Anti-Money Laundering & Terrorist Financing
ANNUAL CRIMINAL JUSTICE (ANTI-
MONEY LAUNDERING & TERRORIST
FINANCING) ACT 2010 TRAINING
J
U
N
E
2
0
1
8
What is Anti-Money Laundering & Terrorist financing?
It is the process by which criminals conceal the true origin and ownership
of the proceeds of drug trafficking or other criminal activity.
A common misconception in relation to Money Laundering is that it only
relates to theft, drug or similar offences.
It might also be:
Tax evasion
Financial fraud and deception
Theft
To be guilty of money laundering a person must know or believe the
property involved is or probably is the proceeds of criminal conduct or be
reckless as to whether the property is the proceeds of criminal conduct.
Terrorist Financing
Funds intended to finance an act of terrorism.
Links between terrorist groups and organised criminal gangs.
Includes converting, transferring, handling, acquiring, possessing or
using the property that is the proceeds of criminal conduct.
There must be intention or knowledge in providing or collecting funds for
the purposes of financing terrorism, in order for there to be an offence.
3
Stages of Money Laundering
There are three stages in the money laundering process:
Placement – this is the physical disposal of cash;
Layering – the creation of complex layers which make tracking
transactions difficult;
Integration – absorbing the money back into the economy as legitimate
money.
4
Designated Persons
Mortgage Intermediaries and intermediaries by virtue of their registration
as Insurance Intermediaries who provide Life Assurance or other
investment related services are deemed to be “Designated Persons”.
Note:
Intermediaries only operating in the General Insurance market do
not fall under the CDD requirements.
5
Designated Persons must have internal policies and procedures to reflect
the requirements of the legislation in relation to the following areas
:
Customer due diligence
Reporting
Record keeping
Internal procedures & training
(All staff including executive &
non-executive
directors are required to
receive training in relation to AML & combating terrorist financing.)
6
What does Customer Due Diligence mean?
•
Identify & verify the customer.
•
Identify & verify the beneficial owner (
An individual who ultimately
owns or controls the customer and/or on whose behalf a transaction
or activity is conducted).
•
Establish purpose & intended nature of business relationship (
a
business, professional or commercial relationship between the
designated person and the customer that the designated person
expects to be ongoing).
•
Monitor customer dealings on an on-going basis.
Beneficial Owner
•
Company
An Individual holding 25% or more of shares or voting rights.
•
Partnership
An Individual holding 25% or more of profits or capital or voting rights,
•
Trusts
An individual with at least 25% of capital or has control over a trust.
•
Estate
Executor.
Purpose & intended nature of the business relationship
In most cases this will be self evident e.g.
Investing in a life policy
Opening bank account
Ongoing monitoring
Scrutinise transactions:
Source of wealth or funds
Consistent with knowledge of customer and the customer’s business
and pattern of transactions
Customer Due Diligence Requirements
Legislation allows designated persons to apply aspects of the customer
due diligence requirements on a risk-sensitive basis depending on:
a)
The nature of the product being sold;
b)
The delivery mechanism or distribution channel used to sell the
product;
c)
The profile of the customer; and
d)
The customer’s geographical location and source of funds.
Intermediaries are required to carry out Customer Due Diligence
•
Prior to establishing a business relationship with the customer.
•
Prior to carrying out for/with the customer any transaction which appears
linked to another transaction or prior to assisting the customer in carrying
out a single transaction if:
(i) You do not have a business relationship with the customer; and
(ii) The total amount of money paid by the customer in the single
transaction or series of transactions is greater than €15,000.
Intermediaries are required to carry out Customer Due Diligence
(contd.)
•
Prior to carrying out any service for the customer, if you have reasonable
grounds to believe that there is a real risk that the customer is involved in
money laundering/terrorist financing(ML/TF).
•
If you have grounds to doubt the veracity of documents provided by the
client.
Three categories of Customer Due Diligence (CDD)
•
Simplified Customer Due Diligence
applies to low risk customers and
products.
•
Enhanced Due Diligence
applies to non-resident ‘Politically Exposed
Persons’ deemed to be high risk.
•
Standard
Due Diligence
must be applied to all remaining customers and
products
.
Simplified Customer Due Diligence
•
Simplified Customer Due Diligence (SCDD) means that a designated
person does not need to comply with the CDD obligations (as listed
previously). You must obtain sufficient information about the customer to
satisfy that the customer meets the criteria for Simplified Due Diligence.
Simplified Customer Due Diligence: Specified Customers
•
Banks and financial institutions in the State
As they are themselves Designated Persons?
•
A Company whose shares are listed
•
A public body
•
EU agencies and bodies
Simplified Customer Due Diligence: Specified Products
•
Life assurance policy having an annual premium of no more than €1,000
or a single premium of no more than €2,500.
•
Pension, superannuation or similar schemes which provide retirement
benefits to employees; where contributions are made by an employer or
by way of deduction from an employee’s wages and the scheme rules do
not permit the assignment of a member’s interest under the scheme.
•
Insurance policies for pension schemes if there is no surrender clause
and the policy cannot be used as collateral (e.g.) Pension Term Assurance.
Enhanced Due Diligence
•
In practice for intermediaries, Enhanced Due Diligence applies in respect of a
business relationship or transaction with
non resident
Politically Exposed
Persons (PEP’s).
•
A “PEP” is an individual who is not resident in Ireland and has been entrusted
with prominent public functions or an immediate family member or a known
close associate of such a person, who is not resident in Ireland.
•
A person is a PEP if they held a relevant office at any time within the last 12
months
Enhanced Due Diligence contd.
•
Designated persons must have processes in place
prior
to establishing a
business relationship with a customer to determine whether the person
may be deemed to be a “PEP”.
•
Intermediaries should establish whether the client is resident or non
resident.
