There now follows a series of country profiles which provide details of the key rules and regulations that apply in a variety of specific jurisdictions. As you will note, each profile essentially follows the same format to enable readers to promptly obtain the key information that they require. Of course, rules and regulations do change over time and therefore reference should always be made to the specific rules and regulations of the specific jurisdiction to ensure that accurate and up-to-date information is obtained. However, these profiles do highlight both the similarity in the regimes applied internationally and specific issues relevant to individual jurisdictions.
The common content of the jurisdictional regulations is due to the FATF Recommendations having been implemented in the majority of countries. There is still, however, some space for variation and this is, where appropriate, dealt with in this text.
Throughout these sections we have sought to identify examples where action has been taken within the local jurisdiction against money launderers or terrorist financers. Where reference has been made to completed cases, the information has been sourced from publicly available texts which are referenced in the section. The cases will not provide all of the relevant information regarding any specific case, and names have been removed where practicable. These cases are provided to enable the reader to assess how financial crime can work in practice and the actions taken within specific jurisdictions to deal with such issues.
We have not included every European country within the country profiles that follow, since the impact of EU legislation is that the rules applied are almost identical in many cases.
As far as possible the information is considered fully up to date at the date of publication of this text. However, as stated above, rules do change. You should always have reference to the original texts, where possible, if seeking to understand the detailed implementation of local rules, although you may, of course, also contact the author through the publishers.
The problems of financial crime in Albania have been well documented. Perhaps the collapse of the series of pyramid schemes in 1997 specifically highlights the key concerns. These financial schemes, believed to be a means of laundering money, were allegedly linked to Kosovo drug gangs and the Italian mafia. The schemes became so popular that even the poorest members of the population became embroiled. They were attracted by the interest rates offered, which were an impossibly high 44% per month. The total amount of money invested in these schemes was almost 50% of the GDP of the country ($2 billion). The collapse of the schemes in early 1997 led to nationwide riots and the deaths of over 2,000 people.
Albania still has a large informal financial services sector, which, when combined with a cash economy, provides an environment in which financial crime can thrive. That the authorities have sought to address these concerns means that most of the key international requirements have now been implemented. Albania's most significant sources of money laundering still are thought to originate from corruption and organised crime. The European Commission's 2008 Progress Report stated that drug trafficking, organised crime and money laundering remained “serious concerns” and that Albania has made limited progress in its fight against money laundering.
The General Directorate for the Prevention of Money Laundering (GDPML) (Drejtoria e Bashkerendimit te Luftes Kunder Pastrimit te Parave, DBLKPP) operates as the Albanian national financial intelligence unit (FIU). It is the national centre for collecting, analysing and distributing information relating to potential money-laundering activities.
Money laundering is criminalised by Article 287 and 287a of the Albanian Criminal Code. Instruction No. 28, dated 31st December, 2012, On The Reporting Methods, Procedures And The Preventive Measures Taken By The Subjects Of Law No. 9917, dated 19th May, 2008, On The Prevention Of Money Laundering And Terrorism Financing provides the compliance regime, while Law No. 157, dated 10th October, 2013, On The Measures Against Terrorism Financing provides the counter-terrorism financing regime – the third piece of legislation in this area since 2008. Regulation 44 On Measures Against Terrorism Financing provides additional guidance applicable to banks.
In 2006, the Council of Europe's Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism (MONEYVAL) conducted a mutual evaluation of Albania's anti-money-laundering/counter-terrorist-financing regime. The deficiencies identified by MONEYVAL, in May 2008, were addressed by the Albanian Parliament, which passed Law No. 9917, On Money Laundering and Terrorist Financing. The law entered into force in September 2008.
The law consolidated all previous legislation, which includes the Criminal Code of the Republic of Albania, 1995; Criminal Procedure Code of the Republic of Albania, 1995; Law No. 8610, 2000, On the Prevention of Money Laundering amended by Law No. 9084, 2003 entitled For Some Additional and Amendment in Law No. 8610, 2000, On the Prevention of Money Laundering (OPML) (now repealed) and also by Law No. 9258, 2004 On Measures for the Suppression of Terrorism Financing.
Law No. 8610 established an administrative FIU, and the General Directorate for the Prevention of Money Laundering to coordinate the detection and prevention of money-laundering activity in Albania. Under Law No. 9084, the financial intelligence unit became a quasi-independent agency within the Ministry of Finance.
The 2013 follow-up report stated that, although Albania has made considerable progress to tackle money laundering and the financing of terrorism, the risk of money laundering remains high. Albania has a history of organised crime, with clan-based and hierarchically organised networks that are allegedly involved in drug trafficking. The relative size of the cash-based informal economy facilitates the laundering and integration of proceeds of crime. There are a number of sectors identified with illegal practices, including illegal gambling establishments and exchange bureaux, as well as the vulnerabilities that relate to cross-border transportation of currency, which also put Albania at risk for money-laundering activity.
Additionally, the FATF stated that, “In June 2012, Albania made a high-level political commitment to work with the FATF and MONEYVAL to address its strategic money laundering deterrence and counter terrorist financing deficiencies. Albania has taken steps towards improving its regime. However, the FATF has determined that strategic money laundering deterrence and counter terrorist financing deficiencies remain.”
The Bank of Albania, with the attribute of being the monetary and supervisory authority of the country, has the following functions:
A part of the Ministry of Finance, The General Directorate for the Prevention of Money Laundering (GDPML) is the Albanian financial intelligence unit empowered by the money-laundering-deterrence and counter-terrorist-financing legislation to collect, manage and analyse reports filed by obligors in order to prevent and combat money laundering and the financing of terrorism.
The GDPML disseminates information to Albanian law-enforcement authorities if there are grounds to suspect that money-laundering or financing of terrorism offences have been, or are currently being, committed. It also cooperates closely with other financial intelligence units around the world.
The GDPML also has a supervisory role whereby it oversees obligors' compliance with the requirements of AML/CFT law and in that regard it cooperates with all the supervisory authorities and, in particular, with the Bank of Albania and the Financial Supervisory Authority.
Article 21 of the amended AML law provides the GDPML with its powers. It provides that “The General Directorate for the Prevention of Money Laundering exercises the functions of the responsible authority as an institution subordinate to the Minister of Finances. This directorate, within its scope of activity, is empowered to determine the manner of pursuing and resolving cases related to potential money laundering and financing of potential terrorist activities.”
Furthermore, Article 21 specifies that “The General Directorate for the Prevention of Money Laundering acts as a specialised financial unit for the prevention and fight against money laundering and terrorism financing. Moreover, this directorate functions as the national centre in charge of the collection, analysis and dissemination to law enforcement agencies of data regarding the potential money laundering and terrorism financing activities.”
As an administrative FIU, the GDPML does not have law-enforcement capabilities. The GDPML receives reports from obligated entities, i.e. the Ministry of Justice or the Ministry of Finance, analyses them and distributes the results of its analysis to the Prosecutor's Office. In reality, the role of the GDPML is limited by its capacity, and coordination and cooperation with the Prosecutor's Office is problematic, as the number of actual prosecutions made remains low.
The Albanian Financial Supervisory Authority (AFSA), established in 2006, is a public independent institution. The AFSA is responsible for the regulation and supervision of non-banking financial systems and the operators in the sector. The AFSA reports to the Albanian Parliament.
The main areas of activity of the AFSA are regulation and supervision:
The AFSA's primary goals are the protection of consumers' interests and the promotion of sustainability, transparency and reliability in the areas of insurance, securities and private supplementary pensions.
Money laundering was originally criminalised through Article 287 of the Albanian Criminal Code of 1995. Article 287 states that: “Disposing, transferring, concealing, obscuring the nature, source, or ownership of property derived from criminal activity” is an offence. Furthermore, Article 287a provides that “commission of financial transactions or other economical transactions for the purpose of money laundering, which are known to stem from criminal activity, and their recirculation and production for entrepreneurial or economic activity of any kind” is an offence.
The latest AML legislation, Law No. 10 391, provides that “Laundering of criminal offence proceeds” has the same meaning as provided by Article 287 of the Criminal Code.
Article 15 is the tipping off prohibition which prohibits employees of the subject from informing the customer, or any other person, about the verification procedures regarding suspicious cases, as well as any reporting made to the responsible authority.
Article 14 is the legal liability exemption for subjects or supervisory authorities, directors, officials or employees who are reporting criminal activity in good faith to the competent authority. This provision states that these entities shall be exempt from penal, civil or administrative liability arising from disclosure of professional or banking secrecy.
Violation of Article 287 is punishable by three to ten years of imprisonment. Breach of Article 287a is punished by five to ten years of imprisonment, and if committed in collusion with others or repeatedly, is punished by seven to 15 years of imprisonment. If it has caused serious consequences, it is punishable by not less than 15 years of imprisonment.
For tipping off, natural persons shall be fined 2,500,000 Lek, and legal persons shall be fined 5,000,000 Lek.
Law No. 10 391 applies to a variety of financial institutions, including:
Albania adopted a risk-based approach to its anti-money-laundering policies and procedures with the enactment of Law No. 9917 On the Prevention of Money Laundering and Terrorism Financing (OPMLTF).
By virtue of Article 10 of Law No. 10 391, reporting entities are obliged to nominate a responsible person and a deputy for the prevention of money laundering, at the administrative/management level in the central office and in every representative office, branch, subsidiary or agency, to which all employees shall report all suspicious facts, which may comprise a suspicion related to money laundering or terrorism financing. Compliance persons have ongoing access to all data kept in compliance with the AML legislation.
Furthermore, Regulation 44 provides that subjects shall assign one of their executive directors as the person responsible for accomplishing the duties related to the prevention of money laundering and terrorist financing.
The AML legislation provides that entities should identify their customers and verify their identities by means of identification documents:
Entities must identify and verify the identity of the beneficial owner.
Law No. 9917 strengthened customer due diligence by requiring the identification of all customers regardless of the size of their transactions. It is mandatory for reporting subjects to maintain ongoing due diligence of customers according to the KYC (Know Your Customer) procedures. Subjects must undertake enhanced due diligence on a risk-sensitive basis.
There is also a better definition of client, which includes any natural or legal person.
Article 5 states that, for the purposes of identification and confirmation of the identity of clients, subjects must register and keep the following information:
Furthermore, in the case of natural persons who carry out for-profit activity, entities must record:
In the case of legal persons that carry out for-profit activity, entities must ascertain:
In the case of legal entities that do not carry out for-profit activity, entities must ascertain:
The recent instructions specify that, in the case of legal persons and other legal arrangements, the measures taken should include the understanding of the ownership and the structure of their control; the collection of information on the purpose and intended nature of the business relationship; and the conduct of ongoing monitoring of the business relationship and the ongoing scrutiny of transactions, to ensure that these transactions are conducted consistent with the customer's business and risk profiles, including, where necessary, even the source of funds.
In the case of legal representatives of a customer, entities must ascertain:
The AML legislation requires entities to identify, in addition to those specified within the legislation, categories of customers which present a high risk of money laundering. Furthermore, in order to implement the enhanced due diligence, the entities should require the physical presence of customers and their representatives:
Banking entities, in addition to the enhanced due diligence procedures for the customer, should:
In addition, they are obliged under the 2013 guidance to search information in available resources such as the updated national list of politically exposed persons, specific databases (Worldcheck, Factiva, etc.) as well as open sources of information for foreign persons.
In cases where entities have business relationships with politically exposed persons, they must monitor such relationships with enhanced diligence.
Entities shall be prohibited from starting or maintaining business relations with anonymous customers or customers using fake names. Entities shall not be allowed to open or maintain accounts that may be identified only based on the account number.
Financial institutions are required to obtain the approval of the higher levels of administration/management, and document, for each institution, the relevant responsibilities with respect to prevention of money laundering and financing of terrorism prior to establishing a business relationship for banking correspondent services.
Entities must carry out continuous monitoring of business relationships with their customers, in order to make sure that they are in conformity with the entity's information about the customers, the scope of their activity and their classification according to the level of risk they represent.
Entities must periodically update customer data in accordance with paragraph 1 of this Article and immediately when they have reason to suspect that the conditions and the actual situation of the customer have changed.
Entities are obliged to draft and apply internal regulations and guidelines that take into account the money-laundering and terrorism-financing risk, which can originate from customers or businesses, including, but not limited to:
Under Article 11, subjects have an obligation to train their employees on the prevention of money laundering and terrorism financing and organise periodic training programmes for their employees. Law No. 10 391 does not outline any specific training requirements, while the recent guidance specifies that subjects should periodically train their employees on the prevention of money laundering and terrorism financing, based on an annual plan of training, including acquaintance with the legal changes in this field.
Entities must maintain documentation concerning identification, accounts and correspondence with the customer for five years from the date of closing the account or termination of the business relationship between the customer and the entity. At the request of the responsible authority, the documentation may be maintained for more than five years.
Entities must keep data registers, reports and documents related to financial transactions, national or international, regardless of whether the transaction has been executed in the name of the customer or of third parties, together with all supporting documentation, including account files and business correspondence, for five years from the date of the execution of the financial transaction. At the request of the responsible authority, the information may be kept for longer than five years, even if the account or the business relationship has been terminated.
Entities must maintain the data relating to transactions, including those specified in Article 10, with all the necessary details to allow the reestablishing of the entire cycle of transactions, with the aim of providing information to the responsible authority in accordance with this law and the sub-legal acts pursuant to it. This information shall be stored for five years from the date when the last financial transaction has been carried out. This information shall, upon a request from the responsible authority, be stored for longer than five years.
Entities must make sure that all customer and transaction data, as well as the information kept according to this article, shall immediately be made available upon request from the responsible authority.
Article 12 of Law No. 10 391 details the circumstances when subjects should report to the competent authority.
Entities submit a report to the responsible authority when they know or suspect that laundering of the proceeds of crime or terrorism financing is being committed, was committed or is being attempted. The report should be submitted immediately and not later than the period specified in any secondary legislation.
When the entity has been asked by a customer to carry out a transaction, and suspects that the transaction may be related to money laundering or terrorism financing, it should immediately report the case to the responsible authority and ask for instructions as to whether it should execute the transaction or not. The responsible authority shall be obliged to provide a response within 48 hours.
Entities are required to report to the responsible authority within the time limits set forth in any secondary legislation all cash transactions, equal to or greater than 1,500,000 Lek or its equivalent in other currencies, executed as a single transaction or as a series of linked transactions.
Banks and non-banking financial entities should report to the responsible authority in accordance with the time limits set forth in any secondary legislation all non-cash transactions, equal to or greater than 6,000,000 Lek or its equivalent in other currencies executed as a single transaction or as a series of linked transactions.
The penalty for failing to apply customer due diligence measures is:
For failing to apply enhanced CDD measures, entities shall be fined:
In cases of failing to implement adequate internal controls, the fine is:
For failing to meet the reporting obligations, entities shall be fined:
In addition to the above penalties, when the entity is a legal person and the administrative violation is committed by:
There have now been a number of cases reported and acted upon in Albania. The following is typical of the activity identified and acted upon.
The General Directorate for the Prevention of Money Laundering received a report that a politically exposed person (PEP) had signed a contract to buy an apartment for EUR 80,000. The financial investigation unit conducted further enquires, and identified the following:
Further investigations showed that the PEP and the citizen to whom he apparently had no connection had previously lived together, the PEP had been charged with corruption and the two flats purchased were in the same building with identical contracts. Both contracts stated that 20% of the price was to be paid in cash, with the remainder to be paid through a bank loan. The market value of the property was actually 50% higher than the value paid, and besides the PEP, nobody involved had business activities.
The following conclusions were reached upon the processing of the additional information received from banks:
Based on the above information, and taking into consideration the PEP's previous job, the grounded suspicion that the money invested in different ways really belonged to him and that the function held by the PEP provided numerous opportunities for corruption, the case was disseminated to the law-enforcement authorities.
Argentina is described by the USA State Department as a “major money-laundering country”. While it is making progress in developing its AML legal framework, it is still considered to be largely out of touch with international standards.
The key Argentine money-laundering-deterrence and counter-terrorist-financing legislation is:
Resolution 228/2007, passed by the Financial Intelligence Unit, sets out the compliance requirements.
Money laundering was first criminalised in Argentina in 1989 under Article 25 of the Narcotics Law 23.737. Law No. 25.246 was enacted and came into force in 2000, and has since been amended four times. Supplementary rules and regulations have been implemented in order to bring alignment between Argentina and the global money-laundering standards together with the regulatory framework within South America.
On 11th September, 2007, the Argentine government enacted, through Decree 1225/2007, the National Anti-Money-Laundering and Counter-Terrorism Finance Agenda (the National Agenda) to serve as a roadmap for implementing money-laundering-deterrence and counter-terrorist-financing laws and regulations. This agenda provides the structure for the government of Argentina to improve existing legislation and regulation, and enhance inter-agency coordination.
On 17th June, 2011, the legislature of Argentina passed Law 26.683 (“The AML Act”) to amend the Criminal Code in order to update the criminal treatment of money laundering. The new law was adopted in response to pressure from the Financial Action Task Force.
Since February 2012, Argentina has taken substantial steps towards improving its money-laundering-deterrence and counter-terrorist-financing (AML/CFT) regime, including issuing a Presidential Decree creating a framework for freezing terrorist-related assets and issuing further FIU resolutions to reporting parties.
The FATF also welcomed Argentina's updated action plan on measures and milestones to assess Argentina's effective implementation of its money-laundering offence, but determined in June 2013 that certain strategic AML/CFT deficiencies remain. The Financial Action Task Force's third-round mutual evaluation report of Argentina found the country partially compliant or non-compliant with 46 of the 49 FATF Recommendations. Argentina is subject to an enhanced follow-up procedure during which the country is expected to immediately address deficiencies relating to its criminalisation of both money laundering and terrorist financing. The country is currently on the grey list, indicating that there is a lot of work still to do.
The FIU was created in May 2000 to prevent and deter money laundering. Its mandate was extended in 2007 to include the prevention of terrorism financing, and its role was most recently updated in 2011. The 2011 AML Act provides that the Financial Intelligence Unit (FIU) should work with autonomy and financial independence within the Ministry of Justice and Human Rights Office. The FIU is responsible for analysing, processing and transmission of information for the purposes of preventing and deterring money laundering and financial crime, and is supported by liaison officers appointed by the heads of many other government ministries listed in the Act.
The FIU is empowered to:
The FIU is in charge of the analysis, use and communication of information for prevention of financial crimes. Federal courts have jurisdiction over those crimes.
Banco Central de la República Argentina (BCRA) acts as the central bank, and operates in a supervisory capacity for the financial services sector within Argentina. It has the dual responsibility of monitoring and regulating financial crime as well as banking regulation.
The central bank's role is to monitor the appropriate operation of the financial market and implement the Law on Financial Institutions and other regulations. Furthermore, it supervises the financial and foreign exchange activity by means of the Superintendency of Foreign Exchange and Financial Institutions.
On 6th April, 2012 the new Central Bank Charter of Argentina (Law 26.739) came into force. This gives the BCRA a dual role:
Furthermore, the bank has been given additional powers:
The Argentinian definition of money laundering, translated from Spanish, is:“Anyone who converts, transfers, administers, sells, manages, disguises or through any means puts in market circulation assets from a criminal offence, with the possible consequence that goods appear to have a legal origin, when its value exceeds the sum of three hundred thousand pesos, whether in a single act or repeated acts by various interlinked, shall be punished…”
In summary, the offence is converting, transferring, administering, selling, managing, disguising or, through any means, putting into market circulation assets derived from a crime involving a sum of over 300,000 pesos (approximately £42,000), therefore hiding its true origin and giving it a legitimate appearance.
For money laundering as defined above, the penalty is imprisonment of three to ten years and a fine of two to ten times the amount of the transaction. However, this can be altered by one third of the maximum and half of the minimum in the following cases:
Judges can now make orders such as seizure of money-laundering-related assets (to compensate victims) before a conviction is obtained, provided the illegal origin has been proven. They can also order confidentiality regarding the identity of criminals and witnesses involved, to provide protection and encourage other people to come forward. Revealing the identity of a witness or accused after a judge has ordered anonymity carries a penalty of one to four years' imprisonment and a fine of 50,000 pesos.
It is also important to note that:
The offence of the financing of terrorism is committed by anyone who collects goods or funds, either directly or indirectly, with the intention or knowledge that such goods or funds will be used to finance terror-related crime, either by a criminal organisation or by an individual. This offence is punishable by both imprisonment and a fine.
Twenty-three categories of organisation are bound by the requirements of the AML Act, including financial institutions, intermediaries, insurance companies and trustees.
Entities may establish operating procedures and appoint Compliance Officers to prevent money laundering and terrorism financing.
Argentina has implemented the risk-based system as envisaged by the Financial Action Task Force, and in particular in relation to the required customer due diligence process. This is evidenced by the requirement for the systematic use of the risk matrix within financial institutions.
Regulated entities must appoint a Compliance Officer, who is responsible for ensuring compliance and implementation of procedures to fulfil any legal obligations. They are also responsible for liaising with the FIU. The entity must notify the FIU in writing of the following information pertaining to the appointed Compliance Officer:
The Compliance Officer must be completely independent and autonomous, as well as having unrestricted access to all the information required for performing their role. A deputy may be appointed to assist them.
The Compliance Officer will have the following obligations:
To fulfil the obligations outlined above, the Compliance Officer may be assisted by a Committee of Control and Prevention of Money Laundering and Terrorism Financing.
CDD must be carried out for all “customers”, who are defined as all individuals or legal entities that establish, on a casual or permanent basis, a financial, economic or commercial contractual relationship. The minimum CDD requirements are detailed below.
Information must be gathered relating to the customer's:
The same treatment is given to an attorney, guardian, agent or guarantor. Entities will also require an affidavit on the origin and legality of the funds, or appropriate supporting documentation as stipulated by the FIU.
The following information must be collected:
The CDD must be carried out for any corporation, regardless of legal status. In addition to this information, entities will also require an affidavit on the origin and legality of the funds, or appropriate supporting documentation as specified by the FIU.
Entities are required to follow the Know Your Customer policy. The KYC policy should include criteria, measures and procedures that include, at least:
However, a distinction is made between regular and occasional customers. Regular customers are those:
Occasional customers are those:
For regular customers only, entities must create a customer profile based on information collated during CDD. Regulated entities should estimate the annual amount of operations per calendar year for each regular customer and use this to monitor any suspicious transactions or unusual activity. This should be recorded in writing.
If there is doubt regarding whether a client is acting on their own (or where it is certain that they are not), entities must take reasonable additional steps in order to obtain information about the true identity of the agent and beneficiary. They should pay special attention to individuals who use companies as fronts for their operations, and have procedures in place which:
Entities should also take specific and adequate measures to reduce the risk of money laundering and terrorist financing when they have not met their customers face to face.
PEPs should be given particular attention, especially if they enter into transactions which appear unconnected with their profile and usual activity.
The MLRO is required to implement a formal staff-training programme.
Obligated parties are obliged to keep the following documentation in such a manner that a transaction can be reconstructed:
Reporting entities must report any suspicious conduct or activities relating to money laundering or terrorist financing to the FIU as soon as they find out about the suspicious conduct, by submitting a suspicious activity report (SAR). The FIU determines the reporting procedure, and the Compliance Officer is responsible for submitting the report.
Indicators of suspicion include, but are not exclusive to:
Regulated entities must retain all documentation supporting a SAR, and submit it to the FIU within 48 hours of being requested. The deadline to report potential money laundering shall be 150 days after the suspicious transaction was performed or attempted. The deadline to report potential financing of terrorism is 48 hours after the suspicious transaction was performed or attempted.
On 7th June, 2010 the BCRA passed a law to prevent money laundering and tax avoidance. This law applies to local residents accessing the exchange market and places new restrictions on foreign currency savings and/or the acquisition of foreign assets.
Under these regulations, individuals or entities purchasing more than US$ 250,000 in aggregate per year must file a detailed asset justification report to the BCRA, and the financial entity involved in the sale of foreign currency shall also be required to verify that the amount of dollars purchased is consistent with the assets declared to the relevant tax authorities. However, the obligation to report does not apply if the purchases of foreign currency do not exceed US$ 5,000 per month.
In addition to this, any local resident purchasing more than US$ 20,000 of foreign currency per calendar month must do so through a bank transfer, an electronic payment or by cheque. The maximum threshold for purchases of foreign currency by local residents for foreign currency savings and/or the acquisition of foreign assets is US$ 2,000,000 per calendar month for both entities and individuals.
Anyone acting in charge of a body which breaches these provisions can be fined an amount between one and ten times the total value of the property or transaction to which the infringement relates, unless the act constitutes a more serious crime. This penalty will also apply to the company itself. If it is not possible to establish the value of the property, the fine shall be between ten thousand dollars and one hundred thousand dollars. The offence is subject to a five-year limitation period, after which no charges can be brought.
In one case, two Mexican citizens were convicted of money laundering in Argentina, and given three-year suspended sentences. They flew from Mexico into Elegize Airport, Argentina, in October 2005, carrying suitcases with false bottoms.
Customs agents searching the suitcases found $648,000, which it later transpired did not belong to either of the men. The money was confiscated, and the pair were banned from engaging in business in Argentina. This case illustrates that, despite the current age of technology and sophisticated measures, systems and structures modern criminals use, money laundering can still be done in the most simple of ways and it pays to be vigilant about smuggling.
In another case, Argentina's Anti-Money-Laundering Office fined the local unit of HSBC Holdings plc 64 million pesos ($14 million) for failing to report suspicious company transactions in August 2012. The transactions, worth about 31.7 million pesos, took place from September to December 2007 and involved a company that said it had neither employees nor installations. The UIF based the penalty on the failure to comply with the “obligation to inform” established by Law 25.246. This case highlights the severity of the penalties which firms can incur if they fail to comply with their AML obligations.
A report prepared as part of a $3.2 million programme of research into money laundering and financing of terrorism in Australia found the country to have a robust money-laundering-deterrence framework, but noted that there is still work to do. Despite the regime, the number of prosecutions for money laundering in Australia has been relatively low, although prosecutions have increased considerably from five charges in 2003–04 to over 100 in 2010–11.
The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the AML/CTF Act), and subsequent amendments, provides the Australian AML/CFT legal framework. This is supplemented by Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) (“The Rules”), which were last updated in June 2012.
The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the AML/CTF Act) is the current AML legislation in Australia, which came into force on 12th December, 2006. The Act was the first tranche of legislation which Australia adopted to reform its money-laundering-deterrence and counter-terrorist-financing regulatory regime. One of the main aims of this is to bring Australia in line with international standards, including standards set by the Financial Action Task Force (FATF). The Act is supplemented by The Rules.
Additional legislative provisions were developed in August 2007 to amend the Act. The provisions specify what “designated services” will trigger obligations under the Act. Further reforms were made in 2009 and 2012 following the review by the FATF. The Australian government is currently reviewing a further tranche of legislation, which had not been implemented at the time of this book going to print.
The Act implements a risk-based approach to regulation. This requires that reporting entities will use a risk-based approach to determine the way in which they meet their obligations based on their assessment of risk. When determining and putting in place appropriate risk-based systems and controls, the reporting entity must have regard to the nature, size and complexity of its business and the type of AML/CFT risk that it might reasonably face, considering its customer types, including any politically exposed persons, the types of designated services it provides, the methods by which it delivers designated services and the foreign jurisdictions with which it deals.
Australia was last reviewed in 2005, where it was found to be compliant with approximately half of the FATF Recommendations. However, this review was carried out before the implementation of the current AML law, which strengthened the regime. The process for the next review will likely commence in 2014.
The Australian Transaction Reports and Analysis Centre (AUSTRAC) is Australia's anti-money-laundering and counter-terrorism-financing regulator and specialist financial intelligence unit. The organisation contributes to investigative and law-enforcement work to combat financial crime and prosecute criminals in Australia and overseas. AUSTRAC's purpose is to protect the integrity of Australia's financial system and contribute to the administration of justice through its expertise in countering money laundering and the financing of terrorism.
AUSTRAC has two important roles:
The Criminal Justice Division of the Attorney General's Department has a policy role with respect to the Act, together with any associated regulations. The First Assistant Secretary of the Criminal Justice Division takes the lead role in Australia's delegation to the FATF.
It is an offence in Australia to deal with money or property that is either the proceeds of, or may become an instrument of, crime. A person deals with money or other property if they:
It is also an offence to:
“Proceeds of crime” is defined as any money or other property that is wholly or partly derived or realised, directly or indirectly, by any person from the commission of an offence against a law of the Commonwealth, a State, a Territory or a foreign country that may be dealt with as an indictable offence (even if it may, in some circumstances, be dealt with as a summary offence).
The prosecution does not have to prove what the underlying offence was, or who committed it, in order to obtain a money-laundering conviction.
In addition to the above, persons that:
will be guilty of the principal money-laundering offence.
Sections 400.3–400.8 of the Criminal Code set out a sliding scale of six money-laundering offences structured according to the value of the money or property involved. Section 400.3 applies where the value of the money or property is worth $1 million or more. At the bottom end of the scale, Section 400.8 applies to offences where the money or property is of any value.
Each section is further structured according to the element of fault involved. The most serious offence is committed where the money or property is, and the person believes it to be, the proceeds of crime, or intends that it will become an instrument of crime. The mid-level offence is committed in circumstances where the money or property is the proceeds of crime or there is a risk that it will become an instrument of crime and the person is reckless as to those facts. The lowest level offence is committed where the person is negligent as to the facts.
Penalties are on a sliding scale according to the value of the money or property and the seriousness of the fault element. The maximum penalty is 25 years' imprisonment or a fine of AUD 165,000, or both.
A reporting entity must put in place and maintain an AML/CFT programme. Generally, an AML/CFT programme must be divided into two distinct parts: Parts A and B.
The primary purpose of Part A of a standard AML/CFT programme is to identify, manage and mitigate any money-laundering or terrorism-financing risk a reporting entity may reasonably face. Some of the requirements specified in these rules may be complied with by a reporting entity putting in place appropriate risk-based systems or controls, which should be implemented with regard to the nature, size and complexity of its business and the type of AML/CFT risk that it might reasonably face.
Part A must be designed to enable the reporting entity to:
The sole or primary purpose of Part B is to set out the reporting entity's customer identification procedures.
Some of the requirements may be complied with by a reporting entity putting in place appropriate risk-based systems and controls, which, as above, should be implemented with regard to the nature, size and complexity of its business and the type of AML/CFT risk that it might reasonably face.
Part B of an AML/CFT programme sets out a reporting entity's customer identification procedures:
In carrying out customer due diligence, the reporting entity may request information from a customer. If the reporting entity has provided a designated service and has reasonable grounds to believe that a customer has information that is likely to assist the reporting entity, the reporting entity may, by giving written notice, request such information from the customer within a specified period. The notice must also set out the reporting entity's power to discontinue, restrict or limit the provision of designated services if the customer refuses to comply with the request for information.
Part A must provide for the reporting entity to designate a person as the “AML/CTF Compliance Officer” at the management level. The AML/CTF Compliance Officer may have other duties in addition to their role as Compliance Officer.
The Rules provide that different CDD requirements apply for different types of customer.
The entity should include appropriate risk-based systems and controls that are designed to enable the reporting entity to be reasonably satisfied that the customer is the individual that he or she claims to be.
Part B must include a procedure for the reporting entity to collect and verify, at a minimum, the following KYC information from an individual (other than a sole trader):
For a sole trader, they must ascertain:
Part B must also verify the information based on:
Part B must be able to respond to any discrepancy that arises in the course of verifying CDD so that it can be reasonably satisfied that the customer is the person that he or she claims to be.
Part B must include appropriate risk-based systems and controls to enable the reporting entity to be reasonably satisfied that:
The reporting entity must collect and verify, at a minimum, the following information:
In the case of a domestic company:
In the case of a registered foreign company:
In the case of an unregistered foreign company:
In addition to this, the entity must be able to determine whether any other KYC information collected in respect of the company should be verified, with regard to the AML/CFT risk.
Part B must include a procedure for the reporting entity to collect the name and address of each beneficial owner (if any) of a proprietary or private company, and be able to ascertain whether or not it needs to verify this information.
Verification of information about a company should be based, as far as possible, on reliable and independent sources, which would include a disclosure certificate that verifies information about the beneficial ownership of a company (other than a foreign company).
The reporting entity must be able to respond to any discrepancy that arises in the course of verifying information about a company, and determine whether it is reasonably satisfied about the matters referred to above.
There are similar rules for trustees, partners, agents and customers other than individuals.
If the reporting entity suspects a customer is not who they say they are, or has other suspicions about its customers, it must, within 14 days:
Where the reporting entity determines that the relationship with an individual customer is of medium or lower risk, they may complete the following as CDD:
Alternatively, a reporting entity may use electronic procedures to complete reduced CDD for a medium or lower-risk customer. If so, it should collect the KYC information described above from a customer, and verify the customer's name and the customer's residential address using reliable and independent electronic data from at least two separate data sources, and either:
For simplified corporate CDD, if the company is:
CDD can be completed by obtaining and verifying one or a combination of the following:
A reporting entity must include an enhanced customer due diligence programme in Part A of its AML/CFT programme. The reporting entity must apply the enhanced customer due diligence programme when:
The enhanced customer due diligence programme should require the entity to do one or more of the following:
It may verify or re-verify KYC information in accordance with the customer identification programme, or undertake more detailed analysis and monitoring of the customer's transactions – both past and future, including, but not limited to:
It could seek senior management approval for:
It may also lodge a suspicious matter report, if required.
A financial institution (the first financial institution) must carry out, to the extent warranted by the risk identified, an assessment of the following matters:
Part A must be subject to regular independent review. The review may be carried out by either an internal or external party. The purpose of the review should be to:
The result of the review, including any report prepared, must be provided to the governing board and senior management.
A reporting entity must be able to determine whether any further KYC information should be collected in respect of customers for ongoing customer due diligence purposes, and whether and in what circumstances KYC information should be updated or verified for ongoing CDD purposes.
A reporting entity must also include a transaction-monitoring programme in Part A of its AML/CFT programme to identify, having regard to ML/TF risk, any transaction that appears to be suspicious. The transaction-monitoring programme should have regard to complex, unusual, large transactions and unusual patterns of transactions, which have no apparent economic or visible lawful purpose.
Part A must include an ML/TF risk awareness training programme. The ML/TF risk awareness training programme must be designed so that the reporting entity gives its employees appropriate training at appropriate intervals, having regard to the ML/TF risks it may reasonably face. It must be designed to enable employees to understand:
Employees must be subject to an appropriate due diligence screening programme.
A reporting entity must make a record of a designated service and related documentation, and keep these for seven years. It must also retain a record of an applicable customer identification procedure for seven years after the end of the reporting entity's relationship with the relevant customer. A reporting entity must retain a copy of its anti-money-laundering and counter-terrorism-financing programme.
Reporting entities are required to enrol with AUSTRAC and to keep enrolment details up to date. A reporting entity must submit to AUSTRAC a report relating to the reporting entity's compliance with this Act, the regulations and the AML/CFT Rules during the reporting period. The report must cover the calendar year and be submitted by 31st March of the following year.
Part A of a reporting entity's AML/CFT programme must include:
A reporting entity must submit a suspicious transaction report to AUSTRAC if:
The report should be submitted within 24 hours for any terrorism suspicions, and three business days for other issues.
A reporting entity must report a transaction that involves the transfer of physical or e-currency amounting to not less than AU$10,000 (“a threshold transaction”) to AUSTRAC within ten business days of it occurring.
Pecuniary penalties are payable for contravention of civil penalty provisions. Authorised officers, customs officers and police officers may issue infringement notices for unreported cross-border movements of physical currency and bearer negotiable instruments.
In determining the pecuniary penalty, the Federal Court must have regard to all relevant matters, including:
The pecuniary penalty payable by a body corporate must not exceed 100,000 penalty units ($11,000,000). The pecuniary penalty payable by a person other than a body corporate must not exceed 20,000 penalty units ($2,200,000).
The AUSTRAC CEO is to monitor compliance by reporting entities with their obligations under this Act. The AUSTRAC CEO may give a remedial direction to a reporting entity that has contravened a civil penalty provision. The Federal Court may grant injunctions in relation to contraventions of civil penalty provisions.
Australian AML/CFT regulations are in the process of change as this book is going to print, a full description of which can be found at http://www.austrac.gov.au/draft-amlctf-rules.html.
The Australian government is conducting a public consultation on the operation of Australia's anti-money-laundering and counter-terrorism-financing regime as part of the statutory review of the country's AML/CFT regime.
The review encompasses the operation of the Anti-Money Laundering and Counter-Terrorism Financing Act (Cth) 2006 and the associated AML/CFT rules and regulations.
Public submissions closed on Friday 28th March, 2014.
Submissions on the consultation on possible enhancements to the requirements for customer due diligence paper closed on 30th September, 2013 and are being considered.
At this stage it is not possible to know for certain how the regulations in Australia will change as a result of these consultations.
As stated above, the Australian authorities have been active in taking action against money laundering and terrorist financing. The following two cases illustrate the type of transactions that have been identified in practice.
In a recent case, AUSTRAC information assisted authorities with an investigation into a company suspected of a multi-million-dollar duty-free fraud. The investigation resulted in the company and its two directors being convicted of fraud-related charges.
The investigation revealed that, over a three-year period, a complex arrangement was set up where the directors of the company, which traded as a duty-free store, sold large quantities of “underbond” cigarettes (cigarettes on which excise duty had not been paid).
The directors sold the cigarettes and profited by avoiding paying the required customs and excise duty. In total, authorities believe that the suspects evaded more than AUD 2.5 million in tax.
In accordance with AML/CFT reporting requirements, reporting entities submitted a range of financial transaction reports indicating suspicious activity by the company and its directors, involving currency exchange business and casinos. Authorities believe the suspects undertook a range of activities to launder and hide the substantial proceeds of the cigarette sales.
One of the directors travelled regularly to Cambodia and would visit currency exchange businesses in Australia to convert funds to US dollars before each trip. When converting currency amounts worth more than AUD 10,000, the two directors regularly refused to complete significant cash transaction reports (SCTRs), instead opting to structure the cash into smaller amounts to avoid the SCTR-reporting requirement.
This structuring activity led to a total of 44 suspect transaction reports (SUSTRs) being submitted about the two directors, with the majority coming from a currency exchange business. It was also reported that the suspects had asked reporting entities whether or not their transactions would be recorded and reported to the Australian Taxation Office (ATO), a further indication that they were involved in illegal activity and were concerned about attracting the attention of authorities.
AUSTRAC also received SUSTRs from a casino, highlighting one suspect's continued use of a casino account to deposit and withdraw funds, despite undertaking limited gambling activity. The reports indicated the suspect was a regular patron at the casino. While the suspect's gambling activity remained limited, the amounts gambled had increased substantially over an eight-year period. It was also reported that the suspect had collaborated with a number of third parties while depositing and withdrawing funds at the casino.
In all, AUSTRAC information showed that the two directors and associates made cash deposits worth more than AUD 20 million into their business banking account.
The company and its directors were convicted and ordered to repay the AUD 2.5 million in tax they had evaded. In addition, they were ordered to pay penalties of more than AUD 600,000, as well as the Commonwealth's legal costs of AUD 140,000. The convictions finalised a long-running and complex investigation.
In another case, an Australian-based mining company initiated an internal investigation after it was suspected an employee had stolen more than AUD 1.1 million over a three-year period. The company identified the suspect through internal audit processes and the matter was referred to law-enforcement authorities for further investigation.
The law-enforcement investigation revealed that the suspect, an accountant employed by the company, had abused his position of trust by systematically making a series of unauthorised international transfers over a three-year period. The transfers were made from a company account to a number of offshore accounts held in the suspect's name and a number of his family members' names.
A suspect transaction report (SUSTR) submitted by a bank suggested that an outgoing international funds transfer instruction (IFTI) of AUD 27,500 from the suspect's personal account appeared to be sourced from company funds. The suspect was the beneficiary of the IFTI and bank staff noticed that four days prior to the IFTI, the exact amount of AUD 27,500 was transferred into the suspect's account from a company account.
AUSTRAC analysis found a number of transaction reports linked to the suspect. These supported the allegation of theft and identified the significant extent of the financial activity undertaken by the suspect.
AUSTRAC information revealed that the suspect was the beneficiary of 17 outgoing IFTIs to India in amounts of between AUD 2,400 and AUD 33,400. Funds were sent from either the suspect's personal Australian-based bank account or from the company's account. In total, approximately AUD 300,000 was transferred, all believed to be the proceeds of the theft.
Law-enforcement officers contacted the suspect while he was overseas. The suspect surrendered to authorities on his return to Australia. The suspect was charged with ten counts of stealing and sentenced to seven years' imprisonment. After serving four years, the suspect was deported from Australia.
The location of the Bahamas as an offshore financial centre means that it attracts drug trafficking more than it does money laundering. As of 2007, 14 ML prosecutions had been instituted in the Bahamas and over $6.6 million of forfeited proceeds had been placed in the Confiscated Assets Fund.
The Proceeds of Crime Act 2000 provides the main money-laundering offences, supplemented by various other statutes and the Central Bank of the Bahamas' AML guidelines. At the time of writing, the Compliance Commission Codes of Practice were being revised and no information regarding the changes had been released.
The first money-laundering-deterrence legislation passed related to drug trafficking. This was initially criminalised through the implementation of the Forfeiture of Proceeds of Drug Trafficking Act 1987.
The Bahamas was one of the first nations to incorporate into legislation the UN Convention Against the Illicit Trafficking of Narcotics and Psychotropic Substances. The IMF noted, in its review, that there was adherence with the FATF's “40 + 9” recommendations, which can be found in the preventative measures of the Central Bank of the Bahamas.
There are five main bodies of law that currently constitute the legal framework for money-laundering deterrence operating in the Bahamas:
The Central Bank of the Bahamas issued revised AML/CFT guidelines in March 2011. The Securities Commission released its guidelines for Licensees/Registrants on the Prevention of Money Laundering and Countering Terrorist Financing.
The most recent FATF mutual assessment of the Bahamas, published in 2007, was positive, describing the regime as robust, coherent and comprehensive.
The Financial Intelligence Unit (FIU) is responsible for receiving, analysing, obtaining and disseminating information that relates to, or may relate to, proceeds of crime in an effort to combat money laundering and terrorist financing. Its target audience is financial institutions as defined by the Financial Transaction Reporting Act (FTRA), the regulatory bodies for all financial institutions and the general public at large. Any individual concerned with combating proceeds of crime as dictated by the Proceeds of Crime Act, while detecting criminal activity relating to money laundering and terrorist financing can approach the FIU. The FIU has two roles:
This is an independent statutory body established as the anti-money-laundering regulatory authority for non-traditional financial institutions, for example law firms, accounting firms, real estate brokers, credit unions, etc. Although it is an independent agency, the Compliance Commission falls within the responsibility of the Minister of Finance.
The central bank's role is to foster an environment of monetary stability conducive to economic development, and to ensure a stable and sound financial system.
This Commission regulates the activities of the securities and capital markets, with the aim of protecting investors while strengthening the public and institutional confidence in the integrity of those markets.
The BFSB represents and promotes the development of all sectors of the industry, including banking, private banking and trust services, mutual funds, capital markets, investment advisory services, accounting and legal services, insurance and corporate and shipping registries. In addition to its coordinated programmes to increase confidence and expand knowledge of The Bahamas among international businesses and investors, the private-sector-led BFSB will continue to consult with government to develop new initiatives to meet the rapidly changing demands of international financial markets.
Under the provisions of the Financial and Corporate Service Providers Act 2000 the Inspector is required to maintain a general review of financial and corporate services in The Bahamas. Annually, and when required by the relevant Minister, the Inspector must conduct on-site and off-site examinations of a licensee to ensure compliance by the licensee with the FCSPA, as well as the Financial Transactions Reporting Act and the International Business Companies Act and any other relevant law.
There are three main money-laundering offences in The Bahamas.
Section 40 of the Proceeds of Crime Act provides that “a person is guilty of the offence of money laundering if he uses, transfers, sends or delivers to any person or place any property which, in whole or in part, directly or indirectly represents proceeds of criminal conduct; or disposes of, converts, alters or otherwise deals with that property in any manner and by any means with the intent to conceal or disguise such property”. This offence can be committed on the basis of knowledge or reasonable grounds for suspicion that the property is the proceeds of crime.
It is also an offence for a person to assist another to retain or live off the proceeds of criminal conduct knowing, suspecting or having reasonable grounds to suspect that the other person is, or has been, engaged in, or has benefited from, criminal conduct.
A person is also guilty of an offence if he knows, suspects or has reasonable grounds to suspect that any property, in whole or in part, directly or indirectly represents another person's proceeds of criminal conduct, and he acquires or uses that property or has possession of it.
It is a defence for a person to prove that he or she did not know, suspect or have reasonable grounds to suspect that:
Furthermore, it is a defence for a person to prove that he intended to disclose to a police officer a suspicion, belief or matter that any funds or property were derived from, or used in connection with, criminal conduct, but there is a reasonable excuse for failing to do so.
The guidelines prescribe the operation of a risk-based approach based on the development of a risk-rating framework which should include, as a minimum:
The risk-rating framework should provide for the periodic review of the customer relationship to allow the licensee to determine whether any adjustment should be made to the risk rating. The review of the risk rating for high-risk customers may be undertaken more frequently than for other customers, and a determination made by senior management as to whether the relationship should be continued. All decisions regarding high-risk relationships and the basis for these decisions should be documented.
Licensees should monitor both potential and existing customers.
Licensed firms are required to appoint an MLRO. Under the March 2011 Guidelines, all licensees are required to:
A licensee may choose to combine the functions of the Compliance Officer with that of the MLRO, depending upon the scale and nature of business. The roles might be assigned to its inspection, fraud or compliance functions.
The MLRO should be sufficiently senior to command the necessary authority. The MLRO is required to determine whether the information or other matters contained in the transaction report he or she has received gives rise to a knowledge or suspicion that a customer is engaged in money laundering or the financing of terrorism. In making this judgment, the MLRO should have timely access to all other relevant information such as customer identification data and other CDD information transaction records available for a licensee concerning the person or business to which the initial report relates. This may include a review of other transaction patterns and volumes through the account or accounts in the same name, the length of the business relationship and reference to identification records held.
If, after completing this review, the MLRO decides that the initial report gives rise to a knowledge or suspicion of money laundering or terrorist financing, then the MLRO must disclose information about the former to the FIU and about the latter to the Commissioner of Police.
It would be prudent, for the MLRO's own protection, for internal procedures to require that only written reports of suspicious transactions are submitted to the MLRO, who should record his or her determination in writing and the underlying reasons for their decisions.
Customer identification is based on the following two important aspects of knowing your customer:
This information should be updated as appropriate, and as opportunities arise.
Licensees should observe the following timeframes when seeking to verify the identity of their customers:
Where satisfactory evidence of identity is required, no transaction should be conducted over the facility pending receipt of identification evidence and information. Documents of title should not be issued, nor income remitted (though it may be re-invested) in the absence of evidence of identity.
A licensee must obtain and document the following information when seeking to verify identity:
The following information may also be required:
In circumstances where the licensee's customer is considered a high-risk client, the licensee is also required to confirm the customer's source of wealth.
To confirm an address, the licensee should:
The information obtained should demonstrate that a person of that name exists at the address given, and that the facility holder is that person.
Identification documents, either originals or certified copies, should be pre-signed and bear a discernable photograph of the applicant, for example:
Licensees must obtain the following documents and information when seeking to verify the identity of corporate clients:
In addition, the guidelines strongly recommend that licensees obtain the following information and documents when seeking to verify the identity of corporate clients:
Verification of identity is not normally needed in the case of a single occasional transaction when payment by, or to, the customer is less than $15,000. Irrespective of the size of a transaction, however, any suspicions of money laundering must be reported in accordance with the FIU's Suspicious Transactions Reporting Guidelines. There are also a number of bodies subject to simplified CDD, including government bodies, superannuation schemes and employment pension schemes.
Licensees should apply enhanced CDD measures on a risk-sensitive basis for such categories of customer, business relations or transactions as the licensee may assess to present a higher risk for money laundering or terrorist financing. The extent of additional monitoring and information sought will depend on the money-laundering or terrorist-financing risk involved. A licensee should hold a fuller set of information in respect of those customers.
The extent of verification in respect of non-face-to-face customers will depend on the nature and characteristics of the product or service provided and the assessed money-laundering and terrorist-financing risk presented by the customer. A licensee should take specific and adequate measures to compensate for the higher risk, most notably for forgery and fraud, for example, by applying one or more of the following measures:
Politically exposed persons (PEPs) are defined as “individuals who hold or have held, in the preceding year, important public positions”. An individual ceases to be a PEP after he has left office for one year. However, licensees are encouraged to apply a risk-based approach in determining whether they should cease carrying out appropriately enhanced monitoring of a PEP's transactions and activity at the end of this period. A longer period might be appropriate, in order to ensure that the higher risks associated with the individual's previous position have adequately abated.
Licensees should obtain senior management approval before establishing new correspondent relationships, and a review of the correspondent banking relationship should be conducted at least annually.
Transactions conducted through correspondent relationships need to be monitored according to perceived risk. Where the respondent bank or counterparty is not regulated by a country listed in the First Schedule of the FTRA, additional due diligence should be carried out to ascertain and assess whether its AML/CFT controls are in accordance with standards which are at least equivalent to those required under Bahamian law.
Additionally, licensees must gather sufficient information about the respondent's business to understand fully the nature of the respondent's business and determine, from publicly available information, the reputation of the respondent and the quality of supervision, including whether it has been subject to a money-laundering or terrorist-financing investigation or regulatory action.
Licensees should document the responsibilities of each institution in relation to KYC measures. Staff dealing with correspondent banking accounts should be trained to recognise high-risk circumstances, and be prepared to challenge respondents over irregular activity, whether isolated transactions or trends, submitting an STR where appropriate.
Licensees should guard against passing funds through accounts without taking reasonable steps to satisfy themselves that sufficient due diligence has been undertaken by the remitting bank on the underlying client and the origin of funds. In these circumstances, the licensee must be satisfied that the respondent institution is able to provide KYC documentation on the underlying customer, upon request.
Licensees should consider terminating the accounts of respondents who fail to provide satisfactory answers to reasonable enquiries including, where appropriate, confirming the identity of customers involved in unusual or suspicious transactions.
Licensees are required to make arrangements to verify, on a regular basis, compliance with internal policies, procedures and controls relating to money-laundering and terrorist-financing activities, in order to satisfy management that the requirements under the law and in these guidelines, to maintain such procedures, have been discharged. Larger licensees should assign this role to their Internal Audit Department. Smaller licensees may wish to introduce a regular review by the board of directors or their external auditors.
Licensees should monitor the conduct of the relationship/account to ensure that it is consistent with the nature of business stated when the relationship/account was opened, the extent of which will depend on the risk associated with the customer. They should be aware of any significant changes or inconsistencies compared to the original stated purpose of the account. Possible areas to monitor could be:
Licensees should also establish and implement appropriate policies and procedures to ensure high standards are being followed when hiring employees. To this end, licensees should have in place screening procedures, which should involve making diligent and appropriate enquiries about the personal history of the potential employee and taking up appropriate references on the individual.
Licensees must take appropriate measures to make employees aware of:
At least once per year, financial institutions shall provide relevant employees with appropriate training in the recognition and handling of transactions carried out by persons who may be engaged in money laundering. The following is recommended:
General information on the background to money laundering and terrorist financing, and the subsequent need for reporting of any suspicious transactions to the MLRO should be provided to all new employees who will be dealing with customers or their transactions, irrespective of the level of seniority, within the first month of their employment. They should be made aware of the importance placed on the reporting of suspicions by the organisation, that there is a legal requirement to report and that there is a personal statutory obligation in this respect. They should also be provided with a copy of the written policies and procedures in place in the financial institution for the reporting of suspicious transactions.
All front-line staff should be made aware of the business policy for dealing with occasional customers, particularly where large cash transactions, money transfers, negotiable instruments, certificates of deposit or letters of credit and other guarantees, etc. are involved, and of the need for extra vigilance in these cases. Training should be provided on factors that may give rise to suspicions and on the procedures to be adopted when a transaction is deemed to be suspicious.
Branch staff should be trained to recognise that criminal money may not only be paid in or drawn out across branch counters but may be transferred by other means. Staff should be encouraged to take note of credit and debit transactions from other sources, e.g. credit transfers, wire transfers and ATM transactions.
Those members of staff responsible for account/facility opening and acceptance of new customers must receive the basic training given to cashiers or tellers in the above section. In addition, further training should be provided in respect of the need to verify a customer's identity and on the business's own account opening and customer/client verification procedures. They should also be familiarised with the business's suspicious transaction reporting procedures.
A higher level of instruction covering all aspects of AML/CFT procedures should be provided to those with the responsibility for supervising or managing staff. This will include the offences and penalties arising from the POCA and the FTRA for non-reporting and for assisting money launderers; procedures relating to the service of production and restraint orders; internal reporting procedures; and the requirements for verification of identity, the retention of records and disclosure of suspicious transaction reports under the FIUA 2000.
Financial institutions are required to retain records concerning customer identification and transactions for use as evidence in any investigation into money laundering or terrorist financing. The records prepared and maintained by a licensee on its customer relationships and transactions should be such that:
Regarding CDD, licensees must keep such records as are reasonably necessary to enable the nature of the evidence used for the purposes of that verification to be readily identified by the FIU. Records relating to the verification of the identity of facility holders must be retained for at least five years from the date a person ceases to be a facility holder, i.e. the end of the business relationship or the date of the last transaction.
Transaction records must be kept for a minimum period of five years after the transaction has been completed. The investigating authorities need to be able to compile a satisfactory audit trail for suspected laundered money or terrorist financing and to be able to establish a financial profile of any suspect account/facility.
At a minimum, the records relating to transactions which must be kept must include the following information:
Records of suspicions which were raised internally with the MLRO but not disclosed to the authorities should be retained for at least five years from the date of the transaction. Records of suspicions which the authorities have advised are of no interest should be retained for a similar period. Likewise, records of a licensee's findings of its enquiries into unusual activity should also be retained for a minimum of five years.
Where a transaction is inconsistent in amount, origin, destination or type with a client's known, legitimate business or personal activities, or has no apparent economic or visible lawful purpose, the transaction must be considered unusual, and the staff member put “on enquiry” as to whether the business relationship is being used for money-laundering purposes or to finance terrorism.
