Corporate credit risk
Compliance and financial crime
Tax and transfer pricing
Business development and strategy
Corporate finance and M&A
Data management
Supplier risk and procurement
Corporate
Financial institutions
Professional services and the Big 4
Government and not for profit
Academic
Data
This blog was originally created by RDC and published on rdc.com.
The European Parliament and the European Commission drafted a proposal in September 2018 to create not only stronger, but also more harmonised rules for the financial markets. This is now widely referred to as the Sixth Anti-Money Laundering Directive (AML 6), which will be led and overseen by the European Banking Authority (EBA).
AML 6 introduces several key changes and places a particular focus on predicate offences to money laundering. Financial institutions (FIs) should be aware of the impact on know-your-customer (KYC) procedures so that they can prepare effectively for the new rules, which must be implemented by 3 June 2021.
1. Identifying new risks: 22 predicate offences
While not differentiated in UK law, the EU is aiming to align Member States’ approaches to legal offences that initiate money laundering. For firms to comply with their regulatory obligations, they will need the means of detecting risks linked to these predicate offences as well as the crime of money laundering itself. This is seen as a widening of police powers in the EU and will allow law enforcers to prosecute the two actions separately. The predicate crime does not need to have been brought to court for a charge of money laundering to be heard.
There are a number of obvious financial crimes included in the list of predicate offences (provided below), such as participation in an organised criminal group and racketeering, but also human trafficking, migrant smuggling and sexual exploitation. The 22 predicate offences are also closely aligned to the designated categories of offences outlined in the FATF Recommendations.
2. Managing evolving threats
Significant among the predicate offences are environmental and cybercrimes, although cryptocurrency is also indirectly referenced. Historically these types of crime would not have featured on the radar of many compliance officers, but will now need to be added to their list of risk events to monitor. From a legal perspective, while any crime in the UK that generates funds that can be laundered constitutes a financial crime, and so money laundering, the EU still has some way to go to be aligned with the UK in this regard.
3. Identifying ‘aiding and abetting’ of money laundering
Firms will need a means of identifying those who are aiding and abetting money laundering in addition to predicate offences. This should include a robust customer screening solution that extends to one stage of removal, covering relatives and close associates of people who are politically exposed (PEPs) or the subject of sanctions. The terminology used is perhaps intentionally vague and also includes ‘inciting and attempting an offence’. It is not immediately clear how this might play out in a European court of law, although this charge is a significant addition to the legal tools currently available to law enforcers. FIs will need to produce ‘meaningful and actionable’ intelligence regarding these types of crime.
4. Conducting adverse media screening
It is likely that screening for sanctions and PEPs alone will not enable FIs to fulfil the letter or the spirit of the directive. It must be a priority to address this issue and the only way to identify these risks effectively is to include adverse media in any customer screening programme, which should already cover risks associated with sanctioned entities and PEPs.
A screening alert generated for adverse media would be a red flag – a call to action. A way to mitigate the dangers identified and apply a risk-based approach accordingly is vital. Similarly, a PEP alert can be a red light, meaning you need to stop what you are doing and check that all risks, especially bribery, corruption and terrorist funding, have been duly considered. Lastly, a sanctions alert would constitute a ‘red card’ in sporting terms, effectively being ‘sent off’, meaning you are advised to remove the account as soon as practical.
5. Shifting to automated KYC solutions
Perpetual KYC is growing in interest and adoption. It is a means of managing lower-risk KYC by exception and, while not specifically called out in the directive, there is a focus on the need to have up-to-date technology to do this. Importantly, it is a move away from a traditional review of high-risk clients annually, medium-risk clients every other year and low-risk clients every three years.
Additional screening requirements can increase the workload of compliance teams, so whatever solution is chosen needs to be robust, flexible and fully configurable to avoid as many ‘false positives’ as possible, while not giving rise to ‘false negatives’. Technology and AI can assist analysts greatly in this regard. There is empirical evidence of vastly reduced levels of false positives with the use of AI, meaning fewer alerts for analysts to study in their analysis.
In any perpetual KYC programme there needs to be clear identification of what constitutes a ‘trigger’ event – what are the ‘exceptions’ by which the KYC requirements of any client are managed. A positive match on a screening alert would obviously constitute a trigger event and appropriate enhanced due diligence would need to be carried out to determine whether relevant documents are accurate and in line with current policies. This could lead to a rise in the client’s risk rating, requiring additional information from the client.
6. Future proofing procedures
AML 6 is the latest in a line of EU regulatory directives. A key requisite of any AML programme is that of ‘horizon scanning’ and ensuring versatility of solutions. There are indications from Brussels that a single, bloc-wide financial intelligence unit (FIU) or similar will be established. This institution would oversee KYC matters and place increased pressure on Member States, which would then no doubt pressure the entities under their control.
Although cooperation, specifically between competent authorities, is frequently referenced in the directive, it appears that many of the EU Member States are either unwilling or unable to work together and support one another when it comes to seeking out perpetrators of financial crimes in the EU. This has clearly played into the hands of transnational organised crime groups which operate within EU Member States and across borders. The new directive, and plans to unify the FIU, should go some distance to changing the balance of power.
