AML/CFTRISK MANAGEMENT

PMLFTRPrevention of Money Laundering & Funding of Terrorism

Regulations Subject persons = carrying out relevant activity/financial

business

Relevant activity = activity of legal or natural persons when acting in the exercise of their professional activities/ on behalf of and for their clients

Implementing Procedures assist subject persons Require subject persons to manage their ML/FT risks

Binding as from the date on which they’re issued

Failures to comply administrative penalty: 250 – 2500€

Money Laundering Enables the perpetrators to make legitimate economic use of the criminal proceeds

By disguising the source, changing the form, moving the funds

Usually three stages:

1) The placement stage

Introduced into the financial system by breaking up large amounts of cash into less conspicuous smaller sums

2) The layering stage

Engages in a series of conversions or movements of the funds to distance them from the source

3) The integration stage

Integrating the funds by investing in real estates, luxury goods, etc…

Funding of Terrorism

Process by which terrorist organizations or individual terrorists are funded in order to be able to carry out acts of terrorism

Take place through:

1) Funds deriving from legitimate sources

2) Combination of lawful and unlawful sources

The ultimate aim is to obtain resources to support terrorist operations

Customer Due Diligence

Determine who the applicant for business/the customer/the beneficial owner is

Verify whether such person is the person he purports to be

Identification and verification of the applicant of business

Identification and verification of the beneficial owners

Identification and verification when the applicant for business does not act as a principal

Obtaining information on the purpose and intended nature of the business relationship

Conducting ongoing monitoring of the business relationship

Establishing the source of wealth and source of funds

Setting up a customer acceptance policy and ensuring that the applicant for business meets the requirements set out in such policy

Prohibited to keep anonymous accounts or accounts in fictious names

Documents, data, or information obtained from a reliable and independent resource

Business relationship must comprise 3 important elements

1) Relationship must be of a business, professional or commercial nature

2) Relationship must subsist for a period of time

3) One of the persons involved in the relationship must be a subject person

Identification

With respect to a natural person:

Official full name

Place & Date of birth

Permanent residential address

Identity reference number

nationality

Verification of the obtained documents through:

A government authority

Department or agency

A regulated utility company

A subject person carrying out relevant financial business

Where the applicant for business is present for verification:

A valid unexpired passport

A valid unexpired national or other government issued ID-card

A valid unexpired driving licence

Verification of the residential address:

A recent statement from a recognized credit institution

A recent utility bill

Correspondence from a central or local government authority

A record of a visit to the address by a senior official of the subject person

Any government-issued document

Documents other than official government issued documents, must not be more than 6 months old.

Identification & verification of the beneficial owner

Who is the beneficial owner?

Natural person who ultimately owns or controls the customer

Natural person on whose behalf or for the benefit of whom a transaction is being conducted

Includes all natural persons who own or control (direct or indirect ownership/bearer shareholding) more than 25% of the shares or voting rights

Includes also persons with less than 25% who exercise control over the management

Shadow directors

Measures: Request more information directly from the applicant for business

Written declaration about the existence of such persons

Signed by applicant for business and the beneficial owner

Or signed declaration that he is not aware of the existence of such persons

Ensure that the applicant for business is duly authorized to act on behalf of the beneficial owner

Principal must be identified by usual verification procedures

When the principal is a public company:

Official full name

Registration number

Date of incorporation

Registered address

Certificate of incorporation

Confirmation, that the public company is not on the process of being dissolved, struck off, wound up or determinate

Most recent version of the MaA’s

All directors must be identified

When the principal is a private company same procedures as public

Establishment of ownership and control structure Copy of shareholder register

Information from independent sources

Latest audited financial statements

Also relevant for the risk profile: Nature and details of the business

Origin of the funds

Source of wealth

Be not satisfied with a generic transcription

Simplified Due Diligence

Applicant of business need not to be identified or verified

Need not to obtain information relating the purpose or intended nature of business relationship

Persons, which are authorized to undertake relevant financial business (credit institutions, insurance business, investment firms, etc.)

Enhanced Due Diligence

Additional measures to CDD measures Questionnaire

Certified copies

Clearance certificate

Relevant for customers which by their business represent a higher risk

Applicant for business has not been physically present (non face-to-face customers)

In relation to cross border correspondent banking relationships

In relation with PEPs

Political Exposed Persons (PEPs) Natural person, who is or has been entrusted with prominent public functions

Immediate family members

The spouse or any partner

Children, their spouses or partners

The parents

Heads of states, heads of government, ministers and deputy, assistant ministers and parliamentary secretaries

Members of Parliament

Members of the courts

Members of courts of auditors, Audit Committees, board of the central bank

Ambassadors and management of boards of State owned corporations

Domestic PEPs still pose a higher risk but if residing in Malta EDDs are not mandatory required

Mandatory risk procedures

A customer acceptance policy, as a minimum, should include:

Description of the type of customer

Identification of the risk indicators

Customer background

Country of origin

Business activities

Products

Linked accounts or activities

Requirement for the application of EDD measures

Customer Risk Generally based on the persons economic activity and/or source of wealth

Categories of customers whose activities may pose a higher risk Customers conducting their business relationship or transactions in unusual

circumstances

Where the structure or nature of the entity or relationship makes it difficult to identify the true owner

