A real challenge
We do understand that financial institutions are not the only ones that can be exposed to significant risks of money laundering and terrorist financing (hereafter referred to as “ML/TF”). As the risk controls grow, the abusers of the world market do not stop looking for alternative ML/TF methods and continue to establish and expand their illicit networks among Non-Bank Financial Institutions (hereafter referred to as “NBFI”).If we look at the growing number of fines imposed by regulators on NBFIs, there will be no doubts that most anti-money laundering and counter-terrorist financing (hereafter referred to as “AML/CFT”) policies and controls implemented by the relevant institutions are not properly followed by their compliance specialists and relevant management boards. However, the problem lies not only in the experts' competency but also in the fine-tuning of AML/CFT software that supports the internal control framework of the organization.
Be ready to pay the price
Below we provide some examples of penalty impositions and analyze the reasons for such disciplinary measures against NBFIs.The Securities and Futures Commission (hereafter referred to as “SFC”), an independent statutory body set up in 1989 to regulate Hong Kong's securities and futures markets, reprimands and fines Yardley Securities Limited $5 million for breaches of anti-money laundering regulatory requirements. SFC emphasized that the company’s failure to comply with AML/CFT had lasted at least nine months. An inappropriate and insecure approach towards handling massive amounts of third-party payments through clients’ accounts had a logical result.
Monetary Authority of Singapore, Singapore’s central bank and integrated financial regulator, imposed a Composition Penalty of $400,000 on TMF Trustees Singapore Limited for AML/CFT Failures. It was identified as a failure to monitor, on an ongoing basis, the transactions of trust relevant parties and to verify the source of wealth of settlors of trusts who presented higher risks of money laundering and terrorism financing (ML/TF).
In another similar case, SFC reprimanded and fined Sino-Rich Securities & Futures Limited $7.2 million for breaches of anti-money laundering regulatory requirements.
The abovementioned cases are just a few of the many triggers that show us how many problems NBFIs have to handle efficiently.
What were the causes?
So let's dive into those failings deeper to clearly understand what was behind the regulators’ enforcement actions.Organizations failed to adopt and implement Policies & Procedures, namely,
- No written policies and procedures on AML/CFT until October 2016.
- Basic AML/CFT policies and procedures are not in place, hence, the high exposure of the Non-Bank FI to the risk of receiving and/or laundering the proceeds of crime. This risk was heightened because of the complex ownership structures, comprising multiple layers and investment entities, used by some of the customers.
- Adequate AML/CFT policies and procedures are no implemented, hence, hindered the NBFI’s ability to detect and mitigate ML/TF risks associated with its higher-risk customers.
Inadequate Customer Due Diligence procedures in place, namely,
- No proper assessment of customers to determine whether they presented higher ML/TF risks, hence failed to establish, by appropriate and reasonable means, the source of wealth (SOW) of an effective controller (EC) of a fund; failure to verify the SOW of settlors of trusts wh presented higher risks of ML/TF. Instead, reliance on the settlers’ representations regarding their SOW or bank reference letters only confirmed the banking relationship between the banks and the settlors, without obtaining information to adequately corroborate those claims.
The improper or total absence of Transaction Monitoring, namely,
- Enhanced monitoring of higher-risk customers was not conducted. In particular, the background and purpose of unusually large transactions with no obvious economic purpose, undertaken by customers who were Politically Exposed Persons, was not undertaken.
- Failure to monitor, on an ongoing basis, the transactions of trust relevant parties (hereafter referred to as “TRP”). In particular, no scrutiny if these transactions were consistent with its knowledge of the TRPs’ business and risk profile as well as the source of funds.
Systematic failures to conduct AML Investigations & and submit SAR/STRs, namely
- Routine processing of:
Cash deposits – with no record of any enquiry with clients (until 2016).
Third-party transfers – the transfer forms did not include important information such as the client’s relationship with the third party, the reason for the transfer to/from and/or the client’s signature was not provided;
- No record that any requests for cash deposits and third-party transfers were rejected.
- Third-party fund transfers in two client accounts between February and May 2016 were unusual or suspicious; no proper enquiries and sufficient scrutiny.
- No SAR/STR field despite unusual transactions, for large & suspicious transactions.
The lack of Governance & Oversight, namely
- ‘Tone from the Top’ – No sufficient oversight to ensure effective AML/CFT controls and procedure.
The absence of Risk Assessment, namely
- Enterprise-wide ML/TF risk assessment (EWRA) not conducted.
Independent Testing is missing, namely,
- AML/CFT controls not subject to independent audits to assess their effectiveness
Staff Training & Risk Awareness is at a standstill, namely,
- Staff was not aware of its AML/CFT policies and procedures, including those on suspicious transaction identification and the reporting of such transactions to the money laundering reporting officer (MLRO).
- The staff responsible for processing money deposits and withdrawals was not aware that there was an MLRO.
- Adequate AML/CFT training was not provided to staff to ensure that they followed its policies.
No Record Retention, namely,
- Client Identification & transaction record not retained.
Key takeaways
Thus, adopting best practices from banks’ AML/CFT risk framework to strengthen the AML/CFT programs for NBFIs should be the matter of highest importance. NBFIs have to- Make the relevant adaptation for nuances.
- Create risk awareness especially in the first line.
- Constantly update legacy systems: information not available e.g. capturing dual nationalities.
Although the focus appears to be on the banks and the transactions of their customers, NBFIs are also required to implement AML/CFT preventive measures and file SAR/STRs.
There is increasing regulatory scrutiny to ensure that Non-Banks have effective AML/CFT programs to manage ML/TF risks. So, while the ML/TF risks and typologies may be different from the banks, the key elements of an effective AML/CFT program are the same.
NBFIs should focus on their customers’ source of funds in the purchase, investment or subscription of their products & services. Apart from that, they have to review their product offerings or services to identify the potential risk that illicit proceeds of crime may be used to buy, invest or subscribe. Moreover, NBFIs are required to monitor their customers' transactions and check against their KYC/CDD profile and file SAR/STRs, where warranted.
At ZeroTolerance we can also provide you separate consultations on practicalities of the AML requirements, risk assessments, filing of suspicious activity and transactions reporting, case management systems and processes, integration and tuning of AML software and any other compliance issues that NBFIs might face. For further information on how we can assist you on this matter, reach us at info@zrtolerance.com.