ACOI Welcomes our Members to the 2nd seminar in the ACOI lunch time CPD seminar series January - June 2012. CPD Reference: ACOI Welcomes our Members to

ACOI Welcomes our Members to the 2nd seminar in the ACOI lunch time CPD seminar series January - June 2012. CPD Reference: 2012-0437

Our Event: The development of the AML Guidelines and the challenges for implementation

Chaired: Ms. Amanda Berry, Chairperson of the AML Working Group and AML Manager, GlobeOp Financial Services (Ireland) Limited

Speakers: Mr. Sean Smith, Senior Manager Enterprise Risk Services, Deloitte & Mrs. Sinead Ovenden, Director, Enterprise Risk Services

Development of the AML Guidelines and the Challenges for Implementation

20 March 2012

©Copyright ACOI 2012

DEVELOPMENT OF THE AML GUIDELINES

Sean Smith

Senior Manager

Deloitte

©Copyright ACOI 2012 3

Development of the AML Guidelines Dates

• April 2010 – Submitted to the Central Bank

• April to July 2010 – Public consultation

• July 2010 to February 2011 – Consultation with drafting committee on Core Guidance Notes

• Public Consultation – 23 February 2011 over 30 responses received including comments from:

• Industry Bodies

• Public bodies and national agencies

• Law Firms

• Draft Guidelines and cover letter detailing issues submitted to the Department of Justice and the Department of Finance - 4 May 2011

• Response received - 9 December 2011

• Guidelines published – 10 February 2012



Development of the AML GuidelinesStakeholders

APRIL

2010

NOVEMBER

2010

FEBRUARY

2011

MAY

2011

FEBRUARY

2012

Brendan Nagle

Terry Donavan

Hilary Griffey

Finance/Justice

Development of the AML GuidelinesCover letter – May 2011

• Lead in time for implementation

• Sought confirmation that the obligation to remediate documentation and information held on Existing Customers would only arise on the occurrence of a trigger event

• Sought confirmation that there is no obligation under the CJA 2010 or the Guidelines to proactively review and remediate the identification and verification information or documentation held on Existing Customers

• Definition of discontinuation of a business relationship under Section 33(8) of the CJA 2010 which requires that services shall not be provided and the business relationship discontinued where there is a failure on the part of the customer to provide required documentation or information. Proposed to deal with this in the sectoral notes



• Sought clarification in respect of the definition of the terms “source of wealth” and “source of funds”. Suggested that source of funds is the bank account etc. from where the money has come whilst source of wealth is what has given rise to the money e.g. savings, inheritance, house sale etc.

• In the context of pooled accounts, it was suggested that where nominees and intermediaries are named on the shareholder register/list, they may be treated as clients and the beneficial owner of the nominee or intermediary (rather than the underlying investor) must be identified and verified

• It was noted that while pooled accounts may pose a higher risk of money laundering and terrorist financing in certain circumstances, there are numerous instances where such structures are used for legitimate reasons and where the account is owned or controlled by a regulated financial entity/designated person. In those circumstances confirmation was sought that less onerous obligations would be appropriate



• Where there is third party reliance on an entity in a banking secrecy jurisdiction we proposed that making documentation available on request could be satisfied by that entity agreeing to deliver the documents on foot of a court order

• We proposed a risk based approach to reliance on third parties in a non-prescribed jurisdiction

• Obligation on relevant third party to provide identity of beneficial owners upfront

• Retention of documentation in the State and reliance on letters of assurance to meet this requirement when relying on a relevant third party

• Use of ML-10

• AML vs. Data Protection


Development of the AML GuidelinesMaterial Amendments to the Guidelines


May Submission Accepted Final Guidelines

Existing Customers – documents that do not meet dating requirements are not automatically inadequate

Partial Reference to dating requirements replaced with reference to precise requirements in Appendix

Existing Customers - Conduct CDD where there are reasonable grounds to doubt adequacy or veracity of documentation

No Designated persons should assess whether a doubt arises prior to carrying out any service and if so, conduct CDD

Existing Customers – Delay discontinuing a business relationship - allow time to collate documentation, number of attempts will vary

Partial Delay discontinuing a business relationship - facilitate customer in rectifying failure, reasonableness of delay will depend on circumstances




Senior Management – Independent assurance of controls, risk methodology and processes relative to size of entity

Yes

CDD - Keeping information current and valid – this does involve repeatedly updating passports, utility bills over course of business relationship

No Deleted

Pooling – accounts owned or controlled by regulated entities pose less risk than unregulated entities

No Designated persons must exercise their own judgement in each case




Pooling – greater degree of due diligence required beyond retail and corporate business

No Deleted

SCDD – No obligation to identify or verify the identity of a beneficial owner

No Deleted

PEPs – Deleted reference to senior management approval not meaning line management approval

No Reinserted

PEPs – Deleted reference to domestic PEPs being considered in the AML/CTF assessment

