Monitoring compliance with Anti-Money Laundering (AML) law .
Senior Practice Reviewers: Haroulla Arkade Nicolaou Kyriacos Karaolis Louis Theodotou
AGENDA- PART I (chapters 1,2,3 and 4) The monitoring programme The monitoring process Examination of client files and bank records ICPAC & ACCA rules and regulations AML Law Internal controls, policies and procedures Risk-based approach
AGENDA- PART II (chapter 5) Identification and client due diligence procedure Reliance on third parties Identification of individual Identification of individuals not resident in Cyprus Identification of companies and other organisations Trusts PEPS
AGENDA- PART III (chapters 6,7 and 8) Record keeping – statutory requirements Transaction records Format and retrieval of records Due diligence procedures for countries outside EEA Recognition and reporting of suspicious transactions Appointment and role of MLCO Internal reporting procedures External reporting procedures Education and training - statutory requirements Timing and content of training programs Methods of providing training
PART I.
Monitoring Programme. AML monitoring undertaken by ACCA on behalf of ICPAC AML monitoring will form part of monitoring compliance with the rules and regulations of ICPAC All holders of ICPAC PC are subject to AML monitoring Schedule of firms to be visited agreed with ICPAC Selected firms notified by ICPAC Primary purpose – to verify compliance with the Prevention and Suppression of Money Laundering Activities Law as set out in ICPAC Directive to Members (September 2013).
The Monitoring Process . Arranging the visit: - Firm contacted by telephone - Off-site risk information (questionnaire) discussed - Date of visit agreed and confirmed in writing Undertaking the visit - Opening meeting - background /internal controls, policies and procedures - Examination of records including client files, bank records, suspicious activity reports and training records - Closing meeting - discuss and agree the findings, conclusion and provide guidance on any improvements. Post-visit procedures - Report on visiting findings, conclusion and guidance drafted - Internal quality control of review of report/visit papers - Firm’s response received and reviewed - Report and firm’s response sent to ICPAC
Examination of client files. Sample of client files selected covering different type of clients and risk profile Scope of the review is to consider whether: Appropriate client identification procedures have been applied Appropriate client acceptance procedures are applied Client’s risk rating is appropriate On-going due diligence (DD) procedures applied including client retention, are appropriate and consistent with risk rating Additional DD procedures are applied to PEPs and other high risk clients Adequate records maintained in relation to the above. If relevant information and documentation is not maintained, assumed procedures not followed. Oral representations not accepted
Examination of bank accounts. All bank accounts (office and client accounts) are subject to review and consider existence of: any breaches of the s270 of the IFAC Code of Ethics any actual or potential loss to the client as a result of any breaches committed any suspicious ML transactions For firms that provide bank administration services, sample of bank accounts selected for review to: Evaluate if transactions are consistent with the firm’s understanding of the client’s economic profile Ensure whether written instructions from the client obtained for transactions undertaken Establish the source of receipts or destination of payments Identify any suspicious ML transactions
ICPAC Rules and Regulations. The visit will also entail verifying compliance with certain other ICPAC’s rules and regulations Professional indemnity insurance Ensure that cover is adequate i.e.at least €85.000 or 10% of annual practice income Ensure that retroactive date is specified, and this is set at the policy’s inception date, irrespective of the insurance firm used Ensure the insured party is correctly stated on the policy Continuing Professional Development Ensure that each practitioner has covered 40 units of CPD each year, from which 21 must be verifiable Ensure that CPD undertaken includes an adequate proportion of units in auditing
ICPAC Rules and Regulations (continued) . Continuity of practice Ensure that have a provision for the firm’s continuity of its practice in writing Compliance with client money regulations (IFAC Code Of Ethics)
AML Law. Prevention and Suppression of Money Laundering Activities Law of 2007 as amended in 2010, 2012 and 2013 (“Law”) Definition Money laundering is the process by which criminals attempt to conceal the origin and ownership of the proceeds of criminal activity Terrorist Financing – Conceal the destination and ultimate purpose of funds (legitimate or otherwise) which are likely to be used for terrorism Compliance requirements of the Law set-out in Directive to Members issued by ICPAC in September 2013 (2.01)
AML Law - Money Laundering Offences. Money Laundering or Terrorist Financing offences set-out in section 2.03 of the Directive Includes activities in relation to any kind of property which represents proceeds from a predicate offence. For example: Conceals or disguise the true nature and source of such property Converts or transfers such property to help conceal or disguise its origin Acquires, possesses or uses such property Provides counselling or advice for such offenses Tip-off regarding investigations of ML or TF offences Predicate offences involve criminal offences, drug trafficking and terrorist financing offences (2.07) It is not significant if the predicate offense is subject to the jurisdiction of the Cyprus Courts or not (2.08)
Money Laundering examples. Structuring: known as smurfing, method of placement whereby cash is broken into smaller deposits of money. Smuggling of bulk cash: physically smuggling cash to another jurisdiction and depositing it in a financial institution, such as an offshore bank, with greater bank secrecy or less demanding money laundering regulations Cash-intensive businesses: business typically involved in receiving cash uses its accounts to deposit both legitimate and criminally derived cash, claiming all of it as legitimate earnings, e.g. businesses have no variable costs, and it is hard to detect discrepancies between revenues and costs
Money Laundering examples. Trade based laundering: Under or overvaluing invoices to disguise the movement of money. Round tripping: - Money is deposited in an offshore entity, preferably in a tax haven where minimal records are kept, and then shipped back as a foreign direct investment, exempt from taxation. - Transfer money to a audit or law firm as funds on account of fees, to cancel the retainer and, when the money is remitted, represent sum received from the accountant / lawyer as a legacy under a will or proceeds of litigation.