Where the staff member conducts enquiries and obtains what he considers to be a satisfactory explanation of the unusual transaction, or unusual pattern of transactions, he may conclude that there are no grounds for suspicion, and therefore take no further action as he is satisfied with matters. However, where the enquiries conducted by the staff member do not provide a satisfactory explanation of the transaction, he may conclude that there are grounds for suspicion requiring the filing of an STR to the FIU.
Licensees should be aware that there are a number of offences which arise from failing to comply with certain obligations imposed under the AML Law and supplementary regulations, and criminal prosecution and/or penalties can be imposed. In particular, under the FIUA and The Financial Intelligence (Transactions Reporting) Regulations, where a financial institution fails to comply with the requirements of guidelines issued by the FIU or the central bank, these penalties can range from a fine of $10,000 on summary conviction or $50,000 for a first offence and $100,000 for any subsequent offence on conviction in the Supreme Court. Licensees should also be aware that the central bank also has authority under the Financial Transactions Reporting (Wire Transfers) Regulations to impose civil penalties of up to $2,000 for non-compliance with those laws and with the guidelines.
According to the US State Department Money Laundering Report 2012, there were no prosecutions or convictions for money laundering in the Bahamas in 2011.
Barbados had previously appeared on the list of countries that caused concern for a lack of compliance when assessed by the FATF. It has recently been deemed mostly compliant by both the FATF and the regional body the CFATF. The Caribbean Financial Action Task Force (CFATF) is an organisation of states and territories of the Caribbean basin which has agreed to implement common countermeasures against money laundering. The CFATF originated in early 1990 and holds observer status with the FATF.
The 2008 FATF assessment noted that, generally, serious crime in Barbados has been on the decline. With the advent of more stringent controls in financial institutions, there have been increased attempts at structuring transactions to avoid reporting thresholds, but these have been mitigated by financial institutions risk profiling their client bases.
The Money Laundering and Financing of Terrorism (Prevention and Control) Act 2011-23 is the primary AML legislation. The Revised Central Bank AMLA Guidelines provide further money-laundering-deterrence guidance for banks.
Money laundering in Barbados was first criminalised in 1990 through the implementation of the Proceeds of Crime Act, CAP 143 (POCA). A more focussed treatment on money-laundering-deterrence legislation was introduced by the implementation of the Money Laundering (Prevention and Control) Act (CAP 129), 1998-38 (MLPCA).
In 2000, the Anti-Money Laundering Authority and the financial intelligence unit (FIU) were established to supervise the financial sector.
The key regulations operating in Barbados arise from the implementation of the following legislation:
The 2008 evaluation found Barbados to be partially compliant or not compliant with 27 of the 40+9 recommendations. However, the 2012 Progress Report noted that most of the recommendations have been complied with within the new AML legislation. In addition to this, further legislation and guidelines are being considered.
The Anti-Money Laundering Authority is the FIU of Barbados. Its goal is to prevent or control money laundering and the financing of terrorism through the collection and analysis of financial intelligence and the facilitation of all legitimate and appropriate anti-money-laundering and anti-terrorism-funding efforts.
The FIU outlines and pursues a number of objectives that were intended to facilitate the attainment of this goal, which are to:
The Central Bank of Barbados is responsible for promoting monetary stability, promoting a sound financial structure, fostering development of the money and capital markets, channelling commercial bank credit into productive activities and fostering credit and exchange conditions conducive to the orderly and sustained economic development of Barbados. Consistent with this, its mission statement is to foster a sound economic and financial environment which promotes the development of stakeholders and encourages a culture of excellence and leadership.
Major regulators in Barbados have signed a Memorandum of Understanding for the exchange of information, cooperation and consultation. Signatories to the Memorandum are:
Each agency licenses and supervises its constituents in accordance with various statutes, regulations and guidelines.
Responsibility for the investigation and prosecution of money-laundering and terrorist-financing-related offences rests with the Royal Barbados Police Force's (RBPF) Financial Crimes Investigation Unit (FCIU) and the Office of the Director of Public Prosecutions. The FCIU has responsibility for completing investigations into all money-laundering and terrorist-financing-related reports forwarded by the FIU.
Under the Money Laundering and Financing Of Terrorism (Prevention And Control) Act, Section 5, a person engages in money laundering where:
Furthermore, a person engages in money laundering where he knows, or has reasonable grounds to suspect, that the property or benefit is derived or realised, directly or indirectly, from some form of unlawful activity or, where the person is:
A person who engages in money laundering is guilty of an offence and is liable on:
A person who aids, abets, counsels or procures, the commission of, or conspires to commit, the offence of money laundering is guilty of an offence and is liable on:
The AML Act applies to “financial institutions”, which means a person who conducts, as a business:
Barbados has implemented a risk-based approach in line with the CFATF guidelines.
CBB and AMLA have together produced risk-based approach guidelines. AMLA oversees the national regulatory framework and makes the final decision on revisions to laws and guidelines.
It has also incorporated provisions for risk-based supervision. The licensees are themselves required to undergo risk profiling by the regulators. Similarly to the risk-based approach, there are advisory and obligatory requirements. The first allows financial institutions to find an equivalent measure in its origination, with comparable results.
A financial institution shall:
A report may be made by letter, facsimile or mechanical or electronic means.
The AMLA Guidelines expand on the role of the Compliance Officer. All licensees should designate a suitably qualified person with the appropriate level of authority, seniority and independence as Compliance Officer. The Compliance Officer should be independent of the receipt, transfer or payment of funds, or management of customer assets and should have timely and uninhibited access to customer identification, transaction records and other relevant information. The powers and reporting structure of the officer should be conducive to the effective and independent exercise of duties.
The Compliance Officer should:
Under the AML legislation, financial institutions are obliged to take reasonable measures to:
The guidelines add that as part of their due diligence process, licensees should:
Generally, licensees should not accept funds from prospective customers unless the necessary verification has been completed. In exceptional circumstances, where it would be essential not to interrupt the normal conduct of business (e.g. non-face-to-face business and securities transactions), verification may be completed after establishment of the business relationship. Should this be determined to be an acceptable risk, licensees should adopt risk-management procedures with respect to the conditions under which a customer may utilise the business relationship prior to verification. If the requirements are not met, and it is determined that the circumstances give rise to suspicion, the licensee should make a report to the authority.
A licensee should obtain relevant information on the identity of its customer and seek to verify some of the information on a risk basis, through the use of reliable, independent source documents, data or information to prove to its satisfaction that the individual is who that individual claims to be. The basic information should include:
In addition, the licensee may obtain any other information deemed appropriate and relevant, e.g. source of funds and estimated account turnover.
The licensee should determine the degree of verification to be undertaken on a risk basis. In some instances, verification may be satisfied by maintaining current photo-bearing identification with a unique identifier (e.g. passport, national identification card).
To satisfy itself as to the identity of the customer, the licensee should obtain:
It should be noted that if the company is publicly listed on a recognised stock exchange and not subject to effective control by a small group of individuals, identification of shareholders is not required. Furthermore, if the company is a private company, identities should be sought for persons with a minimum of 10% shareholding.
In addition to the above, the licensee may obtain any other information deemed appropriate. For example, where it is deemed necessary, a licensee may also request the financial statements of parent or affiliate companies, or seek evidence that the entity is not in the process of being dissolved or wound up. It should request this information, particularly for non-resident companies, where the corporate customer has no known track record or it relies on established affiliates for funding.
Where a customer of a financial institution is not an individual, the institution shall take reasonable measures to:
The AML Act provides that a financial institution shall take reasonable measures to establish whether a customer is acting on behalf of another person. Where it appears to a financial institution that a customer is acting on behalf of another person, the institution shall take reasonable measures to:
The licensee's policy document should clearly define the risk categories/approach adopted and associated due diligence, monitoring and other requirements. A licensee may apply reduced due diligence to a customer provided it satisfies itself that the customer is of such a risk level that qualifies for this treatment.
In determining what constitutes reasonable measures with respect to establishing and verifying the identity of a person for the purposes of this section, regard shall be had to all the circumstances of the case and in particular to:
The rapid growth of financial business by electronic means increases the scope for non-face-to-face business and increases the risk of criminal access to the financial system. Customers may use the internet, the mail service or alternative means because of their convenience or because they wish to avoid face-to-face contact. Consequently, licensees should pay special attention to risks associated with new and developing technologies. Customers may complete applications but licensees should satisfy the requirements in this section before establishing a business relationship.
When accepting business from non-face-to-face customers, in order to prove to its satisfaction that the individual is who that individual claims to be, the licensee should:
In addition, the licensee may:
Where initial checks fail to identify the customer, the licensee should independently confirm and record additional checks. If the prospective customer is required to attend a branch to conduct the first transaction, or to collect account documentation or credit/debit cards, then valid photo-bearing identification should be obtained at that time.
Concerns about the abuse of power by public officials for their own enrichment and the associated reputation and legal risks which licensees may face have led to calls for enhanced due diligence on such persons. A licensee should:
In addition to the identity information normally requested for personal customers, the licensee should gather the following information on a PEP:
The AMLA guidelines provide that licensees should avoid the acceptance of anonymous accounts or accounts in fictitious names.
A financial institution shall exercise ongoing due diligence with respect to every business arrangement and closely examine the transactions conducted in the course of such an arrangement to determine whether the transactions are consistent with its knowledge of the relevant customer, his commercial activities, if any, and risk profile and, where required, the source of his funds.
A financial institution shall:
Regarding the overall training programme, a licensee should cover topics pertinent to its operations and should be informed by developments in international AML/CFT standards. Training should be general as well as specific to the area in which the trainees operate. As staff members move between jobs, their training needs for AML/CFT may change.
In order to provide evidence of compliance with the AML Act, at a minimum, a licensee should maintain the following information:
A financial institution shall establish and maintain business transaction records of all business transactions, and where evidence of the identity of a person is obtained, a record that indicates the nature of the evidence obtained and comprises either a copy of the evidence or such information as would enable a copy of the evidence to be obtained.
Records of business transactions shall be kept for a period of no less than five years from the termination of the business arrangement, the transaction, where the transaction is an occasional transaction, or such longer period as the authority may, in any specific case, direct.
Identity records shall be kept:
The guidelines provide that licensees should maintain records related to unusual and suspicious business transactions for no less than five years. These should include:
To facilitate the detection of suspicious transactions, a licensee should:
A financial institution shall monitor and report to the Reports Director:
Subject to certain exceptions, where:
the person shall make a report in respect of the transfer in accordance with this section unless permission for the transfer is obtained under the Exchange cap 71 Control Act.
A financial institution shall:
A financial institution or a non-financial business entity or professional who does not maintain business transaction records is guilty of an offence and is liable on conviction on indictment to a fine of $100,000.
A person who contravenes the reporting requirements is guilty of an offence and is liable:
A financial institution or a non-financial business entity or professional who does not make a suspicious transaction report as required under the Act, and in the case of a non-financial business entity or professional, by virtue of Section 4, is guilty of an offence and is liable on conviction on indictment to a fine of $100,000.
For other breaches of the AML Act and regulations, the financial institution can be fined $5,000 plus $500 per day the breach remains unremedied.
In December 2011, a Barbados-born baggage handler at JFK airport was convicted of drug trafficking and financial crimes. He targeted a daily flight from Barbados, and utilised secret panels inside planes and passengers' luggage to remove narcotics from the jurisdiction.
In May 2013, a pregnant woman was sentenced to 12 months in prison after she passed out 17 parcels of marijuana weighing half a pound at a Barbados hospital. She had arrived in Barbados from Trinidad, cleared immigration and was then interviewed by the police, arrested and taken to the hospital to be examined by a doctor. She said that she was pregnant and this was confirmed by ultrasound. The young woman also admitted that she had ingested drugs and tests revealed contraband in her digestive system.
She admitted in court that she was smuggling the ganja to support her family and pleaded guilty to possession of cannabis, possession with intent to supply, trafficking in the drug and importing the drug, having been paid $5,000 to do so.
According to the FATF, the money-laundering risks in Brazil are higher in relation to the border areas and the informal economy. The banking sector is perceived to face greater money-laundering risk in the business areas of foreign exchange and private banking.
Money-laundering risk has also been detected in the securities sector through the use of brokers to deposit funds and the conduct of stock market transactions. In the insurance sector, accumulation, life and pension/retirement products are perceived as being the most vulnerable to money laundering.
Some cases of illicit drugs being exchanged for precious stones have been detected, although this is uncommon, as profit margins for precious stones sold on the open market are relatively low because most of the precious stone trade conducted in Brazil is carried out on the wholesale export market and the retail market is residual. No money-laundering cases have been detected in the closed pension funds sector.
The primary AML legislation in Brazil is Law 12,683 of 9th July, 2012, which provides substantial amendments to Law 9,613 of 1st March, 1998, but does not completely replace it. Therefore, a number of sections of Law 9,613 remain in force. Supplementary regulations can be found in various resolutions passed by COAF, which are highlighted in the relevant sections of this profile.
The previous anti-money-laundering legislation in Brazil was Law 9,613 of 1st March, 1998. However, this legislation had fundamental flaws for which Brazil has been widely criticised, in particular for the country's lack of speed in amending it! Ironically, on this point, despite passing the new legislation in July 2012, the date for it coming into force was postponed to the following year.
Under the old legislation, money laundering was only a criminal offence if it involved the proceeds of one of the following offences:
This meant that the proceeds of any of the offences not listed above could not be the subject of a money-laundering conviction, rendering the law grossly ineffective.
The most recent mutual evaluation of Brazil assessed the legislation which was in place in 2009. It found that the government of Brazil has been working on various initiatives to mitigate the risk of terrorist financing in its territory, although preventative measures against financial crime were much less robust outside of the banking (including money remittance and foreign exchange), securities and insurance sectors. While it was complementary of the progress Brazil had made, it did recognise that there were areas of deficiency, which is consistent with the present strengthening of the money-laundering legislation.
The Council for Financial Activities Control (COAF) was created by Law 9,613, of 1st March, 1998, under the jurisdiction of the Ministry of Finance, for the purpose of regulating, applying administrative sanctions, receiving pertinent information and examining and identifying suspicious occurrences of illicit activities related to money laundering.
The principles that conduct its organisation and structure are expressed in various by-laws. For example, Annex to the Decree No. 2799, of 8th October, 1998 states that the COAF is a collegiate decision-making body whose jurisdiction includes the whole Brazilian territory. The COAF is an integral part of the Ministry of Finance, with headquarters in the Federal District. Its purpose is to discipline, apply administrative penalties, receive, examine and identify the suspicions of illicit activities referred to in the law that created it, with no prejudice to the competence of other offices and entities.
Brazilian law attributes to the COAF responsibility for the identification of customers and maintenance of registers of all operations and for the communication of suspicious operations, subjecting it to administrative penalties for the disregard of its obligations.
The Ministry of Finance is responsible for the formulation and implementation of economic policy in Brazil. The COAF was created under the jurisdiction of the Ministry of Finance.
Law 12,683 makes it an offence to conceal or disguise the nature, source, location, disposition, movement or ownership of property, rights or values derived, directly or indirectly, from a criminal offence. It is also an offence to conceal or disguise the use of property, rights or values derived from a criminal offence, or to use, in economic or financial activity, assets, rights or valuables resulting from a criminal offence.
The penalty for the offences outlined above is imprisonment for three to ten years and a fine. The penalty shall be increased by one- to two-thirds if the crimes are committed repeatedly or through a criminal organisation, but can be reduced by two-thirds or served in an open or semi-open prison if the participant spontaneously collaborates with the authorities, providing explanations that lead to the investigation of criminal offences, the identification of other participants or the location of the assets, rights and values of the crime involved.
The AML framework applies to individuals and entities who have, on a permanent or casual basis, together or separately, as principal or accessory activity any of the following:
The framework also applies to the following individuals and entities:
These entities are obliged to:
The institutions and entities mentioned in Article 1 shall inform the Central Bank of Brazil of the director or manager, as the case may be, who will be responsible for the implementation of, and compliance with, the provisions set forth in this Circular, as well as for the reports mentioned in Article 4.
Instruction No. 301 of 16th April, 1999 provides various due diligence measures for securities companies, and there are alternative resolutions issued by the COAF for entities such as gambling companies and debt-collection companies. Circular No. 3098 of 11th June, 2003 was issued by the Central Bank of Brazil to address deposit records, cash withdrawals and orders of provision for withdrawals equal to or exceeding R$ 100,000 (one hundred thousand reals), and Circular No. 2852 of 3rd December, 1998 was issued to set forth the procedures to be followed in preventing and fighting activities related to the crimes defined in the money-laundering legislation.
The following information should be collected:
If the customer is a legal entity, the identification shall include the individuals who are legally authorised to represent it, as well as its owners.
Resolution 016 of 28th March, 2007 provides the PEP regulation. Concerning foreign politically exposed persons, obligated persons may adopt the following procedures:
Furthermore, the internal procedures adopted shall:
Establishment or resumption of business relationships with politically exposed persons requires prior approval of the person responsible for the obligated company or prior approval of the manager or owner of an obligated entity, in compliance with regulations issued by the COAF.
Obligated persons shall conduct enhanced ongoing monitoring of business relationships with politically exposed persons. They shall also pay special close attention to proposed business relationships and transactions with politically exposed persons of countries with which Brazil has close trade and economic relations, common boundaries or ethnic, political and linguistic proximity.
Institutions subject to the AML regulations must keep up-to-date records of all transactions, in Brazilian and foreign currency, involving securities, bonds, credit instruments, metals or any asset that may be converted into cash that exceeds the amount set forth by the competent authorities, and which shall be in accordance with the instructions issued by the relevant authorities. In addition to this, they must pay special attention to any transaction that, in view of the provisions set forth by the competent authorities, may represent serious indications of, or be related to, financial crime.
Records of all transactions, in Brazilian and foreign currency, involving securities, bonds, credit instruments, metals or any asset that may be converted into cash that exceeds the amount set forth by the competent authorities shall also be made whenever an individual or legal entity, or their associates, executes, during the same calendar month, transactions with the same individual, legal entity, conglomerate or group that exceed, in the aggregate, the limits set forth by the competent authorities.
The CDD records and records of the transactions referred to in the previous paragraph shall be kept for a minimum period of five years, beginning on the date the account is closed or the date the transaction is concluded. However, the competent authorities may decide, at their own discretion, to extend this period.
The central bank will keep centralised registries forming a general database of current account holders and financial institution clients, as well as their representatives.
Obligated persons shall report to the COAF, within 24 hours, the proposal or completion of:
They must notify the regulator or the body responsible for oversight of their activity or, failing that, the COAF, in frequency, form and conditions set by them, of the non-occurrence of proposed transactions or operations that should have been provided as above.
There are various penalties for failure to comply with the above provisions, including:
In a recent case, a number of senior members of the Brazilian parliament were convicted of diverting public funds to buy political support for the government when it came to power. The scheme involved making monthly payments to politicians in exchange for their votes in Congress. Additionally, legislators, bank executives and business intermediaries were convicted of fraud, money laundering or conspiracy, as the high-profile case involved a wide range of individuals.
The politicians that were convicted of receiving the funds denied that they were selling their votes and said the money went to pay off campaign debts. However, it was found that illegal payments were made to buy political support.
This case highlighted major progress in Brazil, but also illustrates an important lesson for financial institutions. It is vital, when a potentially suspicious transaction is given a potentially legitimate explanation, that the institution conducts a thorough investigation into the relevant circumstances. It would have been easy to have taken the politicians' explanations at face value, and financial institutions need to exercise care when they apply a risk-based approach.
In another case, a high-flying Brazilian banker was sentenced to ten years in prison for attempting to bribe a police officer. He was under investigation for money laundering and tax evasion regarding the major corruption scandal outlined above, when he offered a police officer $1 million to drop the investigation. He was sentenced to ten years in prison, and to pay R$13.4 million ($5.6 million) in fines and compensation.
As part of the investigation, Brazil froze more than $2 billion in accounts outside the country. About $500 million in funds were blocked with the cooperation of the US government, highlighting the importance of international cooperation in the fight against money laundering.
Similarly to the Bahamas, the BVI's location makes it a gateway into the USA for drug trafficking. The USA has been critical of the BVI's money-laundering-deterrence regime, although this regime has been strengthened in recent years. The FATF has been generally supportive of the BVI's approach to AML law.
The Proceeds of Criminal Conduct Act (PCCA) 1997, with numerous subsequent amendments, is the key statute with regards to money laundering. It is supplemented by the Anti-Money Laundering Regulations and the Anti-Money Laundering and Terrorist Financing Codes of Practice, which provide the compliance requirements.
The PCCA was aimed at improving the British Virgin Islands' legal systems and mechanisms to counter money laundering and other criminal activity. The specified regulatory framework pertaining to money laundering is found in the Anti-Money Laundering Regulations (AMLR) 2008 and the Anti-Money Laundering Financing Code of Practice 2008. Further amendments were made in 2009, 2010 and 2012.
The AMLR applies to people carrying on relevant business, which includes many entities providing banking, trust, insurance and legal services. These are also codified in the Anti-Money Laundering and Terrorist Financing Code of Practice 2008 which applies to every entity and professional, charity, non-profit-making institution, association or organisation. The MLRO provisions were amended in 2010.
The most recent assessment, published in 2008, noted that, although most of the competent authorities have adequate resources to carry out their functions, the Financial Services Commission (FSC) and the Anti-Drug and Violent Crimes Task Force have quantitatively inadequate human resources. On a more positive note, it also highlighted that, as a result of increased due diligence exercised by the banks and the financial services industry generally, the risks of money-laundering activity in the British Virgin Islands have decreased considerably. This proactive vigilance has, in effect, discouraged launderers from using these institutions to transfer illegal proceeds.
The Commission oversees all regulatory responsibilities previously handled by the government through the Financial Services Department. The Commission has also been tasked with new responsibilities including promoting public understanding of the financial system and its products, policing the perimeter of regulated activity, reducing financial crime and preventing market abuse. The FSC describes its mission as:
The BVI Financial Investigation Agency (FIA), launched in 2004, is the law-enforcement agency responsible for white-collar and serious financial crime, and acts as the specialist investigative law-enforcement arm of government. The main function of the FIA is to receive, obtain, investigate, analyse and disseminate information which relates, or may relate, to a financial offence or the proceeds of a financial offence or a request for legal assistance from an authority in a foreign jurisdiction which appears to the FIA to have the function of making such requests.
Under the PCCA, five primary money-laundering offences are defined:
Those who obtained information about money laundering in privileged circumstances are protected by law. It is also a defence in such cases where it is another person's benefit in question that one intended to report the activity but had not yet done so with reasonable excuse.
On conviction, a person can be liable for imprisonment and/or a fine of up to forty thousand dollars depending on the nature and severity of the offence committed. This figure has been increased from five thousand dollars in 2006, showing a massive increase and highlighting the British Virgin Islands' commitment to cracking down on money laundering.
The BVI is keen to promote the use of an appropriate and proportionate risk-based approach to the detection and prevention of money laundering and terrorist financing, especially in relation to ensuring:
The nature, form and extent of money-laundering deterrence and counter-terrorist-financing (AML/CFT) compliance controls will invariably depend on several factors, considering the status and circumstances of the entity or professional.
In developing a system of internal controls, an entity should adopt a holistic approach that takes the above factors into account. The factors operate as guidelines and adherence thereto will assist an entity or a professional in properly and effectively developing and establishing a strong AML/CFT regime that keeps the entity's or professional's name intact and insulates it or him against unwarranted criminal activity.
In assessing risks that may be associated with a customer, the following non-exhaustive considerations should be taken into account:
The MLRO is a prescribed term within the AMLR and has specific responsibilities; there is also a requirement to appoint a senior person to the role. The requirement of seniority has been amended by the Anti-Money Laundering (Amendment) Regulations to mean:“A relevant person shall appoint a Money Laundering Reporting Officer who shall … be of sufficient seniority to perform the functions reposed on a Money Laundering Reporting Officer under the Code and these Regulations.”
To be appointed as Money Laundering Reporting Officer, a person must possess the following qualifications:
The 2010 amendment also inserted the requirement that an MLRO must:
A relevant person shall, within 14 days of appointing a Money Laundering Reporting Officer, notify the agency and the Commission in writing of that fact, specifying the date of his appointment, and this requirement shall apply in every new appointment of a Money Laundering Reporting Officer.
The appointment of an MLRO may relate to an individual who:
The Money Laundering Reporting Officer shall be responsible for ensuring compliance by staff of the relevant person with:
The Money Laundering Reporting Officer shall, in addition, act as the liaison between the relevant person and the agency in matters relating to AML compliance.
Every entity or professional shall engage in customer due diligence in its or his dealings with an applicant for business, irrespective of the nature or form of the business. A customer due diligence process requires an entity or a professional to:
A relevant person shall establish and maintain identification procedures which require, as soon as is reasonably practical after first contact (including one-off transactions):
The identification procedures shall also:
Satisfactory evidence of identity is defined as evidence which is reasonably capable of establishing, and, to the satisfaction of the person who obtains the evidence, does establish, that the applicant for business is the person he claims to be.
When satisfactory verification of evidence of identity is not obtained or produced, the business relationship and transactions shall not proceed any further. There are, however, exemptions available within the legislation where a relevant person assesses the applicant for business to be of normal or low risk and he has reasonable grounds for believing that the applicant for business is:
A person carrying on relevant business is generally, in relation to a one-off transaction, not required to obtain evidence of the identity of an applicant for business where the amount to be paid by, or to, the applicant for business is less than ten thousand dollars or the equivalent amount in another currency.
For the purposes of the identification and verification of an individual, an entity or a professional shall obtain information regarding the individual's:
For the purposes of the identification and verification of a legal person, an entity or a professional shall obtain information regarding:
For the purposes of verification in relation to a legal person that is a company, the following documents shall be required from the company:
For the purposes of verification in relation to a legal person that is a partnership, the following information shall be required from the partnership:
Where an entity or a professional assesses a legal person who is an applicant for business to be of low risk, it or he may verify the applicant's identity by relying on any two of the following:
In cases where a business relationship is assessed to present normal or low risk, an entity or a professional with whom the relationship exists shall review and keep up to date the customer due diligence information in respect of that customer at least once every three years.
An entity or a professional shall adopt such additional measures with respect to higher risk business relationships or transactions as are necessary:
Where an entity or a professional makes a determination that a business relationship presents a higher risk, it shall review and keep up to date the customer due diligence information in respect of the relevant customer at least once every year.
Following the Anti-Money Laundering and Terrorist Financing (Amendment) Code of Practice 2012, “Where an entity or a professional makes a determination from its or his risk assessment that a relationship with a trust or the product or service channels in relation to the trust presents a normal or a higher level of risk, the entity or professional shall perform customer due diligence or enhanced customer due diligence, as may be warranted by the circumstances, and obtain and verify the identities of all the beneficiaries with a vested right in the trust at the time of or before distribution of any trust property or income and such other additional information as the entity or professional considers relevant.”
Where an entity or a professional enters into a business relationship with an applicant for business or a customer whose presence is not possible, the entity or professional shall adopt the measures outlined in this Code and such additional measures as it or he may consider relevant, having regard to appropriate risk assessments, to identify and verify the applicant for business or customer. The provisions of the Code relating to identification and verification shall apply with respect to non-face-to-face business relationships.
Politically exposed persons are defined as individuals who are, or have been, entrusted with prominent public functions, together with members of their immediate family, or persons who are known to be close associates of such individuals.
An entity or a professional shall:
A customer who ceases to qualify as a PEP by virtue of no longer holding the post or relationship that qualified him as a PEP, ceases to be a PEP after two years following the day on which he ceased to qualify as a PEP.
However, even though the customer has ceased to be a PEP, an entity may consider it appropriate to guard against any potential risks that may be associated with the customer and continue to treat the customer as a PEP for such period as the entity considers relevant during the currency of the relationship, but in any case not longer than ten years from the date the customer ceased to qualify as a PEP.
There is a requirement that a relevant person shall provide education and training for all of its directors or, as the case may be, partners, all other persons involved in its management and all key staff, to ensure that they are aware of the money-laundering regulations and terrorist-financing obligations together with personal reporting obligations. The definition of “key staff” was changed by the 2010 Regulations to “an employee of a relevant person who deals with customers or clients and their transactions”. Staff should also be made aware of:
Training should be provided at least once a year.
A record must be maintained in the BVI which:
The requirement is that records should be kept for at least five years after the ending of a customer relationship, defined in Regulation 10 and amended by the 2010 Regulations as:
The requirements are that each record of a report to the FIU should contain:
A relevant person shall establish written internal reporting procedures which, in relation to its relevant business, will:
A person on summary conviction, will be subject to a fine not exceeding 10,000 dollars (increased from 5,000 dollars by the 2010 amendment); and on conviction on indictment, to a fine not exceeding fifteen thousand dollars. In proceedings against a person for an offence under these Regulations, it shall be a defence for the person to prove that he took all reasonable steps and exercised due diligence to comply with the requirements of these Regulations.
By virtue of Section 27 of the PCCA, where a person fails to comply with or contravenes a provision of a Code of Practice, he commits an offence and is liable, on summary conviction, to a fine of up to 25,000 dollars – increased from 7,000 dollars in 2006.
Where an entity or a professional fails to comply with the PEP requirements outlined above, it or he commits an offence and is liable to be prosecuted under Section 27(4) of the Proceeds of Criminal Conduct Act 1997.
In a recent case a businessman was found guilty of a £400,000 tax evasion which was conducted through a BVI bank account. He declared an income of £35,000 to the UK authorities, although through a trust in Guernsey he set up a trust in the British Virgin Islands.
Customers paid into the trust while he instructed the trust to pay money into Jersey bank accounts. Also, large cash sums were drawn by him from British branches of the bank. This complex structure allowed him to hide money for eight years before the structure was exposed.
This case highlights how organisations need to be particularly wary of complex and seemingly unnecessary financial structures, particularly when they involve tax havens.
The British Virgin Islands Financial Intelligence Unit publishes quarterly reports on enforcement actions it has taken. In quarter four of 2012, it issued almost $40,000 in administrative fines, five cease and desist orders, two warning letters and an order for a fund to revalue its assets independently. By making this information public, the BVI FIU appears to be seeking prevention and deterrence as much as it is ordering punishment.
There are a variety of proposed changes to the AML law in Canada, which are outlined at the end of this section. The changes are extensive and would represent a major expansion to the Canadian AML regime.
Money laundering is criminalised under the Canadian Criminal Code. The Proceeds of Crime (Money Laundering) and Terrorist Financing Act 2000, which has been subsequently amended (most recently in 2011), provides the key compliance requirements. These are further supplemented by the regulations provided for under this statute. This legislation is to be changed in the short term to make the legislation consistent with the current FATF regulations.
The current key legislation is the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) 2000, which was amended by the Proceeds of Crime Act 2006. This amendment enhanced the client identification, record-keeping and reporting measures applicable to financial institutions and intermediaries.
Furthermore, there are five sets of regulations under the PCMLTFA:
The most recent FATF assessment, published in 2008, was largely complimentary. It praised the strength and actions of the law-enforcement agencies, but noted that further steps could be taken to enhance the AML law and preventative measures, resulting in the changes described above. In relation to international cooperation in money-laundering deterrence and counter-terrorist-financing (AML/CFT) matters, Canada is broadly in line with the international standards.
The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Canada's financial intelligence unit, was created in 2000. It is an independent agency, reporting to the Minister of Finance, who is accountable to Parliament for the activities of the Centre. It was established and operates within the ambit of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its Regulations.
FINTRAC's mandate is to facilitate the detection, prevention and deterrence of money laundering and terrorist activity financing, while ensuring the protection of personal information under its control. The Centre fulfils its mandate through the following activities:
The RCMP Anti-Money Laundering Program provides an investigative assessment on money-laundering intelligence, and monitors national and international money-laundering trends and topologies.
Canadian AML legislation comprehensively covers the three stages of the money-laundering offence – placement, layering and integration. The burden of proof rests with the prosecution in any criminal proceedings. It must prove that wilful blindness or recklessness has taken place. The prosecution does not, however, have to prove that the perpetrator had actual knowledge of the exact origin of the illicit funds in question.
Under Section 462 of the Criminal Code:
The Attorney General has the power to issue search warrants or freezing orders to enforce the AML law.
Everyone who commits an offence as outlined above is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years; or is guilty of an offence punishable on summary conviction.
“Proceeds of crime” means any property, benefit or advantage, within or outside Canada, obtained or derived directly or indirectly as a result of:
It should be noted that Alberta, British Columbia and Quebec have all enacted their own regional sector legislation.
Reporting entities must report suspicious and certain other transactions to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). This includes the following types of business:
The implementation of a compliance regime is a legislative requirement and a good business practice for anyone subject to the Act and its regulations. A compliance regime will have to be tailored to fit the entity's individual needs. It should reflect the nature, size and complexity of the operations, and has to include the following:
In Canada the required compliance regime has to include an assessment of the risks related to money laundering and terrorist financing in a manner that is appropriate to the nature and complexity of the firm concerned. This must be documented in writing. Such an assessment and documentation is in addition to the general client identification, record-keeping and reporting requirements, since it should focus on where the firm is most vulnerable to money laundering and terrorist financing.
In designing their control systems, institutions should consider internal controls such as:
The individual appointed will be responsible for the implementation of the compliance regime. The Compliance Officer should have the authority and the resources necessary to discharge his or her responsibilities effectively. Depending on the type of business, the Compliance Officer should report, on a regular basis, to the board of directors or senior management, or to the owner or chief operator.
For a small business, the appointed officer could be a senior manager or the owner or operator of the business. An individual can be their own Compliance Officer or they may choose to appoint another individual to help implement a compliance regime.
In the case of a large business, the Compliance Officer should be from a senior level and have direct access to senior management and the board of directors. Furthermore, as a good governance practice, the appointed Compliance Officer in a large business should not be directly involved in the receipt, transfer or payment of funds.
For consistency and ongoing attention to the compliance regime, the appointed Compliance Officer may choose to delegate certain duties to other employees. For example, the officer may delegate to an individual in a local office or branch to ensure that compliance procedures are properly implemented at that location. However, where such delegation is made, the Compliance Officer retains responsibility for the implementation of the compliance regime.
An entity must take the measures outlined below to identify individuals or entities, subject to the general exceptions. If the identity of an individual or an entity when they open an account cannot be established, then, in Canada, it is not possible for an institution to open the account.
The completion of a client risk assessment should be conducted where there is an ongoing relationship. An ongoing relationship is one where a client opens an account or undertakes multiple transactions over a time period with the firm, regardless of whether the transactions are related to each other. Where the firm's dealings with a client are limited to a single transaction, this is not considered to be an ongoing relationship. However, if the transaction seems suspicious, the money service or other relevant business still has to report it to FINTRAC.
As a general rule, there is no need to re-identify clients if there is no reason to suspect any wrongdoing. However, if any suspicion does arise, CDD should be completed again. There are also exceptions for certain types of accounts and large public bodies.
To identify an individual, firms should refer to one of the following:
For a document to be acceptable for identification purposes, it must have a unique identifier number. Also, the document must have been issued by a provincial, territorial or federal government. The document has to be a valid one and cannot have expired.
In the case of a corporation, in addition to confirming its existence, the reporting entity also has to determine the corporation's name, address and the names of its directors. To confirm the existence of a corporation as well as the corporation's name and address, the following documents should be referred to:
The names of the corporation's directors also have to be determined. To do this, the reporting entity may need to see the list of the corporation's directors submitted with the application for incorporation and you would expect this to be verified against the statutory records.
In the case of an entity other than a corporation, the firm should refer to a partnership agreement, articles of association or any other similar record that confirms the entity's existence.
If the reporting entity has to confirm the existence of a corporation or other entity at the opening of an account, it should take reasonable measures to obtain information about the entity's beneficial ownership. If obtained, a record of the following should be kept:
If the entity is a corporation:
If the entity is other than a corporation:
If this information cannot be obtained, a record explaining why beneficial ownership could not be determined should be kept.
Situations where a firm facilitates a transaction for which a client is acting on behalf of a third party but does not know anything about the third party may lead the firm to consider that client as being a higher risk. Similarly, a client acting on behalf of an entity who is not aware of the entity's beneficial owners (such as the names of the entity's directors or the individuals controlling the entity, for example) may also lead to the firm considering that client as being higher risk. In such cases, enhanced customer due diligence (EDD) is required.
The robustness of the EDD programme should be determined based on the resources and requirements of the reporting entity, and set at a level which enables the entity to be reasonably satisfied that the necessary risks have been adequately dealt with.
In Canadian regulation a number of options are available to a firm to enable it to confirm the identity of an individual who is not present, referred to as a non-face-to-face customer. In such cases, firms may:
Alternatively, the firm can use a combination of an oath, a reliable credit information product or a confirmation that a cheque has been cleared.
If a firm knows that its client is a politically exposed foreign person (even when it is not required to make the determination or keep related records), it should consider that client as posing a higher risk.
Firms should also consider unusual circumstances, cash-intensive businesses and other indicators as also posing potentially higher risks. If a firm determines that an individual is a politically exposed foreign person for a new or an existing account, then it has to do the following:
Note that the firm has to make the determination and get senior management approval within a single period of 14 days. For example, if it takes a firm five days after the new account is activated to make the determination that it is, in fact, dealing with a politically exposed foreign person, it now has only nine days left to get senior management approval to keep the account open.
Specific regulations have been issued in Canada with respect to correspondent banking. These mirror those in the FATF standards. They require that institutions should take the following measures before entering into a correspondent banking relationship with a prescribed foreign entity:
In Canada, no person or entity is allowed to enter into a correspondent banking relationship with a shell bank, as defined in the regulations.
A reporting entity has to take reasonable measures to keep client identification information up to date. The frequency with which client identification information is to be updated will vary in accordance with the context in which transactions occur, and therefore could differ from one situation to the next. However, for high-risk situations, the frequency of keeping client identification information updated should be at least every two years.
A review of a firm's compliance policies and procedures should be carried out every two years. This is intended to help the firm to evaluate the need to modify existing policies and procedures or to implement new ones. The review, to be conducted by an internal or external auditor, could include:
The review process and its results have to be documented, along with corrective measures and follow-up actions. Within 30 days of the review, the MLRO or Compliance Officer is required to report the following in writing to one of the firm's senior officers:
If the firm does not have an internal or external auditor, then it could conduct a “self-review”. If feasible, this self-review should be conducted by an individual who is independent of the reporting, record-keeping and compliance-monitoring functions. This could be an employee or an outside consultant. In other cases where such reviews are required in the absence of either an internal or external auditor, a peer conducts such a review.
As mentioned earlier, if a firm has employees, agents or other individuals authorised to act on behalf of the financial entity, the compliance regime has to include training. The training programme has to be in writing, kept up to date, and employees should be informed of any changes to AML policy. The training programme should be adjusted in a timely manner to reflect the entity's needs, and should be reviewed every two years.
The method of training may vary greatly depending on the size of the firm's business and the complexity of the subject matter. When assessing actual training needs, a firm should consider the following elements:
As a financial entity, the requirement is to keep the following records:
There are a few exceptions to the above for low-risk accounts.
This is a requirement to record every amount of cash of $10,000 or more that a firm receives from a client in a single transaction, or combination of transactions within 24 hours. In addition to this record, a large cash transaction will also require a report to FINTRAC. For any large cash transaction, the information that a firm has to keep in a large cash transaction record includes, but is not exclusive to, the following:
For every account that a firm opens, it has to keep a record about the account's intended use.
In respect of certain transactions of $3,000 or more:
A firm is also required to keep the following records in respect of a PEP:
In the case of the following personal account records:
these records have to be kept for five years from the day of closing of the account to which they relate.
In the case of records to confirm the existence of an entity (including a corporation), such as:
these must be kept by the firm for five years from the day the last business transaction was conducted.
In the case of a copy of a suspicious transaction report, the record has to be kept for a period of at least five years following the date the report was made.
In the case of all other records, the records must be kept for a period of at least five years following the date they were created.
The following scenarios all have to be reported to FINTRAC:
This information also has to be disclosed to the RCMP and CSIS.
The FINTRAC guidelines state that:
“Suspicious transactions are financial transactions [which a firm has] reasonable grounds to suspect are related to the commission of a money laundering (or a terrorist financing) offence. This includes transactions that you have reasonable grounds to suspect are related to the attempted commission of a money laundering (or a terrorist financing) offence. Furthermore, ‘Reasonable grounds to suspect’ is determined by what is reasonable in [the specific] circumstances, including normal business practices and systems within your industry.”
The FINTRAC guidelines provide an extensive, although not exhaustive, list of potentially suspicious behaviour, which includes scenarios such as the following:
The STR requirement applies to both attempted transactions and transactions which have been completed. STRs must be sent to FINTRAC within 30 days of detection, and the contents of a report must not be disclosed to anybody. A report can be submitted electronically or in paper format.
Failure to comply with Canadian legislative requirements can lead to criminal charges against a firm that is a reporting entity. The following are some of the penalties:
Failure to comply with the relevant legislative requirements can lead to the following administrative monetary penalties against a reporting entity:
At the time of writing, the Department of Finance Canada is undertaking a consultation on extensive changes to Canadian anti-money-laundering law. The consultation opened in December 2011, and the deadline for comments on the proposed changes was 1st March, 2012. At present, the Department of Finance has published the comments received, but the legislation is not listed as being currently before parliament.
The proposed amendments include the following:
In addition to these changes, a consultation open between November and December 2011 explored expanding the circumstances in which client identification is required and also expanding the reporting requirements for reporting entities. The proposals, if implemented, would apply to all reporting entities in Canada and not just financial institutions. As a result, all of the following would be affected: money services businesses, casinos, financial institutions, real estate brokers, notaries, accountants, lawyers (unless otherwise exempt), life insurance brokers, securities brokers and dealers in precious stones and metals.
The proposals would expand reporting requirements to include the reporting of “business relationships”, defined as any relationship between a reporting entity and a client whereby the reporting entity provides services in which there are financial activities or financial transactions. Under the proposals, the obligations will apply to business relationships irrespective of whether the reporting entity has an account with a client or has conducted a reportable transaction.
The proposals also eliminate the reporting exemption for known clients, expand the requirement to obtain beneficial ownership information and require more due diligence for high-risk clients and/or activities.
As stated earlier, Canada does take money-laundering deterrence seriously, and there have been cases reported locally of action being taken.
In Canada, there is no requirement for there to be intent to commit an act before a person can be convicted of a failure to report under the PCMLTFA. For example, in 2004, a truck driver was driving across Canada and mistakenly exited to the US border in the middle of the night in his truck. He had $70,000 in cash with him.
He turned around before reaching the US checkpoint and upon re-entering Canada, his funds were seized and forfeited to the Crown because he had failed to complete a report with the CBSA. The Federal Court of Canada decided that, based on numerous previous cases, there is no requirement to establish intent for the offence to be proven. It is also irrelevant who legally owns the currency or monetary instrument – the person in possession of the currency or monetary instrument is the person who is subject to the PCMLTFA reporting obligations.
With respect to a conveyance, the person who controls the conveyance is the responsible party for the purposes of reporting. Several recent cases have dealt with private jets entering Canada with unreported currency. The funds are routinely seized and the controller of the jet, usually the captain, is unwittingly implicated in an unreported importation of currency into Canada.
A recent Canadian case highlighted how transactions can be structured to avoid AML reporting requirements. Over two months, the criminal involved regularly travelled over 70 miles from the USA to Canada to conduct currency exchanges at a particular bank and money services business. The transactions never exceeded $10,000, to avoid the Canadian reporting threshold. However, given the frequency (sometimes twice a day) of the transactions and the fact a US citizen was travelling to Canada to do this, both the bank and the money services business filed suspicious transaction reports.
It later emerged that the individual had previous convictions for drug offences and was laundering the proceeds of crime.
This case highlights the need for constant vigilance, and that the reporting thresholds should be used as a rule of thumb and not applied rigidly.
The Cayman Islands has a strong cooperative AML regime, with agreements with both domestic and international bodies. The FATF and IMF reports, in 2007 and 2009 respectively, praised the Cayman Islands, although there is still seen to be room for improvement. Since 2010, the Cayman Islands has signed twelve information exchange agreements (including with Canada, Mexico, Japan, India and South Africa), bringing the total number of exchange agreements to 31, 19 of which are already in force. In November 2013, the most recent agreement – with the United Kingdom – was signed. More recently, under pressure from overseas, it appears to be surrendering much of its data secrecy mantle.
In the Cayman Islands, the principal regulations and statutes are:
The Proceeds of Crime Law 2008, was brought into force on 30th September, 2008 and repealed the Proceeds of Criminal Conduct Law and the money laundering sections of the Misuse of Drugs Law. These acts were, prior to the Proceeds of Crime Law, the main AML legislation. This Act, therefore, brings together in one place the anti-money-laundering legislative provisions for the Cayman Islands.
The Money Laundering Regulations (MLR) were originally issued in September 2000 under the Proceeds of Criminal Conduct Law (which has now been replaced by the Proceeds of Crime Law). The MLR place additional legal and administrative requirements on entities conducting “relevant financial business”.
The guidance notes are produced by The Guidance Notes Committee (GNC), which is the consultative body responsible for the review and updating of the Guidance Notes on the Prevention and Detection of Money Laundering and Terrorist Financing in the Cayman Islands. It is comprised of industry association representatives, government representatives and representatives from the Cayman Islands Monetary Authority. The guidance notes date back to 2001, and are frequently amended – the most recent guidance notes, which were released in March 2010, were updated in November 2011.
The most recent FATF assessment praised the Cayman Islands' AML regime. It noted that the Financial Reporting Authority is effective, and a focal point of the AML/CFT regime. Furthermore, it highlighted that there is a strong compliance culture in the Cayman Islands and that supervision is comprehensive, although it did note that there are some constraints posed by an inadequate quantity of human resources.
The Cayman Islands Monetary Authority has a central role in the fight against money laundering and the preservation of financial stability. Through the prevention and detection of money laundering, the Authority is able to assist in preserving the integrity of the Cayman Islands' financial services industry whilst protecting the interests of stakeholders and maintaining the competitiveness of the Cayman Islands as a leading world financial centre.
Section 6(1)(b)(ii) of the Monetary Authority Law (2010 Revision) gives the Authority legal responsibility, as part of its regulatory function, “to monitor compliance with the money-laundering regulations”.
The money-laundering offences in the Cayman Islands are, in summary:
“enter into or become concerned in an arrangement that facilitates the retention or control by or on behalf of another person of terrorist property by concealment, by removal from the jurisdiction or by transfer to nominees”.
It is not necessary for the original offence from which the proceeds stem to have been committed in the Cayman Islands if the conduct would also constitute an indictable offence had it taken place within the Islands, i.e. an offence which is sufficiently serious to be tried in the Grand Court.
Criminal property is defined as the benefit from criminal conduct. Benefit can be in whole or part, direct or indirect, and can include financial benefit or an interest in property. The term “criminal conduct” has now been expanded to cover all criminal offences, whereas previously, the offence of money laundering arose out of conduct that was limited to only indictable or serious criminal acts. Simply put, any person who benefits in some way from criminal activity may now be subject to a money-laundering prosecution.
Section 136(5) of the Proceeds of Crime Law 2008 states that the authorities can take the guidelines into account when assessing whether an offence has been committed.
No duty is imposed on a financial services provider to inquire into the criminal law of another country in which the conduct may have occurred. The question is whether the conduct amounts to an indictable offence in the Cayman Islands or would if it took place in the Cayman Islands. A financial services provider is not expected to know the exact nature of the criminal activity concerned or that the particular funds in question are definitely those which flow from the crime.
A defendant must prove that they did not suspect that an arrangement related to the proceeds of criminal conduct or that it facilitated the retention or control of the proceeds by the criminal.
Additionally:
A report of a suspicious activity made to the reporting authority does not give rise to any civil liability to the client or others and does not constitute, under Cayman Islands' law, a breach of a duty of confidentiality. There are statutory safeguards governing the use of information received by the reporting authority.
Tipping off carries a maximum of five years' imprisonment and an unlimited fine. Failure to disclose knowledge or suspicion of money laundering carries a maximum penalty of two years' imprisonment and an unlimited fine. The other offences carry a maximum penalty of 14 years' imprisonment and an unlimited fine.
The definitions of relevant financial businesses are detailed in Regulation 4(1) of the MLR. These are:
In applying the risk-based approach, entities in the Cayman Islands are required to look into the nature of the risk of the activity conducted. The highest risk category relates to those products or services where unlimited third party funds can be freely received, or where funds can be regularly paid to, or received from, third parties without evidence of identity of the third parties being taken.
Some of the lowest risk products are those in which funds can only be received from a named investor by means of a payment from an account held in the name of the investor, and where the funds can only be returned to the named investor. No third party funding or payments are possible. However, despite their apparent low risk, they are not immune from money laundering.
The geographical location of a financial services provider's customer base will also affect the money-laundering risk and terrorist-financing analysis. Such firms will need to ensure that additional Know Your Customer (KYC) and/or monitoring procedures are in place to manage the enhanced risks of money laundering that such relationships present.
The “Appropriate Person” as defined in the legislation is generally referred to as the Money Laundering Reporting Officer (MLRO). Vigilance systems should enable staff to react effectively to suspicious circumstances by reporting them to the relevant MLRO within the organisation.
The MLRO should be a member of staff at management level who acts as the main point of contact with the reporting authority and who has the authority to ensure internal compliance with the regulations.
The requirement is that each firm should designate a suitably qualified and experienced person as MLRO at management level, to whom suspicious activity reports must be made by staff. It is generally expected that the MLRO would be carrying out a Compliance, Audit or Legal role within the financial services provider's business. It is also recommended that financial services providers identify a deputy, who should be a staff member of similar status and experience to the MLRO.
The MLRO should be well versed in the different types of transaction which the institution handles and which may give rise to opportunities for money laundering.
Where a financial services provider has no employees in the Cayman Islands, it may not be possible for a senior member of staff to be the MLRO. In these circumstances, the financial services provider may identify someone else as the appropriate person to whom a report should be made, provided that that person has the following characteristics:
The MLRO should:
Financial services providers may evidence that they are undertaking necessary due diligence by ensuring that the following systems are in place:
The Regulations require that relevant persons should not form business relationships or carry out one-off transactions with, or for, another person unless they:
There are two general important aspects of knowing your customer set out in Cayman guidance, which are to:
It will normally be necessary to obtain the following documented information concerning direct personal customers:
In the case of non-resident prospective clients, identification documents of the same sort which bear a photograph and are pre-signed by the client should normally be obtained. This evidence should, where possible, be supplemented by a bank reference with which the client maintains a current relationship or other appropriate reference. A social insurance number is also considered useful.
Information about a person's residency and/or nationality is also considered useful in assessing whether a customer is resident in a high-risk country. Financial services providers should also take appropriate steps to verify the name and address of applicants by one or more methods, such as:
Identification documents, either originals or certified copies, should be pre-signed and bear a photograph of the applicant, such as:
It will normally be necessary to obtain the following documented information concerning corporate clients:
Consideration should also be given to whether it is desirable to obtain a copy of the memorandum and articles of association, or by-laws of the client.
Financial services providers are also required to put into place policies and procedures that appropriately address the risks posed by non-face-to-face contact for customers, either at the opening of the business relationship or through the operation of that relationship.
Where identity is verified electronically or copy documents are used, a financial services provider should apply additional verification checks. For example, where it is impractical or impossible to obtain sight of original documents, a copy should only be accepted where it has been certified by a suitable certifier as being a true copy of the original document and that the photo is a true likeness of the applicant for business.
Relevant firms are encouraged to be vigilant in relation to PEPs from all jurisdictions, and in particular from high-risk countries, who are seeking to establish business relationships. They should, in relation to politically exposed persons, in addition to performing normal due diligence measures:
They should also obtain senior management approval to continue a business relationship once a customer or beneficial owner is found to be, or subsequently becomes, a PEP.
Financial services providers should, in relation to cross-border correspondent banking and other similar relationships, in addition to performing normal due diligence measures:
Financial services providers should not enter into, or continue, a correspondent relationship with a “shell bank”; and should take appropriate measures to ensure that they do not enter into, or continue, a correspondent banking relationship with a bank which is known to permit its accounts to be used by a shell bank. Neither should financial services providers set up anonymous accounts or anonymous passbooks for new or existing customers.
Financial services providers should satisfy themselves that the respondent financial institutions in foreign countries do not permit their accounts to be used by shell banks.
Once the identification procedures have been completed and the client relationship is established, there remains a requirement to monitor the conduct of the relationship/account to ensure that it is consistent with the nature of business stated when the relationship/account was opened.
Firms are required to develop and apply written policies and procedures for taking reasonable measures to ensure that documents, data or information collected during the identification process are kept up to date and relevant by undertaking routine reviews of existing records. This does not mean that there needs to be automatic renewal of expired identification where there is sufficient information to indicate that the identification of the customer can readily be verified by other means.
Monitoring to identify unusual transactions is required to spot inconsistency with the stated original purpose of the accounts. Possible areas to monitor could be:
There is a specific requirement that, on a regular basis, a firm should conduct an AML/CFT audit to:
Staff should be adequately trained to enable them to identify such activity and be trained in the internal reporting systems required for compliance with the regulations. Staff training should be documented and will be subject to regulatory review. It is good practice for all institutions to maintain and regularly review their instruction manual for all employees relating to entry, verification and recording of customer information and reporting procedures.
Where a staff member conducts enquiries and obtains what he considers to be a satisfactory explanation of a complex or unusual large transaction, or unusual pattern of transactions, he may conclude that there are no grounds for suspicion, and therefore take no further action as he is satisfied with matters. However, where the enquiries conducted by the staff member do not provide a satisfactory explanation of the activity, he may conclude that there are grounds for “suspicion” requiring disclosure.
Previously, financial services providers had been required to make a report relating to suspicious activity based on knowledge or suspicion that a person was involved in money laundering. The requirement to report now arises if a person knows or suspects, or has reasonable grounds for knowing or suspecting, that another person is engaged in criminal conduct. As such, those in the regulated sector have an obligation to report all breaches of law, no matter their severity or even whether they are related to money laundering.
Indicators of potentially suspicious transactions include:
If the MLRO decides that a disclosure should be made, a report, in standard form, should be sent to the reporting authority. The form should be completed in its entirety and any fields that are not applicable should be so indicated. It is important that the MLRO fills in the form to the fullest extent possible, providing as much relevant information and detail as they have available. This will provide more assurance that the information provided is of benefit to the FRA.
