GUEST BLOG: Challenges of complying with new anti-money laundering directive

By Angela Salter and Sana Khan

There are practical considerations for Irish CFOs to ensure their organisations are compliant with the latest EU anti-money laundering legislative measures to avoid the risk of substantial financial penalties, individual liability and imprisonment.

Anti-money laundering (AML) is an important issue for senior managers in Ireland and mistakes are proving particularly costly. The Irish Government has declared a vision to create a centre of compliance excellence within Ireland in the next five years, against a backdrop of fast paced regulatory change and the increasing use of new payment technologies to move funds. Ireland’s initiative aligns strategically with the demands of the EU’s Fourth Directive on Anti-Money Laundering (4AMLD), which is designed to reduce the potential for money laundering and financial crime and tighten cross border controls.

Ireland, through its current regulatory and legislative reinvigoration programme, has been investing considerable effort in restoring the level of confidence that existed before the 2008 Irish economic downturn. Irish legislators have recently introduced a new Companies Act 2014, which contains significant reforms to company law and measures to simplify the completion and transparency of corporate transactions in Ireland.

These include statutory merger procedures: a new corporate procedure to validate financial assistance (summary approval procedure or SAP) and the ability for shareholders to operate through a majority written resolution.

In addition, the Central Bank of Ireland (CBI) has been enforcing anti-money laundering and counter terrorism financing (CTF) measures and an example of the CBI’s approach to regulatory enforcement can been seen in its investigation of UBS.

During 2012, UBS’s international life assurance division was the first company in Ireland to face a fine for non-compliance with the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 which has historically been Ireland’s primary legislative instrument for implementing the EU’s Third AML Directive. Then, in 2015, the CBI fined Western Union Payment Services Ireland €1.75m, as a result of failures within its anti-money laundering practices that exposed the firm’s payment services as being vulnerable to money laundering and terrorist financing activity.

More recently, a 2015 report into anti-money laundering practice within the Irish funds industry identified a large number of procedural inadequacies, again leaving the industry vulnerable to money laundering and financial crime abuses. In total, the CBI has issued fines in excess of €27m to 54 different financial institutions over the past four years.

Angela Salter

In February 2016, the European Commission took a major step towards committing member-states to tougher AML/CTF regimes and breaking down national borders to compliance, by suggesting the adoption of the EU 4AMLD should be accelerated. Their proposals included previewing an abundance of amendments to the directive that over time could dramatically change how member-states fight financial crime, including the financing of terrorism.

The 4AMLD, which requires the creation of a central database of corporate ownership, increased scrutiny of domestic politicians and enhanced reporting of suspicious financial activity, is scheduled to be adopted into law by individual member states by June 2017. In the light of heightened terrorist activities, the European Commission now wants to bring forward this deadline to year-end 2016.

The European Commission has also proposed deadlines for amending the 4AMLD to require countries to harmonise their enhanced due diligence rules for high-risk nations, establish controls for virtual currency platforms and prepaid products and streamline data-sharing among EU Financial Intelligence Units (“FIUs”). Under the EC’s new proposals, EU Member States would not merely adopt a more rigorous global AML and CFT standard, but also champion a standard for the world by creating a blacklist of countries deemed to have weak AML and CFT laws and practices.

A key change required under the 4AMLD is for CFOs and other decision makers within an organisation, to be exposed to personal criminal liability. This aligns the approach taken to senior executive liability with that already in existence for money laundering reporting officers (MLROs). Personal liability for senior management also brings with it larger financial fines than are currently imposed for MLROs, together with the threat of imprisonment. The current minimum fine is €1m, rising to €5m (or the equivalent in sanctions where breaches involve credit or financial level institutions) under the 4AMLD.

Ireland, through its current regulatory and legislative reinvigoration programme, has been investing considerable effort in restoring the level of confidence that existed before the 2008 Irish economic downturn

WHAT PREVENTATIVE COMPLIANCE MEASURES SHOULD CFOS BE TAKING?

In order to avoid the risk of financial penalties, criminal prosecution and potential imprisonment, CFOs, and those ultimately responsible for compliance, will need to review and update a number of policies and procedures in their organisations. This is likely to include updating risk assessment frameworks and ensuring rigorous customer due diligence and on-boarding practices.

Organisations suspected of direct or indirect involvement in financial crime or money laundering, will, as part of any adequate defence, be required to present the organisation’s compliance policies and procedures to investigators, including the various steps that have been put in place to combat money laundering and counter terrorism financing. This underlines the need for firms to update and properly implement their policies and procedures, and avoid approaching this as a ‘tick the box’ exercise.

Action 1: Requirement for greater customer due diligence – In order to comply with the requirements of the 4AMLD, a more focused approach to business partner and customer due diligence (CDD) controls is necessary. This includes documenting and implementing enhanced due diligence measures for higher risk countries, sectors, products and customers within the policies and procedures. CFOs will need to ascertain the levels of risk presented by certain transactions and activities, and tailor policies and procedures accordingly, taking enhanced measures where risks are greater and more simplified measures where risks are considered lower. This highlights why transaction monitoring has become an increasingly important element in combating money laundering.

In the case of high-risk customers, CFOs should be aware of the revised definition of a politically exposed person (PEP) under the 4AMLD, which has been extended to include citizens holding prominent positions in their home country such as politicians, the judiciary and senior members of the armed services as well as those of overseas countries. The Directive has also clarified the position regarding family members of PEPs. Parents, spouses (or equivalent partners), children and their spouses or partners are also to be treated as being PEPs.

Action 2: Disclosure within a beneficial ownership register – The 4AMLD requires companies to identify all individuals who have ultimate beneficial ownership of the firm and to maintain a beneficial ownership register recording their involvement. For AML compliance purposes, a beneficial owner of a company is defined as having 25% or more direct or indirect ownership. If not part of existing internal compliance measures, organisations must now re-examine their ultimate beneficial owner register, update their records and be ready to comply with the requirement to file them with Ireland’s Companies Registration Office.

Competent authorities and financial intelligence units will have unrestricted access to this information and in some EU Member States, banks and other obliged entities will also have access to the register.

A key change required under the 4AMLD is for CFOs and other decision makers within an organisation, to be exposed to personal criminal liability

Sana Khan

Action 3: Reputational risk and risk management  – Apart from the notable legal and personal risks created for senior company decision makers by the new 4AMLD, there is also a significant reputational risk attached to non-compliance.

Regardless of whether an organisation is ultimately found guilty, being associated with any form of financial crime or money laundering is unlikely to be good for business in the long term from either a reputational or financial standpoint.

Irish legislators and regulators have already begun taking steps to introduce the 4AMLD into national law. CFOs along with other key compliance officials and senior officers need to be conscious of their new liabilities and responsibilities under the 4AMLD and start looking closely at what implementation means for their businesses now, before the Directive comes into force.

This will include having measures in place to conduct KYC (know your customer) screening and adopt other enhanced due diligence procedures for higher risk entities.

A failure to implement appropriate measures could result in increasing compliance costs, wasted resources and expose individual executives and their organisations to regulatory and criminal penalties. In the worst cases, the overall ‘culprit’ could face both hefty financial penalties and imprisonment.

For further information on best practices on implementing the changes required by the 4AMLD and other issues relating to the prevention of financial crime and anti money laundering, click here.

Photo (main): Images Money