activities. Furthermore, prior to undertaking any transaction involving a sum exceeding $1,000 or its equivalent, it is required to identify the customer by a standard data form and sight of his international passport, driving licence, national identity card or such document bearing his photograph as may be prescribed by the Federal Ministry of Commerce. Records must be kept in chronological order indicating each customer's surname, forenames and address in a register numbered and forwarded to the Federal Ministry of Commerce, and should be forwarded to the Commission by the Federal Ministry of Commerce within seven days.

“Designated non-financial institutions” include dealers in jewellery, cars and luxury goods, chartered accountants, audit firms, tax consultants, clearing and settlement companies, legal practitioners, hotels, casinos. supermarkets or such other businesses as the Federal Ministry of Commerce or appropriate regulatory authorities may, from time to time, designate.

27.27.9 Role of the MLRO/Nominated Officer

The “Know Your Customer Directive”, which was circulated to all banks and financial institutions, explicitly refers to Money Laundering Reporting Officers. Banks and financial institutions are advised to have clear procedures on, and communicate to all personnel, how they can promptly report suspicious transactions to their Money Laundering Reporting Officers and/or to other competent authorities.

27.27.10 Due Diligence

The CBN is currently considering introducing a three-tiered system, so that CDD requirements are different depending on the size of the transaction. However, as consultations were still ongoing at the time of writing, they will not be further included in this book.

There is a general due diligence requirement on all financial institutions, which are required to verify a customer's identity and address before opening an account for, issuing a passbook to, entering into a fiduciary transaction with, renting a safe deposit box or establishing any other business relationship with the customer. Further due diligence requirements are stated in the Know Your Customer (KYC) Directive, which provides additional guidance for different categories of customers.

A bank customer is required to comply with the CDD requirements for any number or manner of transactions involving a sum exceeding US$ 1,000 or its equivalent. However, where a financial institution has reasonable grounds to suspect that the amount involved in a transaction is the proceeds of a crime or an illegal act, it shall require identification of the customer regardless of the amount involved.

27.27.11 Ongoing Monitoring

The Commission reserves the power to demand and receive reports directly from financial and designated non-financial institutions at any time. In this respect, the duties imposed on such financial institutions such as identification procedures are ongoing. Furthermore, the Know Your Customer Directive states that banks and financial institutions must collect sufficient information on the nature of the business that the customer intends to undertake, including the expected or predictable pattern of transactions.

27.27.12 Staff Training

Every financial institution must develop programmes to combat the laundering of the proceeds of a crime or other illegal acts, which will include:

• The designation of Compliance Officers at management level at its headquarters and every branch and local office;
• Regular training programmes for its employees;
• Centralisation of the information collected;
• The establishment of an internal audit unit to ensure compliance and effectiveness of the measures taken to enforce provisions of the Act.

27.27.13 Record-keeping

A financial institution or designated non-financial institution must preserve and keep, at the disposal of the authorities (the Central Bank of Nigeria, the Commission and the National Drug Law Enforcement Agency), the following:

• Records of a customer's identification for a period of at least five years after the closure of the account or the severance of relations with the customer;
• Records and other related information of a transaction carried out by a customer and any report provided for a period of at least five years after carrying out the transaction or the making of the report.

The director of investigation or an officer of the Commission or Agency duly authorised may demand, obtain and inspect the books and records of financial institutions to confirm compliance with the provisions of the Act.

The Know Your Customer Directive advises banks and financial institutions to maintain records of the supporting evidence and methods used to verify identity for ten years after the account is closed or the business relationship ends.

27.27.14 Suspicious Transaction Reporting

When a transaction:

• Involves a frequency which is unjustifiable or unreasonable; or
• Is surrounded by conditions of unusual or unjustifiable complexity; or
• Appears to have no economic justification or lawful objective; or
• In the opinion of the financial institution or designated non-financial institution involves terrorist financing; or
• Is inconsistent with the known transaction pattern of the account or business relationship,

that transaction shall be deemed to be suspicious and the financial institution involved in such transaction shall seek information from the customer as to the origin and destination of the funds, the aim of the transaction and the identity of the beneficiary.

27.27.15 Penalties

A person, including a bank employee, wilfully violating the MLPA or the AML/CFT Regulation is subject to a financial sanction not exceeding N 2,000,000, which must be published in its financial statements, and potentially imprisonment too.

The penalties for opening an anonymous account are, in the case of an individual, a term of imprisonment of not less than two years but not more than five years; or, in the case of a financial institution or corporate body, a fine of not less than N 10,000,000 but not more than N 50,000,000.

For failing to implement adequate training procedures, the Governor of the Central Bank of Nigeria may impose a penalty of not less than N 1,000,000 or the suspension of any licence issued to a financial institution.

A person who wilfully obstructs the Commission or Agency during an investigation is liable, on conviction, to a term of between two and three years' imprisonment for an individual, and in the case of a financial institution or body corporate, a fine of N 1,000,000.

27.27.16 Case Studies

A former governor of a Nigerian region was sentenced to 13 years in prison for money laundering. Nigeria has a reputation for being associated with corruption, so, although it is promising that a former governor was convicted and sentenced, it does little to mitigate this reputation. Peculiarly, the governor's defence during his trial was not that he did not launder the money, but that his crimes were mitigated by his successes as a governor, which it was argued included the construction of three Olympic and FIFA-registered stadia, an 18-hole golf course and a shooting range.

His defence counsel also called a former Wimbledon footballer as a character witness, further highlighting the bizarre nature of this case. Worryingly, although the correct verdict was reached, the conduct of this trial does suggest that amongst those in power in Nigeria, there may be a culture that corruption is acceptable, and this reputation is one which Nigeria may still find difficult to shake off in the coming years although much is being done to improve matters.

In another case, a foreign exchange dealer was sentenced to one year in prison for laundering N 300,000,000, or approximately £1,200,000. He concealed the origin of the funds with numerous accomplices, including officials and customers at the bank. Three manager's cheques were drawn in favour of a number of customers, then liquidated and moved into different accounts using the passwords belonging to two of the bank staff. As well as the one-year jail sentence, the fraudster was ordered to forfeit the N 300,000,000.

27.28.1 Overview

The Polish authorities stated in the 2007 MONEYVAL report that the largest economic crimes within the country related to false fuel and scrap-metal dealing, resulting in lost customs and excise duties. Since new legislation has been introduced, though, the number of convictions for these crimes has increased.

Poland has been found to be deficient in regards to its AML regulation by various international bodies. However, in recent years it has introduced numerous measures to bring itself up to FATF standards.