•
Where the client indicates that they are non resident, steps should be
taken by the intermediary to establish if the customer falls within the
definition of a “PEP”.
Enhanced Due Diligence contd.
•
Require senior management approval to establish a business
relationship with a “PEP”
•
Take measures to establish the source of wealth and funds for
transactions.
Standard Customer Due Diligence (SCDD)
Applied on a risk based approach
Profile of the customer
Nature of product or service
Distribution channel
Geographical area of operation
There are 3 overall levels of risk for insurance products:
•
Low Risk
•
Intermediate Risk
•
Increased Risk
Standard Customer Due Diligence (Low Risk)
There are products due to their inherent features which are unlikely to be
used as a vehicle for money laundering purposes. These are classified as
“Low Risk”.
The following features would indicate low risk:
•
Only pays out on death or diagnosis of terminal illness of policy holder.
•
Only pays out on medical evidence and proof is required as to loss of
income.
•
No surrender value.
•
Small, regular premiums: additional payments by customer not possible.
•
Large premiums will normally require medical evidence.
•
No investment element.
•
Once term of policy is finished no payout and policy ceases.
Standard Customer Due Diligence (Low Risk)
Examples of Products which fall into the low risk category are:
Mortgage Protection, Term Life Assurance, Income protection products,
Critical illness products (relating to diagnosis of a specific critical illness)
and Whole of Life policies.
For reduced risk level products, designated persons may accept
personal cheques and other payment instruments drawn on a customer’s
account (i.e. Direct Debits/Standing Orders) to satisfy the standard
evidence requirement.
If payment is made by bankdraft for the products above, Brokers
Ireland would recommend that you get confirmation from the client,
from the bank, confirming where the money is coming from.
Standard Customer Due Diligence (Medium Risk)
The medium risk level is given to products whose inherent features pose
some risk for the purposes of money laundering or terrorist financing.
These may be products which have a facility for “top up” payments.
The following features would indicate medium risk:
•
Long term savings plan often for retirement.
•
Requires at least 5 years to gain positive return on investment.
•
Often unable to be surrendered in first or second year, with penalties in
years three to five.
•
Additional ’top up’ payments may be permitted.
Standard Customer Due Diligence (Medium Risk)
Examples of Medium risk products are :
•
Life Assurance Savings plan (unless premium is less than €1,000 or
€2,500, then Simplified Customer Due Diligence applies.)
•
Endowments
Standard Customer Due Diligence (Medium Risk)
The recommended standard for intermediate risk is as follows (subject to
exemptions):
•
Due diligence requirements are satisfied by the information collected on
the application form, in conjunction with the fact that the payment is
made from an account in the customer’s name (i.e. personal cheques and
other payment instruments drawn on a customer’s account such as Direct
Debits/Standing Orders).
•
If payment is made by bank draft for the products referenced Brokers
Ireland would recommend that you get confirmation from the client,
from the bank, confirming where the money is coming from.
Standard Customer Due Diligence (High Risk)
This level of risk has been given to products whose inherent features
allow for the possibility of them being used for money laundering
purposes.
•
These products have the facility for third party and/or “top up”
payments and therefore an enhanced level of due diligence, by asking for
more information, is appropriate.
•
This is the risk level that the majority of a designated person’s AML
resources will normally be directed. The majority of products in this range
are found in the investment category which reflects the higher value
premium that can be paid into them.
Standard Customer Due Diligence (High Risk)
The following features would indicate High Risk:
•
Open ended investment.
•
Usually a 5 year recommended minimum investment term but can be
surrendered earlier.
•
Additional ‘top up’ payments permitted by policy holder and by third
parties.
•
May be segmented and individual segments may be assignable.
Standard Customer Due Diligence (High Risk)
Examples of High Risk products are:
•
Single premium investment bonds including:
With profits
Guaranteed
Income
Investment
Offshore international bonds
The recommended CDD industry standard for High Risk products
is as follows:
1. Personal customers:
Identification of a personal customer is the process whereby a
designated person obtains from a customer the information necessary
for it to identify who the customer is. The identity of an individual has a
number of aspects at any point in time, all of which must
be obtained
by the designated person:
1)
name (which may change due to particular events);
2)
address (which is likely to change from time to time); and
3)
date of birth (which is a constant).
One plus One approach
Obtain one item from the list of photographic IDs (to verify name and
date of birth) and one item from the list of non-photographic IDs (to
verify address) at the outset of the business relationship.
Sources which can be used to
verify identity
are
:
•
Current valid Passport.
•
Current valid driving licence.
•
Current valid National Identity Card.
•
In the absence of the above documents, written or otherwise
documented, assurances from persons or organisations that have dealt
with the customer for some time may suffice.
•
A designated person might consider it appropriate to adopt an
alternative approach of identification such as seeking a social welfare
card, National Immigration Bureau Card off an individual who has
recently immigrated into the State.
Verify address
•
Current official documentation/cards issued by the Revenue
Commissioners.
•
Current official documentation/cards issued by the Department of
Social and Family Affairs.
•
Instrument of a court appointment (such as liquidator or grant of
probate).
•
Current local authority document e.g. refuse collection bill.
•
Current statement of account from a credit or financial institution.
•
Current utility bills (including those printed from the internet).
•
Current household/motor insurance certificate and renewal notice
Legal persons and arrangements
Directors or the equivalent, for example: Partnerships and unincorporated
businesses, Clubs, Societies, Public Sector bodies.
Identification can generally be satisfied by either:
•
obtaining a copy of the annual audited accounts listing directors (where
the necessary information is publicly accessible and considered by the firm
to be current and reliable); or
•
Obtaining relevant and up-to-date legal opinion from a reliable source
documenting due diligence conducted, in relation to information on
directors:
obtaining information from relevant company or other registry such
as the CRO or known foreign equivalent; or
as warranted by the risk, verify one or more directors in line with
requirements for personal customers.