Money Laundering examples. Real estate: Purchases property with illegal proceeds and then sells it. To outsiders, the proceeds from the sale look like legitimate income. Alternatively, the price of the property is manipulated: the seller agrees to sell property under its value, and receives criminal proceeds to make up the difference. Black salaries: A company may have unregistered employees without a written contract and pay them cash salaries. Money from illegitimate source might be used to pay them. Fictitious loans
Penalties. Penalties for money laundering offences (2.04) 14 years imprisonment or fine up to €500,000 or both in case that person knows that property is from proceed from predicate office 5 years imprisonment or fine up to €50,000 or both in case person ought to have known Any person, including an auditor, external accountant, who in course of his business acquires knowledge or reasonable suspicion that another person is engaged in ML is obliged to report this to MOKAS. Failure to report (2.07) Penalty is 5 years imprisonment or fine up to €5,000 or both
Tipping- off. Tipping off (2.10) - It is an offence to disclose to the person under suspicion or any third party: Information or records on ML or TF activities provided to MOKAS Suspicious transactions or activities reported to MOKAS That authorities are carrying out investigations for ML and TF Disclosure of suspicious transactions or activities to Supervisory Authority does not constitute a violation of any contractual or legal limitation (2.10(b))
Prescribed activities and services. Law recognises the important role of: (2.11) Those carrying out financial services activities Those carrying out ‘other activities’ (auditors, external accountants, tax advisors, trust and corporate service providers) Additional administrative requirements for firms providing financial and other services to establish and implement systems and procedures for (2.13): Client identification and due diligence Record keeping regarding client identity and transactions Procedures for internal reporting Risk assessment procedures Monitoring of transactions Training of staff
Supervisory Authorities. ICPAC acts as a Supervisory Authority (2.14) Directive issued by ICPAC is binding and obligatory (2.16) Failure to comply with the Law or Directive could result in disciplinary action taken by ICPAC (2.17). ICPAC can: Request supervised person to remedy the situation Impose administrative fine up to €200,000 to supervised person Amend or suspend or cancel the operation license of the supervised person Removal of person from director, officer, MLCO or any regulatory position Impose administrative fine up to €200,000 to director, officer or any other person in the event the breach was due to his/her fault, wilful omission or negligence
Internal controls, policies and procedures. Need to establish and maintain procedures and controls to prevent ML and TF, and ensure appropriate reporting of any that may be known or suspected (3.01) Firms need to appoint an appropriate senior executive with skills, knowledge and expertise to handle reported suspicions (3.02) – Money laundering Compliance Officer Procedures (3.03) - Client identification (Chapter 5) - Record-keeping (Chapter 6) - Recognition and reporting of suspicions (Chapter 7) - Education and training (Chapter 8) Procedures should be clearly laid out, and be subject to regular monitoring (3.05)
Risk-based Approach. Client identification and due diligence procedures are required for in all cases, but extent of measures depends on risk assessment (4.01) Aim of the Risk Based approach: (4.03) Direct resourced where the risk is greater, and be cost effective allows firms to apply own approach in establishing policies and procedures tailored to the nature of the firm (cannot be uniformly applied) The risk-based approach involves the following steps: (4.04) Identify and assess ML and TF risks Manage and mitigate assessed risks Continuously monitors the established systems and procedures to allow for necessary improvements to be made
Risk Assessment. Should consider risk categories (4.05 – 4.12 & Appendix C) Country/Geographical risk Client risk Service risk Matrix of Characteristics (4.16 and 4.17) Create simple matrix of client and service to determine if risk is Low, Medium or High can be incorporated in client acceptance procedures aim is to ensure that appropriate but not excessive client due diligence is done based on risk profile
Risk Mitigation. Need to implement appropriate procedures to mitigate the risks identified during risk assessment (4.17) Enhanced procedures where risk is assessed as high include (4.21): Increase awareness of the risk across all departments involved with the client Escalate approval for accepting relationship Increase levels of KYC and enhanced DD (will be discussed later on) Increase monitoring of transactions In all cases, firm’s need to gather information to assist in its understanding the client. Extent and depth of information for KYC and identity verification should depend on risk assessment. (4.20)
Ongoing monitoring. Establish a mechanism to ensure that transactions undertaken by or on behalf of clients match their determined profile, particularly when initial risk is assessed as Low (4.25) Take reasonable measures to conduct ongoing monitoring of transactions that pose a high risk. Examples of procedures to follow: Review transactions more frequently Develop reports Set limits or parameters regarding accounts or transactions that would trigger early warning signals
Limitations of risk based approach. Risk based approach may not be possible at initial stages, but only at subsequent stages (4.22) Reporting of suspicions to MOKAS should not be risk-based (4.23) Monitoring necessary to detect unusual transactions, regardless of assessed risk (4.25)
THANK YOU