It is important to note that SARs must be filed with the Financial Reporting Authority (FRA) on a suspicious transaction even if the transaction did not proceed.
The monetary authority will be examining the extent to which institutions are following the procedures during the course of on-site inspections and may take appropriate action as authorised by the regulatory laws, where warranted. In determining what action to take, the monetary authority will take into account the overall circumstances including the seriousness of the non-compliance, the number of instances of non-compliance and the failure to respond to any previous recommendations or warnings given by the monetary authority.
A person who breaches the AML compliance requirements can be liable, on summary conviction, to a fine of five thousand dollars, or on conviction on indictment, to a fine and to imprisonment for two years.
The Cayman Islands was recently used as a base for a half-a-billion-dollar international pyramid scheme, with a Cayman Islands resident cooperating with two US citizens to defraud almost 2,000 investors. The “Cash4Titles” plan involved lending money to borrowers who put up titles of their motor vehicles as security, but by the time it was closed down, old investors were being paid off by the income from new investors, essentially a standard Ponzi scheme.
Offshore companies were formed by the criminals to launder the illegal finances, which highlights the importance of corporate due diligence and ascertaining the exact purpose of a corporate client. This also highlights the Cayman Islands government's commitment to combating money laundering.
The People's Republic of China has recently sought to bring its AML provisions into alignment with other Asian jurisdictions with robust financial crime deterrence legislation and procedures, such as those that have been implemented in Singapore.
The position of China both geographically and economically has highlighted the need for stringency. Moreover, the strength of the money-laundering-deterrence regimes in its neighbouring jurisdictions has prompted an urgent response from China. In China, money laundering most commonly arises through the following channels:
In recent years, there has been an increase in more technologically based crime due to the emergence of e-banking and e-currency.
The relevant AML laws in China are:
Together, the AML laws and rules provide a procedural reference guide for financial institutions. The money-laundering offences are also found in the 1997 revision of the 1979 Penal Code under Articles 191, 312 and 349.
China was placed on an enhanced follow-up process as a result of partially compliant and non-compliant ratings in certain of the Core and Key Recommendations in its mutual evaluation report of 2007. However, it was removed from the enhanced follow-up measures in 2012 following progress in the AML regime.
The State Council appointed The People's Bank of China as the designated central bank in September 1983. In accordance with this status, The People's Bank of China (PBC) is the administrative authority for money-laundering-deterrence legislation. The Rules for Anti-money Laundering by Financial Institutions, formed in accordance with the law of the People's Republic of China on anti-money laundering, set out the functions of the PBC.
The Rules establish the PBC as the competent authority and the supervisory authority for China's banking system, whose responsibilities have been consolidated to confer certain duties to the appropriate financial institutions. Article 5 of the AML Rules lays down the PBC's supervisory responsibilities and duties pertinent to money laundering:
The Financial Intelligence Unit is housed within PBC with two separate operational units:
The Anti Money Laundering Bureau (AMLB) organises and coordinates China's AML affairs, conducting administrative investigations, dissemination and providing policy oversight. Decisions about whether to carry out an administrative investigation into a suspicious transaction report (STR) or to disseminate an STR to the Ministry of Public Security or other law-enforcement agencies are made under AML law.
The China Anti Money Laundering Monitoring and Analysis Centre (CAMLMAC) specialises in data collection, processing and analysis. It also has an extensive range of legally documented duties to perform within the realm of suspicious transaction reporting. CAMLMAC was established by the People's Bank of China, and is required to undertake the following responsibilities:
The China Banking Regulatory Commission, China Securities Regulatory Commission and China Insurance Regulatory Commission shall each undertake anti-money-laundering supervision and management responsibilities within its competence.
The money-laundering offences are contained in the Chinese Penal Code.
Article 191 contains the drug and gang proceeds offence. An offence is conducted by whoever, while clearly knowing that the funds are proceeds illegally obtained from drug-related or gang-related crimes, commits any of the following acts in order to cover up or conceal the source or nature of the funds:
Article 312 provides that whoever knowingly conceals, transfers, purchases or helps to sell illegally acquired goods commits an offence.
Article 349 contains a further drug-related offence. This makes it an offence for anyone to shield offenders engaged in smuggling, trafficking, transporting or manufacturing narcotic drugs or to harbour, transfer or cover up for such offenders, narcotic drugs or their pecuniary and other gains from such criminal activities.
For committing the drug or gang proceeds offence, in addition to the confiscation of the proceeds and gains, the perpetrator can be sentenced to imprisonment of up to five years and/or be fined between 5 and 20% of the amount of money laundered. If the circumstances are serious, the imprisonment will be between five and ten years and they will still have to pay the fine.
Where a company commits the offence, it shall be fined, and the persons who are directly in charge and the other persons who are directly responsible for the crime shall be sentenced to up to five years' imprisonment.
Knowingly concealing, transferring, purchasing or helping to sell goods is punishable by up to three years' imprisonment, criminal detention or public surveillance and possibly a fine.
A violation of Article 349 is punishable by imprisonment, criminal detention or public surveillance of up to three years. In more serious cases, this can be increased to up to ten years. Any conspirators to the crime are treated as joint offenders.
The Rules apply to:
Under Article 15 of the AML Law, each financial institution is required to establish and implement an anti-money-laundering internal control programme. Persons in charge of the financial institution are required to take responsibility for the effective implementation of the internal control programme, and each financial institution is also required to establish a specialised unit or designate a unit to be responsible for anti-money-laundering tasks.
Financial institutions and their branch offices are required to:
Responsible persons of financial institutions and their branch offices shall take responsibility in effective operation of the anti-money-laundering internal control system.
Financial institutions shall establish and implement a customer identification system according to rules and regulations. The object of this system is:
According to the AML Law, the documents required to conduct CDD are authentic and valid personal identification certificates or other personal identification documents.
In the case of developing life insurance, trust and other business relations with a client, where the beneficiary of the contract signed is not the client himself or herself, the financial institution shall conduct verification and registration of the ID or other personal identification documents of the beneficiary.
Financial institutions shall not provide services to, or conduct transactions for, clients for whom the identity is not clear, or open an anonymous account or account with fake names for the client.
Financial institutions are required to make sure that an overseas financial institution with which they have a correspondent or similar relationship effectively conducts customer identification, and that they can obtain a customer's identity information from such overseas financial institutions.
In cases where financial institutions have questions regarding the authenticity, validity or completeness of the ID of clients obtained previously, they shall re-establish the identification of clients. During the course of business relations, when changes are made to client ID information, updates to the records shall be completed without delay.
Financial institutions should conduct anti-money-laundering training in line with the requirements of prevention and monitoring of money laundering. As staff are bound by the AML requirements, the training must inform them of their obligations and the penalties for non-compliance.
Financial institutions shall keep customers' identity records and transaction information such as a transaction's statistics, vouchers and accounting materials. Financial institutions and their staff shall keep confidential customer identity material and transaction information acquired when fulfilling their anti-money-laundering obligations, and shall provide such material and information to other institutions or individuals in strict accordance with relevant laws.
Financial institutions shall develop a system to keep information on client ID and trading records, as requested. Upon the completion of business relations, or the conclusion of trading, the client ID information and the trading records shall be kept for at least five years. When financial institutions go bankrupt and are dissolved, they shall transfer the information on client ID and trading records of clients to the agencies designated by the related department of the State Council.
Financial institutions shall report any large-value (denominated either in RMB or foreign currencies) and suspicious transactions to the China Anti-Money Laundering Monitoring and Analysis Centre. These reports will be confidential. In addition, when any suspicion of crime arises while carrying out its anti-money-laundering responsibilities, a financial institution shall promptly report, in a written form, to the local branch office of the People's Bank of China and the public security agency.
Financial institutions and their staff shall keep information of their anti-money-laundering work, such as reporting of suspicious transactions or cooperation with the People's Bank of China, confidential, and should not provide such information to their customers or other individuals, since this would be in violation of regulations.
When the People's Bank of China or any of its provincial branch offices finds that a suspicious transaction needs further investigation or verification, it can request from the financial institution information on the customer account(s) involved in the transaction, records of the transaction and other related material. The financial institution must cooperate with any requests made.
Furthermore, financial institutions must implement a system to enable the reporting of large-value trading and suspicious trading. In cases where the value of a single transaction or the accumulated value of transactions within a specified period of time exceeds the specified amount or suspicious transactions are spotted by financial institutions, the financial institutions should report to the information centre of the anti-money-laundering authority without delay.
Financial institutions shall submit, in accordance with regulations issued by the People's Bank of China, anti-money-laundering statistical reports, information and material, and the anti-money-laundering-related content in their audit report.
In cases where the staff of the anti-money-laundering authority and other departments and agencies that are responsible for regulating anti-money laundering are found to have committed any of the following acts, they will be subject to administrative sanctions:
In cases where a financial institution is found to be guilty of any of the following acts, the anti-money-laundering authority shall request said financial institution to rectify the situation within a specified period of time:
In cases where the violations are serious, recommendations will be given to the related financial regulatory authorities to request that disciplinary punishments be imposed on directors and senior managers that are directly responsible and other staff that are directly involved.
In cases where a financial institution is found to be guilty of any of the following acts, the anti-money-laundering authority shall request said financial institution to rectify the situation within a specified period of time:
In cases where the wrongdoings are serious, a fine of between RMB 200,000 and RMB 500,000 shall be imposed, and the directors and senior managers that are directly responsible, and other working staff that are directly involved, shall be fined between RMB 10,000 and RMB 50,000.
In cases where the above-mentioned acts by a financial institution have resulted in money laundering occurring, a fine of between RMB 500,000 and RMB 5 million shall be imposed on the financial institution and the directors and senior managers that are directly responsible; other working staff that are directly involved will be fined between RMB 50,000 and RMB 500,000. In cases where the violation and consequences are serious, the anti-money-laundering authority may recommend to the related financial regulatory bodies that the financial institution involved should cease trading and undergo re-consolidation, or have its licence to conduct financial business suspended.
For directors, senior managers and other staff members of financial institutions that are directly involved in the acts mentioned in the previous two paragraphs, the anti-money-laundering authority may recommend to the related financial regulatory bodies that the financial institutions concerned impose on them disciplinary punishments, or it may recommend the cancellation of their post-assumption qualifications according to law, or prevent them from engaging in related financial business.
Additionally, under the rules the PBC can:
Violations of the provisions of this law which constitute crimes shall be subject to criminal liability investigation according to law.
The booming art market in China is suspected to be hiding millions of dollars of illicit funds, although this can be difficult to prove. Experts say that “show bidding”, which involves deliberately overpaying for poor art to inflate its resale value, is a technique used to launder criminal proceeds, and is successful because of the subjective nature of the value of art. Sometimes bribes are thought to pass through art transactions, so a percentage (if not all) of the value of the price of the artwork may actually be a bribe to the seller. The buyer and the seller may have an entirely different illicit relationship, but to an outside observer it would be impossible to prove that the pair had ever met.
Financial institutions need to be aware of this criminal activity, and transactions of this nature should be treated with extreme caution. In one high-profile incident, a Chinese businessman had a fake ancient jade burial suit made up. After getting a group of appraisers to verify its authenticity and value it at $375 million, he used the suit as security on a $100 million bank loan. A loan of this size with a worthless security could cripple a financial institution, so stringent, independent checks were carried out on every aspect of the situation. For this and a number of other, similar frauds, the businessman received a life sentence.
Another illicit financial market was uncovered recently in Hunan province. A simple internet search led the police to a billion-dollar illegal banking market, cutting out legitimate financial institutions altogether. This highlights the need for financial institutions to thoroughly investigate the source of wealth of their clients, and be aware that the assets clients declare may not truly reflect the assets they have to their name.
Denmark has made significant progress in its AML programme over recent years. The FATF, despite being critical in the past, has recognised that the changes Denmark has made have brought the country in line with the international AML standards.
The Act on Measures to Prevent Money Laundering and Financing of Terrorism, passed in April 2012 as a consolidation of the 2011 version, is the current AML law.
The Third EC Directive on Money Laundering was implemented in Denmark by Danish Act No. 117 of 27th February, 2006 through the enactment of Measures to Prevent Money Laundering and Terrorist Financing, which entered into force on 1st March, 2006. The Act was later amended and consolidated by Danish Act No. 442 of 11th May, 2007.
Denmark has adopted a risk-based approach to AML, and the 2007 consolidated Act addressed areas such as enhanced customer due diligence and beneficial ownership. There are no strict guidelines which indicate signs of criminal activity at financial firms. Danish regulators are obliged to correct any misapprehensions that firms might have. In 2006, the Danish prosecutor's office published a non-exhaustive report indicating matters that might be indicative of money laundering or terrorist financing.
Denmark passed a new law in April 2012 – the Act on Measures to Prevent Money Laundering and Financing of Terrorism – which consolidated the Danish Act on Measures to Prevent Money Laundering and Financing of Terrorism of 15th April, 2011.
The 2006 assessment found Denmark to be partially compliant with the required AML standards. However, in October 2010 after a follow-up report, the FATF recognised that Denmark had made significant progress in addressing deficiencies identified in the previous report and removed the country from the regular follow-up process. The FATF agreed that Denmark should now report on any further improvements to its anti-money-laundering/combating the financing of terrorism (AML/CFT) system on a biennial basis.
However, the FATF did highlight in its follow-up report that doubts remain regarding the effectiveness of the STR reporting regime, and there are deficiencies in the process for identifying low-risk customers. Despite these issues, though, Denmark is described as, on the whole, largely compliant.
The primary investigating and reporting body for financial crime in Denmark is Finanstilsynet (the Danish FSA) which attends to financial regulation in Denmark. The main purpose of the body is to oversee the financial legal compliance of financial companies and of issuers and investors in the securities market, to contribute to the development of financial legislation and to collect and spread knowledge about the financial sector.
The Prosecution Service is governed by the Minister of Justice, who supervises public prosecutions. Every firm not overseen by the Danish FSA has to register with, and send reports to, the Public Prosecutor for Serious Economic Crime. The Public Prosecutor for Serious Economic Crime attends to cases involving serious financial crime on a national basis. The Public Prosecutor for Serious Economic Crime is responsible for prosecuting major financial crime. The Special International Crimes Office attends to crimes, including financial crime, committed by foreigners outside Denmark.
The money-laundering secretariat produces an annual report detailing information on money-laundering activity in Denmark.
Money laundering is criminalised under Article 290 of the Criminal Code. Furthermore, Section 4 of the AML Act defines what constitutes “money laundering” under the Act. Money laundering shall mean:
The Act and the Criminal Code define “financing of terrorism” as contributing “by instigation, advice or action to furthering the criminal activity or the common purpose of the group of persons or an association, which commits one or more of the offences as stated in s.114 which is directly or indirectly granting financial support to, provides or collects funds, or makes money available to a person, group or association that commits or intends to commit terrorist acts”. This carries a penalty of imprisonment for any term not exceeding six years.
Section 2 describes the ban against cash transactions. Retailers and auctioneers may not receive cash payments of DKK 100,000 or more irrespective of whether payment is effected in one instance or as several payments that seem to be mutually connected.
Section 27(1) is similar to the tipping-off offence which exists in common with all other countries that have implemented the EU Directive and FATF Recommendations. It is a prohibition which states that all undertakings, employees and all other persons shall be obliged to keep secret the fact that a notification or suspicion has been passed to the State Prosecutor for Serious Economic Crime. Once information has been reported, it may be passed on by virtue of Section 27(2–7) to:
Money laundering is punishable, under Article 290 of the Criminal Code, by 18 months' imprisonment, which can be increased to six years for serious or organised crimes.
Section 26 states that undertakings and persons subject to the Act shall provide information in good faith and shall not incur liability. Disclosure on information under the Act shall not be considered a breach of any duty of confidentiality.
The Act applies to various financial institutions including, but not exclusive to, banks, mortgage-credit institutions, investment companies, investment management companies, life assurance companies and lateral pension funds.
Undertakings and persons have an obligation under Section 25(2) of the Act to appoint a person at management level to ensure that undertakings comply with their obligations under the Act and any subsequent regulations or directives. They must have access to customer information and other relevant information in order to ensure that the undertakings and persons comply with the obligations stipulated in this Act, under Section 25(3).
Employees should be informed by the person appointed under the sections above that their duties and obligations are stipulated under the Act. If there is no person able to perform the role, the duty falls on the employer.
Part 4 of the Act details the customer due diligence requirements which relevant undertakings must carry out in order to identify the clients when they suspect money-laundering activity. Undertakings and persons under this Act are required to have knowledge of their customers; this will require customers to provide proof of identity when establishing a business relationship or when opening an account.
When a firm conducts single transactions or business with occasional customers, undertakings and persons covered by the Act must carry out due diligence, including proof of identity for each transaction of an amount corresponding to DKK 100,000 or more. The requirements concerning proof of identity apply irrespective of whether the transaction is completed in one or more related operations if these appear to be connected.
Customers that are natural persons must provide proof of identity which will include:
Information shall also be obtained about the business relationship in terms of the customer's business objectives and intent.
The customer relationship and transactions conducted throughout the course of the business relationship should be closely monitored on a regular basis to ensure that conduct is consistent with the undertaking's knowledge of the customer, its business and risk profile as well as the source of funds. Documents obtained, relevant data and other information should also be kept up to date by the firm.
If there are any doubts as to the credibility of customer identification documents, then new proof of identity will be required. Undertakings and persons under the Act may decide to carry out identification procedures on the basis of a risk assessment conducted, depending on the risk related to each individual customer, product or transaction. The undertaking or person must, however, be able to prove to the authorities that the extent of its investigation is adequate in relation to the risk of money laundering and the financing of terrorism.
For customer relationships established before entry into force of the Act (April 2012) and where the information mentioned above does not exist, proof of identity and collection of information should still be carried out by a firm at a suitable time and on the basis of a risk assessment.
A relevant firm should conduct identification procedures establishing a customer relationship before a transaction is undertaken. However, a customer transaction may be completed in immediate continuation of the establishment of the customer relationship on the basis of a documented risk assessment in order not to interrupt the normal conduct of business. If proof of identity cannot be carried out so as not to interrupt the normal conduct of business, then it should be completed as soon as is practical after initial contact with the customer.
If proof of identity cannot be provided, a business relationship should not be established and the transaction should not be carried out. At the same time, a notification may need to be sent to the State Prosecutor for Serious Economic Crime.
For customers which are undertakings, the proof of identity shall include:
In addition to this, the ownership and control structure of the undertaking will need to be clarified and the beneficial owners of the undertaking are also required to provide proof of identity.
However, proof of identity will not be required when the beneficial owner has funds in a client account of a notary or lawyer, if the notary or lawyer is subject to regulations under the Act. It should be noted that it is a condition that information about the identity of the beneficial owner is made available to the account-holding institution when the institution requests this.
If an undertaking or person covered under this Act has knowledge or the presumption that a person other than the one they are in contact with is the beneficial customer, the undertaking or persons covered under the Act may demand to be informed of the identity procedures conducted on the actual beneficial customer. The identity of the immediate customer should be clarified on the basis of a risk assessment.
When a customer has not been physically present for identification purposes, the undertaking should take one or more of the following measures:
PEPs are subject to enhanced due diligence requirements. Undertakings and persons covered under this Act shall:
The Act covers the enhanced due diligence obligations for anonymous products and transactions. Undertakings and persons covered by the Act must be particularly aware of any money-laundering and financing-of-terrorism threats that may arise from products or transactions that might favour anonymity, and take measures, if needed, to prevent the products or transactions being used for money laundering or the financing of terrorism.
For cross-frontier correspondent banking relationships with banks and institutions from countries outside the European Union with which the Union has not entered into an agreement for the financial area, the banks, mortgage-credit institutions, payment institutions and e-money institutions covered by this Act shall, before establishing new correspondent banking relationships:
Banks, mortgage-credit institutions, payment institutions and e-money institutions may not enter into or continue a correspondent banking relationship with a shell bank, and they shall take reasonable measures to avoid a connection with a credit institution which is known to permit shell banks to use its accounts.
The Danish FSA may, when acting on the recommendations of the FATF, common positions or Regulations adopted by the European Union, lay down more specific regulations on the duty applying to undertakings and persons specified in Section 1 requiring them to systematically submit information to the Public Prosecutor for Serious Economic Crime concerning financial transactions with non-cooperative countries in connection with combating money laundering or the financing of terrorism. The Danish FSA may stipulate that notification is to be carried out systematically in all cases even though no suspicion has arisen.
Undertakings and persons covered by the Act shall, on the basis of a risk assessment, make further requirements of proof of identity for customers which, by their nature, can represent a higher risk of money laundering and financing of terrorism. This means that, at a minimum, they should meet the requirements for non-face-to-face customers and PEPs, as stated above.
There is a requirement for customer relationships to be monitored on a regular basis. Specifically, transactions undertaken throughout the course of the relationship should be monitored to ensure that the transactions being conducted are consistent with the undertaking's or person's knowledge of the customer and the customer's business and risk profile, including, where necessary, the source of funds.
Documents, data and other information about the customer should be kept up to date. The enhanced due diligence requirements also highlight the obligation to continuously monitor business relationships.
Undertakings and persons under the Act must prepare adequate written internal rules about customer due diligence, reporting, record-keeping, internal control, risk assessment, risk management, management controls and communication as well as training and instruction programmes for their employees in order to forestall and prevent money laundering and the financing of terrorism. Adequate written internal rules shall also be prepared on compliance with the Regulation of the European Parliament and of the Council on information on the payer accompanying transfers of funds, where this is relevant, and regulations containing rules on financial sanctions against countries, persons, groups, legal entities or bodies. This obligation rests with the employer, unless a person at management level has been appointed to ensure compliance with the Act.
Undertakings must appoint a person at management level to ensure that the undertaking complies with its obligations under the Act. Furthermore, employees should be informed that their duties and obligations are stipulated under the Act.
Undertakings and all persons subject to the Act must store identity information for no more than five years after the customer relationship has ceased. Documents and records concerning transactions must also be stored so that they can be located for at least five years after performance of the transactions.
If an undertaking ceases activities, the last acting management shall ensure that identity information continues to be stored. In the case of bankruptcy, the court may decide the persons who may store identity information.
Undertakings and persons under the Act are required to pay special attention to customers' activities which, by their nature, can be associated with money laundering or the financing of terrorism. Special attention must be given to transactions which are particularly large and/or complex, unusual patterns of transactions for the customer and transactions which have connection to countries or territories where, pursuant to declarations from the Financial Action Task Force, there is deemed to be a special risk of money laundering or financing of terrorism. Any suspicion that a customer's transaction is associated with money laundering must be investigated, recorded and kept. Such suspicions must also be notified to members of the Danish Bar and Law Society, who will assess whether the suspicion is subject to reporting obligations and will immediately forward notification to the State Prosecutor for Serious Economic Crime.
If the suspicion relates to offences punishable by imprisonment for more than one year and the suspicion cannot be disproved, the State Prosecutor for Serious Economic Crime should be informed immediately.
If the suspicion is related to money laundering and the transaction has not already been carried out, the transaction shall be suspended until notification has been given to the State Prosecutor. If effectuation of the transaction cannot be avoided, or if it may harm the investigation, notification can be given immediately after effectuation.
If the suspicion is related to the financing of terrorism, transactions from the account or transactions from the person in question may only be carried out with the consent of the State Prosecutor for Serious Economic Crime. The Prosecutor shall decide, as soon as possible and no later than the end of the banking day following receipt of the notification, whether seizure is to be effected.
The police have authority under the Administration of Justice Act to demand any information necessary for investigation of the case from undertakings and other persons under this Act.
If the Danish FSA or Danish Commerce and Companies Agency learns of circumstances that are presumed to be associated with money laundering or the financing of terrorism, these authorities are under an obligation to notify the State Prosecutor of Serious Economic Crime.
The Danish FSA, when acting on the recommendations of the Financial Action Task Force, has set out specific regulations on the duties which apply to undertakings, requiring them to systematically submit information to the State Prosecutor concerning financial transactions with non-cooperative countries in connection with combating money laundering.
Intentional or grossly negligent breaches of the above requirements will mean that undertakings and persons under the Act shall be subject to a fine. Intentional or grossly negligent violation of Section 35(2), which prohibits unlawfully divulging information to others, shall subject the undertakings or persons to a fine, unless more severe punishment is incurred under the regulations of the Criminal Code.
For particularly gross or extensive intentional violations regarding the ban against receiving cash payments of DKK 100,000 or more, breaches of reporting and investigating obligations and due diligence requirements which relate to proof of identity for regular customer relationships, occasional customers and transactions for a third party and record-keeping obligations, the penalty may be increased to imprisonment for up to six months.
In cases involving the failure to supply the Danish Commerce and Companies Agency and/or the Danish FSA with all information necessary for supervision and compliance with the Act, these bodies will be entitled, as a coercive measure, to impose daily or weekly fines on the person or undertaking responsible.
An intentional or grossly negligent violation of the record-keeping requirements will mean that undertakings shall be subject to a fine, unless more severe punishment is incurred under the regulations of the Danish Criminal Code.
Companies may incur criminal liability according to regulations in Chapter 5 of the Criminal Code.
Suspicious transaction reports have been used to good effect on a number of occasions in Denmark. In one case, an account was actually being used by the customer's husband to conduct various fraudulent activities: hiring out fictitious holiday homes and selling shares under various names, for example.
The alarm was raised when another customer, who had only ever made one previous transaction to the account, made 120 transfers in one week. Ongoing monitoring of the account's activity was key to securing a conviction here, as well as avoiding financial and reputational damage to the financial institution.
Reports have also been used to highlight overseas scams. In various cases, victims had transferred around DKK 200,000 to people they had never met, some of them believing they were starting a relationship with the recipient. Dating websites and other social media had been used to make contact, and often the victims did not realise they were the victims of fraud. Financial institutions should be aware that these situations do occur, and enhance the due diligence and monitoring procedures when large amounts of money are being transferred to foreign jurisdictions for no apparent reason.
Phishing is another criminal practice which has been reported in Denmark. Phishing is when a criminal accesses a customer's bank account without their knowledge or permission, and transfers money from there to another “interim account”. The owner of the interim account, or “mule”, is told that they will be paid to transfer the money to the recipient, but is actually facilitating the money-laundering process. In one case, the mule was recruited via an email about an extra job; he responded by registering his details on a website belonging to a company which, judging by its name, was engaged in fast money transfers. He was called and told that money from German car contracts had been deposited in his account. He then received an email with instructions, but when he wanted to withdraw the money from his account in order to follow them, the bank had frozen the money. He was later found guilty of attempted money laundering.
The existence of money-laundering activity in Finland is limited; however, it is still monitored, with Finland having effective legislation in place in accordance with its international obligations. In 2007, the FATF noted that there have been few convictions for money laundering, that the number of prosecutions for offences is low and that the number of sentences provided for money-laundering convictions in Finland is also low.
The Act on Preventing and Clearing Money Laundering and Terrorist Financing 2008 provides the AML legislative framework.
The main anti-money-laundering legislation in Finland is the Act on Preventing and Clearing Money Laundering and Terrorist Financing (503/2008), (AMLA). The Act came into force on 1st August, 2008 and incorporates the Third EC Directive into national law. According to the Finnish Financial Supervisory Authority, the Act is supplemented by Government Decree 616/2008, supplemented by Government Decree 1204/2011, Decision by the Ministry of the Interior 156/2010 and Government Decision 1022/2010. However, only Government Decree 616/2008 is listed on the official website of government decrees. Standard 2.4 of the 2010 FIN-FSA Code of Conduct provides guidance on the customer due diligence (CDD) and reporting requirements.
The 2007 mutual assessment noted that Finland has a good legal structure to combat money laundering and terrorist financing, and that the related offences are quite broad. The due diligence requirements were, however, lacking, for example with regard to PEPs and beneficial owners, but in June 2013, the FATF removed Finland from the regular follow-up process to which it had previously been subject.
The financial intelligence unit, in connection with the National Bureau of Investigation, deals with reports submitted to it on suspicious transactions. Finland's FIU, known as the Money Laundering Clearing House, is a part of the National Bureau of Investigation and has a number of key duties under AMLA, such as:
The Money Laundering Clearing House is also responsible for reporting to the Ministry of the Interior.
The Financial Supervisory Authority is responsible for ensuring that the procedures, risk management and internal control of supervised entities meet statutory requirements. It is the Financial Supervisory Authority's duty to ensure that the operating procedures, risk management and internal control of supervised entities are in compliance with existing legislation.
The Ministry of the Interior is responsible for internal security and migration. It is also responsible for the development of anti-money-laundering legislation.
The definition of money laundering under the Act refers to Chapter 32, Sections 6–10 of the Penal Code (39/1889). Money laundering is defined in Section 6 of the Penal Code as the action of a person who:
The penalty for being found guilty of money laundering could be in the form of a fine or imprisonment for up to two years. The Code also states that even an attempt to undertake money laundering is punishable. The scope of the Act is addressed in the next section.
In cases of aggravated money laundering, where the property acquired has been very valuable or the offence is committed in a deliberate manner, the offender may face imprisonment for at least four, and up to six, years (Section 7 of the Penal Code).
Section 8 of the Penal Code states that a person who agrees with another on the commission of aggravated money laundering directed at the proceeds of bribery, the acceptance of a bribe or aggravated tax fraud or aggregated subsidy fraud or a property replacing such fraud shall be sentenced for conspiracy for the commission of aggravated money laundering to a fine or imprisonment for up to a year.
If the money laundering referred to in any of the above offences is considered to be petty when assessing the consideration of the value of money as a whole, the offender shall be sentenced solely to a fine for a money-laundering violation.
The AMLA applies to 24 different varieties of financial institution, including:
Finland has adopted a risk-based approach. Entities are under an obligation to assess the risks of money laundering and funding of terrorism, by taking into account the risks specifically related to their business, products, services, technological development and their clients' businesses and business activities.
Additionally, AMLA requires that supervised entities assess the adequacy of their CDD procedures on the basis of a documented risk analysis. Supervised entities should have adequate risk-management systems for assessing risk exposures to customers in their activities. Due diligence procedures and risk management for prevention of fraud, such as money laundering, need not be organised in a unit separated from the rest of the risk-management or business operations. Therefore, in Finland the unit may be integrated with the supervised entity's general risk-management and internal control functions. However, even though this is allowed, we would still expect firms to consider having the unit segregated from such functions and perhaps aligning it more closely to the legal, compliance and fraud investigation units.
The 2010 Code of Practice introduced the concept of an MLRO, by providing that:“The organisational structure of the supervised entity shall include the appointment of a contact person responsible for the prevention of money laundering and terrorist financing. The position and duties of the supervised entity's contact person may vary according to the organisational structure of the entity. The contact person must be in an independent, preferably non-business, position with the powers and capacity to act in such practical matters related to the prevention of money laundering and terrorist financing as require immediate action, such as reporting suspicious transactions or responding to enquiries from authorities.”
On the basis of a risk-based assessment, entities should identify whether to apply normal, reduced or enhanced CDD. In customer relationships where supervised entities, on good grounds, have come to the conclusion that the business conducted has only minor or no money-laundering and/or terrorist-financing risks, normal due diligence is sufficient. In certain situations, the AMLA allows simplified customer due diligence.
Parties subject to the reporting obligation are required to obtain information on their customers' transactions, the nature and extent of the customers' business and the grounds for the use of a service or product. Parties subject to the reporting obligation should pay particular attention to transactions which are unusual in respect of their structure or extent or the size or office of the parties subject to the reporting obligation. The same also applies if transactions have no apparent economic purpose or if they are inconsistent with the parties' experience or knowledge of the customers. If necessary, measures should be taken to establish the source of funds involved in a transaction.
Parties subject to the reporting obligation are required to identify a customer's identity when they:
The identity of a natural person should be verified with a document obtained from a reliable and independent source based on a valid official identification document. Under AMLA, the following are required to be recorded to complete the CDD process:
The Code notes that valid versions of the following documents issued by Finnish authorities are commonly used for identity verification in Finland:
Supervised entities may also verify a natural person's identity using valid documents granted by foreign authorities, such as:
To complete CDD for a legal person (i.e. a company), the following should be ascertained:
If the customer is a company or corporation whose securities are admitted to public trading, then simplified customer due diligence procedures may be undertaken, since the firm is considered to be required to provide public information as a consequence of its listed status.
A person representing a legal person should be identified and, if necessary, the identity should be verified (according to a risk-based approach). If necessary, the scope of authority of a legal person's representative should be confirmed via a separate power of attorney or an extract from the minutes of a decision-making body of the legal person. Information on the identity of the beneficial owners can be obtained from a limited company's list of shareholders, minutes, contracts or other documents on the company's ownership and control structures.
The supervised entity can perform an identity verification of the beneficial owners based on risk-based consideration. In addition to identification and contact information, the following information should be obtained from the customer (depending on the customer relationship):
A representative acting on behalf of a legal or natural person should be identified and the identity verified, if necessary – Section 7(3) AMLA.
Simplified customer due diligence procedures may be applied (according to the following exhaustive list), if the customer is:
Supervised entities should employ enhanced due diligence to such customer relationships, transactions and services where they assess increased risk of abuse to be involved, such as money-laundering or terrorist-financing risks. The AMLA contains examples of customer relationships requiring enhanced customer due diligence:
If the customer is not physically present for the CDD process, the party subject to the reporting obligation shall take the following measures to mitigate the risk of money laundering and terrorist financing:
In Finland, enhanced due diligence requirements apply when dealing with PEPs (examples of PEPs are listed in Government Decree 616/2008). Parties subject to the reporting obligation must have the appropriate risk-based procedures to determine whether the customer is holding, or has held, an important public position in another state.
Supervised entities shall create procedures and internal instructions for establishing and maintaining customer relationships with politically exposed persons, their family members and close associates. To comply with this requirement:
The legislation states that a person is no longer considered a politically exposed person when he or she has not held an important public position for at least one year. However, the operation of the risk-based approach might still result in additional, ongoing monitoring of the relationship.
Supervised entities should not have unidentified (anonymous) customers, and have the right to refuse customers that do not give information on themselves or their operations or whose size, place of business or nature of operations is in conflict with the business strategy of the entity.
Enhanced CDD should be applied if a correspondent banking or equivalent business relationship is concerned. Commencement of a correspondent banking or equivalent business relationship requires the obtaining of sufficient information on the counterparty and approval from senior management. The relationship also needs to be monitored and reviewed regularly.
Customer relationships must be continuously reviewed so as to monitor adequately the nature, extent and risks of the customers' transactions in order to ensure that the transactions conducted are consistent with parties' experience or knowledge of their customers and business. Such monitoring must be ongoing to ensure that parties subject to the reporting obligation detect any exceptional or unusual patterns or transactions.
The risk assessments must be updated regularly, taking into account any changes occurring in the services provided by the supervised entity and/or the activities of the customer (for example, introduction of new products, system changes and changes in customer ownership structure and business activities). The supervised entities shall be able to demonstrate to FIN-FSA that their customer due diligence and risk-management procedures are sufficient in relation to the existing risks and that the money-laundering and terrorist-financing risks related to the entity's nature of operations, customer relationships, products, services and to technical developments have been assessed.
Supervised entities should arrange adequate monitoring in light of the nature, extent and risks of customer operations. The ongoing monitoring shall be systematic and comprehensive, considering the scope of operations and the risks in customer relationships. The supervised entity shall have internal instructions for using ongoing monitoring procedures as well as adequate resources and internal control.
Supervised entities shall see to it that their employees are given proper training in order to ensure compliance with the provisions on preventing money laundering and terrorist financing. Regular, comprehensive training of employees should be arranged at all levels of the organisation, particularly for such groups of employees as are involved in customer relations, product development, clearing, safe-keeping and payment and/or settlement systems. All training should be recorded in a separate training register.
The obligation of protecting employees as referred to in the AMLA means that the employer should have adequate and appropriate procedures for protecting employees who report suspicious transactions to the financial intelligence unit. The obligation of protecting employees can be fulfilled through, among other things, instructions and internal training of employees, and ensuring that the identities of employees who undertake such reporting are not disclosed to customers.
Supervised entities shall also have internal instructions on customer due diligence procedures to be conducted and procedures adopted to ensure compliance with the obligation of obtaining information and reporting suspicious transactions to prevent money laundering and terrorist financing. The instructions shall be adapted to their own operations and services. The instructions should take into account, among other things, internal processes, distribution channels and products as well as outsourced activities and agent relationships. The instructions should also consider product and system developments and expansion of operations into new markets.
Identification, identity verification and customer due diligence information should be documented and retained so that the supervised entity can later show the authorities how each customer was identified, which documents or what information was used as proof of identity and who carried out the customer identification. In addition, for customer due diligence and risk management of the customer relationship, the supervised entity should retain sufficient and essential information on the customer, its representatives, ownership structure and beneficial owners as well as members of a legal person's board of directors or corresponding decision-making body. The retention duty also applies to information on the nature of customer activities, the legal person's ordinary industry sector, the scope of operations and the services provided by the supervised entity and the use thereof.
Records must be kept of all customer due diligence data in a secure manner for a period of up to five years following the end of regular customer relationships. The data must be kept separate from the customer register, and must be removed five years after making a report, unless it is necessary to keep records of the data for a longer period (such as for the purpose of criminal investigation pending judicial proceedings). The need to keep records of data shall be reviewed no later than three years after the previous occasion on which it was reviewed.
When an occasional transaction amounts to over EUR 15,000 or to EUR 3,000 or more in cases of gaming activities, records must be kept of customer due diligence data for a period of five years following the carrying out of a transaction.
Compliance with the obligation to obtain information as referred to in the AMLA requires that supervised entities have adequate knowledge of their customers' activities so that they can detect unusual orders or transactions and report them. Parties that are subject to reporting obligations shall obtain information on their customers' transactions, the nature and extent of the customers' business and grounds for the use of a service or product. Monitoring should be arranged in view of the nature, extent and risks of the customer's transactions in order to ensure that the transaction being conducted is consistent with parties' experience and knowledge of the customers and their business.
Having detected an unusual transaction, a supervised entity is obliged, within reasonable means available, to examine the background of the transaction as well as the origin and purpose of funds included. Information may be obtained from, for example, official registers or the supervised entities' own registers or by requesting more detailed information on the transaction from the customer, such as contracts or other documents supporting the transaction. Supervised entities are also entitled to check customers' credit information.
Having fulfilled obligations to obtain information, parties subject to the reporting obligation shall immediately report a suspicious transaction or suspicion of terrorist financing to the financial intelligence unit. The report should generally be made electronically. It is only if there is a special reason preventing electronic delivery that the report may also be submitted in some other manner. Parties subject to the reporting obligation shall give the financial intelligence unit, free of charge, all the necessary information and documents that could be significant in clearing the suspicion.
Supervised entities should act without delay so that funds or other assets related to a suspicious transaction are not transferred beyond authority access. If their suspicions are aroused, supervised entities may, at their own discretion, take the following courses of action:
Supervised entities should inform the financial intelligence unit if:
There are additional obligations where the suspicious transaction originates from a high-risk country.
When a suspicious transaction is reported to the financial intelligence unit, the report is not a report of an offence (investigation request). It is a report based on a supervised entity's detection of an unusual transaction or order in the financial market. No minimum amount (in money) has been specified for such a report. The supervised entity need not know or evaluate what kind of criminal offence may have been committed.
A commanding police officer working at the financial intelligence unit may give parties subject to the reporting obligation an order that they should refrain from conducting transactions with a customer for no more than five working days, if such a suspension is considered necessary to prevent what is clearly money laundering or terrorist financing from being conducted.
The financial intelligence unit may also give such an order at the request of a foreign authority responsible for preventing money laundering and terrorist financing.
The reporting and due diligence threshold is when the sum of a transaction amounts to EUR 15,000, whether the transaction is carried out in a single operation or several operations which are linked to each other. The threshold is EUR 3,000 for amounts which relate to the proceeds from gaming activities.
Penalties can be imposed on those subject to reporting obligations for breaching provisions of the Act. Parties subject to reporting obligations are liable for the financial loss sustained by their customers as a result of clearing a transaction, reporting a suspicious transaction or suspending or refusing to conduct a transaction, only if the parties have failed to carry out such customer due diligence measures as can reasonably be required of them, considering the circumstances.
Parties who deliberately or through negligence fail to fulfil the obligation to conduct customer due diligence or the obligations to keep records of due diligence data shall be sentenced for violation of customer due diligence to a fine, unless a more severe punishment for the act is provided elsewhere in the law.
Anyone who deliberately or through negligence fails to make a report, discloses reporting to those subject to suspicion or fails to obtain relevant information under provisions under the Act shall be sentenced for violation of the obligation to report money laundering to a fine.
While we started this chapter stating that Finland was not a major centre for money laundering, cases can still occur. One of the largest criminal cases in Finnish legal history actually involved money laundering and various other financial crimes. After investigating over 200 suspects, nearly 100 people were prosecuted and ordered to repay over EUR 5.5 million in unpaid taxes. The crime stemmed from the construction industry, where a large criminal gang had maintained an extensive business with forged receipts, and by employing undocumented workers. The business was used as a cover for criminal proceeds, and the case led to 44 custodial prison sentences.
The 2012 US Department of State report on France notes that the country remains an attractive venue for money laundering because of “its sizable economy, political stability and sophisticated financial system”. As a consequence, the country has put in place comprehensive and effective systems of financial controls and is at the forefront of reform domestically and internationally to fight money laundering and terrorist financing.
The money-laundering offence is contained within the French Penal Code. Furthermore, the Monetary and Financial Code (CMF, “The Code”) details obligations on regulated entities with regard to AML procedures, and the ACP guidelines provide further guidance.
France is a European Union (EU) country, and therefore is obliged to implement all three EU money-laundering directives. The First EU Money Laundering Directive (91/308/EEC) was transposed into French law in 2004 and the Second Directive (2001/97/EC) in 2006, with Decree No. 2006-736. According to the International Bar Association Anti-Money Laundering Forum, the Third EU Money Laundering Directive was transposed into French law via Ordinance No. 2009-104 issued on 30th January, 2009. Decree No. 2009-874 was enacted on 16th July, 2009 and Decree No. 2009-1087 on 2nd September, 2009 “in order to make the Third EU Directive effective”.
The third mutual evaluation of France, conducted in 2010, noted a variety of changes which strengthened the AML regime. However, although the suspicious transaction reporting (STR) and customer due diligence (CDD) requirements for financial institutions were largely compliant with FATF regulations, it also stated that a “considerable effort” was required with regards to non-financial institutions to achieve the same level of coverage.
The central authority for reporting is called TRACFIN, and is placed under the sponsorship of two ministers: the Minister of Economy and the Minister of Budget. The authority processes financial information regarding suspicious transaction reports, and has considerable autonomy and operational independence to carry out its functions. TRACFIN has signed bilateral cooperation treaties with 51 countries, most recently Saudi Arabia, Fiji, Serbia, Algeria and the Ivory Coast.
The ACP is responsible for licensing and supervision of banks and insurance agencies. Its main mission is to ensure the preservation of financial stability and protection of bank customers, policyholders and beneficiaries of insurance contracts. The status of the ACP is codified in Articles L.612-1 et seq of the Monetary and Financial Code.
In September 2011, the Prudential Control Authority (ACP) took several measures to improve its ability to fight money laundering and terrorist financing. The ACP has provided guidelines to help financial institutions define and research “the effective beneficiary” of money laundering or the financing of terrorism. The ACP also has defined new reporting obligations for money exchangers. The latest ACP guidelines were released in 2012, and concern the occasional customer and due diligence requirements.
By virtue of 324-1 of the French Penal Code, money laundering is defined as (translated from French):“The facilitation, by any means, of the false justification of the origin of property or income of the perpetrator of a crime or an offence which has brought it a direct or indirect benefit.”
Money laundering also covers the provision of assistance to an investment transaction, concealment or conversion from direct or indirect proceeds of crime or misdemeanour.
Money laundering is punishable by five years' imprisonment and a fine of EUR 375,000. Aggravated money laundering, which involves organisations, repeat offenders or those in breach of professional obligations, is punishable by ten years' imprisonment and a fine of EUR 750,000.
Both of the fines mentioned above can be increased to half the value of the property or funds involved in money-laundering operations. Attempts carry the same penalty as completed offences.
Entities should collect information related to the knowledge of the business relationship on the basis of a risk-based approach. The information gathered should be proportionate to the risk of money laundering and financing of terrorism presented by the customer. Relevant firms should establish a classification of the risks of their activities, depending on the degree of exposure to money laundering and terrorist financing judged by the particular nature of the products or services offered, the proposed transactions, distribution channels used and the characteristics of clients.
Compliance with these provisions should allow firms to make, if necessary, a further examination of the client's circumstances or a declaration to the authorities.
The implementation of the obligations of identification and verification of customer identity, Know Your Customer, the purpose and nature of the business relationship and constant vigilance is based on the distinction between a customer relationship and a casual business customer.
Financial institutions collect and analyse information related to their knowledge of customer business relationships. The information collected should be appropriate and proportionate to the risk of money laundering and terrorist financing presented by the customer and operations.
Financial institutions establish procedures for the implementation of the CDD measures on customers. These procedures must be adapted and updated regularly to detect cases in which an occasional customer becomes a business customer. Financial institutions must create a risk profile and take into account any evidence to change the risk profile of the business relationship and accordingly update this profile, in order to detect anomalies that could give rise to a strengthened review.
The 2012 ACP guidelines state that “The financial service provider must ensure, within the framework of its internal control, compliance with the AML-CFT, including measures regarding the analysis, monitoring and control of the risks of money laundering and financing terrorism operations transmitting funds”. While it is not stated expressly, an MLRO could perform this role.
The due diligence requirements differ depending on whether a customer is engaged in a business relationship. A business relationship is formed when a regulated person undertakes a professional or commercial relationship which is intended to last a certain duration, or when, in the absence of a contract, a customer receives financial services on a regular basis.
Conversely, an occasional customer is any person who addresses a regulated entity for the exclusive purpose of preparing or carrying out a specific operation or assists in the planning or execution of such an operation, whether it is performed in a single operation or several operations which appear to be linked.
In all cases, the duration is a key element of the business relationship. The concept of time is also found in the absence of a contract, with terms related to the intervention of a financial institution, such as “regularly” or “an operation with a continuing character”, mentioned in the CMF.
Where an entity is not able to identify its client or to obtain information on the purpose and nature of the business relationship, it should not perform any operation, regardless of the terms, and it should not engage in, or continue, a business relationship.
Before entering into a business relationship with a client or assisting in the planning or execution of a transaction, regulated entities must identify their clients and, where applicable, the beneficial owner of the business relationship by appropriate means and verify this identification upon presentation of any other documentary proof.
They should also apply the same conditions to their occasional customers and, where applicable, the beneficial owner of a customer where they suspect that the transaction might involve money laundering or terrorist financing or, under conditions set by Order in Council of State, if the operations are of a certain nature or exceed a certain amount.
Regulated entities must verify the identity of the customer and, where appropriate, the identity and powers of persons acting on behalf thereof, under the following conditions.
When the client is an individual, the entity should examine a valid official document with a photograph. This should indicate:
When the client is a corporation, the reporting entity should examine the original or a copy of any deed or extract from an official register (which is no more than three months old) stating:
CDD should also be carried out on any individual representing the company.
Before carrying out or assisting with a transaction, regulated entities are required, regardless of suspicion, to identify an occasional customer and, where applicable, the beneficial owner of the company involved. They should carry out CDD in the following cases:
When the risk of money laundering and terrorist financing seems low, reporting entities may reduce CDD. In this case, they should justify to the supervisory authority the manner in which the extent of the measures is appropriate to those risks.
Reporting entities should apply additional due diligence measures in respect of their client if:
Reporting entities should carry out an enhanced review of any operation which is particularly complex, unusually large or which does not appear to have any economic justification or lawful purpose. In such cases, entities should ascertain from the customer information on the source and destination of the funds, the subject of the transaction and the identity of the beneficiary.
The opening of anonymous accounts is prohibited.
The financial institution needs to ensure, as part of its internal control, that it complies with the CDD requirements, that it has knowledge of purpose, nature and circumstances of its business relationships and that it is constantly vigilant regarding potential money laundering by implementing procedures and adequate internal controls. Financial institutions must be able to justify the measures taken to the CPA.
The PSP shall have in place systems for monitoring and analysing their business relationships, based on knowledge of their customers, especially to detect transactions that are anomalous with respect to the profile of the business relationship and which may warrant further examination. This monitoring and analysis must consider the risks identified by the risk classification.
In practice, the PSP should set predetermined limits at which it seeks additional information on individual or multiple operations regarding the same business relationship, when they involve cross-border transactions. There should also be an upper limit at which the PSP should refuse to facilitate a transaction.
The ACP may review the transactions falling into these categories.
Entities should provide regular training and information to their personnel in respect of the obligations within the AML framework.
Reporting entities should retain all documents relating to CDD for five years, starting from the termination of the business relationship or closure of the account. Enhanced CDD documents should be kept for longer. They should also keep any documents relating to transactions made by customers for five years, starting from the date of the transaction.
Firms are required to declare any deposits or transactions involving sums which they know, suspect or have reasonable grounds to suspect come from an offence punishable by imprisonment exceeding one year or form part of terrorist financing or involve tax evasion to TRACFIN.
They are also required to report any transaction for which the identity of the customer or the beneficial owner remains uncertain despite the CDD requirements being carried out. Entities are required to refrain from conducting any operation which they suspect to be related to money laundering or terrorist financing until they have made the requisite declaration.
When an operation which should be the subject of a declaration has already been carried out, either because it was impossible to delay it or because a delay would have hindered the subsequent investigation, or if it appears after the transaction has been completed that it should be reported, the PSP shall inform the authorities as soon as possible.
The National Commission may impose one of the following administrative penalties:
A temporary ban may include a suspension. If, within five years of the imposition of a sanction, the sanctioned person commits an offence or perpetrates misconduct resulting in the imposition of new sanctions, these new sanctions shall be more severe than those imposed previously.
The committee may decide, either instead of or in addition to these penalties, to impose a financial penalty depending on the severity of the breaches committed. This penalty cannot exceed five million euros, and is collected by the Treasury. The committee may also recover costs from the person sanctioned.
The committee may decide to publish the sanction, at the expense of the person penalised, in any relevant newspapers or publications.
The “Franceafrique” cases are a source of ongoing speculation about large-scale money laundering and financial crime. There are various unanswered questions regarding France's relationship with its former African colonies, and the extent of the finances involved from comparatively poor jurisdictions raises questions about the legitimacy of the funds involved. For example, French judges recently revealed that:
There have been charges brought against former government aides, suggesting that this scandal could go high into the French government. At the time of writing investigations were ongoing, but the outcome will be received with interest.
The small regional French bank Société Marseillaise de Crédit was found guilty of money laundering, along with the National Bank of Pakistan, in December 2008. The crimes took place in the late nineties and involved stolen or fraudulent cheques shuttled between France and Israel and via various bank accounts. The French bank was fined EUR 100,000, and one of its directors received an eight-month suspended prison sentence.
The French regulator has identified a number of case studies to provide practical guidance for financial institutions. For example:
Germany has generated a relatively large number of prosecutions for money laundering and also orders to confiscate assets, although the recent FATF review identified that its money-laundering-deterrence regime did have shortfalls. However, having recently introduced a new financial crime deterrence regime, Germany looks likely to become a strong country with regards to AML.
Geldwäschereigesetz, or the Money Laundering Act, is the main AML-compliance legislation. The money-laundering offence is contained in the Penal Code.
Germany successfully implemented the Third EU Money Laundering Directive on 13th August, 2008 through the Gesetz zur Ergänzung der Bekämpfung der Geldwäsche und der Terrorismusfinanzierung (Geldwäschebekämpfungsergänzungsgesetz – GwBekErgG). The Act came into force on 21st August, 2008. However, German AML law saw a major overhaul in financial crime regulation in December 2011, with the introduction of GwG (the AML Act).
A further revision will be required to fully comply with the revised EU Money Laundering Directive (see Chapter 4).
The 2009 FATF assessment noted that the anti-money-laundering and counter-terrorist-financing framework operating in Germany was not fully in line with the then current FATF Recommendations, which have themselves subsequently been revised.
The FATF identified weaknesses in the legal framework and in sanctioning for non-compliance with the FATF anti-money-laundering and counter-terrorist-financing recommendations. It further highlighted a number of factors specific to Germany, such as its large economy and financial centre and 400–560 billion euro informal (cash) sector, which make the country susceptible to money laundering. However, it also highlighted that Germany's strong legal tradition, the rule of law, its political environment and having an effective single financial regulator all reduce the risk of the German financial system being used for money laundering or terrorist financing.
In Germany, the fight against money laundering and adherence to the Money Laundering Act is the responsibility, primarily, of the Federal Department of the Interior.
The Federal Criminal Police Office incorporates the financial intelligence unit (FIU). The German FIU releases annual reports on money laundering, which include statistics and information. The FIU is also responsible for enforcing anti-money-laundering rules. The Bundesrechtsanwaltskammer is obliged to transmit the information including its own comments to the public prosecutor and also to a special anti-money-laundering office of the German Federal Police (Bundeskriminalamt).
The FIU has certain specific responsibilities identified under the AML Act:
The Federal Financial Supervisory Authority (BaFin) brings together under one roof the supervision of banks and financial services providers, insurance undertakings and securities trading. It is an autonomous public-law institution and is subject to the legal and technical oversight of the Federal Ministry of Finance. It is funded by fees and contributions from the institutions and undertakings under its supervision.
According to Section 261 of the Penal Code, money laundering is committed by anybody who “hides an object which is a proceed of an unlawful act, conceals its origin or obstructs or endangers the investigation of its origin, its being found, its confiscation, its deprivation or its being officially secured”. Any third party or assistant can also be punished, as can anyone who attempts this.
The penalty for money laundering is imprisonment from three months to five years. In especially serious cases the punishment shall be imprisonment from six months to ten years. An especially serious case exists, as a rule, if the perpetrator acts professionally or as a member of a gang which has been formed for the continued commission of money laundering.
Anyone who recklessly does not recognise that the subject derives from an unlawful act shall be punished with imprisonment not exceeding two years or a fine.
The AML Act applies to a large number of institutions, including, but not exclusive to:
Firms are required to be able to demonstrate to the authorities that the extent of the measures adopted by them is appropriate in view of the risks of money laundering and terrorist financing.
