New Anti-Money Laundering Directive - staying a step ahead Tuesday 25 th October 2016 Pinsent Masons LLP @uktisa
New Anti-Money Laundering Directive -staying a step ahead
Tuesday 25th October 2016Pinsent Masons LLP
@uktisa
Heading
• Introduction by Adam Hodgkins, Head of Member Engagement, TISA• Opening remarks by David Heffron, Partner Head of Financial Regulation, Pinsent Masons – Chair• David Swanney, Executive Secretary, Joint Money Laundering Steering Group ‘The role of the JMLSG and
how its guidance is developed’• Jimi MacDonald, Senior Manager - Financial Services Tax, PwC ‘The interaction between AML and the
Common Reporting Standard (CRS)’• Edwin Ferguson, Domestic Anti-Money Laundering, HM Treasury ‘4MLD’• Coffee Break• Mike O’Neill, Solicitor, Pinsent Masons LLP ‘Legal Aspects of AML/CRS’• John Thompson, Senior Policy Director, BBA ‘Consent Regime/new Criminal Finances Bill’• Timothy Ritson, Senior Business Development Representative, Callcredit ‘AML and identity verification for
FS firm’s’• Closing remarks by David Heffron, Chair
@uktisa
An update from the JMLSG –
The impact of 4MLD on UK Regulations and the JMLSG Guidance
David SwanneyExecutive Secretary, JMLSG25 October2016
JMLSG Guidance (1)
• Legislative context• Money Laundering Regulations 2007 [replaced by 2016/17?]
• Proceeds of Crime Act 2002
• Terrorism Act 2000
• Counter-terrorism Act 2008 (Schedule 7)
• Financial sanctions Orders/Asset Freezing etc Act 2010
• Regulatory• FCA Rules - SYSC
• Industry Guidance (approved by Treasury Minister)• Joint Money Laundering Steering Group
7
JMLSG Guidance (2)
• Keeping Guidance up to date• Policy now on JMLSG website
• Every two years
• When change in law or regulation
• Otherwise, when events suggest amendment…..
• Implications of digital age….?
• We don’t usually anticipate change
• Past updates/revisions
• Original RBA version 2006
• Revised to reflect 2007 Regulations
• Revisions (mainly minor) in 2009, 2011 and 2013
• Additional review in 20148
8
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• 4MLD -
• revises and updates 3MLD (basis of MLR 2007)
• implements FATF 2012 Revised Standards
• will require new transposing Regulations
• mandates ESAs to issue Guidelines on Risk Factors
• will require amended Guidance to reflect new Regulations and ESA Guidelines
• Changes from 3MLD might seem relatively limited, but some are quite fundamental
9
9
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• Main features of 4MLD • Risk Based Approach - clearer articulation
• Amendment/removal:
• Simplified due diligence
• Enhanced due diligence
• Concept of third country ‘equivalence’
• Revised/additional provisions relating to PEPs
• Beneficial owners – more detail
• Lots of detail delegated to the ESAs to provide
10
10
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• 4MLD changes
• RBA (articles 6-8)
• Big emphasis on ‘proportionate’
• Risk assessments required
• At EU level
• At national level
• At firm level
• Proportionate
• Documented
• Kept up to date
• Made available to supervisors
11
11
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• 4MLD changes - RBA
• EU/National assessments –
• Large exercise – takes time
• But must be dynamic to be useful
• But - will all MS interpret the requirements the same way?
• What weight to be given to National Risk Assessments (and what does the EC overview add?)
• Issues flowing from UK AML Action Plan?
• How to ‘link’ the NRA to firms’ approaches
• Commission able to identify ‘high risk’ countries (art 10) – as FATF
12
12
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• 4MLD changes
• Customer due diligence (articles 10-14)• Much as in 3MLD – extent, timing, existing customers
• Identify ‘person purporting to act on behalf of’ (art 13)
• CDD on risk sensitive basis
• Proposed amendment to 4MLD re use of electronic data?
