Human trafficking is a humanitarian crime and a significant money laundering predicate offence. In 2020, the International Labor Organization (ILO) estimated that human trafficking crimes had generated around $150 billion in profits, with 25 million victims. In response to the serious emotional and physical damage that human trafficking inflicts on individuals and communities, governments worldwide are introducing measures to detect and prevent it, along with financial regulations to identify, freeze, and confiscate the illegal profits that it generates.
Financial institutions have an important role to play in the fight against human trafficking. By targeting the illegal money that it generates, governments are hoping to engage financial institutions in the global fight against people traffickers, identifying individual perpetrators and reducing the opportunities for criminal organisations to exploit vulnerable people for profit. With that in mind, it is crucial that financial institutions understand their human trafficking regulatory responsibilities, and how to implement suitable anti-money laundering (AML) and counter financing of terrorism (CFT) measures.
What is human trafficking?
Human trafficking, sometimes referred to as migrant smuggling, is broadly defined as the criminal movement of people for exploitation. Victims of illegal trafficking include men, women, and children, who may be recruited or coerced to leave their homes and then forced into work or prostitution upon reaching their destination. Interpol defines the following categories of human trafficking:
Forced Labour
Victims are often coerced into extremely low paying jobs with poor health and safety conditions – or even into modern slavery. Forced labour jobs are often held in the agricultural, mining, fishing, and construction industries.
Forced Criminal Activity
Many migrant smuggling victims are forced to carry out crimes on behalf of third parties, including the selling of counterfeit items, begging, and drug cultivation.
Sexual Exploitation
Many victims are exploited sexually. This form of people trafficking tends to involve female and child victims who are forced into prostitution.
Organ Harvesting
Criminals may exploit the desperation of patients and donors to smuggle migrants across borders for the purposes of organ donation, with medical procedures often taking place in unsuitable and dangerous conditions.
How are human trafficking and money laundering linked?
Human trafficking is considered one of the most profitable criminal enterprises in the world, with the potential to generate significant ongoing profits for its perpetrators. As victims are forced into work, the money that they generate must be disguised before it can be introduced into the legitimate financial system. With those factors in mind, human trafficking qualifies as a money laundering predicate offence – which means that it is a criminal offence which necessitates money laundering as a subsequent, connected criminal offence.
Accordingly, most governments implement AML screening requirements in domestic legislation to deal with human trafficking as a predicate offence. For example, in the European Union, the Sixth Anti-Money Laundering Directive (6AMLD) includes it as part of its harmonised list of money laundering predicate offences. Under 6AMLD, all EU member states must treat human trafficking as a money laundering predicate offence and mandate suitable AML compliance regulations against it.
In order to comply with 6AMLD, and other global anti-money laundering regulations, financial institutions must understand how criminals attempt to launder migrant smuggling profits. With that in mind, the following types of financial activity are useful indicators that a customer may be involved in human trafficking:
Front companies: Criminals may establish a business to disguise money derived from migrant smuggling. Common ‘front company’ examples include restaurants, bars, salons, and massage parlours.
Funnelling: Accounts associated with human trafficking may receive payments from multiple sources in amounts just under reporting thresholds. Those funds are then immediately removed or sent to another account.
Alternative payments: Many human trafficking payments are made via alternative payment systems including prepaid credit cards, cryptocurrencies, and mobile deposits. Alternative payment methods often serve to conceal the identity of parties involved in transactions.
Financial behaviour: Unusual or unexpected financial behaviour may be indicative of customers attempting to launder human trafficking profits. Examples include unusual frequencies of transactions, transactions in unusually high amounts, or transactions involving high risk AML jurisdictions.
Shared accounts: Victims of migrant smuggling may be forced to share bank accounts, or share email addresses and phone numbers.
Transaction times: Many transactions associated with human trafficking tend to take place between 10pm and 6am.
Transaction locations: Transactions that take place in areas located a long distance from the residences of account holders or in busy public transport hubs.
Accommodation payments: Human traffickers may pay for hotels, apartments, and other lodgings near known migrant smuggling routes such as ports or large urban areas.
Money remittance payments: Unusually high use of money remittance services or online payment services to a country of prior residence with no logical explanation.
Human trafficking AML screening
In order to detect attempts to launder the profits of human trafficking, financial institutions must screen their customers at onboarding and throughout the business relationship. Following Financial Action Task Force (FATF) guidance, firms may take a risk-based approach to screening, deploying more intensive screening measures for customers that pose a greater AML risk.
Accordingly, an effective human trafficking AML screening solution should include the following measures:
Adverse Media
Many criminal activities are uncovered by journalists and revealed in news media before official confirmation by authorities. Companies should seek to screen their customers for involvement in adverse media stories that involve human trafficking. Adverse media solutions should cover a range of global media sources and be able to match names across different languages and naming systems.
Watchlists
As a result of their criminal activities, human traffickers often appear on global sanctions lists and watchlists. With that in mind, companies should implement a robust sanctions and watchlist screening process to match customers on sanctions lists and watchlists as soon as they are designated.
Transaction Screening
Many indicators of human trafficking are associated with transactional activity. Accordingly, companies should screen transactions for those indicators, verifying customer identities, matching names to watchlists, and identifying relevant risks in order to capture potential compliance issues.
Human trafficking AML best practices
Stopping criminals laundering the proceeds of human trafficking requires the collection and analysis of a huge amount of data. In practice, financial institutions must integrate an effective software solution to meet their regulatory responsibilities, capable of screening customers quickly and efficiently, and managing the challenges of cross-border compliance, including name-matching across different language systems.
With that in mind, screening solutions for AML should prioritise the following factors:
Sharing of Information
Financial institutions should share information pertinent to human trafficking risk. Some jurisdictions, such as the UK, mandate information sharing as part of their domestic AML/CFT legislation. The FATF has released a guide to private sector information sharing, setting out recommendations for how financial institutions might share customer information, and what information is pertinent to share for AML/CFT purposes.
Information sharing not only helps financial institutions to combat global human trafficking but increases the collective accuracy of screening measures.
Customer Identities
Effective customer screening should be built into the Know Your Customer (KYC) process. Financial institutions must establish and verify the identities of their customers in order to understand their financial activity and match their names accurately to watchlists or adverse media. In contexts where customers engage with financial services online, financial institutions should use digital identifiers such as dual factor authentication.
Depth of Information
People trafficking can be difficult to spot because of its similarity to normal, legal financial activities. To discern human trafficking activity with sufficient accuracy, financial institutions should seek to add depth to their data collection processes with automation. In addition to speed, efficiency, and accuracy, automated data collection and analysis enables firms to enrich their KYC data with peripheral identifying information and move faster to address compliance alerts as they emerge.
Get in touch to learn more about how Ripjar can help you with AML screening
Cryptocurrencies are disrupting financial systems for consumers and businesses alike, with crypto exchanges facilitating transactions between users in jurisdictions worldwide. However, the innovation that has driven the global rise of cryptocurrency has also introduced new risks as criminals exploit the speed and anonymity of cryptographic technology to evade regulatory controls and commit financial crimes such as money laundering and terrorism financing.
Recent geopolitical events have increased the need for crypto exchanges to implement robust anti-money laundering (AML) and counter-financing of terrorism (CFT) screening solutions. Following the Russian invasion of Ukraine on 24 February 2022, Western governments introduced an unprecedented package of economic sanctions against Vladimir Putin’s regime, with severe fines for firms found to be in violation of regulations. The sanctions apply to firms across the financial landscape, including cryptocurrency service providers.
Given the potential for cryptocurrencies to be used to commit cross-border financial crimes, not least the evasion of sanctions, crypto exchanges should understand the importance of AML/CFT client screening as part of their compliance solution, and ensure that they are capable of spotting high risk customers quickly and efficiently.
Crypto Exchange Risks
While traditional financial systems require customers to provide identifying information in order to access products and services, cryptocurrency transactions offer increased levels of anonymity which may enable criminals to evade AML/CFT controls and bypass sanctions. As platforms that facilitate cryptocurrency transactions, crypto exchanges face the following criminal risks:
Customer Identities
Since cryptocurrency transactions take place online, users may be able to conceal their identities and evade certain customer due diligence controls. Blockchain technologies also enable criminals to integrate mixing and tumbler services to add further anonymity to their financial activity.
Speed
Cryptocurrency transactions take place in seconds, enabling money launderers to move money quickly between accounts in different parts of the world, before extracting it and introducing it into legitimate financial systems.
Structuring
Crypto exchange users may be able to create multiple accounts within the same platform or with different service providers and structure their transactions in a way that does not trigger AML/CFT controls.
Money Mules
Criminals may coerce or incentivise third parties to set up accounts with crypto exchanges. These ‘money mules’ then perform transactions on behalf of money launderers.
Customer Screening Considerations
The inherent risks of cryptocurrency transactions mean that crypto exchanges should seek to establish the identities of their customers and understand their financial activity. Financial Action Task Force (FATF) AML/CFT guidance requires financial service providers to perform Know Your Customer (KYC) checks to determine the risk that individual customers present – at onboarding and throughout the business relationship. With that in mind, crypto exchanges should implement the following screening processes:
Sanctions Screening
Crypto exchanges must screen their customers against the relevant international sanctions and watch lists, including the UK sanctions list, the OFAC sanctions list, and the UNSC sanctions list. In addition, firms should pay special attention to recently updated Russia sanctions programmes.