Legal persons and arrangements contd.
To identify the legal arrangement:
•
A search of the relevant company or other registry (where the necessary
information is publicly accessible and considered by the firm to be current
and reliable); or
•
A copy, as appropriate to the nature of the entity, of the certificate of
incorporation; a certificate of good standing; a partnership agreement; a
deed of trust or other official documentation proving the name, form and
current existence of the customer.
•
In cases regarded by the firm as higher risk, use of more than one source
of information may be warranted.
Legal persons and arrangements contd.
2.
Acquire prescribed information at the outset of the business
relationship to satisfy the additional information requirements:
a)
S
ource of funds for the transaction e.g. an Irish bank account in own
name
.
b)
E
mployment and salary details - this information could be captured in
the Factfind
.
c)
S
ource of wealth (e.g. inheritance, divorce settlement, property sale)
.
This information should be captured on
the
source of wealth form.
Risk Assessment
•
The firm must undertake and document a comprehensive risk assessment
of the business, it should demonstrate that all potential Money
Laundering/Terrorist Financing risks pertinent to their business have been
fully considered and challenged such as :
The nature of the products being sold in the firm
The delivery mechanism or distribution channel used to sell the product
The profile of the customer
The customer’s geographical location and source of funds
•
The outcome of the risk assessment should inform the firm’s risk-based
approach and the design of AML/CTF controls.
•
The firm’s risk assessment should be subject to regular and scheduled
reviews, senior management must at least on an annual basis review and
approve this risk assessment.
Risk Assessment
•
The firm must undertake and document a comprehensive risk assessment
of the business, it should demonstrate that all potential Money
Laundering/Terrorist Financing risks pertinent to their business have been
fully considered and challenged such as :
The nature of the products being sold in the firm
The delivery mechanism or distribution channel used to sell the product
The profile of the customer
The customer’s geographical location and source of funds
•
The outcome of the risk assessment should inform the firm’s risk-based
approach and the design of AML/CTF controls.
•
The firm’s risk assessment should be subject to regular and scheduled
reviews, senior management must at least on an annual basis review and
approve this risk assessment.
Monitoring
•
Ensure effective on-going monitoring policies and procedures are in place
including full review and consideration of all trigger events.
undertake monitoring
on an ongoing basis
for patterns of unusual or
suspicious activity to ensure that higher risk activity
is
scrutinised.
in practice
,
for intermediaries this might
occur
where there is an early
surrender of a policy, encashment
or where the payer of the policy
changes.
Monitoring contd.
•
Employees should be adequately trained to identify such unusual
business and report to the designated person’s Money Laundering
Reporting Officer (MLRO)
(insert firms MLRO name).
•
For example, employee training should cover encashment fraud attempts
with the recent increase in encashment requests being made from client
emails to transfer funds to a particular account, where it transpired the
client had no knowledge of the encashment request
.
•
Where an encashment request is received, it is recommended to take
additional measures to ensure the request is genuine, for example:
Phone the client to confirm the details/instruction
Cross reference proof of ID and residency with existing proof of identity
and residency on file
Distribution Risk – may alter risk
“Face to Face” contact with no facility to take copies of ID
•
Where the interaction with the customer is on a face to face basis, you
should have sight of the original document(s) and appropriate details
should be recorded. Where you visit the customer at his/her home
address, you should make a detailed record of the visit. This would include,
for example, taking details of passport or driving license numbers.
•
Brokers Ireland recommends that in such scenarios, you request the
customer to forward you a copy of the relevant ID and cross reference it
with the details which were recorded at the point of sale.
Distribution Risk – may alter risk
“Non face-to-face
”
•
The extent of the Customer Due Diligence in respect of non face-to-face
customers will depend on the type of the product or service requested and
the assessed money laundering risk presented by the customer.
•
Where the customer is not physically present (e.g.
by post, telephone or
over the internet)
for identification purposes additional measures should
be undertaken to establish the customer’s identity.
Distribution Risk – may alter risk
Examples:
•
Telephone the customer on a home or business number which has been
verified (electronically or otherwise).
•
Communicate at a verified address with account opening docs for
example, which might have to be returned or acknowledged .
•
First payment by the customer through a bank in the State or other EU
Member State or certain specified acceptable countries.
•
Internet sign on with details sent by mail to a verified address.
Third Party Reliance
•
Third Party Reliance – A designated person is permitted to rely on
another designated person to identify and verify its customers for AML
purposes.
Designated persons who rely on third parties will remain liable
for any failure to comply not withstanding their reliance on the third party.
•
The primary responsibility for supervising intermediaries lies with the
Central Bank of Ireland, however Product Providers as a third party retains
responsibility for ensuring that customer due diligence obligations have
been met by the Intermediary.
Note
: Product Providers are legally obliged where an intermediary fails to
meet the customer due diligence requirements to report this to the
Central Bank of Ireland
.
Third Party Reliance contd.
•
In order to comply with the Third Party Reliance requirements, Product Providers
depending on their internal processes may require either:
Copies of all underlying documentary evidence from the Intermediary for
applicable products.
Or
Confirmation of Verification of Identity, where the Product Provider has the
right of audit to ensure that the intermediary has the necessary documentary
evidence.
Failure to establish a customer and/or beneficial owner’s identity
Where an intermediary can not establish the identity of a customer and/or
beneficial owner, as a result of the failure of the customer to provide the
designated person with documents of information required, then an
intermediary must:
Not provide a service to the customer, and
If an existing customer, must discontinue relationship with the customer.
Procedures and Policies
•
Senior Management are obliged to ensure that the firm has procedures
and controls in place to demonstrate compliance with all aspects of the Act
and approve them.