• Derogation for some e-money products (art 12)
13
13
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• 4MLD changes
• Simplified due diligence (articles 15-17)• No longer linked to entity type – but to ‘areas of lower risk’
• Some categories removed – pooled accounts, other regulated entities
• Based on ‘risk factors’ (Annex II)
• Guidelines to come from ESAs
• Will all member states approach these the same way?
• Will all firms approach these the same way?
• Need for guidance to introduce consistency
14
14
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• 4MLD changes
• Enhanced due diligence (articles 18-24)• Much similar to 3MLD – assessed high risk, complex/unusual transactions, correspondent
banking, PEPs
• Identified high risk countries
• Other assessed high risk relationships
• Based on ‘risk factors’ (Annex III)
• Non face to face now a risk factor
• Guidelines to come from ESAs
• Will all member states approach these the same way?
• Will all firms approach these the same way?
• Need for guidance to introduce consistency15
15
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• 4MLD changes
• Enhanced due diligence (articles 18-24)• Correspondent banking – much as 3MLD (but new definition problematic)
• No relationships with shell banks (article 24)
• PEPs (more)
• Will all member states approach these the same way?
• Will all firms approach these the same way?
• Need for guidance to introduce consistency – not least on what EDD actually means, and how this can reflect the perceived risk……
16
16
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• 4MLD changes • PEPs (articles 20-23)
• Now include domestic ones – all one category – but still no lists….
• All subject to EDD - no ability to ‘aim off’ for domestic ones
• Source of wealth and source of funds
• Insurers must take reasonable measures to see if beneficiary a PEP
• PEPs still defined as individuals – not corporate entities
• ‘Close associates’ includes those owing/controlling an entity which ‘is known to be set up… for the de facto benefit of a PEP’ (art 3)
17
17
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• 4MLD changes • Annex III does not include the existence of a PEP making a customer higher risk – may be
common sense, but not spelled out
• Need for clarity on what EDD means, and how much this can vary across individual, or types, for PEPs (Domestic? Foreign?)
• ‘Walker’ amendment (introducing s333U to FSMA) mandates FCA to issue guidance on domestic PEPs…..?
18
18
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• 4MLD changes - detail delegated to ESAs
• Guidelines on risk factors• SDD – in addition to the factor in Annex II
• EDD – in addition to the factors in Annex III
• Opinion on the ML/TF risks affecting the EU financial sector
• Regulatory technical standards• Where can’t apply group policy
• AML SPOC for electronic money issuers
• Risk based supervision, and sanctions and penalties
• A lot of deliverables in a relatively short timescale……• but draft guidelines on risk factors published in October 2015 for comment – final version awaited
19
19
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• 4MLD changes
• Reliance (articles 25-29)• A lot as in 3MLD
• Still the responsibility of the ‘relying’ party
• Wide scope (in theory) – any regulated entity in a country previously regarded as ‘equivalent’ (but see next slide)
• MS will prohibit reliance on entities in ‘high risk’ countries
• But – exemption for branches/subsidiaries in such countries, where group-wide policies are applied (article 45)
• Copies of ID material etc to be available ‘immediately, upon request’
20
20
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• 4MLD changes
• Equivalence• Concept not referred to
• Aim is to get firms to focus on wider risks in a relationship, and not just ‘tick up’ someone from a particular jurisdiction because it is ‘equivalent’
• Commission to be empowered to compile ‘black lists’? Just copied FATF?
• Could lead to a lot of reinventing wheels
• Implications for smaller firms….
21
21
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• 4MLD changes
• Beneficial owners (articles 30-31)
• Central register• Corporates (art 30)
• Trusts (art 31)
• Must be adequate, accurate, current [‘up to date’ for trusts]…
• Can’t just rely exclusively on the register
• Corporates/trustees must hold details themselves
• Definition of Control includes ‘by/via other means’(art 3)
22
22
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• 4MLD changes
• Other matters (articles 32-46)
• Reporting – a lot as 3MLD (art 32-39)
• Record retention (art 40)
• Five years, as before
• Additional five years (maximum?)….
• Implement group-wide policies (art 45)
• including for data protection (?)
