|
Saturday, 9th November 2024 |
Preparing for the next money laundering regulations |
Back |
With the Third Anti-Money Laundering Directive due to be transposed into Irish legislation by December 15th of this year, and the Department of Justice, Equality and Law Reform currently drafting the heads of the bill, Paula Kelleher and Yvonne Keating take a look at the implications for Irish companies. |
The Third-Anti Money Laundering Directive (2005/60/EC) (the Third Directive) was adopted by the EU Council on 20 September 2005 and is due to be transposed into Irish legislation by December 15th, 2007. The Third Directive is aimed at preventing the use of the financial system for the purpose of money laundering and terrorist financing and widens the scope of previous anti-money laundering legislation. This article highlights a number of implications for Irish firms of the new Directive.
Scope of the Directive
The Third Directive makes specific reference to the fight against the financing of terrorism and has incorporated the recommendations of FATF revised in 2003. These recommendations were adopted in the wake of the September 11 2001 terrorist attacks on the United States. The Criminal Justice (Terrorist Offences) Act, 2005 amends the previous Criminal Justice (Theft and Fraud Offences) Act, 2001 and extends the anti-money laundering obligations placed upon financial institutions and persons to include procedures to detect terrorist financing.
The Third Directive imposes an obligation on designated bodies to identify and verify the identity of their customer(s) and of their beneficial owner(s) and to monitor transactions with new and existing customers, while taking into account a risked-based approach. Persons subject to anti-money laundering and terrorist financing obligations include lawyers, notaries, accountants, real estate agents, casino operators and, for the first time, trust and company service providers. The Third Directive moves towards a broader focus on customer due diligence (CDD), it being no longer sufficient to simply identify and verify a customer as the Third Directive specifically includes monitoring customer relationships as part of CDD. This procedure must be undertaken by institutions and persons subject to the Third Directive where one or more of the following four circumstances arises:
- When establishing a business relationship
- When carrying out occasional transactions amounting to ?15,000 or more, whether the transaction is carried out in a single operation or in several operations which appear to be linked
- When there is a suspicion of money laundering or terrorist financing, regardless of any derogation, exemption or threshold
- When there are doubts about the veracity or adequacy of previously obtained customer identification data.
The Third Directive defines a business relationship as, ‘a business, professional or commercial relationship which is connected with the professional activities of the institutions and persons covered by this Directive and which is expected, at the time when contact is established, to have an element of duration’. Key issues which require further consideration are the definition of a business relationship and the extent of its scope. No clear distinction is made between an occasional transaction and a business relationship and this clarification is particularly important for designated bodies where they meet a potential client but subsequently decline to take it on due to non-money laundering related factors. A business relationship would not be deemed to have commenced in such a case and to require financial institutions and professions to comply with the full force of the provisions in such a situation may impose a disproportionate regulatory burden.
Politically exposed persons (PEPs)
The Third Directive imposes a new requirement on designated bodies to identify and monitor risks associated with PEPs. It defines this class of customers as ‘natural persons who are or have been entrusted with prominent public functions as well as immediate family members, or persons know to be close associates, of such persons’. Politically exposed persons are understood to include prominent public figures such as Heads of State, their immediate family members and individuals known to be close associates of such persons. It is important to note in this context that an individual ceases to be a PEP one year after he or she has left office.
In respect of transactions or business relationships with PEPs, the Third Directive requires that enhanced due diligence measures must be undertaken by financial institutions in relation to non-domestic PEPs. Specifically designated bodies are required to:
- Have appropriate risk-based procedures to determine whether the customer is a PEP
- Have senior management approval for establishing business relationships with such customers
- Take adequate measures to establish the source of wealth and source of funds that are Involved in the business relationship or transaction conduct enhanced ongoing monitoring of the business relationship
As it is currently not customary in Ireland to specifically identify such persons, it is anticipated that there may be challenges associated with the identification of PEPs and persons who come under the scope of this broad definition. In particular guidance on how PEPs can be identified and the parameters in respect of adapting procedures in order to establish which customers are PEPs is required. In addition, how the status of a customer should be monitored to identify when someone becomes a PEP will benefit from further guidance.