•
Senior Management must have a clearly defined process in place for the
formal review and approval, at least annually, of the policies and
procedures at appropriate levels.
•
Management must clearly set out all approved policies and procedures to
enable staff to apply them in practice and ensure that all staff adhere to
them.
•
All procedures should be complian
t
with the Central Bank’s core and
sectoral guidance notes.
Procedures and Policies
•
These internal policies and procedures should include:
measures to be taken to keep documents and information relating to
customers up to date.
additional measures to be taken where there are reasonable grounds to
believe that the circumstances relating to a customer, beneficial owner,
service, product or transaction may present a heightened risk of money
laundering or terrorist financing. The intermediary shall, in respect of that
customer or beneficial owner, apply additional measures.
measures to be taken to prevent the use of money laundering or
terrorist financing of products/transactions that could favour or facilitate
anonymity.
monitor customers and transactions against both the EU and UN
Sanctions Committee lists relating to terrorism.
Procedures and Policies
•
This slide(s) should be personalised to outline the firms procedures
and policies
Record Keeping
•
Intermediaries are required to keep records evidencing the procedures
applied and the information obtained, when carrying out CDD on
customers for a period of at least 5 yrs after the business relationship with
their customer has ended.
(However, the Consumer Protection Code requires records to be kept for 6
yrs from date of last transaction with client.)
•
Record keeping is an essential part of the evidence trail and sufficient
processes must be put in place to ensure that records are adequately kept.
Record Keeping
•
Customer information collected to comply with the requirements
of Legislation; and
•
Information regarding transactions undertaken by customers
.
Possible formats in which records can be retained include one or
more of the following:
•
Original documents
•
Photocopies of original documents
•
On microfiche
•
In scanned form
•
In computerised or electronic form
Record Keeping
Intermediaries may keep such records wholly or partly in electronic form
only if they are capable of being reproduced in a written form. All records
should be capable of being reproduced in the State
as
per legislation for a
period not less than 6 years.
Outline the firms internal procedures in respect of record keeping here..
Staff Training
•
Intermediaries must ensure that all staff receive on-going training in
relation to their AML and combating of terrorist financing obligations.
•
Staff should receive tailored training to reflect their role within the firm.
•
Training should be consistent with firms policies & procedures.
•
Failure by the employer to provide training is an offence under the
requirements.
•
A formal training schedule should be developed and maintained to
ensure all relevant staff are adequately trained at least annually.
•
Adequate records in relation to staff training should be retained for all
internal & external courses attended for a period of 5 years
Reporting
•
Requirement to have a documented internal reporting process for staff
to report a suspicious transaction - it should provide guidance on how to
complete and submit such reports.
•
There should be documented timelines set by the brokerage in relation to
the filing of the Suspicious Transaction Reports (STR).
•
Staff reports must be made to the Money Laundering Reporting Officer
(MLRO) when the staff member knows, suspects or has reasonable
grounds to suspect that money laundering or terrorist financing is being or
has been committed or attempted
Reporting
•
Staff reports should include appropriate details of the customer who is
the subject of concern and a statement
containing
as
much
of the
information, giving rise to the knowledge or suspicion
, as possible
.
•
All reports
submitted
via the internal reporting process should be
recorded.
•
The MLRO will then decide whether to make the firm’s report to the
Garda Bureau of Fraud Investigation and the Revenue Commissioners.
Reporting
•
If the MLRO decides not to make an external report the outcome and
reasons for not doing so should be recorded and retained.
•
Presenter should provide practical examples of situations which staff
might encounter which would warrant a report.
•
Have written policies and procedures in relation to reporting suspicions
that may arise as a result of a failure on the part of the customer to
provide the required or updated CDD documentation/information.
Reporting
If the MLRO decides an external report needs to be made to the Garda
Bureau of Fraud Investigation and the Revenue Commissioners. The
following information should be contained in the report
:
a)
The information on which the designated person’s knowledge,
suspicion or reasonable grounds are based
;
b)
The identity of the suspected person
;
c)
The whereabouts of the property
that is
the subject of the money
laundering or the funds
that are
the subject of the terrorist financing
;
d)
Any other relevant information
.
Reporting
•
A designated person may be directed in writing by a member of the
Gardaí, not below the rank
superintendent, not to carry out a specified
service or transaction for a period not exceeding seven days.
•
A District Court judge may order a designated person not to carry out a
specified service or transaction for a period not exceeding 28 days.
Reporting
•
A designated person may only proceed with a suspicious transaction or
service prior to the sending of the report to the Gardaí and the Revenue
Commissioners where:
it is not practicable to delay or stop the transaction/service from
proceeding; or
the designated person is of the opinion that failure to proceed with the
transaction or service may result in the other person suspecting that a
report may be made or that an investigation may be commenced or is in
the course of being commenced.
Reporting
You must not disclose to the customer concerned or other third persons
that a report has been made to the Gardai in relation to suspicions of
money laundering or terrorist financing.
Designated persons, employees and directors are legally prohibited from
tipping off.
Designated persons, employees and director are legally indemnified, in
respect of any report made to Gardaí or Revenue Commissioners in good
faith, in relation to a suspicion of money laundering of terrorist financing.
Role of Money Laundering Reporting Officer (MLRO)
•
Holds a pre-approval controlled function (PCF) in the context of the
Central Bank Reform Act 2010
•
Has a significant degree of responsibility and should be familiar with
relevant aspects of the Act and these guidelines.
•
He/she is required to determine whether the information or other
matters contained in the suspicious transaction he/she has received, via
any internal reporting procedure, merit the making of a report to the FIU
(Fraud Investigation Unit) and the Revenue Commissioners.
Role of Money Laundering Reporting Officer (MLRO)
•
Maintenance of a log of any suspicious transactions, including details
where it was decided not to make a report to FIU & Revenue
Commissioners. The reasons for not doing so should be recorded.