• MS shall ‘ensure’ that sharing information within a group ‘is allowed’
• Employee awareness (art 46)
23
23
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• Implementation of 4MLD in the UK
• In terms of timing
• 4MLD must be implemented by 26 June 2017
• Commission seeking to bring forward to 1 January 2017
• MER 2018 – Spring? Summer?
• In terms of content of Guidance
• Timing dictated by HMT timetable
• Focus on the way risk is addressed
• How Guidance supports ‘effectiveness’ of regime
24
24
The impact of 4MLD on UK Regulations and the JMLSG Guidance
• Questions?
www.jmlsg.org.uk
25
25
PwC
Current state of play…
• CRS went live on 1 January 2016 for early adopters
• Impacts Financial Institutions and Non Financial Institutions
• Requirements apply to ALL individual and entity account holders and controlling persons of passive non financial entities that are tax resident in participating jurisdictions – resulting in due diligence requirements
• Requirements are similar to FATCA except for the focus on reporting individuals and entities that are tax resident in participating CRS jurisdictions
Note: The United States is currently treated as a Non Participating jurisdiction.
Anguilla, Argentina, Barbados, Belgium, Bermuda, British Virgin Islands, Bulgaria, Cayman Islands, Colombia, Croatia, Curaçao, Cyprus, Czech Republic, Denmark, Estonia, Faroe Islands, Finland, France, Germany, Gibraltar, Greece, Greenland, Guernsey, Hungary, Iceland, India, Ireland, Isle of Man, Italy, Jersey, Korea, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Mexico, Montserrat, Netherlands, Niue, Norway, Poland, Portugal, Romania, San Marino, Seychelles, Slovak Republic, Slovenia, South Africa, Spain, Sweden, Trinidad and Tobago, Turks and Caicos Islands, United Kingdom
First reporting by 2017
Early adopters
Albania, Andorra, Antigua and Barbuda, Aruba, Australia, Austria, The Bahamas, Bahrain, Belize, Brazil, Brunei Darussalam, Canada, Chile, China, Cook Islands, Costa Rica, Dominica, Ghana, Grenada, Hong Kong (China), Indonesia, Israel, Japan, Kuwait, Lebanon, Marshall Islands, Macao (China), Malaysia, Mauritius, Monaco, Nauru, New Zealand, Panama, Qatar, Russia, Saint Kitts and Nevis, Samoa, Saint Lucia, Saint Vincent and the Grenadines, Saudi Arabia, Singapore, Sint Maarten, Switzerland, Turkey, United Arab Emirates, Uruguay, Vanuatu
First reporting by 2018
CRS committed
Azerbaijan, Belarus, Holy See, Honduras, Jamaica, Kosovo, MoldovaVietnam, Algeria, Angola. Cambodia. Georgia, Philippines, Thailand,Uzbekistan. Armenia. Cabo Verde, Dominican Republic, Guyana, Haiti,Iraq, Kazakhstan. Montenegro, Nicaragua, Paraguay, Peru. Serbia, TaiwanTunisia, Turkmenistan, Ukraine
No timeline
Not committed
28
PwC
Refresh - what is CRS and how does it work?
Non-UK tax resident person has an account with a UK Financial Institution
HMRC automatically forward information to the tax authorities globally
UK Financial Institution discloses financial
account data to HMRC
Foreign tax authorities examines UK data and
may make enquiries
…holds an account with…Non-UK tax resident individual or entity…
…United Kingdom Financial Institution
First reporting will be completed in 2017
29
PwC
Applies due diligence
How do Financial Institutions identify reportable investors?
Entity status: Reporting FI
Entity status:Non-Reporting FI
Entity status:Active NFE
No reporting
Investor
Financial Institution (FI)
Non-Financial Entity (NFE)
Individual
Are there any Controlling Persons
which a are Reportable Persons?
Is the individual a Reportable Person?
Entity status: Passive NFE
Individual
No reporting
Report
No reporting
Report YES
YES
NO
Is the entity a Reportable Person ?