The new AML law re-introduced the requirement for the appointment of an MLRO. The MLRO must be a senior member of the company, and acts as the contact for the law-enforcement agencies and other authorities. A deputy should be appointed to take responsibility whenever the MLRO is absent.
The Money Laundering Reporting Officer shall have unrestricted access to all information, data, records and systems which may be required to perform their duties. The extent of the use of data and information by the MLRO shall only be to the extent that is necessary to enable the MLRO to perform their tasks. The MLRO must also be granted sufficient powers to enable them to carry out their functions.
German due diligence consists of four parts:
These provisions must be met:
If these requirements are not met, the business relationship has not been established and no transaction should be performed by the firm. If a business relationship already exists, the requirement is that it must be terminated. How this would then be achieved without tipping off the customer is a matter open to debate!
In fulfilling the CDD requirements, the entity should have regard to the risk posed by the customer, relationship or proposed transaction. The entity should be able to demonstrate, on request, that the scope of the measures taken by it regarding the risks of money laundering and terrorist financing is reasonable.
If the customer is a natural person, the following information should be ascertained:
This should be verified by a valid official identification document containing a photograph of the holder and a passport and ID card. The passport and ID card should be German.
For a company, the following information should be ascertained:
For any other legal person or a partnership:
This information should be verified based on an extract from the trade register or a cooperative or a comparable official register or list, by the founding documents or equivalent probative documents, or by inspection of the relevant register.
Obligators must always make reasonable efforts to ensure the identity of the beneficial owners is ascertained.
Obligators can carry out simplified CDD if they identify a low risk of money laundering. Low-risk entities include:
If the customer is not physically present, a valid official identification document containing a photograph of the holder and a passport and ID card are required, or a certified copy of each.
Any other suspicious transactions must be monitored.
This, again, is an easy requirement to state in regulation but clearly impacts the online development of German banks. There are other means available to the firm to obtain confirmation and the use of the risk-based approach does provide a limited safe harbour in this respect. However, any firm that is wilfully failing to obtain the information required will clearly be taking a level of additional risk which might be considered unacceptable.
Where the customer or the beneficial owner is a PEP, the following shall apply:
Firms are obliged to incorporate internal safeguards, such as:
This final requirement is perhaps more stringent than applies in other jurisdictions and would normally rely on work conducted either by the risk-management function or the internal audit function. Given that the internal audit requirements globally have been extended to also incorporate reliability, these financial crime requirements might be considered to fit within such a framework.
Regulated entities are required to implement procedures and programmes to inform the employees about:
The above should be implemented through appropriate measures. Generally, we would recommend that any such training includes a short examination to ensure that staff have achieved the learning objectives set.
Records of all identification documentation and other documents used to complete CDD must be kept.
The records can be stored as reproductions on an image carrier or on other media. The data stored should not be altered during the retention period, and should be available in a readable format within a reasonable period.
The records referred to above and other evidence of business relationships and transactions should be kept for at least five years. The retention period in the case of establishing a business relationship begins at the end of the calendar year in which the business relationship ends. In other cases (e.g. one-off transactions), the period begins at the end of the calendar year in which the transaction occurred.
If there is any reason for suspicion that the assets involved in a transaction or business relationship have been acquired through money laundering or terrorist financing, the reporting entity must, regardless of the value of the assets involved, report this to the FIU. This report should be made immediately, by telephone, fax or electronic transmission.
The transaction should not be commenced or continued without permission from the authorities, unless two business days have passed since the submission of the report. If the transaction cannot be postponed before a report is submitted, the report must be submitted as soon as possible.
Breach of the AML requirements is punishable by a fine of up to one hundred thousand euros.
A recent German case reached an anti-climatic conclusion when the statute of limitations time barred a six-year investigation into a $150 million money-laundering case. The case involved four German banking executives and a Danish lawyer who had been assisting a former Russian government minister selling assets which he was alleged to have control of through offshore companies, thereby concealing the identity of the true owner.
The assets were held by the bank in trust for the lawyer, but German prosecutors alleged that the true owner was the former Russian minister, through a complicated corporate structure designed to conceal a transfer from State to private ownership.
Prosecutors offered to resolve the case by accepting payments ranging from EUR 5,000 to EUR 40,000 from four of the defendants, who all maintained their innocence, because the investigation was soon to be time-barred by the statute of limitations. When you consider that it is suspected that $150 million was laundered over a number of years, the settlements seem relatively generous.
Despite the outcome of the investigation, this case highlights the need for financial institutions to investigate thoroughly the beneficial owner of assets, particularly when complex corporate structures are employed. Additionally, it also illustrates how vital international cooperation is to successful AML investigations, particularly when funds are being moved cross-border. There has been some speculation as to whether a lack of coherence between German and Russian authorities may have caused the delays which ultimately scuppered this investigation, so it is important for financial institutions to consider their relationships with the other countries involved when assessing the risk attributed to their clients.
The scope of the Guernsey money-laundering-deterrence programme is wide – rather than specifying particular businesses or industries, it applies to “all financial services businesses”. The Bailiwick of Guernsey has a strong money-laundering-deterrence regime, although at times it has been criticised for relying too much on foreign law-enforcement agencies.
It is always worth remembering that Guernsey, just like Jersey, Alderney and Sark, is not a member of the EU and therefore does not have to comply with European legislation.
The primary money-laundering legislation in Guernsey is the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law 1999. The compliance legislation is found in the Criminal Justice (Proceeds of Crime) (Financial Services Businesses) (Bailiwick of Guernsey) Regulations 2007, which were last updated in 2010, and the supplementary AML Handbook. The latest version of the handbook was released in April 2013.
Several major revisions have been made to the AML framework in Guernsey as it attempts to move forward with the rest of the world's integrated financial structures and confirm its commitment to legislating in line with current developments.
The full list of relevant legislation referred to in the Guernsey AML Handbook is as follows:
The Commission has written to the managing directors of all financial services businesses, seeking comments on proposed changes to the AML framework, including a substantial amount of the AML legislation and regulations. These consultations closed in July 2012, but the outcome had not been announced at the time of finalisation of this text.
Guernsey is not a member of the FATF. However, it is a member of the Group of International Finance Centre Supervisors (GIFCS), a body that is an observer to the FATF. The GIFCS conducts evaluations of its members' anti-money-laundering and counter-terrorist-financing systems.
The IMF conducted an assessment of Guernsey's compliance with the FATF AML standards in 2010. It found that:“Guernsey's comprehensive AML/CFT legal framework provides a sound basis for an effective AML/CFT regime. Most shortcomings identified during the assessment are technical in nature. Some of these deficiencies were addressed by the authorities immediately after the onsite visit. Money laundering and the financing of terrorism are criminalized fully in line with the FATF standard and the legal framework provides an ability to freeze and confiscate assets in appropriate circumstances. As of the assessment date [2010], there had been no prosecutions or convictions for terrorist financing.”
The primary regulator is the Guernsey Financial Services Commission (GFSC). The GFSC supervises financial entities and publishes reports on AML in Guernsey. The IMF noted in 2010 that the GFSC has adequate authority and powers to supervise financial institutions, including money transfer systems, with respect to compliance with existing AML/CFT laws, regulations and rules.
However, powers to sanction financial institutions for non-compliance, particularly the regime for applying discretionary financial penalties, could be enhanced to ensure that the penalties are dissuasive and proportionate to the severity of the violation or level of non-compliance.
The following are recognised as criminal offences in Guernsey:
The penalty for any of the first three offences in the above list is a maximum of 14 years' imprisonment and/or an unlimited fine. The penalty for either of the final two offences is five years' imprisonment and/or a fine.
Guernsey's anti-money-laundering and countering the financing of terrorism (AML/CFT) legislation (and, by extension, the handbook) applies to all financial services businesses conducting financial services business in Guernsey. This includes Guernsey-based branches and offices of companies incorporated outside Guernsey conducting financial services business in Guernsey.
On direction from the relevant authorities, Guernsey has adopted a risk-based approach. A financial services business must:
The requirements for a Money Laundering Reporting Officer (MLRO) are set out under The Criminal Justice (Proceeds of Crime) (Financial Services Businesses) (Bailiwick of Guernsey) Regulations. An MLRO is defined as a manager, partner or director who is:
In addition to this, the MLRO must:
The obligation on the firm is to appoint a person of at least management level as the Money Laundering Reporting Officer and to provide the name and title of that person to the Commission and the Financial Intelligence Service as soon as is reasonably practicable. In any event, reporting must be within 14 days starting from the date of that person's appointment.
They are also required to nominate another person (“nominated officer”) to receive disclosures in the absence of the Money Laundering Reporting Officer, and ensure that any relevant employee is aware of the name of that nominated officer.
Firms must ensure that where a relevant employee is required to make a disclosure, that this is done by way of a report to the Money Laundering Reporting Officer, or, in their absence, to a nominated officer.
Firms must also ensure that the Money Laundering Reporting Officer, or in their absence a nominated officer, in determining whether or not he is required to make a report to the authorities, takes into account all relevant information. The MLRO or nominated officer must be given prompt access to any other information which may be of assistance to them in considering any report.
Finally, there is a requirement for the firm to ensure that it establishes and maintains such other appropriate and effective procedures and controls as are necessary to ensure compliance with requirements to make disclosures.
The purpose of the CDD programme is to establish that any customer, beneficial owner or underlying principal is the person that he claims to be. This has two elements – the entity must be satisfied that:
CDD should be carried out when:
The procedures required to be conducted are as follows:
Generally, there is an obligation on a financial services business to have regard to any relevant rules and guidance in the handbook in determining what constitutes reasonable measures.
A financial services business must collect relevant identification data on an individual, which includes:
In order to verify the legal name, address, date and place of birth, nationality and official personal identification number of the individual, the following documents are considered to be the most reliable, in descending order of acceptability:
The examples quoted above are not the only possibilities.
One or more of the following is considered acceptable to verify the identity of a company:
If a financial services provider identifies a client as low risk, it may apply simplified CDD. A financial services business must obtain, at a minimum, the following information in relation to an individual customer:
Where a financial services business is required to carry out customer due diligence, it must also carry out enhanced customer due diligence in relation to the following business relationships or occasional transactions:
Enhanced CDD includes:
A financial services business must ensure that it takes adequate measures which include one or more of the following:
In relation to correspondent relationships for banking and those established for securities transactions or funds transfers, whether for the financial services business as principal or for its customers, a financial services business must take additional steps in relation to CDD. A firm must:
Where a correspondent relationship involves the maintenance of “payable-through accounts”, a financial services business must also take steps so that it is satisfied that:
Financial services businesses must ensure that appropriate and effective policies, procedures and controls are in place when establishing correspondent relationships with foreign banks and other institutions.
A financial services business must:
Reporting entities are required to ensure a detailed approach that does not omit data that could prove useful for future transactions or reference. The requirements are as follows:
The extent of any monitoring carried out under this regulation and the frequency at which it is carried out shall be determined on a risk-sensitive basis including whether or not the business relationship is a high-risk relationship.
The requirement to conduct ongoing CDD ensures that a financial services business is aware of any changes in the development of the business relationship. The extent of the ongoing CDD measures must be determined on a risk-sensitive basis, but a financial services business must bear in mind that as the business relationship develops, the risk of money laundering or terrorist financing may change.
The Regulations provide that a financial services business is required to maintain appropriate and effective procedures, when hiring employees, for the purpose of ensuring high standards of employee probity and competence.
A financial services business is also required to ensure that relevant employees receive comprehensive ongoing training in:
In addition, a financial services business must, in ensuring that relevant employees receive the ongoing training required under the Regulations, in particular ensure that they are kept informed of:
A financial services business must, in providing the training required under the Regulations:
The board and senior management are responsible for the effectiveness and appropriateness of the financial services business policies, procedures and controls to counter money laundering and terrorist financing. In addition to the general training provided to relevant employees, a detailed level of additional training must be provided to the board and senior management to provide a clear explanation and understanding of:
The frequency of training should be determined on a risk-based approach, with those employees with responsibility for the handling of business relationships or transactions receiving more frequent training.
An entity must maintain:
All transactions carried out on behalf of, or with, a customer in the course of business, both domestic and international, must be recorded by the financial services business. In every case, sufficient information must be recorded to enable the reconstruction of individual transactions so as to provide, if necessary, evidence for prosecution of criminal activity. For transactions, documentation is maintained which must include:
A financial services business must maintain:
Training records must include:
These records must be kept for five years starting from:
Documents and customer due diligence information, including any copies thereof, kept under this regulation may be kept in any manner or form, provided that they are readily retrievable, and must be made available promptly to any police officer, the Financial Intelligence Service, the Commission or any other person where such documents or customer due diligence information are requested pursuant to these Regulations or any relevant enactment.
A financial services business must, in addition to complying with the preceding requirements of these Regulations:
A financial services business must also ensure that there are appropriate and effective policies, procedures and controls in place which provide for the board to meet its obligations relating to compliance review, in particular the board must:
The board may delegate some or all of its duties but must retain responsibility for the review of overall compliance with AML/CFT requirements.
Monitoring of the activity of a business relationship must be carried out on the basis of a risk-based approach, with high-risk relationships being subjected to an appropriate frequency of scrutiny, which must be greater than may be appropriate for low-risk relationships. Scrutiny of transactions and activity must be undertaken throughout the course of the business relationship to ensure that the transactions and activity being conducted are consistent with the financial services business's knowledge of the customer, their business, source of funds and source of wealth. When monitoring complex, unusual and large transactions or unusual patterns of transactions, a financial services business must examine the background and purpose of such transactions and record such findings in writing.
Information contained in internal reports made to an MLRO must be disclosed to the FIS where the MLRO knows or suspects, or has reasonable grounds for knowing or suspecting as a result of the report, that a person is engaged in money laundering or terrorist financing.
It is a criminal offence for anyone employed by a financial services business to fail to report, where they have knowledge, suspicion or reasonable grounds for knowledge or suspicion, that another person is laundering the proceeds of any criminal conduct or is carrying out terrorist financing.
What may constitute reasonable grounds for knowledge or suspicion will be determined from facts or circumstances from which an honest and reasonable person engaged in a financial services business would have inferred knowledge or formed the suspicion that another was engaged in money laundering or terrorist financing.
Any person who contravenes any requirement of the Regulations shall be guilty of an offence and liable:
The same penalties apply to anybody who makes a dishonest or misleading statement in purported compliance with the Regulations.
It emerged during investigations into another criminal, “X”, that some of the proceeds of a $12 million fraud had been laundered through the defendant's bank account. The defendant initially denied all knowledge of any criminal proceeds. He said that the relationship between X and himself was purely professional, and that although he had deposited money from X into his bank account, these transfers involved legitimate commission X had earned and the defendant made no money out of this. He also, in a somewhat contradictory manner, admitted to receiving a large personal loan from X. The police advised him to distance himself from X, as X was believed to be a criminal. The defendant was also warned that he was in danger of being prosecuted himself.
However, this warning fell on deaf ears. Immediately afterwards, the defendant attempted to open another account in Switzerland through one of his companies, with X as the signatory. He then made various payments to himself and X over the following years, including through an account in Jersey after his Guernsey account was frozen. During this time, he maintained contact with X, as well as attempting to unfreeze the Guernsey account for X's benefit.
X was convicted of 33 counts of criminal deception in February 2006. The defendant, however, was not arrested until December 2009, when he claimed that the payments to himself and X were reimbursements of legitimate expenses incurred at X's request, payments at X's own request or repayments on the large loan X had granted him. However, he did admit, after seeing the police's evidence, that he suspected X was involved in fraud.
Following numerous years of investigation and confiscation proceedings, the defendant was charged with money laundering in November 2009. He was convicted and sentenced to two and a half years' imprisonment.
This case illustrates the need for constant monitoring of customer relationships by financial institutions, particularly between clients with seemingly legitimate professional relationships. It would have been easy for a bank to take its eye off the ball when the police investigation had started, but in this case the transactions which ultimately led to the conviction actually occurred after the police had warned the defendant of the trouble he was getting himself into. Ongoing monitoring is therefore essential to a bank's AML policy.
Hong Kong has recently implemented specific money-laundering-deterrence legislation, prior to which the AML requirements were contained in various articles incorporated within drug-trafficking legislation. Having also submitted two progress reports since the last Financial Action Task Force (FATF) assessment, Hong Kong is committed to bringing its AML regime into line with worldwide standards.
The current law operating in Hong Kong is Cap 615 – Anti-Money Laundering And Counter-Terrorist Financing (Financial Institutions) Ordinance. This is supplemented by guidelines which were last updated in July 2012.
The Drug Trafficking (Recovery of Proceeds) Ordinance Cap 405 (DTROP) came into force in 1989, followed by the Drug Trafficking and Organised Crime (Amendment) Ordinance 2002. 1994 saw the enactment of the Organised Serious Crime Ordinance Cap 455 (OSCO).
In 2002, United Nations (Anti Terrorism Measures) Ordinance Cap 575 (UNATMO) was brought into force in accordance with the mandatory requirements of UN S/RES/1373 (2001).
On 22nd February, 2012, the Hong Kong government introduced the UNATMO Bill into the Hong Kong Legislative Committee for its first reading. Specifically, the UNATMO Bill aimed to amend Hong Kong's existing United Nations (Anti-Terrorism) Ordinance Cap 575 (UNATMO) by:
The Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance Cap 615 was introduced on 1st April, 2012 and represented a major overhaul of AML law in Hong Kong. The latest guidelines were introduced in July 2012.
The 2012 guidelines reiterate that the four main pieces of legislation in Hong Kong that are concerned with ML/TF are the AMLO, the Drug Trafficking (Recovery of Proceeds) Ordinance (the DTROP), the Organised and Serious Crimes Ordinance (the OSCO) and the United Nations (Anti-Terrorism Measures) Ordinance (the UNATMO).
The 2008 mutual evaluation found that Hong Kong has a good legal structure to combat money laundering (ML) and terrorist financing (TF), and that the ML offence is broad and almost fully meets the FATF requirements. However, there were some weaknesses in the compliance provisions, such as the PEP provisions for certain financial institutions.
Since the 2008 report on Hong Kong, Hong Kong has submitted two progress reports to the FATF on improvement actions taken or planned by Hong Kong to implement the FATF's earlier recommendations. In October 2012, the FATF recognised that Hong Kong had made significant progress in addressing the deficiencies identified in the 2008 Mutual Evaluation Report. The FATF agreed that Hong Kong, China should now report on any further improvements to its anti-money-laundering/combating the financing of terrorism (AML/CFT) system on a biennial update basis, essentially removing it from the regular follow-up process based on updated procedures agreed by the FATF in October 2009.
The next review should be conducted in 2014 to assess how effectively Hong Kong has implemented the Recommendations (including the latest changes).
The HKMA is the government authority in Hong Kong responsible for maintaining monetary and banking stability. Its main functions are:
This commission (the SFC) has a variety of regulatory functions, including monitoring and enforcing the law against criminal conduct in the securities market.
Pursuant to the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance, which came into force on 1st April, 2012, the SFC, the HKMA and the new Insurance Authority and the Customs and Excise Department will be the designated authorities to supervise financial institutions' compliance with the new statutory customer due diligence and record-keeping requirements.
This Commission is the principal agency responsible for investigating and preventing corruption in Hong Kong. It has three departments:
The Narcotics Bureau, the Organised Crime and Triad Bureau of the Police and the Customs Drug Investigation Bureau of the Hong Kong Customs and Excise Department, which are all departments of the Hong Kong Police Force, investigate money-laundering offences under the Drug Trafficking (Recovery of Proceeds) Ordinance (DTROP) and the Organised and Serious Crimes Ordinance (OSCO).
The term “money laundering” is defined in Section 1 of Part 1 of Schedule 1 to the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance, Cap. 615 (the AMLO), and means an act intended to have the effect of making any property:
appear not to represent such proceeds.
The definition of terrorist financing was amended in 2012.
The term “terrorist financing” is defined in Section 1 of Part 1 of Schedule 1 to the AMLO and means:
The key change in this section from previous legislation is that the word “property” has been used to replace the word “funds”, consequently expanding the scope of the legislation.
A safe harbour defence arises for those submitting suspicious transaction reports to the JFIU. A person may deal with suspected proceeds, whether before or after making a suspicious transaction report, where a suspicious transaction report is made, providing that:
If no suspicious transaction report has been made, it will be a defence if the accused can show:
The guidelines apply to financial institutions.
Financial institutions should determine the extent of customer due diligence (CDD) measures and ongoing monitoring, using a risk-based approach, depending upon the background of the customer and the product, transaction or service used by that customer. This will ensure that the preventive or mitigating measures are commensurate with the risks identified. The measures must, however, comply with the legal requirements of the AMLO.
This approach will enable financial institutions to subject customers to proportionate controls and oversight by determining:
Financial institutions are required to appoint a Compliance Officer (CO) and a Money Laundering Reporting Officer (MLRO). These functions can be performed by the same person.
In order that the CO and MLRO can discharge their responsibilities effectively, senior management should, as far as practicable, ensure that the CO and MLRO are:
The principal function of the CO is to act as the focal point within a financial institution for the oversight of all activities relating to the prevention and detection of ML/TF and providing support and guidance to the senior management to ensure that ML/TF risks are adequately managed. In particular, the CO should assume responsibility for:
The MLRO should play an active role in the identification and reporting of suspicious transactions. Principal functions performed are expected to include:
It is the responsibility of the MLRO to consider all internal disclosures he receives in the light of full access to all relevant documentation and other parties. However, the MLRO should not simply be a passive recipient of ad hoc reports of suspicious transactions. Rather, the MLRO should play an active role in the identification and reporting of suspicious transactions.
CDD must be carried out:
A financial institution may verify the identity of a customer and any beneficial owner of the customer after establishing a business relationship with the customer if:
A financial institution must complete the verification as soon as reasonably practicable after establishing the business relationship.
If a financial institution cannot comply with the CDD requirements, it:
Financial institutions should collect the following identification information in respect of personal customers who need to be identified:
A customer's identity should be verified on the basis of documents, data or information provided by:
If a business relationship is to be established, information on the purpose and intended nature of the business relationship with the financial institution must be obtained, unless the purpose and intended nature are obvious.
A financial institution should obtain and verify the following information in relation to a customer which is a corporation:
A financial institution should record the names of all directors and verify the identity of directors on a risk-based approach. Additionally, it should:
This should be verified by a search of files at the Hong Kong Company Registry and the firm obtaining a company report.
If there is a beneficial owner in relation to the customer, the entity should take reasonable measures to verify the beneficial owner's identity so that the financial institution is satisfied that it knows who the beneficial owner is, and, where the customer is a legal person or trust, that it understands the ownership and control structure of the legal person or trust.
Except for high-risk customers, if an individual is a beneficial owner of a customer, the financial institution is not required to verify the identity of the individual unless the individual has 25% of the ownership, voting rights or control of the customer.
If a person purports to act on behalf of the customer, the entity should identify the person and take reasonable measures to verify the person's identity on the basis of documents, data or information provided by:
It should also verify the person's authority to act on behalf of the customer.
If a customer is a specified low-risk customer under the AMLO, an entity may carry out a reduced level of CDD. This only requires identifying the customer on the basis of documents, data or information as listed above, without requiring the verification of the documents.
If:
the financial institution must, in monitoring its business relationship with the customer under this section, take additional measures to compensate for any risk of money laundering or terrorist financing.
If a customer has not been physically present for identification purposes, a financial institution must carry out at least one of the following measures:
Once an entity becomes aware that a customer or a potential customer is a PEP, it should, before establishing or continuing a business relationship:
A financial institution must not open, or maintain, any anonymous account or account in a fictitious name for any customer.
Before establishing a correspondent banking relationship with a proposed respondent bank, the firm must:
The information to be collected should include, but is not limited to:
Information on the authorisation status and other details of a proposed respondent bank, including the system of bank regulation and supervision in its country, may be obtained through publicly available information. An authorised institution should consider such publicly available materials to ascertain whether the proposed respondent bank has been the subject of any ML/TF-related investigation or adverse regulatory action in the recent past.
An authorised institution must not establish a correspondent banking relationship with a proposed respondent bank unless it has obtained approval from its senior management. Providing that there is a formal delegation of authority which is properly documented, firms may use a risk-based approach to determine the appropriate level of approval within the firm that is required for establishing new correspondent banking relationships.
An authorised institution must not establish a correspondent banking relationship unless it is satisfied that the AML/CFT controls of the proposed respondent bank are adequate and effective. Authorised institutions must document their responsibilities and the responsibilities of the proposed respondent bank. This would be expected to include the responsibilities relating to AML/CFT.
An authorised institution should not establish or continue a correspondent banking relationship with a shell bank, and should also take appropriate measures to ensure that it does not enter into or continue a correspondent banking relationship with a bank which is known to permit its accounts to be used by a shell bank.
Financial institutions must continuously monitor their business relationships with customers by:
Financial institutions must establish, maintain and operate appropriate procedures in order to be satisfied of the integrity of any new employees.
Financial institutions should establish and maintain procedures to ensure that:
Staff should be made aware of:
Additionally, specific training could be given depending on the role of the employee. Financial institutions should monitor the effectiveness of the training by testing staff and monitoring compliance with the systems which are in place.
In relation to each of its customers, a financial institution must keep:
throughout the continuance of the business relationship with the customer and for a period of six years beginning on the date on which the business relationship ends.
For all types of record, if the record consists of a document, either the original of the document must be kept or a copy of the document must be kept either on microfilm or in the database of a computer. If the record consists of data or information, a record of the data or information must be kept either on microfilm or in the database of a computer.
A financial institution must keep the original or a copy of the documents, and a record of the data and information, obtained in connection with the transaction for a period of six years beginning on the date on which the transaction is completed, regardless of whether the business relationship ends during that period.
The following is a (non-exhaustive) list of examples of situations that might give rise to suspicion in certain circumstances:
All suspicious activity should be reported to the MLRO and must be documented (in urgent cases this may follow an initial discussion by telephone). The report must include the full details of the customer and as much information as possible giving rise to the suspicion. The MLRO must acknowledge receipt of the report and at the same time provide a reminder of the obligation regarding tipping off. The tipping-off provision includes circumstances where a suspicion has been raised internally, but has not yet been reported to the JFIU. The MLRO then assesses the situation with regard to all the circumstances.
If, after completing the evaluation, the MLRO decides that there are grounds for knowledge or suspicion, he should disclose the information to the JFIU as soon as it is reasonable to do so after his evaluation is complete, together with the information on which that knowledge or suspicion is based. Providing they act in good faith in deciding not to file an STR with the JFIU, it is unlikely that there will be any criminal liability for failing to report if an MLRO concludes that there is no suspicion after taking into account all available information. It is, however, vital for MLROs to keep proper records of their deliberations and actions taken to demonstrate they have acted in a reasonable manner.
Generally, if a financial institution breaches the regulations, the sanctions in Hong Kong are:
If a financial institution fails to comply with an order to take remedial action made under subsection (1), the relevant authority may further order the financial institution to pay a daily pecuniary penalty not exceeding $100,000 for each day on which the failure continues after the date specified in the order as being the date by which the remedial action must be taken.
If a financial institution or any of its officers knowingly breaches the CDD requirements, the financial institution commits an offence and is liable:
If a financial institution or any of its officers, with intent to defraud any relevant authority, breaches the CDD requirements, the financial institution commits an offence and is liable:
If a person who is an employee of a financial institution or is employed to work for a financial institution or is concerned in the management of a financial institution knowingly causes or knowingly permits the financial institution to breach the CDD requirements, the person commits an offence and is liable:
If a person who is an employee of a financial institution or is employed to work for a financial institution or is concerned in the management of a financial institution, with intent to defraud the financial institution or any relevant authority, causes or permits the financial institution to breach the CDD requirements, the person commits an offence and is liable:
Sections 25A of the DTROP and the OSCO make it an offence to fail to disclose where a person knows or suspects that property represents the proceeds of drug trafficking or of an indictable offence respectively. Likewise, Section 12 of the UNATMO makes it an offence to fail to disclose knowledge or suspicion of terrorist property. Under the DTROP and the OSCO, failure to report knowledge or suspicion carries a maximum penalty of three months' imprisonment and a fine of $50,000.
In the early 1990s, the ICAC conducted an undercover investigation into bribery and corruption at the Television and Entertainment Licensing Authority. Following suspicions of corruption, an undercover agent joined the organisation to find evidence of corruption from the inside. After a number of months working for the TELA, the agent found himself befriending various senior members of the company, who revealed the scale of corruption within the organisation. In one instance, the agent arrived at work to find a $30,000 watch on his desk, which was indicative of the way business was being done. Bribes were being given to members of TELA to forge the requisite documents, which were then approved by the two most senior members of the organisation – who were running the whole corruption ring.
The bribes were paid through a middle man. The first half was paid when the application was submitted, with the balance being paid when it was approved. By employing a middle man, there was no need for the two leaders to ever meet the beneficiary, or even for the parties to find out each other's identities. Furthermore, because all of the bribes were settled in cash, there was never any record of them, making them virtually impossible to trace. For these reasons, it took a nine-month undercover investigation to secure convictions against the guilty parties.
Hong Kong authorities convicted 166 people of money laundering in 2012. There have been two recent court cases in which a young delivery man from Guangdong province and a 61-year-old Hong Kong public housing tenant received jail terms of about ten years for laundering billions of dollars.
In another case in September 2012, a woman was convicted of money laundering in Hong Kong. She was the accounting manager of a company which, between August 2002 and March 2004, forged the sales figures by $300 million by submitting false overseas sales invoices. She used a circulation fund of $68 million transmitted through her own account to generate false sales. This highlights the need for financial institutions to thoroughly investigate the source of funds of their clients, as well as to conduct ongoing monitoring. This may have indicated that the funds were originating from one account.
As a leader among the emerging economies in Asia with a strongly growing economy and demography, India faces a range of money-laundering and terrorist-financing risks. The main sources of money laundering in India result from a range of illegal activities committed within and outside the country, mainly drug trafficking, fraud, including counterfeiting of Indian currency, transnational organised crime, human trafficking and corruption.
India is considered a drug-transit country due to its strategic location between the countries of the Golden Triangle and the Golden Crescent. India is the world's largest producer of legal opium gum for pharmaceutical preparations, but it is estimated that between 20 and 30% of the opium crop is diverted. The illicit cultivation is believed to be mainly located in the areas of Arunachal Pradesh and Himachal Pradesh in the north of India.
The Prevention of Money Laundering Act 2002 (PMLA) forms the core of the legal framework put in place by India to combat money laundering. The PMLA and the Rules notified thereunder came into force with effect from 1st July, 2005, and there were amendments in 2009. Circular DBOD.NO.AML.BC.58/14.01.001/2004–05, dated 29th November, 2004, provides additional KYC guidance for banks.
It has been reported that further amendments were drafted in 2011 to expand the scope of the money-laundering legislation, but these were not available at the time of writing.
The AML/CFT regime in India is relatively young. The Prevention of Money Laundering Act 2002 (PMLA) came into force in 2005 and was amended in 2009. The Unlawful Activities (Prevention) Act 1967 (UAPA) was amended in 2004 to criminalise, inter alia, terrorist financing. The UAPA was further amended in December 2008 to broaden its scope and to bring the legislation more in line with the requirements of the United Nations Convention for the Suppression of the Financing of Terrorism (FT Convention).
From mid-2009, India has increased its focus on money laundering and the use of the ML provisions. There are some important and, in some instances, long-standing legal issues, such as the threshold condition for domestic predicate offences, that remain to be resolved. Effectiveness concerns were primarily raised by the absence of any ML convictions.
Recently, India's serious commitment to combating terrorism in all its forms was acknowledged by the FATF. From a law-enforcement perspective, this commitment is reflected in an active pursuit of the financial aspects of terrorism. At the prosecutorial level, an appropriate focus on FT can be observed. At the June 2013 Plenary meeting, the FATF decided that India had reached a satisfactory level of compliance with all of the core and key Recommendations and could be removed from the regular follow-up process.
Financial Intelligence Unit – India (FIU–IND) was set up by the Government of India vide O.M. dated 18th November, 2004 as the central national agency responsible for receiving, processing, analysing and disseminating information relating to suspect financial transactions. FIU–IND is also responsible for coordinating and strengthening efforts of national and international intelligence, investigation and enforcement agencies in pursuing the global efforts against money laundering and related crimes. FIU–IND is an independent body reporting directly to the Economic Intelligence Council (EIC) headed by the Finance Minister.
The main function of FIU–IND is to receive cash/suspicious transaction reports, analyse them and, as appropriate, disseminate valuable financial information to intelligence/enforcement agencies and regulatory authorities. The functions of FIU–IND are:
Section 3 of the Prevention of Money Laundering Act 2002 defines the offence of money laundering as:“Whosoever directly or indirectly attempts to indulge or knowingly assists or knowingly is a party or is actually involved in any process or activity connected with the proceeds of crime and projecting it as untainted property shall be guilty of the offence of money laundering.”
Section 4 of the Prevention of Money Laundering Act 2002 specifies punishment for money laundering as:“Whoever commits the offence of money laundering shall be punishable with rigorous imprisonment for a term which shall not be less than three years but which may extend to seven years and shall also be liable to a fine which may extend to five lakh rupees.”
Where the proceeds of crime involved in money laundering relate to any of the various firearms offences, the provisions of this section shall remain the same, except that the words “which may extend to ten years”, shall replace the words “which may extend to seven years”.
The PMLA and rules apply to banking companies, financial institutions and intermediaries.
Clients should be categorised by firms into low, medium or high risk depending on the characteristics of the relationship.
Banks may prepare a profile for each new customer based on risk categorisation. The customer profile may contain information relating to a customer's identity, social/financial status, nature of business activity, information about their clients' business and their location, etc. The nature and extent of due diligence will depend on the risk perceived by the bank. However, while preparing customer profiles, banks should take care to seek only such information from the customer which is relevant to the risk category and is not intrusive. The customer profile will be a confidential document and details contained therein shall not be divulged for cross selling or any other purposes.
Banks may appoint a senior management officer to be designated as Principal Officer. The Principal Officer shall be located at the head/corporate office of the bank and shall be responsible for monitoring and reporting of all transactions and sharing of information as required under the law. They should maintain close liaison with enforcement agencies, banks and any other institution involved in the fight against money laundering and combating the financing of terrorism.
Every banking company, financial institution and intermediary shall, at the time of commencement of an account-based relationship, identify its clients, verify their identity and obtain information on the purpose and intended nature of the business relationship.
In all other cases, identity should be verified while carrying out:
A “client” shall be taken to mean a person that engages in a financial transaction or activity with a banking company, financial institution or intermediary, and includes a person on whose behalf the person that engages in the transaction or activity is acting.
Documents needed for verification are as follows:
A photograph need not be submitted by a client who does not have an account-based relationship.
An “officially valid document” means a passport, driving licence, Permanent Account Number (PAN) Card, a Voter's Identity Card issued by the Election Commission of India or any other document as may be required by the banking company, financial institution or intermediary.
For a company, the documents needed for verification are as follows:
For a partnership, the documents needed for verification are as follows:
For a trust, the documents needed for verification are as follows:
Every banking company, financial institution and intermediary, as the case may be, shall determine whether a client is acting on behalf of a beneficial owner, identify the beneficial owner and take all reasonable steps to verify their identity.
Within India, the legal definition of “beneficial owner” is the natural person who ultimately owns or controls a client and/or the person on whose behalf a transaction is being conducted, and includes a person who exercises ultimate effective control over a judicial person.
For the purpose of risk categorisation, individuals (other than those of high net worth) and entities whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile, may be categorised as low risk.
Illustrative examples of low-risk customers could be:
In such cases, the policy implemented by the firm may require that only the basic requirements of verifying the identity and location of the customer are to be met. However, under the risk-based approach, the firm should still conduct such work as is considered necessary to confirm that the reduced level of identification is considered sufficient.
Customers that are likely to pose a higher-than-average risk to the bank may be categorised as medium or high risk depending on the customer's background, nature and location of activity, country of origin, sources of funds, client profile, etc.
Banks may apply enhanced due diligence measures based on a risk assessment, thereby requiring intensive “due diligence” for higher risk customers, especially those for whom the sources of funds are not clear. Examples of customers requiring higher due diligence may include:
With the introduction of telephone and electronic banking, accounts are increasingly being opened by banks for customers without the need for the customer to visit the bank branch. In the case of non-face-to-face customers, apart from applying the usual customer identification procedures, there must be specific and adequate procedures to mitigate the higher risk involved.
Certification of all the documents presented may be insisted upon and, if necessary, additional documents may be called for. In such cases, banks may also require the first payment to be effected through the customer's account with another bank which, in turn, adheres to similar Know Your Customer (KYC) standards. In the case of cross-border customers, there is the additional difficulty of matching the customer with the documentation, and the bank may have to rely on third party certification/introduction. In such cases, it must be ensured that the third party is a regulated and supervised entity and has adequate KYC systems in place.
Banks should gather sufficient information on any person/customer of this category intending to establish a relationship and check all the information available on the person in the public domain.
Banks should also verify the identity of the person and seek information about the sources of funds before accepting the PEP as a customer. The decision to open an account for a PEP should be taken at a senior level, which should be clearly spelt out in Customer Acceptance policy. Banks should also subject such accounts to enhanced monitoring on an ongoing basis. The above norms may also be applied to the accounts of the family members or close relatives of PEPs.
Anonymous accounts are prohibited.
Ongoing monitoring is an essential element of any firm maintaining effective Know Your Customer (KYC) procedures. Banks can effectively control and reduce their risk only if they have an understanding of the normal and reasonable activity of the customer, so that they have the means of identifying transactions that fall outside the regular pattern of activity. However, the extent of monitoring will depend on the risk sensitivity of the account.
Banks should pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose. The bank may prescribe threshold limits for a particular category of accounts and pay particular attention to the transactions which exceed these limits.
Transactions that involve large amounts of cash inconsistent with the normal and expected activity of the customer should particularly attract the attention of the bank. Very high account turnover inconsistent with the size of the balance maintained may indicate to a firm that funds are being washed through the account.
High-risk accounts have to be subjected by a firm to intensified monitoring. Every bank should set key indicators for such accounts, taking note of the background of the customer, such as the country of origin, sources of funds, the type of transactions involved and other risk factors. Banks should put in place a system of periodical review of risk categorisation of accounts and the need for applying enhanced due diligence measures.
Banks should ensure that a record of transactions in the accounts is preserved and maintained as required in terms of Section 12 of the PMLA 2002. They should also ensure that transactions of a suspicious nature and/or any other type of transaction notified under Section 12 of the PMLA 2002, are reported to the appropriate law-enforcement authority.
Every banking company, financial institution and intermediary shall maintain records of identity and current address or addresses including permanent address or addresses of its clients, the nature of business of the clients and their financial status.
The records of the identity of clients shall be maintained for a period of ten years from the date of cessation of the transactions between the client and the banking company or financial institution or intermediary.
Every banking company, financial institution and intermediary shall:
Where the Principal Officer of a banking company, financial institution or intermediary has reason to believe that a single transaction or series of transactions integrally connected to each other have been valued below the prescribed value so as to defeat the provisions of this section, such officer shall furnish information in respect of such transactions to the Director within the prescribed time.
The transaction records referred to above shall be maintained for a period of ten years from the date of said transactions between the clients and the banking company, financial institution or intermediary.
The identity records referred to above shall be maintained for a period of ten years from the date of cessation of transactions between the clients and the banking company, financial institution or intermediary.
Every banking company, financial institution or intermediary shall maintain a record of all transactions, including records of:
The records referred to above shall contain all necessary information specified by the regulator to permit reconstruction of individual transactions, including the following information:
The Director may, either on their own judgment or on an application made by any authority, officer or person, call for records and may make such inquiry or cause such inquiry to be made, as he thinks fit.
Every banking company, financial institution and intermediary shall formulate and implement a client identification programme that it considers appropriate to enable it to determine the true identity of its clients as per the requirements under the PMLA.
Every banking company, financial institution and intermediary shall furnish to the FIU–IND information of all suspicious transactions whether or not made in cash.
A suspicious transaction means a transaction, including an attempted transaction, whether or not made in cash which, to a person acting in good faith:
India has set out a series of broad categories that give reason for suspicion. The examples set out as being suspicious transactions in respect of a banking company are as follows:
If the Director, in the course of any inquiry, finds that a banking company, financial institution or an intermediary or any of its officers has failed to comply with the record-keeping provisions, then, without prejudice to any other action that may be taken under any other provisions of this Act, he may, by an order, levy a fine on such banking company or financial institution or intermediary which shall not be less than ten thousand rupees but may extend to one lakh rupees for each failure.
A major bank in India was fined Rs 5 lakh after it was found that it had inadequate KYC procedures in place. The FIU investigated the bank after a report was submitted alleging that Rs 72 lakh in cash had been deposited at the bank by a mystery customer, who then received pay orders, deposited them in multiple accounts and withdrew the cash immediately. The accounts then disappeared as soon as the cash was withdrawn. In response to this, the bank was audited, and the conclusion was reached that Know Your Customer guidelines were not being followed, resulting in the Rs 5 lakh fine.
The Isle of Man, despite not being an FATF member, has a strong money-laundering-deterrence regime which is largely compliant with international standards. It regularly updates its legislation and guidance to retain a strong reputation for AML enforcement.
The Money Laundering and Terrorist Financing Code 2013 provides the current enforceable AML legislation in the Isle of Man. In addition to this, the AML Handbook provides further guidance.
The Isle of Man legislative framework for anti-money laundering and countering the financing of terrorism (AML/CFT) has been in place and effective since 1990. This legislation has been regularly updated to deal with new threats that have emerged. New legislation has strengthened the Isle of Man's defences against all crimes, money laundering and international terrorism, for example, the Criminal Justice (Money Laundering Offences) Act 1998, which amended the Criminal Justice Act 1990, the Proceeds of Crime Act, the Anti-Terrorism and Crime Act 2003 and the Terrorism (Finance) Act 2009.
The recent legislation updated the Proceeds of Crime (Money Laundering) Code 2010 (AML Code) and the Prevention of Terrorist Financing Code 2011 (CFT Code), together referred to as “the Codes”.
Like Guernsey, the Isle of Man is not an FATF member. However, it is a member of the Group of International Finance Centre Supervisors (GIFCS), a body that is an observer to the FATF. The most recent IMF report found that the Isle of Man has brought its AML/CFT preventive measures largely into compliance with the FATF Recommendations, and that all IOM financial institutions are well supervised for AML/CFT purposes. The Financial Crime Unit (FCU), acting as the financial intelligence unit (FIU), performs its role adequately, but will require additional resources. The IOM authorities actively engage in international cooperation.
The Financial Supervision Commission (FSC) is the independent statutory body whose authorisation and functions are laid out in the Financial Services Act 2008. These are as follows:
In addition to this, the Commission's regulatory objectives are:
The Financial Crime Unit is a multi-agency unit, consisting of police and customs officers, police support staff and other government departments such as Internal Audit and HM Attorney General's Chambers. The unit deals with the prevention, detection and investigation of serious financial crime, money laundering and terrorism financing. Within the unit are three distinct teams:
A person commits an offence if they enter into, or become concerned in, an arrangement which they know or suspect facilitates (by whatever means) the acquisition, retention, use or control of criminal property by, or on behalf of, another person.
In addition, a person commits an offence if they:
A person commits the offence of tipping off if:
It should be noted that a person also commits an offence if:
There is a safe harbour available if that person or another person has made a disclosure:
of information that came to that person in the course of business in the regulated sector.
Any entity which carries out a regulated activity, as specified in the Regulated Activities Order 2011, must apply for a licence to be regulated by the FSC. This includes various financial and investment businesses. There are certain exempted businesses under the Financial Services (Exemptions) Regulations 2011.
The Financial Supervision Commission recommends a risk-based approach which is proportionate to the scale of business operations. However, licence holders should avoid rigid internal systems of control as these can encourage the development of a “tick box” mentality that can be counter-productive. Internal systems should require employees to properly consider the risks posed by individual customers and relationships and to react appropriately. When considering how best to monitor customer transactions and behaviour, a licence holder should take into account:
Methods to be considered include:
Licence holders are required to appoint an MLRO and an Officer, but the Commission expects licence holders to appoint the same individual to both of these roles. In essence, the role of the MLRO and the Officer is the same, so MLRO is used as a blanket term.
The MLRO is the person who is nominated to ultimately receive internal reports and who considers any report in the light of all other relevant information for the purpose of determining whether or not it gives rise to knowledge or a suspicion of money laundering and/or terrorist financing.
Licence holders are also required to appoint a Deputy MLRO to cover for any absence of the MLRO. The Deputy MLRO should be of similar status and experience to the MLRO. For the avoidance of doubt, the Deputy MLRO should cover all of the MLRO's responsibilities in their absence, including those under the CFT Code. MLROs and Deputy MLROs should not be placed in any situation of conflict of interest.
In order that they can carry out their responsibilities effectively, the MLRO and Deputy MLRO should:
Licence holders must notify the Commission of the proposed appointment and identity of the MLRO and Deputy MLRO and any subsequent changes.
The responsibilities of the MLRO will normally include:
A risk-based approach to CDD is one that takes a number of discrete steps in assessing the most effective and proportionate way to manage the money-laundering and terrorist-financing risks faced by a licence holder.
The risk assessment of a particular customer will determine:
It will also help to guard against identity theft.
Unless it is obvious from the product being provided, the following must be established:
Identification information that must be collected in respect of all personal customers and other natural persons who need to be identified comprises the following:
For standard and higher-risk customers, an official personal identification number or other unique identifier contained in an unexpired official document must also be obtained.
In the case of legal persons, the following information should also be established:
Information sufficient to establish the source of income or wealth should be obtained for all higher-risk relationships and all other relationships where the type of product or service being offered makes it appropriate to do so because of its risk profile. This will also include where the product or service is not consistent with information held on the customer.
Licence holders can reduce risk by conducting detailed CDD at the outset of the relationship and on an ongoing basis where they know or suspect that the business relationship is with a PEP. Licence holders are required to have in place enhanced CDD measures to address PEP risk.
In particular, enhanced CDD must include:
There should be full documentation of the information collected in line with the above.
Before entering into a business relationship or one-off transaction involving correspondent banking services or other similar arrangements, licence holders must take steps additional to CDD requirements, as follows:
Where correspondent banking services involve a payable-through account, a licence holder must be satisfied that the respondent bank:
Licence holders must not enter into or continue correspondent banking relationships with shell banks. In addition, licence holders must be satisfied that the respondent banks with which they have correspondent banking relationships do not permit their accounts to be used by shell banks.
Entities should have adequate systems to monitor risk on an ongoing basis. Licence holders must monitor the conduct and activities of the customer to ensure that they are consistent with the nature of business, the risk profile, source of funding and estimated turnover that was determined when the relationship was established.
Where the basis of the relationship changes significantly, licence holders must carry out further CDD procedures to ensure that the revised risk and basis of the relationship is fully understood. Ongoing monitoring procedures must take account of these changes.
Licence holders must ensure that any updated CDD information obtained through meetings, discussions or other methods of communication with the customer is recorded and retained with the customer's records. That information must be available to the MLRO.
Training should be structured to ensure compliance with all of the requirements of the applicable legislation at least annually. Each licence holder can tailor its training programmes to suit its own needs and those of its employees to whom it is delivered, depending on size, resources and the type of business it undertakes. In particular, training should cover the following.
Irrespective of seniority, training for all new employees who will be dealing with customers, client companies or their transactions must cover:
This training must be provided prior to them becoming actively involved in day-to-day operations.
Employees who are responsible for opening new accounts, forming new client entities or dealing with new customers must receive relevant training in:
Employees should also be vigilant when dealing with occasional customers or companies established for a single purpose, especially where large cash transactions or bearer securities are involved.
Employees involved in processing deals or transactions must receive relevant training in:
Employees who are managerially responsible for handling customer transactions or business relationships must receive a higher level of training, covering all aspects of AML/CFT procedures including:
The records prepared and maintained by any financial services business must be such that:
Records relating to verification of identity must comprise the evidence itself or a copy of it or, if that is not readily available, information reasonably sufficient to obtain such a copy. Licence holders must retain CDD records, including the supporting evidence and methods used to verify identity, for at least five years after the account is closed or the business relationship ends.
Where a disclosure has been made to a constable with the FCU or a licence holder knows or believes that a matter is under investigation, the licence holder must retain the records for as long as required by the constable.
Licence holders are required to maintain a record containing details of all transactions carried out with, or for, a customer in the course of their regulated business activities.
In every case, transaction records must contain:
Licence holders must ensure that a satisfactory audit trail can be established for AML/CFT purposes and that a financial profile of a suspected account or client company can be established. To satisfy this requirement, the following additional information must be sought, as appropriate, and transaction records retained of:
In order to comply with the Codes, licence holders must retain transaction records for at least five years from the date when all activities relating to the transaction were completed.
Where an STR has been made to a constable with the FCU or a licence holder knows or believes that a matter is under investigation, the licence holder must retain the records for as long as required by the constable.
Licence holders must establish and maintain a register of all money-laundering and financing of terrorism reports made to the MLRO or Deputy MLRO. The register must include details of:
Licence holders must maintain records which include:
It is an offence to fail to disclose, where a person knows or suspects or has reasonable grounds for knowing or suspecting, that a terrorist-financing offence has been committed. Once knowledge or suspicion or reasonable grounds for knowledge or suspicion have been formed, the following general principles must be applied:
It is the responsibility of the MLRO (or, if appropriate, the Deputy MLRO) to consider all internal disclosures he/she receives in light of full access to all relevant documentation and other parties. If, after completing the evaluation, the MLRO decides that there are grounds for knowledge, suspicion or reasonable grounds to suspect money laundering or terrorist financing or attempted money laundering or attempted terrorist financing, he should disclose the information to the FCU as soon as practicable after his evaluation is complete.
Failure to comply with the AML Code is a criminal offence. On summary conviction, the AML Code carries a maximum custodial period of six months or a fine not exceeding £5,000 or both. On conviction on information, it carries a maximum custodial period of two years or a fine or both.
Failure to comply with the CFT Code is also a criminal offence. On summary conviction, the CFT Code carries a maximum custodial period of 12 months or a fine not exceeding £5,000 or both. On conviction on information, it carries a maximum custodial period of two years or a fine or both.
In determining whether an offence has been committed, a court may take account of any relevant supervisory or regulatory guidance which applies to that person and which is given by a competent authority. Failure to comply with the minimum requirements of the handbook may be regarded by the Commission as an indication of:
This may, therefore, result in regulatory action at the discretion of the Commission and, in extreme cases, it may result in revocation of a licence.
A multi-millionaire was sentenced to six years in prison after being convicted of money laundering in the Isle of Man. His business interests included the Miss World competition, and he was listed in the Sunday Times Rich List. The businessman utilised complex international corporate structures to transfer funds from Switzerland to the Isle of Man, with the help of his wife. The money originated from a false accounting scheme, whereby shares in a company were sold at hugely inflated prices on the strength of falsified sales figures and records, meaning that vast sums of money were made on worthless shares. The money was then laundered through Swiss and Isle of Man bank accounts, the value of which ran into millions of pounds. This case illustrates the need for vigilance when money is being moved between jurisdictions, especially when “tax havens” are involved.
According to the US Report on Japan, although the Japanese government continues to strengthen legal institutions to permit more effective enforcement of anti-money-laundering/counter-terrorist-financing (AML/CFT) laws, Japan's compliance with international standards specific to financial institutions is notably deficient. The domestic crime rate in Japan is generally low, although, in common with other countries, the number of prosecutions regarding money-laundering cases is increasing steeply, but this still remains relatively low. The Japanese AML framework does have strengths, but on the whole there are still improvements needed to bring it up to international standards.
The Anti-Drug Special Provisions Law and the Act on Punishment of Organised Crimes outline the money-laundering offences. The Act on Prevention of Transfer of Criminal Proceeds outlines the compliance requirements.
Japan's money-laundering legislation rested heavily on the predicate offences surrounding drug trafficking and other related offences until 1999. This emphasis stemmed from the fact that the main authority was contained in the law concerning Special Provisions for Narcotics and Psychotropic Control. 1999 saw the enactment of The Punishment of Organised Crime, Control of Crime Proceeds and Matters (Act No 136 of 1999).
The most recent legislative developments have been consolidated through the Act on the Prevention of the Transfer of Criminal Proceeds (Act No 22 of 2007). The key current legislation is:
An additional law to prevent diversion of criminal proceeds went into full force on 1st March, 2008. Its primary purpose is to prevent money laundering. Until its implementation, the law covered mainly financial institutions. It now applies to real estate agents, precious metal dealers and jewellers as well as judicial scriveners, administrative scriveners, certified public accountants and licensed tax accountants.
In April 2011, Japan amended its basic AML law, the Criminal Proceeds Act, to improve customer due diligence (CDD) requirements. These requirements came into effect in April 2013.
Furthermore, Japan has not implemented a risk-based approach to AML/CFT, and there is currently no requirement for enhanced due diligence for higher-risk customers, business relationships and transactions. Although the April 2011 amendments to the Criminal Proceeds Act refer to a higher risk, they only require financial institutions to verify a customer's assets and income where there is a suspicion of the use of a false identity. There is no requirement to take into account any risks posed by the business itself. The current regulations also do not authorise simplified due diligence, though there are exemptions to the identification obligation on the grounds that the customer or transaction poses no or little risk of money laundering or terrorist financing.
The 2008 mutual evaluation found that although the ML legal provisions are sound, the CDD and STR requirements as well as the investigations carried out by JAFIC could all be significantly improved.
The Act on Prevention of Transfer of Criminal Proceeds clarified that the National Public Safety Commission (NPSC), which controls the National Police Agency and is aided by it, is responsible for prompt and appropriate collection, arrangement and analysis of suspicious transaction reports filed from specified business operators. The Act also granted the NPSC a function related to the handling of STRs, including their dissemination to foreign FIUs as well as a function to complement supervisory measures against specified business operators. JAFIC (see below) was established within the Organised Crime Department, the Criminal Investigation Bureau of the National Police Agency, as Japan's new FIU to perform these functions.
The Japan Financial Intelligence Center (JAFIC) acts as the Japanese FIU. JAFIC plans and examines the legal system related to AML and provides various measures, such as “the Guideline for Promotion of the Criminal Proceeds Control”. It also participates in discussion of international standards related to AML measures, and produces reports on AML within the country.