Yes




Reliance on relevant third parties – good practice to name the legislation applied in the relevant agreement

Yes

Reliance on relevant third parties – is it appropriate to rely on a third party that is relying on another third party

Yes

Reliance on relevant third parties – deleted reference to identify each beneficial owner to designated person as part of the initial information supplied

Yes




Documentation in the State – capable of being reproduced in the State and no undue delay in retrieving it

No Deleted

Photographic ID – Inclusion of ML-10

No Deleted

Development of the AML GuidelinesFinal Guidelines - Commentary

• Inclusion of Data Protection Principles

• The test for “reasonable grounds to doubt the veracity or adequacy of documents” is an objective test. In other words it is not the subjective opinion of the designated person which is important, rather it is a question of whether there are, on objective consideration, grounds to doubt the veracity or adequacy of CDD information

• “adequacy” is a relative concept and in this case it relates to the purpose of identifying the customer in the overall context of reducing the risk of money laundering;

• Non-Face to Face – Reference to additional CDD replaced with reference to enhanced CDD



• Section 35(3) of the Act refers to “source of funds”. When scrutinising the source of funds a designated person should seek to discover the origin and the means of transfer for funds that are involved in the transaction (for example, occupation, business activities, proceeds of sale, corporate dividends)

• Section 35(3) of the Act refers to “source of wealth”. When scrutinising the source of wealth a designated person should seek to discover the activities that have generated the total net worth of the customer (that is, the activities that produced the customer’s funds and property)



• It is recommended that designated persons should pay particular attention to complex or unusually large transactions and all unusual patterns of transactions which have no apparent economic or visible lawful purpose. As designated persons should be in a position to demonstrate compliance, it is recommended that the background and purpose of such transactions should, as far as possible, be examined and the findings established in writing – see also paragraph 71

• Where an existing customer or beneficial owner becomes a PEP, immediate family member, or close associate, then the measures required by section 37 should be applied. Although not explicitly required by section 37 (4), it would be advisable to obtain senior management approval to the continuation of a business relationship in light of the provisions of section 37 (8)

• AML training should include reference to the Data Protection requirements and how they are relevant to the AML requirements


Development of the AML GuidelinesCentral Bank Communication - IFIA

• CDD during establishment of a business relationship and the meaning of “as soon as practicable” – designated person must decide and must be able to demonstrate how approach meets requirements. Probably does not mean on redemption but less clear in respect of subsequent subscriptions

• Central Bank will not issue advice on whether further subscriptions should be permitted after the initial subscription is made where documentation is not forthcoming

• Relevant third parties in permitted jurisdictions can apply their local AML legislation

• Outsourcing / agency arrangements should be treated differently to reliance situations

• Applicability of SCDD depends on customer’s status and status of customer’s parent has no bearing

• Relevant third parties must make documentation available as soon as practicable after a request and arrangement may not be made subject to a clause where permission from another party is required (Court order) and must be provided directly to the designated person (not via a regulator etc.)


Development of the AML GuidelinesFinal Guidelines - Status

• Not issued under Section 107

• Published by the Department of Finance but no apparent legislative mechanism for them to do so

• While these guidelines have not been approved under Section107 of the Act, the Central Bank will have regard to these guidelines in assessing compliance by designated persons with the Act

• The guidelines do not constitute secondary legislation and designated persons must always refer directly to the Act when ascertaining their statutory obligations

• “a court may have regard to any guidelines applying…….but nothing in this section limits the matters that a court may have regard to in determining whether a defendant took all reasonable steps and exercised all due diligence to avoid committing an offence”

• Administrative Sanction vs. Criminal Sanction


Development of the AML GuidelinesWhere to next?

• Who owns the Guidelines?

• How do we amend the Guidelines in the future?

• Sectoral Guidelines?

• Legislative amendments?


QUESTIONS?


CHALLENGES FOR IMPLEMENTATION

Sinead Ovenden

Director

Deloitte


4 simple key steps

1. Risk assessment

2. Application of risk assessment

3. Review of policy and procedures

4. Implementation strategy

…….and many challenges…


1. Risk Assessment

Document and record how you assessed your business from a risk perspective including detailed analysis of:

• Your business;• Your customers;• Your geographic location and your customers

location;• The products you offer; and• Your delivery channels and payment

processes.


1. Risk Assessment (ctd)

Where are you located ? Where do your customers come from ? Do you ever meet your customers? How do your customers come to you ? At what stage of the money laundering process do you think your

organisation could be exposed to money laundering ? What mitigants do you have in place to guard against these risks? Have you focused on delivery channels and payment processes,

for example cash over the counter e.g. Bureau de Change. Electronic Transfer/Wire Transfer e.g. Funds industry, Banking

Industry. Is there a chance that inappropriate assets could be placed in your

business or moved from or through it?


1. Risk Assessment (ctd)

Do you deal with businesses with a complicated ownership structure that could conceal underlying beneficiaries ?