27.28.2 Key Legislation

The AML law is contained in the Penal Code and the Act on Counteracting Money Laundering and Terrorism Financing dated 16th November, 2000, with subsequent amendments. The latest version appeared in the Journal of Laws in 2010. The Regulation of the Minister of Finance, dated 21st September, 2001, with subsequent amendments, provides supplementary regulation.

27.28.3 Legislative History

The Act on Counteracting Money Laundering and Terrorism Financing of 16th November, 2000 has been amended several times. Provisions regarding electronic payment were introduced in 2002, and the scope of the Act was extended in 2003 and 2004. The Third EU Anti-Money Laundering Directive was introduced in Poland by the Act of 25th July, 2009 amending the AML Act by implementing the EU Directives 2005/60/CE and 2006/70/CE.

27.28.4 FATF Assessment

The 2007 MONEYVAL report noted a large number of aspects missing from the Polish AML regime, such as the requirement to submit an STR or to terminate a relationship when CDD cannot be completed (both of which have since been rectified). Poland was rated “largely compliant” or “compliant” in just 18 of the 49 recommendations. However, the 2010 progress report noted that, since the adoption of the MER and the First Progress Report, Poland has taken the following measures with a view to addressing the deficiencies identified:

• Implementation of a new AML/CFT Law incorporating the Third EU Directive requirements;
• The creation of an autonomous offence of financing of terrorism;
• Achievement of a number of money-laundering convictions, including five autonomous convictions;
• Implementation of further outreach and training to the private sector;
• Implementation of further training to prosecutors and judges on the elements of money-laundering offences.

27.28.5 The Primary AML Investigation/Regulatory Authorities

27.28.6 Outline of Specific Money-laundering Offences

Money laundering is defined in the Act of 16th November, 2000 on Counteracting Money Laundering and Terrorism Financing as any deliberate action such as:

• Conversion or transfer of asset values derived from criminal activity or from participation in such activity in order to conceal or disguise the illicit origin of asset values, or granting assistance to a person who participates in such activities in order to avoid legal consequences of actions undertaken by such a person.
• Concealment or disguise of the true nature of asset values or property rights associated with them, of their source, location, disposition and an event of their dislocation, being aware that these values are derived from criminal activity or participation in such activity.
• Acquisition, taking possession or use of asset values derived from criminal activity or participation in such an activity.
• Complicity, attempt to commit, aiding or abetting the above.

These definitions apply even if the activities leading to the attainment of such asset values were conducted in the territory of a country other than the Republic of Poland.

Furthermore, the Polish Penal Code Article 299 defines money laundering as:“Whoever receives, transfers or transports abroad, assists in its transfer of title or possession of legal tenders, securities or other foreign currency values, property rights or real or movable property obtained from the profits of offences committed by other persons … or takes other action which can prevent, or make significantly more difficult, determination of their criminal origin or place of deposition, detection or forfeiture.”

27.28.7 Financing of Terrorism

Terrorism financing is defined as an act referred to in Article 165a of the Penal Code, which contains the terrorism offences.

27.28.8 Defences

Where a person voluntarily discloses before a law-enforcement agency information about persons taking part in the perpetration of an offence or about the circumstances of an offence, if it prevented the perpetration of another offence, that person shall not be liable to the penalty for the offence specified in Section 1-4. If the perpetrator undertook efforts leading to the disclosure of this information and circumstances, the court may apply extraordinary mitigation of punishment.

27.28.9 Penalties

The penalty for money laundering is deprivation of liberty for a term of between three months and five years. The punishment shall be imposed on anyone who, being an employee of a bank, financial or credit institution, unlawfully receives, in cash, significant amounts of money or foreign currency, transfers or converts them, receives them under other circumstances arousing justifiable suspicion as to their origin, or else provides services to conceal their unlawful origin or in securing them against seizure.

If money laundering is committed as a group, or the perpetrator gains considerable material benefit, the penalty of deprivation of liberty shall be for a term of between one and ten years.

27.28.10 Scope

The AML Act applies to “obligated institutions”, and lists 21 types of financial entity bound by the legislation.

27.28.11 Risk-based Approach

Any obligated institutions shall introduce a written internal procedure on counteracting money laundering and terrorist financing. Such an internal procedure should contain, in particular:

• The determination of how the financial security measures shall be implemented;
• Transactions registered;
• Analyses performed and risk assessed;
• Transaction information transmitted to the General Inspector;
• The suspension of transactions;
• Any account blocking and account freezing carried out;
• The manner in which the statements are received, if they are received; and
• How the information is stored.

27.28.12 Role of the MLRO/Nominated Officer

Obligated institutions must designate persons responsible for fulfilling the requirements of the AML law. The MLRO should be a board member appointed by the management board.

When the obligated institution exercises its business activity individually, a person responsible is a person performing this activity.

27.28.13 Due Diligence

CDD should be performed before entering into a contract with a client or prior to a transaction. It may be completed after having established an economic relationship only if it is necessary to ensure further business operations and where there is little risk of money laundering or terrorist financing, determined on the basis of relevant analysis performed.

Any obligated institution shall apply financial security measures for its clients. Their scope is determined on the basis of risk assessment for money laundering and terrorist financing, hereinafter referred to as “risk assessment”, resulting from the analysis, taking into account, in particular, the type of client, economic relationships, products and transactions. The risk assessment should consist of:

• Client identification and verification of his identity on the basis of documents or information publicly available;
• Making attempts, with due diligence, to identify a beneficial owner and apply verification measures, dependent on appropriate risk assessment, in order to provide the obligated institution with data required on the actual identity of a beneficial owner, including determination of the ownership structure and dependence of the client;
• Obtaining information regarding the purpose and the nature of economic relationships intended by a client;
• Constant monitoring of current economic relationships with a client, therein surveying transactions carried out to ensure that such transactions are in accordance with the knowledge of the obligated institution of the client and the business profile of his operations and with the risk; and, if possible, surveying the origins of assets and constantly updating documents and information in the obligated institution's possession.

Financial security measures are applied, in particular:

• When concluding a contract with a client;
• When carrying out a transaction with a client with whom the obligated institution has not previously concluded any agreements of the equivalent of more than EUR 15,000, regardless of whether the transaction is carried out as a single operation or as several operations if the circumstances indicate that they are linked;
• When there is a suspicion of money laundering or terrorist financing regardless of the value of such a transaction, its organisational form or the type of client;
• When there are doubts raised that the previously received data referred to in Article 9 are authentic and complete.

In the event the obligated institution cannot perform these duties, it should cease business transactions and submit a report to the General Inspector.

27.28.14 Ongoing Monitoring

Any obligated institution shall undertake ongoing analysis of transactions carried out. The results of such analyses should be documented in paper or electronic form.

27.28.15 Staff Training

Any obligated institution must ensure that employees who perform duties related to counteracting money laundering and terrorist financing participate in training programmes related to their duties.