JAFIC is in charge of the following tasks provided in the Act on Prevention of Transfer of Criminal Proceeds:
The Anti-Drug Special Provisions Law defines the act of money laundering as a new crime, in that it has such aspects as encouraging further (drug) crimes.
The following acts are criminalised:
According to the Act on Punishment of Organised Crimes, in addition to the acts of disguising, concealing and receiving stipulated in the Anti-Drug Special Provisions Law, managing an enterprise by using criminal proceeds shall be punished as another type of money-laundering crime.
The range of crimes that generate criminal proceeds is stipulated in the attachment to the Act on Punishment of Organised Crimes, to which illicit businesses such as unauthorised entertainment and amusement businesses and unlicensed banking were added in the amendment to the law enforced in July 2011.
Any person who conceals facts concerning the acquisition or disposition of drug offence proceeds, the drug offence proceeds themselves or facts concerning the source of drug offence proceeds is liable to imprisonment for not more than five years or a fine not exceeding JPY 3,000,000, or both. Attempts are punishable by the same sanctions, and any person who intentionally prepares to commit one of these offences is liable to a term of imprisonment not exceeding two years or a fine not exceeding JPY 500,000.
Any person who knowingly receives drug offence proceeds is liable to imprisonment for not more than five years or a fine not exceeding JPY 1,000,000, or both.
A person who disguises facts with respect to acquisition or disposition of crime proceeds or the like, or who conceals crime proceeds or the like shall be imprisoned with labour for not more than five years or fined not more than JPY 3,000,000, or both. The same shall apply to any person who disguises facts with respect to the source of crime proceeds or the like. A person who, with intent to commit this offence, prepares for such offence shall be imprisoned with labour for not more than two years or fined not more than JPY 500,000.
Any person who knowingly receives crime proceeds or the like shall be imprisoned with labour for not more than three years or fined not more than JPY 1,000,000, or both; provided that this shall not apply to a person who receives any property offered for the performance of an obligation under a law or regulation or offered for the performance of an obligation under a contract (such contract shall be limited to that under which a creditor is to offer substantial property interest) at the time of the conclusion of which such person did not know that the obligation under such contract would be performed with crime proceeds or the like.
Drug crime proceeds shall be confiscated. If they cannot be confiscated because, for example, they have already been consumed or the right thereof has been transferred, collection of equivalent value will be ordered. However, the system of confiscation and collection of equivalent value provided in the Act on Punishment of Organised Crime is subject to the discretion of the court, unlike the system provided in the Anti-Drug Special Provisions Law.
At the time of the enactment of the Act on Punishment of Organised Crime, it was stipulated that so-called “crime victim property”, such as proceeds obtained through crime concerning property etc., may not be confiscated in consideration of damage claims by victims. However, the law was partially revised (enforced in December 2006) to enable confiscation in certain cases where the crime is considerably organised or it would be difficult to recover the damage by civil proceedings due to money laundering or other reasons.
Business operators who are required to take the measures outlined in this section are called “specified business operators”, the scope of which is defined in line with the FATF Recommendations as well as in consideration of business practices in Japan. Generally, financial institutions etc. had already been obliged to undertake identical measures by other Japanese legal provisions.
Japan is not at present implementing an AML/CFT risk-based approach, therefore there is no provision mandating enhanced due diligence for customers that pose a higher risk within business relationships and transactions, or authorised simplified due diligence.
Financial institutions are required to conduct CDD when a business relationship begins. In addition to this, there are certain specified transactions requiring CDD:
Regulated entities are required to confirm:
of the customer. In addition, identification of the person who actually carries out the transaction is required.
If they are face to face, presentation of a driving licence, health insurance certificate, etc. is sufficient. Alternatively, presentation of a copy of a certificate of residence or a government-issued document without a photo coupled with sending the documents related to the transaction to the address (which should not need forwarding) written on the personal identification document by postal mail is sufficient.
For non-face-to-face individuals, the personal identification document (or its copy) and the documents related to the transaction should be sent to the address (which should not need forwarding) written on the personal identification document by postal mail to complete CDD.
Regulated entities are required to confirm:
For face-to-face customers, presentation of a certificate of registered matters of the corporation, seal registration certificate, etc. combined with confirmation of the person in charge of the actual transaction is sufficient.
For non-face-to-face corporate CDD, customers must send personal identification documents such as a certificate of registered matters of the corporation, seal, registration certificate, etc., or their copies, as well as the personal identification documents of the person in charge of the actual transaction or their copies to the relevant financial institution. The entity should then send documents related to the transaction to both of the addresses (corporate and personal).
In addition to the identification information outlined above, specified business operators must confirm the following when engaging in certain transactions (generally specified within the regulations) with their customers:
Further, a requirement for the confirmation of assets and income was added to the above for certain transactions exposed to a high risk of money laundering, such as those suspected of identity fraud. It should be noted that this mention of risk does not enable a Japanese entity to make a risk assessment; instead it limits the risk to a suspicion of actual fraud.
The amendment of the Act on Prevention of Transfer of Criminal Proceeds requires entities to develop education and training systems for employees.
Entities should prepare and keep records of identification data and measures taken for CDD for seven years from the day when the transactions were completed or terminated, and prepare and keep records of the dates and details of transactions for seven years.
Entities are required to report transactions that are suspected of being related to criminal proceeds to the competent authority. When conducting a cross-border payment, they should notify the receiving institutions of certain items, such as the name and the account number.
Specified business operators are required to file an STR to a corresponding supervising authority when they suspect, during the course of their business, that assets they have received are criminal proceeds or that their client has committed an offence of concealment of criminal proceeds. Specified business operators are expected to judge whether the concerned transaction is a suspicious transaction with their own knowledge and experience of their industries, taking into account the form of transaction, client attributes, conditions surrounding the transaction and other factors.
Persons who have failed to submit reports or materials, or submit false reports or materials, or who have refused on-site inspections shall be punished with imprisonment with labour for not more than one year or a fine of not more than JPY 3,000,000, or both. A person who violates an order for rectification shall be punished with imprisonment with labour for not more than two years or a fine of not more than JPY 3,000,000, or both.
Moreover, to complement the supervisory function, the National Public Safety Commission is authorised to state its opinion to competent administrative authorities (and make necessary inspections on business operators) when it detects violations.
One of the most prominent cases of financial crime in Japan is known as the “Furikome Fraud”, which cost over 20,000 victims JPY 2.75 billion in 2008. The main financial institutions utilised were remittance transfer service providers, although banks also need to be equally vigilant to this practice.
The fraud was carried about using (usually stolen) mobile telephones, so that the victim did not suspect fraud. A phone call was made to a relative of the victim from their own phone, and the criminal spoke quickly and in generic language (“it's me” was a common opening phrase). The sense of panic in their voice, as well as background noise, created enough worry for the relative to comply with the criminal's instructions, which were to transfer funds into the criminal's bank account. The criminals usually called elderly relatives, some of whom had dementia and many of whom were unfamiliar with modern technology, to further heighten the sense of worry and the need for compliance. The reasons given included settling a parking ticket and avoiding blackmail, and once the funds were transferred, the account was usually closed down shortly afterwards.
Financial institutions have a part to play in preventing this type of fraud. The indicative signs that accounts were being closed down quickly after a transfer was made, with funds being transferred from a wide range of seemingly unconnected private personal (rather than corporate) accounts and funds being transferred from elderly people, can all be caught by ongoing monitoring of clients and their accounts, and implementing effective due diligence procedures to link the criminals to these accounts. The implementation of such procedures will enable the authorities to bring the criminals to justice.
Financial services is a key sector of Jersey's economy, accounting for approximately half of the total economic activity and a quarter of the workforce (approximately 13,400 employed). Financial services expertise and international reputation have been significant in attracting business to Jersey, as has the close working relationship with the UK financial system and the availability of favourable tax arrangements, in a developed, stable and well-regulated jurisdiction. In common with other offshore UK jurisdictions, Jersey is not a member of the EU and therefore has some advantages over other countries.
A substantial proportion (believed to be around 90% in some sectors) of customer relationships are established with non-residents. Arising from the nature of services provided and the typically non-resident, non-face-to-face nature of much of the client relationships, Jersey's financial sector is inherently exposed to the risk of money laundering, but the island has put in place a comprehensive and robust AML/CFT legal framework with a high level of compliance with almost all aspects of the FATF Recommendations.
The Proceeds of Crime Law 1999 outlines the main money-laundering offences. The Money Laundering (Jersey) Order 2008 outlines AML requirements, which are expanded on within the AML Handbook. Minor amendments were made in August 2013 under the Money Laundering (Amendment No. 5) (Jersey) Order 2013.
Several overarching provisions have been implemented to combat money laundering and terrorist financing. The first enactment on the island of Jersey was made in 1988 for money laundering, and in 1990 a further Order addressed terrorist financing. These have all been updated as the money-laundering offence broadened in scope and the culpability for the offence also extended.
The current Money Laundering Order supplements the previous order and preceding main body of law on the Proceeds of Crime.
Jersey is not an FATF member, but observes the FATF requirements through its membership of the Group of International Finance Centre Supervisors (GIFCS).
A 2010 assessment by the Financial Stability Board, in response to a call from the G20, rated Jersey as “demonstrating sufficiently strong adherence” to the relevant international standards. In 2008, the United Kingdom government publicly confirmed that it considered Jersey to have EU-equivalent AML/CFT systems.
The Jersey Financial Services Commission is responsible for the regulation, supervision and development of the financial services industry in Jersey for various financial services. Additionally, the Commission is the supervisory body for those sectors that are subject to regulatory oversight of their anti-money-laundering and countering the financing of terrorism responsibilities.
The Joint Financial Crimes Unit, JFCU, is divided into four sections:
It is an offence to assist another to retain benefit of criminal conduct. This offence is committed by someone who knows or suspects that “A” is a person who is, or has been, engaged in criminal conduct or has benefited from criminal conduct. This is quite a broad scope and so defences for such an offence are probably hard to apply. The offence rests heavily on mere suspicion of criminal conduct.
The following are also money-laundering offences:
There are three separate tipping-off offences:
The Money Laundering (Jersey) Order 2008 applies to a person carrying on financial services business in, or from within, Jersey, and a Jersey body corporate or limited liability partnership (LLP) carrying on financial services business anywhere in the world (a “relevant person”).
The risk-based approach is widely adopted within the Jersey regulations. The 2010 guidelines that appear in the Jersey Financial Services Commission Handbook were written with the express aim of instructing financial service businesses on how they subscribe to the risk-based approach laid down by the FATF. The handbook provides excellent supplementary guidance to the statutory rules.
The law requires firms to appoint both a Money Laundering Compliance Officer (MLCO) and a Money Laundering Reporting Officer (MLRO). The MLCO should ensure that the AML requirements are being complied with, whereas the MLRO should consider reports of suspicious transactions. The two roles can be performed by the same person.
The MLCO is someone who:
The MLRO should:
A relevant person may designate one or more individuals (other than the reporting officer) to whom reports may be made in the first instance, for onward transmission to the reporting officer. They must be of an appropriate level of seniority and have all the necessary access to any records needed to carry out their role.
Under Paragraph 7, a relevant person must give the Commission written notice within one month after the date if:
When an MLRO position is due to become vacant, a member from the board must be appointed on a temporary basis in order to comply with the statutory requirement that all financial businesses must have an MLRO in place at all times.
A relevant person must apply identification measures before the establishment of a business relationship or before carrying out a one-off transaction, or as soon as reasonably practicable after the establishment of a business relationship if it is necessary not to interrupt the normal conduct of business, and there is little risk of money laundering occurring as a result of completing such identification after the establishment of that relationship. They must also apply CDD where they suspect money laundering or they have doubts about the adequacy of the documents previously obtained under CDD measures.
A relevant firm should ascertain the following for all customers:
If the customer poses a standard or higher risk, the following additional information should be obtained:
The information should then be verified in accordance with the following:
A firm is only required to use one identification verification method in such cases.
In this case the firm is required to use at least two identification verification methods.
Again, in such cases at least two identification verification methods must be used.
This information should be verified by the following:
Residential address:
Where the above general identification information methods are not possible, identity may be verified using:
For all legal persons, the following information should be ascertained:
For standard and higher-risk customers, entities should collect this additional information:
The information should then be verified. For lower-risk customers, a minimum of one verification method is sufficient, whereas for standard and higher-risk customers, a minimum of two verification methods should be employed. The methods are:
Firms should also verify the following:
A relevant person should apply enhanced CDD measures using a risk-based approach where:
Enhanced customer due diligence measures mean customer due diligence measures that involve specific and adequate measures to compensate for the higher risk of money laundering.
Enhanced due diligence measures include:
To carry out a transaction for a PEP, the entity must have specific and adequate measures which:
Enhanced CDD must be carried out when the relevant person holds a deposit-taking licence and proposes to establish a correspondent banking relationship.
A relevant person is required to apply ongoing monitoring during a business relationship. This means ensuring that all documents are kept up to date and relevant by undertaking reviews of existing records, including, but without prejudice to the generality of the foregoing, reviews where any inconsistency has been discovered. This should be carried out at times that are appropriate, having regard to the degree of risk of money laundering and taking into account the type of customer, business relationship, product or transaction concerned, when any suspicion arises.
A relevant person must maintain adequate procedures for monitoring and testing the effectiveness of the following actions:
A relevant person must maintain appropriate policies and procedures relating to:
“Appropriate policies and procedures” means policies and procedures that are appropriate having regard to the degree of risk of money laundering and taking into account the type of customers, business relationships, products or transactions with which the relevant person's business is concerned. It must also include policies and procedures for the identification and scrutiny of:
Additionally, the firm should identify:
“Scrutiny” includes scrutinising the background and purpose of transactions and activities.
A relevant person must take appropriate measures from time to time for the purposes of making employees whose duties relate to the provision of financial services business aware of the following matters:
A relevant person must provide those employees from time to time with training in the recognition and handling of:
Such training shall include the provision of information on current money-laundering techniques, methods and trends.
A relevant person must keep the records specified below. A record comprises:
Records must also include sufficient information to enable the reconstruction of individual transactions, in such a manner that those records can be made available on a timely basis to the Commission, police officer or customs officer for the purposes of complying with a requirement under any enactment.
Records must contain the following details of each transaction carried out with, or for, a customer in the course of financial services business:
Adequate recording of details of transactions may be demonstrated by including (where appropriate):
Adequate recording of details of transactions may be demonstrated by recording all transactions undertaken on behalf of a customer within that customer's records, enabling a complete transaction history for each customer to be easily constructed. For example, a customer's records should include all requests for wire transfer transactions where settlement is provided other than from funds drawn from a customer's account with the relevant person.
Financial institutions and other organisations regulated by the Jersey Financial Services Commission undertaking relevant business have an obligation to report where they have knowledge, suspicion or reasonable grounds for suspecting money laundering or terrorist financing. The format, timing and content of what the Jersey Financial Services Commission considers to be a good SAR are specified in the guidance, and should follow the basis outlined below.
If it is made to a designated person, that person must consider it, in the light of all other relevant information, for the purpose of determining whether or not the information or other matter contained in the report does give rise to knowledge, suspicion or reasonable grounds for knowledge or suspicion that another person is engaged in money laundering.
If a report is made to a designated person, the report must generally be forwarded by the designated person to the reporting officer.
If a report is made or forwarded to the reporting officer, it must be considered by the reporting officer, in the light of all other relevant information, for the purpose of determining whether or not the information or other matter contained in the report does give rise to knowledge, suspicion or reasonable grounds for knowledge or suspicion that another person is engaged in money laundering.
Any designated person through whom the report is made must have access to all other relevant information that may be of assistance to the reporting officer or that designated person, including, in particular, the records that a relevant person must keep.
If it is decided that a disclosure needs to be made, there must be procedures for the person to disclose to a designated police officer or designated customs officer as soon as is practicable, using the form set out in the Schedule to the Order.
Reports must contain the identity of the person making the report.
Section 22 considers reports that do not need to be forwarded:
Failure to comply with the Money Laundering Order is a criminal offence, and in determining whether a relevant person has complied with any of the legal requirements of the Order, the court is required to take account of the guidance provided by the handbook. The sanction for failing to comply with the Money Laundering Order may be an unlimited fine or up to two years' imprisonment, or both.
Where a breach of the Money Laundering Order by a body corporate is proved to have been committed with the consent of, or to be attributable to any neglect on the part of, a director, manager or other similar officer, that individual, as well as the body corporate, shall be guilty of the offence and subject to criminal sanctions.
The consequences of non-compliance with the regulatory requirements that are set through the Supervisory Bodies Law could include an investigation by, or on behalf of, the Commission, the imposition of regulatory sanctions and criminal prosecution of the business and its employees. Regulatory sanctions include:
In addition to this, the ability of a relevant person that is regulated by the Commission under the regulatory laws to demonstrate compliance with the regulatory requirements will be directly relevant to its regulated status and any assessment of fitness and propriety of its principals.
A lawyer in Jersey was convicted of money laundering involving assets valued at over £1 million. The funds, which were falsely represented as payment for legal services, originated from the lawyer's father – a convicted money launderer who is reported to have laundered £27 million. A transaction of this size between relatives should arouse suspicion for a financial institution, particularly when convicted financial criminals are moving funds of that size.
Jersey has been targeted as a money-laundering centre for funds originating in India and Nigeria, after a criminal was convicted of orchestrating a £28-million money-laundering scheme. The funds were laundered through the Jersey branch of the Bank of India, in a deal with a late Nigerian military dictator. This illustrates the need to conduct enhanced due diligence for PEPs, to avoid the possibility of corruption and abuse of power.
Kenya has been slow to implement a comprehensive AML regime. As such, its attempts to comply with the international regime to combat money laundering have currently fallen short of international best practice. Its primary concern has been to focus more on the poverty that the country is affected by and to solve the further problems relating to various diseases that have been virtually wiped out in other, more developed countries.
The Proceeds of Crime and Anti-Money Laundering Act 2009 provides the relevant AML law. This is supplemented by the CBK Guidelines.
The Proceeds of Crime and Anti-Money Laundering Act 2009 came into effect on 28th June, 2010. The Act:
Furthermore, there are various other pieces of relevant legislation:
Kenya was severely criticised by the FATF in June 2012, which issued a statement saying “Despite Kenya's high-level political commitment to work with the FATF and ESAAMLG to address its strategic AML/CFT deficiencies, Kenya has not made sufficient progress in implementing its action plan, and certain strategic AML/CFT deficiencies remain.” It added “Taking into account Kenya's continued lack of progress, in particular in enacting the CFT legislation, if Kenya does not take significant actions by October 2012, the FATF will call upon its members to apply countermeasures proportionate to the risks associated with Kenya.”
The Central Bank of Kenya is the regulatory body for the financial services sector in Kenya. Non-bank financial institutions are licensed under the Banking Act and are obligated to comply with all requirements of banks subject to any qualifications stipulated for them. Currently, there are no NBFIs licensed in Kenya.
Reports in relation to money laundering and related crimes are currently made to the Central Bank of Kenya and the Criminal Investigation Department of the Kenya Police. The latest AML guidelines were issued by CBK in July 2012.
The Ministry is charged with the responsibility of formulating financial and economic policies. It is also responsible for developing and maintaining sound fiscal and monetary policies that facilitate socioeconomic development, and regulating the financial sector.
The FRC, Anti-Money Laundering Advisory Board and Assets Recovery Agency have been established under the Proceeds of Crime and Anti-Money Laundering Act. However, at the time of writing, these bodies were not yet operational.
It is an offence for any person to enter into an agreement or engage in any arrangement or transaction with anyone in connection with property that forms part of the proceeds of crime, whether that agreement, arrangement or transaction is legally enforceable or not and whose effect is to:
The acquisition, use and possession of proceeds of crime, knowing that such property forms part of the proceeds, is also an offence in Kenya.
It is also an offence for anyone who knows or suspects that an investigation into money laundering has been, is being, or is about to be conducted to inform someone else of that fact. The requirement that this information prejudices the investigation will be removed under the proposed amendments.
The offences above can be committed based on actual knowledge or knowledge the offender ought to have had. The Proceeds of Crime and Anti-Money Laundering (Amendment) Bill 2012, which was going through Parliament as this book was being written, introduces the offence of self-money laundering in terms of acquisition above.
A person who wilfully fails to report a suspicion commits an offence.
A person who knowingly transports, transmits, transfers or receives or attempts to transport, transmit, transfer or receive a monetary instrument or anything of value to another person, with intent to commit an offence, commits an offence.
A person who knowingly makes a false, fictitious or fraudulent statement or representation, or makes, or provides, any false document, knowing the same to contain any false, fictitious or fraudulent statement or entry, to a reporting institution or to a supervisory body or to the Centre commits an offence.
Any person who wilfully gives any information to the Centre or an authorised officer knowing such information to be false commits an offence.
If a person is charged with committing a money-laundering offence, it is a defence that he had reported a suspicion to the authorities or, if the person is an employee of a reporting institution, in accordance with his obligations.
A person found guilty of money laundering, acquisition, possession or use of criminal proceeds or financial promotion of a crime can be liable:
A person who contravenes any of the provisions of sections relating to failure to report suspicion, tipping off or misuse of information is, on conviction, liable:
Institutions should put in place effective anti-money-laundering programmes that address the risks posed by money launderers, and enhance the ability of the institution to identify, monitor and deter persons from attempting to gain access to, or make use of, the financial system. Such programmes should be documented and should establish clear responsibilities and accountabilities to ensure that policies, procedures and controls are introduced and maintained.
A programme should, amongst other things, address the following issues:
The board of directors of an institution operating in Kenya is expected to ensure that management:
Procedures and responsibilities for monitoring compliance with, and effectiveness of, anti-money-laundering policies and procedures should be clearly laid down by institutions in the form of policy documents and internal procedural manuals. Institutions should appoint a Compliance Officer to undertake this function and the officer should have the necessary authority to carry out the function. Institutions should provide the Compliance Officer with the necessary access to systems and records to enable the Officer to fulfil his/her responsibilities.
The functions of the Compliance Officer shall be, amongst others:
Institutions shall undertake a Money Laundering and Financing of Terrorism Risk Assessment. The Assessment should provide the means for identifying the degree of potential money laundering and financing of terrorism risks associated with specific customers and transactions, thereby allowing the institution to focus on customers and transactions that potentially pose a greater risk of money laundering and terrorism financing. Institutions should take into consideration the findings of the country's National Money Laundering and Terrorism Risk Assessment.
When preparing a risk assessment, an institution should consider factors such as:
In all circumstances, any business entity operating within the financial sector requires basic information on its customers. The nature and extent of this information will vary according to the type of business. It shall also depend on whether the business is being introduced by a financial intermediary and the type of customer involved. An institution shall take measures to satisfy itself as to the true identity of any applicant seeking to enter into a business relationship with it, or to carry out a transaction or series of transactions with it, by requiring the applicant to produce an official record for the purposes of establishing the true identity of the applicant.
Furthermore, an institution should establish, to its satisfaction, that it is dealing with a person that actually exists. It should identify those persons who are empowered to undertake the transactions, whether on their own behalf or on behalf of others. When a business relationship is being established, the nature of business that the customer expects to conduct with the institution concerned should be ascertained, so as to determine what might be expected as the customer's normal activity levels. In order to judge whether a transaction is or is not suspicious, an institution needs to have a clear understanding of the pattern of its customer's business.
An institution must identity its customers in the following circumstances:
For personal accounts or transactions, at a minimum, an entity should review and copy an original:
Additional measures that may be used to verify the identity of the customer include:
In the case of a body corporate, the following should be used to conduct CDD:
Additionally, the following should be provided at a minimum:
Additionally, entities should verify the identity and address of the chairman of the board of directors, the Managing Director or the general partner and at least one limited partner for partnerships, or the principal owner for sole traders, etc.
Enhanced due diligence measures shall be applied to persons and entities that present a higher risk to the institution. This can broadly be addressed by taking the following measures:
An institution shall determine, based on its own criteria, whether a particular customer poses a higher risk. Certain customers and entities may pose specific risks depending on the nature of the business, the occupation of the customer or the nature of anticipated transaction activity. Some factors to consider include:
The weight assigned to each of these risk categories (individually or in combination) in assessing the overall risk of potential money laundering may vary from one institution to another, depending on their respective circumstances. Consequently, an institution will have to make its own determination as to the risk weights to assign to each different risk.
The procedures adopted here should confirm the identity as robustly as those adopted for face-to-face customers, and reasonable steps should be taken to avoid single or multiple fictitious applications or substitution (impersonation) fraud for the purpose of money laundering.
Some of the best means of verifying address are considered to be:
In addition, satisfactory evidence of personal identity can be obtained by a number of means, some of which are set out below:
Care should be taken to ensure that the same supporting documentation is obtained from internet customers as for other postal/telephone/mobile banking customers.
Institutions should consider regular monitoring of accounts opened on the internet. Unusual transactions should be investigated and reported if found to be suspicious.
Where a customer has been found to be a politically exposed person, institutions will be required to take the following measures:
Once the account has been established, institutions should conduct enhanced ongoing monitoring of the relationship.
No institution shall open and/or maintain anonymous accounts or accounts in fictitious names. All numbered accounts should undergo the same identification and verification process as regular accounts.
An institution which intends to establish a correspondent banking relationship, either as the correspondent bank or the respondent bank, shall undertake the following steps before establishing a business relationship:
Institutions should not open a foreign account with a shell bank.
Institutions should verify, on a regular basis, compliance with policies, procedures and controls relating to money-laundering activities, in order to ensure that the requirement to maintain such procedures has been discharged.
Ongoing monitoring of account activity and transactions should be conducted on a risk-sensitive basis. Institutions can only effectively control and reduce their risk if they have an understanding of normal and reasonable activity of their customers. This enables them to have the means of identifying transactions which fall outside the regular pattern of an account's activity. This can be done by establishing limits for a particular class or category of accounts and paying particular attention to transactions that exceed these limits.
Each institution should institute specific “Know Your Employee” controls designed to deter internal fraud and abuse of the institution which require employees to:
The Financial Reporting Centre was formed under the POC Act 2009. Section 24 lists its functions and provides the full ambit of its role in a very logical and sequential fashion. The list includes, but is not exclusive to, stating that the Centre:
If an institution becomes aware of suspicious activities or transactions which indicate possible money-laundering activities, the institution shall ensure that it is reported to the Central Bank of Kenya immediately and in any event within seven days of the date of the transaction or activity that is considered suspicious.
Sufficient information should be disclosed to indicate the nature of, and reason for, the suspicion. Where the institution has additional supporting documentation, that should also be made available.
If, following a disclosure, an institution, exercising its commercial judgment, wishes to terminate the relationship with the customer, it is recommended that before taking this step, the reporting institution should liaise with the Central Bank of Kenya to ensure that the termination does not, in any way, “tip off” the customer or prejudice possible investigation.
The suspicious transaction report shall provide sufficient details, as per the prescribed form, regarding the activities or transactions so that authorities can properly investigate and, if warranted, take appropriate action. Failure to report suspicious transactions may invite remedial action.
Institutions shall file reports with the Central Bank of Kenya on all cash transactions exceeding US$ 10,000 or its equivalent in any other currency carried out by it, whether or not the transaction appears to be suspicious. The report shall be made electronically on form No. IF/10.
Institutions which obtain or become aware of information which is suspicious or indicates possible money-laundering activities should not disclose such information to the customer, but should report it to the Central Bank of Kenya, as required by this guideline.
It is an offence for an institution to fail to:
The penalty on conviction for any of the above is a fine not exceeding 10% of the amount of the monetary instruments involved in the offence.
The Act accords immunity or protection to institutions and officers in respect of obligations carried out under the Act in good faith, such as the reporting of suspicious transactions.
The Goldenberg scandal was a series of financial crimes in Kenya which cost the government $500 million. The perpetrator proposed to the government that he set up a formal gold and diamond exchange, to prevent the precious metals and jewellery being sold on the black market. He then charged the government 35% of the export price as commission. Despite various discrepancies, such as the invoices not matching the receipts and being provided in various currencies but from the same source, the Kenyan government paid the invoices. Shortly afterwards, the criminal set up his own commercial bank, thereby avoiding the invoice problem.
It later emerged that the criminal was buying foreign currency in the local market and representing it as foreign exchange earnings. The invoices submitted were nearly 300 times more expensive than the actual cost of gold, and, of course, were fraudulent. It later emerged that the companies the criminal was exporting to were fictitious, apart from one – which was later bought by the criminal.
Concurrent with this, the criminal was running a series of other scams. One took advantage of an export “incentive package” provided by the Kenyan government for exporters. The criminal claimed to be an exporter, and was paid hundreds of millions of dollars in pre-shipment finance, for which he then negotiated delays in repayment (and never repaid a substantial amount). He also took advantage of a scheme which allowed exporters to retain a portion of their foreign exchange earnings, by convincing the government to allow him to retain all of his earnings – the most any other business was allowed was 50%. This gained him $75 million. He also received a $210 million loan secured against an account in London, which he said he would make available to the Kenyan government, but never did.
Many of the proceeds of the scam were never recovered. However, it is known that very sophisticated financial structures were employed, involving two banks controlled by the criminal and eight separate companies. He then obtained funds from the Central Bank of Kenya using his two banks and the eight companies by overdrawing the account of the first bank at the Central Bank of Kenya and then covering the overdraft using fraudulent transfers in favour of that bank, issued by his other bank and the companies. The criminal would then carry out this fraudulent rotation of funds all over again to cover the overdraft created in the second bank.
Approximately 90% of Liechtenstein's financial services business is provided to non-residents. This creates a particular money-laundering risk, in response to which the authorities and the financial sector firms have developed risk-based mitigating measures. Accordingly, an increasingly stringent series of rules has been implemented.
Money laundering is criminalised under the Criminal Code. The Due Diligence Act and the Due Diligence Ordinance provide the compliance requirements.
Liechtenstein first implemented anti-money-laundering laws in 1990, with the passage of specific EU provisions, in order to have a more integrated set of legislative arrangements. Liechtenstein also has a customs union agreement with Switzerland. Milestones in the fight against money laundering and terrorist financing include:
Money laundering is criminalised through Article 165 StGB. Article 1.6 was added in 2003, making the financing of terrorism a predicate offence. In December 2008, Parliament passed a new legislative package which includes a comprehensive review of the Due Diligence Act (DDA) as well as partial amendments to the Criminal Code including document fraud and market manipulation.
AML/CFT legal requirements are expanded and specified in the Government's Due Diligence Ordinance (DDO). This was originally introduced on 11th January, 2005, and an updated version came into force on 1st March, 2009.
Liechtenstein is a member of MONEYVAL. The assessment of the implementation of anti-money-laundering and counter-terrorist-financing (AML/CFT) measures in Liechtenstein was conducted by the IMF and adopted by MONEYVAL. The IMF report in 2007 noted that provisions regarding CDD are broadly in line with the international standard, but, whether conducted directly or through intermediaries, they need to be strengthened further in some areas. On the whole, Liechtenstein is making good progress (especially as it was listed as an uncooperative country until 2001), but there is still work to do.
The FMA is an independent, integrated financial market supervisory authority operating as an autonomous institution under public law. The FMA is responsible for the supervision and execution of the special legislation, and for the regulation and the representation of the interests of Liechtenstein in international bodies (in coordination with the government).
The FIU is the central point for collection and analysis of information which is to be used to detect money laundering, predicate offences for money laundering, organised crime and/or terrorist-financing activity.
According to Articles 4 and 5 of the FIU Act, the FIU is tasked with:
The FIU also has tracing powers to a certain extent, in that it can, on receipt of a suspicious activity report, demand additional information from the financial intermediary, who is obliged to comply immediately.
Although the FIU accepts SARs in any form, it has drafted a reporting form that reporting entities are encouraged to use (Article 23.2 Due Diligence Ordinance). Some 80% of disclosures are made this way.
The offence of money laundering is committed by:
Proceeds are considered criminal if they have been obtained through an offence or received for the perpetration of an offence, including assets that represent the value of the assets originally obtained or received. Therefore, both direct and converted proceeds are covered. Furthermore, “asset components” is understood in a broad sense and would include tangible as well as intangible property and all assets representing financial value, including claims and interests in such assets. The offence of money laundering, therefore, extends to any type of property, regardless of its value, that represents the proceeds of crime.
Liechtenstein has adopted a combined approach, listing all felonies and a number of misdemeanours as predicate offences for money laundering. Felonies are intentional offences sanctioned with life imprisonment or imprisonment of more than three years, whereby the maximum sanction is the determining factor for the differentiation between felonies and misdemeanours. Misdemeanours listed as predicate offences for money laundering relate to terrorist financing, official corruption and misconduct by public officials, and offences under the Narcotics Act, including sale or procurement of narcotics, financing narcotic trafficking or the procurement of financing of narcotics.
The penalty for hiding or concealing the origin of criminal assets is imprisonment for up to three years and a fine. For anyone who appropriates or takes into safekeeping laundered assets, the penalty is two years' imprisonment and a fine. If the assets of a criminal organisation are involved, the penalty is three years' imprisonment, and for any of the above offences committed by a gang, or where the value of the assets is above CHF 75,000, the penalty is up to five years' imprisonment.
Only a few criminal offences are punished with stricter sanctions (up to ten years for counterfeiting currency, for breach of trust with particularly heavy damage, for fraud with particularly heavy damage, for fraud as a business and for fraudulent bankruptcy with particularly heavy damage). No penalties have actually been imposed by Liechtenstein courts for money laundering, and only seven prosecutions have been made.
The DDA applies to all financial institutions holding a licence, including, but not exclusive to:
Financial transactions relevant to DDA encompass:
The following are considered equivalent to financial transactions:
The prime area of vulnerability for Liechtenstein appears to occur in the layering stage of money laundering. The risk-based approach to money-laundering deterrence has been fully adopted in Liechtenstein. This means that the perception of risk within a potential customer determines the extent to which a firm considers it necessary to conduct due diligence or enhanced due diligence assessments.
A high proportion of Liechtenstein's financial service business involves private cross-border banking, which falls within the FATF's definition of “higher-risk” business.
Persons subject to due diligence must appoint a contact person with the FMA, as well as Compliance and Investigating Officers (Article 22 DDA):
The Compliance Officer shall (Article 30 DDO):
The Investigating Officer conducts inspections in order to review records and assess completion of due diligence requirements, notably with regard to reporting obligations and responses to domestic authorities' information requests (Article 31 DDO).
The Compliance Officer and the Investigating Officer shall have a sound knowledge in matters of the prevention and combating of money laundering, predicate offences of money laundering, organised crime and terrorist financing, and be familiar with the current developments in these areas. The responsibilities of the Compliance Officer and the Investigating Officer may be transferred to suitably qualified external persons or offices.
Financial institutions must obtain prescribed customer due diligence (CDD) information for legal persons, companies, trusts, other associations and asset entities. All information and documents required to establish and verify the identity of the contracting party and the beneficial owner shall be available, in full and in due form, at the time the business relationship is initiated. If it is necessary to maintain normal business, it may exceptionally be deemed sufficient if the information and documents required are made available as soon as possible after the business relationship has been initiated. In this event, the person or entity subject to due diligence shall ensure that no funds are transferred in the meantime.
There is no CDD requirement for low-risk, occasional transactions. Activities shall be deemed to be occasional if the individual activity does not exceed the value of CHF 1,000 and no more than 100 transactions per year are carried out.
The entity must establish and verify the identity of the contracting party by inspecting a document with probative value (original or certified copy) relating to the contracting party, to ascertain the following information:
For natural persons, documents with probative value shall include a valid official identification document with a photograph (in particular a passport, identity card or driving licence). An identification document shall be deemed to be valid if it entitles the contracting party to enter the Principality of Liechtenstein at the time when the contracting party's identity is established and verified. If the contracting party cannot provide such a document from his home country, he shall provide a confirmation of identity from the authority responsible in his domicile.
Reporting institutions have to establish the identity of the beneficial owner, and should use risk-based measures to verify the identity and establish the ownership and control structure of a contractor. The following are required for corporate customers:
If the contracting party is a legal entity, the persons or entities subject to due diligence shall ensure that the person purporting to act on its behalf is authorised to do so. The persons or entities subject to due diligence shall verify the identity of such persons by inspecting a document with probative value (original or certified copy) or by confirming the authenticity of the signature. In addition:
A customer profile must be compiled for each long-term relationship and must include:
The degree of detail of the information pursuant to the above shall take account of the risk involved in the business relationship. If, in the course of the business relationship, doubts arise about the identity of the beneficial owner, the due diligence procedures must be repeated.
In order to establish and verify the identity of the beneficial owner, the persons or entities subject to due diligence shall collect and document the aforementioned CDD information and obtain confirmation of the accuracy of the information from the contracting party or a person authorised by the latter, by means of a signature or using a secure electronic signature.
Certain specified low-risk organisations, such as publicly traded companies, can be subjected to simplified due diligence.
Enhanced CDD should be carried out for high-risk customers. Criteria for business relationships and transactions involving higher risks shall include, in particular:
Additional measures for transactions involving higher risks shall include, in particular:
For PEP CDD, an entity must:
Anonymous accounts are prohibited.
Banks and postal institutions that carry out correspondent banking services for foreign banks and postal institutions must:
If, despite repeating the process of establishing and verifying the identity of the contracting party or beneficial owner, doubts remain as to the information provided by them, the persons or entities subject to due diligence shall discontinue the business relationship and adequately document the outflow of assets.
The business profile shall contain the following information:
The degree of detail of the information shall take account of the risk involved in the business relationship. Simple inquiries shall serve to assess the plausibility of circumstances or transactions that deviate from the business profile. For this reason, the person or entity subject to due diligence shall obtain, evaluate and document such information as is useful in ascertaining the background to such transactions, to identify how plausible they are.
The persons or entities subject to due diligence shall ensure that employees involved with business relationships receive up-to-date and comprehensive basic and continuing training. The knowledge imparted shall encompass the regulations on preventing and combating money laundering, predicate offences of money laundering, organised crime and terrorist financing, in particular:
The due diligence files shall contain the documents and records prepared and used in order to comply with the CDD provisions. They shall, in particular, include:
The due diligence files shall be prepared and kept in such a manner that:
The due diligence files may be stored in written, electronic or similar form provided that:
The integrity and legibility of image and data storage media kept shall be checked regularly. The due diligence files shall be stored at a location within Liechtenstein that is accessible at any time.
The following information shall be added to records:
Customer-related documents and receipts must be kept for at least ten years after the business relationship has ended or the transaction has been completed.
Where suspicion of money laundering, a predicate offence of money laundering, organised crime or terrorist financing exists, the persons subject to due diligence must immediately report, in writing, to the financial intelligence unit (FIU). Likewise, all offices of the National Administration and the FMA are subject to the obligation to report to the FIU.
The report shall contain all information required for the FIU to evaluate the matter. The FIU shall confirm, in writing, the date of receipt of the report. It may request further information after receiving the report. Such information shall be submitted without delay. The FIU may issue a standardised report form.
Infringements of the DDA lead to severe punishment. Persons who do not meet their obligations and, for example, fail to carry out identification or documentation correctly may be punished by the Princely Court of Justice by up to six months' imprisonment or a fine of up to 360 daily rates. Daily rates are calculated with reference to the net income of the individual, so 360 daily rates is likely to equate to approximately a year's salary.
According to the US State Department Money Laundering Report 2012, there were seven prosecutions for money laundering from 19th October, 2010 to 31st October, 2011, but no convictions.
Drug trafficking is noted by the authorities as the main source of illegal proceeds in Malaysia. Authorities highlight illegal proceeds from corruption as a significant money-laundering risk in addition to a range of predicate offences that generate significant proceeds of crime. Malaysia has a significant informal remittance sector. Although elements of the AML framework in Malaysia are stringent, there is still work to be done to bring it up to international standards.
The two main sources of anti-money-laundering legislation in place in Malaysia are the Anti-Money Laundering and Counter Financing of Terrorism Act 2001 (AMLATFA) and the Standard Guidelines on Anti-Money Laundering and Counter Financing of Terrorism.
There have been various amendments to the AMLATFA since its introduction. Furthermore, the Bank Negara Malaysia is vested with comprehensive legal powers to regulate and supervise the financial system, under various pieces of legislation including:
In 2006 the regulatory framework was amended, making changes to AML legislation among other statutory instruments. This came into force during the following year. In March 2007, at the initiation of the NCC, Malaysia enacted amendments to five different pieces of legislation: the AMLA (now known as the AMLATFA since it now includes terrorist financing), the Penal Code, the Subordinate Courts Act, the Courts of Judicature Act and the Criminal Procedure Code. The number of predicate offences for money laundering was expanded from 219 to 223.
Moreover, the amendments impose penalties for terrorist acts, allow for the forfeiture of terrorist-related assets, allow for the prosecution of individuals who have provided material support for terrorists, expand the use of wiretaps and other surveillance of terrorist suspects and permit video testimony in terrorist cases. This enabled Malaysia to accede to the UN Convention for the Suppression of the Financing of Terrorism.
The APG Mutual Evaluation Report on Malaysia in 2007 noted that while the customer due diligence regime in Malaysia shows a high degree of technical compliance with FATF standards, the level of implementation of requirements to identify and verify beneficial ownership of corporate customers is unclear. While the legal provisions are in line with FATF standards, there are some concerns that implementation by the financial institutions may not yet be in compliance with the legal requirements. There were other issues regarding CDD and PEPs, although the effectiveness of the FIU was praised. It described the level of success of the Malaysian AML framework as “varied”.
The Bank is a statutory body wholly owned by the Government of Malaysia with the paid-up capital progressively increased, currently at RM 100 million. The Bank reports to the Minister of Finance, Malaysia and keeps the Minister informed of matters pertaining to monetary and financial sector policies.
The major role of the Bank is the conduct of monetary policy, which has seen generally low and stable inflation for decades, thereby preserving the purchasing power of the ringgit. The Bank is also responsible for bringing about financial system stability and for financial system infrastructure.
While the Bank Negara Malaysia is the designated competent authority under the AMLA, the National Co-ordination Committee to Counter Money Laundering (NCC), consisting of 13 Ministries and government agencies, was set up in 2000 in order to achieve a coordinated approach towards ensuring the effective implementation of national AML/CFT measures. The NCC provides an integrated platform for the relevant Ministries, government agencies and supervisory authorities to ensure that Malaysia implements an effective national AML/CFT system in line with the international standards. Bank Negara Malaysia, as the Secretariat to the NCC, continues to play an instrumental role in this process by promoting a collaborative culture between the government and private sector towards achieving AML/CFT compliance.
Money laundering is defined under Section 3(1) of AMLATFA as the act of a person who:
It is to be inferred from objective factual circumstances that the person knows, or has reason to believe, that property may be the proceeds from any unlawful activity. A person will also be guilty of the offence of money laundering if, without reasonable excuse, they fail to take reasonable steps to establish whether or not the property is proceeds from any unlawful activity.
The “Terrorism Financing Offence” is also defined under the same section, as any offence which essentially includes:
In order to find an individual to be guilty of financing terrorism, the authorities will focus on the determination of the individual's actions or the use of funds, which may have derived from legitimate sources.
Any person who engages in, or attempts to engage in, or abets the commission of money laundering commits an offence and shall, on conviction, be liable to a fine not exceeding five million ringgit or to imprisonment for a term not exceeding five years, or to both.
Tipping off is punished by a fine of RM 1 million or a one-year jail term, or both.
The falsification, concealment and destruction of documents can be punished by a fine of RM 1 million or a one-year jail term, or both. A further fine of RM 1,000 per day will be imposed for each day during which the offence continues after conviction.
The Standard Guidelines supplement the AMLATFA and both sources have been drawn up in accordance with international standards recommended by the Financial Action Task Force's 40 Recommendations on Money Laundering together with the nine Special Recommendations on Terrorist Financing. Collectively, the laws, policies and practices adopt a risk-based approach to combating money laundering.
Senior management of reporting entities have a responsibility to appoint a Compliance Officer who is “fit and proper” to carry out AML/CFT responsibilities and can effectively discharge them. Similar to an MLRO, the Compliance Officer's role is to act as the reference point for AML/CFT matters, including employees' training and reporting of suspicious transactions. It is the Compliance Officer's role to submit suspicious transaction reports to the financial intelligence unit in Bank Negara Malaysia. The appointed Compliance Officer is the single point of reference for the financial intelligence unit in Bank Negara Malaysia with regards to AML/CFT matters.
It is important that the Compliance Officer who is appointed by the reporting institution has the necessary knowledge and expertise to carry out his responsibilities, which include the following:
Reporting institutions must inform the financial intelligence unit in Bank Negara Malaysia, in writing, if there is an appointment or change of the Compliance Officer. The name, designation, office address, office telephone number, fax and email address must all be sent to the FIU.
The role of the Compliance Officer should be clearly defined and documented. The role of the Compliance Officer is to ensure:
Customer due diligence must be carried out when:
The minimum customer due diligence requirement which reporting institutions must conduct includes the following:
When dealing with customers during the customer due diligence processes, reporting institutions must pay particular attention to the behaviour of customers. The unwillingness of customers to provide certain information may be grounds for suspicion. In the event that existing customers fail to provide certain information, or indeed refuse to update certain information, business transactions and relations should cease with that customer. A suspicious transaction report should also be lodged with the financial intelligence unit at Bank Negara Malaysia.
In certain situations where the risks of money laundering and financing of terrorism are low and verification is not possible at the point of establishing a business relationship, the reporting institution may allow its customer due diligence process to be completed no later than 14 days (or the period specified in Bank Negara Malaysia's sectoral guidelines, where applicable) after the business relationship has been established to permit some flexibility for its customer to furnish the relevant documents. The risk of delaying verification is an issue which reporting institutions should address by establishing internal procedures.
When conducting customer due diligence on individual customers, the following information should be requested:
This information should be substantiated by requiring the individual to furnish the original of, and make a copy of, either the NRIC for Malaysians/permanent residents or a passport for a foreigner. Customers must present copies of original documents to the reporting entity, who must also keep copies of these documents. Reporting entities are instructed to request supporting photographic identification if there is any doubt as to a customer's identity.
As part of customer due diligence for corporate clients, companies and businesses are required to present and produce copies of the following documents:
Where there is any doubt, the reporting institution should:
The reporting institution should identify the beneficial owner of the corporate customer and know the ownership and control structure of the corporate customer in order to detect any unusual circumstances concerning changes to the company/business structure or ownership or payment profile of its account. Based on the risk profiling conducted on the customer, reporting institutions should take reasonable measures to verify the beneficial owner of the corporate customer.
Copies of the Memorandum and Articles of Association or Certificate of Incorporation do not need to be produced and individual directors do not need to produce identification documents if the corporate customers fall into the following categories:
The reporting institution should conduct customer due diligence on any natural person who ultimately owns or controls the customer's transaction if it suspects a transaction is conducted on behalf of a beneficial owner and not the customer who is conducting such transaction. The customer due diligence should be as stringent as that for individual customers.
For higher-risk customers, the reporting institution shall conduct enhanced customer due diligence. This should include at least:
Examples of high-risk customers include:
The procedures which financial institutions must have in place to limit the risks involved in non-face-to-face CDD should be just as effective as those for face-to-face customers. The Guidelines recommend the following various approaches:
Once a PEP has been identified, the reporting institution should take reasonable and appropriate measures to establish the source of wealth and funds of the individual. The decision on whether to enter into or continue business relations with PEPs should be made by senior management of the reporting institution at the head office. In addition, the reporting institution should conduct enhanced ongoing due diligence on PEPs throughout its business relationships with such PEPs. For such purpose, the reporting institution should note that business relationships with family members or close associates of PEPs will involve similar risks to PEPs.
When entering such a business relationship, the reporting institution should capture and assess, at the minimum, the following information on the respondent institution, to determine the reputation and quality of supervision:
The reporting institution should establish or continue a correspondent banking relationship with the respondent institution only if it is satisfied with the assessment of the information gathered.
The reporting institution should also document the responsibilities of the respective parties in relation to the correspondent banking relationship, in particular, matters in relation to customer due diligence for all products and services.
The decision and approval to establish or continue a correspondent banking relationship should be made at the senior management level.
Where a correspondent banking relationship involves the maintenance of “payable-through accounts”, the reporting institution should be satisfied that:
In addition, the reporting institution should pay special attention to correspondent banking relationships with respondent institutions from countries highlighted by the internationally recognised AML/CFT bodies such as the FATF as insufficiently implementing the internationally accepted AML/CFT measures, which would require enhanced due diligence to assess the money-laundering and financing of terrorism associated risks.
The reporting institution should not establish or conduct any business relationship with shell banks. As for shell companies, for those that do not conduct any commercial activities or have any form of commercial presence in the country, extra care should be taken to verify the details of the directors, shareholders and authorised signatories.
The reporting institution should take the necessary measures to ensure that the records of existing customers, including customer profiles, remain updated and relevant. In addition, further evidence in identifying existing customers should be obtained to ensure compliance with the reporting institution's current customer due diligence standards. The reporting institution should conduct regular reviews on existing records of customers, especially when:
Effective monitoring should enable reporting entities to detect money laundering or the financing of terrorism through analysing the transaction patterns or activities of the customers. Ongoing customer due diligence should examine and clarify:
All findings must be documented and made available to Bank Negara Malaysia and the relevant supervisory authority upon request. An effective customer due diligence process, where ongoing monitoring is carried out, should include the following:
Reporting institutions should conduct awareness and training programmes on AML/CFT practices and measures for their employees, depending on the role of the employee. Senior management must ensure proper channels for communication are in place for all levels of employees. Employees must also be made aware that they will be held personally liable for any failure to observe the internal AML/CFT requirements.
Key training for all employees should, at a basic level, include training on the relevant guidelines on AML/CFT issued by Bank Negara Malaysia and the reporting institutions' own internal AML/CFT policies and procedures.
The Guidelines are quite thorough and highlight the type of training which should be conducted for employees appropriate to their levels of responsibility in detecting money laundering and the financing of terrorism. Particular guidance is given to the following levels of employees.
Should be provided with a general background on AML/CFT.
Must be trained to conduct effective ongoing customer due diligence, detect suspicious transactions and measures that need to be taken to identify a transaction as being suspicious.
Should be focussed on customer identification and verification, customer due diligence, including when to conduct enhanced due diligence, reporting obligations and when there is a need to defer establishing new business relationships with new customers until due diligence is satisfactorily completed.
Should include a higher level of instructions covering all aspects of AML/CFT procedures, in particular the risk-based approach to customer acceptance, customer due diligence and risk profiling of customers. Other areas include the penalties for non-compliance with the AML/CFT requirements, procedures in addressing the financing of terrorism such as the Consolidated List and the list of terrorists under AMLATFA, internal suspicious transaction reporting procedures and the requirements for customer due diligence and record-keeping.
All training and awareness programmes should be conducted regularly and supplemented with refresher courses for employees. These programmes should update staff on the latest AML/CFT developments such as products or transaction modes, which are susceptible to the risk of money laundering and financing of terrorism, and remind them of their responsibilities under the AML/CFT programme.
Reporting institutions are required to keep all relevant records, including any material business correspondence and documents relating to transactions, in particular those obtained during customer due diligence procedures, for at least six years after the transaction has been completed or after the business relationship with a customer has ended. Records can be retained for longer if the records are being used for ongoing investigations or prosecutions in court.
The type of documents that should be retained is those which enable an audit trail on an individual transaction. Transactions should be traceable by Bank Negara Malaysia, the relevant supervisory and law-enforcement agency. Records should be kept in a manner in which the records are secure and retrievable on request in a timely manner, and must enable the reporting institution to establish the history, circumstances and reconstruction of each transaction. The records should, at a minimum, include the following:
The reporting institution is required to promptly submit a suspicious transaction report to the financial intelligence unit in Bank Negara Malaysia when any of its employees suspect, or have reason to suspect, that the transaction or attempted transaction involves proceeds from an unlawful activity or the customer is involved in money laundering or the financing of terrorism. The reporting institution should provide the necessary information surrounding the suspicious transaction, as required in the suspicious transaction report form. The reporting institution must establish a reporting system for the submission of suspicious transaction reports to the financial intelligence unit in Bank Negara Malaysia.
The Compliance Officer is responsible for liaising with, and submitting reports to, Bank Negara Malaysia. Upon receiving any internal suspicious transaction report, whether from the head office, branch or subsidiary, the Compliance Officer should evaluate the grounds for suspicion and, if suspicion is confirmed, promptly submit the suspicious transaction report to the financial intelligence unit in Bank Negara Malaysia. In cases where the Compliance Officer decides that there are no reasonable grounds for suspicion, he should document his decision, ensure it is supported by the relevant documents and file the report.
The reporting institution should ensure that the suspicious transaction reporting mechanism is operated in a secure environment to maintain confidentiality and preserve secrecy. The disclosure of any information or matter which has been obtained by any person within the reporting institution, in the performance of his duties or the exercise of his functions, is an offence under the AMLATFA.
The Guidelines do not give a transaction value as a default level at which all transactions should be reported. Thus, it does not matter how high or low the value of a transaction is, a suspicious transaction report must be submitted if there is reason to suspect that the transaction involves illegal proceeds or that the customer may be involved in money laundering.
Any person who contravenes any provision or regulation made, or any specification or requirement made, or any order in writing, direction, instruction or notice given, or any limit, term, condition or restriction imposed, in the exercise of any power conferred under or pursuant to any provision commits an offence and shall, on conviction, if no penalty is expressly provided for the offence or the regulation, be liable to a fine not exceeding RM 250,000.
An officer of a reporting institution must take all reasonable steps to ensure its compliance with the reporting obligation. Failure of a reporting institution to comply with any of the requirements will result in Bank Negara Malaysia taking the appropriate enforcement action, including obtaining a Court order against any or all of the officers or employees of the reporting institution on terms that the Court deems necessary to enforce compliance.
Notwithstanding any Court order, the financial intelligence unit in Bank Negara Malaysia may direct or enter into an agreement with the reporting institution to implement any action plan to ensure compliance with reporting requirements. Failure of an officer to take reasonable steps to ensure compliance, or failure of a reporting institution to implement any action plan as agreed to ensure compliance, will result in the officer or officers being personally liable to a fine not exceeding RM 100, 000 or to imprisonment for a term not exceeding six months, or to both.