Powers of the Central Bank of Ireland
•
The Central Bank of Ireland is deemed to be the competent authority
responsible for monitoring compliance of designated persons with the
Criminal Justice (Money Laundering and Terrorist Financing) Act 2010.
•
The Central Bank has the power under the Administrative Sanctions
Regime to sanction for failure to comply with the necessary obligations.
Powers of the Central Bank of Ireland
October 2016 - Settlement with Ulster Bank Ireland DAC
The Central Bank identified significant failings in Ulster Bank Ireland’s
AML/CTF framework and procedures in respect of:
•
governance and control of AML/CTF outsourcing
•
assessment of AML/CTF risk specific to its business and the relevant
mitigating systems and controls
•
identification and verification of existing customers (CDD) who predated
the Irish AML/CTF laws effected in May 1995 (pre-95 customers)
The Central Bank also identified areas of non-compliance in respect of
trade finance procedure manuals, adherence to internal procedures,
AML/CTF training of non-executive directors and reliance on third parties
in respect of CDD
Powers of the Central Bank of Ireland
April 2017 - Settlement with Allied Irish Bank
The Central Bank identified 6 breach's of the CJA 2010 as a result of
significant failings in Bank of Ireland’s AML/CTF framework controls,
policies and procedures in respect of:
The breaches occurred after the enactment of the CJA 2010 in July
2010 and persisted on average for over three years.
They included AIB’s failure to:
Report suspicious transactions without delay to An Garda Síochána
and the Revenue Commissioners.
Conduct customer due diligence (‘CDD’) on existing customers who
had accounts prior to May 1995 (‘Pre-95 customers’)
Powers of the Central Bank of Ireland
The Central Bank also identified breaches in respect of AIB’s
AML/CFT policies and procedures in a number of areas, including
the above, and its trade finance business.
Powers of the Central Bank of Ireland
May 2017 - Settlement with Bank of Ireland
The Central Bank identified significant failings in Bank of Ireland’s
AML/CTF framework controls, policies and procedures in respect of:
•
Risk assessment: assessment of money laundering/terrorist
financing (‘ML/TF’) risks specific to its business and the relevant
mitigating systems and controls.
•
Suspicious transaction reports: reporting of six suspicious
transactions to An Garda Síochána and the Revenue Commissioners
without delay.
Powers of the Central Bank of Ireland
May 2017 - Settlement with Bank of Ireland contd.
•
Correspondent banking: conduct of enhanced customer due
diligence (‘CDD’) on one correspondent bank situated outside of the
EU.
•
The Central Bank also identified areas of non-compliance with the
CJA 2010 in relation to BOI’s trade finance business, CDD measures
and its reliance on third parties to conduct CDD.
Feedback from Central Bank AML/CTF inspections
From the sample testing undertaken by the Central Bank of both new and
existing customers, a number of issues were identified, including:
- Photo ID and/or address verification documents were not always available
on the customer file.
For corporate customers, no constitutional documentation and/or other
information (e.g. audited accounts, information from Companies
Registration Office, etc.) were obtained for some of the customer files
reviewed.
Documented evidence to demonstrate that on-going monitoring takes
place was not always maintained.
Feedback from Central Bank AML/CTF inspections
The Central Bank expects that:
All required identification and verification is obtained and retained. Where
Standard or Enhanced CDD is carried out, sufficient detail must be
evidenced on the customer file.
Records are maintained of the on-going monitoring conducted, including
the type of and frequency of the monitoring undertaken.
Feedback from Central Bank AML/CTF inspections
A number of issues were identified in relation to training, including:
Insufficient evidence that all staff, including those in key roles relating to
AML/CTF, had received appropriate training.
Training records were not always maintained to demonstrate who had
received the training, when the training took place and the nature of the
training received.
In some of the larger retail intermediaries, staff members were provided
with generic, high level AML/CTF training, but limited or no specific
training related to the AML/CTF procedures and processes relating to the
firm’s specific operations.
Feedback from Central Bank AML/CTF inspections
In assessing the policies and procedures in place, the Central Bank identified
a number of issues, including:
Policies and procedures that are not aligned to, and reflective of, the
Money Laundering/Terrorist Financing risk assessment of the retail
intermediary’s specific product/service offering and its operations.
Policies and procedures were not always adhered to in practice.
Policies and procedures did not provide sufficient detail in relation to
suspicious transaction reporting e.g. no timelines set in relation to the
filing of suspicious transaction reports and insufficient information
provided on what might be deemed a suspicious transaction.
Feedback from Central Bank AML/CTF inspections
The Central Bank also expects that retail intermediaries undertake and document
a Money Laundering/Terrorist Financing risk assessment of their business, to
include all risk categories e.g. distribution channel, customer type, etc.
Such an assessment should be updated regularly and reflect any changes in
products or services offered e.g. new offerings with increased risk may require
Standard or Enhanced Customer Due Diligence to be carried out.
See template assessment in Brokers Ireland Guidance notes
Fourth EU Anti-Money Laundering Directive
The Fourth Anti-Laundering Directive (2015/849) is still awaiting
transposition into national law In Ireland.
Key changes
to provide for a more targeted and focussed risk-based approach;
to clarify and reinforce the rules on customer due diligence (CDD);
to introduce new provisions to deal with PEPs;
Note: Brokers Ireland will issue updated guidance and presentation
to members
to reflect the new requirements of the Directive in due
course following its transposition.
Reference Material
•
Life assurance sectoral guidelines issued by the Department of
Finance - October 2012.