27.28.16 Record-keeping

The register of suspicious transactions shall be stored for a period of five years, calculating from the first day of the year following the year in which transactions were recorded. Any information on the transactions carried out by the obligated institution and documents related to such transactions shall be stored for a period of five years, calculating from the first day of the year following the year in which the last record associated with the transaction took place.

Information obtained as a result of the application of CDD measures should be stored for a period of five years from the first day of the year following the year in which the transaction was carried out with the client. Documents and other data retained by the entity with a reporting obligation shall be destroyed within one year after expiry of the retention period.

All of the results of investigations carried out in pursuance of the ongoing monitoring requirements shall be kept for a period of five years, calculating from the first day of the year following the year in which they were conducted.

27.28.17 Investigation and Reporting Requirements

At the written request of the General Inspector, any obligated institution shall immediately disclose any information about the transactions covered by the AML law. Such a disclosure consists, in particular, of the provision of information about the parties to the transaction, the content of documents, including the balances and turnover on the account, certified copies of theirs, or a disclosure of relevant documents, to provide insight for authorised employees of the relevant authority in order to produce notes or copies.

The information shall be forwarded electronically to the General Inspector free of charge and, if the General Inspector requests.

27.28.18 Suspicious Transaction Reporting

Any obligated institution must provide information on suspicious transactions to the General Inspector. Any report must include the following information:

• Identification data of the parties to the transaction;
• The amount, currency and type of the transaction;
• Numbers of accounts used to conduct the transaction if the transactions involve such accounts;
• Substantiation, along with the place, date and manner of placing disposition, in the event of providing information on the transaction.

Any obligated institution conducting a transaction for which the circumstances may suggest that it was related to money laundering or terrorist financing is required to register such a transaction, regardless of its value and character.

In the event that the obligated institution does not accept the disposition or order to conduct a transaction, the reporting obligation shall still apply if the institution is aware of, or with due diligence should be aware of, such a transaction in regard to the contract with its client.

If it conducts a transaction exceeding the equivalent of EUR 15,000, the institution is required to register the transaction. Furthermore, if numerous transactions appear to be linked and were divided into smaller transactions to avoid the registration requirement, they must still be reported. This obligation shall not apply to, for example:

• Transfers from a deposit account to a time deposit account belonging to the same client at the same obligated institution;
• Transfers to a deposit account from a time deposit account belonging to the same client at the same obligated institution;
• Incoming transfers with the exception of bank transfers from abroad;
• Transactions related to the internal management of the obligated institutions.

Information on a transaction shall be forwarded to the General Inspector:

• In the case of transactions exceeding the threshold, within 14 days after the end of each calendar month;
• In the case of suspicious transactions, immediately.

27.28.19 Waived Registration Regulations

Article 9d item 1 of the AML Act sets forth the circumstances in which the registration obligation and financial security measures may be waived. These include:

1. When the client is an entity providing financial services established in the territory of any of the EU Member States or equivalent countries; or
2. In relation to:
   • government bodies, local government authorities and execution bodies;
   • life insurance policies, provided that a fixed annual premium does not exceed the equivalent of EUR 1,000, and that a single premium does not exceed the equivalent of EUR 2,500;
   • transactions regarding insurance policies being a part of retirement insurance, provided that the terms and conditions of the policy do not include a surrender clause, and that such policy cannot be used as collateral for a loan;
   • electronic money devices, within the meaning of the Polish Act of 19th August, 2011 on payment services, if the maximum amount stored in the device does not exceed:
     • EUR 250, in the case of devices that cannot be recharged; or
     • EUR 2,500 per calendar year, in the case of rechargeable devices, provided that the redemption amount is at least the equivalent of EUR 1,000 per calendar year concerned;
   • transactions that can be traced back by payment service providers of the payee due to a unique reference number assigned to the transaction for the supply of goods and services with the payee, even if the amount of such a transaction does not exceed the equivalent of EUR 1,000.

27.28.20 Penalties

Any obligated institution, with the exception of the National Bank of Poland, which:

• Fails to register a transaction exceeding the threshold, fails to provide the General Inspector with the documents relating to this transaction or fails to store records of the transaction or documents relating to this transaction for the required period of time;
• Fails to carry out risk analysis essential for the application of appropriate financial security measures;
• Fails to apply financial security measures;
• Fails to store documented results of the analysis for the required period of time;
• Fails to meet the obligation to provide employees with a training programme;
• Fails to comply, in a timely manner, with the post-audit conclusions or recommendations;
• Establishes and/or maintains cooperation with a shell bank

shall be subject to pecuniary penalties. The penalty imposed shall be decided by the General Inspector, and shall not exceed 750,000 PLN. (Note that much of the legislation still refers to PLN or zloty, as opposed to euros. Our expectation is that when the Fourth Money Laundering Directive is implemented in Poland during 2016, these amounts will be changed to euros.) When determining the amount of such a pecuniary penalty, the General Inspector shall take into account the nature and the extent of violations, the previous operation of the obligated institution and its financial capacity.

Any person who acts on behalf of, or in the interest of, the obligated institution and, contrary to the provisions of the Act, fails to:

• Register a transaction, to submit documentation relating to this transaction to the General Inspector or to store a register of such transaction or documentation relating to this transaction for the required period of time;
• Maintain financial security measures, in accordance with the prescribed procedures, or to store information obtained in connection with the implementation of financial security measures;
• Notify the General Inspector about required transactions;
• Suspend a transaction or block an account;
• Introduce the internal procedures required;
• Designate an MLRO

shall be subject to the punishment of imprisonment for up to three years.

Anyone who discloses the information collected in accordance with the AML law to any unauthorised persons, any account holder or any person to whom the transaction relates, or uses this information in any other unauthorised manner shall be subject to the same punishment. If this is done unintentionally, the perpetrator shall be subject to a fine.

Anyone who, acting on behalf of or in the interest of the obligated institution:

• Refuses to submit information or documents to the General Inspector; or
• Submits false data to the General Inspector or hides real data on transactions, accounts or persons

shall be subject to the punishment of imprisonment from three months to five years.

Anyone who commits any of the above offences and, as a result, causes substantial damage, shall be subject to the punishment of imprisonment from six months to eight years.

27.28.21 Case Studies

In the financial year 2010–11, the Polish authorities recovered zł.60 million in laundered money, bringing the total recovered to zł.215.6 million. However, this is only a fraction of the zł.1.33 billion that was suspected of being laundered in the same financial year by 387 companies, highlighting that the authorities still have a lot to do.

One of the latest innovations by money launderers in Poland is to put laundered money on a new variety of cash card that can be bought in stores. These cards are not registered to anyone, meaning they can be thrown away without leaving a trace. Criminals often use them to make transactions online.