In the case of a continuing offence, a further fine may be imposed on the reporting institution not exceeding RM 1,000 for each day during which the offence continues after conviction. Bank Negara Malaysia is authorised to compound, with the consent of the Public Prosecutor, any offence under the regulations by accepting from the person reasonably suspected of having committed the offence such amount not exceeding 50% of the amount of the maximum fine for that offence, including the daily fine, if any, in the case of a continuing offence.
Any institution that fails or refuses to comply with or contravenes any direction or guidelines issued to it by the relevant regulatory or supervisory authority, or discloses a direction or guideline issued to it, commits an offence and shall, on conviction, be liable to a fine not exceeding RM 100,000.
A 62-year-old former executive director of a pharmaceutical company recently became the first person to be convicted of money laundering in Malaysia. She was charged with eight counts of money laundering involving RM 41.3 million, amongst other financial offences, and sentenced to three years' imprisonment and fined over RM 6 million.
She laundered the proceeds of unlawful activities using a joint bank account to hide the true depository. Furthermore, she used her company accounts and the accounts of five other firms, forming a complex transaction trail, to disguise the origin of the funds. In addition to this, she assisted a colleague in forging promissory notes worth RM 37 million.
This case illustrates the need to proceed cautiously, even if a customer is low-risk. A 62-year-old female would probably be identified as a low-risk customer with regards to money laundering and other financial crimes, but her position of seniority – she was an executive – suggests that she may be in an ideal position to commit a financial crime. Therefore, thorough due diligence should be conducted on any such customer, and the risk categories applied should be under continual review.
Mexico faces an unprecedented threat to its national security and stability from drug trafficking and organised crime. Powerful drug cartels, resorting to extreme violence, have extended their activities across various parts of the country, and these activities pose significant challenges to the government. In response to the financial power of these cartels, the Mexican government has instituted unprecedented measures to support law-enforcement activities against organised crime and drug trafficking. There is strong political and institutional commitment to tackle crime and money laundering in Mexico, which has driven the legislative changes.
Article 400 Bis of the Criminal Code contains the money-laundering offence and is complemented by the Federal Law against Organised Crime. The Federal Law on the Prevention and Identification of Transactions with Proceeds of Illicit Origin passed in July 2013, and the subsequent Regulations of the Federal Law on the Prevention and Identification of Transactions with Proceeds of Illicit Origin outline the money-laundering framework.
Money laundering has been an offence in Mexico since 1989. The offence was originally set forth as a fiscal offence under Article 115 Bis of the Federal Fiscal Code. Money laundering and terrorist financing were finally criminalised in 1996, the crime relating to “Operations with Resources from Illegal Origins” under Article 400 Bis of the Federal Criminal Code. Consequently, Article 115 Bis of the Federal Fiscal Code was repealed.
Article 400 Bis of the Criminal Code introduced more procedural elements to the offence and is now complemented by Mexico's Federal Law Against Organised Crime (LFDO). The LFDO was updated in June 2012.
In May 2004, Mexican authorities issued more detailed AML/CFT regulations and extended compliance to non-bank financial institutions. The Attorney's Office has released information pertaining to its plans to map the criminal economy and the corresponding flow of illicit funds.
In April 2012, the Mexican Senate approved the latest anti-money-laundering legislation, which came into force in July 2013.
The 2008 mutual evaluation noted that Mexico is making good progress in developing its system for combating ML and TF and that the AML/CFT preventive measures are comprehensive, contain risk-based elements and are being implemented across principal sectors of the financial system. Nonetheless, AML/CFT regulations are still evolving and could benefit from further development.
A 2011 report by the IMF stated that Mexico has “Efficient functioning of key national AML/CFT agencies; improved compliance and enforcement; periodic reporting by national AML/CFT institutions”.
Banco de México is the central bank of Mexico. By constitutional mandate, it is autonomous in both its operations and management. Its main function is to provide domestic currency to the Mexican economy and its main priority is to ensure the stability of the domestic currency's purchasing power. Its other functions are to promote both the sound development of the financial system and the optimal functioning of the payment systems.
The Ministry of Finance and Public Credit (Secretaría de Hacienda y Crédito Público – SHCP) includes the financial intelligence unit. The main tasks of the financial intelligence unit consist of implementing and monitoring mechanisms for the prevention and detection of acts, omissions and operations that could encourage, assist or provide cooperation of any kind for the offences under Articles 139 or 148 Bis of the Federal Penal Code, or that could fit the circumstances described in Article 400 Bis of the Code relating to ML/TF.
The SHCP website has, at the time of writing, a banner across the top saying “This section has initiated a process of renovation, so the information in some sections is subject to periodic changes”.
The National Banking and Securities Commission (CNBV, Comisión Nacional Bancaria y de Valores) is the operational supervisor for banking institutions. Its role is to safeguard the stability of the Mexican financial system and foster its efficiency and inclusive development for the benefit of society.
SIEDO (Spanish acronym for Subprocuraduría de Investigación Especializada en Delincuencia Organizada) has primary responsibility for criminal money-laundering and terrorism-financing enforcement. The Specialised Unit for the Investigation of Operations with Resources of Illicit Origin and Forgery or Alteration of Currency (Special AML Unit) sits within the SIEDO. The Organised Crime Special Investigations, Deputy Attorney Office is also housed within SIEDO and is responsible for all federal crime prosecution, including money laundering.
Money laundering is committed by anyone who, by themselves or through another person:
The SHCP describes money laundering as “a process to conceal or disguise the existence, origin or the use of funds generated by illegal activities to effect their integration into the economy with the appearance of legitimacy”.
The penalty for money laundering is five to 15 years' imprisonment and one thousand to 5,000 days of fines.
Members of a criminal gang can be punished by virtue of the fact that they have organised themselves with the intention to commit an offence. Subject to appropriate penalties for the offence or offences committed, the members of a criminal gang can be liable to the following penalties:
In cases of drug crime:
These penalties shall be increased by up to one half, where:
The FIU indicated that it has adopted a risk-management approach to its activities that include a five-step process:
Furthermore, under the new legislation, financial institutions have various obligations:
If a financial institution has more than 25 members of staff, it is required to have a compliance committee, with a senior executive appointed as a Compliance Officer to lead the committee. If it has fewer than 25 members of staff, a single Compliance Officer can be appointed. The functions to be carried out by the committee or the Compliance Officer are:
Mexico has gradually applied a risk-based approach to its due diligence processes. It monitors all transactions, and reports suspicious transactions to the local financial intelligence unit, including transactions of US$ 10,000 and over. The AML/CFT regulations only require customer identification and related AML/CFT requirements when transactions are equal to or in excess of US$ 3,000.
For physical persons who are Mexican nationals, the following information should be collected:
An original personal identification document issued by an official body with a photograph and signature and, if relevant, the address should be used to verify identity. A number of alternative official documents can be presented, but it is considered by the industry that voter registration cards (which most citizens have) and passports are the most reliable.
Proof of address is required when the address given for opening the account is not the same as in the identification document, or when the identification document does not show the address. To this effect, the customer may present supporting documentation such as recent utility bills or statements. The CNBV may approve other documents for this purpose.
For non-Mexican nationals, the following should be used:
To complete CDD for a Mexican company, an entity should use:
Furthermore, the presentation and copying of the following should occur:
For recently formed entities not yet registered in the Public Commerce Register, the financial institution shall request a legally signed document declaring that the registration will be done and undertaken to provide the necessary documentation at that time.
To complete CDD for a non-Mexican company, an entity should use a legal or apostil copy of its constitution and a certified document of identity of its legal representative. When the latter is a foreigner, the documents in the previous bullet should be presented.
This applies to low-risk institutions, including holding companies of financial groups, investment companies, investment companies specialised in pension funds, investment management companies and investment stock-distributing companies. The following should be used to complete simplified CDD:
Financial institutions have been provided with the criteria which should be integral to their Know Your Customer policies. Transactional monitoring should encompass all the considerations that institutions make in investigating those customers that they deem as being potentially involved in money laundering, or at the very least involved in a suspicious pattern of transactions.
Article 24 applies to credit institutions:
This set of criteria assumes an inherent level of sophistication within the daily procedural workings of institutions. However, much concern has been raised concerning Mexico's application of regulations. The effectiveness of the law rests directly on application across the entire banking sector.
Financial institutions are required to update customer information, including the monitoring of transaction profiles, on the basis of ML and FT risks. Some of the key provisions are described below:
Financial institutions are required to have training and employee dissemination programmes that must include, at a minimum, courses given at least once per year, which must be specially focussed on officers and employees who work in the areas of customer service or funds management. These courses must cover, inter alia, customer identification and Know Your Customer policies, occasional customer identification policies and criteria, measures and procedures developed by the institution for the compliance with these provisions. Financial institutions are also required to inform staff about techniques, methods and trends for the prevention, detection and reporting of unusual and suspicious transactions.
Institutions must issue participation certificates to the officers and employees that attend training courses. These participants will be tested on the knowledge acquired, and measures will be taken with respect to those that fail to achieve satisfactory results. Officers and employees that will work in customer service or funds management areas must receive related training before assuming the position or upon beginning work.
In practice, many financial institutions have ongoing training programmes for their staff, including e-learning on AML/CFT. On average, employees get between three and ten hours of training every year.
Financial institutions are required by the new law to keep records for at least ten years on identification of their clients, transactions undertaken and services provided.
The following reports are required.
In 2011, the FIU described an unusual transaction as transactions, activity, conduct or behaviour of customers which is inconsistent with:
This should be based on:
It also covers any other actual or intended transaction, activity, conduct or behaviour of a customer in which, for any reason, the institution believes that the funds involved could fall under any of the money-laundering offences.
In addition to this, the 2013 legislation specifies various “vulnerable transactions”, for which there are enhanced reporting measures. For financial institutions, these include the following:
Reports must include the following information: (i) general ID data on the person engaging in the vulnerable activity; (ii) general ID data on the client, users or controlling beneficiary and (iii) a description of the vulnerable activity being reported.
Transactions carried out with cash or traveller's cheques for an amount equal to or greater than the equivalent in Mexican pesos of ten thousand US dollars must be reported. Currency Exchange and Money Transfer Offices must report transactions for amounts equal to or greater than the equivalent in Mexican pesos of five thousand US dollars.
Any transactions, activity, conduct or behaviour of any of the directors, officers, employees or agents of the institution in question that, by their nature, could contravene, violate or evade the application of the provisions of the AML law, or are questionable in any other way, should be reported.
Any unusual transaction which raises a suspicion that the resources could be used for terrorist financing and/or money laundering should be reported.
For money laundering, the penalties range from a fine equal to 200 to 100,000 times the daily minimum Mexican salary, or from 10% to 100% of the value of the act or transaction. Additionally, there are fixed penalties ranging from 100,000 to 500,000 pesos, as well as between six months' and 16 years' imprisonment.
In the case of a breach of the obligations under the 2013 Act, different types of penalties ranging from administrative fines to imprisonment (from two to eight years, when committing crimes involving the presentation of false, altered or illegible information) are established.
A fine equivalent to between 200 and 2,000 days at the general minimum wage (GMW) will apply in the following cases:
A penalty from 10,000 to 65,000 days at GMW, or 10% of the value of the transaction, will be imposed for the lack of presentation of notices or for carrying out prohibited cash transactions.
In July 2012, Mexican regulators imposed the biggest fine in their history on HSBC's Mexican subsidiary, for failing to comply with AML regulations. In the same week, the chief Compliance Officer of HSBC resigned following allegations of money laundering involving the proceeds of drug trafficking in Mexico being allowed to pass through the bank. The £17.7 million fine was over half of the annual profit of the Mexican subsidiary, which said it acknowledged that it had failed to report 39 suspicious transactions and was late in reporting almost 2,000 others. The severity of this fine highlights Mexico's commitment to distancing itself from its associations with drug money, and that the country is keen to end the cycles of corruption and criminal activity carried out by gangs within the territory.
In the past decade, politics in Mexico has become entangled with money laundering and criminal organisations. A governor in Mexico throughout the nineties was arrested in 2001 and subsequently pleaded guilty to money laundering. During his time in office, areas which he governed were used as a half-way point for flights bringing cocaine from Colombia to the US–Mexico border. It is believed that the funds relating to the governor's conviction were related to the drug trafficking which blighted Mexico throughout the decade, and continues even to this day.
The financial sector is dominated by private banking and fund management, although these are primarily with overseas European customers. Monaco's banking and financial system is linked to that of France, although the authorities within Monaco are responsible for enforcement. No particular trends in money laundering in the Principality were identified by the IMF in 2008, and it is believed that, like any major financial centre, Monaco has to deal with very sophisticated forms of money laundering that are mainly concerned with the second and third stages of the process: layering and integration.
The money-laundering offence is found in Monaco's Penal Code. Act 1362 of 3rd August, 2009 on the fight against money laundering, terrorist financing and corruption and Sovereign Order 2318 of 3rd August, 2009, setting the conditions for application of the Act, provide the AML framework.
On 3rd August, 2009, the Parliament in Monaco enacted a new law – Law No. 1362 on Money Laundering, Financing of Terrorism and Corruption. This was amended in 2011.
Sovereign Order 2318 of 3rd August, 2009 sets the conditions for application of Act 1362 of 3rd August, 2009 on the fight against money laundering, terrorist financing and corruption. This was amended by Sovereign Order 3.450 of 15th September, 2011. This Order also repealed various previous Sovereign Orders from 1994 to 2004.
The IMF reported in 2008 on Monaco's compliance with the FATF regulations. It noted that, although the AML framework was satisfactory, it was not detailed or supported by adequate secondary legislation. However, this report was made before the introduction of the 2009 legislative changes, which highlight Monaco's commitment to maintaining international standards.
The report also noted that supervision of the financial institutions, in particular on-site supervision, needs to be significantly strengthened, as does the number of staff assigned for this purpose, as AML/CFT supervision is weak. On the whole, it considered the Monaco framework to be satisfactory but in need of expansion – which is what happened following the report.
The Service d'Information et de Contrôle sur les Circuits Financiers (SICCFIN) is the national central authority responsible for collecting, analysing and disseminating information related to the fight against money laundering, terrorist financing and corruption. It may propose any legal or regulatory development that it considers necessary in this regard, and it is also responsible for receiving, analysing and processing AML reports.
The Association Monégasque des Activités Financières (AMAF) was founded by Sovereign Order more than 50 years ago. Its mission is to:
With nearly one hundred members, including banks, portfolio and mutual fund-management companies, AMAF federates all of the market's financial institutions.
Money laundering is committed by:
The intentional element of an offence may be deduced from objective factual circumstances.
Monaco law recognises as aggravating circumstances – and accordingly punishes with a heavier sentence – offenders who:
Money laundering shall be punished by imprisonment for five to ten years and a fine of EUR 18,000 to 90,000, the maximum of which may be increased tenfold. If there are aggravating circumstances, as outlined above, the penalty shall be ten to 20 years' imprisonment and a fine of EUR 18,000 to 90,000, the maximum of which may be increased twentyfold.
Attempting any of these offences will incur the same penalties as completing the offence, and it will be the same if there is an agreement or conspiracy to commit them.
The court shall order the confiscation of assets and funds of illicit origin or of goods and capital whose value matches that of the assets and funds of illicit origin. It may also order the confiscation of property or personal property acquired using these funds. The assets and funds of illicit origin can also be confiscated when they are held by a third party who knew, or should have known, of their illicit origin.
Organisations and persons carrying out financial activities are not subject to the provisions if the activities:
Professionals shall decide on and implement a policy and procedures prior to initiating any business relations. These procedures must be suited to the activities that they carry out and allow them to be fully involved in the prevention of the risk of money laundering, terrorist financing and corruption. They should enable entities to become familiar with the characteristics of new clients, and to adequately examine their background, relationships and the transactions they carry out.
This policy and these procedures shall establish distinctions and requirements at different levels on the basis of objective criteria set by each professional, taking into account, in particular, the characteristics of the services and products that they offer and those of the clients targeted, so as to define an appropriate scale of risks.
In Monaco, the MLRO must:
Regulated entities must, when forming business relations, identify their usual clients as well as their agents and check the identities of each of them using substantiating documents of which they shall keep a copy. Said organisations or persons shall do the same for occasional clients, when:
Business relations are entered into when:
Entities are also required to conduct CDD if they believe the information given is misleading.
With a view to identifying the intended purpose and nature of the business relations, professionals are to familiarise themselves with, and record, the types of operation that the client requests, as well as any information which is relevant to determine the purpose of these relations. This information, including, in particular, details on the origin of clients' assets and their business background must be supported with documents, data or reliable sources of information.
For natural persons, the surname, first name and address should be identified. They should then be verified in their presence using a valid official document bearing their photograph.
If the client's address is not mentioned on the substantiating documents presented, or in the event of doubt regarding the address mentioned, the professional is required to check this information using another document that is likely to prove their real address and of which a copy shall be retained.
For legal persons, legal entities and trusts, identification and verification concerns:
When identifying clients that are legal persons, the verification of their identity must be carried out using the following documents:
Measures should include the identification of the natural person or persons who, ultimately, own or control the client entity. If the professional considers it necessary, they should request a translation of these documents into French.
If the client is a legal person, the following shall be meant by beneficial owners:
Professionals must take all reasonable steps to ascertain the identity of beneficial owners. The identification of beneficial owners shall include the following identifying items.
For natural persons:
For legal persons, legal entities and trusts:
If the identity of the persons described cannot be checked, professionals may neither enter into nor maintain business relations with the client concerned. They shall then determine whether the Service d'Information et de Contrôle sur les Circuits Financiers should be informed.
The acceptance of clients who are likely to present particular levels of risk shall be subject to enhanced CDD. A decision to instigate this must be taken at an appropriate management level. Particular clients who should be subjected to enhanced CDD include those:
Professionals entering into business relations or carrying out occasional operations for a client who is a natural person that they have identified remotely, are to implement procedures which:
If politically exposed persons wish to enter into business relations with professionals or contact them to perform occasional operations, the acceptance of these clients shall be subject to particular examination and must be decided at an appropriately senior level of management. Said acceptance requires the taking of all appropriate measures in order to establish the origin of their assets as well as that of funds which are, or will be, employed in the business relations or in the occasional operation contemplated.
Persons who hold, or during the last three years have held, prominent public functions in a foreign country shall be considered as politically exposed, whether they are clients, beneficial owners or proxies. The client acceptance policy must specify the criteria and methods to be used to determine whether they are politically exposed persons.
Professionals who maintain business relations with politically exposed persons are required to monitor them closely on an ongoing basis. Due diligence measures shall also apply if it later transpires that an existing client is, or becomes, a politically exposed person.
Anonymous accounts are prohibited. The use of numbered accounts or contractually designated accounts is only permitted in internal communications and operations, as long as:
Institutions must only authorise correspondent banking relations if:
The organisations must exercise constant due diligence with regard to business relations:
The persons shall also adopt a monitoring system which allows atypical operations to be detected. The monitoring system must:
When the organisations cannot fulfil these obligations, they may neither form nor maintain business relations. They shall consider whether SICCFIN should be informed.
The obligation to train and to raise awareness with regard to the prevention of money laundering, terrorist financing and corruption concerns members of the firm's personnel whose duties:
Training, awareness-raising and the provision of regular information to personnel have the particular aim of ensuring that they:
Regulated entities are required to:
SICCFIN may request an extension to periods for storage of information where the information relates to an investigation in progress.
All information and documents concerning bureau de change operations whose total amount reaches or exceeds EUR 1,500 must be entered in a register. This information includes the client's identity, the nature of the operation, the currency or currencies involved, the amount changed and the rate applied.
All natural persons entering or leaving the territory of the Principality in possession of cash or bearer instruments whose total amount is more than EUR 10,000 must, on request from the monitoring authority, make a declaration using the form established for this purpose.
Regulated entities are required to declare to SICCFIN all sums held in their accounts and all operations which there is sufficient reason to suspect might be related to money laundering, terrorist financing or corruption. This declaration must be submitted in writing before the operation is carried out, and must give details of the facts which constitute the evidence upon which the said organisations or persons have based the declaration. It shall indicate, if applicable, the time within which the operation is to be carried out. If circumstances so require, the declaration may be made in advance by fax or appropriate electronic means.
Professionals are to implement appropriate procedures in order to carry out the analysis as soon as possible. This should be coordinated by the person responsible for the prevention of money laundering and terrorist financing, to determine whether these operations or facts should be reported to SICCFIN. The written report, its analysis and, if applicable, the declaration of suspicion to which this analysis has led are to be kept and held at the disposal of SICCFIN.
Entities which breach the AML requirements can be subject to professional and criminal penalties.
Anyone who breaches these provisions is liable to a warning by SICCFIN. In a case of serious infringement of these obligations, SICCFIN may submit the case to the Minister of State in order to have one of the following penalties ordered against the party in breach:
The fact that any of the above penalties, with the exception of the warning, has been administered may be published in the Journal de Monaco.
Any person who obstructs or attempts to obstruct a SICCFIN investigation shall be punished by imprisonment for one to six months and/or by a fine of EUR 250 to 9,000.
Any person who, through disregard of their CDD obligations, fails to report a suspicion of money laundering shall be punished by a fine of EUR 9,000 to 18,000.
Any person who contravenes the record-keeping requirements shall be punished by a fine of EUR 250 to 9,000.
Directors or employees of financial organisations shall be punished by a fine of EUR 18,000 to 90,000 if they have:
Any person who, in disregard of his professional duties, assists in any transfer, investment, concealment or conversion of criminal proceeds shall be punished by imprisonment of one to five years and/or a fine of EUR 18,000 to 90,000, the maximum of which can be increased tenfold.
A lawyer based in Monaco was convicted of money laundering in July 2009, in connection with the takeover of Derby County Football Club. The lawyer received over £80,000 from one of the directors involved with the takeover, which represented a share of the commission due to the director. The lawyer then transferred it through one of his own companies, registered in the Isle of Man, back to the director. The use of various companies, registered in tax havens, was made to conceal the true path of the funds, making them look legitimate. Two other men were convicted of financial crimes during this takeover, making a total of four complicit in this money-laundering network.
Financial institutions should be aware that criminals don't work alone, particularly when funds are being transferred through a variety of accounts and countries. Furthermore, despite the fact that lawyers are bound by a strict code of conduct and are often entrusted with sensitive information, a lawyer was instrumental in laundering the money involved in this case. Therefore, financial institutions should not be overly trusting of anybody based on their profession, as corruption can spread to even seemingly unlikely places.
The economy of Morocco, which is considered a free economy, is based on the sector of phosphate mines, the transactions of Moroccans who live abroad and tourism. Casablanca is considered the centre of trade and industry in Morocco, and it also includes the largest port. Morocco is considered the biggest African market in the fishing industry, and it is the biggest silver market in Africa. It ranks second internationally in exporting phosphate.
Morocco is a member of a large number of significant international and regional organisations, such as the United Nations (1956), the League of Arab States (1958) and the Group of 77 (1964). Morocco is also a founding member of the Organisation of the Islamic Conference (1969), the Arab Maghreb Union (1989), the World Trade Organisation (1995), the Mediterranean Dialogue (1995) and MENAFATF (30th November, 2004). In the framework of anti-corruption and anti-bribery efforts, Morocco has initiated a number of measures at the legislative and judicial levels to contain the problem. This initiative has come from reformist workshops whose main purpose is the eradication of corruption through a strategy that mainly aims to punish bribers and not to hesitate in activating judicial follow-ups for those involved.
Article 574 of the Criminal Code provides the money-laundering offence. The AML regulations are contained in Law No. 13.10, as well as the Moroccan Commercial Code.
Law No. 13.10, published in the Official Gazette on 24th January, 2011, amended and supplemented certain provisions of the Penal Code, the Criminal Procedure Code and Law No. 43.05 on the fight against money laundering.
Previous FATF assessments had found that the anti-money-laundering (AML) system in Morocco was still in its comparative infancy, with the combating culture absent in financial institutions and designated non-financial businesses and professions (DNFBPs) as this concept is still recent and no direct expertise is present in this regard. However, credit institutions do have a type of culture of prudence, vigilance and caution to protect the banking system from any illicit use.
However, in October 2013 the FATF removed Morocco from its enhanced monitoring process, commending the country for establishing the legal and regulatory framework to meet its commitments in its Action Plan regarding the strategic deficiencies that the FATF had identified in February 2010.
“L'Unité de traitement du renseignement financier”, or UTRF, is the financial intelligence unit of Morocco. Its statutory functions are:
The unit prepares an annual report of its activities and submits it to the Prime Minister. This report is published by the unit, and details all of its activities, including the records processed or transmitted to the judicial authorities, and an outline of its money-laundering operations.
The following acts constitute money laundering, when committed intentionally and knowingly:
The relevant offences are:
There is also a series of penalties in Morocco contained within the data protection regulations, which readers will need to be aware of. Indeed, data integrity is taken extremely seriously in Morocco, in particular in relation to personal data.
Money laundering is punishable:
Prison sentences and fines are doubled in the following circumstances:
In cases where a conviction is made for an offence of money laundering, the penalty includes the total confiscation of things, objects and property used, or that might have been used, in the conduct of the offence or that are the product of the offence, or the equivalent of such things, goods or products, subject to the rights of bona fide third parties.
Those guilty of money laundering also incur one or more of the following additional penalties:
The author of the offence of money laundering may also be sentenced to temporary or permanent disqualification to exercise, directly or indirectly, one or more professions or activities during the year in which the offence was committed.
The following financial institutions are obliged to comply with the AML framework:
Financial institutions are obliged to:
The regulations do not provide specifically for an MLRO. However, they do provide that financial institutions must provide the UTRF with the identity of directors and officers authorised to carry out suspicious transaction reports and to liaise with the said unit, and a description of the internal vigilance they implement in order to ensure compliance with the provisions of this chapter. This is not dissimilar to the role of an MLRO.
Financial institutions are required to collect all the information to identify and verify the identity of their usual or occasional customers and beneficial owners. They must not perform operations where the identity of the persons concerned could not be verified or if said identity is incomplete or obviously fictitious.
In addition to this, financial institutions are obliged to:
With regard to individuals, financial institutions must ascertain the home address and identity of the applicant, using the particulars given on a national identity card, a registration card for resident aliens or a passport or other identity document for foreign non-residents.
When the client is a corporation, institutions should check, by referring to relevant documents, the following information:
With regard to all legal persons, the following information should be obtained and verified:
The characteristics and references of documents submitted to achieve this data confirmation should be recorded by the establishment.
Beneficial ownership must be ascertained, and is defined as any person on whose behalf the client is acting or, when the customer is a legal person, any person who controls said legal person.
Financial institutions must:
Financial institutions must:
These should also apply to any transaction, without entering into the scope of the provisions relating to the declaration of suspicion, that appears unusual or unusually complex and appears to have no economic justification or apparent lawful purpose.
Enhanced due diligence should also be applied where a person is subject to particular scrutiny.
In all such cases, there is the obligation for the customer to confirm the origin and destination of funds as well as the beneficiaries. The characteristics of the transaction should also be recorded and stored.
In addition, there is an obligation for the persons responsible to:
Financial institutions must refrain from opening anonymous accounts or accounts in fictitious names.
Financial institutions must refrain from establishing or maintaining correspondent banking relationships with shell banks, and all financial institutions should ensure that their correspondents abroad are subject to the same obligation.
Financial institutions are obliged to:
Without prejudice to enacting more stringent requirements, every entity should retain documents relating to transactions conducted by their clients for ten years from the date of their execution. They should also maintain records for ten years on the identity of their usual or occasional customers from the date of the transaction or the termination of their relationship with them, as well as outsourcers referred to in Article 5 above and beneficial owners.
Financial institutions must establish and maintain effective internal vigilance, detection, monitoring and management of the risks associated with money laundering.
Financial institutions are required to make a suspicious transaction report to the unit on:
Obligated persons must provide to the unit the identity of directors and officers authorised to carry out suspicious transaction reports and to liaise with the said unit, and a description of the internal vigilance they implement in order to ensure compliance with the provisions of this chapter.
Any declaration of suspicion must be made in writing. However, in an emergency, it may be made orally, subject to confirmation in writing. The FIU will acknowledge receipt of the written declaration of suspicion.
When reporting suspicion regarding a transaction that has not yet been executed, the report must indicate the period of execution of this operation, which cannot exceed two working days from the date of receipt by the unit of such declaration.
Reporting suspicions also covers operations that have already been executed when it was impossible to suspend their execution. Likewise, when it appeared, after the completion of the transaction, that the amounts in question came from money laundering.
The UTRF may oppose the execution of any transaction that is the subject of a suspicious transaction report. The execution of this transaction is deferred for a period not exceeding two working days from the date of receipt by the unit of such declaration.
For failure to comply with these obligations, institutions may be sentenced to a fine ranging from 100,000 to 500,000 dirhams.
There was only one conviction for money laundering in Morocco between November 2010 and October 2011, while five prosecutions in the same time period failed to result in a conviction.
Nigeria has been widely criticised by the FATF for its poor AML framework. The latest legislation has not yet been assessed by the FATF, so it will be noted with interest whether the organisation feels that the new law matches the political commitments made by Nigeria.
The Money Laundering (Prohibition) Act 2011 provides the money-laundering offences and the AML framework. The Terrorism Prevention Act 2011 outlines the CFT requirements.
The Money Laundering (Prohibition) Act 2004 was repealed by the 2011 Act.
In February 2011, the Financial Action Task Force (FATF) expressed dissatisfaction on Nigeria's handling of its anti-money-laundering (AML) policies. It had previously delisted Nigeria from the list of non-cooperative countries in 2006.
It therefore classified the country, among others, as a high risk to the world's financial system. The FATF judged that, although Nigeria had put in place a high-level political commitment to work with the FATF and to address its strategic anti-money-laundering and combating financing of terrorism deficiencies, it was still not satisfied that Nigeria had made sufficient progress in the implementation of its action plan, and that certain deficiencies remain.
In October 2013, the FATF reviewed Nigeria's progress, welcomed the significant progress made in improving its AML/CFT regime and noted that Nigeria has established the legal and regulatory framework to meet the commitments made in 2010. As a result, Nigeria is no longer subject to the FATF's enhanced monitoring process.
The CBN Act of 2007 of the Federal Republic of Nigeria charges the Bank with the overall control and administration of the monetary and financial sector policies of the federal government.
The objectives of the CBN are to:
The Economic and Financial Crimes Commission (EFCC) is responsible for combating financial and economic crimes. The Commission is empowered to prevent, investigate, prosecute and penalise economic and financial crimes and is charged with the responsibility of enforcing the provisions of other laws and regulations relating to economic and financial crimes.
The National Financial Intelligence Unit (NFIU) is comprised of various units to develop AML strategies and investigate potential crimes.
The Special Control Unit against Money Laundering (SCUML) has the mandate to monitor, supervise and regulate the activities of all designated non-financial institutions (DNFIs) in Nigeria in consonance with the country's anti-money-laundering and combating of the financing of terrorism (AML/CFT) regime. Its mission statement is “to serve as a structure for the curtailment of money laundering and terrorist financing in the DNFI sector, providing world class intelligence as regards AML/CFT issues to relevant stakeholders, and the sanitisation of the DNFI sector to create an enabling environment for the inflow of foreign direct investment”.
The money-laundering offence states that a person commits an offence if he/she:
The drug-trafficking offence is committed by any person who:
Any person who tips off the accused, destroys records, uses a false identity, makes or accepts a payment over N 1,000 or its equivalent or fails to report a transfer of funds commits an offence.
A person who:
commits an offence and is liable, on conviction, to the same punishment as is prescribed for that offence.
Where an offence under this Act has been committed by a body corporate, any individual member of the organisation involved, as well as the body corporate, shall be guilty of that offence and shall be liable to be proceeded against and punished accordingly.
No person or body corporate shall, except in a transaction through a financial institution, make or accept cash payment of a sum exceeding:
These figures were increased from those included in the 2004 regulations, which stated 500,000 and 2,000,000 respectively.
The penalty for money laundering is imprisonment for not less than five years or a fine equivalent to five times the value of the proceeds of the criminal conduct, or both.
Anyone convicted of drug trafficking is liable for imprisonment for a term not less than five years but not more than ten years. It is irrelevant if the various acts constituting the offence were committed in different countries or places.
Depending which aspect of the tipping-off offence is committed, individuals will be liable to imprisonment for a term of not less than two years but not more than three years or to a fine of N 500,000 and not more than N 3,000,000, increasable by up to 25% of the excess for accepting a payment over the amount prescribed above. They may also be banned indefinitely or for a period of five years from practising the profession which provided the opportunity for the offence to be committed.
A financial institution or corporate body will be liable to a fine of not less than N 3,000,000 or more than N 25,000,000, as well as, if the offence was a result of an oversight or procedural flaw, disciplinary action regarding its compliance with its professional and administrative regulations. It may also be wound up and all its assets and properties forfeited to the federal government.
A designated non-financial institution whose business involves cash transactions is required, before commencing business with a new customer, to submit to the Ministry a declaration of its activities. Furthermore, prior to undertaking any transaction involving a sum exceeding $1,000 or its equivalent, it is required to identify the customer by a standard data form and sight of his international passport, driving licence, national identity card or such document bearing his photograph as may be prescribed by the Federal Ministry of Commerce. Records must be kept in chronological order indicating each customer's surname, forenames and address in a register numbered and forwarded to the Federal Ministry of Commerce, and should be forwarded to the Commission by the Federal Ministry of Commerce within seven days.
“Designated non-financial institutions” include dealers in jewellery, cars and luxury goods, chartered accountants, audit firms, tax consultants, clearing and settlement companies, legal practitioners, hotels, casinos. supermarkets or such other businesses as the Federal Ministry of Commerce or appropriate regulatory authorities may, from time to time, designate.
The “Know Your Customer Directive”, which was circulated to all banks and financial institutions, explicitly refers to Money Laundering Reporting Officers. Banks and financial institutions are advised to have clear procedures on, and communicate to all personnel, how they can promptly report suspicious transactions to their Money Laundering Reporting Officers and/or to other competent authorities.
The CBN is currently considering introducing a three-tiered system, so that CDD requirements are different depending on the size of the transaction. However, as consultations were still ongoing at the time of writing, they will not be further included in this book.
There is a general due diligence requirement on all financial institutions, which are required to verify a customer's identity and address before opening an account for, issuing a passbook to, entering into a fiduciary transaction with, renting a safe deposit box or establishing any other business relationship with the customer. Further due diligence requirements are stated in the Know Your Customer (KYC) Directive, which provides additional guidance for different categories of customers.
A bank customer is required to comply with the CDD requirements for any number or manner of transactions involving a sum exceeding US$ 1,000 or its equivalent. However, where a financial institution has reasonable grounds to suspect that the amount involved in a transaction is the proceeds of a crime or an illegal act, it shall require identification of the customer regardless of the amount involved.
An individual is required to provide proof of his identity by representing to the financial institution a valid original copy of an official document bearing his name and photograph. He must also verify his address by presenting to the financial institution the originals of public utility receipts issued in the previous three months.
If a mortgage is taken out, the employer of the customer needs to be informed such that the amount due can be deducted directly from salary. While this was implemented to reduce losses from loan default, this also has the effect of combating financial crime.
A body corporate shall be required to provide proof of its identity by presenting its Certificate of Incorporation and other valid official documents attesting to the existence of the body corporate. The manager, employees or assignee delegated by a body corporate to open the account shall be required to produce the same documentation as an individual (as above), but also proof of attorney granted to him in that behalf. The KYC Directive advises that, before a business relationship is established, measures should be taken by way of company search at the Corporate Affairs Commission (CAC) and/or other commercial enquiries to check that the applicant company has not been, or is not in the process of being, dissolved, struck off, wound up or terminated.
Where the customer is a body corporate, the financial institution or designated non-financial institution shall take reasonable measures to understand the ownership and control structure of the customer, and determine the natural persons who truly own or control the customer.
If it appears that a customer may not be acting on his own account, the financial institution shall seek from the customer by all reasonable means, information as to the true identity of the principal.
Public Officers are defined as “individuals who are, or have been, entrusted with prominent public function, both within and outside Nigeria and those associated with them”. The 2011 Act states that where the customer is a Public Officer, the financial institution or designated non-financial institution shall, in addition to the standard requirements:
The Know Your Customer Directive 2001 required financial institutions to investigate the sources of funds before accepting a PEP as a customer. The decision to open such accounts should be taken by senior management.
Opening or maintaining any numbered or anonymous account is prohibited under the 2011 Act.
A transfer to or from a foreign country of funds or securities by a person or body corporate including a money service business of a sum exceeding US$ 10,000 or its equivalent, must be reported to the Central Bank of Nigeria and the Securities and Exchange Commission in writing within seven days from the date of the transaction. Transportation of cash or negotiable instruments in excess of US$ 10,000 or its equivalent by individuals in or out of the country must be declared to the Nigeria Customs Service.
The Commission reserves the power to demand and receive reports directly from financial and designated non-financial institutions at any time. In this respect, the duties imposed on such financial institutions such as identification procedures are ongoing. Furthermore, the Know Your Customer Directive states that banks and financial institutions must collect sufficient information on the nature of the business that the customer intends to undertake, including the expected or predictable pattern of transactions.
Every financial institution must develop programmes to combat the laundering of the proceeds of a crime or other illegal acts, which will include:
A financial institution or designated non-financial institution must preserve and keep, at the disposal of the authorities (the Central Bank of Nigeria, the Commission and the National Drug Law Enforcement Agency), the following:
The director of investigation or an officer of the Commission or Agency duly authorised may demand, obtain and inspect the books and records of financial institutions to confirm compliance with the provisions of the Act.
The Know Your Customer Directive advises banks and financial institutions to maintain records of the supporting evidence and methods used to verify identity for ten years after the account is closed or the business relationship ends.
A financial institution or designated non-financial institution must, within seven days of a suspicious transaction, draw up a written report containing all relevant information concerning the transaction including due diligence; take appropriate action to prevent the laundering of the proceeds of a crime or an illegal act; and send a copy of the report to the Commission. This process must occur whether or not the transaction is actually completed.
The Commission will acknowledge receipt of any disclosure, report or information received under this section and may demand such additional information as it may deem necessary. The acknowledgement of receipt will be sent to the financial institution or designated non-financial institution within the time allowed for transactions to be undertaken and it may be accompanied by a notice deferring the transaction for a period not exceeding 72 hours. If the acknowledgement of receipt is not accompanied by a stop notice, or the order to block the transaction is not received in time, the financial institution or non-financial institution may carry out the transaction.
If it is not possible to ascertain the origin of the funds within the period of stoppage for the transaction, the Federal High Court may, at the request of the Commission or other persons duly authorised, order that the funds, accounts or securities referred to in the report be blocked. Financial institutions and non-financial institutions which fail to carry out the above reporting obligations will be found guilty of an offence and fined up to N 1,000,000 each day the failure to report continues. The Governor of the Central Bank of Nigeria shall impose a penalty of not less than N 1,000,000 for failure to comply with reporting and investigating obligations.
The Commissioner or Agency, Central Bank of Nigeria or other regulatory authorities pursuant to an order of the Federal High Court obtained on an ex parte application supported by a sworn declaration made by the Chairman or an authorised officer of the Commission or Agency, Central Bank of Nigeria or other regulatory authorities, may, in order to identify and locate proceeds, properties, objects or other things related to the commission of an offence under the Act, have the following investigating powers:
The National Drug Law Enforcement Agency may also have the above investigating powers where a case relates to identifying or locating properties, objects or proceeds from narcotic drugs or psychotropic substances. When exercising such powers, the Agency must promptly make a report to the Commission.
Bank secrecy or preservation of customer confidentiality cannot be used as grounds for objection to the above investigating powers.
When a transaction:
that transaction shall be deemed to be suspicious and the financial institution involved in such transaction shall seek information from the customer as to the origin and destination of the funds, the aim of the transaction and the identity of the beneficiary.
A person, including a bank employee, wilfully violating the MLPA or the AML/CFT Regulation is subject to a financial sanction not exceeding N 2,000,000, which must be published in its financial statements, and potentially imprisonment too.
The penalties for opening an anonymous account are, in the case of an individual, a term of imprisonment of not less than two years but not more than five years; or, in the case of a financial institution or corporate body, a fine of not less than N 10,000,000 but not more than N 50,000,000.
For failing to implement adequate training procedures, the Governor of the Central Bank of Nigeria may impose a penalty of not less than N 1,000,000 or the suspension of any licence issued to a financial institution.
A person who wilfully obstructs the Commission or Agency during an investigation is liable, on conviction, to a term of between two and three years' imprisonment for an individual, and in the case of a financial institution or body corporate, a fine of N 1,000,000.
A former governor of a Nigerian region was sentenced to 13 years in prison for money laundering. Nigeria has a reputation for being associated with corruption, so, although it is promising that a former governor was convicted and sentenced, it does little to mitigate this reputation. Peculiarly, the governor's defence during his trial was not that he did not launder the money, but that his crimes were mitigated by his successes as a governor, which it was argued included the construction of three Olympic and FIFA-registered stadia, an 18-hole golf course and a shooting range.
His defence counsel also called a former Wimbledon footballer as a character witness, further highlighting the bizarre nature of this case. Worryingly, although the correct verdict was reached, the conduct of this trial does suggest that amongst those in power in Nigeria, there may be a culture that corruption is acceptable, and this reputation is one which Nigeria may still find difficult to shake off in the coming years although much is being done to improve matters.
In another case, a foreign exchange dealer was sentenced to one year in prison for laundering N 300,000,000, or approximately £1,200,000. He concealed the origin of the funds with numerous accomplices, including officials and customers at the bank. Three manager's cheques were drawn in favour of a number of customers, then liquidated and moved into different accounts using the passwords belonging to two of the bank staff. As well as the one-year jail sentence, the fraudster was ordered to forfeit the N 300,000,000.
The Polish authorities stated in the 2007 MONEYVAL report that the largest economic crimes within the country related to false fuel and scrap-metal dealing, resulting in lost customs and excise duties. Since new legislation has been introduced, though, the number of convictions for these crimes has increased.
Poland has been found to be deficient in regards to its AML regulation by various international bodies. However, in recent years it has introduced numerous measures to bring itself up to FATF standards.
The AML law is contained in the Penal Code and the Act on Counteracting Money Laundering and Terrorism Financing dated 16th November, 2000, with subsequent amendments. The latest version appeared in the Journal of Laws in 2010. The Regulation of the Minister of Finance, dated 21st September, 2001, with subsequent amendments, provides supplementary regulation.
The Act on Counteracting Money Laundering and Terrorism Financing of 16th November, 2000 has been amended several times. Provisions regarding electronic payment were introduced in 2002, and the scope of the Act was extended in 2003 and 2004. The Third EU Anti-Money Laundering Directive was introduced in Poland by the Act of 25th July, 2009 amending the AML Act by implementing the EU Directives 2005/60/CE and 2006/70/CE.
The 2007 MONEYVAL report noted a large number of aspects missing from the Polish AML regime, such as the requirement to submit an STR or to terminate a relationship when CDD cannot be completed (both of which have since been rectified). Poland was rated “largely compliant” or “compliant” in just 18 of the 49 recommendations. However, the 2010 progress report noted that, since the adoption of the MER and the First Progress Report, Poland has taken the following measures with a view to addressing the deficiencies identified:
Article 3 of the AML Act provides that the Minister Responsible for Financial Institutions shall be the supreme authority of financial information. The Minister of Finance, via the Ministry, controls the General Inspector of Financial Information.
The role of the General Inspectorate of Financial Information (GIFI) is to obtain, collect, process and analyse information in the manner prescribed in the AML Act and to take action to prevent money laundering and terrorist financing. Article 4 of the AML Act specifies further duties of the GIFI, including:
The GIFI is bound to report the execution of its duties to the Prime Minister of Poland on a yearly basis.
The AML Act lists the National Bank of Poland, the Polish Financial Supervision Authority and the Supreme Chamber of Control as “cooperating units”.
Money laundering is defined in the Act of 16th November, 2000 on Counteracting Money Laundering and Terrorism Financing as any deliberate action such as:
These definitions apply even if the activities leading to the attainment of such asset values were conducted in the territory of a country other than the Republic of Poland.
Furthermore, the Polish Penal Code Article 299 defines money laundering as:“Whoever receives, transfers or transports abroad, assists in its transfer of title or possession of legal tenders, securities or other foreign currency values, property rights or real or movable property obtained from the profits of offences committed by other persons … or takes other action which can prevent, or make significantly more difficult, determination of their criminal origin or place of deposition, detection or forfeiture.”
Terrorism financing is defined as an act referred to in Article 165a of the Penal Code, which contains the terrorism offences.
Where a person voluntarily discloses before a law-enforcement agency information about persons taking part in the perpetration of an offence or about the circumstances of an offence, if it prevented the perpetration of another offence, that person shall not be liable to the penalty for the offence specified in Section 1-4. If the perpetrator undertook efforts leading to the disclosure of this information and circumstances, the court may apply extraordinary mitigation of punishment.
The penalty for money laundering is deprivation of liberty for a term of between three months and five years. The punishment shall be imposed on anyone who, being an employee of a bank, financial or credit institution, unlawfully receives, in cash, significant amounts of money or foreign currency, transfers or converts them, receives them under other circumstances arousing justifiable suspicion as to their origin, or else provides services to conceal their unlawful origin or in securing them against seizure.
If money laundering is committed as a group, or the perpetrator gains considerable material benefit, the penalty of deprivation of liberty shall be for a term of between one and ten years.
The AML Act applies to “obligated institutions”, and lists 21 types of financial entity bound by the legislation.
Any obligated institutions shall introduce a written internal procedure on counteracting money laundering and terrorist financing. Such an internal procedure should contain, in particular:
Obligated institutions must designate persons responsible for fulfilling the requirements of the AML law. The MLRO should be a board member appointed by the management board.
When the obligated institution exercises its business activity individually, a person responsible is a person performing this activity.
CDD should be performed before entering into a contract with a client or prior to a transaction. It may be completed after having established an economic relationship only if it is necessary to ensure further business operations and where there is little risk of money laundering or terrorist financing, determined on the basis of relevant analysis performed.
Any obligated institution shall apply financial security measures for its clients. Their scope is determined on the basis of risk assessment for money laundering and terrorist financing, hereinafter referred to as “risk assessment”, resulting from the analysis, taking into account, in particular, the type of client, economic relationships, products and transactions. The risk assessment should consist of:
Financial security measures are applied, in particular:
In the event the obligated institution cannot perform these duties, it should cease business transactions and submit a report to the General Inspector.
For natural persons and their representatives, document(s) confirming the following aspects of the identity of the person should be examined:
For corporate entities:
CDD shall also apply to parties to a transaction who are not clients. This includes the determination and recording of their (or their company's) names or the first and last name and address.
In certain justifiable cases, it is possible to open an account without satisfying the CDD requirements. These include transactions with specified low-risk entities and also on electronic payment devices where the maximum amount stored in the device does not exceed the equivalent of EUR 150 or an aggregate of EUR 2,500 per calendar year. In the case of a device which can be recharged, provided that the redemption amount is at least the equivalent of EUR 1,000 per calendar year in question, simplified CDD may be carried out.
Any obligated institution shall apply, on the basis of risk analysis, increased security measures against a client in events which may involve a higher risk of money laundering or terrorist financing and particularly in the cases referred to below.
If the client is absent, the obligated institution shall apply at least one of the following measures in order to reduce the risk:
With regard to politically exposed persons, the obligated institution should:
The obligated institution may collect written statements on whether a client is a person holding a politically exposed position, for which it would be a criminal offence to give misleading answers.
Any obligated institution shall apply appropriate measures of financial security in order to prevent money laundering or terrorist financing, which may arise from products or transactions allowing the client to maintain anonymity.
In terms of cross-border relations with institutional correspondents from countries other than EU Member States and equivalent countries, any obligated institutions being a provider of financial services shall:
No obligated institution, which is a provider of financial services, shall establish and maintain cooperation within correspondent banking with a shell bank.
No obligated institution shall establish and maintain cooperation within correspondent banking with any obligated institution which is a provider of financial services concluding contracts on accounts with a shell bank.
Any obligated institution shall undertake ongoing analysis of transactions carried out. The results of such analyses should be documented in paper or electronic form.
Any obligated institution must ensure that employees who perform duties related to counteracting money laundering and terrorist financing participate in training programmes related to their duties.
The register of suspicious transactions shall be stored for a period of five years, calculating from the first day of the year following the year in which transactions were recorded. Any information on the transactions carried out by the obligated institution and documents related to such transactions shall be stored for a period of five years, calculating from the first day of the year following the year in which the last record associated with the transaction took place.
Information obtained as a result of the application of CDD measures should be stored for a period of five years from the first day of the year following the year in which the transaction was carried out with the client. Documents and other data retained by the entity with a reporting obligation shall be destroyed within one year after expiry of the retention period.
All of the results of investigations carried out in pursuance of the ongoing monitoring requirements shall be kept for a period of five years, calculating from the first day of the year following the year in which they were conducted.
At the written request of the General Inspector, any obligated institution shall immediately disclose any information about the transactions covered by the AML law. Such a disclosure consists, in particular, of the provision of information about the parties to the transaction, the content of documents, including the balances and turnover on the account, certified copies of theirs, or a disclosure of relevant documents, to provide insight for authorised employees of the relevant authority in order to produce notes or copies.
The information shall be forwarded electronically to the General Inspector free of charge and, if the General Inspector requests.
Any obligated institution must provide information on suspicious transactions to the General Inspector. Any report must include the following information:
Any obligated institution conducting a transaction for which the circumstances may suggest that it was related to money laundering or terrorist financing is required to register such a transaction, regardless of its value and character.
In the event that the obligated institution does not accept the disposition or order to conduct a transaction, the reporting obligation shall still apply if the institution is aware of, or with due diligence should be aware of, such a transaction in regard to the contract with its client.
If it conducts a transaction exceeding the equivalent of EUR 15,000, the institution is required to register the transaction. Furthermore, if numerous transactions appear to be linked and were divided into smaller transactions to avoid the registration requirement, they must still be reported. This obligation shall not apply to, for example:
Information on a transaction shall be forwarded to the General Inspector:
Article 9d item 1 of the AML Act sets forth the circumstances in which the registration obligation and financial security measures may be waived. These include:
Any obligated institution, with the exception of the National Bank of Poland, which:
shall be subject to pecuniary penalties. The penalty imposed shall be decided by the General Inspector, and shall not exceed 750,000 PLN. (Note that much of the legislation still refers to PLN or zloty, as opposed to euros. Our expectation is that when the Fourth Money Laundering Directive is implemented in Poland during 2016, these amounts will be changed to euros.) When determining the amount of such a pecuniary penalty, the General Inspector shall take into account the nature and the extent of violations, the previous operation of the obligated institution and its financial capacity.
Any person who acts on behalf of, or in the interest of, the obligated institution and, contrary to the provisions of the Act, fails to:
shall be subject to the punishment of imprisonment for up to three years.
Anyone who discloses the information collected in accordance with the AML law to any unauthorised persons, any account holder or any person to whom the transaction relates, or uses this information in any other unauthorised manner shall be subject to the same punishment. If this is done unintentionally, the perpetrator shall be subject to a fine.
Anyone who, acting on behalf of or in the interest of the obligated institution:
shall be subject to the punishment of imprisonment from three months to five years.
Anyone who commits any of the above offences and, as a result, causes substantial damage, shall be subject to the punishment of imprisonment from six months to eight years.
In the financial year 2010–11, the Polish authorities recovered zł.60 million in laundered money, bringing the total recovered to zł.215.6 million. However, this is only a fraction of the zł.1.33 billion that was suspected of being laundered in the same financial year by 387 companies, highlighting that the authorities still have a lot to do.
One of the latest innovations by money launderers in Poland is to put laundered money on a new variety of cash card that can be bought in stores. These cards are not registered to anyone, meaning they can be thrown away without leaving a trace. Criminals often use them to make transactions online.
Money launderers are also transferring money online through non-banking institutions, such as credit unions. This makes transactions difficult to detect because the value is usually under zł.200–300, there are many of them taking place and the recipient's location could be anywhere. This highlights the need for financial institutions to adapt to changing technological advances to maintain the upper hand in the fight against money laundering.
The Russian authorities are well aware of the money-laundering (ML) and terrorist-financing (TF) schemes used in Russia. Many ML schemes involve the misuse of (foreign) legal entities and financial institutions. Laundered money is often invested in real estate or security instruments, or used to buy luxury consumer goods. Russia has been a repeated victim of terrorism, and the authorities report the use of TF schemes involving the misuse of alternative remittance networks by foreign and North Caucasian terrorist groups.
A general impediment to the fight against ML/TF is the high level of corruption in the public and private sectors. There are no indications that the FIU is affected by corruption, but some law-enforcement bodies and private sector businesses are impacted by corruption in varying degrees. The current and previous Presidents of Russia have rightfully established eliminating corruption as a priority for the Russian government.
The Russian Criminal Code criminalises the money-laundering offence. This is supplemented by various regulations provided by the FIU, including Ordinance No. 30, dated 23rd June, 2004, on Approval of Regulations on the Federal Financial Monitoring Service, Ordinance No. 245, dated 17th April, 2002, on Approval of the Regulation for Submitting Information to the Federal Financial Monitoring Service by Organisations Performing Operations in Monetary Funds or Other Assets and Federal Law No. 115-FZ, of 7th August, 2001, on Combating Legalisation (Laundering) of Criminally Gained Income and Financing of Terrorism. The most recent legislation, enacted in June 2013, Federal Law of 28.06.2013 No. 134-FZ “On amendments to certain legislative acts of the Russian Federation on counteraction to illegal financial transactions” made various amendments to the AML framework.
Money laundering was first criminalised in Russia in 1997.
The most recent mutual evaluation found that Russia has, in a short time, implemented and enhanced its AML/CFT system and has done so in less time than many other countries. It was particularly complimentary towards the FIU, Rosfinmonitoring, for performing the traditional tasks of an FIU in full compliance with the FATF standards, as well as many other tasks, including serving as the central responsible agency for AML/CFT matters. Further, the FATF praised Russia for introducing the concept of beneficial ownership into its framework, and amending and strengthening its legislation to bring the country into line with FATF standards.
Rosfinmonitoring, The Federal Financial Monitoring Service, is a federal executive body carrying out functions on combating legalisation (laundering) of proceeds from crime and financing of terrorism, and coordinating activities of other federal executive bodies in this sphere.