Politically Exposed Persons
Elected officials, government employees, and members of the military present a greater AML/CFT risk and may be considered politically exposed persons (PEPs). Accordingly, crypto exchanges should screen to establish whether their customers are PEPs and adjust their risk profiles accordingly.
Adverse Media
Changes to customer risk profiles are often revealed in the news media before any confirmation by official sources. With that in mind, it’s important that crypto exchanges deploy adverse media screening measures to detect customer involvement in breaking news stories. In addition, adverse media solutions should cover media in a range of languages and consider nuances such as source credibility and political bias.
Screening Best Practices
To effectively address the risks that cryptocurrency transactions present, crypto exchanges should seek to make their screening process as efficient as possible, minimising false positives without missing genuine AML/CFT alerts. Accordingly, crypto exchanges should build their screening processes around a series of best practices, including:
Updates
Crypto exchanges must ensure that the resources they use to screen customer names are updated and accurate. The sanctions landscape can change rapidly so exchanges must ensure they are using the latest versions of sanctions and PEP lists, and checking media sources regularly for breaking stories.
Due Diligence
Crypto exchanges should perform suitable due diligence when onboarding customers, to establish their identities and the nature of their financial activity. Ideally, firms should use digital verification techniques to address the anonymity challenges of the blockchain. This includes dual-factor authentication and biometric identification such as fingerprint, voice, and face scans. In some cases, high risk customers should also be subject to enhanced due diligence (EDD).
Naming Conventions
Since they serve customers from territories worldwide, crypto exchanges must be prepared to deal with a diversity of language systems when screening customers. Ideally, screening measures should be set up to deal with non-Latinate characters such as Arabic or Cyrillic, and to detect regional naming conventions such as the reversal of first names and surnames that occurs in many cultures.
Aliases and Nicknames
Customers may engage with cryptocurrency services using nicknames or aliases, which may confuse name-matching software. Crypto exchanges should work to capture aliases and nicknames as part of the KYC process to better detect positive hits when screening against sanctions lists, PEP lists, and adverse media.
Russia Sanctions: Compliance Update
In response to Russia’s invasion of Ukraine, many Western governments updated their sanctions guidance for cryptocurrency service providers. The UK government has emphasised that crypto exchanges have the same regulatory responsibilities as other financial institutions. On 11 March 2022, the UK’s Financial Conduct Authority, Office of Foreign Sanctions Implementation, and Bank of England issued a joint statement reminding UK cryptoasset firms of their obligation to contribute to the sanctions compliance effort.
The statement encourages crypto exchanges to:
Update their sanctions compliance controls and technology, including enhancing their blockchain analytics to identify high risk wallets.
Be aware of sanctions red flags, including high risk jurisdictions, sanctioned wallet addresses, and exchanges with poor financial controls.
Be aware of cryptocurrency crime methodologies, such as the use of VPNs, and mixing and tumbling services.
Screening Technology
Screening customers against sanctions lists, PEP lists and adverse media sources requires crypto exchanges to monitor a vast amount of data. This means implementing screening software that delivers a high degree of adherence to global sanctions lists and PEP lists, and ongoing monitoring of news outlets.
Ripjar’s next generation screening solution is capable of matching names across a spectrum of languages and character sets while maximising true positives and minimising false positives. Similarly, our adverse media technology adds depth to your screening by conducting continuous monitoring of global news stories in over 21 languages, to capture customer risk data as soon as a story breaks.
Get in touch to discover how Ripjar’s advanced technology can help your company build a significant commercial advantage.
The Monetary Authority of Singapore (MAS) plays an important role in Singapore’s financial sector. With that in mind, it is important that companies are familiar with Singapore’s AML/CFT laws, and MAS’ expectations in a changing compliance environment.
The city-state of Singapore is a bustling business hub located at the southernmost tip of the Malay peninsula. A historic trading destination for international partners, and a gateway to Asia-Pacific, Singapore is home to thousands of financial service providers. Amongst those businesses are branches of many of the world’s largest international banking organisations and financial service providers, which collectively hold around $2 trillion in assets.
The funds flowing into Singapore have made it a prominent financial centre, but have also made it a target for financial criminals seeking to launder illegal money. Financial crime in Singapore is a significant concern in the city. In 2020, research suggests that the total cost of financial crime in Singapore was $3.81 billion – up from $3.13 billion in 2019.
To address that threat, Singapore’s government established the Monetary Authority of Singapore (MAS) as the city’s financial regulator, responsible for supervising banks, financial institutions and other obligated entities, and for ensuring compliance with the country’s Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) rules.
To help your business manage its compliance risk in Singapore, we’ve put together a list of the top 5 things to know about MAS.
1. What is the Monetary Authority of Singapore?
MAS is Singapore’s central bank and financial regulator. Amongst its duties as a central bank, MAS informs the city-state’s monetary policy, conducts macroeconomic analysis and manages the exchange rate. As a regulator, MAS provides prudential oversight of Singapore’s banks and financial institutions, issuing operating licences, conducting investigations, and ensuring that financial markets remain safe and stable for consumers.
In that supervisory role, MAS also sets Singapore’s financial rules and regulations, publishing new Acts of law and subsidiary legislation in the Government Gazette. MAS also issues new legal directives to financial institutions and sets out official guidelines on best practice standards for regulatory compliance.
Where MAS finds violations of the law, it has the authority to perform enforcement actions. Those actions may entail warnings, suspension of operating licences, business prohibitions, fines, and even prison sentences.
2. How does MAS regulate AML in Singapore?
MAS is responsible for ensuring compliance with Singapore’s financial regulations. The primary article of AML legislation in Singapore is the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act (CDSA). Passed in 1992, the CDSA sets out the legal definition of money laundering and requires banks and financial institutions to comply with a range of reporting and record-keeping obligations – in alignment with the guidance set out by the Financial Action Task Force (FATF).
In 2002, Singapore introduced the Terrorism (Suppression of Financing) Act which imposed new financial compliance regulations relating specifically to the counter-financing of terrorism.
3. Recent Regulatory Changes
One of the most significant recent changes to Singapore’s AML/CFT compliance landscape is the introduction of the Payment Services Act (PSA) in 2020. The PSA was implemented to position Singapore for the future of financial services and extends existing AML/CFT regulations to payment systems and payment service providers. In particular, the PSA imposes regulatory requirements on digital payment tokens which, in practice, means that cryptocurrency service providers must comply with Singapore’s AML/CFT laws.
4. How do Companies Achieve MAS AML Compliance?
Singapore is a member of the FATF. Accordingly, the Monetary Authority of Singapore’s requirements for banks and financial institutions include the need to put a risk-based AML compliance solution in place. Risk-based compliance means that each organisation must assess their customers to determine the level of individual risk that they present. Customers that present a higher level of criminal risk should be subject to more rigorous AML/CFT compliance measures, including enhanced due diligence and more intensive screening procedures.
With those considerations in mind, an effective Singapore AML solution should include the following measures:
Customer identification: Financial institutions must establish and verify their customers’ identities by obtaining official documentation such as copies of birth certificates, driving licences, passports, and company incorporation information. Financial institutions should also seek to determine ultimate beneficial ownership (UBO) where a third-party is acting on behalf of another customer.
Transaction monitoring: In order to detect money laundering, financial institutions should monitor their customers’ transactions for suspicious activity, which might include unusual transaction frequencies, transactions that do not match risk assessments or transactions with high risk jurisdictions. Where money laundering is suspected, companies must submit suspicious activity reports (SARs) to MAS in a timely manner.
PEP Screening: Elected officials and other government employees present a high money laundering compliance risk. Accordingly, companies should screen their customers to determine whether they are politically exposed persons (PEP).
Sanctions screening: Companies in Singapore should ensure their customers are not subject to sanctions measures by screening against the relevant sanctions lists.
Adverse media: Financial criminal activity may be reported in the media before it is confirmed by official sources. With that in mind, companies in Singapore should implement an effective adverse media screening solution in order to capture stories involving their customers.
5. MAS Fintech Regulations
The Monetary Authority of Singapore continuously seeks to implement new financial technology as a means to enhance Singapore’s financial system and promote economic growth. With that in mind, MAS has implemented a range of initiatives to help innovative fintech projects thrive in the city’s regulatory environment. Those initiatives include:
The Personal Data Protection Act: The PDPA sets out data compliance obligations for companies handling customer data in Singapore – including what data can be collected, and what it can be used for.
Cryptocurrency Code of Practice: Cryptocurrency service providers that sign up to the code of practice must apply a set of AML/CFT measures adapted for the provision of cryptocurrency services – including due diligence, transaction monitoring, and screening measures.
Technology Risk Management: In 2021, MAS issued an updated version of its Technology Risk Management Guidelines. The guidance focused on the need for corporate leadership to participate in efforts to protect against cyber-threats, and on ways for financial service providers to better manage third-party cyber risks.
Get in touch to learn how Ripjar can help you comply with MAS regulations.
