With the January 31st tax filing deadline well out of the way, Tim Pinkney, Director of Compliance at the Association of International Accountants, says it’s time for firms to think about ‘spring cleaning’ their risk processes to avoid falling foul of new money laundering regulations.
As the march of technology continues to revolutionise the way financial flows move around the world, the battle to stamp out money laundering and terrorist financing becomes ever more challenging.
The response from the UK Government and professional sector has though, been robust. In addition to the revised Money Laundering Regulations published in June last year, regulatory bodies and the Government have joined forces to promote profession-wide awareness-raising initiatives such as the Flag It Up campaign, in order to ensure that professionals are in the strongest possible position to meet their statutory obligation to report suspicious activity to the National Crime Agency (NCA).
As supervisors, we appreciate that the anti-money laundering (AML) landscape is hugely complex. Nevertheless, our expectation is that all practices are working to ensure they are 100% compliant with the new regulations. With the hectic January tax filing period behind us, now is the perfect opportunity to carry out a comprehensive spring clean of approaches to managing exposure to all forms of financial crime and AML obligations.
The risks posed to different firms by money laundering activity will not be of the same nature in every case, which is why the key to preparedness is to take what’s known as a ‘risk based’ approach to AML – particularly in relation to client due diligence and staff training procedures.
If we were inspecting a member business tomorrow, at the very least we would expect to see that it had money laundering procedures in place that are shaped around the 2017 regulations or were moving towards them.
The firm’s policies and procedures should clearly outline what its risk appetite is and what it does to mitigate risks. In addition, it should be clear who the Money Laundering Reporting Officer (MLRO) is, and what approach is taken to training.
The exact shape of this risk-based approach will ultimately be defined by a firm’s risk appetite. For example, you could have a policy that says you’re very risk-averse, or you might decide you don’t mind taking on higher risk clients – but in either case the overall approach to managing risk will need to be proportionate.
What should be classed as a client risk? In short, we would define it as the chance of a client or their associates having attributes known to be associated with money laundering. This may sound obvious, but our experience is that it can be far from clear-cut.
Considering client risk, businesses should look for some of the telltale signs that all might not be as it seems. Client secrecy, unnecessary structures, not being able to contact the client, being out of the country a lot and opaque ownership are common red flags. So too are being based in geographic jurisdictions known to be associated with money laundering or being associated with certain political regimes. It is particularly important to bear in mind that these flags don’t just apply to your clients, but also to their clients and associates.
Of course, you should always carry out due diligence at the start of a new client relationship – the usual checklist of things such as verifying identity, personal circumstances, addresses, VAT and company registration numbers – but circumstances can and do change during the course of the year, which is why an annual due diligence refresh is a sensible step.
Depending on the risk-rating of the clients you decide to take on, you may be required to carry out enhanced due diligence to satisfy professional supervisors that you have done everything you can by way of AML mitigation.
By way of example, if the police believed one of your clients was involved in money laundering and was moving illegal funds through your business, they would want you to be able to demonstrate what you have done everything you can to mitigate against that eventuality. And unless you have a documented audit trail showing what action you took to assess the validity of the client, you could find that it’s you, as well as your client, who is facing criminal proceedings.
Another important reason to carry out a regular spring clean on your client portfolio is the introduction last year of the requirement for all businesses, with the exception of sole practitioners, to carry out a ‘whole firm risk assessment’.
This key document will provide evidence that you as a firm have attempted to identify and codify where your weak points are – showing that you know where you are vulnerable if criminals were going to target you. It acts as the cornerstone of your fight against financial crime and is something that we as supervisors will be looking for when we start our rounds of visits, desktop reviews and telephone interviews in the spring.
Carrying out regular, proportionate due diligence on your client base could flag up the discrepancies that might prompt you, either directly or through your designated MLRO, to complete a Suspicious Activity Report (SAR). Doing so will contribute to the combined intelligence pool that is often required to unravel criminal activity. Now’s the time to polish up those procedures.