Money launderers are also transferring money online through non-banking institutions, such as credit unions. This makes transactions difficult to detect because the value is usually under zł.200–300, there are many of them taking place and the recipient's location could be anywhere. This highlights the need for financial institutions to adapt to changing technological advances to maintain the upper hand in the fight against money laundering.

27.29.1 Overview

The Russian authorities are well aware of the money-laundering (ML) and terrorist-financing (TF) schemes used in Russia. Many ML schemes involve the misuse of (foreign) legal entities and financial institutions. Laundered money is often invested in real estate or security instruments, or used to buy luxury consumer goods. Russia has been a repeated victim of terrorism, and the authorities report the use of TF schemes involving the misuse of alternative remittance networks by foreign and North Caucasian terrorist groups.

A general impediment to the fight against ML/TF is the high level of corruption in the public and private sectors. There are no indications that the FIU is affected by corruption, but some law-enforcement bodies and private sector businesses are impacted by corruption in varying degrees. The current and previous Presidents of Russia have rightfully established eliminating corruption as a priority for the Russian government.

27.29.2 Key Legislation

The Russian Criminal Code criminalises the money-laundering offence. This is supplemented by various regulations provided by the FIU, including Ordinance No. 30, dated 23rd June, 2004, on Approval of Regulations on the Federal Financial Monitoring Service, Ordinance No. 245, dated 17th April, 2002, on Approval of the Regulation for Submitting Information to the Federal Financial Monitoring Service by Organisations Performing Operations in Monetary Funds or Other Assets and Federal Law No. 115-FZ, of 7th August, 2001, on Combating Legalisation (Laundering) of Criminally Gained Income and Financing of Terrorism. The most recent legislation, enacted in June 2013, Federal Law of 28.06.2013 No. 134-FZ “On amendments to certain legislative acts of the Russian Federation on counteraction to illegal financial transactions” made various amendments to the AML framework.

27.29.3 Legislative History

Money laundering was first criminalised in Russia in 1997.

27.29.4 FATF Assessment

The most recent mutual evaluation found that Russia has, in a short time, implemented and enhanced its AML/CFT system and has done so in less time than many other countries. It was particularly complimentary towards the FIU, Rosfinmonitoring, for performing the traditional tasks of an FIU in full compliance with the FATF standards, as well as many other tasks, including serving as the central responsible agency for AML/CFT matters. Further, the FATF praised Russia for introducing the concept of beneficial ownership into its framework, and amending and strengthening its legislation to bring the country into line with FATF standards.

27.29.5 The Primary AML Investigation/Regulatory Authorities

27.29.6 Outline of Specific Money-laundering Offences

The accomplishment of large-scale financial transactions and other deals in amounts of money or other property knowingly acquired by other persons in an illegal way (except the offences stipulated by Articles 193, 194, 198 and 199 of the present Code) for the purpose of bringing the appearance of legality to the possession, use and disposal of the said amounts of money or other property constitutes an offence.

Note: The “large-scale financial transactions and other deals in amounts of money or other property” in the present article means financial transactions and other deals in amounts of money or other property accomplished in an amount exceeding 2,000 times the minimum wage rate.

Self-money laundering is also criminalised in Russia by Article 174.1 of the Criminal Code. It is defined as the accomplishment of large-scale financial transactions and other deals in amounts of money or other property acquired by a person as the result of his/her having committed an offence (except for the offences stipulated by Articles 193, 194, 198 and 199 of the present Code) or the use of these amounts of money or other property for the pursuance of entrepreneurial or other economic activity.

The acquisition or sale of property, knowingly obtained in a criminal manner, also constitutes a criminal offence.

27.29.7 Penalties

The primary money-laundering offence shall be punishable by a fine at a rate of 500 to 700 times the minimum wage rate or in the amount of the convict's wage or other income for a period of five to seven months or imprisonment for a term of up to four years with a fine at a rate of up to 100 times the minimum wage rate or in the amount of the convict's wage or other income for a term of up to one month or without such a fine.

The same actions committed:

• By a group of persons by preliminary agreement;
• Repeatedly; or
• By a person abusing his/her position

shall be punishable by imprisonment for a term of four to eight years with the confiscation of property or without such a confiscation.

The offence, when committed by an organised group, shall be punishable by imprisonment for a term of seven to ten years with the confiscation of property or without such a confiscation.

Self-money laundering shall be punishable by a fine at a rate of 700 to 1,000 times the minimum wage rate or in the amount of the convict's wage or other income for a period of six to ten months or imprisonment for a term of up to five years with a fine at a rate of up to 100 times the minimum wage rate or in the amount of the convict's wage or other income for a term of up to one month or without such a fine.

Self-money laundering committed:

• By a group of persons by preliminary agreement;
• Repeatedly; or
• By a person abusing his/her position

shall be punishable by imprisonment for a term of five to eight years with the confiscation of property or without such a confiscation.

Self-money laundering committed by an organised group shall be punishable by imprisonment for a term of 10 to 15 years with the confiscation of property or without such a confiscation.

Acquiring criminal property shall be punishable by a fine in the amount of 50 to 100 times the minimum wage rate, or in the amount of the wage or salary or any other income of the convicted person for a period of up to one month, or by compulsory works for a term of 180 to 240 hours, or by corrective labour for a term of one to two years, or by deprivation of liberty for a term of up to two years.

When the acquisition of criminal property is made:

• By a group of persons in a preliminary conspiracy;
• In relation to a car or any other property of large value;
• By a person who was earlier tried for stealing, extortion or acquisition or sale of property, knowingly obtained in a criminal manner,

it shall be punishable by restraint of liberty for a term of up to three years, or by arrest for a term of four to six years, or by deprivation of liberty for a term of up to five years with a fine in the amount of 50 times the minimum wage rate, or in the amount of the wage or salary, or any other income of the convicted person for a period of up to one month.

The acquisition of criminal property, when committed by an organised group or a person using his official position, shall be punishable by deprivation of liberty for a term of three to seven years with a fine in the amount of 100 times the minimum wage rate, or in the amount of the wage or salary, or any other income of the convicted person for a period of up to one month.

27.29.8 Scope

For the purposes of the AML framework, the following information shall relate to organisations performing operations with monetary funds or other assets:

• Credit institutions;
• Professional participants in the securities market;
• Insurance organisations and leasing companies;
• Organisations of federal post communication;
• Pawn shops;
• Organisations involved in the purchase or buying–selling of precious metals and precious stones, jewellery made out of them and scratched items;
• Organisations arranging totalisators and bookmaker offices as well as organising and carrying out lotteries, totalisators (mutual bets) and other risk-based games, including in electronic form;
• Organisations managing investment funds or non-governmental pension funds;
• Organisations rendering intermediary services when performing operations of sale and purchase of real estate;
• Non-credit organisations accepting cash funds from physical persons in cases provided for by the legislation on banks and banking activity.