The Swiss Financial Market Supervisory Authority (FINMA) is responsible for regulating Switzerland’s anti-money laundering (AML) and counter-financing of terrorism regulations, and for providing supervision for the country’s banks and financial institutions. FINMA is a prominent international regulatory body: Switzerland’s reputation as a global banking destination stretches back hundreds of years, and Swiss Banks are some of the wealthiest in the world, holding an estimated $6.5 trillion in assets.
FINMA: Background
Switzerland’s banking industry is known for its confidentiality, and has developed a reputation as a destination for criminals attempting to hide illegal money. In particular, criminals have sought to exploit Switzerland’s traditionally-permissive financial anonymity rules and high levels of discretion for banking customers – which include the deployment of technological measures to conceal identities. In 2021, the Tax Justice Network ranked Switzerland at 3 on its Financial Secrecy index, and at 5 on its Corporate Tax Haven index, estimating that money hidden in Swiss banks amounted to over $21 billion. Global regulators have picked up on the financial criminal trends affecting Switzerland, with the Financial Action Task Force (FATF) highlighting numerous AML/CFT deficiencies in its Mutual Evaluation Reports (MER).
In response to the threat to Switzerland’s financial system, and to global financial markets, the Swiss government introduced the Swiss Financial Market Supervisory Authority in 2007. Established under the authority of the Anti-Money Laundering Act (AMLA), FINMA is an independent regulatory body and was a merger of the Federal Office of Private Insurance, the Federal Banking Commission, and the Anti-Money Laundering Control Authority.
What Does FINMA Do?
FINMA has a mandate to ‘supervise banks, insurance companies, financial institutions, collective investment schemes, and their asset managers and fund management companies’, and to ensure ‘that Switzerland’s financial markets function effectively’. In order to achieve those objectives, FINMA engages in the following activities:
Issuing licences: Individuals and companies that wish to engage in financial market activity in Switzerland must obtain an operating licence from FINMA. Different types of licence are available for different types of application, but each involves strict qualification criteria.
Regulatory supervision: FINMA supervises all ‘licensed banks, financial institutions, insurance companies, collective investment schemes and their asset managers and fund management companies’ in Switzerland. Following its mandate, FINMA’s objective is to protect customers from the effects of insolvency or malpractice, and to ensure that Switzerland’s financial markets function effectively.
Implementation of legislation: Where it finds evidence of noncompliance or violations of Swiss law, FINMA has the authority to conduct investigations of the persons involved and ‘use all the means of enforcement available’ under Swiss law to implement the relevant supervisory legislation.
Developing regulations: In addition to its supervisory and enforcement roles, FINMA participates in regulatory projects, under the authority of Switzerland’s Federal Department of Finance (FDF) and the State Secretariat for International Finance (SIF). FINMA engages in regulation in order to meet its supervisory objectives, and issues ordinances and circulars to announce new regulatory rules.
Switzerland’s AML Law
Switzerland’s principle AML/CFT law is the Federal Act on Combating Money Laundering and Terrorist Financing in the Financial Sector, which is also known as the Anti-Money Laundering Act (AMLA). Introduced in 1997, the Act represents the legal basis for combating money laundering in Switzerland, and imposes a variety of reporting, record-keeping, and monitoring obligations on banks and financial service providers.
As a Financial Action Task Force (FATF) member-state, Switzerland’s AML/CFT regulation mandates a risk-based approach. This means that financial service providers in Switzerland must assess the criminal risk that each customer presents, and then deploy a proportionate compliance response, with higher risk customers subject to more intensive AML/CFT measures.
Under AMLA, banks must put the following AML/CFT measures in place:
Customer due diligence: Banks in Switzerland must establish the identities of their customers by requesting certain documentation, including passports, driving licences, birth certificates, and company incorporation documents.
Transaction monitoring: Certain financial behaviour may indicate money laundering activity. Accordingly, banks must monitor customer transactions for suspicious activity and report such activity to FINMA.
Sanctions monitoring: Customers that are subject to international sanctions may seek to use Swiss bank accounts to conceal their connection to illegal money. With that in mind, banks in Switzerland should screen their customers against the relevant sanctions and watchlists, including the Swiss sanctions list, and the United Nations sanctions list.
PEP screening: Elected officials and government employees also pose elevated AML/CFT compliance risks and banks should screen customers to find out if they are politically exposed persons (PEP).
Enhanced due diligence: Since criminals may be drawn to the financial opportunities presented by the Swiss regulatory environment, banks in Switzerland must be prepared to deploy enhanced due diligence measures effectively for high risk customers. Enhanced due diligence involves more rigorous scrutiny of a customer’s identity, including obtaining more detailed identifying documents, performing more intensive checks into business relationships, and establishing the source of customers’ wealth and funds.
Adverse media: Illegal financial activity involving Swiss banks often attracts the attention of investigative journalists – and criminals that use Swiss bank accounts to launder money are often exposed in the media before that information is confirmed by government authorities. With that in mind, banks should integrate adverse media monitoring as part of their AML/CFT solution in order to capture changes to a customer’s risk profile as soon as possible.
It is important for banks to consider the Swiss banking industry’s risk landscape, and adjust their adverse media solution to capture relevant breaking stories quickly and efficiently. Important factors include the geographic source of the media, its credibility, reporting bias, and financial institution’s own risk appetite.
FINMA Recent Developments
In response to concerns about the transparency of its banking system, FINMA has been working to enhance Switzerland’s AML infrastructure.
Mutual Evaluation Report: The FATF’s most recent Mutual Evaluation Report (MER) on Switzerland, released in 2016, outlined several areas of concern, with the following key findings:
The majority of Switzerland’s money laundering risk derives from offences committed abroad.
Many Swiss financial institutions do not implement due diligence measures satisfactorily for existing customers.
The number of suspicious transaction reports generated by Swiss institutions is insufficient, and reports tend to be prompted by external information.
FINMA needs to make further progress in imposing noncompliance sanctions that are sufficiently dissuasive.
In 2020, FATF released an update on Switzerland’s progress in addressing areas of concern raised in the 2016 report. It upgraded Switzerland’s compliance performance in several areas but stressed that more progress was needed.
Cyber-attack reporting obligations: In 2022, the Swiss government indicated that it would introduce an amendment to the Federal Act on Information Security relating to the reporting of cyber-attacks. Under the proposal, banks and financial institutions in Switzerland would be obliged to report cyber-attacks to FINMA with penalties of up to CHF100,000 for noncompliance.
Get in touch to learn how Ripjar can help you with FINMA compliance.
Successful Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) regulations depend on banks and financial service providers understanding the identities of their customers. However, when customers engage with financial services using companies or complex corporate structures, banks must work harder to meet their AML/CFT obligations by establishing ultimate beneficial ownership.
What is Ultimate Beneficial Ownership?
An ultimate beneficial owner (UBO) is the real person (sometimes referred to as ‘natural person’) who owns or controls a customer account at a bank or financial service provider. In this context, natural persons are distinct from ‘legal persons’ which refers to entities like companies. Ultimate beneficial ownership becomes an AML risk factor when banks do business with customer-entities such as companies or with individuals that are not going to be the beneficiaries of a given transaction.
Ultimate beneficial ownership is a significant AML concern in jurisdictions around the world. The Financial Action Task Force (FATF) defines a UBO as:
“the natural person(s) who ultimately owns or controls a customer and/or the natural person on whose behalf a transaction is being conducted. It also includes those persons who exercise ultimate effective control over a legal person or arrangement.”
In this context, FATF considers a natural person to be a beneficial owner if that person meets any of the following criteria:
Owns 25% of an entity’s capital or share capital.
Has 25% or more of an entity’s voting rights.
Is the legal guardian of a customer who is a minor.
Has power of attorney over the customer.
Is a holder of anonymous bearer shares in a company.
Is a corporate director specifically appointed to conceal a true owner.
UBOs and the FATF ‘Travel Rule’
Following a consultation in 2021, the FATF is considering amendments to Recommendation 24 as it pertains to ultimate beneficial ownership. Known as the ‘Travel Rule’, Recommendation 24 requires financial service providers to share information about the originators and beneficiaries of transactions in order to inform AML/CFT compliance.
The proposed UBO revisions, outlined in 2021, would require banks and other financial institutions to:
Retain beneficial ownership information in a registry (or alternative mechanism).
Ensure that beneficial ownership information is ‘adequate, accurate, and up to date’ and “sufficient to identify the natural person(s) who are the beneficial owner(s)”.
In order to determine beneficial ownership, the FATF suggests that service providers should acquire certain basic points of information, including ‘at a minimum’ details of the company’s ‘legal ownership and control structure.’ The FATF also emphasised the need for ‘the widest possible range of international cooperation’ in order for service providers to be able to identify UBOs quickly and efficiently.
Ultimate Beneficial Ownership and AML
UBOs can present such a high level of AML risk because they may use corporate infrastructure to conceal the true nature of their business, or their identities in order to avoid the scrutiny of compliance controls. FATF sets out AML guidance relating to ultimate beneficial ownership in Recommendation 24 – which requires member-states to “take measures to prevent the misuse of legal persons for money laundering or terrorism financing”.
Following FATF guidance, when individual customers are involved in transactions, financial service providers establish their identities by performing suitable due diligence and requesting official documentation such as birth certificate, driver’s licence, or passport. However, where a customer is a company or corporate entity, it is not possible to establish identity in the same way – and so service providers must establish, and verify, ultimate beneficial ownership in order to properly assess the risk that they face.
