This is the final commentary in our series on common issues identified during the completion of external AML/CTF independent reviews. In this blog, James Cozens, Director, Commercial, and Brooke Benson, Senior Consultant at CompliSpace, build upon the key issues typically identified during the completion of external independent reviews and comment on some common issues identified by AUSTRAC.
As part of our role in the independent review process, we see a variety of common trends and issues which are also often picked up by AUSTRAC. Continuing on from our last blog we countdown the final five common issues (in no particular order of priority).
5. Politically Exposed Persons
Did you know that Politically Exposed Persons (PEPs) also include family members and close associates of PEPs? The definition of a PEP was updated in the June 2014 Customer Due Diligence (CDD) updates, as well as in additional AUSTRAC guidance in this area, but we have observed that many reporting entities have not updated their AML/CTF Programs to reflect these changes. This is also evident in application forms used by reporting entities.
On a practical note, Individual PEPs such as Ministers, Judges, and Ambassadors are usually easy to identify as PEPs. However, when it comes to family members or close associates, identification is not so clear. How exactly do you identify that your client is, for example, a child of the de facto partner of a Minister? Or that they are the joint beneficial owner of a legal arrangement with a Federal Court Judge?
These issues are real and challenging for reporting entities. External PEP screening systems may become invaluable here but they come at a cost, sometimes a significant one.
Further, reporting entities with perhaps a small customer volume, or a perceived lower ML/TF risk, may have used fairly limited screening procedures to date. However, these procedures might not be sufficient now, particular in light of the updated PEP definition.
Finally, not only is the initial identification sometimes challenging, if the PEP is a Foreign PEP then additional Know Your Customer (KYC) and screening measures are required. High-risk Foreign PEP procedures really need to be documented within each AML/CTF Program to ensure that key staff are aware of the procedures where these customer types are identified.
However, these procedures are often not documented, from our experience, and the risk of not meeting these high-risk Foreign PEP requirements increases.
4. KYC records
The KYC requirements are exactly that–AUSTRAC wants you to know your customer and not just accept them at face value. However, once identified and verified, reporting entities must keep, update and review the documents, data or information collected as part of its initial and additional KYC activities in relation to its customers.
Keeping records of the KYC information collected both initially, and on an ongoing basis, is an area where some reporting entities fall short, particularly in relation to the records of the searches and verification activities that were conducted as part of the onboarding process.
Occasionally problems also arise when a third-party service provider is used as part of this process. Third-party service providers should have standard contract terms, which document the procedures that will be followed during the collection and verification of KYC information on behalf of the reporting entity, as well as how these records will be held.
However, reporting entities rarely test these procedures to ensure that it is actually being done, including whether the KYC information is held in accordance with the KYC record keeping requirements.
3. Tipping off
A suspicion involves a judgment call and it’s only natural that you would want to discuss the concern with someone else, either within the business or elsewhere, before making your decision.
Care should be taken once a suspicion is formed as generally there are only a few people that you are permitted to discuss the suspicion with your AML/CTF Compliance Officer, your lawyer for the purposes of obtaining legal advice or the another person named in your AML/CTF Program as the person responsible for reporting suspicious matters to AUSTRAC.
The rules around suspicious matters are strict and include a restriction from “tipping off” others about your suspicion. Telling others of your suspicion is a criminal offence which carries penalties of up to two years imprisonment and/or fines of $21,600.
2. Identifying new products and services as designated services
Many reporting entities work through the identification of designated services when they first register with AUSTRAC. After that, the energy and attention given to AML/CTF activities often focuses on KYC and annual reporting.
However, organisations are dynamic and often introduce new products or services without considering the AML/CTF implications. These include whether the designated service is different to those already registered with AUSTRAC (including if it is delivered through a separate entity within your corporate structure), whether new channels are used to deliver those services (such as third-party financial planners or agents) or new customer types, such as a new product which is now available to offshore clients.
1. Walk the walk and not just talk the talk
Finally, if your AML/CTF Program is not embedded within your organisation then it becomes easy to move away from your documented policies and procedures, resulting in non-compliance. This is more common within businesses that have a relatively static customer base, particularly in terms of new customer volume.
However, one of the key assessment criteria used during any independent review is whether the AML/CTF Program has been effectively implemented so compliance with your documented Program will be assessed at some point.
Now is a great time for you to look at your current practices against your AML/CTF Program to see whether your organisation is walking the walk and not just talking the talk. It is amazing how many times a reporting entity will document that they will undertake an independent review every two years, and then fail to do so, or that AML/CTF training will be conducted upon induction and then annually, again without following through with these training procedures.
It is also worth noting that the AML/CTF Rules have expanded significantly since commencement (they are now over 70 Chapters). With such a raft of possible ongoing requirements there is a danger of creating unnecessary obligations on the reporting entity–there is certainly a balance here between ensuring that your AML/CTF Program is designed to address the ML/TF risk posed by your business versus a lengthy Program containing many procedures that you are simply not required to meet.
About the CompliSpace Service
Our AML/CTF experts are engaged to complete numerous external independent reviews each year, across all reporting entity types. The AML/CTF regime is complex and has seen near constant change over the last few years (we are up to 70+ Chapters of the AML/CTF Rules now!!).
We have also written numerous blogs – see here and here, on these changes, particularly the detailed and complex CDD changes triggered in June 2014 which many reporting entities are still struggling to implement.
The AML/CTF regime is complicated and is subject to almost constant change. CompliSpace assists its clients to unravel the complexities in this area, providing a full suite of AML/CTF services, ranging from external independent reviews, in-house training, AML/CTF Program design and KYC services.
For more information contact James Cozens
This blog is a guide to keep readers updated with the latest information. It is not intended as legal advice or as advice that should be relied on by readers. The information contained in this blog may have been updated since its posting, or it may not apply in all circumstances. If you require specific or legal advice, please contact us on (02) 9299 6105 and we will be happy to assist.