27.29.9 Risk-based Approach

The requirements for identification can differ depending on the degree (level) of risk posed by the client of operations with regard to the legalisation (laundering) of criminally gained income or the financing of terrorism.

27.29.10 Role of the MLRO/Nominated Officer

Financial institutions are required to appoint an official to oversee compliance with the relevant AML regulations. For more on this, please see “Internal Requirements” below.

27.29.11 Due Diligence

CDD does not need to be conducted on a natural person, and verification and identification of the beneficiary are not performed when organisations performing operations with funds or other assets carry out depositing operations for clients (natural persons) of the following payments if they do not exceed 30,000 roubles or an amount in foreign currency equivalent to 30,000 roubles:

• Related to settlements with budgets of all levels of the budget system of the Russian Federation (including federal, regional and local taxes and duties, as well as those fines provided for by the legislation of the Russian Federation on taxes and duties);
• Related to payment for services rendered by budget institutions managed by federal executive bodies, executive bodies of the subjects of the Russian Federation and bodies of local self-government;
• Related to payment for flats, communal services, payment for safeguarding flats and installation of safeguarding equipment, as well as payment for communication services;
• Related to payment of contributions by members of orchid, garden, summer house and non-commercial associations of citizens and garage-construction cooperatives. Payments for paid auto placements;
• Related to payments of aliments.

It is perhaps surprising that orchid and other associations are listed in this way. The general point is that since they are cooperatives the normal rules do not need to apply.

When a natural person buys or sells, in cash, foreign currency for an amount not exceeding 15,000 roubles or not exceeding the amount in foreign currency equivalent to 15,000 roubles, identification of the client and/or identification and verification of the beneficiary are not performed except in cases where an officer of the organisation performing the operation with monetary funds or other assets suspects that this operation is being carried out with the aim of legalisation (laundering) of criminal proceeds or the financing of terrorism.

Credit organisations are authorised to refuse to conclude a contract for a bank account deposit with a natural or legal person in the following cases:

• The absence in the location of the legal person of its permanent control body, other body or person who has the right to act on behalf of the legal person without a proxy;
• A person or legal entity fails to submit documents certifying the data indicated in the present Article, or if invalid documents are presented;
• There are data on the natural or legal person concerning participation in terrorist activity, received in accordance with the present Federal law.

27.29.12 Ongoing Monitoring

Financial institutions are required to regularly update the information on clients and beneficiaries.

27.29.13 Staff Training

As outlined in the section on internal requirements below, the internal procedures must include a system for the training of staff.

27.29.14 Record-keeping

All relevant information must be documented in the following circumstances:

• Intricate or unusual deals which do not make evident economic sense or have an evident legal purpose;
• Lack of compliance of a deal with the goals of the organisation, established by the founding documents of this organisation;
• The repeated performance of operations or deals whose character makes an entity suppose that the purpose of their performance is the evasion of the obligatory control procedures, provided by this Federal law;
• Other circumstances, which give reason to suppose that deals are being performed for the purposes of legalisation (laundering) of criminally gained income or the financing of terrorism.

Documents containing information stated in this article, and the data necessary for identification of the person, shall be kept for not less than five years. The specified term is calculated from the date of the termination of relations with the client.

27.29.15 Internal Requirements

In order to prevent the legalisation (laundering) of criminally gained income and the financing of terrorism, organisations performing operations with monetary funds and other assets must develop rules of internal control and relevant programmes to ensure that these are complied with. They must appoint officials responsible for the observance of these rules and the realisation of these programmes, and take other relevant internal organisational measures.

The internal control rules of an organisation performing operations with monetary funds and other assets must include a procedure for recording the necessary information in documents, a procedure for the provision of confidentiality of information, qualification requirements in terms of the preparation and training of staff and criteria for revealing and identifying extraordinary deals where the account portrays specific features of the activity of this organisation.

In accordance with the rules of internal control, any organisation performing operations with monetary funds and other assets must document the information obtained as a result of the application of these rules and the realisation of the programme of internal control, and in doing so must preserve the confidential nature of such information.

27.29.16 Suspicious Transaction Reporting

Financial institutions are required to collate documents and submit to the FIU the following information on operations with monetary funds or other assets which are subject to obligatory control, not later than the working day following the date of undertaking the operation:

• The type of operation and the grounds for performance thereof;
• The date on which the operation with monetary funds or other assets was carried out, as well as the amount involved;
• Information necessary to identify the person who carried out the operation with monetary funds or other assets (passport or other identification card data), the data from a migration card, a document confirming the right of a foreign citizen or a person without citizenship to stay (reside) in the Russian Federation, a taxpayer identification number (if one exists) and the address of his residence or the place in which he is staying;
• In the case of a legal entity, the name, taxpayer identification number, State registration number, place of State registration and the address of the entity that performed the operation with monetary funds or other assets;
• Information necessary for the identification of a person or legal entity by whose order and on whose behalf an operation with monetary funds or other assets was performed, the data from a migration card, a document confirming the right of a foreign citizen or a person without citizenship to stay (reside) in the Russian Federation, a taxpayer identification number (if one exists), a residential address or the business address, respectively, of a person or legal entity;
• Information necessary for the identification of the representative of the natural or legal person, the attorney, the agent, the commission agent or the trustee performing the operation with monetary funds or other assets, on behalf of or in interests of or at expense of another person by virtue of power based on proxy, contract, the law or a certificate from an authorised State body or institution of local government, the data from a migration card, a document confirming the right of a foreign citizen or a person without citizenship to stay (reside) in the Russian Federation, a taxpayer identification number (if one exists) and the residential address of the representative of the natural or legal person;
• Information necessary for the identification of the addressee of the operation with monetary funds or other assets and his representative, including the data from a migration card and a document confirming the right of a foreign citizen or a person without citizenship to stay (reside) in the Russian Federation, a taxpayer identification number (if one exists) and the address of a residence or site of the addressee and his representative if it is stipulated by the rules pertaining to the performance of the corresponding operation.

Information about operations in monetary funds or other assets subject to mandatory control shall be submitted by the organisation not later than on the business day following the day on which the relevant operation was undertaken.

Information about operations in monetary funds or other assets considered by internal control to be performed with the objective of money laundering or the financing of terrorism shall be submitted by the organisation not later than on the business day following the day of identification of the relevant operation.

The information specified above with regard to the present regulation shall be submitted to the Federal Financial Monitoring Service in electronic form via communication channels or on magnetic media.