UBO and Shell Companies
One of the most common criminal threats associated with ultimate beneficial ownership is the use of shell companies. While shell companies are often established for legitimate purposes, they are frequently used by money launderers to conceal the identity of their owners, and thwart the scrutiny of AML controls, by exploiting international regulatory disparity and complex corporate infrastructure.
A shell company is a corporate entity that is set up to protect or hide the assets of another person or company. Normally established without any physical premises, assets, or even employees, shell companies enable criminals to hide behind corporate infrastructure while they introduce illegal money into the legitimate financial system. In some foreign jurisdictions, shell companies can be set up anonymously – and then used to evade AML scrutiny.
Global AML risks: The scale of global criminal misuse of shell companies has been revealed in the release of confidential documents over the past decade. Notable examples include the Panama Papers in 2016 and the FINCEN Files in 2020, both of which exposed the ways that criminals, including political officials, use shell companies in low regulation international jurisdictions to disguise significant amounts of illegal funds. The Panama Papers leak enabled global authorities to recover $500 million in lost revenue, while the FINCEN Files exposed the complicity of prominent banking institutions in supporting the criminal activity.
Shell companies are not just a foreign jurisdictional problem. In the UK, for example, shell companies may be used to open and access bank accounts in other parts of the world, including low regulation jurisdictions – such as the Baltic states.
According to financial crime SME and Director at The Dark Money Files Ltd, Graham Barrow, UK shell companies are a particularly attractive option for international money launderers thanks to new rules which have prompted a move away from the “old fashioned way of forming a company” – by post to Companies House – and towards “an online portal where, in minutes, at a cost of a mere £12, anyone, anywhere in the world can become the owner of their own business”
“While without a doubt it has encouraged much positive economic activity,” said Barrow “it has also attracted a shady side of the global economy – dark money. Money of uncertain, possibly corrupt, or criminal origin”.
The scale of that dark money threat has prompted regulatory responses. Law enforcement authorities around the world, for example, have used the information revealed by the Panama Papers and FINCEN Files leaks to initiate investigations of the individuals and organisations involved, resulting in multiple criminal prosecutions.
Ultimate Beneficial Ownership AML Red Flags
In order to identify potential money laundering activities, including the misuse of shell companies, organisations should be vigilant for the following UBO red flags:
Customers that provide insufficient or incomplete information about the beneficiaries of their transactions.
Companies that send wire transfers with unusual frequency or to an unusual number of beneficiaries.
Companies that engage in transactions that seem unusual for their industrial sector.
Companies that engage in transactions irregularly or only sporadically.
Transactions in amounts that are not typical of a company’s wealth profile.
Transactions that involve sender or beneficiary companies in off-shore locations or in high risk AML jurisdictions.
Payments which may not be traced to bank accounts and which are only traceable via reference to a company invoice or contract.
Compliance technology: Using these red flags to stop criminal activity should be a priority for service providers. With that in mind, sophisticated banks and other organisations are demanding solutions which integrate machine learning and other analytic techniques to unravel and interpret the vast amounts of complex data – generated by sources all over the world – necessary to address UBO concerns.
UBO Regulatory Responses
In the wake of the FINCEN Files and other leaks, governments around the world have implemented dedicated UBO legislations and measures to prevent the misuse of shell companies.
United Kingdom: The UK introduced a register of company beneficial ownership in 2016 with the People with Significant Control (PSC) Register. There are plans to introduce similar beneficial ownership registers for properties and land, and for trusts.
European Union: The EU’s Fourth Anti-Money Laundering Directive required member-states to develop and implement domestic UBO registers. Individual states were permitted to implement the registers via domestic legislation – which had led to inconsistent regulatory environments across the bloc. Latvia is a good example of a country that has put a number of stringent controls in place – as it seeks to improve its reputation after earlier scandals.
United States: In late 2020, the US passed the Corporate Transparency Act which requires organisations across the country to report beneficial ownership information to the government. The law was supposed to come into effect on 1 January 2022 but missed that deadline following administrative delays in 2021.
Financial intelligence units (FIU) play an important role within many banks in the fight against financial crime by centralizing the investigation and response to financial crime risk events and other issues relevant to supervisory authorities. A bank FIU may be made up of a number of investigative teams specializing in the analysis of customer data that are indicative of money laundering or terrorism financing, sanctions evasion or bribery and corruption.
Some FIUs extend their work to include the investigation of fraud. Banks with operations in multiple countries often have a Group FIU performing a similar role for the entire Group. The term FIU also commonly refers to national-level supervisory authorities and regulators that perform an investigative function and serve to bridge the gap between banks and law enforcement agencies.
With those factors in mind, it is important that banks understand the investigative role that their FIU should perform as part of their risk management infrastructure, and how it may interact with financial authorities when called upon to do so.
What does an FIU do?
The role of an FIU within a bank is to identify, investigate and mitigate financial crime risks. In order to carry out financial crime investigation, a FIU will collect and analyse customer data, and examine key customer AML/CFT information, including internal watchlists and previous investigations, that are generated by a range of Know Your Customer (KYC) and Anti-Money Laundering (AML) measures. This process includes investigating suspicious transactions, changes to customer risk profiles, sanctions alerts, and adverse media stories. Following analysis, the FIU must determine whether the information they have gathered warrants the submission of a suspicious activity report (SAR), or other filing, to the relevant law enforcement authorities.
During their investigatory process, FIUs may liaise with bank compliance employees, or review both private and public data sources to obtain further information on customers. Where permitted, FIUs may also share details of their internal investigations with other banks to understand how individual banks are being exploited by criminal networks. Similarly, FIUs may participate in subsequent investigations, providing support to law enforcement agencies.
The core functions of an FIU are as follows:
Financial Crime investigations: Prior to the submission of SARs to the relevant authorities, FIUs must investigate risk events to determine whether there has been a breach of the law – and whether a law enforcement investigation is needed. Given the amount of data involved in investigations, FIUs should seek to integrate analytic software in order to prioritize their workload, increase accuracy, and ensure the process takes place as quickly and efficiently as possible.
During the investigative process, FIUs may seek supporting material on a particular customer, or may engage internal experts to scrutinize data more closely. FIUs may reference a range of data sources during their analysis, including publicly available company registers, sanctions lists, and adverse media stories. It may be necessary to reference other internal integrations, including transaction monitoring solutions, screening solutions, enhanced due diligence output, and client data stores.
External resources may also be relevant, including publicly available resources such as the Panama Papers, the Paradise Papers, and so on. FIUs must be able to fuse this data into actionable information, resolving information across different sources from which it is drawn in order to establish an actionable case narrative.
AML/CFT reporting: FIUs act as intermediaries between their banks and the authorities. Accordingly, bank FIUs must determine whether it is appropriate to submit a suspicious activity report when their transaction screening solutions detect certain trigger activities. Examples of suspicious activity that should be reported to FIUs include:
Unusual patterns of transaction, such as transaction in unusual volumes or frequencies
Transactions with high-risk AML/CFT jurisdictions
Transactions that do not match a customer’s established risk profile
Supporting investigations: When FIUs complete internal investigations and submit SARs to regulatory authorities, they may be required to share further information with the authorities to support ongoing investigations. Accordingly, FIUs should seek to make their relationship with authorities as efficient as possible in order to address incidents as quickly as possible and to contribute to national efforts to fight financial crime.
Partnerships: To better contribute to the long-term fight against financial crime, bank FIUs should seek to work in partnership with the wider financial community, sharing information, and building relationships not just with law enforcement agencies but other banks and government bodies. In order to operate in compliance with privacy and data protection laws, FIUs should seek to establish parameters for the legal exchange of AML/CFT information (for example, in the UK, by using the provisions of the Criminal Finances Act), become members of regional Financial Information Sharing Partnerships (FISP) such as the Joint Money Laundering Intelligence Taskforce (JMLIT), and participate in industry data exchange platforms such as the SWIFT KYC Registry.
AML/CFT policy: FIUs should work to identify and manage their banks’ AML risks and vulnerabilities, and use that information to establish new compliance policies and targets. FIUs may discover that new approaches clash with established AML/CFT compliance protocol and should seek to find ways to integrate technology solutions that serve the needs of their customers and their institution.
Additional functions: Beyond their investigatory role, FIUs work to support their banks’ efforts to achieve AML/CFT compliance goals. That work may involve:
Strategic analysis: FIUs may perform ongoing strategic analysis of their bank’s exposure to risk, beyond law enforcement relevance and without an alert being triggered. Strategic analysis may, for example, involve assessment of the risk that AML/CFT related incidents, such as the Paradise Papers leak, entail.
Monitoring AML/CFT compliance: FIUs may be able to exert some supervisory influence within their banks, monitoring products and services to ensure compliance with AML/CFT regulations.
Blocking transactions: If it is related to serious criminal activity, or prohibited by a sanction restriction, for example, FIUs may be required to block a transaction from taking place before law enforcement agencies can step in to investigate.
Training employees: By training employees in the latest compliance rules and regulations, FIUs can improve the flow and quality of the data they receive from their colleagues. Employee training not only improves a bank’s internal AML/CFT compliance performance but deepens individual understanding of the role the FIU plays .