Anti-Money Laundering & Terrorist Financing are processes used by criminals to hide the origins and ownership of illegal proceeds. This includes not only drug trafficking but also tax evasion, financial fraud, and theft. To combat these activities, designated persons must follow specified procedures and training to ensure compliance with the law.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
ANNUAL CRIMINAL JUSTICE (ANTI- MONEY LAUNDERING & TERRORIST FINANCING) ACT 2010 TRAINING JUNE 2018
What is Anti-Money Laundering & Terrorist financing? It is the process by which criminals conceal the true origin and ownership of the proceeds of drug trafficking or other criminal activity. A common misconception in relation to Money Laundering is that it only relates to theft, drug or similar offences. It might also be: Tax evasion Financial fraud and deception Theft
To be guilty of money laundering a person must know or believe the property involved is or probably is the proceeds of criminal conduct or be reckless as to whether the property is the proceeds of criminal conduct. Terrorist Financing Funds intended to finance an act of terrorism. Links between terrorist groups and organised criminal gangs. Includes converting, transferring, handling, acquiring, possessing or using the property that is the proceeds of criminal conduct. There must be intention or knowledge in providing or collecting funds for the purposes of financing terrorism, in order for there to be an offence. 3
Stages of Money Laundering There are three stages in the money laundering process: Placement this is the physical disposal of cash; Layering the creation of complex layers which make tracking transactions difficult; Integration absorbing the money back into the economy as legitimate money. 4
Designated Persons Mortgage Intermediaries and intermediaries by virtue of their registration as Insurance Intermediaries who provide Life Assurance or other investment related services are deemed to be DesignatedPersons . Note: Intermediaries only operating in the General Insurance market do not fall under the CDD requirements. 5
Designated Persons must have internal policies and procedures to reflect the requirements of the legislation in relation to the following areas: Customer due diligence Reporting Record keeping Internal procedures & training (All staff including executive & non-executive directors are required to receive training in relation to AML & combating terrorist financing.) 6
What does Customer Due Diligence mean? Identify & verify the customer. Identify & verify the beneficial owner (An individual who ultimately owns or controls the customer and/or on whose behalf a transaction or activity is conducted). Establish purpose & intended nature of business relationship (a business, professional or commercial relationship between the designated person and the customer that the designated person expects to be ongoing). Monitor customer dealings on an on-going basis.
Beneficial Owner Company An Individual holding 25% or more of shares or voting rights. Partnership An Individual holding 25% or more of profits or capital or voting rights, Trusts An individual with at least 25% of capital or has control over a trust. Estate Executor.
Purpose & intended nature of the business relationship In most cases this will be self evident e.g. Investing in a life policy Opening bank account Ongoing monitoring Scrutinise transactions: Source of wealth or funds Consistent with knowledge of customer and the customer s business and pattern of transactions
Customer Due Diligence Requirements Legislation allows designated persons to apply aspects of the customer due diligence requirements on a risk-sensitive basis depending on: a) b) product; c) d) The nature of the product being sold; The delivery mechanism or distribution channel used to sell the The profile of the customer; and The customer s geographical location and source of funds.
Intermediaries are required to carry out Customer Due Diligence Prior to establishing a business relationship with the customer. Prior to carrying out for/with the customer any transaction which appears linked to another transaction or prior to assisting the customer in carrying out a single transaction if: (i) You do not have a business relationship with the customer; and (ii) The total amount of money paid by the customer in the single transaction or series of transactions is greater than 15,000.
Intermediaries are required to carry out Customer Due Diligence (contd.) Prior to carrying out any service for the customer, if you have reasonable grounds to believe that there is a real risk that the customer is involved in money laundering/terrorist financing(ML/TF). If you have grounds to doubt the veracity of documents provided by the client.
Three categories of Customer Due Diligence (CDD) Simplified Customer Due Diligence applies to low risk customers and products. Enhanced Due Diligence applies to non-resident Politically Exposed Persons deemed to be high risk. Standard Due Diligence must be applied to all remaining customers and products.
Simplified Customer Due Diligence Simplified Customer Due Diligence (SCDD) means that a designated person does not need to comply with the CDD obligations (as listed previously). You must obtain sufficient information about the customer to satisfy that the customer meets the criteria for Simplified Due Diligence.
Simplified Customer Due Diligence: Specified Customers Banks and financial institutions in the State As they are themselves Designated Persons? A Company whose shares are listed A public body EU agencies and bodies
Simplified Customer Due Diligence: Specified Products Life assurance policy having an annual premium of no more than 1,000 or a single premium of no more than 2,500. Pension, superannuation or similar schemes which provide retirement benefits to employees; where contributions are made by an employer or by way of deduction from an employee s wages and the scheme rules do not permit the assignment of a member s interest under the scheme. Insurance policies for pension schemes if there is no surrender clause and the policy cannot be used as collateral (e.g.) Pension Term Assurance.
Enhanced Due Diligence In practice for intermediaries, Enhanced Due Diligence applies in respect of a business relationship or transaction with non resident Politically Exposed Persons (PEP s). A PEP is an individual who is not resident in Ireland and has been entrusted with prominent public functions or an immediate family member or a known close associate of such a person, who is not resident in Ireland. A person is a PEP if they held a relevant office at any time within the last 12 months
Enhanced Due Diligence contd. Designated persons must have processes in place prior to establishing a business relationship with a customer to determine whether the person may be deemed to be a PEP . Intermediaries should establish whether the client is resident or non resident. Where the client indicates that they are non resident, steps should be taken by the intermediary to establish if the customer falls within the definition of a PEP .
Enhanced Due Diligence contd. Require senior management approval to establish a business relationship with a PEP Take measures to establish the source of wealth and funds for transactions.