The requirement for risk based procedures could prove quite onerous for many designated bodies and could force smaller entities to invest in expensive software applications even where the size of their businesses and their exposure to PEP risk would not warrant this type of investment. In the case of larger entities it may be prudent to apply a risk based approach in determining whether they should cease conducting enhanced CDD when an individual is no longer regarded as a PEP. In specific cases, an extended period might be appropriate in order to ensure that the higher risks associated with the individual’s previous position have been adequately addressed.
Timing
The Third Directive is prescriptive in relation to the timing of the CDD procedure and the verification of the identity of a customer and of a beneficial owner requiring that it must take place before the establishment of a business relationship or the carrying out of a transaction. Derogations from this provision are permissible where verification of identity may take place during the establishment of a business relationship if this is necessary not to interrupt the normal conduct of business and where it is considered that there is little risk of money laundering and / or terrorist financing occurring. The Third Directive however is clear that where it is not possible to identify the beneficial owner (or verify the identity of the beneficial owner) the business relationship or transaction should not be established or needs to be terminated or should not proceed any further. Where appropriate, a suspicious transaction report should be submitted to the national Financial Intelligence Unit (FIU) i.e. An Garda S?och?na and the Revenue Commissioners.
Reporting and staff training
The extended provisions in the Third Directive will require the establishment of internal procedures, supporting measures and improvement in the effectiveness of staff training in order to ensure compliance with the relevant provisions. Staff training in relation to customer due diligence and the adaptation of training to accommodate low and high risk business relations and transactions will be required. The obligation for the ongoing monitoring of customers will require designated bodies to have a thorough understanding of the nature and type of business activities that their customers are engaged in order to consider what might constitute suspicious activity related to money laundering or the financing of terrorism. To this end, employees will be required to participate in ongoing education and training programmes to assist them in recognising practices that may be related to money laundering or the financing of terrorism and the appropriate action to take in such circumstances.
Implementation: progress to date
The Department of Justice, Equality and Law Reform is drafting the heads of a bill based on the articles of the Directive with a view to submitting these to Government shortly. Following publication of the draft heads there will be consultation with stakeholders through the Money Laundering Steering Committee (MLSC). In tandem with this work a separate process is being put in place in relation to Guidance Notes. The aim is to replace the existing sets of sectoral Guidance Notes with one combined set of Guidance Notes that will include sections for different industry sectors. On completion, the revised Guidance Notes will be submitted to the MLSC for approval.
Conclusion
The Third Directive will significantly increase the anti-money laundering and terrorist financing obligations on designated bodies. The obligation to conduct Customer Due Diligence (CDD) procedures on a risk sensitive basis, depending on the type of customer, business relationship, product or transaction will require significant effort, commitment and appropriate investment on behalf of the designated bodies. As the Third Directive is silent on how the requirements may be implemented in practice, detailed guidance to assist designated bodies to design and implement the systems and controls necessary to mitigate the risks of being used in connection with money laundering and the financing of terrorism is paramount (See for example the Joint Money Laundering Steering Group (JMLSG) on the ‘Prevention of money laundering/combating the financing of terrorism’: Consultation Draft : Guidance for the UK Financial Sector Part I and Part II Sectoral Guidance, June 2007).
The challenge will rest with the practical implementation of the risk based approach to CDD, the ongoing monitoring of business relationships and transactions and identification of PEPs by designated bodies. This risk based approach to CDD implies extended obligations for the designated bodies involved and its effective implementation will require a multi-faceted and flexible approach in identifying relevant situations, assessing the risks and devising the most appropriate measures to tackle them. In addition, designated bodies will be required to ensure that their risk management processes for managing money laundering and terrorist financing risks are kept under regular review and updated as appropriate.
Although the implementation of a meaningful risk based approach will grant a higher degree of flexibility to designated bodies, so that resources may be concentrated on those situations which require enhanced attention or scrutiny, a broad equivalence of implementation of risk based policies in similar situations is important. The revised Guidance Notes when available will need to provide practical assistance in respect of the interpretation of the provisions and how they may be implemented in practice by designated bodies. |
Paula Kelleher is a partner and head of the Regulatory and Compliance Department at Dillon Eustace; Yvonne Keating is a legal executive/para at Dillon Eustace. Please note that this is an abridged version of the article – to read the article in full log-on to www.finance-magazine.com.
|
Article appeared in the August 2007 issue.
|
|
|