Conducting research: By initiating and conducting research projects, FIUs can better adapt to emerging criminal methodologies and evolving legislative landscapes – while enhancing their own analytic capabilities.
Enhancing public awareness: By helping the public understand what it does, and how it combats and investigates criminal incidents, an FIU increases the potential for external cooperation and positively influences the wider fight against money laundering and the financing of terrorism.
Please get in touch to learn more how Ripjar can help Financial Intelligence Units.
The Financial Conduct Authority (FCA) is an independent regulatory body responsible for overseeing the UK’s financial markets and services. Established under the authority of the Financial Services Act (2012), FCA was introduced on 1 April 2013, replacing its predecessor, the Financial Services Authority (FSA). FCA shares its regulatory responsibilities with the Bank of England’s Financial Policy Committee (FCP), and the Prudential Regulatory Authority (PRA).
What does the FCA do?
The FCA oversees over 51,000 financial service providers in the UK including banks, financial advisers, and mutual societies. In its oversight role, the FCA has three objectives:
To protect consumers of financial products
To enhance the integrity of the UK’s financial industry
To ensure effective competition between UK financial service providers in the interests of consumers
Authorization: The FCA is responsible for authorizing banks and financial service providers to operate in the UK. In order to obtain an operating license, organizations must submit an application to the FCA demonstrating that they have met a set of regulatory criteria.
Enforcement: Where compliance violations are found, FCA has the power to force firms under its jurisdiction to change the way they do business, impose remedial requirements, and issue significant financial penalties. The FCA’s enforcement powers take in criminal and civil measures, and include:
Prohibition of firms and individuals from carrying out regulated activities
Fines for firms and individuals found to have violated compliance regulations
Criminal prosecution against firms and individuals suspected of financial crimes
Publications or public announcements of disciplinary actions
FCA Rules and Regulations
The FCA has issued a list of conduct rules for both firms and individuals to help them comply with the UK’s financial crime laws, including the Money Laundering Regulations and the Proceeds of Crime Act. The conduct rules are set out in the FCA Handbook and comprise two tiers, one for individuals and one for senior managers working within the financial services industry:
Tier one: individual conduct rules
You must act with integrity
You must act with due care, skill, and diligence
You must pay due regard to the interests of customers and treat them fairly
You must observe proper standards of market conduct
Tier two: senior manager conduct rules
You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively
You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system
You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively
You must disclose appropriately any information of which the FCA would reasonably expect notice
How to Comply with FCA Rules
The FCA expects banks and financial service providers to develop solutions to ensure that they operate in compliance with the UK’s financial crime legislation. In practice, this means that UK firms must implement a range of measures and controls, backed by financial intelligence technology, to detect and assess the criminal risks that they face. These should include:
Customer identification: UK firms should perform suitable due diligence on their customers to accurately establish and verify their identities and the nature of their business.
Transaction monitoring: UK firms must monitor their customers’ transactions for signs of financial crime, including unusual transaction patterns, and transactions with high-risk counterparties or jurisdictions.
Politically exposed persons: UK firms should establish whether their customers are politically exposed persons (PEP) – and therefore pose a greater risk of financial crime such as money laundering.
Adverse media stories: UK firms should screen regularly for adverse media stories that involve their customers. News media may signal a customer’s involvement in financial crime prior to confirmation by official sources.
Recent FCA Activity
Throughout 2021, the FCA focused on addressing the concerns of a changing financial landscape, and the criminal threats that emerged as a result of the Covid-19 pandemic. Amongst the initiatives that it launched in 2021, were the InvestSmart campaign and the Scamsmart campaign, both intended to protect consumers from fraudulent financial activity, including investment scams and cyber-crime.
The FCA is also focusing on corporate AML compliance and issued a series of significant fines throughout 2021. Notable examples of FCA AML compliance fines in 2021 include a £147 million fine for Credit Suisse, a £63.9 million fine for HSBC, and a fine of over £264 million to NatWest. The FCA is currently working to raise awareness of the dangers posed by cryptocurrencies and ensure cryptocurrency service providers operate in compliance with the UK’s financial regulations. That effort saw 223 FCA registration applications from cryptocurrency service providers in 2021 and, in January 2022, an FCA proposal for a regulatory crackdown on high risk cryptocurrency investments.
FIND OUT HOW RIPJAR CAN HELP YOU Comply with FCA regulations. PLEASE GET IN TOUCH.
2021 was another difficult year for the financial industry as the effects of the coronavirus pandemic continued to create negative consequences for banks and financial institutions. That trend included a range of new compliance challenges as service providers and financial regulators adapted to a shifting risk landscape and an array of emerging Covid-19-inspired criminal methodologies.
The amount of AML fines issued in 2021 reflects the increased regulatory scrutiny. After investigations are completed, 2021’s AML fines are expected to exceed $2.22 billion – matching the 2020 total. With those figures in mind, numerous regulators took significant enforcement actions against banks and financial institutions under their jurisdiction in 2021. Some notable examples from around the world include:
Financial Conduct Authority (FCA): United Kingdom
In 2021, the UK’s Financial Conduct Authority prioritized the threat of cyber-crime, which increased during the Covid-19 pandemic as customers transitioned en-masse to online banking and financial services. The FCA also focused on corporate compliance, opening around 1,293 enforcement cases and issuing around £189.8 million in penalties.
While FCA issued a £147,190,200 compliance fine to Credit Suisse in October 2021, its largest fine came at the end of the year, when it handed down a fine of over £264 million to NatWest for significant failures to monitor and report suspicious transactions related to jeweler Fowler Oldfield. In the final days of 2021, FCA also issued a fine of £63.9 million to HSBC for failing to address long-term weaknesses in its transaction monitoring controls. Another notable FCA fine handed down in the final days of 2021:
Enforcement target bank: National Westminster Bank PLC (NatWest)
Reason for enforcement action: Significant AML compliance failures
Amount of fine: £264,772,619.95
Australian Transaction Reports and Analysis Center (AUSTRAC) – Australia
In 2020, Australian Transaction Reports and Analysis Center took a significant enforcement action against the Westpac Banking Corporation for serious breaches of Australia’s AML/CFT Act, including a failure to implement transaction monitoring and customer due diligence controls. AUSTRAC ultimately handed Westpac a record $1.3 billion fine. In 2021, Westpac was fined an additional $113 million by the Australian Securities and Investment Commission (ASIC) which cited the bank’s ‘poor compliance culture’ as a factor in its misconduct.
In 2021, AUSTRAC maintained its focus on corporate enforcement but did not issue any AML fines. AUSTRAC did, however, issue a remedial direction to Australian Military Bank Ltd (AMB) to ‘review and uplift’ its compliance with AML/CFT laws. The direction included requirements that AML submit to an independent audit, enhance its AML/CFT reporting protocols, and then submit to an additional audit to ensure the implementation of those measures. In June of 2021, AUSTRAC revealed an investigation into National Australia Bank NAB) for ‘potential serious and ongoing non-compliance’.
Enforcement target bank: Australian Military Bank
Reason for enforcement action: AML compliance deficiencies
Amount of fine: N/A (remedial direction)
Office of Foreign Assets Control (OFAC) – United States
Under President Biden, the US continued to emphasize sanctions compliance, building on trends established during the Trump administration, which took a record 3,900 sanctions actions between 2016 and 2020. In 2021, the Office of Foreign Assets Control took 20 separate enforcement actions against individuals and organizations, totaling $20,896,739.22 in fines. The largest OFAC sanctions fine was issued in January against Union de Banques Arabes et Françaises for violations of the US’ Syria sanctions program.
Enforcement target bank: Australian Military Bank
Reason for enforcement action: Violation of US Syria sanctions program
Amount of fine: $8,572,500
Bank Secrecy Act (BSA) – United States
The BSA is the US’ primary AML legislation and is enforced by the Financial Crime Enforcement Network (FINCEN). In 2021, FINCEN imposed several significant AML fines against US banks and other financial service providers for failures to comply with the requirements of the BSA. FINCEN issued its most significant fine against credit card company, Capital One, in January 2021, for willful and negligent violations of the BSA, including a failure to file thousands of suspicious activity reports and currency transaction reports. The fine amounted to $390 million.
Enforcement target bank: Capital One
Reason for enforcement action: Violation of the Bank Secrecy Act
Amount of fine: $390,000,000
Monetary Authority of Singapore (MAS) – Singapore
Like other regulatory authorities, the Monetary Authority of Singapore focused on addressing the financial challenges of the Covid-19 pandemic during 2021. The regulator took several enforcement actions in response to violations of the Corruption, Drug Trafficking and Other Serious Crimes Act (CDSA), including a S$1 million fine for Bank J Safra Sarasin for ‘serious breaches of MAS’ AML/CFT requirements’. However, MAS most significant fine of 2021 was issued against Goldman Sachs’ Malaysian subsidiary as part of a deferred prosecution agreement with the US Department of Justice over the 1Malaysia Development Berhad scandal. Under the penalty, Goldman Sachs was required to pay the Singapore government $122 million.
Enforcement target bank: The Goldman Sachs Group Inc
Reason for enforcement action: Violations of the Prevention of Corruption Act
Amount of fine: $122 million
Looking ahead to 2022, with a potentially-reduced focus on Covid 19, it will be interesting to see how regulators choose to execute their oversight responsibilities.