Standard Customer Due Diligence (SCDD) Applied on a risk based approach Profile of the customer Nature of product or service Distribution channel Geographical area of operation There are 3 overall levels of risk for insurance products: Low Risk Intermediate Risk Increased Risk
Standard Customer Due Diligence (Low Risk) There are products due to their inherent features which are unlikely to be used as a vehicle for money laundering purposes. These are classified as Low Risk . The following features would indicate low risk: Only pays out on death or diagnosis of terminal illness of policy holder. Only pays out on medical evidence and proof is required as to loss of income. No surrender value. Small, regular premiums: additional payments by customer not possible. Large premiums will normally require medical evidence. No investment element. Once term of policy is finished no payout and policy ceases.
Standard Customer Due Diligence (Low Risk) Examples of Products which fall into the low risk category are: Mortgage Protection, Term Life Assurance, Income protection products, Critical illness products (relating to diagnosis of a specific critical illness) and Whole of Life policies. For reduced risk level products, designated persons may accept personal cheques and other payment instruments drawn on a customer s account (i.e. Direct Debits/Standing Orders) to satisfy the standard evidence requirement. If payment is made by bankdraft for the products above, Brokers Ireland would recommend that you get confirmation from the client, from the bank, confirming where the money is coming from.
Standard Customer Due Diligence (Medium Risk) The medium risk level is given to products whose inherent features pose some risk for the purposes of money laundering or terrorist financing. These may be products which have a facility for topup payments. The following features would indicate medium risk: Long term savings plan often for retirement. Requires at least 5 years to gain positive return on investment. Often unable to be surrendered in first or second year, with penalties in years three to five. Additional top up payments may be permitted.
Standard Customer Due Diligence (Medium Risk) Examples of Medium risk products are : Life Assurance Savings plan (unless premium is less than 1,000 or 2,500, then Simplified Customer Due Diligence applies.) Endowments
Standard Customer Due Diligence (Medium Risk) The recommended standard for intermediate risk is as follows (subject to exemptions): Due diligence requirements are satisfied by the information collected on the application form, in conjunction with the fact that the payment is made from an account in the customer s name (i.e. personal cheques and other payment instruments drawn on a customer s account such as Direct Debits/Standing Orders). If payment is made by bank draft for the products referenced Brokers Ireland would recommend that you get confirmation from the client, from the bank, confirming where the money is coming from.
Standard Customer Due Diligence (High Risk) This level of risk has been given to products whose inherent features allow for the possibility of them being used for money laundering purposes. These products have the facility for third party and/or topup payments and therefore an enhanced level of due diligence, by asking for more information, is appropriate. This is the risk level that the majority of a designated person s AML resources will normally be directed. The majority of products in this range are found in the investment category which reflects the higher value premium that can be paid into them.
Standard Customer Due Diligence (High Risk) The following features would indicate High Risk: Open ended investment. Usually a 5 year recommended minimum investment term but can be surrendered earlier. Additional top up payments permitted by policy holder and by third parties. May be segmented and individual segments may be assignable.
Standard Customer Due Diligence (High Risk) Examples of High Risk products are: Single premium investment bonds including: With profits Guaranteed Income Investment Offshore international bonds
The recommended CDD industry standard for High Risk products is as follows: 1. Personal customers: Identification of a personal customer is the process whereby a designated person obtains from a customer the information necessary for it to identify who the customer is. The identity of an individual has a number of aspects at any point in time, all of which must be obtained by the designated person: 1) name (which may change due to particular events); 2) address (which is likely to change from time to time); and 3) date of birth (which is a constant).
One plus One approach Obtain one item from the list of photographic IDs (to verify name and date of birth) and one item from the list of non-photographic IDs (to verify address) at the outset of the business relationship. Sources which can be used to verify identity are: Current valid Passport. Current valid driving licence. Current valid National Identity Card. In the absence of the above documents, written or otherwise documented, assurances from persons or organisations that have dealt with the customer for some time may suffice. A designated person might consider it appropriate to adopt an alternative approach of identification such as seeking a social welfare card, National Immigration Bureau Card off an individual who has recently immigrated into the State.
Verify address Current official documentation/cards issued by the Revenue Commissioners. Current official documentation/cards issued by the Department of Social and Family Affairs. Instrument of a court appointment (such as liquidator or grant of probate). Current local authority document e.g. refuse collection bill. Current statement of account from a credit or financial institution. Current utility bills (including those printed from the internet). Current household/motor insurance certificate and renewal notice
Legal persons and arrangements Directors or the equivalent, for example: Partnerships and unincorporated businesses, Clubs, Societies, Public Sector bodies. Identification can generally be satisfied by either: obtaining a copy of the annual audited accounts listing directors (where the necessary information is publicly accessible and considered by the firm to be current and reliable); or Obtaining relevant and up-to-date legal opinion from a reliable source documenting due diligence conducted, in relation to information on directors: obtaining information from relevant company or other registry such as the CRO or known foreign equivalent; or as warranted by the risk, verify one or more directors in line with requirements for personal customers.
Legal persons and arrangements contd. To identify the legal arrangement: A search of the relevant company or other registry (where the necessary information is publicly accessible and considered by the firm to be current and reliable); or A copy, as appropriate to the nature of the entity, of the certificate of incorporation; a certificate of good standing; a partnership agreement; a deed of trust or other official documentation proving the name, form and current existence of the customer. In cases regarded by the firm as higher risk, use of more than one source of information may be warranted.
Legal persons and arrangements contd. 2. Acquire prescribed information at the outset of the business relationship to satisfy the additional information requirements: a) Source of funds for the transaction e.g. an Irish bank account in own name. b) Employment and salary details - this information could be captured in the Factfind. c) Source of wealth (e.g. inheritance, divorce settlement, property sale). This information should be captured on the source of wealth form.
Risk Assessment The firm must undertake and document a comprehensive risk assessment of the business, it should demonstrate that all potential Money Laundering/Terrorist Financing risks pertinent to their business have been fully considered and challenged such as : The nature of the products being sold in the firm The delivery mechanism or distribution channel used to sell the product The profile of the customer The customer s geographical location and source of funds The outcome of the risk assessment should inform the firm s risk-based approach and the design of AML/CTF controls. The firm s risk assessment should be subject to regular and scheduled reviews, senior management must at least on an annual basis review and approve this risk assessment.