If employees of an organisation performing operations with monetary funds and other assets have any suspicions resulting from the realisation of the internal control programmes, stated in Clause 2 of this article, that some operations are being performed for the purposes of legalisation (laundering) of criminally gained income and/or the financing of terrorism, this organisation, not later than the working day following the day on which such operations are detected, must forward to the authorised body information on these operations regardless of whether they refer to operations provided by Article 6 of this Federal law or not.

27.29.17 Penalties

Infringement by organisations performing operations with monetary funds or other assets and acting with the authority of a licence may lead to the withdrawal (annulment) of the licence in accordance with the procedure provided by the legislation of the Russian Federation.

Persons guilty of infringement of this Federal law shall bear administrative, civil and criminal responsibility in accordance with the legislation of the Russian Federation. The 2013 legislation added the power to freeze assets.

27.29.18 Case Studies

A former oil tycoon, who was once Russia's richest man with $15 billion in personal wealth, was convicted of money laundering in 2005 and sentenced to a total of 14 years in prison. Along with his former partner, the tycoon was then charged again with laundering more than $20 billion and stealing over 200 million tons of oil in 2009, when he was already halfway through his first sentence. However, the conviction is currently being reviewed as part of the appeal process.

The tycoon was arrested for laundering funds through his company, as well as on tax-evasion charges. For a financial institution, despite the suspicion surrounding the background to this case, it highlights the need not to take companies at face value. The lesson from this is that even if a company has a good reputation, appropriate AML checks still clearly need to be carried out.

27.30.1 Overview

Law-enforcement agencies in Singapore keep to strict programmes of governance and protection for the country's economy. The Global Competitiveness Report, published by the World Economic Forum, rated Singapore the best for protecting businesses from criminals.

27.30.2 Key Legislation

The key money-laundering legislation is the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act, Chapter 65A. The AML regulations in Singapore are issued by the Monetary Authority of Singapore (MAS) pursuant to Section 27B of the Monetary Authority of Singapore Act (Cap. 186). The regulations, MAS notice 626, were issued on 2nd July, 2007 and last revised on 2nd December, 2009. The AML Compliance Handbook, issued by the Commercial Affairs Department, provides supplementary AML information.

27.30.3 Legislative History

Singapore has criminalised the money-laundering offence in eight separate provisions of the Corruption, Drug Trafficking and Other Serious Crimes Act (CDSA), which was last updated in March 2012. Singapore's laws are largely consistent with the 2000 UN Convention against Transnational Organised Crime (the Palermo Convention). Furthermore, the Terrorism (Suppression of Financing) Act, Chapter 325 was enacted in 2002 and amended in 2003. This Act provides the legislative framework for the offence of terrorism financing and the confiscation of any property associated with the financing of terrorism.

The Mutual Assistance in Criminal Matters Act, Chapter 190A, enacted in April 2000, allows the Singapore government to provide and receive international mutual assistance with regards to money laundering and the financing of terrorism. The Act was amended in 2006.

27.30.4 FATF Assessment

The 2008 mutual evaluation of Singapore was particularly impressive, with the country scoring “compliant” or “largely compliant” with 43 of the 49 FATF Recommendations. The remaining six areas were addressed by the time of its 2011 follow-up report, although the FATF noticed that deficiencies remained regarding politically exposed persons, wire transfers, transparency and beneficial ownership of legal persons, statistics and guidance and feedback. Overall, the money-laundering offences were described as broad, the international cooperation regime as comprehensive and the Suspicious Transaction Reporting Office as generally well structured, staffed and funded.

27.30.5 The Primary AML Investigation/Regulatory Authorities

27.30.6 Outline of Specific Money-laundering Offences

The key offences are as follows:

• Assisting another to retain the benefits of drug trafficking;
• Assisting another to retain benefits from criminal conduct;
• Providing an exception under the reporting procedure;
• Acquiring, possessing, using, concealing or transferring benefits of drug trafficking;
• Acquiring, possessing, using, concealing or transferring benefits of criminal conduct;
• Tipping off;
• Prejudicing an investigation.

The money-laundering offence applies to both legal and natural persons, and proof of knowledge is derived from factual objective circumstances.

In July 2013, predicate offences were extended to include serious taxation offences and additional changes are anticipated in 2014.

27.30.7 Defences

It is a defence to prove:

• That one did not know, and had no reasonable grounds to believe, that the arrangement related to any person's proceeds of drug trafficking;
• That one did not know, and had no reasonable grounds to believe, that, by the arrangement, the retention or control by, or on behalf of, the relevant person of any property was facilitated or, as the case may be, that, by the arrangement, any property was used as mentioned above;
• That:
  • one intended to disclose to an authorised officer such suspicion or belief that the proceeds of drug trafficking were involved in relation to the arrangement; and
  • there is reasonable excuse for the person's failure to make disclosure; or

• That, in the case of a person who was in employment at the time in question and he enters or is otherwise concerned in the arrangement in the course of his employment, he disclosed the suspicion or belief that proceeds of drug trafficking were involved in relation to the arrangement to the appropriate person in accordance with the procedure established by his employer for the making of such disclosures.

27.30.8 Penalties

Natural persons are subject to a SGD 500,000 fine or up to seven years' imprisonment. Legal persons are subject to a SGD 1,000,000 fine.

27.30.9 Role of the MLRO/Nominated Officer

The bank should develop appropriate compliance management arrangements including, at least, the appointment of a management-level officer as the AML/CFT Compliance Officer. The bank must ensure that the AML/CFT Compliance Officer, as well as any other persons appointed to assist him, has timely access to all customer records and other relevant information which they require to discharge their functions.

27.30.10 Due Diligence

The requirement is that the bank must identify each customer who applies to the bank to establish business relations. A bank is required to perform CDD measures when:

• The bank establishes business relations with any customer;
• The bank undertakes any transaction with a value exceeding SGD 20,000 for any customer who has not otherwise established business relations with the bank;
• There is a suspicion of money laundering or terrorist financing, notwithstanding that the bank would otherwise not be required to perform CDD measures; or
• The bank has doubts about the veracity or adequacy of any information previously obtained.

A bank should complete verification of the identity of the customer and beneficial owner:

• Before the bank establishes business relations; or
• Before the bank undertakes any transaction for a customer, where the customer does not have business relations with the bank.

However, a bank may establish business relations with a customer before completing the verification of the identity of the customer and beneficial owner if:

• The deferral of completion of the verification of the identity of the customer and beneficial owner is essential in order not to interrupt the normal conduct of business operations; and
• The risks of money laundering and terrorist financing can be effectively managed by the bank.

Where the bank establishes business relations before verification of the identity of the customer or beneficial owner, the bank should complete verification as soon as is reasonably practicable.