FIND OUT HOW RIPJAR CAN HELP YOU with aml and risk compliance. PLEASE GET IN TOUCH.
The Financial Action Task Force (FATF) maintains and publishes lists of countries that fall short of its anti-money laundering (AML) and counter-financing of terrorism (CFT) recommendations. While countries that are non-cooperative with FATF recommendations are included on its ‘Black List’, countries that fall short or that are working towards those standards are included on its ‘Grey List’.
The Grey and Black lists change as countries improve their regulatory AML/CFT standards, and it is important that firms understand what a listed status means for their compliance expectations when doing business.
What is the FATF Grey List?
The FATF’s Jurisdictions under Increased Monitoring – also known as the ‘Grey List’ – is a list of countries that the intragovernmental organization has determined have “strategic deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing.” Inclusion on the Grey List means that FATF feels that a country poses an elevated AML/CFT risk – and that firms should reflect that risk in their compliance response when handling relevant transactions. In contrast to its Black List, FATF does not call for its member states to automatically apply enhanced due diligence (EDD) measures as part of their compliance response – but instead asks that they take Grey List information “into account” when performing risk analysis.
In addition to the elevated AML/CFT risk, designation on the Grey List also means that a country has committed to working with FATF, and with FATF-style regional bodies (FSRB), to resolve its strategic deficiencies under agreed timeframes. Grey list countries must identify the causes of their money laundering problems, and then report to FATF on the progress they make in addressing them. The Grey List is a changing document, with new countries added to and withdrawn from it as they are reviewed by FATF on an ongoing basis. In 2021, the Grey List included the following countries:
Albania
Barbados
Burkina Faso
Cambodia
Cayman Islands
Haiti (added in June 2021)
Jamaica
Jordan
Mali
Malta (added in June 2021)
Morocco
Myanmar
Nicaragua
Pakistan
Panama
Philippines (added in June 2021)
Senegal
South Sudan (added in June 2021)
Syria
Turkey (added in October 2021)
Uganda
Yemen
Zimbabwe
The Black List
While the FATF Grey List includes countries that are subject to increased monitoring as a result of their AML/CFT deficiencies, the Black List includes those countries that FATF has deemed to have “significant strategic deficiencies” in their AML/CFT regimes.
Set out in FATF’s High Risk Jurisdictions subject to a Call for Action, Black List countries represent severe criminal risks to financial systems. Black List countries may be engaging in ongoing illegal activities, including the proliferation of weapons of mass destruction, or have failed to enact AML/CFT action plan measures set out by FATF. Accordingly, FATF calls on its members to implement a more intensive compliance response to Black List countries than it does Grey List countries, including applying enhanced due diligence measures to any relevant transactions.
In “serious cases” of AML/CFT risk with Black List countries, FATF calls upon its members to actively apply countermeasures as a means to protect the global financial system from the threats that they pose. During 2021, the only countries on the Black List were:
Democratic People’s Republic of Korea (North Korea)
Iran
Both North Korea and Iran have featured on the Black List as far back as 2012. In 2020, Iran was re-designated on the Black List after its failure to implement points on its action plan.
Recent Changes to the Grey List
Following reviews of their AML/CFT regimes, and success in addressing FATF action plan points, countries may be removed from the Grey and Black Lists. Similarly, countries that demonstrate deficiencies in their AML/CFT regimes may be added. Recent changes to the Grey List include:
Countries removed:
Ghana: FATF added Ghana to the Grey List in 2018. After it successfully completed its action plan, and passed an on-site FATF inspection, it was removed from the list in June 2021.
Botswana: After being included on the Grey List in 2018, Botswana committed to working with the FATF to address outlined deficiencies in its AML/CFT framework. Following an assessment by the Eastern and South Africa money Anti-Money Laundering Group (ESAAMLG), Botswana was removed from the Grey List in June 2021.
Mauritius: After adding it to the Grey List in 2020, FATF assigned Mauritius an AML/CFT action plan. Mauritius subsequently convened several working groups and announced a range of regulatory changes. In June 2021, following an on-site visit, FATF determined that Mauritius had completed its action plan and removed it from the Grey List.
Countries added:
Turkey: FATF has criticized Turkey’s progress in addressing AML/CFT threats in its banking industry. In particular, FATF cited concerns that terrorist groups in the neighboring Iran, Iraq, Syria, and Lebanon may be feeding funds into Turkey’s financial system. Accordingly, FATF added Turkey to the Grey List in October 2021.
Grey List Compliance for Banks
When dealing with Grey List countries, the increased risk of money laundering, terrorism financing, and other financial crimes, means that firms must exercise suitable compliance caution – by implementing the measures set out in the FATF Recommendations, and screening and monitoring customers for connections with designated countries. FATF Grey List compliance requires firms to conduct assessments of their customers in order to understand the risk that they present. Firms may then use data from those assessments to build out individual customer profiles – and then deploy a compliance response commensurate with the risk they face. This risk-based approach to compliance entails measures that include:
Customer due diligence: Firms should establish and verify the identities of their customers in order to build accurate risk profiles. Particularly high risk customers from Grey List countries may be subject to enhanced due diligence measures.
Customer monitoring: Transactions with Grey List countries should be closely monitored for ‘red flag’ indicators of criminal activity.
Screening: Customers from Grey List (and Black List) countries may be sanctions targets or politically exposed persons (PEP). Accordingly, firms should screen against the relevant sanctions watch lists and PEP lists in order to ensure an appropriate risk response.
Adverse media: News stories may reveal customer involvement in criminal activities before that information is confirmed by official sources. With that in mind, firms should implement an effective adverse media screening solution to detect stories that involve high risk customers from Grey List countries.
Supply chain consequences: Firms that do business with Grey List countries should adjust their risk management solution to account for any regulatory effects on supply chains. In practice, this means extending AML/CFT controls to partners and counterparties down the chain to reflect the level of Grey List exposure that a firm has taken on. Some jurisdictions include mandatory supply chain risk management in their AML/CFT regimes. Firms in Germany, for example, must conduct supply chain due diligence on firms in Turkey now that it has been added to the Grey List.
Automated Grey List Screening
Grey List compliance obligations require firms to collect and manage large amounts of data in order to facilitate assessments of the risks that individual customers present and to manage effective AML/CFT responses. Automated software solutions are essential to the Grey List screening process, adding speed and efficiency and reducing the potential for costly human error. Next generation screening solutions further enhance Grey List compliance by adding levels of depth and analysis to screening capabilities, increasing capacity, reducing false positives, and consolidating data sources – including adverse media and sanctions lists – from around the world, in real time.
FIND OUT HOW RIPJAR CAN HELP You WITH Watchlists and Sanctions Screening. PLEASE GET IN TOUCH.
The Australian Transaction Reports and Analysis Centre (AUSTRAC) is Australia’s financial intelligence unit and its primary financial regulator. AUSTRAC was founded in 1989 following the passage of the Financial Transaction Reports Act 1988 and is headquartered in Australia’s capital city, Canberra. AUSTRAC is organized into three departments that reflect its responsibilities: intelligence, capability and strategy, and regulation, education, and policy. The regulator is currently led by CEO Nicole Rose.
AUSTRAC is responsible for detecting and preventing financial crime in Australia and for providing regulatory oversight for the country’s financial service providers. In order to fulfil those responsibilities, AUSTRAC collects and analyzes reports from banks and other obligated organizations which it then uses to generate financial intelligence data for subsequent criminal investigations.
Reporting threshold: Firms in Australia must submit Threshold Transaction Reports (TTR) to AUSTRAC when handling transactions of A$10,000 or more (or an equivalent amount in foreign currency). TTRs must be submitted within 10 business days of the transaction date.
International funds transfers: When funds of any amount are transferred into or out of Australia, either electronically or via a designated remittance agreement, firms must submit an international funds transfer instruction report (IFTI) to AUSTRAC. IFTIs must be submitted within 10 days of the transaction.
Suspicious matters: When customers engage in any kind of suspicious activity, firms must submit a suspicious matter report (SMR) to AUSTRAC within 72 hours of detecting the suspicious activity (or 24 hours if it relates to terrorism).
Cross border movement: In 2020, the Australian parliament passed an amendment to the Anti-Money Laundering and Counter-Terrorism Financing Act. Under the new rules, when persons move physical currency in amounts of A$10,000 or more (or an equivalent amount of foreign currency) into or out of Australia, they must submit a cross border movement (CBM) report to AUSTRAC within 5 business days.
Risk Based Compliance
Following Financial Action Task Force (FATF) recommendations, AML rules in Australia require firms to take a risk-based approach to regulatory compliance, deploying AML/CFT measures proportionate to the risks that they face. Firms should build their risk-based compliance on an effective risk management solution in order to identify and assess their customers at onboarding, and to monitor their behaviour throughout the business relationship. In particular, firms should focus on the following key AML/CFT factors:
Identity verification: Firms should establish and verify the identities of their customers in order to build accurate risk profiles and to accurately match customer names during subsequent KYC screening and monitoring processes.
Transaction monitoring: Firms should continuously monitor their customers’ transactions in order to manage risk profiles, and identify transactions that may warrant an AUSTRAC suspicious matters report.
