download report


2007 Update on
Anti-Money Laundering (AML) Compliance
Securities & Investment Institute
Risk Forum
Tuesday 4th December 2007
Presented by: Peter Brown FSI
Lessons from history!
• A selection of significant FSA enforcement cases:
Northern Ireland Insurance Broker : shut down.
Paine Webber : Fine £350,000.
Royal Bank of Scotland : Fine £750,000.
Northern Bank : Fine £1,250,000.
Abbey National : Fine £2,000,000.
Bank of Scotland : Fine £1,250,000.
Raiffeisen Zentralbank Osterreich: Fine £150,000.
Bank of Ireland : Fine £375,000.
Investment Services UK Ltd: Fine £175,000.
Mr Ram Melwani: Fine £30,000.
• Remember generally Principle 6 – exercising due skill and care!
David Whistance, ex-FD of Williams de Broe, did not do so (in
respect of handling client assets and settlements) and was
personally fined £30,000.00.
The UK’s 2007 Anti-Money Laundering Regime
• The Money Laundering Regulations 2007
• The FSA
– New SYSC Rules
– Senior Management Obligations
• The Financial Action Task Force (FATF)
• JMLSG Guidance
• Risk Assessments
• Enforcement
• Extra Bedtime Reading
1. The Money Laundering
Regulations 2007
• The new Money Laundering Regulations 2007 (the
Regulations) will be effective from 15th December 2007
and continue the ‘established style’ of referring to
obligations for “a relevant person”.
• Regulation 2 defines a relevant person as “…. a person
to whom, in accordance with Regulations 3 and 4, these
Regulations apply….”.
• There are no references in the Regulations to Senior
Management – HM Treasury would probably say that
there is no need!
• However, the new JMLSG Guidance re-enforces the
concept of senior management responsibilities.
1. The Money Laundering
Regulations 2007
• Significant changes - by statistics:
• Length – 33 pages are now 48, a 45% increase.
• Glossary of terms (Regulation 2):
– 10 unchanged
– 7 modified
– 15 deleted
– 24 new
– An increase from 32 defined terms to 41 (28%).
• Other significant changes by substance are reflected in
the new JMLSG Guidance – predominantly new
statutory matters coming from previously recommended
2. The FSA
• Changes in the FSA Handbook are currently being
driven by two significant factors:
– A general move to principles based regulation.
– A strong reliance on risk based approaches.
• Changes driven by two other new EU Directives:
• New SYSC rules need to provide a ‘common platform’
for firms impacted by these two other directives and also
update the SYSC anti-money laundering rules as well.
2.1. The New SYSC Rules
• For all ‘common platform’ firms, the new SYSC rules 7
covering Compliance, Internal Audit and Financial
Crime were to take effect on or by 1st November 2007.
• These rules, insofar as they cover a firm’s anti-money
laundering regime, do not bring substantial changes, but
they do need to be read as reconfirming the earlier AML
obligations for senior management – as defined!
• Not all firms have yet begun to recognize these senior
management obligations or the risk assessed approach
requirement that was introduced by the then new FSA
Rules in March 2006!
2.1. The New SYSC Rules
• The new FSA Rules contain the holistic requirement to 8
address the prevention of ‘financial crime’, which
includes money laundering and terrorist financing as
well as fraud and market abuse.
• They continue to emphasise – as they have done since
1st March 2006 (effective by 1st September 2006) - the
responsibilities that are those of senior management.
• There is thus an even clearer distinction drawn between
the MLRO’s and senior management’s responsibilities.
• Not all firms seem to have grasped this distinction yet!
• New SYSC Rule references are not quoted in the
JMLSG Guidance 2007.
2.2. Senior Management Obligations
• FSA Rules require senior management to:
– Establish an effective risk-based AML regime.
– Ensure ongoing effectiveness of their policies and
– Appoint an MLRO with appropriate competences
and provide adequate resources for the job.
– Designate a specific member of senior management to
be responsible for the discharge of senior
management’s AML obligations.
– The designated senior manager needs to be able to
demonstrate ‘involvement’ in AML matters.
2.2. Senior Management Obligations
Recent quotes about the MPBR (More Principles Based
Regulation) era:
• “Another reason for the shift to more principles is that
the FSA wants to push responsibility for compliance
higher up organisations.”
• “By focusing on outcomes and principles instead, the
FSA expects to see key regulatory decisions taken at a
more senior level with heavy involvement from the
board of directors. This will mean a significant change
in behaviour and management attention for many
people in financial services firms.”
2. FSA – Senior Management
Obligations for AML Compliance
Recent quotes (cont’d):
• “If it is going to work properly it is going to require
much more active engagement between compliance and
senior management.”
• “Q: Will senior management have to spend more time on
compliance issues?
A: There is a general move of responsibility for
interpreting the rules from the FSA to senior
management. Additionally, the FSA ….wants senior
management to take leadership of some specific
compliance areas such as……anti-money laundering
and financial crime.”
3. Financial Action Task Force
• The FATF’s end-2006 evaluation review of the UK has 12
produced a report with a number of matters of relevance
to firms’ senior managers.
• There is, from the report, new pressure on the FSA to:
– Undertake more AML compliance monitoring on
small/smaller firms – ARROW reviews are not
recognised by FATF as monitoring!