Rosfinmonitoring became operational on 1st February, 2002 by order of Decree of the President of the Russian Federation No. 1263 “On the Authorised Agency for Combating Legalisation (Laundering) of Proceeds from Crime and Financing of Terrorism”, which was signed on 1st November, 2001.
The Federal Financial Monitoring Service is supervised by the Government of the Russian Federation in line with the Decree of the President of the Russian Federation No. 1274 “Issue on structure of the federal executive bodies”, dated 24th September, 2007.
Rosfinmonitoring is guided in its activities by the Constitution of the Russian Federation, federal constitutional laws, federal laws, acts of the President of the Russian Federation and of the Government of the Russian Federation, international agreements of the Russian Federation, normative legal acts of the Ministry of Finance of the Russian Federation and the Regulations on Rosfinmonitoring.
The Federal Financial Monitoring Service carries out its activities directly and through its territorial bodies in collaboration with other federal executive bodies, executive bodies of the constituent entities of the Russian Federation, local self-government bodies, public associations and other organisations.
The Central Bank of Russia was founded in 1990. In April 2005, the Russian government and Bank of Russia adopted the Banking Sector Development Strategy for the Period up to 2008, a document which set, as the main objective of banking sector development in the medium term (2005–2008), the enhancement of the banking sector's stability and efficiency.
The principal goals of banking sector development are as follows:
Banking sector reform will help implement Russia's medium-term social and economic development programmes, especially its objective to end the raw materials bias of the Russian economy by rapidly diversifying it and utilising its competitive advantages. In the current stage (2009–2015), the Russian government and Bank of Russia are attaching priority to effectively positioning the Russian banking sector on international financial markets.
The accomplishment of large-scale financial transactions and other deals in amounts of money or other property knowingly acquired by other persons in an illegal way (except the offences stipulated by Articles 193, 194, 198 and 199 of the present Code) for the purpose of bringing the appearance of legality to the possession, use and disposal of the said amounts of money or other property constitutes an offence.
Note: The “large-scale financial transactions and other deals in amounts of money or other property” in the present article means financial transactions and other deals in amounts of money or other property accomplished in an amount exceeding 2,000 times the minimum wage rate.
Self-money laundering is also criminalised in Russia by Article 174.1 of the Criminal Code. It is defined as the accomplishment of large-scale financial transactions and other deals in amounts of money or other property acquired by a person as the result of his/her having committed an offence (except for the offences stipulated by Articles 193, 194, 198 and 199 of the present Code) or the use of these amounts of money or other property for the pursuance of entrepreneurial or other economic activity.
The acquisition or sale of property, knowingly obtained in a criminal manner, also constitutes a criminal offence.
The primary money-laundering offence shall be punishable by a fine at a rate of 500 to 700 times the minimum wage rate or in the amount of the convict's wage or other income for a period of five to seven months or imprisonment for a term of up to four years with a fine at a rate of up to 100 times the minimum wage rate or in the amount of the convict's wage or other income for a term of up to one month or without such a fine.
The same actions committed:
shall be punishable by imprisonment for a term of four to eight years with the confiscation of property or without such a confiscation.
The offence, when committed by an organised group, shall be punishable by imprisonment for a term of seven to ten years with the confiscation of property or without such a confiscation.
Self-money laundering shall be punishable by a fine at a rate of 700 to 1,000 times the minimum wage rate or in the amount of the convict's wage or other income for a period of six to ten months or imprisonment for a term of up to five years with a fine at a rate of up to 100 times the minimum wage rate or in the amount of the convict's wage or other income for a term of up to one month or without such a fine.
Self-money laundering committed:
shall be punishable by imprisonment for a term of five to eight years with the confiscation of property or without such a confiscation.
Self-money laundering committed by an organised group shall be punishable by imprisonment for a term of 10 to 15 years with the confiscation of property or without such a confiscation.
Acquiring criminal property shall be punishable by a fine in the amount of 50 to 100 times the minimum wage rate, or in the amount of the wage or salary or any other income of the convicted person for a period of up to one month, or by compulsory works for a term of 180 to 240 hours, or by corrective labour for a term of one to two years, or by deprivation of liberty for a term of up to two years.
When the acquisition of criminal property is made:
it shall be punishable by restraint of liberty for a term of up to three years, or by arrest for a term of four to six years, or by deprivation of liberty for a term of up to five years with a fine in the amount of 50 times the minimum wage rate, or in the amount of the wage or salary, or any other income of the convicted person for a period of up to one month.
The acquisition of criminal property, when committed by an organised group or a person using his official position, shall be punishable by deprivation of liberty for a term of three to seven years with a fine in the amount of 100 times the minimum wage rate, or in the amount of the wage or salary, or any other income of the convicted person for a period of up to one month.
For the purposes of the AML framework, the following information shall relate to organisations performing operations with monetary funds or other assets:
The requirements for identification can differ depending on the degree (level) of risk posed by the client of operations with regard to the legalisation (laundering) of criminally gained income or the financing of terrorism.
Financial institutions are required to appoint an official to oversee compliance with the relevant AML regulations. For more on this, please see “Internal Requirements” below.
CDD does not need to be conducted on a natural person, and verification and identification of the beneficiary are not performed when organisations performing operations with funds or other assets carry out depositing operations for clients (natural persons) of the following payments if they do not exceed 30,000 roubles or an amount in foreign currency equivalent to 30,000 roubles:
It is perhaps surprising that orchid and other associations are listed in this way. The general point is that since they are cooperatives the normal rules do not need to apply.
When a natural person buys or sells, in cash, foreign currency for an amount not exceeding 15,000 roubles or not exceeding the amount in foreign currency equivalent to 15,000 roubles, identification of the client and/or identification and verification of the beneficiary are not performed except in cases where an officer of the organisation performing the operation with monetary funds or other assets suspects that this operation is being carried out with the aim of legalisation (laundering) of criminal proceeds or the financing of terrorism.
Credit organisations are authorised to refuse to conclude a contract for a bank account deposit with a natural or legal person in the following cases:
Regarding natural persons, the following must be ascertained:
Regarding legal persons, the following must be ascertained:
The pre-2013 legislation only obliged financial institutions to undertake measures that were reasonable and accessible in the specific circumstances for the identification of beneficiaries – people who benefit from a company. However, the 2013 law expands this to beneficial owners – anybody who owns or controls over 25% of the company. This is the first time the concept of a beneficial owner has appeared in Russian law.
Organisations performing transactions with monetary funds now must request information about ownership structure, including all individual owners. However, if these measures do not help to identify the beneficial owner(s), the authorities can declare that the company is owned by its sole executive body.
The following instances are subject to enhanced CDD:
It is prohibited for a financial institution to:
Financial institutions are required to regularly update the information on clients and beneficiaries.
As outlined in the section on internal requirements below, the internal procedures must include a system for the training of staff.
All relevant information must be documented in the following circumstances:
Documents containing information stated in this article, and the data necessary for identification of the person, shall be kept for not less than five years. The specified term is calculated from the date of the termination of relations with the client.
In order to prevent the legalisation (laundering) of criminally gained income and the financing of terrorism, organisations performing operations with monetary funds and other assets must develop rules of internal control and relevant programmes to ensure that these are complied with. They must appoint officials responsible for the observance of these rules and the realisation of these programmes, and take other relevant internal organisational measures.
The internal control rules of an organisation performing operations with monetary funds and other assets must include a procedure for recording the necessary information in documents, a procedure for the provision of confidentiality of information, qualification requirements in terms of the preparation and training of staff and criteria for revealing and identifying extraordinary deals where the account portrays specific features of the activity of this organisation.
In accordance with the rules of internal control, any organisation performing operations with monetary funds and other assets must document the information obtained as a result of the application of these rules and the realisation of the programme of internal control, and in doing so must preserve the confidential nature of such information.
Financial institutions are required to collate documents and submit to the FIU the following information on operations with monetary funds or other assets which are subject to obligatory control, not later than the working day following the date of undertaking the operation:
Information about operations in monetary funds or other assets subject to mandatory control shall be submitted by the organisation not later than on the business day following the day on which the relevant operation was undertaken.
Information about operations in monetary funds or other assets considered by internal control to be performed with the objective of money laundering or the financing of terrorism shall be submitted by the organisation not later than on the business day following the day of identification of the relevant operation.
The information specified above with regard to the present regulation shall be submitted to the Federal Financial Monitoring Service in electronic form via communication channels or on magnetic media.
If employees of an organisation performing operations with monetary funds and other assets have any suspicions resulting from the realisation of the internal control programmes, stated in Clause 2 of this article, that some operations are being performed for the purposes of legalisation (laundering) of criminally gained income and/or the financing of terrorism, this organisation, not later than the working day following the day on which such operations are detected, must forward to the authorised body information on these operations regardless of whether they refer to operations provided by Article 6 of this Federal law or not.
Infringement by organisations performing operations with monetary funds or other assets and acting with the authority of a licence may lead to the withdrawal (annulment) of the licence in accordance with the procedure provided by the legislation of the Russian Federation.
Persons guilty of infringement of this Federal law shall bear administrative, civil and criminal responsibility in accordance with the legislation of the Russian Federation. The 2013 legislation added the power to freeze assets.
A former oil tycoon, who was once Russia's richest man with $15 billion in personal wealth, was convicted of money laundering in 2005 and sentenced to a total of 14 years in prison. Along with his former partner, the tycoon was then charged again with laundering more than $20 billion and stealing over 200 million tons of oil in 2009, when he was already halfway through his first sentence. However, the conviction is currently being reviewed as part of the appeal process.
The tycoon was arrested for laundering funds through his company, as well as on tax-evasion charges. For a financial institution, despite the suspicion surrounding the background to this case, it highlights the need not to take companies at face value. The lesson from this is that even if a company has a good reputation, appropriate AML checks still clearly need to be carried out.
Law-enforcement agencies in Singapore keep to strict programmes of governance and protection for the country's economy. The Global Competitiveness Report, published by the World Economic Forum, rated Singapore the best for protecting businesses from criminals.
The key money-laundering legislation is the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act, Chapter 65A. The AML regulations in Singapore are issued by the Monetary Authority of Singapore (MAS) pursuant to Section 27B of the Monetary Authority of Singapore Act (Cap. 186). The regulations, MAS notice 626, were issued on 2nd July, 2007 and last revised on 2nd December, 2009. The AML Compliance Handbook, issued by the Commercial Affairs Department, provides supplementary AML information.
Singapore has criminalised the money-laundering offence in eight separate provisions of the Corruption, Drug Trafficking and Other Serious Crimes Act (CDSA), which was last updated in March 2012. Singapore's laws are largely consistent with the 2000 UN Convention against Transnational Organised Crime (the Palermo Convention). Furthermore, the Terrorism (Suppression of Financing) Act, Chapter 325 was enacted in 2002 and amended in 2003. This Act provides the legislative framework for the offence of terrorism financing and the confiscation of any property associated with the financing of terrorism.
The Mutual Assistance in Criminal Matters Act, Chapter 190A, enacted in April 2000, allows the Singapore government to provide and receive international mutual assistance with regards to money laundering and the financing of terrorism. The Act was amended in 2006.
The 2008 mutual evaluation of Singapore was particularly impressive, with the country scoring “compliant” or “largely compliant” with 43 of the 49 FATF Recommendations. The remaining six areas were addressed by the time of its 2011 follow-up report, although the FATF noticed that deficiencies remained regarding politically exposed persons, wire transfers, transparency and beneficial ownership of legal persons, statistics and guidance and feedback. Overall, the money-laundering offences were described as broad, the international cooperation regime as comprehensive and the Suspicious Transaction Reporting Office as generally well structured, staffed and funded.
The Commercial Affairs Department (CAD) is the principal white-collar crime investigation agency in Singapore. It investigates a wide spectrum of commercial and financial crimes and has its own investigative and intelligence resources in the Singapore Police Force. In addition to this, the CAD issues The AML Compliance Handbook.
The Financial Investigation Branch (FIB) is the branch of the CAD which investigates laundering offences under the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act (CDSA).
The Proceeds of Crime Unit (PCU), which is a branch of the CAD, identifies and seizes proceeds of crime, and manages such assets until they are dealt with under the CDSA. Enforcement agencies that come across a possible incidence of money laundering while investigating any offence may refer the case to the PCU for a joint investigation and subsequent prosecution.
The Suspicious Transaction Reporting Office (STRO) is Singapore's financial intelligence unit (FIU). It is the central agency in Singapore for receiving, analysing and disseminating reports of suspicious transactions, known as suspicious transaction reports (STRs). The STRO turns raw data contained in STRs into financial intelligence that could be used to detect money laundering, terrorism financing and other criminal offences. It also disseminates financial intelligence to relevant enforcement and regulatory agencies.
STRs have been very useful in combating crime. The CAD has successfully detected a wide variety of criminal activity, such as cheating, criminal breach of trust, forgery and securities trading malpractices, as well as money laundering and terrorism financing. STR information has, directly or indirectly, led to the seizure of $110 million of proceeds of crime since 2000.
The STRO conducts various outreach programmes to various industry sectors to raise anti-money-laundering and counter financing of terrorism (AML/CFT) awareness, as well as to encourage an increase in the quantity and quality of STRs.
At the international front, as Singapore's FIU, the STRO represents Singapore at international forums and regional bodies in global AML/CFT efforts. The STRO also maintains close working relationships with FIUs in other countries through the Egmont Group of FIUs.
This branch of the CAD investigates cross-border movements of cash valued at over SGD 30,000.
The Monetary Authority of Singapore (MAS) is governed by the MAS Act, which confers on the MAS powers to issue legal instruments for the regulation and supervision of financial institutions. In addition, the MAS also has frameworks and guidelines in place on topics which cut across various classes of financial institutions.
The key offences are as follows:
The money-laundering offence applies to both legal and natural persons, and proof of knowledge is derived from factual objective circumstances.
In July 2013, predicate offences were extended to include serious taxation offences and additional changes are anticipated in 2014.
It is a defence to prove:
Natural persons are subject to a SGD 500,000 fine or up to seven years' imprisonment. Legal persons are subject to a SGD 1,000,000 fine.
The bank should develop appropriate compliance management arrangements including, at least, the appointment of a management-level officer as the AML/CFT Compliance Officer. The bank must ensure that the AML/CFT Compliance Officer, as well as any other persons appointed to assist him, has timely access to all customer records and other relevant information which they require to discharge their functions.
The requirement is that the bank must identify each customer who applies to the bank to establish business relations. A bank is required to perform CDD measures when:
A bank should complete verification of the identity of the customer and beneficial owner:
However, a bank may establish business relations with a customer before completing the verification of the identity of the customer and beneficial owner if:
Where the bank establishes business relations before verification of the identity of the customer or beneficial owner, the bank should complete verification as soon as is reasonably practicable.
Where the bank is unable to complete CDD measures, it should terminate the business relationship and consider if the circumstances are suspicious enough to warrant the filing of a suspicious transaction report (STR).
The bank is required to obtain and record information on the customer, including, but not limited to, the following:
The requirement is that the bank must verify the identity of the customer using reliable, independent sources. The bank is then required to retain copies of all reference documents used to verify the identity of the customer.
Where the customer is a company, the bank is required, apart from identifying the customer, also to identify the directors of the company. Where the customer is a partnership or a limited liability partnership, the bank is also required to identify the partners.
Where the customer is any other body corporate or unincorporated vehicle, the bank is required also to identify the persons having executive authority in that body corporate or unincorporated vehicle.
A bank shall inquire if there exists any beneficial owner in relation to a corporate customer (unless a waiver applies – see below). Furthermore, the bank shall take reasonable measures to understand the ownership and control structure of the company. Where there is one or more beneficial owner in relation to a customer, the bank shall take reasonable measures to obtain information sufficient to identify and verify the identities of the beneficial owner(s).
The regulations permit a bank to perform simplified CDD measures it considers adequate to effectively identify and verify the identity of the customer, a natural person appointed to act on the customer's behalf and any beneficial owner if it is satisfied that the risks of money laundering and terrorist financing are low. However, if the jurisdiction of the client is one seen to have weak AML/CFT measures in place (as specified by regulatory authorities), or where the bank suspects that money laundering or terrorist financing is involved, then full due diligence will need to be conducted.
Where the bank performs simplified CDD measures in relation to a customer, it should document:
A bank is not required to inquire if there is a beneficial owner in relation to various specified low-risk entities, such as government departments. However, this does not apply if the bank suspects that the transaction is connected with money laundering or terrorist financing.
The bank is required to obtain from the customer, when processing the application to establish business relations, information as to the purpose and intended nature of business relations.
In such cases, the requirement is for the bank to put in place policies and procedures to address any specific risks associated with non-face-to-face business relationships or transactions. The intention is that CDD measures should be conducted that are as stringent as those that would be required to be performed if there were face-to-face contact.
When a bank in Singapore undertakes any transaction with a value exceeding SGD 20,000 for any customer who does not otherwise have business relations with the bank, it should:
Where a bank suspects that two or more transactions are, or may be, related, linked or the result of a deliberate restructuring of an otherwise single transaction into smaller transactions in order to evade the measures outlined above, the bank shall treat the transactions as a single transaction and aggregate their values.
Where any PEP is identified, the requirement is for the bank to perform enhanced CDD measures, including, but not limited to, the following:
A bank shall perform enhanced CDD measures for such other categories of customers, business relations or transactions as the bank may assess to present a higher risk for money laundering and terrorist financing.
No bank in Singapore is allowed to open or maintain anonymous accounts or accounts in fictitious names.
There is a general requirement that the bank must monitor, on an ongoing basis, its business relations with customers. To achieve this, the bank is required, during the course of business relations, to observe the conduct of the customer's account and scrutinise transactions undertaken to ensure that the transactions are consistent with the bank's knowledge of the customer, its business and risk profile and, where appropriate, the source of funds. It should pay special attention to all complex or unusually large transactions or unusual patterns of transactions that have no apparent or visible economic or lawful purpose. If any are identified, the bank should, to the extent possible, inquire into the background and purpose of the transactions and document its findings with a view to making this information available to the relevant competent authorities should the need arise. Of course, this needs to be done without tipping off the customer.
To keep materials up to date, the bank is required periodically to review the adequacy of customer identification information obtained in respect of customers and beneficial owners and ensure that the information is kept up to date, particularly for higher-risk categories of customer. This, of course, enables the bank to obtain improved and updated information based on the regulations without alerting the customer to any specific issue regarding their relationship with the bank.
The bank is required to take all appropriate steps to ensure that its staff (whether in Singapore or overseas) are regularly trained on:
The bank must have in place screening procedures to ensure high standards when hiring employees.
The requirement is that the bank must prepare, maintain and retain documentation on all its business relations and transactions with its customers such that:
The bank must, when setting its record-retention policies, comply with the following document-retention periods:
The bank may retain documents as originals or copies, in paper or electronic form or on microfilm, provided that they are admissible as evidence in a Singapore court of law.
Anyone moving SGD 30,000 or more into or out of Singapore must lodge a cash movement report (CMR). The names and identity of individuals who lodge reports are only disclosed if they have wilfully submitted false information.
The Suspicious Transaction Reporting Office (STRO) receives all suspicious transaction reports (STRs) from the relevant officer. The Singapore STRO is part of the Egmont Group. It is also a member of the Asia Pacific Group on money laundering (APG).
A bank is required to develop and implement internal policies, procedures and controls to help prevent money laundering and terrorist financing and communicate these to its employees. The policies, procedures and controls should include, amongst other things, CDD measures, record retention, the detection of unusual and/or suspicious transactions and the obligation to make suspicious transaction reports.
Where a person knows, or has reasonable grounds to suspect, that any property, in whole or in part, directly or indirectly, represents the proceeds of, was used in connection with or is intended to be used in connection with any act which may constitute drug trafficking or criminal conduct, as the case may be, and the information or matter on which the knowledge or suspicion is based came to his attention in the course of his trade, profession, business or employment, he shall disclose the knowledge or suspicion or the information or other matter on which that knowledge or suspicion is based to a Suspicious Transaction Reporting Officer as soon as is reasonably practicable after it comes to his attention.
Where the property referred to above is the subject of a transaction, the person referred to in that subsection shall make the disclosure referred to in that subsection regardless of whether the transaction was completed.
A bank shall implement appropriate internal policies, procedures and controls for meeting its obligations under the law, including the following:
A bank shall submit reports on suspicious transactions (including attempted transactions) to the STRO, and extend a copy to the authority for information.
A bank shall consider if the circumstances are suspicious so as to warrant the filing of an STR and document the basis for its determination where:
Any person who fails to report a suspicious transaction shall be guilty of an offence and shall be liable, on conviction, to a fine not exceeding SGD 20,000, although it is a defence that the person charged had a reasonable excuse for not disclosing the information or other matter in question, or that, if they were an employee, they disclosed it in accordance with their internal procedures.
The first money-laundering case in Singapore concerned a major airline. In this case a supervisory clerk was granted almost total control over a computer program which computed and paid out the crew's salaries and allowances by making direct credits into staff bank accounts. The clerk dishonestly misappropriated numerous amounts from the airline's bank account by causing them to be paid to bank accounts which were in his name or controlled by him. Random checks were supposed to be made. However, there was no way the supervisors could verify all the details keyed in by the clerk, and he had also falsely altered a computer-generated report printed daily which contained all the adjustments made to crew allowances for that day. He defrauded the airline of almost SGD 35 million, and at the conclusion of investigations, SGD 14 million remained unrecovered. He was sentenced to 24 years' imprisonment.
In another case, a customer-service officer in a worldwide bank stole US$ 7.2 million (SGD 12.6 million) from the bank over a period of five years. He pleaded guilty to the single money-laundering charge and the other charges of cheating (altogether there were more than 1,000 charges which took the court interpreter two hours to read) and was sentenced to 12 years' imprisonment. The clerk was a compulsive gambler, and often bet (with the stolen money) on the lottery with $500,000 per week (and struck the first prize twice, totalling $6m). When the police raided his home they found over 1,000 lottery tickets; hence the number of charges exceeding 1,000.
In 2003, the biggest fraud case in Singapore history occurred. The finance manager of a brewery was charged for 44 offences of forgery and cheating and two charges of money-laundering offences involving a total sum of SGD 117 million. He pleaded guilty to all 46 charges and was sentenced (by the same District Court judge as in case study one) to 42 years' imprisonment. The manager flew in private jets to bet in the world's leading casinos, at $400,000 per bet and lost $62.3 million. He used funds he had cheated from four major banks, which then took legal action against the brewery.
South Africa has demonstrated a strong commitment to implementing AML/CFT systems, which has involved close cooperation and coordination between a variety of government departments and agencies. The authorities have sought to construct a system which uses as its reference the relevant United Nations Conventions and the international standards as set out by the Financial Action Task Force.
The money-laundering offence is found in the Prevention of Organised Crime Act (POCA). The Financial Intelligence Centre Act, which was amended by the Financial Intelligence Centre Amendment Act 2008, contains the AML compliance legislation. The Money Laundering Control Regulations (“the Regulations”) were issued under the Act in December 2002. These were updated in 2010.
South Africa supplemented its AML law with statutory provisions in the Drugs and Drug Trafficking Act 140 of 1992. This Act criminalised the laundering of the proceeds of specific drug-related offences and required the reporting of suspicious transactions involving the proceeds of drug-related offences. The Proceeds of Crime Act 76 of 1996 broadened the scope of the statutory laundering provisions to all types of offences. In 1999, the Proceeds of Crime Act, as well as the laundering provisions of the Drugs and Drug Trafficking Act, were repealed when POCA came into effect.
Money laundering is criminalised in Section 4 of the Prevention of Organised Crime Act 1998. The AML control measures are found in the Financial Intelligence Centre Act 2001 and subsequent regulations.
The requirements are further elaborated in guidance notes issued by the Centre and circulars issued by the South African Reserve Bank (SARB), which is the central bank of South Africa. However, neither of these is legally enforceable, and they are only intended to provide guidance.
It should also be noted that South Africa's AML/CFT framework is currently undergoing a process of transition. The FIC Act (FICA) was substantially amended by the Financial Intelligence Centre Amendment Act 2008 (FIC Amendment Act) which was gazetted on 28th August, 2008.
The FIC launched a new communication platform – a Public Compliance Communication (PCC) series – on 22nd February, 2010. The purpose of the PCC is to facilitate a better understanding of the Financial Intelligence Centre Act 2001 (Act No. 38 of 2001) (FICA) by all businesses, including accountable institutions, and to address some of the complex questions arising from the administration of FICA and its subordinate legislation. The main purpose of the PCC series is to provide guidance under Section 4(c) of FICA on the FIC's interpretation of the relevant legislation. This form of guidance will have the same legal status as the guidance notes that have been, and will continue to be, issued by the FIC.
The 2008 FATF mutual evaluation described the development of AML/CFT systems in South Africa as “work in progress”. The country was rated “largely compliant” or “compliant” in approximately half of the 49 recommendations, which highlights that there is still work to be done to bring South Africa into line with FATF Recommendations.
The Financial Intelligence Centre (the Centre) was established under FICA No. 38 of 2001, in February 2002. The Centre started receiving reports on suspicious and unusual transactions on 3rd February, 2003.
FICA also sets up a regulatory anti-money-laundering regime which is intended to break the cycle used by organised criminal groups to benefit from illegitimate profits. By doing this, the Act aims to maintain the integrity of the financial system.
The South African Reserve Bank is the central bank of the Republic of South Africa. The primary purpose of the Bank is to achieve and maintain price stability in the interest of balanced and sustainable economic growth in South Africa. Together with other institutions, it also plays a pivotal role in ensuring financial stability. The Bank assesses, on a continuous basis, the stability and efficiency of key components of the South African financial system.
Any person who knows, or ought reasonably to have known, that property is, or forms part of, the proceeds of unlawful activities and
which has, or is likely to have, the effect
shall be guilty of an offence.
Any person who knows, or ought reasonably to have known, that another person has obtained the proceeds of unlawful activities, and who enters into any agreement with anyone or engages in any arrangement or transaction whereby
shall be guilty of an offence.
Any person who acquires, uses or has possession of property and who knows, or ought reasonably to have known, that it is or forms part of the proceeds of unlawful activities of another person, shall be guilty of an offence.
A person may raise as a defence the fact that he or she had reported a knowledge or suspicion, or, if they are an employee of a financial institution, that person may also raise as a defence the fact that he or she had:
Any person convicted of an offence outlined above shall be liable to a fine not exceeding R 100 million, or to imprisonment for a period not exceeding 30 years.
The AML Act applies to 19 “accountable institutions”, including banks, estate agents and various other financial services.
The Act and the Regulations require accountable institutions to identify all clients with whom they do business unless an exemption applies in a given circumstance. However, institutions are not required to follow a one-size-fits-all approach in the methods they use and the levels of verification they apply to all relevant clients.
In many instances, the Regulations make reference to the fact that accountable institutions must verify certain particulars against information which can be reasonably expected to achieve such verification and is obtained by reasonably practical means, taking into account any guidance notes concerning the verification of identities which may apply.
The use of expressions in the Regulations such as “can reasonably be expected to achieve such verification” and “is obtained by reasonably practical means” implies that a risk-based approach is appropriate, and that the greater the risk, the higher the level of verification and the more secure the methods of verification used should be.
The assessment of risk factors should best be done by means of a systematic approach to determining different risk classes and identifying criteria to characterise clients and products. In order to achieve this, an accountable institution would need to document and make use of a risk framework.
As with all risk management, an institution's risk framework needs to be regularly updated and supported with documentation to enable and ensure compliance within each institution.
Accountable institutions must write and implement internal rules relating to money-laundering control and appoint an officer who is responsible for ensuring compliance by the institution. The MLRO is also required to train the institution's employees to enable them to comply with their money-laundering control obligations.
Once the Compliance Officer has been appointed, they will be required to familiarise themselves with the relevant money-laundering laws and the particular guidelines and regulations. They will then need to ascertain the current level of compliance by the business and its employees with the duty to report suspicious and unusual transactions and ensure that appropriate policy documents and rules are implemented. They will be required to monitor and report to management on compliance.
FICA prevents accountable institutions from establishing business relationships or entering into single transactions with their clients unless they have established and verified the identities of the clients concerned and of the agents and principals of their clients, as well as any authority the agent, client or principal has to act on behalf of another person.
The Act also requires institutions to verify an agent's authority to act on behalf of a principal. The Regulations provide some detail on the identification and verification of most classes of clients an institution is likely to deal with. These are, for instance, natural persons, companies and close corporations, other legal persons, partnerships and trusts.
The Regulations require institutions to obtain specific information concerning the identities of each of these categories of clients, and also indicate the manner in which the basic client identification particulars should be verified. For instance, an individual's name and identity number should be verified by reference to an identity document.
Other forms of verification are only acceptable if a person is, for a reason which is acceptable to the institution, unable to produce an identity document. Additional identification particulars, such as residential addresses, may be verified by reference to any information which can reasonably be expected to serve as verification for the particulars in question.
An accountable institution must obtain from, or in respect of, a natural person who is a citizen of, or resident in, South Africa, that person's:
They should verify the above by comparing the information with an identification document of that person, or, in the case where that person is, for a reason that is acceptable to the institution, unable to produce an identification document, another document which is acceptable to the institution and bears:
An accountable institution must verify the income tax registration number by comparing this number with a document issued by the South African Revenue Service bearing such a number and the name of the natural person.
An accountable institution must obtain from, or in respect of, a natural person who is a citizen of another country and is not resident in the Republic, that person's:
For foreign nationals, the information should be compared with an identification document of that person.
An accountable institution must obtain from the natural person acting or purporting to act on behalf of a close corporation or South African company with which it is establishing a business relationship or concluding a single transaction:
An accountable institution must verify the particulars obtained in respect of a close corporation or company by comparing the details with:
If an accountable institution obtained the required information about a natural or legal person, partnership or trust without contact in person with that natural person, or with a representative of that legal person or trust, the institution must take reasonable steps to establish the existence, or to establish or verify the identity, of that natural or legal person, partnership or trust, taking into account any guidance notes concerning the verification of identities which may apply to that institution.
An accountable institution must obtain information in respect of:
An accountable institution must obtain information whenever it is reasonably necessary, taking into account any guidance notes concerning the verification of identities or the reporting of suspicious and unusual transactions, with a view to obtaining additional information:
The information obtained must be adequate to reasonably enable the institution to determine whether transactions involving a client are consistent with the institution's knowledge of that client and that client's business activities and must include particulars concerning:
The MLRO is responsible for training the employees to enable them to comply with their money-laundering control obligations.
The accountable or reporting institution will be required to file a cash threshold report with the Centre when the accountable or reporting institution has knowledge of the transaction that exceeds the prescribed threshold. This knowledge will normally be acquired when the accountable or reporting institution:
A general 15,000 US$/EUR suspicious reporting threshold has been implemented.
According to the 2010 amendments, the report must contain full particulars of the natural or legal person making the report or other entity on whose behalf the report is made, including:
In respect of the transaction or aggregated transactions for which a report is made, the report must contain as much of the following information as is readily available:
In respect of each natural or legal person conducting the transaction(s) for which a report is made, the report must contain as much of the following information as is readily available:
In the case of a natural person, full particulars of:
In the case of a legal person, full particulars of:
In the case of any other entity, any information which is readily available should be included.
A report must:
A report must be sent to the Centre as soon as possible but not later than two days after a natural person or any of his or her employees, or any of the employees of officers of a legal person or other entity, has become aware of a cash transaction or series of cash transactions that has exceeded the prescribed limit.
The internal rules of an accountable institution concerning the establishment and verification of identities must:
A person convicted of:
is liable to imprisonment for a period not exceeding 15 years or to a fine not exceeding R 10,000,000.
A person convicted of
is liable to imprisonment for a period not exceeding five years or to a fine not exceeding R 1,000,000.
The FIC of South Africa has been used to perpetuate fraud, through scam letters claiming to be officially from the FIC. The FIC disassociated itself from this fraud, and urges anyone who receives a letter to report it. It is unknown whether any, or how much, money was lost as a result. The text of one of the scam letters, sent on headed paper designed to look as if it has come from the FIC, appears below.
The advice not to tell anybody, the email address “@london.com”, the withdrawal per day limit and the poor English are just some of the many problems with the letter. A number of examples of this type of scam were sent claiming to be from the FIC.
In another case, a physiotherapist was convicted of laundering R 2,100,000 which was stolen from the government, with help from two accomplices. The funds came from a fund covering workers injured or disabled at work or for diseases sustained from the hazardous work environment, and the accomplices worked for the Department of Labour. The fraudster was working with his accomplices to siphon millions of rands of public funds by claiming money for treatment to patients that was never done and using intricate means to siphon payments into his own accounts. The laundered money was deposited into the criminal's personal account and those of his businesses. The accomplices were still on trial and the physiotherapist had not been sentenced at the time of writing.
Korea has demonstrated political commitment to improving its AML efforts since the mid-1990s. The most common money-laundering techniques involve cash transactions and accounts in other persons' names. Accordingly, the authorities have made a concerted effort to combat these over the less prevalent drug-trafficking offences. Despite some deficiencies in the AML regime, the compliance culture within Korean financial institutions is very strong.
The Proceeds of Crime Act, last amended in 2010, contains the money-laundering offence. The Financial Transaction Reports Act, also amended in 2010 and supplemented by the KoFIU AML/CFT Regulation, provides the AML compliance requirements.
Korea first introduced AML/CFT measures in 2001 and has sought to implement a collaborative approach to the fight against money laundering and associated crimes.
The 2009 FATF mutual evaluation found that the money-laundering offences are largely in line with international requirements but the penalties available and applied are not sufficiently effective, proportionate or dissuasive. Furthermore, there is a lack of focus on money-laundering investigations.
Customer identification and verification represents a strength in the Korean preventive measures, but issues such as beneficial ownership, politically exposed persons and correspondent banking have yet to be addressed. The Korean AML/CFT system is heavily reliant on KoFIU's work on financial intelligence, AML/CFT supervision, training of obliged entities, policy, reform, national coordination and international cooperation.
The Financial Services Commission was established in 2008. The aim of the Financial Services Commission is to protect the integrity of Korea's financial market, by focussing on devising and updating financial policies in tune with the needs of and developments in the market.
Founded in November 2001, KoFIU is the primary executive agency responsible for implementing an effective anti-money-laundering and combating the financing of terrorism (AML/CFT) regime in Korea.
KoFIU's responsibilities include:
KoFIU works closely with various law-enforcement agencies in Korea, including the Ministry of Justice, National Police Agency, National Tax Service, the Korea Customs Service and the Financial Supervisory Service.
KoFIU was originally within the Ministry of Finance and Economy (MOFE), but as a result of the government reorganisation in February 2008 has been transferred to the Financial Services Commission (FSC). KoFIU comprises AML/CFT experts from the FSC, Ministry of Justice (MOJ), National Police Agency (NPA), National Tax Service (NTS), Korea Customs Service (KCS) and the Financial Supervisory Service (FSS). The independence and autonomy of KoFIU is guaranteed by law. KoFIU works as an institutional link between financial institutions and law-enforcement agencies by receiving suspicious transaction report (STRs) from financial institutions, analysing the STRs and disseminating them to law-enforcement agencies for further action. KoFIU is also the primary organisation responsible for AML/CFT policy formulation and implementation, AML/CFT supervision and the education of financial institutions.
Any person who commits, or attempts to commit, any of the following acts shall be guilty of money laundering:
Furthermore, any person who knowingly accepts criminal proceeds and related properties commits an offence, unless it is in relation to fulfillment of legal obligations or obligations under a contract which he/she entered into without the knowledge that it would be fulfilled with criminal proceeds or related properties.
Money laundering, or its attempt, is punishable by imprisonment not exceeding five years or a fine not exceeding 30 million won. Preparation or conspiracy to commit money laundering is punishable by imprisonment not exceeding two years or a fine not exceeding 10 million won.
Accepting criminal proceeds is punishable by imprisonment not exceeding three years or a fine not exceeding 20 million won.
If any of the offences above are committed by a legal person, both the individual responsible and the legal entity can be subjected to the relevant penalties.
The AML legislation applies to various financial institutions listed in Article 2(1) of the Financial Transaction Reports Act, and includes banks, investment trading companies and insurance companies.
Financial institutions shall identify and assess the risks of money laundering and terrorist financing and use such information for customer due diligence. When identifying and assessing the risks of money laundering and terrorist financing, financial institutions should consider country risk, customer type and product and service risk. Financial institutions shall assess the risks of money laundering and terrorist financing of a customer based on set criteria for risk assessment factors and risk levels, so as to apply such risks to the assessment appropriately.
Reporting entities are obliged to:
Financial institutions shall assign to senior management the following roles and responsibilities:
The MLRO's role shall be:
To prevent money laundering and terrorism financing, reporting entities shall establish and apply internal guidelines:
The internal guidelines shall include details regarding contents, procedures and methods of adequate measures designed to prevent money laundering and financing of offences of public intimidation according to the types of customer or types of financial transaction. Financial institutions shall include each of the following provisions in their business guidelines established and operated to implement CDD effectively:
Financial institutions shall:
Financial institutions shall obtain each of the following pieces of information for natural persons (including foreign persons):
This should be verified by means of a certificate bearing the real name, such as a resident registration card or driving licence, and which also contains a photo and other essential identification information required.
Financial institutions shall obtain each of the following pieces of information for legal persons:
Financial institutions shall confirm the authority of any person (“agent”) who conducts financial transactions on behalf of natural and legal persons or other organisations and the identity of such agents, and shall check if legal persons or arrangements actually exist through documents that can prove the establishment of legal entities, such as a copy of the corporate register.
The above information should be verified.
Financial institutions shall identify the natural persons who ultimately own or control the customer (beneficial owners) by means of reliable documentation in consideration of the risks of ML/TF, and should take necessary measures to identify whether a legal person customer is the beneficial owner when there is suspicion or concern that the customer might not be the beneficial owner and might be involved in ML/TF.
Simplified customer due diligence may be applied to certain types of customer or products or services categorised as low risk with respect to ML/TF. This permits an exemption for some of the identification procedures and measures. However, sufficient information is still required to identify the customer, including name and address. If you choose to take advantage of this exemption, you will need to be clear why you are doing so and the risk that this poses, and judge whether it is appropriate in the circumstances. If you are unfortunate and treat a customer as low risk when this is patently not the case, you must be prepared to face regulatory sanctions.
Enhanced due diligence requires additional CDD information for certain types of high-risk customer or products/services. For natural persons, financial institutions shall identify each of the following additional pieces of information for high-risk customers:
For legal persons, financial institutions shall identify each of the following additional pieces of information:
Financial institutions shall establish policies and procedures to address the risk of ML/TF related to non-face-to-face transactions. Financial institutions shall follow the policies and procedures when they establish new business relationships with non-face-to-face customers and conduct ongoing CDD for them.
Financial institutions shall establish an appropriate procedure to identify whether a customer or beneficial owner is a foreign PEP. Financial institutions shall obtain approval from senior management:
Financial institutions shall conduct enhanced due diligence pursuant to Article 20(3) when customers (or beneficial owners) are identified as foreign PEPs, and take due measures to identify the source of funds or assets. Such measures include identifying the following additional information:
Financial institutions shall conduct ongoing monitoring to determine if the existing customer is a foreign PEP, and shall enhance transaction monitoring during any business relationship with a customer who is a politically exposed person.
Financial institutions shall establish and operate procedures and control measures necessary for preventing and mitigating the risks of money laundering and terrorist financing related to correspondent banking services when entering into correspondent banking relationships.
The correspondent bank shall take appropriate measures to ensure the respondent bank prevents its correspondent banking account from being used by shell banks.
When entering into a correspondent banking relationship, the correspondent bank shall take the following measures with regard to the respondent bank:
When the service of providing a customer with direct access to a correspondent banking account (hereinafter referred to as payable-through account) is included in the correspondent banking contract, the following measures shall also be taken:
When entering into a new correspondent banking relationship, the correspondent bank shall obtain prior approval from senior management.
The correspondent bank is prohibited from entering into or continuing correspondent banking relationships with shell banks.
Financial institutions shall conduct ongoing due diligence on business relationships. Ongoing due diligence shall be conducted through each of the following measures:
Financial institutions shall determine how often CDD needs to be conducted in accordance with the ML/TF risk level in consideration of customer transaction activities. Financial institutions shall establish and operate an ongoing monitoring system on customers' transactions and activities, which includes each of the following:
Financial institutions shall pay special attention to all complex, unusually large transactions or unusual patterns of transactions that have no apparent economic or lawful purpose, including each of the following:
Financial institutions shall examine, as much as possible, the background and purpose of the transactions, and shall maintain records on their findings.
For the purpose of preventing ML/TF, financial institutions shall establish procedures to identify unusual transactions or patterns through a transaction-monitoring system which includes the following measures:
Financial institutions shall develop and operate education and training programmes for their employees. The reporting officer shall provide employees with education and training more than once a year.
Financial institutions shall provide their employees with adequate and different education and training in accordance with their differing positions and responsibilities, and shall make sure education and training cover each of the following:
Once the education and training sessions have been conducted, financial institutions shall retain records on the dates, participants and content of the sessions.
A Know Your Employee (KYE) system refers to a system that enables financial institutions to check identification information of their existing and new executives and employees when hiring them, so as to prevent them from getting involved in money-laundering and terrorist-financing activity. Financial institutions shall establish procedures and measures for the implementation of a KYE system.
Financial institutions shall maintain information regarding customer identification and verification records, financial transaction records, internal and external reports including STRs and other relevant documents for a minimum of five years.
Information or documents to be retained with regard to customer identification and verification include the following:
Information or documents to be retained with regard to financial transaction records include the following:
Internal and external reports and related documents include the following:
Financial institutions shall retain the following information or documents in addition to those specified above for five years:
Financial institutions and casinos are required to report to the KoFIU when:
Financial institutions and casinos can file a suspicious transaction report even when the amount of the transaction is below the reporting threshold. For failures to report suspicious transactions, the Korea Financial Intelligence Unit can apply sanctions such as disciplinary action for employees of financial institutions and administrative fines for financial institutions.
In 2006, Korea implemented a currency transaction report (CTR) system. This obliges financial institutions to report to the KoFIU all cash transactions when the amount of cash paid or received in transactions conducted in one trading day in the same name is above the threshold, which is currently KRW 20 million.
Any person who falls under any of the following shall be subject to imprisonment for a period not exceeding five years or a fine in an amount not exceeding 30 million won:
Any person who falls under any of the following shall be subject to imprisonment for a period not exceeding one year or a fine in an amount not exceeding 5 million won:
A Korean national with multiple passports and identities admitted laundering money in Los Angeles. For three years, he illegally “structured” more than $5 million in bank deposits by parcelling them into 254 transactions averaging about $6,000 each, thereby avoiding the cross-border currency reporting threshold. He also used false South Korean and American identity documents, and opened two accounts at the same bank using different Korean passports and visas. He had not been sentenced at the time of writing.
This case highlights the need for financial institutions to consider the wider circumstances of financial transactions, and not just take them at face value. Numerous transactions by the same person must be aggregated in accordance with local laws, so that the reporting thresholds apply and appropriate action can be taken. The risk of false identities being used is also illustrated in this case, so it is not enough to see official documents – they should be verified as well.
Switzerland's body of money-laundering laws has grown incrementally. It recognised itself as one of several susceptible countries, understanding the lucrative nature of the private banking business conducted in the country. It has become world renowned for enforcing the strictest anti-money-laundering codes, to the extent that many other countries have since modelled their own AML framework on Switzerland's robust programme. However, it has to be recognised that it is the desirability of having funds within Switzerland, given the stringent secrecy laws for which the country is known, that means it remains a potential target for inappropriate funds. In June 2012, an official Federal Council press release outlining an expansion of the powers of the Money Laundering Reporting Office Switzerland stated that, “The Federal Council is intent on stepping up the fight against money laundering”. True to its word, in November 2013, the money laundering regulations were strengthened, and in particular the legislation allows for secrecy to be lifted and information passed on in various circumstances following suspicious transaction reports. This signals a key commitment to maintaining Switzerland's economic position, at the expense of its well-known secrecy regime.
The money-laundering offence is contained in the Swiss Penal Code (Art. 305bis and 305ter StGB). Furthermore, the Federal Act on Combating Money Laundering and Terrorist Financing in the Financial Sector (AMLA) and a corresponding Ordinance of the Swiss Financial Market Supervisory Authority (FINMA) on the Prevention of Money Laundering and Terrorist Financing (FINMA Anti-Money Laundering Ordinance, AMLO-FINMA) contain the AML compliance regime – most recently updated in November 2013.
Switzerland's mechanisms for combating money laundering, which were established with the Agreement on Due Diligence (CDB) in 1977 and have been expanding ever since, today include provisions in the Swiss Penal Code (Art. 305bis and 305ter StGB), the Federal Act on Combating Money Laundering and Terrorist Financing in the Financial Sector (AMLA) and a corresponding Ordinance of the Swiss Financial Market Supervisory Authority (FINMA) on the Prevention of Money Laundering and Terrorist Financing (FINMA Anti-Money Laundering Ordinance, AMLO-FINMA).
The 2005 mutual evaluation report found Switzerland to be “largely compliant” or “compliant” with 32 of the 49 FATF regulations. The Follow-Up Report agreed by the FATF in October 2009 found that Switzerland had taken sufficient action in remedying the deficiencies that were identified in the Mutual Evaluation Report. Switzerland provided a further progress report in 2011, but this had not been analysed by the FATF at the time of writing.
The Federal Department of Finance looked into the individual criticisms of Switzerland's anti-money-laundering mechanisms within the FATF report. Subsequent AML legislation and ordinances were brought into force, bringing Switzerland largely into line with FATF requirements.
The Federal Office of Police is required by the AML Act to manage the Money Laundering Reporting Office Switzerland.
The Money Laundering Reporting Office Switzerland (MROS), which is a part of the Federal Office of Police, is Switzerland's central anti-money-laundering office and functions as a relay and filtration point between financial intermediaries and the law-enforcement agencies. According to the Money Laundering Act, the MROS is responsible for receiving and analysing suspicious activity reports in connection with money laundering and, if necessary, forwarding them to the law-enforcement agencies.
The MROS is also a specialised body that publishes annual statistics on developments in the fight against money laundering, organised crime and terrorist financing in Switzerland, and identifies typologies that are useful for training the financial intermediaries. The MROS is organised as a section within the Federal Office of Police; it is not a police authority in itself, but rather an administrative unit with special tasks.
The Reporting Office is a member of the Egmont Group, which is an international association of financial intelligence units (FIUs) whose objective is to foster a safe, prompt and legally admissible exchange of information in order to combat money laundering and terrorist financing. According to a June 2012 press release, the MROS will be given extended powers to share information with foreign FIUs.
The Swiss Financial Market Supervisory Authority (FINMA), in its role as State supervisory authority, acts as an oversight authority of banks, insurance companies, exchanges, securities dealers, collective investment schemes, distributors and insurance intermediaries. It is responsible for combating money laundering and, where necessary, conducts restructuring and bankruptcy proceedings and issues operating licences for companies in the supervised sectors. Through its supervisory activities, it ensures that supervised institutions comply with the requisite laws, ordinances, directives and regulations, and continue at all times to fulfil the licensing requirements.
FINMA imposes sanctions and provides administrative assistance to the extent permissible by law. It also supervises the disclosure of shareholdings, conducts the necessary proceedings, issues orders and, where wrongdoing is suspected, files criminal complaints with the Swiss Federal Department of Finance. FINMA also acts as a regulatory body: it participates in legislative procedures, issues its own ordinances and circulars where authorised to do so, and is responsible for the recognition of self-regulatory standards.
The Swiss Federal Banking Commission and the Anti-Money Laundering Control Authority (see below) will be integrated into FINMA.
The AML Control Authority (AMLCA) is the supervisory authority for the non-banking sector, which is supervised only to the extent of its compliance with the AMLA. This non-banking sector includes asset managers, fiduciaries, money changers and payment services providers, as well as lawyers and notaries who offer ancillary financial services and others.
Amongst other financial supervisory obligations, the Swiss Federal Banking Commission monitors whether the financial intermediaries under its supervision comply with the provisions of the Anti-Money Laundering Act.
Money laundering is committed by any person who carries out an act that is aimed at frustrating the identification of the origin, the tracing or the forfeiture of assets which he knows, or must believe, originate from a felony.
Any person found guilty of money laundering shall be liable to a custodial sentence not exceeding three years or to a monetary penalty. In serious cases, the penalty shall be a custodial sentence not exceeding five years and/or a monetary penalty. A custodial sentence shall be combined with a monetary penalty not exceeding 500 daily penalty units [1,500,000 francs].
A serious case is, for example, where the offender:
The AMLA applies to financial intermediaries, which are listed in Article 2 of the Federal Act on Combating Money Laundering and Terrorist Financing in the Financial Sector. Financial intermediaries include banks, fund managers and persons who, on a professional basis, accept or hold on deposit assets belonging to others or who assist in the investment or transfer of such assets.
When establishing a business relationship, the financial intermediary must verify the identity of the customer on the basis of a document of evidentiary value. Where the customer is a legal entity, the financial intermediary must acknowledge the provisions regulating the power to bind the legal entity, and verify the identity of the persons who enter into the business relationship on behalf of the legal entity.
In the case of cash transactions with a customer whose identity has not yet been established, the duty to verify identity applies only if one transaction, or two or more transactions that appear to be connected, involve a considerable financial value (see below). Furthermore, if there is any suspicion of money laundering or terrorist financing, the identity of the customer must be verified even if the relevant amounts have not been reached.
The financial intermediary is required to identify the nature and purpose of the business relationship wanted by the customer. The extent of the information that must be obtained is determined by the risk represented by the customer.
The financial intermediary must clarify the economic background and the purpose of a transaction or of a business relationship if:
The DSFI shall identify the contracting party if one or more transactions, which appear to be interlinked, reach or exceed the following amount:
For natural persons as well as owners of sole proprietorships, the following should be established:
Upon initiation of the business relationship with a natural person or owner of a sole proprietorship, the DSFI shall identify the contracting party by inspecting an identification document of the contracting party. If the business relationship is started without a personal interview, the DSFI shall additionally review the place of domicile through postal delivery or equivalent method. All identification documents are permitted which include a photograph and which are issued by a Swiss or foreign authority.
For legal entities and companies, the reporting entity should ascertain:
The DSFI shall also identify the person who begins the business relationship in the name of the contracting party. The DSFI shall acknowledge and document the provisions of the contracting party's power of attorney regarding this person.
Upon initiation of the business relationship with a legal entity or partnership, the DSFI shall identify the contracting party by means of one of the following documents:
Legal entities and partnerships not listed in the commercial registry are to be identified by means of one of the following documents:
A commercial registry statement, confirmation from the auditor and a directory or database statement may be no more than twelve months old at the time of identification and must correspond with the current circumstances.
The DSFI can waive the certification of authenticity if it takes other measures that allow it to examine the identity and the address of the contracting party. The measures taken are to be documented.
If the contracting party does not have any identification documents within the sense of this Ordinance, then the identity may be determined by means of valid replacement documents as an exception. These exceptional situations should be explained in a note in the file.
The financial intermediary must obtain a written declaration from the customer indicating who the beneficial owner is if:
The written declaration from the contracting party concerning the beneficial owner must include the following information for natural persons as well as owners of sole proprietorships:
For legal entities and companies, it should include the following information:
The declaration can be signed by the contracting party or one of its agents. For legal entities, the declaration is to be signed by a person who is authorised to do so pursuant to the company documents. If questions remain concerning the correctness of the declaration of the contracting party and such questions cannot be resolved through further clarification, then the DSFI shall decline the business relationship or terminate it.
The financial intermediary may dispense with complying with the duties of due diligence if the business relationship only involves assets of low value and there is no suspicion of money laundering or terrorist financing.
Financial intermediaries shall formulate criteria to identify business relationships and transactions which involve increased risks. Depending on the type of operations conducted by the financial intermediary, the following criteria may be of particular relevance:
Business relationships with politically exposed persons are, in all cases, deemed to be business relationships with increased risk.
Transactions in which assets exceeding more than CHF 100,000 are physically deposited in a single or series of deposits at the onset of the business relationship are deemed, in all cases, to be transactions with increased risks.
Financial intermediaries shall carry out additional investigations with appropriate effort for business relationships or transactions with increased risks.
Any transaction is deemed to be of increased risk if the value exceeds CHF 5,000.
The acceptance of business relationships involving increased risk requires the approval of a senior person or body or the management. The senior executive body, or at least one of its members, shall decide on:
Financial institutions are obliged to treat correspondent banking relationships as high-risk relationships.
The financial intermediary shall provide effective monitoring of business relationships and transactions, and ensure that increased risks are identified. For the monitoring of transactions, the financial intermediary shall use an IT-supported system to identify transactions with increased risks. Any transactions identified by the IT system shall be evaluated within an appropriate timeframe and, when necessary, additional clarification shall be sought.
A financial intermediary which has a low number of contracting parties and beneficial owners or transactions can waive an IT-supported transaction-monitoring system if it instructs its audit company to perform a stringent annual transaction-monitoring audit.
Financial intermediaries must take the measures that are required to prevent money laundering and terrorist financing in their field of business. They must, in particular, ensure that their staff receive adequate training to be able to perform their duties. Furthermore, the financial intermediary shall ensure the prudent selection of personnel as well as the regular training of all concerned staff with respect to the relevant aspects of the prevention of money laundering and the financing of terrorism.
The financial intermediary must keep records of transactions carried out and other documents required in such a manner that other specially qualified persons will be able to make a reliable assessment of the transactions and business relationships and of compliance with the AML provisions. The financial intermediary must retain the records in such a manner as to be able to respond within a reasonable time to any requests made by the prosecution authorities for information or for the seizure of assets. After the termination of the business relationship or after completion of the transaction, the financial intermediary must retain the records for a minimum of ten years.
A financial intermediary must immediately file a report with the Money Laundering Reporting Office Switzerland (“the Reporting Office”) if it knows, or has reasonable grounds to suspect, that assets involved in the business relationship:
It should terminate any business relationship if any suspicion arises.
The name of the financial intermediary must appear in any report. The identity of the financial intermediary's staff who are in charge of the case may be made anonymous in the report, provided it is guaranteed that the Reporting Office and the competent prosecution authority are able to contact them without delay.
A financial intermediary must immediately freeze the assets entrusted to it that are connected with the report, and must continue to freeze the assets until it receives an order from the competent prosecution authority, but at the most for five working days from the time at which the report is filed with the Reporting Office.