Political corruption: Politically exposed persons (PEP) such as elected, and government officials present an elevated AML risk. Accordingly, firms in Australia should screen their customers to determine whether they are PEPs and therefore warrant a greater degree of AML/CFT scrutiny. AUSTRAC requires firms to screen for domestic, foreign, and international PEPs.
Sanctions and watchlists: Australia maintains an autonomous international sanctions list and enforces United National Security Council sanctions. Accordingly, AUSTRAC requires firms to screen foreign customers against the relevant sanctions and watch lists and take any relevant compliance steps, such as asset freezes and SMR submission.
Adverse media: News stories often indicate customer involvement in money laundering or terrorism financing before official sources offer confirmation. With that in mind, AUSTRAC recommends that firms conduct adverse media searches, both at onboarding and throughout the business relationship, in order to detect news stories that affect their customers’ risk profiles. Adverse media searches should be conducted with sufficient scope and should include any relevant foreign language news sources.
AUSTRAC Initiatives
AUSTRAC works closely with financial institutions across the country to address emerging criminal methodologies and regulatory changes. With that in mind, AUSTRAC’s recent initiatives reflect a changing financial landscape:
De-banking: In October 2021, AUSTRAC issued a statement on de-banking as a result of account closures, and focused on the potential for that trend to increase the risk of money laundering. De-banking refers to the process of a financial institution exiting a business relationship with a customer as a result of perceived higher risk. AUSTRAC suggests that money transfer businesses, cryptocurrency exchanges, and fintechs are amongst the organizations most at risk of de-banking and may be exploited by criminals in the illegitimate financial system as a result. With that in mind, AUSTRAC urged banks to enhance their risk-management solutions to increase their capability to serve higher risk customers.
Cryptocurrency exchanges: In November 2021, an Australian government Senate Select Committee recommended establishing a new licensing regime for cryptocurrency exchanges. Under existing regulations, AUSTRAC imposes the same registration requirements on cryptocurrency exchanges that it does other financial service providers. The new licensing regime will be implemented to address gaps in current regulation and to improve protection for consumers.
Digital asset ‘travel rule’: FATF recently updated its ‘Travel Rule’ to include cryptocurrency services providers. The rule, which is implemented by AUSTRAC, requires the beneficiaries and originators of fund transfers to exchange identifying information in order to establish an audit trail and better address AML/CFT risks. The Australian Senate Select Committee recommended further clarification on AML/CFT measures as they apply to cryptocurrency service providers in order to ensure they are ‘fit for purpose’.
Find out how Ripjar can help you comply with AML Screening and Monitoring requirements in Australia and globally. PLEASE GET IN TOUCH.
The European Union’s Anti-Money Laundering Directives (AMLD) are issued periodically to adjust the bloc’s collective regulatory response to the threat of money laundering and terrorism financing. When the European Parliament hands down a new money laundering directive, EU member-states have an implementation period in which to transcribe the legislation into domestic law and ensure that all domestic banks and financial institutions are compliant.
Each AMLD broadly reflects changes to the global financial risk landscape, often requiring firms to expand anti-money laundering and counter-financing of terrorism (AML/CFT) measures to new types of service or customer or to adjust to new criminal methodologies. The most recent AMLD was the Sixth Anti-Money Laundering Directive (6AMLD) which was issued on 3 December 2020, with an implementation date of 3 June 2021. 6AMLD broadly strengthened measures introduced in 5AMLD, while adjusting other AML/CFT compliance measures to reflect changing criminal threats.
With 6AMLD now in legal effect in every EU member state, compliance officers should understand how their organization’s regulatory landscape has changed, and how to manage the new compliance responsibilities that it entails. Although it has left the EU and has opted not to implement 6AMLD, the UK has effectively already implemented the directive’s regulatory requirements in its domestic legislation. Similarly, EEA member states, such as Liechtenstein, or Switzerland (which is a member of the single market) must broadly implement the directive’s terms.
1. Regulatory Harmonization
6AMLD introduced a harmonized definition of the crime of money laundering to be used by each EU member state. The harmonization is intended to remove loopholes and inconsistencies in domestic legislation and address emerging money laundering methodologies that exploit new technologies or regulatory blindspots. As part of the regulatory harmonization, the EU set out a list of 22 money laundering offences, including crimes such as tax evasion, insider trading, drug trafficking, and human trafficking. The list of 22 predicate offences included 2 new predicate offences: cybercrime and environmental crime, both of which reflect the EU’s desire to focus on emerging criminal threats and the shifting legislative focus of its member states.
2. Regulatory Scope
In addition to the new predicate offences, 6AMLD expanded the criminal definition of money laundering to include “aiding and abetting”. Accordingly, under 6AMLD, persons that help or enable money launderers to transform illegal money will also be considered guilty of the crime of money laundering – and be charged in the same way. Aiding and abetting takes in persons that attempt to launder money, or that encourage or incite others to launder money.
The expanded list of predicate offences and the expanded scope of the money laundering offence means that compliance officers should examine their own understanding of the law as it applies within their jurisdiction. Similarly, they should ensure that their internal AML programs are capable of capturing the new risk exposures that the adjusted definitions create.
3. Criminal Liability
6AMLD expanded the scope of criminal behaviour associated with money laundering but also changed the way that criminal liability applies to the offence. Prior to 6AMLD, only individual criminals could be held liable for money laundering offences: under the new regulations, criminal liability is extended to legal persons, which means that organizations can be punished for offences committed by the people that work for them. Organizations that are found guilty of money laundering face a range of penalties, including supervision orders or operational bans. The change means that responsibility for corporate criminal conduct falls on management personnel in addition to individual employees. By expanding criminal liability, the EU is signaling that larger companies will be held to account under their regulatory regime and be expected to actively contribute to the global effort to combat financial crime.
4. Money Laundering Punishments
Under 6AMLD, the EU moved to address inconsistencies in money laundering punishments across member-states by increasing the minimum prison sentence for money laundering. Prior to the directive, the minimum prison sentence for individuals found guilty of money laundering was 1 year: under the new rules, the minimum sentence has increased to 4 years.
The increased sentences may not represent a significant change for many member states since they already mandate 4-year minimums (or longer) but will serve to bring outliers with lower sentences into alignment with the rest of the bloc. While it has not implemented 6AMLD, the UK’s money laundering punishments are harsh, with maximum prison terms of between 2 to 14 years depending on the severity of the crime for those found guilty of offences. 6AMLD’s sentencing changes also include discretion for judges to impose fines on individuals found guilty of money laundering and to prevent corporate entities found guilty of money laundering from accessing EU public funding programmes.
5. Dual Criminality
In another important step, 6AMLD has introduced changes to the way member states address dual criminality as it applies to the crime of money laundering. Dual criminality refers to crimes that span international borders – in the context of money laundering, it involves illegal funds that are laundered in a country other than the one in which they were acquired.
Under 6AMLD, member-states have specific information sharing and cooperation requirements to facilitate dual criminality money laundering prosecutions. In order to implement those changes effectively, some member-states may need to treat certain predicate offences as criminal offences regardless of whether they are illegal. These offences are:
Involvement in organized crime
Human trafficking and smuggling
Sexual exploitation
Drug trafficking
Corruption
6AMLD also sets out guidance for authorities to determine where a dual-criminality money laundering prosecution should take place. That guidance suggests that member states should consider the location of the original victim of the predicate offence, the nationality of the offender, and where the money laundering offence took place.
Adapting to 6AMLD
Since it is now in effect, all banks and financial service providers in the EU must ensure that they are compliant with 6AMLD. In practice this means that compliance officers should review their internal compliance solutions to account for the adjustments to predicate offences and criminal liability. The following measures may be particularly important:
Ensuring organization-wide understanding of 6AMLD’s new definition of money laundering and the 22 money laundering predicate offences.
Reviewing criminal liability for potential money laundering offences, including the conduct of senior and management employees.
Adjusting risk assessment procedures for alignment with the new risk landscape.
Training compliance employees to meet their new obligations.
Implementing suitable technology solutions to ensure ongoing compliance with 6AMLD.
Screening obligations: 6AMLD’s expanded regulatory scope includes a requirement for firms to adjust their compliance screening solutions, including implementing enhanced customer due diligence for higher risk customers. In practice this means that firms must conduct “open source or adverse media searches” for occasional transactions and periodically throughout business relationships, in order to be aware of any emerging risk exposure.
GET IN TOUCH TO LEARN HOW RIPJAR CAN HELP YOU To Comply With 6AMLD
In order to understand the compliance risks that they face, financial institutions must validate the identities of their customers and ensure that they are being truthful about their business interests by performing suitable customer due diligence (CDD). A critical foundation of any Know Your Customer (KYC) process, CDD is recommended by the Financial Action Task Force (FATF) as part of a risk-based approach to anti-money laundering and is required by financial regulators in jurisdictions around the world.
To achieve regulatory compliance, firms should understand why customer due diligence is an important part of the regulatory process and how to deploy it as part of their risk management solution.
What is Customer Due Diligence (CDD)?
Customer due diligence refers to the process of identifying customers and ensuring that they are being truthful about who they are and how they are using an organization’s services. In a financial context, banks and financial institutions must perform CDD in order to inform their risk-based compliance solutions, using the information they gather to make important compliance decisions.