Report YES
NO
No reporting
No reporting
Report YES
NO
Is the entity a Reportable Person ? Reporting Financial
Institution
30
PwC
Due diligence requirements for ‘new’ investors
Collect documentation and classify investors
Determine whether an account is in scope
Test reasonableness of information received
Classify investors and store information
FIs must identify if the ‘account’ is in scope for AEoI and classify the relevant investor
Ongoing monitoring for changes in circumstance
1 2 3 4
Selected challenges Considerations
• Obtaining information from investors ‘upon account opening’ can be challenging
• Local country implementation rules may provide guidance on the practicalities of obtaining this information (e.g. within 90 days)
• Alignment with existing investor due diligence processes (e.g. AML) may impact when and how this information is obtained as it is not always a ‘day one’ event
• Investor ‘experience’ may suffer as a result of information requests
• Design of forms can be difficult and US W-series forms are not appropriate for CRS• Investors can find technical language hard to follow and lead to incomplete forms being provided back (see
next slide for considerations on an alternative approach)
• Investors will need to be classified under US FATCA and CRS.
• This presents a challenge of managing multiple classifications for investors.• Investors may have to be labelled as reportable for one regime but not the other(s) requiring management
of multiple classifications for investors.
• Monitoring of changes in circumstance to determine if they impact the tax residency status of investors under CRS
• Tax residency is potentially more fluid than citizenship (relevant for FATCA) as such the status of investors could change more often.
• Current process for monitoring changes in circumstance may need to be enhanced.
31
PwC
How could AML information be used for new investor onboarding?
Request investors tax residency information using a self-certification
Most Financial Institutions have requested a self-certification to classify investors appropriately for CRS. This information should be tested for ‘reasonableness’ which is often by reference to AML or other information gathered for due diligence purposes.
Step 1
Step 2
Step 3
Step 4
Determine if the entity is reportable
Determine if the entity is a Passive NFE
Confirm that the investor is a non-reportable person using information on file or that is publicly available.
Broadly this would include investors that are:
(i) A Regularly Traded entity;
(ii) A Related Entity to a regularly traded entity;
(iii) a Governmental Entity;
(iv) an International Organisation;
(v) a Central Bank; or
(vi) a Financial Institution.
OR
AML‘Other’
information
Validation of investor self-certifications Classification of investors
The UK Guidance Notes (AEIM103440) provide an exception to the requirement to obtain a self-certification where “…the financial institution can reasonably determine, based on information in its possession or that is publicly available, that the Account Holder is not a Reportable Person.”
Confirm reasonableness and any ‘reason to know’ that the self-certification is unreliable
32
PwC
Validation of self-certifications using AML information
Request investors tax residency information using a self-certificationStep 1
Step 2
Step 3
Step 4
Determine if the entity is reportable
Determine if the entity is a Passive NFE
Has information been gathered that could indicate a different residency for tax purposes?
Has an investor indicated a non-reportable status (e.g. regularly traded) – does this line up with other information gathered (e.g. evidence of listing for certain Active NFEs?)
“Obtain a self-certification, which may be part of the account opening documentation, that allows the Reporting Financial Institution to determine the Account Holder's residence(s) for tax purposes and confirm the reasonableness of such self-certification based on the information obtained by the Reporting Financial Institution in connection with the opening of the account, including any documentation collected pursuant to AML/KYC Procedures.”
Does AML information support identification of Controlling Persons? Furthermore, does this support their claimed residency(ies) for tax purposes?
33
Confirm reasonableness and any ‘reason to know’ that the self-certification is unreliable
To what extent can AML information support reasonableness checks?
AML
Selected challengesSelf-certification process
PwC
Classification of investors using AML and ‘other’ information
• Certain investors may be reluctant to complete CRS self-certifications and responses in the industry have varied in both quality and consistency.
• Some organisations have considered alterative approaches to classifying investors for CRS purposes reducing the number of investors that are required to complete self-certification form.
• The focus is often on using AML and other information to identify non-reportable investor types, however, choosing not to obtain a self-certification may often result in a greater risk if misclassifying investors.