Where the bank is unable to complete CDD measures, it should terminate the business relationship and consider if the circumstances are suspicious enough to warrant the filing of a suspicious transaction report (STR).

27.30.11 Ongoing Monitoring

There is a general requirement that the bank must monitor, on an ongoing basis, its business relations with customers. To achieve this, the bank is required, during the course of business relations, to observe the conduct of the customer's account and scrutinise transactions undertaken to ensure that the transactions are consistent with the bank's knowledge of the customer, its business and risk profile and, where appropriate, the source of funds. It should pay special attention to all complex or unusually large transactions or unusual patterns of transactions that have no apparent or visible economic or lawful purpose. If any are identified, the bank should, to the extent possible, inquire into the background and purpose of the transactions and document its findings with a view to making this information available to the relevant competent authorities should the need arise. Of course, this needs to be done without tipping off the customer.

To keep materials up to date, the bank is required periodically to review the adequacy of customer identification information obtained in respect of customers and beneficial owners and ensure that the information is kept up to date, particularly for higher-risk categories of customer. This, of course, enables the bank to obtain improved and updated information based on the regulations without alerting the customer to any specific issue regarding their relationship with the bank.

27.30.12 Staff Training

The bank is required to take all appropriate steps to ensure that its staff (whether in Singapore or overseas) are regularly trained on:

• AML/CFT laws and regulations and, in particular, CDD measures, detecting and reporting of suspicious transactions;
• Prevailing techniques, methods and trends in money laundering and terrorist financing; and
• The bank's internal policies, procedures and controls on AML/CFT and the roles and responsibilities of staff in combating money laundering and terrorist financing.

The bank must have in place screening procedures to ensure high standards when hiring employees.

27.30.13 Record-keeping

The requirement is that the bank must prepare, maintain and retain documentation on all its business relations and transactions with its customers such that:

• All requirements imposed by law are met;
• Any transaction undertaken by the bank can be reconstructed so as to provide, if necessary, evidence for prosecution of criminal activity;
• The relevant competent authorities in Singapore and the internal and external auditors of the bank are able to review the bank's transactions and assess the level of compliance with the regulations; and
• The bank can satisfy, within a reasonable time or any more specific time period imposed by law, any enquiry or order from the relevant competent authorities in Singapore for information.

The bank must, when setting its record-retention policies, comply with the following document-retention periods:

• A period of at least five years following the termination of business relations for customer identification information and other documents relating to the establishment of business relations, as well as account files and business correspondence; and
• A period of at least five years following the completion of the transaction for records relating to a transaction, including any information needed to explain and reconstruct the transaction.

The bank may retain documents as originals or copies, in paper or electronic form or on microfilm, provided that they are admissible as evidence in a Singapore court of law.

27.30.14 Investigation and Reporting Requirements

Anyone moving SGD 30,000 or more into or out of Singapore must lodge a cash movement report (CMR). The names and identity of individuals who lodge reports are only disclosed if they have wilfully submitted false information.

The Suspicious Transaction Reporting Office (STRO) receives all suspicious transaction reports (STRs) from the relevant officer. The Singapore STRO is part of the Egmont Group. It is also a member of the Asia Pacific Group on money laundering (APG).

27.30.15 Internal Requirements

A bank is required to develop and implement internal policies, procedures and controls to help prevent money laundering and terrorist financing and communicate these to its employees. The policies, procedures and controls should include, amongst other things, CDD measures, record retention, the detection of unusual and/or suspicious transactions and the obligation to make suspicious transaction reports.

27.30.16 Suspicious Transaction Reporting

Where a person knows, or has reasonable grounds to suspect, that any property, in whole or in part, directly or indirectly, represents the proceeds of, was used in connection with or is intended to be used in connection with any act which may constitute drug trafficking or criminal conduct, as the case may be, and the information or matter on which the knowledge or suspicion is based came to his attention in the course of his trade, profession, business or employment, he shall disclose the knowledge or suspicion or the information or other matter on which that knowledge or suspicion is based to a Suspicious Transaction Reporting Officer as soon as is reasonably practicable after it comes to his attention.

Where the property referred to above is the subject of a transaction, the person referred to in that subsection shall make the disclosure referred to in that subsection regardless of whether the transaction was completed.

A bank shall implement appropriate internal policies, procedures and controls for meeting its obligations under the law, including the following:

• The establishment of a single reference point within the organisation to whom all staff are instructed to promptly refer all transactions suspected of being connected with money laundering or terrorist financing, for possible referral to the STRO via STRs; and
• The creation and storage of records of all transactions referred to the STRO, together with all internal findings and analysis done in relation to them.

A bank shall submit reports on suspicious transactions (including attempted transactions) to the STRO, and extend a copy to the authority for information.

A bank shall consider if the circumstances are suspicious so as to warrant the filing of an STR and document the basis for its determination where:

• The bank is, for any reason, unable to complete CDD measures; or
• The customer is reluctant, unable or unwilling to provide any information requested by the bank, decides to withdraw a pending application to establish business relations or a pending transaction or to terminate existing business relations.

27.30.17 Penalties

Any person who fails to report a suspicious transaction shall be guilty of an offence and shall be liable, on conviction, to a fine not exceeding SGD 20,000, although it is a defence that the person charged had a reasonable excuse for not disclosing the information or other matter in question, or that, if they were an employee, they disclosed it in accordance with their internal procedures.

27.30.18 Case Studies

The first money-laundering case in Singapore concerned a major airline. In this case a supervisory clerk was granted almost total control over a computer program which computed and paid out the crew's salaries and allowances by making direct credits into staff bank accounts. The clerk dishonestly misappropriated numerous amounts from the airline's bank account by causing them to be paid to bank accounts which were in his name or controlled by him. Random checks were supposed to be made. However, there was no way the supervisors could verify all the details keyed in by the clerk, and he had also falsely altered a computer-generated report printed daily which contained all the adjustments made to crew allowances for that day. He defrauded the airline of almost SGD 35 million, and at the conclusion of investigations, SGD 14 million remained unrecovered. He was sentenced to 24 years' imprisonment.

In another case, a customer-service officer in a worldwide bank stole US$ 7.2 million (SGD 12.6 million) from the bank over a period of five years. He pleaded guilty to the single money-laundering charge and the other charges of cheating (altogether there were more than 1,000 charges which took the court interpreter two hours to read) and was sentenced to 12 years' imprisonment. The clerk was a compulsive gambler, and often bet (with the stolen money) on the lottery with $500,000 per week (and struck the first prize twice, totalling $6m). When the police raided his home they found over 1,000 lottery tickets; hence the number of charges exceeding 1,000.