Risk Assessment The firm must undertake and document a comprehensive risk assessment of the business, it should demonstrate that all potential Money Laundering/Terrorist Financing risks pertinent to their business have been fully considered and challenged such as : The nature of the products being sold in the firm The delivery mechanism or distribution channel used to sell the product The profile of the customer The customer s geographical location and source of funds The outcome of the risk assessment should inform the firm s risk-based approach and the design of AML/CTF controls. The firm s risk assessment should be subject to regular and scheduled reviews, senior management must at least on an annual basis review and approve this risk assessment.
Monitoring Ensure effective on-going monitoring policies and procedures are in place including full review and consideration of all trigger events. undertake monitoring on an ongoing basis for patterns of unusual or suspicious activity to ensure that higher risk activity is scrutinised. in practice, for intermediaries this might occur where there is an early surrender of a policy, encashment or where the payer of the policy changes.
Monitoring contd. Employees should be adequately trained to identify such unusual business and report to the designated person s Money Laundering Reporting Officer (MLRO) (insert firms MLRO name). For example, employee training should cover encashment fraud attempts with the recent increase in encashment requests being made from client emails to transfer funds to a particular account, where it transpired the client had no knowledge of the encashment request. Where an encashment request is received, it is recommended to take additional measures to ensure the request is genuine, for example: Phone the client to confirm the details/instruction Cross reference proof of ID and residency with existing proof of identity and residency on file
Distribution Risk may alter risk Face to Face contact with no facility to take copies of ID Where the interaction with the customer is on a face to face basis, you should have sight of the original document(s) and appropriate details should be recorded. Where you visit the customer at his/her home address, you should make a detailed record of the visit. This would include, for example, taking details of passport or driving license numbers. Brokers Ireland recommends that in such scenarios, you request the customer to forward you a copy of the relevant ID and cross reference it with the details which were recorded at the point of sale.
Distribution Risk may alter risk Non face-to-face The extent of the Customer Due Diligence in respect of non face-to-face customers will depend on the type of the product or service requested and the assessed money laundering risk presented by the customer. Where the customer is not physically present (e.g. by post, telephone or over the internet) for identification purposes additional measures should be undertaken to establish the customer s identity.
Distribution Risk may alter risk Examples: Telephone the customer on a home or business number which has been verified (electronically or otherwise). Communicate at a verified address with account opening docs for example, which might have to be returned or acknowledged . First payment by the customer through a bank in the State or other EU Member State or certain specified acceptable countries. Internet sign on with details sent by mail to a verified address.
Third Party Reliance Third Party Reliance A designated person is permitted to rely on another designated person to identify and verify its customers for AML purposes. Designated persons who rely on third parties will remain liable for any failure to comply not withstanding their reliance on the third party. The primary responsibility for supervising intermediaries lies with the Central Bank of Ireland, however Product Providers as a third party retains responsibility for ensuring that customer due diligence obligations have been met by the Intermediary. Note: Product Providers are legally obliged where an intermediary fails to meet the customer due diligence requirements to report this to the Central Bank of Ireland.
Third Party Reliance contd. In order to comply with the Third Party Reliance requirements, Product Providers depending on their internal processes may require either: Copies of all underlying documentary evidence from the Intermediary for applicable products. Or Confirmation of Verification of Identity, where the Product Provider has the right of audit to ensure that the intermediary has the necessary documentary evidence.
Failure to establish a customer and/or beneficial owners identity Where an intermediary can not establish the identity of a customer and/or beneficial owner, as a result of the failure of the customer to provide the designated person with documents of information required, then an intermediary must: Not provide a service to the customer, and If an existing customer, must discontinue relationship with the customer.
Procedures and Policies Senior Management are obliged to ensure that the firm has procedures and controls in place to demonstrate compliance with all aspects of the Act and approve them. Senior Management must have a clearly defined process in place for the formal review and approval, at least annually, of the policies and procedures at appropriate levels. Management must clearly set out all approved policies and procedures to enable staff to apply them in practice and ensure that all staff adhere to them. All procedures should be compliant with the Central Bank s core and sectoral guidance notes.
Procedures and Policies These internal policies and procedures should include: measures to be taken to keep documents and information relating to customers up to date. additional measures to be taken where there are reasonable grounds to believe that the circumstances relating to a customer, beneficial owner, service, product or transaction may present a heightened risk of money laundering or terrorist financing. The intermediary shall, in respect of that customer or beneficial owner, apply additional measures. measures to be taken to prevent the use of money laundering or terrorist financing of products/transactions that could favour or facilitate anonymity. monitor customers and transactions against both the EU and UN Sanctions Committee lists relating to terrorism.
Procedures and Policies This slide(s) should be personalised to outline the firms procedures and policies
Record Keeping Intermediaries are required to keep records evidencing the procedures applied and the information obtained, when carrying out CDD on customers for a period of at least 5 yrs after the business relationship with their customer has ended. (However, the Consumer Protection Code requires records to be kept for 6 yrs from date of last transaction with client.) Record keeping is an essential part of the evidence trail and sufficient processes must be put in place to ensure that records are adequately kept.
Record Keeping Customer information collected to comply with the requirements of Legislation; and Information regarding transactions undertaken by customers. Possible formats in which records can be retained include one or more of the following: Original documents Photocopies of original documents On microfiche In scanned form In computerised or electronic form
Record Keeping Intermediaries may keep such records wholly or partly in electronic form only if they are capable of being reproduced in a written form. All records should be capable of being reproduced in the State as per legislation for a period not less than 6 years. Outline the firms internal procedures in respect of record keeping here..