CRS non-reportable entity type Potential investor types Application to AML and other information gathered
Financial Institution Banks, asset managers, investmentfunds, custodians
FCA or equivalent regulated status may indicate FI statusIRS list of registered FIs for FATCA
A Regularly Traded entity and a related Entity to a regularly traded entity
Listed entities and subsidiaries of listed entities
Evidence of listing on a stock exchange
Governmental Entity Government or wholly owned agency or instrumentality of a government in another participating jurisdiction
Evidence that investor is a government or government owned entity
International organisation International organisation or wholly owned agency or instrumentality thereof
Evidence that the investor is a supranational organisations
Central Bank Evidence that the investor is a central bank
Potential application
34
PwC
Points to consider
AML
CRS FATCA
Others
Selected considerations
35
• Consider where crossover between regimes exists
• Assess current investor onboarding processes to determine whether using AML information could create efficiencies
• Map AML and other information to indicative CRS investor classifications
• Could technology be used to make the process more efficient (e.g. electronic self-certification validation)?
• Consider whether changes to investor information requests could improve experience – feedback in the industry is that forms are complicated and hard to complete
Questions…
No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in
this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not
accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to
act, in reliance on the information contained in this publication or for any decision based on it.
© 2016 PricewaterhouseCoopers LLP. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers LLP (a
limited liability partnership in the United Kingdom) which is a member firm of PricewaterhouseCoopers International Limited,
each member firm of which is a separate legal entity.
Jimi MacdonaldSenior Manager - Operational Taxes
E-mail: [email protected]
Tel.: 020 7804 3042
Current AML Regime
MLD3
Money Laundering Regulations
2007
POCA 2002
TACT 2000
JMLSG Guidance
FCA (SYSC 6.3 and
FC Guidance)
Concealment
Disguising
Conversion
Transfer
Removal
Criminal Sanctions
Regulatory Obligations
Systems and Controls
Customer Due Diligence
Beneficial Ownership
MLRO
Obligations under MLD3
• Regulated Firms
• SYSC 6
– Adequate policies and procedures which are comprehensive and
proportionate
• Risk based analysis
– Regular assessment of adequacy of systems and controls
– Training
– MI to senior management
– MLRO
Money Laundering Offences
The process by which the proceeds of crime are dealt with in a way
to disguise their criminal origins
Section 327 POCA –“the basic money
laundering offence”
Section 328 POCA –“aiding and abetting”
Section 329 POCA –“acquiring proceeds of
crime”
Knowledge or Suspicion of Money Laundering
Increasing use of non-financial sanctions
The FCA has fined Sonali Bank (UK) Limited (the "Bank") £3,250,600 and
restricted it from accepting deposits from new customers for 168 days for breach
of Principles 3 and 11 because of serious failings in its anti-money laundering
systems. The MLRO and compliance officer was also fined £17,900 and
prohibited from performing MLRO or compliance oversight functions at regulated
firms.
Due-Diligence On-going Monitoring
Governance
Policies and Procedures
Culture of Compliance
The (not so distant) Future
1 January 2017
MLD4
ScopeBeneficial Ownership Information
CDDRisk Based Approach
Information Sharing
Whistleblowing Sanctions*
MLD5
*Commission proposes to harmonise
definitions of money laundering and the
sanctions applied
Brexit and AML obligations
Transposition is mandatory, so on Brexit Day, MLD4 will be part of
UK national law. The UK is likely to retain the wording of MLD4
because it will want to retain equivalence with EU standards when the
UK is outside the block;
The UK is a member of the FATF and is assessed against FATF
standards. MLD4 is heavily influenced by the recommendations of
FATF, so alignment with international FATF standards can be
secured by the continuation of MLD4; and
The UK is ahead of the European curve on AML law and has often
'gold plated' EU legislation. The UK will have the legislation in place
and the political will to combat money laundering, even when it is out of
the EU.
What should firms be doing now?
• Review of AML policies and procedures to ensure
compliance with MLD4
• Governance Arrangements
– Is there sufficient ‘buy-in’ from senior management?