In 2003, the biggest fraud case in Singapore history occurred. The finance manager of a brewery was charged for 44 offences of forgery and cheating and two charges of money-laundering offences involving a total sum of SGD 117 million. He pleaded guilty to all 46 charges and was sentenced (by the same District Court judge as in case study one) to 42 years' imprisonment. The manager flew in private jets to bet in the world's leading casinos, at $400,000 per bet and lost $62.3 million. He used funds he had cheated from four major banks, which then took legal action against the brewery.

27.31.1 Overview

South Africa has demonstrated a strong commitment to implementing AML/CFT systems, which has involved close cooperation and coordination between a variety of government departments and agencies. The authorities have sought to construct a system which uses as its reference the relevant United Nations Conventions and the international standards as set out by the Financial Action Task Force.

27.31.2 Key Legislation

The money-laundering offence is found in the Prevention of Organised Crime Act (POCA). The Financial Intelligence Centre Act, which was amended by the Financial Intelligence Centre Amendment Act 2008, contains the AML compliance legislation. The Money Laundering Control Regulations (“the Regulations”) were issued under the Act in December 2002. These were updated in 2010.

27.31.3 Legislative History

South Africa supplemented its AML law with statutory provisions in the Drugs and Drug Trafficking Act 140 of 1992. This Act criminalised the laundering of the proceeds of specific drug-related offences and required the reporting of suspicious transactions involving the proceeds of drug-related offences. The Proceeds of Crime Act 76 of 1996 broadened the scope of the statutory laundering provisions to all types of offences. In 1999, the Proceeds of Crime Act, as well as the laundering provisions of the Drugs and Drug Trafficking Act, were repealed when POCA came into effect.

Money laundering is criminalised in Section 4 of the Prevention of Organised Crime Act 1998. The AML control measures are found in the Financial Intelligence Centre Act 2001 and subsequent regulations.

The requirements are further elaborated in guidance notes issued by the Centre and circulars issued by the South African Reserve Bank (SARB), which is the central bank of South Africa. However, neither of these is legally enforceable, and they are only intended to provide guidance.

It should also be noted that South Africa's AML/CFT framework is currently undergoing a process of transition. The FIC Act (FICA) was substantially amended by the Financial Intelligence Centre Amendment Act 2008 (FIC Amendment Act) which was gazetted on 28th August, 2008.

The FIC launched a new communication platform – a Public Compliance Communication (PCC) series – on 22nd February, 2010. The purpose of the PCC is to facilitate a better understanding of the Financial Intelligence Centre Act 2001 (Act No. 38 of 2001) (FICA) by all businesses, including accountable institutions, and to address some of the complex questions arising from the administration of FICA and its subordinate legislation. The main purpose of the PCC series is to provide guidance under Section 4(c) of FICA on the FIC's interpretation of the relevant legislation. This form of guidance will have the same legal status as the guidance notes that have been, and will continue to be, issued by the FIC.

27.31.4 FATF Assessment

The 2008 FATF mutual evaluation described the development of AML/CFT systems in South Africa as “work in progress”. The country was rated “largely compliant” or “compliant” in approximately half of the 49 recommendations, which highlights that there is still work to be done to bring South Africa into line with FATF Recommendations.

27.31.5 The Primary AML Investigation/Regulatory Authorities

27.31.6 Outline of Specific Money-laundering Offences

27.31.7 Defences

A person may raise as a defence the fact that he or she had reported a knowledge or suspicion, or, if they are an employee of a financial institution, that person may also raise as a defence the fact that he or she had:

• Complied with the applicable obligations in terms of the internal rules relating to the reporting of information of the accountable institution; or
• Reported the matter to the person charged with the responsibility of ensuring compliance by the accountable institution with its legal duties; or
• Reported a suspicion to his or her superior, if any, if:
  • the accountable institution had not appointed such a person or established such rules;
  • the accountable institution had not complied with its legal obligations in respect of that person; or
  • those rules were not applicable to that person.

27.31.8 Penalties

Any person convicted of an offence outlined above shall be liable to a fine not exceeding R 100 million, or to imprisonment for a period not exceeding 30 years.

27.31.9 Scope

The AML Act applies to 19 “accountable institutions”, including banks, estate agents and various other financial services.

27.31.10 Risk-based Approach

The Act and the Regulations require accountable institutions to identify all clients with whom they do business unless an exemption applies in a given circumstance. However, institutions are not required to follow a one-size-fits-all approach in the methods they use and the levels of verification they apply to all relevant clients.

In many instances, the Regulations make reference to the fact that accountable institutions must verify certain particulars against information which can be reasonably expected to achieve such verification and is obtained by reasonably practical means, taking into account any guidance notes concerning the verification of identities which may apply.

The use of expressions in the Regulations such as “can reasonably be expected to achieve such verification” and “is obtained by reasonably practical means” implies that a risk-based approach is appropriate, and that the greater the risk, the higher the level of verification and the more secure the methods of verification used should be.

The assessment of risk factors should best be done by means of a systematic approach to determining different risk classes and identifying criteria to characterise clients and products. In order to achieve this, an accountable institution would need to document and make use of a risk framework.

As with all risk management, an institution's risk framework needs to be regularly updated and supported with documentation to enable and ensure compliance within each institution.

27.31.11 Role of the MLRO/Nominated Officer

Accountable institutions must write and implement internal rules relating to money-laundering control and appoint an officer who is responsible for ensuring compliance by the institution. The MLRO is also required to train the institution's employees to enable them to comply with their money-laundering control obligations.

Once the Compliance Officer has been appointed, they will be required to familiarise themselves with the relevant money-laundering laws and the particular guidelines and regulations. They will then need to ascertain the current level of compliance by the business and its employees with the duty to report suspicious and unusual transactions and ensure that appropriate policy documents and rules are implemented. They will be required to monitor and report to management on compliance.

27.31.12 Due Diligence

FICA prevents accountable institutions from establishing business relationships or entering into single transactions with their clients unless they have established and verified the identities of the clients concerned and of the agents and principals of their clients, as well as any authority the agent, client or principal has to act on behalf of another person.

The Act also requires institutions to verify an agent's authority to act on behalf of a principal. The Regulations provide some detail on the identification and verification of most classes of clients an institution is likely to deal with. These are, for instance, natural persons, companies and close corporations, other legal persons, partnerships and trusts.

The Regulations require institutions to obtain specific information concerning the identities of each of these categories of clients, and also indicate the manner in which the basic client identification particulars should be verified. For instance, an individual's name and identity number should be verified by reference to an identity document.

Other forms of verification are only acceptable if a person is, for a reason which is acceptable to the institution, unable to produce an identity document. Additional identification particulars, such as residential addresses, may be verified by reference to any information which can reasonably be expected to serve as verification for the particulars in question.