Accordingly, CDD requires organizations to collect and analyze a variety of data and documentation and verify that data to a sufficient level of confidence. The effectiveness of many critical compliance processes, such as sanctions list and adverse media checks, is predicated on the verification of customer identities during the due diligence process.
Why is CDD important?
CDD is an important tool in the fight against money laundering and the financing of terrorism. Criminals that are seeking to transform illegal funds must find ways to introduce those funds into the legitimate financial system by concealing their identities as a way to avoid AML/CFT controls. CDD provides organizations with a way to identify those customers and deploy suitable compliance measures against them in order to prevent financial crimes.
CDD is especially important in complex or higher risk financial service environments such as the digital platforms provided by challenger banks. In these environments, money launderers take advantage of the inherent speed and anonymity of online financial services to better conceal their identities, submitting false or incomplete identifying information or even using proxies to access financial services.
What does CDD involve?
Effective CDD involves the following key considerations:
Identifying information: The data that organizations collect to establish a customer’s identity should include name, address, date of birth, business incorporation number, and any other documents that are relevant to their risk profiles. That data must be sourced from official documents, such as passports and driving licenses, and verified by the collecting institution.
Beneficial ownership information: In some cases, it may be difficult to perform CDD because a transaction involves a commercial entity rather than an individual customer. In these situations, organizations must work to establish ultimate beneficial ownership (UBO) to ensure that criminals are not using shell companies or corporate infrastructure to evade compliance controls.
What is risk-based CDD? And what is EDD?
Following Financial Action Task Force (FATF) guidance, an organization’s CDD process should form part of a risk-based compliance solution. Risk-based compliance requires firms to assess their customers individually to establish the risk level and then deploy a compliance response commensurate with that risk. In addition, risk-based compliance is a way for organizations to balance their regulatory obligations with their budgetary needs by ensuring that AML resources are directed towards worthwhile targets. With that in mind, higher risk customers may be subject to more intensive compliance measures, while lower risk customers may be subject to simplified measures.
n a CDD context, higher risk customers should be subjected to enhanced due diligence (EDD) measures which go beyond the level of scrutiny required by standard CDD. EDD is generally more rigorous than standard CDD and might require a customer to provide a greater amount of identifying information or provide a greater degree of verification – such as copies of personal bank statements. In some cases, organizations may engage a third-party to investigate their customers and the identifying information that they have provided. EDD might also integrate peripheral screening considerations more extensively: adverse media stories, for example, may be regarded as a more significant additional check when deployed as part of EDD measures.
How can technology enhance CDD?
Since CDD can represent a significant compliance burden, organizations should seek to integrate suitable compliance technology to help facilitate the process. The speed and accuracy of software automation not only helps firms handle their CDD data collection and analysis obligations but enhances customer experiences at onboarding and reduces the potential for costly compliance errors.
With the benefit of smart technology, firms may also use data collected during the CDD process to create deeper and more informative customer risk profiles, and to make better compliance decisions when customers diverge from expected financial behaviors or generate AML/CFT alerts. Similarly, smart technology can help firms adjust quickly to changes in AML/CFT legislation or adapt to emergent criminal methodologies, such as novel methods of avoiding identity verification.
Get in touch to learn how Ripjar can help you with CDD and EDD.
A central bank digital currency (CBDC) is a form of electronic money, usually an analogue of a fiat currency, endorsed by a government and issued by its central bank.
Driven by advances in financial technology, digital currencies, including cryptocurrencies such as Bitcoin and Ethereum, have transformed the global financial landscape. In March 2020, the Bank of England published a CBDC discussion paper to explore the opportunities and risks of introducing a UK CBDC. While the regulator has not yet determined whether a CBDC will be introduced in the UK, the paper represents the first steps of an exploratory process.
With regulators around the world exploring the possibilities of CBDCs, it is important that financial institutions develop an understanding of the digital currency landscape and how their compliance responsibilities might change.
How do digital currencies work?
CBDCs share many similarities with cryptocurrencies: units of a CBDC are represented virtually by digital tokens: stores of value that may be transmitted instantly to recipients around the world via high-speed internet connections, and that may be exchanged for goods and services where they are accepted by vendors. Those tokens are cryptographically secured on software infrastructure known as a blockchain: every time tokens are exchanged between users on the blockchain, a network of computers tracks and verifies those changes with distributed ledger technology (DLT) and adds that information to the chain as a new ‘block’ of data. The tracking and verification processes used by certain cryptocurrency blockchains can be slow and inefficient since they require the agreement of multiple user nodes. In theory, CBDC verification will be faster since currency exchanges will be processed by a central bank without any need to facilitate decentralized consensus mechanisms.
Since they are electronically integrated into a software network, digital tokens have a much broader utility than a simple payment medium – and may be used by a spectrum of apps and fintech instruments to expand financial possibilities and service access for their user community.
How do CBDCs differ from cryptocurrencies?
Unlike cryptocurrencies, which are generally built around decentralized blockchain technology and governed by the consensus of their user communities, CBDCs are issued and controlled by a centralized authority – a central bank – and much more closely regulated.
In developing their own CBDCs, governments are seeking to retain the speed, innovation, flexibility, and security of blockchain technology without the high-risk, decentralized anonymity of cryptocurrencies. CBDCs may not use the same distribution methods as blockchain-based cryptocurrencies, and will not necessarily implement the same cryptographic tracking, verification, and security technology to facilitate exchanges. Instead, CBDCs will be fully electronic currencies, with governments retaining full centralized control over their financial features and transmission.
In practice, this means that governments will control the governance, oversight, and supply of CBDC digital tokens, and use them to perform important economic functions and regulatory tasks. The digital tokens issued to represent a CBDC will, like a fiat currency, be backed by a country’s asset reserves.
CBDC risks and opportunities
The Bank of England’s CBDC discussion paper explored the opportunities and risks associated with the introduction of a CBDC. After collating participant responses, the regulator set out the following emergent core principles for the implementation of a CBDC in the UK:
The CBDC should promote financial inclusion, and be accessible for users regardless of their age, social demographic, technical knowledge, or disability.
The CBDC should be deployed in a competitive ecosystem to promote innovation and to save users time and money.
In exploring the potential of a CBDC, the central bank should not overlook the value and impact of other innovations on the payments services landscape.
The CBDC must comply with the UK’s anti-money laundering and counter-financing of terrorism regulations and should protect its users’ privacy insofar as that does not compromise AML/CFT compliance.
The CBDC should not compromise the central bank’s ability and responsibility to ensure monetary and financial stability.
While digital currencies offer new financial possibilities, they also offer financial criminals new opportunities to operate outside traditional financial systems. In particular, the accessibility and anonymity of CBDCs may increase the risk of international sanctions violations, letting users conceal their identities and evade conventional AML/CFT controls by moving illegal funds quickly between different jurisdictions.
CBDC screening considerations
In order to avoid sanctions violations and other compliance risks, CBDCs should be introduced with robust identity verification requirements, deployed as part of an organization’s Know Your Customer (KYC) process. This means that organizations should establish and verify the identities of their customers by collecting data (such as names, addresses, dates of birth) and then use that data to inform customer risk profiles and to screen against international sanctions lists. While identity verification is a foundation of effective AML, digital currencies present a range of compliance challenges that conventional currencies and transactions do not:
Customer identities: Since it may be more difficult to establish customer identities in CBDC-related services, organizations should seek to integrate digital identification measures, including enhanced customer due diligence, and biometric controls such as fingerprint, voiceprint, and facial scan technology.
Suspicious transactions: Organizations should reconsider their transaction monitoring process for CBDC services, taking into account the elevated risks associated with digital funds. Typically, high risk digital currency transactions include those in which customers have provided inadequate identification, or transactions involving senders and recipients in high-risk jurisdictions.
Sanctions screening: Organizations should ensure their sanctions screening solution is updated with the latest data and can handle the unique challenges of CBDC screening (anonymity, speed, etc.).
Compliance technology
The AML/CFT challenges associated with CBDCs mean that organizations must implement suitable automated technology solutions in order to ensure regulatory compliance and to manage the vast amounts of digital customer and transaction data they are required to collect. In addition to offering significant speed and accuracy benefits over manual risk screening, smart technology promises a range of specific advantages for compliance with CBDC-focused regulations:
Machine learning: Automated compliance systems often incorporate machine learning technology which enables organizations to categorize and prioritize CBDC data efficiently, and make better decisions based on previously collected data. Machine learning tools may, for example, help organizations spot unforeseen risks quickly – such as when a customer’s financial behavior diverges from established expectations, or when new patterns and trends emerge across the often-volatile digital currency markets.
Security: Since digital identity verification requires customers to submit a range of personal data, smart technology may be employed to put robust protections in place, such as biometric verification, two-factor authentication, and end-to-end encryption. Beyond protecting customer data and assets, smart technology can prevent criminals from misusing CBDC financial services to launder money and fund terrorist activities.
Versatility: The digital currency landscape is evolving at a pace. Smart software solutions allow firms to adapt to changes in data collection requirements scaling up and down as business and regulatory needs change. Similarly, smart software enables firms to react quickly to changes in criminal methodologies, deploying more effective AML responses based on emerging trends and threats.
WANT TO LEARN HOW RIPJAR CAN HELP WITH Central Bank Digital Currencies? PLEASE GET IN TOUCH.