The November 2013 amendments provide that if the Reporting Office requires additional information in order to analyse a report that it has received, the financial intermediary making the report must, on request, provide such information that is in its possession. If, based on this analysis, it becomes apparent that in addition to the financial intermediary making the report, other financial intermediaries are, or were, involved in a transaction or business relationship, the financial intermediaries involved must, on request, provide the Reporting Office with all related information that is in their possession.
The Reporting Office may pass on the personal data and other information that are in its possession or that it may obtain under this Act to a foreign reporting office provided that office:
It may pass on the following information in particular:
The Reporting Office may consent to information being passed on by the foreign reporting office to a third authority provided the latter guarantees that:
A request for information from a foreign reporting office shall not be granted if:
Any person who, in a professional capacity, accepts, holds on deposit or assists in investing or transferring outside assets and fails to ascertain the identity of the beneficial owner of the assets in accordance with the above requirements shall be liable to a custodial sentence not exceeding one year or to a monetary penalty.
Anyone who fails to comply with the duty to report a suspicious transaction shall be liable to a fine of up to 500,000 francs. If the offender acts through negligence, he or she shall be liable to a fine of up to 150,000 francs. However, if they repeat the offence within five years of the conviction taking full legal effect, the fine shall be a minimum of 10,000 francs.
The Swiss FIU produces a number of AML case studies as part of its annual reports, some of which are reproduced below. The reports are available at: http://www.fedpol.admin.ch/content/fedpol/en/home/themen/kriminalitaet/geldwaescherei/jahresberichte.html.
In early 2011, a foreign client received a wire transfer of US$300,000 on behalf of a law firm in his home country. The compliance division asked the client advisor to obtain additional clarification regarding the economic background of this deposit. The client explained that the payment related to a contractual obligation with a well-known law firm that also represented his country in various matters. The client advisor requested more details regarding the contractual obligation between the client and the law firm. The client advisor forwarded these details to the compliance division along with the client's request that the details of the transaction remain confidential. After examining the documentation, the Compliance Officer concluded that the documentation was not detailed enough.
Additional searches of public sources revealed that the law firm in question had been involved in criminal activities such as misappropriation of public funds in the client's home country. In addition, the owner of the law firm was a close legal representative of the President of the client's home country. The client advisor contacted the client again but was still unable to determine the economic background of the incoming payment. Certain statements made by the client also indicated that some of the deposited funds might actually have been derived from influence peddling. An SAR was therefore submitted to the MROS. However, examination of police and judicial records and subsequent investigation of the persons named in the SAR did not reveal any relevant details. For motives of convenience, a decision was reached not to contact the FIU in the client's home country but rather to forward the SAR to the Office of the Attorney General of Switzerland.
In another case, a financial intermediary sent the MROS an SAR regarding a business relationship with one of its clients, a South American woman employed as a salesperson. The account balance showed tens of thousands of Swiss francs that had come from another account held by the client at a well-known lending institution. Apparently, the money in question was a loan that the client had asked to have credited to the reported account. A few days later, a travel cash card provider informed the financial intermediary that the client had recently loaded tens of thousands of Swiss francs onto her travel cash cards from the reported account.
Based on this information, the financial intermediary took a closer look at the business relationship. It turned out that the client had actually stolen the identity of the real salesperson for the purpose of opening the account. The real salesperson informed the financial intermediary that she had never opened a bank account there nor had ever received correspondence or documents relating to this account. Comparison of the ID photos of the real salesperson and the client revealed that they were, in fact, two different people. Unknown third parties had opened the account via post and had sent a copy of the fake Swiss ID card with the account application. The copy of the Swiss ID card appeared to have been certified by a notary. However, closer investigation revealed that the notary who had certified the Swiss ID card did not exist. The account documents sent via post had been removed from the salesperson's mailbox by the perpetrators of the fraud. All indications pointed to the fact that unknown third parties had used a stolen identity to open an account at a lending institution by fraudulent means, obtained a loan and then transferred the loan amount to the reported account – which had also been opened using the stolen identity. The money was immediately transferred to travel cash cards and eventually withdrawn as cash from various automatic teller machines (ATMs).
Subsequent investigation by the MROS proved unsuccessful, since the names of the persons who had stolen and misused the salesperson's name were not known. The salesperson herself has no police record. Since the reported account had been used to channel incriminated assets, the MROS forwarded the SAR to cantonal prosecution services.
In a third case, a financial intermediary detected an international wire transfer made by one of its clients to a person in an African country. The wire transfer was considered very high given the client's profile. Initial verifications uncovered other transfers that added up to a very large sum. The financial intermediary requested clarification from the client, who was unable to provide a convincing explanation. An SAR was sent to the MROS. In its analysis, the MROS began checking the various transactions carried out on the client's account. There were frequent payments of small amounts from different payers. The sum of these amounts would then be sent to the said African country. The MROS noted that the explanations provided by the client were not plausible. He had explained that the small payments had been minor loans from friends as well as income from odd jobs such as tutoring. The client was nevertheless unable to provide any proof to back his claims. He justified the transfer of these amounts to the African country by saying that it was to pay back a loan for his education. However, there were no indications that the wire transfers related to reimbursement of a loan. Finally, the client was unable to explain why the payments were for such a high amount.
The MROS was also struck by the fact that the financial intermediary had only discovered the case by accident. Since the sum of the amounts paid into this account was rather high, the financial intermediary should have realised earlier that the transactions were unusual. Analysis of the transactions revealed that they had all taken place within a period of several months and the total amount was very high. The client's profile could not possibly justify such income.
Unable to exclude a possible criminal origin of the funds, the MROS forwarded the SAR to the prosecution authorities.
The stability and location of the UAE, roughly half way between Asia and Europe, together with expansionist economic policies, has made it an attractive area in which to do business. The UAE has a relatively low crime rate, with the majority of financial crime and money laundering within the region being committed by criminals overseas.
The primary AML legislation is Federal Law No. 4 of 2002 Regarding Criminalisation of Money Laundering (the AML Law), which was introduced in January 2002. There are also AML provisions in the UAE Penal Code. The DFSA Rulebook provides guidance on the law within the DIFC.
Some of the AML provisions in the UAE Criminal Code were introduced as early as 1987. This legislation has been supplemented by various directives from the UAE Central Bank.
The 2008 FATF mutual evaluation found that although a basic legal framework for combating money laundering and terrorist financing is in place in the UAE, it needs further strengthening in a number of areas, including with regard to AML legislation, the role of the FIU and STR reporting. Furthermore, the report noted that “the absence of meaningful statistics was a significant hindrance to the progress of the assessment. With only minor exceptions, the level of effectiveness of AML/CFT measures across all sectors was difficult or impossible to gauge. The development of a national strategy for AML/CFT must urgently address this issue if recent progress is to be built upon.”
The Anti-Money Laundering and Suspicious Cases Unit (AMLSCU) is a part of the UAE Central Bank. It was created to assist the central bank's AML efforts, and acts as the FIU for the UAE.
Article 7 of Federal Law No. 4 directed the central bank to set up a financial information unit (FIU) to deal with money laundering and suspicious cases, and to provide a centre for reporting. The FIU was also directed to make the information available to law-enforcement agencies to facilitate their investigations. It was also empowered by Article 7 to facilitate the exchange of information with its counterparts in other countries, either pursuant to a convention or simply on the basis of reciprocity.
The Dubai Financial Services Authority (DFSA) is the independent regulator of all financial and ancillary services conducted through the DIFC, a purpose-built free zone in Dubai.
The DFSA's regulatory mandate covers asset management, banking and credit services, securities, collective investment funds, custody and trust services, commodities futures trading, Islamic finance, insurance, an international equities exchange and an international commodities derivatives exchange.
The DFSA has signed 57 bilateral Memoranda of Understanding with regulators in jurisdictions across the world.
The central bank's statutory objectives are to direct monetary, credit and banking policy and supervise their implementation in accordance with the State's general policy and in such ways as to help support the national economy and stability of the currency.
The UAE Central Bank is the predominant supervisory authority of the country's financial institutions in respect of compliance with anti-money-laundering obligations, although other public institutions also play roles in the process.
Money laundering is defined as any act involving transfer, conversion or deposit of property, or concealment or disguise of the true nature of that property, which was derived from any of the following offences:
Theft is likely to fall under “related offences”.
Furthermore, where any person intentionally commits or assists in the commission of any of the following acts in respect of property derived from any of the offences stated above, such person shall be considered a perpetrator of the money-laundering offence:
“Property” is defined widely and means assets of every kind, whether tangible or intangible, moveable or immoveable, and legal documents or instruments evidencing title to those assets or any related rights.
Money laundering shall be punished by imprisonment for a term not exceeding seven years, or by a fine of between AED 30,000 and AED 300,000. In addition to this, the proceeds of the crime, or an equivalent amount if they are no longer in existence, shall be confiscated.
Financial institutions which intentionally commit money laundering shall be punished by a fine of between AED 300,000 and AED 1,000,000, in addition to the confiscation of the proceeds of crime (or an equivalent amount) involved.
The anti-money-laundering policies, procedures, systems and controls of an authorised firm must adequately address the money-laundering risks, taking into account any vulnerabilities of its products, services and customers. In assessing the risks in relation to money laundering, an authorised firm must have regard to the relevant provisions of AML law. An authorised firm must assess its risks in relation to money laundering and perform enhanced due diligence investigations for higher-risk products, services and customers. An authorised firm must be aware of any money-laundering risks that may arise from new or developing technologies that might favour anonymity and take measures to prevent their use for the purpose of money laundering.
Institutions are required to appoint an individual to the licensed function of MLRO, who must be ordinarily resident in the UAE. An authorised firm must also appoint an individual to act as a deputy MLRO, who must fulfil the role of MLRO in his absence. An authorised firm should have a policy statement detailing the duties and obligations of its MLRO, and must ensure that the MLRO is of sufficient seniority within the firm to enable him to:
An authorised firm must ensure that its MLRO is responsible for all of its anti-money-laundering activities carried on in, or from, the DIFC, and must ensure that its MLRO carries out, and is responsible for, the following:
The MLRO must report at least annually to the governing body or senior management of the authorised firm on the extent of AML compliance, including the matters referred to above, and the governing body should promptly assess and act on this report. The report provided and the records of the assessment and actions must be documented in writing, and a complete copy of each must be provided to the DFSA promptly.
Subject to an exception, an authorised firm must establish and verify the identity of any customer with, or for, whom it acts or proposes to act. In establishing and verifying a customer's true identity, a firm must obtain sufficient and satisfactory evidence having considered:
An authorised firm must update, as appropriate, any customer identification policies, procedures, systems and controls, and should adopt a risk-based approach for the customer identification and verification process. Depending on the outcome of the authorised firm's money-laundering risk assessment of its customer, it should decide to what level of detail the customer identification and verification process will need to be performed.
An authorised firm is required to be satisfied that a prospective customer is who he claims to be and obtain evidence to prove this.
Firms should obtain the following:
Any unusual facts of which an authorised firm becomes aware during the identification process may be an indication of money laundering and should prompt the firm to request supplementary information and evidence. CDD must be fulfilled before the authorised firm effects any transaction on behalf of the customer, except for low-risk customers (see below).
The authorised firm should verify that it is dealing with a true and existing person. It also should obtain evidence of verification that is sufficient to establish that the person is indeed who he claims to be. The following list, which is not meant to be exhaustive, should be considered as guidance regarding the type of information and evidence which should be obtained to establish and verify the identity of a customer:
The address of a prospective customer should enable an authorised firm to physically locate the customer. If PO Box numbers are customary to a country, additional methods of physically locating the customer should be applied.
Documentary evidence of identity:
Documentary evidence of address:
For companies, the following should be obtained in either documentary or electronic form:
Documentary evidence of identity:
If the applying customer is not obliged to publish an audited annual report, adequate information about the financial accounts should be obtained. An authorised firm should verify that the applying customer is active and has not been, or is not in the process of being, dissolved, wound up or terminated.
For unincorporated businesses or partnerships, the following should be obtained:
Documentary evidence of identity:
Whenever an authorised firm comes into contact with a customer with, or for, whom it acts or proposes to act, it must establish whether the customer is acting on his own behalf or on the behalf of another person. An authorised firm must establish and verify the identity of both the customer and any other person on whose behalf the customer is acting, including that of the beneficial owner of the relevant funds, which may be the subject of a transaction to be considered, and must obtain sufficient and satisfactory evidence of their identities.
An authorised firm should obtain a statement from a prospective customer to the effect that he is, or is not, acting on his own behalf. In cases where the customer is acting on behalf of third parties, it is recommended that the authorised firm obtain a written statement, confirming the statement made by the customer, from the parties including the beneficial owner.
An authorised firm must have systems and controls to determine whether a customer is a politically exposed person, and where a customer relationship is maintained with a PEP, detailed monitoring and due diligence procedures should include:
An authorised firm that establishes, operates or maintains a correspondent account for a correspondent banking client must ensure that it has arrangements to:
An authorised firm must not:
An authorised firm does not have to fulfil the CDD obligations before effecting a transaction for a customer where it has, on reasonable grounds, established that:
A firm can conduct reduced due diligence for certain specified low-risk customers, unless it has reasonable grounds to know or suspect that a customer, or a person on whose behalf he is acting, is engaged in money laundering.
Where the authorised firm is unable to establish and verify the identity of any customer referred to above, including, where applicable, any beneficiaries, beneficial owners or trustees, within the 30 days following receipt of the customer's instruction, it must:
An authorised firm must:
If, at any time, an authorised firm becomes aware that it lacks sufficient information or documentation concerning a customer's identification, or develops a concern about the accuracy of its current information or documentation, it must promptly obtain appropriate material to verify the customer's identity.
An authorised firm should undertake a periodic review to ensure that customer identity documentation is accurate and up to date. An authorised firm should undertake a review particularly when:
If a customer account is dormant or an authorised firm has had no contact with the customer within the previous twelve months, an authorised firm should take reasonable steps to verify whether available information, documentation and evidence concerning the customer is still valid and up to date.
In addition to this, an authorised firm must review the effectiveness of its anti-money-laundering policies, procedures, systems and controls at least annually. The review process should include an assessment of the authorised firm's anti-money-laundering policies, procedures, systems and controls. This review process may be undertaken:
The review process should cover at least the following:
An authorised firm must have arrangements to provide periodic information and training to all employees to ensure that they are aware of:
The information described above must be brought to the attention of new employees and must remain available to all employees.
An authorised firm must have arrangements to ensure that:
An authorised firm must conduct anti-money-laundering training sessions with sufficient frequency to ensure that within 12 months it is provided to all employees.
All relevant CDD and ongoing monitoring documentation and correspondence must be kept for at least six years from the date on which the business relationship with a customer has ended. If the date on which the business relationship with a customer has ended remains unclear, it may be taken to have ended on the date of the completion of the last transaction.
The records maintained by an authorised firm should be kept in such a manner that:
All relevant details of any transaction carried out by the authorised firm with, or for, a customer must be kept for at least six years from the date on which the transaction was completed.
All relevant details of the authorised firm's anti-money-laundering training must be recorded, including:
These records must be kept for at least six years from the date on which the training was given. Furthermore, all relevant details of any internal and external suspicious transactions must be kept for at least six years from the date on which the report was made.
An authorised firm must have appropriate arrangements to ensure that whenever any employee, acting in the ordinary course of his employment, either knows or suspects, or has reasonable grounds for knowing or suspecting, that a person is engaged in money laundering, that the employee makes an internal suspicious transaction report to the authorised firm's MLRO. An authorised firm must have policies and procedures to ensure that disciplinary action can be taken against any employee who fails to make such a report.
The requirement for employees to make internal STRs should include situations when no business relationship was developed because the circumstances were suspicious.
If an authorised firm's MLRO receives an internal suspicious transaction report he must, without delay:
An authorised firm may allow its employees to consult with their line managers before sending a report to the MLRO. The DFSA would expect that such consultation does not prevent making a report whenever an employee has stated that he has knowledge, suspicion or reasonable grounds for knowing or suspecting that a transaction may involve money laundering.
The failure to report suspicions of money laundering may constitute a criminal offence that is punishable under the laws of the UAE.
The MLRO must document:
Furthermore, an authorised firm must ensure that if the MLRO decides to make an external suspicious transaction report, his decision is made independently and is not subject to the consent or approval of any other person.
Authorised firms must not carry out transactions which they know or suspect, or have reasonable grounds for knowing or suspecting, to be related to money laundering until they have informed the AMLSCU and the DFSA.
In accordance with Article 16 of the UAE Law No. 4, authorised firms or any of their employees must not tip off or inform any person that his transaction is being scrutinised for possible involvement in suspicious money-laundering operations, or that any other competent authority is investigating his possible involvement. If an authorised firm reasonably believes that performing CDD will tip off a customer or potential customer, it may choose not to pursue that process and should file a suspicious transaction report.
Chairmen, directors, managers and employees of financial institutions who know of, yet fail to report to the FIU, any act that occurred within their establishments and was related to the money-laundering offence shall be punished by imprisonment or by a fine of between AED 10,000 and AED 100,000, or by both penalties.
Anyone who tips off a suspect shall be punished by imprisonment for a term not exceeding one year, or by a fine of between AED 5,000 and AED 50,000, or by both penalties.
Whoever violates any of the other provisions herein shall be punished by imprisonment or by a fine not exceeding AED 100,000 and not less than AED 10,000.
Despite the above, it will be a defence to show that any breach or report made was done in good faith. This will result in immunity from any penalty which would otherwise be imposed.
A UAE-based bank reported to the UAE Central Bank's Anti-Money Laundering and Suspicious Cases Unit about suspected transactions in a customer's account. The report noted that deposits in the customer's account had raised questions in light of his job and salary, which reached AED 6,600,000 in just over a year. These deposits were made from various locations in the country, but when the bank asked him, the man failed to present the bank with any documentation to verify the origin of such funds. As a result, the Anti-Money Laundering and Suspicious Cases Unit referred the case to the Abu Dhabi Public Prosecution.
The investigation in this case is still ongoing, but it does raise important points to note for financial institutions. Ongoing monitoring of client accounts and transactions is vital to identify and take action against suspicious transactions, and it is important that deposits of this nature do not slip under the radar.
Ukraine has experienced a recent surge in its financial economy. This is partly due to its increased activity with the European markets. Commercial banks still have the largest share of the Ukrainian economy. The insurance sector is also becoming a more integral part of the economy, with a number of insurance companies emerging in recent years. There has also been a surge in technological developments as far as the banking system is concerned. The Law on Financial Services sought to bring an element of financial stability.
The current banking system in Ukraine is two-tiered, comprising the central bank of the country and commercial banks. The central bank of Ukraine is the National Bank of Ukraine (NBU); it controls the national currency, supervises the banking system and issues current banking regulations. Commercial banks operate under the authorisation and supervision of the NBU, including the State-owned export–import bank (Ukreximbank) and a specialised commercial savings bank (Oschadnybank).
The Criminal Code provides the money-laundering offences. In addition to this, the primary AML law is the Law of Ukraine on the Prevention and Counteraction of the Legalisation of the Proceeds from Crime (the AML Act), which was amended on 18th May, 2010.
Ukraine implemented various United Nations Security Council Resolutions in 1999 and 2001. The legislation has always been enacted through the AML Act, including the most recent 2010 amendments.
The FATF identified Ukraine as having serious deficiencies in its AML framework in its mutual evaluation report in 2009. However, in its follow-up report issued in 2011, the FATF issued the following statement:“The FATF welcomes Ukraine's significant progress in improving its AML/CFT regime and notes that Ukraine has largely met its commitments in its Action Plan regarding the strategic deficiencies that the FATF had identified in February 2010. Ukraine is therefore no longer subject to FATF's monitoring process under its on-going global AML/CFT compliance process. Ukraine will work with MONEYVAL as it continues to address the full range of AML/CFT issues identified in its Mutual Evaluation Report, and further strengthen its AML/CFT regime.”
The main function of the country's central bank is to ensure the stability of the monetary unit – the Hryvnia. To carry out this function, the National Bank fosters stability in the banking system and price stability.
The Ministry of Finance is the statutory executive body responsible for forming and implementing the financial, budget, tax and customs policy of Ukraine. It is also responsible for regulating, supervising and implementing the Ukrainian AML policy.
The Ministry of Finance is also the licensing agency for the organisation of gambling activities, while the licensing agency for the organisation and maintenance of totalizators and gambling institutions is the Council of Ministers of the Autonomous Republic of Crimea, regional state administrations and the Kyiv and Sevastopol city administrations. Control over the observation by business entities of licensing terms is undertaken by the Ministry of Finance and the State Committee for Regulatory Policy and Entrepreneurship.
The Ministry supports the implementation of government economic, pricing, investment and foreign economic policy regarding internal trade and interdepartmental cooperation. It also ensures coordination between Ukraine and the EU.
The State Commission for Financial Services Markets Regulation of Ukraine (hereinafter referred to as the SCFM of Ukraine) is the central agency of executive power with special status, the activity of which is directed and coordinated by the Cabinet of Ministers of Ukraine.
The SCFM of Ukraine is the specially authorised agency with executive power in the area of financial monitoring.
The Criminal Code describes money laundering as:
Furthermore, the AML Act describes money laundering as any act related to the property or proceeds of crime, directed to conceal the origin of such proceeds or property or assistance to the person who is the associate in the crime that is the origin of such proceeds or property.
Money laundering shall be punishable by imprisonment for a term of three to six years, with a prohibition on occupying certain positions or engaging in certain activities for a term up to two years and the forfeiture of criminally obtained money and other property and forfeiture of property.
Money laundering committed repeatedly, by a group or where the amount involved exceeds 6,000 days' salary (defined in the legislation as “tax-free minimum incomes”) shall be punishable by imprisonment of seven to twelve years, with a prohibition on occupying certain positions or engaging in certain activities for a term up to three years, and the forfeiture of criminally obtained money and other property and forfeiture of property.
Money laundering committed by an organised group or where the amount involved exceeds 18,000 days' salary (defined in the legislation as “tax-free minimum incomes”) shall be punishable by imprisonment for a term of eight to 15 years, a prohibition on occupying certain positions or engaging in certain activities for up to three years and the confiscation of money or other illegally obtained property.
The AML Act applies to “the citizens of Ukraine, foreigners and stateless persons, as well as to the legal persons, their subsidiaries, branches and other separate divisions that ensure execution of financial transactions both in Ukraine and abroad according to the international treaties of Ukraine ratified by the Verkhovna Rada of Ukraine”. This is a broad definition.
A reporting entity shall be obliged to manage ML/TF risks considering the results of customer identification, services provided to a customer, analysis of conducted customer transactions and their correspondence to the financial conditions and nature of the client's activity. The risk assessment by a reporting entity shall be executed considering relevant criteria such as the type of customer, the geographical location (country) of customer registration and the institution through which the customer transfers (receives) assets in the form of goods and services.
To reduce any detected risks, a reporting entity shall take measures including:
A Compliance Officer shall be appointed at the managerial level of the reporting entity. The appointment and dismissal of the Compliance Officer shall be agreed with the National Bank of Ukraine.
The role of the Compliance Officer of a reporting entity shall include:
The senior manager of a reporting entity shall be obliged to assist the Compliance Officer in the execution of his functions. The Compliance Officer shall be independent in his activity, accountable only to the senior manager of the reporting entity and is obliged, at least once a month, to provide the senior manager with written information on detected financial transactions subject to financial monitoring, and measures undertaken.
The Compliance Officer should be trained at least once every three years.
Reporting entities are obliged to perform customer due diligence and should apply individual CDD policies depending on the risk posed by the customer, and enhanced CDD should be applied for high-risk customers. CDD should be conducted on the basis of official documents or duly certified copies.
The identification and verification of activity shall be conducted when:
Depending on the risk of money laundering, customer identification should also be carried out when conducting a financial transaction for a client which exceeds UAH 150,000, whether it is through a single operation or as numerous operations that may be linked to each other.
In the case of any suspicion regarding the reliability or adequacy of information provided during CDD, the reporting entity should take further measures to verify and clarify the information given.
A reporting entity has the right to demand, and the customer is obliged to provide, information concerning his/her identity, nature of activity and financial condition if it is required to comply with the AML/CFT legislation. If the customer with whom the business relations were established fails to submit the necessary information on identification and verification of financial activity, the reporting entity has the right to refuse to execute further financial transactions.
For the purposes of identifying residents, reporting entities shall obtain, for natural persons:
The address and ID number shall be verified using the State register and tax information. For entrepreneurs, during the identification of the place of residence, the essential elements of the State registration certificate, the issuing authority, the bank in which the account is held and the number of the bank account (if available) shall be verified.
For the purposes of identifying non-residents, reporting entities shall obtain, for natural persons:
During the identification, the data on the place of residence or temporary residence in Ukraine shall be verified.
For legal persons, the following shall be ascertained:
For a non-resident legal person:
The reporting entity should also be provided with a copy of the registration certificate from the relevant foreign authorities to verify the registration of the relevant legal person.
If a customer acts as a representative or in the interests of another natural person, the reporting entity doubts whether the person is acting on their own behalf or the beneficiary is another person, the reporting entity is obliged to identify the person on whose behalf, under the order of whom or in the interests of whom the financial transaction is being conducted, or who is a beneficiary. If a person acts as a representative of another person, the reporting entity should verify the relevant powers of that person as well.
The reporting entity may not establish a business relationship with a client if it cannot carry out the CDD procedures. In such a case, the reporting entity must inform the Specially Authorised Agency, either on the same or the following business day, that the customer was unwilling to comply with the CDD requirements.
The reporting entity has the right to refuse to establish a business relationship with any customer if it is not satisfied that the CDD requirements have yielded adequate results. If this happens, the entity is obliged to inform the Specially Authorised Agency no later than the following business day that it has made the refusal.
The reporting entity can use a simplified identification procedure in cases involving various specified customers, including government or State-owned bodies.
To establish relations with politically exposed persons and their associates, the following must be adhered to:
Before establishing a correspondent banking relationship, institutions are obliged:
Entities must take measures, on a continual basis, to train personnel on the detection of financial transactions subject to financial monitoring according to the current law by conducting educational and practical events.
Entities are obliged:
Any financial transaction shall be subject to obligatory financial monitoring if its amount equals or exceeds UAH 150,000 (UAH 13,000 for gambling), or the foreign equivalent, and it has one or more of the indicators provided below (this list is not exhaustive):
In addition to this, a financial transaction shall be subject to internal financial monitoring if it has one or more of the following indicators, or if it contains other risks:
The reporting entity has the right to suspend any financial transaction if such transaction contains indicators of money laundering, and should, within the same day, report it to the Specially Authorised Agency. The transaction will be suspended for up to two business days, pending a further extension by the SAA.
Furthermore, entities are obliged:
Entities are obliged to report a financial transaction which is subject to financial monitoring by the business day following its detection, and to inform the Specially Authorised Agency of:
Entities must also submit any requested information to assist the SAA.
Persons guilty of violating the current law shall be subject to criminal, administrative and civil liability according to the law. Such persons may also be deprived of the right to conduct certain kinds of activity pursuant to the law. Legal persons conducting ML/TF financial transactions may be liquidated by a court decision.
If a reporting entity fails to comply with the requirements of the current law and/or undertakes other AML/CFT normative-legal acts, it could be fined according to the procedure defined by the law:
The penalty system clearly takes action against those involved with the failure to comply with the obligations.
In addition to this, the State financial monitoring entity could restrict, terminate or cancel a licence or other special authority to conduct certain activities.
In cases of severe violation by a reporting entity, the State financial monitoring entity could enforce a suspension.
Deliberate failure, untimely submission or submission of false information on financial transactions, if such actions caused substantial damage, shall be punishable by a fine of 1,000 to 2,000 days' salary, or imprisonment for up to two years, and a restriction on the right to occupy certain positions or engage in certain activities for up to three years.
Tipping off, if it causes substantial damage, shall be punishable by a fine of 1,000 to 2,000 days' salary, or imprisonment for up to three years, and a restriction on the right to occupy certain positions or engage in certain activities for up to three years.
A former Ukrainian prime minister was convicted of laundering $21.7 million in extorted funds through US banks. He committed the fraud by requiring the victim to turn over half his profits from his agriculture and metals import and export company as a condition of doing business. He then laundered the money in a complex series of transactions that went through banks in Poland, Switzerland and Antigua and ended up in banks in San Francisco.
The former prime minister was sentenced to a total of over ten years in prison, as well as paying a $9 million fine and compensating the victim.
The USA has a comprehensive AML programme, which has been further enhanced in response to the 11th September terrorist attacks. As the USA carries a considerable terrorism threat, the CFT programme is of primary concern to the legislature. Proposals to make bank executives personally responsible for money-laundering failures were in discussion, but not in force, at the time of going to print.
The Bank Secrecy Act establishes the basic AML framework, and the Federal Financial Institutions Examination Council released an AML handbook under the Bank Secrecy Act in 2010. In addition to this, the USA Patriot Act provides various AML provisions for financial institutions.
The Bank Secrecy Act (BSA) was initially adopted in 1970. The USA Patriot Act was enacted by Congress in 2001 in response to the 11th September terrorist attacks. Among other things, the USA Patriot Act amended and strengthened the BSA. Various NYSE and NASD rules were then approved, and have now been incorporated into a new FINRA Rule 3310. FINRA Rule 3310 provides the minimum requirements for an AML programme.
The 2006 mutual evaluation stated that the USA has “implemented an effective AML/CFT system, although there are remaining concerns in relation to some of the specific requirements for undertaking customer due diligence, the availability of corporate ownership information, and the requirements applicable to certain designated non-financial businesses and professions”. The AML framework was described as “comprehensive”, the regulatory framework as “effective” and the USA pursues criminals involved in money laundering “vigorously”.
The BSA authorises the Secretary of the Treasury to issue regulations requiring banks and other financial institutions to take a number of precautions against financial crime, including the establishment of AML programmes and the filing of reports that have been determined to have a high degree of usefulness in criminal, tax and regulatory investigations and proceedings, and certain intelligence and counter-terrorism matters. The Secretary of the Treasury has delegated to the Director of FinCEN the authority to implement, administer and enforce compliance with the BSA and associated regulations.
The Financial Crimes Enforcement Network (FinCEN) is a bureau of the US Department of the Treasury. FinCEN's mission is to enhance the integrity of financial systems by facilitating the detection and deterrence of financial crime.
FinCEN carries out its mission by receiving and maintaining financial transactions data; analysing and disseminating that data for law-enforcement purposes; and building global cooperation with counterpart organisations in other countries and with international bodies.
The Financial Industry Regulatory Authority (FINRA) is the largest independent regulator for all securities firms doing business in the United States. FINRA's mission is to protect America's investors by making sure the securities industry operates fairly and honestly.
The Internal Revenue Service Criminal Investigation investigates potential criminal violations of the Internal Revenue Code and related financial crimes in a manner that fosters confidence in the tax system and compliance with the law.
Headed by an Under Secretary, the Office of Terrorism and Financial Intelligence (TFI) marshals the Treasury Department's policy, enforcement, regulatory and intelligence functions to sever the lines of financial support to international terrorists, WMD proliferators, narcotics traffickers, money launderers and other threats to national security.
Two components of TFI are led by Assistant Secretaries. The Office of Terrorist Financing and Financial Crimes (TFFC) is the policy and outreach apparatus for TFI. The Office of Intelligence and Analysis (OIA) is responsible for TFI's intelligence functions, integrating the Treasury Department into the larger intelligence community (IC), and providing support to both Treasury leadership and the IC.
TFI also oversees several component offices and bureaus. The Office of Foreign Assets Control (OFAC) administers and enforces economic and trade sanctions. The Treasury Executive Office for Asset Forfeiture (TEOAF) administers the Treasury Forfeiture Fund (TFF), which is the receipt account for the deposit of non-tax forfeitures. Responsible for administering the Bank Secrecy Act (BSA) and other regulatory functions is one of the Treasury's bureaus, the Financial Crimes Enforcement Network (FinCEN), which supports law-enforcement investigative efforts and fosters inter-agency and global cooperation against domestic and international financial crimes. It also provides US policymakers with strategic analyses of domestic and worldwide trends and patterns. The director of FinCEN reports directly to the Under Secretary. TFI also works in close partnership with the IRS Criminal Investigative Division (IRS-CI) to enforce laws against terrorist financing and money laundering, including the Bank Secrecy Act.
The Drug Enforcement Agency's objective with financial investigations is to identify and halt the use of drug proceeds that finance the continued operations of drug traffickers.
The Council is a formal inter-agency body empowered to prescribe uniform principles, standards and report forms for the federal examination of financial institutions by various government agencies, and to make recommendations to promote uniformity in the supervision of financial institutions.
Money laundering is committed by anyone who, knowing that the property involved in a financial transaction represents the proceeds of some form of unlawful activity, conducts or attempts to conduct such a financial transaction which in fact involves the proceeds of specified unlawful activity:
An offence is also committed by anyone who transports, transmits or transfers, or attempts to transport, transmit or transfer a monetary instrument or funds from a place in the United States to, or through, a place outside the United States or to a place in the United States from, or through, a place outside the United States:
The penalty for money laundering is a fine of not more than $500,000 or twice the value of the property involved in the transaction, whichever is greater, or imprisonment for not more than 20 years, or both.
Moving money in/out of the country as outlined above is punishable by a fine of not more than $500,000 or twice the value of the monetary instrument or funds involved in the transportation, transmission or transfer, whichever is greater, or imprisonment for not more than 20 years, or both.
Whoever, with the intent:
conducts, or attempts to conduct, a financial transaction involving property representing the proceeds of specified unlawful activity, or property used to conduct or facilitate specified unlawful activity, shall be fined or imprisoned for not more than 20 years, or both.
The term “proceeds” means any property derived from or obtained or retained, directly or indirectly, through some form of unlawful activity, including the gross receipts of such activity. Any person who conspires to commit any offence defined shall be subject to the same penalties as those prescribed for the commission of the offence which was the object of the conspiracy.
The board of directors, acting through senior management, is ultimately responsible for ensuring that the bank maintains an effective BSA/AML internal control structure, including suspicious activity monitoring and reporting. The board of directors and management should create a culture of compliance to ensure staff adherence to the bank's BSA/AML policies, procedures and processes. The level of sophistication of the internal controls should be commensurate with the size, structure, risks and complexity of the bank. Internal controls should:
The above list is not designed to be all-inclusive and should be tailored to reflect the bank's BSA/AML risk profile.
Management should structure the bank's BSA/AML compliance programme to adequately address its risk profile, as identified by the risk assessment. Management should understand the bank's BSA/AML risk exposure and develop appropriate policies, procedures and processes to monitor and control BSA/AML risks. It is sound practice for banks to periodically reassess their BSA/AML risks at least every 12 to 18 months.
The bank's board of directors must designate a qualified individual to serve as the BSA Compliance Officer. The BSA Compliance Officer is responsible for coordinating and monitoring day-to-day BSA/AML compliance. The BSA Compliance Officer is also charged with managing all aspects of the BSA/AML compliance programme and with managing the bank's adherence to the BSA and its implementing regulations; however, the board of directors is ultimately responsible for the bank's BSA/AML compliance.
The Compliance Officer's level of authority and responsibility within the bank is critical. They may delegate BSA/AML duties to other employees, but the Compliance Officer should be responsible for overall BSA/AML compliance. The BSA Compliance Officer should be fully knowledgeable of the BSA and all related regulations, and should also understand the bank's products, services, customers, entities and geographic locations, and the potential money-laundering and terrorist-financing risks associated with those activities.
The line of communication should allow the BSA Compliance Officer to regularly update the board of directors and senior management on ongoing compliance with the BSA. Pertinent BSA-related information, including the reporting of SARs filed with FinCEN, should be reported to the board of directors or an appropriate board committee so that these individuals can make informed decisions about overall BSA/AML compliance.
All banks must have a written Customer Identification Programme (CIP). The CIP is intended to enable the bank to form a reasonable belief that it knows the true identity of each customer, and must include account-opening procedures that specify the identifying information that will be obtained from each customer. It must also include reasonable and practical risk-based procedures for verifying the identity of each customer. Banks should conduct a risk assessment of their customer base and product offerings, and in determining the risks, consider:
The CIP must contain account-opening procedures detailing the identifying information that must be obtained from each customer. At a minimum, the bank must obtain the following identifying information from each customer before opening an account:
Based on its risk assessment, a bank may require identifying information in addition to the items above for certain customers or product lines.
The CIP must contain risk-based procedures for verifying the identity of the customer within a reasonable period of time after the account is opened. A bank need not establish the accuracy of every element of identifying information obtained, but it must verify enough information to form a reasonable belief that it knows the true identity of the customer. The bank's procedures must describe when it will use documents, non-documentary methods or a combination of both.
A bank must have procedures that set forth the minimum acceptable documentation. This identification must provide evidence of a customer's nationality or residence and bear a photograph or similar safeguard; examples include a driving licence or passport. However, other forms of identification may be used if they enable the bank to form a reasonable belief that it knows the true identity of the customer.
For a legal person, the bank should obtain documents showing the legal existence of the entity, such as certified articles of incorporation, an unexpired government-issued business licence, a partnership agreement or a trust instrument.
Banks are not required to use non-documentary methods to verify a customer's identity. However, a bank using non-documentary methods to verify a customer's identity must have procedures that set forth the methods the bank will use. Non-documentary methods may include:
The CIP must address situations where, based on its risk assessment of a new account opened by a company, the bank will obtain information about individuals with authority or control over the accounts, including signatories, in order to verify the customer's identity. This verification method applies only when the bank cannot verify the customer's true identity using documentary or non-documentary methods.
The CIP must also have procedures for circumstances in which the bank cannot form a reasonable belief that it knows the true identity of the customer. These procedures should describe:
Higher-risk customers and their transactions should be reviewed more closely at account opening and more frequently throughout the term of their relationship with the bank. The bank may determine that a customer poses a higher risk because of the customer's business activity, ownership structure and/or the anticipated or actual volume and types of transactions, including those transactions involving higher-risk jurisdictions. If so, the bank should consider obtaining, both at account opening and throughout the relationship, the following information on the customer:
Furthermore, for high-risk customers, the following should be scrutinised:
As due diligence is an ongoing process, a bank should take measures to ensure account profiles are current and monitoring should be risk-based. Banks should consider whether risk profiles should be adjusted or suspicious activity reported when the activity is inconsistent with the profile.
Banks should establish risk-based controls and procedures that include reasonable steps to ascertain the status of an individual as a PEP and to conduct risk-based scrutiny of accounts held by these individuals. Risk will vary depending on other factors such as products and services used and size or complexity of the account relationship.
Commensurate with the identified level of risk, due diligence procedures should include, but are not necessarily limited to, the following:
A bank that maintains a correspondent account in the United States for a foreign bank must maintain records in the United States identifying the owners of each foreign bank. A bank must also record the name and street address of a person who resides in the United States and who is authorised, and has agreed, to be an agent to accept services of legal process. A bank must produce these records within seven days upon receipt of a written request from a federal law-enforcement officer.
The regulation also contains specific provisions as to when banks must obtain the required information or close correspondent accounts. Banks must obtain certifications (or recertifications) or otherwise obtain the required information within 30 calendar days after the date an account is established and at least once every three years thereafter. If the bank is unable to obtain the required information, it must close all correspondent accounts with the foreign bank within a commercially reasonable time.
A bank should review certifications for reasonableness and accuracy. If a bank, at any time, knows, suspects or has reason to suspect that any information contained in a certification (or recertification), or that any other information it relied on, is no longer correct, the bank must request that the foreign bank verify or correct such information, or the bank must take other appropriate measures to ascertain its accuracy.
A bank is prohibited from establishing, maintaining, administering or managing a correspondent account in the United States for, or on behalf of, a foreign shell bank. An exception, however, permits a bank to maintain a correspondent account for a foreign shell bank that is a regulated affiliate. A bank must also take reasonable steps to ensure that any correspondent account established, maintained, administered or managed in the United States for a foreign bank is not being used by that foreign bank to provide banking services indirectly to foreign shell banks.
Appropriate policies, procedures and processes should be in place to monitor and identify unusual activity. The sophistication of monitoring systems should be dictated by the bank's risk profile, with particular emphasis on the composition of higher-risk products, services, customers, entities and geographies. The bank should ensure adequate staff is assigned to the identification, research and reporting of suspicious activities, taking into account the bank's overall risk profile and the volume of transactions. Monitoring systems typically include employee identification or referrals, transaction-based (manual) systems, surveillance (automated) systems or any combination of these.
Banks must ensure that appropriate personnel are trained in applicable aspects of the BSA. Training should include regulatory requirements and the bank's internal BSA/AML policies, procedures and processes. At a minimum, the bank's training programme must provide training for all personnel whose duties require knowledge of the BSA. The training should be tailored to the person's specific responsibilities. In addition, an overview of the BSA/AML requirements typically should be given to new staff during employee orientation. Training should encompass information related to applicable business lines, such as trust services, international and private banking. The BSA Compliance Officer should receive periodic training that is relevant and appropriate given changes to regulatory requirements as well as the activities and overall BSA/AML risk profile of the bank.
The board of directors and senior management should be informed of changes and new developments in the BSA, its implementing regulations and directives and the federal banking agencies' regulations. While the board of directors may not require the same degree of training as banking operations personnel, they need to understand the importance of BSA/AML regulatory requirements, the ramifications of non-compliance and the risks posed to the bank. Without a general understanding of the BSA, the board of directors cannot adequately provide BSA/AML oversight; approve BSA/AML policies, procedures and processes; or provide sufficient BSA/AML resources.
Training should be ongoing and incorporate current developments and changes to the BSA and any related regulations. Changes to internal policies, procedures, processes and monitoring systems should also be covered during training. The programme should reinforce the importance that the board and senior management place on the bank's compliance with the BSA and ensure that all employees understand their role in maintaining an effective BSA/AML compliance programme.
Examples of money-laundering activity and suspicious activity monitoring and reporting can and should be tailored to each individual audience. For example, training for tellers should focus on examples involving large currency transactions or other suspicious activities; training for the loan department should provide examples involving money laundering through lending arrangements.
Banks should document their training programmes. Training and testing materials, the dates of training sessions and attendance records should be maintained by the bank and be available for examiner review.
A bank's CIP must include record-keeping procedures. At a minimum, the bank must retain the identifying information (name, address, date of birth for an individual, TIN and any other information required by the CIP) obtained at account opening for a period of five years after the account is closed. For credit cards, the retention period is five years after the account closes or becomes dormant. The bank must also keep a description of the following for five years after the record was made:
The BSA requires banks to maintain records of funds transfer in amounts of $3,000 and above.
Records for monetary instrument sales are required by the BSA. Such records can assist the bank in identifying possible currency structuring through the purchase of cashier's cheques, official bank cheques, money orders or traveller's cheques in amounts of $3,000 to $10,000.
When a domestic financial institution is involved in a transaction involving the movement of over $10,000, the institution shall file a report on the transaction at the time and in the way the Secretary prescribes. Entities may be exempted from this if the customer is well known or a frequent customer.
The Secretary may require any financial institution, and any director, officer, employee or agent of any financial institution, to report any suspicious transaction relevant to a possible violation of law or regulation. Disclosure of the report is prohibited. Banks, bank holding companies and their subsidiaries are required by federal regulations to file a SAR with respect to:
Anyone who submits a SAR in good faith is exempted from prosecution.
Most vendors offer reports that identify all currency activity or currency activity greater than $10,000. These reports assist bankers with filing CTRs and identifying suspicious currency activity.
In order to guard against money laundering through financial institutions, each financial institution shall establish anti-money-laundering programmes, including, at a minimum:
Under FINRA Rule 3310, an AML programme must be in writing and include, at a minimum:
Simple breaches of the reporting obligations are punishable by imprisonment for not more than five years, a fine of not more than $250,000, or both. Violations committed during the commission of another federal crime or as part of a pattern of illegal activity involving more than $100,000 over the course of a year are punishable by imprisonment for not more than ten years. The punishment is a fine of not more than $500,000 (not more than $1 million for a special measures violation or a violation involving a breach of CDD).
In the first case, a criminal was sentenced to 12 months and one day in prison for her role in a money-laundering conspiracy that involved proceeds from the unlawful distribution of prescription painkilling medication. She was part of a ring which unlawfully transported a powerful and addictive prescription painkiller from Las Vegas, Nevada, to Fairbanks. She then wire transferred or deposited approximately $14,000 that consisted of proceeds from the unlawful distribution of the painkillers in the Fairbanks area. Approximately $140,000 was laundered during the conspiracy. Other participants in the conspiracy received sentences of 80 months, 18 months and 12 months and a day in prison.
In another case, the president of a payphone company was sentenced to 54 months in prison for money laundering. For three years, he conspired with other senior members of the company to fraudulently collect dial-around compensation fees by programming payphones to autodial toll-free telephone numbers.
Under FCC regulations, payphone owners are paid $.494 for every toll-free call placed from their payphones. The criminal's payphones were programmed to place toll-free calls and to choose the appropriate options in the automated messaging system to stay connected long enough to ensure the payphone would collect the dial-around compensation fee. The phone would then automatically hang up. The scheme generated over $1 million in fraudulent dial-around compensation fees. The accomplices were sentenced to three months and 12 months in prison.
In a further case, a criminal was sentenced to 36 months in prison and three years of supervised release after pleading guilty to conspiring to launder monetary instruments. The son of the owner of an auto dealership sold vehicles to three individuals but put different names on the vehicle titles. The vehicles were purchased with illegal funds. He then allowed falsified information to be presented to the financial institutions to secure the loans for the vehicles.
Vietnam is predominantly a cash economy. The ineffective AML regime had been the subject of vast criticism by the FATF, but a major overhaul of the legislative provisions in 2013 – the first since 2005 – sought to address the numerous deficiencies.
The new rules require that businesses report transactions over a certain threshold and suspicious transactions to Vietnam's financial intelligence unit (FIU). In addition:
All obliged or reporting entities will have to undertake AML risk assessments in respect of their business and implement compliance plans to mitigate those risks.
The money-laundering offences are contained in Articles 250 and 251 of the Vietnam Penal Code. The Law on Prevention and Combat of Money Laundering (the Law) came into effect in early 2013, with the relevant AML and compliance provisions contained in Decree 116/2013/ND-CP.
Vietnam signed border control agreements with neighbouring countries in the early 1990s, to try to prevent cross-border money laundering. In addition, Vietnam ratified various UN conventions in the late nineties and 2000, and the AML Decree in 2005. The previous compliance law was Decree 74/2005/ND-CP on prevention of money laundering, supplemented by Circular No. 41/2011/TT-NHNN, which guided the identification and update of customer information on a risk basis with regard to combating money laundering.
In June 2012, the FATF released a statement in which it said “Vietnam has taken steps towards improving its AML/CFT regime, including by issuing an Inter-Ministerial Circular on terrorist financing and amended its AML legislation. However, despite Vietnam's high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies, Vietnam has not made sufficient progress in implementing its action plan, and certain strategic AML/CFT deficiencies remain.” Vietnam has recently implemented new AML legislation to address these issues, but its effectiveness remains to be seen.
According to Article 16(3) of AML Decree 74, the Ministry for Public Security (MPS) is the lead agency responsible for investigating money laundering. The two key MPS departments are the Economic Crimes Investigation Department, which undertakes money-laundering investigations, and the Anti-Terrorism Department. The official website of the Ministry for Public Security was “under construction” at the time of writing.
The duties of the State Bank of Vietnam, as listed in Decree 178/2007/ND-CP dated 3rd December, 2007 and Decree 96/ND-CP dated 26th August, 2008 by the government on functions, roles and responsibilities and the structure of Ministries and ministerial agencies, include inspecting, investigating and handling any complaints, accusations or violations of the law related to banking and finance, and to the fight against corruption.
The Anti Money Laundering Information Centre was set up under the 2005 Decree to receive reports and coordinate AML compliance. It is a part of the State Bank of Vietnam.
Vietnam will not introduce an FIU as part of the 2013 overhaul. Instead, the National Assembly has decided that the functions of AML authorities will be distributed to various ministries and government agencies.
It should be noted that suspicion is not generally recognised as a concept within Vietnamese law, and only a natural person can be convicted of a crime under the Penal Code.
Money laundering is defined in the Vietnam Penal Code as follows:“Using financial and/or banking operators or other transactions to legalise money and/or property obtained through the commission of crime or using such money and/or property to conduct business activities or other economic activities.”
The harbouring offence is committed by:“Those who, without prior promise, harbour or consume property with the full knowledge that it was acquired through the commission of crime by other persons.”
There is no requirement to prove possession and concealment, proof of either will be sufficient to obtain a conviction under Article 250.
The definition of money laundering includes:
The penalty for money laundering is a sentence of between one and five years of imprisonment. Furthermore, anyone committing the crime in one of the following circumstances shall be sentenced to between three and ten years of imprisonment:
Offenders shall be sentenced to between five and 15 years of imprisonment if they commit the crime in particularly serious circumstances. The offenders may also be subject to the confiscation of property, to a fine treble the amount of money or the value of the property that has been legalised and/or to a ban from holding certain posts, practising certain occupations or doing certain jobs for one to five years.
Anyone found guilty of the harbouring offence shall be sentenced to a fine of between five million dong and fifty million dong, non-custodial reform of up to three years or a prison term of between six months and three years.
If someone is found to have committed the crime in one of the following circumstances, the offenders shall be sentenced to between two and seven years of imprisonment:
A further requirement relates to those found to have committed the crime in one of the following circumstances, where offenders shall be sentenced to between five and ten years of imprisonment:
This is further extended for those committing the crime in one of the following circumstances; the offenders shall be sentenced to between seven and 15 years of imprisonment:
The offender may also be subject to a fine of between three million dong and thirty million dong and/or the confiscation of part or whole of their property.
Financial organisations must apply measures to identify clients in the following cases:
Depending on the scale and scope of activity and the transactions carried out by customers, reporting entities shall check and classify their customers according to whether they pose a high, medium or low level of risk. For customers with a high risk level, reporting entities must apply customer identification measures at an enhanced level.
Each reporting organisation should appoint a member of the executive board to be in charge of organising, conducting and inspecting compliance with provisions of applicable laws on the prevention and combating of money laundering at their unit (hereinafter referred to as the person in charge of money laundering prevention and combating) and register the details of this person with the Anti-Money-Laundering Office of the Banking Inspection and Supervision Agency. The details should include the name, work address, phone number, fax number and a contact email address. When the person in charge of money laundering prevention and combating, or any information relating to that person, changes, the reporting organisation shall be required to make a timely written report outlining the changes to the Anti-Money-Laundering Office of the Banking Inspection and Supervision Agency.
Depending on the scale, scope and specific features of the operation, the reporting organisation shall decide whether to establish a specialised unit (division, department) or to set up a unit at the head office to oversee all matters pertaining to the prevention and combating of money laundering. Within each operational department and branch, the reporting organisation shall appoint one or several officers to be in charge of the prevention and combating of money laundering.
There are two objectives of the CDD requirements:
Reporting entities are responsible for setting their own CDD requirements, which must include the following elements:
Reporting entities must define beneficial owners according to the following criteria:
Reporting entities must draw up regulation on the classification of clients on the basis of the money-laundering risk based on the following elements:
A reporting entity shall be responsible for identifying customers who are politically exposed persons. In the event that a customer is a politically exposed person, the reporting entity shall apply enhanced measures as follows:
A reporting entity must regularly update client identification information during the course of the business relationship to ensure that the transactions being conducted by clients through the reporting entity are in accordance with the information already known about the clients, about the business operation, the risks and the origins of the clients' property.
Internal regulations on the prevention and combating of money laundering should include the following contents:
Article 12 of the Law provides an additional responsibility to financial institutions and designated non-financial businesses and professions. Besides customer identification, which is already required by sub-law regulations, under the new Law, reporting entities will have to produce internal regulations on customer classification based on risk exposure by types of clients, goods/services in use and places of residence/head office.
Additional evaluations shall be applied to customers and transactions which are classified in the high-risk range. Said high-risk customers and transactions include politically exposed foreigners, agent banking operations, transactions relating to new technology, transactions with individuals and organisations from countries and territories on the warning list and introduced business.
The modern risk-based AML management approach was first applied in the banking sector in Circular 41. Under the Law, this approach is extended to other sectors. As a result, not only financial institutions but also real estate agents, real estate floors, insurance companies and stock brokers will have to establish an AML management system with risk-based customer classification to fully comply with the Law.
On an annual basis, a reporting organisation shall set up and carry out a programme of training and raising awareness of the measures for preventing and combating money laundering for all officers and staff relating to money and other asset transactions of the reporting organisation. The reporting organisation must have a policy on giving priority to the training of those staff who directly transact with the customers and officers and staff in charge of the prevention and combating of money laundering.
The reporting organisation shall, by its own decision, select the training form that best corresponds with its organisational and operational features. It shall also take the initiative in coordinating with the Banking Inspection and Supervision Agency and concerned units to organise the training for officers and staff with respect to the professional skills and operations required in the prevention and combating of money laundering.
The contents of officer and staff training must be in line with their work and the level of money-laundering risk relating to their work. It must also be relevant to their responsibility for the implementation of internal regulations on the prevention and combating of money laundering, and should include the following:
Within a period of six months of recruiting staff to execute duties relating to monetary and other asset transactions, a reporting organisation shall provide training for the new employees to provide a basic knowledge of means of preventing and combating money laundering.
In addition to storing and preserving information according to the current regulations, individuals and organisations mentioned in Article 6 of this Decree shall have to keep identifying information related to customer transactions for at least five years from the date of account closure or five years from the end of the transaction.
The following transactions must be reported:
The 2013 legislation provides some basic signals for suspicious transactions to assist entities with implementing their STR programmes. Entities will also be obliged to take additional precautions and make reports where there is a suspicion of criminal activity. Under the 2005 Decree, entities could choose whether or not to do this.
Firms are required to look out for suspicious signs including:
Suspicious signs in the banking area include:
Suspicious signs in the area of insurance include:
Suspicious signs in the area of securities include:
Suspicious signs in games with prizes and casinos include:
Suspicious signs in the area of real estate business include:
Under the 2013 Law, the penalties are “those prescribed by law”. The latest regulations at the time of writing can be found in the 2005 provisions, which specified that the following penalties can be administered for failing to comply with the AML provisions:
According to a 2012 US government report on Vietnam, there have been no money-laundering prosecutions or convictions in the country.