– Possibly enforce more disciplinary actions on firms.
– Potentially enforce more disciplinary actions on
senior managers in firms found to be deficient.
4. JMLSG Guidance
• The JMLSG Guidance becomes effective, in line with
the new Regulations, on 15th December 2007.
• It will continue – subject to gaining statutory approval
from HM Treasury – to provide a ‘safe harbour’ for
firms, their senior managers and staff, if challenged over
breaches of the statutes, Regulations, reporting
obligations or relevant FSA Rules, when compliance
with the Guidance can be demonstrated; the FSA regard
the Guidance as presenting ‘best practice’.
• If the Guidance is not followed, anything done instead
must be demonstrably as good and effective.
4. 2007 JMLSG Guidance
• The six main areas of change in the Guidance, identified14
as such at the consultative stage, were:
– New and changed definitions, including beneficial
owners, PEPs and trusts.
– Customer due diligence (CDD) – all 14 Regulations!
– Risk based approach (customer/client,
product/service, delivery and geographic risks;
annual reviews to be covered in MLRO’s Annual
Report to senior management).
– Reliance on other regulated firms.
– Simplified due diligence.
– Enhanced due diligence re non face-to-face, PEPs and
correspondent banking.
4. Risk Based Approach
Risk assess
Verify Identity
Standard ID&V
and other KYC
4. 2007 JMLSG Guidance
• Other areas of change brought forward from the
Regulations into the 2007 JMLSG Guidance are:
– The reporting regime interfacing with SOCA, which
is a Nominated Officer responsibility.
– Monitoring, which is now a statutory obligation and,
to be satisfactory, must be:
• Documented, in procedures, risk assessments and
potentially other records as well.
• A matter of which all relevant staff are fully aware
and to which they are demonstrably alert.
• Effectively covered in training for relevant staff.
5. Risk Assessments
• A money laundering risk assessment document is an
essential document for all firms to be able to comply
with both statute and the FSA Rules.
• It is neither the same as the Risk Map produced for
general compliance purposes nor is its existence satisfied
by an ARROW review – its contents will be both
complex and fairly extensive (see JMLSG Guidance,
Part I, Chapter 4).
• The assessment should be signed off at a senior
management level when created and after every (annual)
review, whether or not those reviews have resulted in
additions or revisions.
5. Risk Assessments
• JMLSG Guidance details the need to assess money
laundering risks under four separate headings:
– Product/service risk
– Customer/client risk
– Delivery risk
– Geographic risk
• The number of potential combinations ensuing from this
‘four dimensional risk matrix’ can be significant.
• Simply presenting the results in a meaningful and
comprehensible form, to seek senior management
approval and sign-off, is a challenge in its own right.
5. Risk Assessments
• Empirical evidence suggests that most firms’
approaches to geographic risk are unduly simplistic and
inadequate; it is not sufficient to judge all EU/FATF
firms as automatically low risk.
• The JMLSG posted a paper on its website on
7th September 2006, (Assessment of AML/CFT
standards in other countries) effectively restating the
expectations of geographic risk assessments that have
been in place since the JMLSG Guidance Notes 2003.
• Sections 2 and 5 of this paper are particularly important
is recognising, first of all, what is a ‘comparable
jurisdiction’ and then that this is merely the start of the
process of undertaking a geographic risk assessment.
6. Enforcement
• There is evidence that the FSA is already targeting
smaller/small firms and is prepared to monitor the
smallest of firms with the lowest of ML risk ratings.
– It could be you next!
– Are you as a firm ready with your answers to the
FSA’s questions?
– Is your designated senior manager ready and able to
deliver those answers?
• What sorts of questions could the FSA expect to look to
the designated senior manager (rather than the MLRO)
to answer?
6. Enforcement
• Do you make use of the JMLSG Guidance in your
day-to-day operations? Which edition do you use?
• Have your overall AML policies and procedures changed
since the removal of the ML Sourcebook and the
implementation of the revised Guidance?
• If so, what are the key changes you have made?
• Did you use the services of outside consultants for this
• Have you nominated a senior manager, other than the
MLRO, to be responsible for AML controls? What is their
name and job title?
6. Enforcement
• What is the extent of their involvement in the firm’s
AML work?
• Have you assessed and documented the money laundering
risk to your business? If so, please summarise your
approach and describe how it has affected your overall
AML controls.
• Has your firm made use of the new opportunities to
simplify ID requirements in accordance with the new
JMLSG Guidance?
• Does your firm rely on other regulated firms to conduct ID
checks in accordance with the new JMLSG Guidance?
• How have changes in your overall ML Policies and
Procedures been communicated to staff?
7. Extra Bedtime Reading
• In July 2007 the FSA published a report from some
themed review work, entitled ‘FSA Review of private
banks’ anti-money laundering systems and controls’.
• Although needing to include the following in the report,
“9.This report does not constitute formal guidance from
the FSA given under section 157 of the Financial
Services and Markets Act”, it nevertheless actually does
manage to provide very useful guidance.
• Was it a financial crime review or a fraud risk review or
an AML review? Does it matter?
• Consider it as an essential template!
Any Questions?
Thank you for listening