• Review existing risk assessments
– e.g. domestic PEPs
• Ensure that training of employees is up-to-date and
relevant.
• Is everything fully documented?
CRS
• The OECD developed the Common Reporting Standard (CRS) which
calls on jurisdictions to:
1. obtain information from their financial institutions; and
2. automatically exchange that information with other jurisdictions
• The first information exchange date will be: September 2017
• The UK signed the Multilateral Competent Authority Agreement
(MCAA), which provides legal basis for CRS
• The European Council adopted Directive 2011/16/EU on
administrative cooperation (DAC) for better cooperation between tax
administrations in the EU – information exchanged from 1 January 2016
International Tax Compliance Regulations 2015/878
• In force from 15 April 2015
• The Regulations consolidate various requirements for the automatic
exchange of tax information:
– adopts the DAC (exchange of information with the EU);
– incorporates the CRS (by introducing obligations on financial institutions to
maintain accounts and report information in a specified manner to HMRC);
– implements the UK's automatic exchange of information agreements with
non-EU jurisdictions; and
– introduces penalty provisions for breaching the obligations.
The two most important aspects of the regulations for regulated firms are:
1. Due diligence procedures to identify reportable accounts
2. Sanctions for non-compliance
Due diligence procedures
Firms are required to establish and maintain due diligence procedures to
identify reportable accounts.
Pre-existing individual accountsReview all existing accounts.
• Lower value accounts an indicia search or rely on a
permanent residence address test.
• Higher value accounts a paper record search and a
‘reason to know’ test.
No de minimis.
New individual accountsSelf-certification.
No de minimis.
Pre-existing entity accountsDetermine whether the entity is a reportable person or a
passive NFE (in which case confirm residency of
controlling persons through available information or may
need self-certification).
$250,000 de minimis.
New entity accountsControlling persons of passive
NFEs will need self-certification.
No de minimis.
Sanctions
Regulation Failure or breach Penalty
Reg. 13(1) Failure to identify specified clients (financial institutions or relevant
persons) or failing to submit client exchange of tax information
notifications (including for overseas persons)
£3,000
Reg. 13(2) Failure to comply with any obligation under the regulations £300
Red. 14 If there is a penalty imposed under reg. 13, the person is further
liable for each subsequent day that the failure continues
(after 30 days, HMRC can make an application to the tribunal for an
increased daily penalty under reg. 21)
£60 for each such
day
Reg. 15 When complying with reg. 6 (reporting obligation), the person
provides inaccurate information where:
(a) it is due to a failure to comply with the DD requirements or
if provision of inaccurate information is deliberate;
(b) the person knew of the inaccuracy; or
(c) the person discovered the inaccuracy and failed to take
reasonable steps to inform HMRC
£3,000
Reg. 16 When identifying payments, the person fails to report a payment or
fails to set out a payment accurately.
£300 per failure,
subject to £3,000
calendar year cap
Pinsent Masons LLP is a limited liability partnership registered in England & Wales (registered number: OC333653) authorised and regulated by
the Solicitors Regulation Authority, and by the appropriate regulatory body in the other jurisdictions in which it operates. The word ‘partner’, used in
relation to the LLP, refers to a member of the LLP or an employee or consultant of the LLP or any affiliated firm of equivalent standing. A list of the
members of the LLP, and of those non-members who are designated as partners, is displayed at the LLP’s registered office: 30 Crown Place,
London EC2A 4ES, United Kingdom. We use 'Pinsent Masons' to refer to Pinsent Masons LLP, its subsidiaries and any affiliates which it or its
partners operate as separate businesses for regulatory or other reasons. Reference to 'Pinsent Masons' is to Pinsent Masons LLP and/or one or
more of those subsidiaries or affiliates as the context requires. © Pinsent Masons LLP 2016
For a full list of our locations around the globe please visit our websites: www.pinsentmasons.com and www.Out-Law.com
Thank You!
TISADakota House
25 Falcon CourtPreston Farm Business Park
STOCKTON-ON-TEESTS18 3TX
www.tisa.uk.com01642 666999
@uktisa