Do you monitor the controls and try to improve on their efficiency.

Have you kept records of what you did and why you did it. Is your training policy updated or are you simply asking

staff to read a manual that you know they don’t understand or have no interest in reading.

Have you monitored the type of suspicious transactions that are being reported to you as MLRO or is your business reporting any suspicious activity or transactions to the MLRO?


2. Application of Risk Assessment

“reasonably warranted by the risk” –

interpreted by the Central Bank as a mandatory requirement which may require additional attention should the risk be higher.

NB. it does not allow for the requirement to be eliminated by low risk e.g. beneficial ownership verification


2. Application of Risk Assessment

Simple or sophisticated – the choice is yours - High, Medium or Low to a complicated rating system.

Your efforts and resources should be focused on the areas where the risks are highest to your business.


2. Application of risk assessment

• Categorise your business correctly e.g. :•Simplified•Low risk•Standard•Non face to face•Enhanced PEPs•Enhanced for Correspondent banking•Enhanced for high risk

•Identify where the act expressly provides for a risk based measures e.g. verification of beneficial owner, monitoring, identification of PEPs etc.

•Identify where the act does not provide for risk based discretion e.g. ID and verify customer , ID of beneficial owner etc.


3. Review Policy & Procedures

2 choices – redraft of existing policies and procedures or start a completely new set.

The risk assessment should be reflected in your policies and procedures. If it is decided that after completing your risk assessment, that the risks to your firm are high, then your procedures should reflect requirements based on a high risk rating.

Application forms, prospecti and all sales documentation need to be updated to reflect the new Act


4. Implementation Strategy

The risk assessment document needs to be approved at Board level or by the senior management team in your company.

Your new controls and procedures need to be

implemented within the Company.

All staff need to be trained on the new requirements.

The anti money laundering team should receive specialist/enhanced level of training


FINAL WORD

Document everything• Your risk assessment is critical• How it was applied• How it was signed off• How you monitor transactions• How you monitor third parties• Third party agreements must be in place……

In order to facilitate declaration that your organisation complies with the Criminal Justice Act 2010 and project yourself as a Pre-Approved Control Function 15.


NEED HELP…..


Contact Deloitte should your organisation require assistance:

Sinead Ovenden

Director Regulatory Compliance Services

[email protected]

01 417 2545

Sean Smith

Senior Manager Regulatory Compliance Services

[email protected]

01 417 2306

mailto:[email protected]

mailto:[email protected]


• Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms, and their respective subsidiaries and affiliates. Deloitte Touche Tohmatsu is an organization of member firms around the world devoted to excellence in providing professional services and advice, focused on client service through a global strategy executed locally in nearly 140 countries. With access to the deep intellectual capital of approximately 160,000 people worldwide, Deloitte delivers services in four professional areas—audit, tax, consulting, and financial advisory services—and serves more than 80 percent of the world’s largest companies, as well as large national enterprises, public institutions, locally important clients, and successful, fast-growing global companies. Services are not provided by the Deloitte Touche Tohmatsu Verein, and, for regulatory and other reasons, certain member firms do not provide services in all four professional areas. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other’s acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names “Deloitte,” “Deloitte & Touche,” “Deloitte Touche Tohmatsu,” or other related names.

These materials and the information contained herein are provided by Deloitte & Touche and are intended to provide general information on a particular subject or subjects and are not an exhaustive treatment of such subject(s). Accordingly, the information in these materials is not intended to constitute accounting, tax, legal, investment, consulting or other professional advice or services. The information is not intended to be relied upon as the sole basis for any decision which may affect you or your business. Before making any decision or taking any action that might affect your personal finances or business, you should consult a qualified professional adviser. These materials and the information contained therein are provided as is, and Deloitte & Touche makes no express or implied representations or warranties regarding these materials or the information contained therein. Without limiting the foregoing, Deloitte & Touche does not warrant that the materials or information contained therein will be error-free or will meet any particular criteria of performance or quality. Deloitte & Touche expressly disclaims all implied warranties, including, without limitation, warranties of merchantability, title, fitness for a particular purpose, non-infringement, compatibility, security and accuracy.

• Your use of these materials and information contained therein is at your own risk, and you assume full responsibility and risk of loss resulting from the use thereof. Deloitte & Touche will not be liable for any special, indirect, incidental, consequential or punitive damages or any other damages whatsoever, whether in an action of contract, statute, tort (including, without limitation, negligence) or otherwise, relating to the use of these materials or the information contained therein.

• If any of the foregoing is not fully enforceable for any reason, the remainder shall nonetheless continue to apply.

• © 2012 Deloitte & Touche. All rights reservedMember of Deloitte Touche Tohmatsu

Documents

ACOI Welcomes our Members to the 2nd seminar in the ACOI lunch time CPD seminar series January - June 2012. CPD Reference: ACOI Welcomes our Members to