Cash intensive business

Charities or “not for profit” organizations

Use of intermediaries

PEPs

Customers who are subject to sanctions or other economic measures

Product/Service Risk Potentially higher risk including the following

International corresponding banking service

International private banking services

Service involving banknote and precious metal trading and delivery

Services that inherently provide more anonymity

Online banking

Stored value cards

International wire transfers

Private investment companies and trusts

Interface Risk

Channel through which a subject person establishes a business relationship and through which transactions are carried out

Use of internet for the provision of services

Higher level of anonymity

Through agents or providers

Geographical Risk

Dependent on the geographical location of the business/economic activity and the source of wealth/funds of the business relationship

Countries that pose a higher risk: Countries subject to sanctions, embargoes or similar measures

Identified by credible sources as lacking appropriate AML/CFT laws

Identified as providing funding or support for terrorist activities

Identified as having significant levels of corruption or other criminal activity

Identifying a customer as posing a higher risk of ML/FT does not automatically mean that such a person is a money launderer or terrorist financier

A customer who is identified as presenting a low risk of ML/FT does not exclude the possibility that such customer may attempt to launder money or fund terrorism

In the event of a change of circumstances the respective control is modified accordingly

Recording procedures To be able to demonstrate to the FIAU that the measures adopted are appropriate

Of utmost importance that the processes are duly recording in writing

Records should contain all relevant information of the specific CDD measures

Internal reports made to the MLRO

Reports by the subject person to the FIAU

Record of AML/CFT training

Records at least for period of 5 years Commence from the date on which the business relationship is determined

MLRO

Functions of the MLRO may not be:

Outsourced

Carried out by a non-executive director

Carried out by a person who only occupies the position of company secretary and does not hold any other position within the organization

Carried out by a person who undertakes internal audit functions

The MLRO must have a senior position within the institution

Must have a direct reporting line to the Board of Directors

Must also have the authority to act independently in carrying out his responsibilities

Have full and unlimited access to all records, data, documentation and information of the subject person for the purposes of fulfilling his responsibilities

Internal reporting procedures:

Any knowledge or suspicion of ML/FT should be reported directly to the MLRO

Internal reports should be submitted in a written form

Reporting line as short as possible

Ensure that no essential information is overlooked

Annual Compliance Report Contents of the annual Compliance Report:

“The Report” requires the completion of general details on the subject persons, as well as information which includes:

Information on internal suspicious reports

An overview of the policies and procedures on internal control, risk assessment and risk management

An overview of the manner through which the MLRO would have assessed internal compliance

Information concerning the AML/CFT training attended by the MLRO

Signed by a high-ranking officer and the MLRO

Awareness, training and vetting of employees

Procedures to prevent ML/FT cannot be implemented effectively unless employees are made fully aware of their obligations and are provided with the necessary training.

Employees should be made aware of:

CDD measures

Record keeping procedures

Internal reporting

Policies and Procedures on risk assessment and management

The provisions of the PMLFTR

The implementing procedures

Training programmes for employees should include ongoing refresher courses

Training programmes for employees should take place every year

Subject persons must provide training to new employees

Reputable jurisdiction

“any country having appropriate legislative measures for the prevention of money laundering and the funding of terrorism recognized as laying down internationally accepted standards for the prevention of ML/FT

Take into account that country’s membership of, or any declaration or accreditation by, any international organization recognized as laying down internationally accepted standards for the prevention of ML/FT

useful: FATF, Money Val or similar

Non-reputable jurisdictions

FIAU Guidance Note on High Risk and Non-Cooperative Jurisdictions Appendix IV

Clearly establishes that certain jurisdictions listed in the FATF public documents shall not be considered to be a reputable jurisdiction

Member states of the European Community may be automatically presumed to satisfy the criteria of “reputable jurisdictions” Appendix III

These third countries are currently considered by EU member states as having equivalent AML/CFT systems to the EU

Offences and Penalties

Not maintaining appropriate procedures for CDD, record keeping & reporting or not provide necessary training to the employees Fine not exceeding 50 000€ or 2years imprisonment

Committed to the lack of supervision Not less than 2500€, not more than 5000€, accumulated not more than 50

000€

False declaration or false description of the production AfB liable to a fine not exceeding 50 000€ or 2years imprisonment

Contravention on information on the payee accompanying transfers of funds Not less than 250€, not more than 2500€

Contravention with regulation 15(6) and 15(11) Not less than 250€, not more than 2500€, accumulated not more than 12 500€

Information has not been transmitted to the FIAU Not exceeding 50 000€ or 2 years imprisonment

Failure to comply with the provisions of any procedures or guidance Not less than 250€, not more than 2500€, accumulated not more than 12 500€

Committing any act of money laundering Not exceeding 2 329 373,40€ or 14 years imprisonment

Disclosure that an investigation/attachment order has been made or applied for Not exceeding 11 646,87€ or imprisonment of 12 month

Acting in contravention of a freezing order Not exceeding 11 646,87€ or imprisonment of 12 month

Committing any act of Funding of Terrorism Not exceeding 11 646,87 or 4 years imprisonment