Thomson Reuters Regulatory Intelligence: AML/KYC due diligence protocols for effective cross-border compliance

The seriousness of efforts to prevent money laundering has been emphasised by U.S.  Bancorp’s $613 million settlement with the Treasury  Department’s Office of the Comptroller of the Currency and the Federal Reserve, for inadequate  AML controls.

U.S. Bancorp failed to detect many suspicious transactions and later sought to conceal its mistakes from regulators. Banks and other financial institutions worldwide now  operate in a zero-tolerance regulatory environment where governments increasingly demand  effective due diligence on prospective and established clients.

The International Monetary Fund (IMF) has estimated that $600 billion per year is  involved in international money laundering supporting terrorism, criminal fraud, graft,  slavery and other illegal activity.

Targeting opaque ownership
International regulatory efforts, coordinated by the Basel Committee on Banking  Supervision and the Financial Action Task Force on Money Laundering, have now attacked  opaque ownership structures such as beneficial and nominee ownership arrangements, trusts, and  bearer securities. These structures can be used “by criminals, kleptocrats, and others looking to  hide ill-gotten proceeds to access the financial system anonymously”, the Financial  Crimes Enforcement Network (FinCEN) said when implementing its new regulations under the U.S.  Bank Secrecy Act.

Country-specific regulations, as typified by FinCEN’s Customer Due Diligence Requirements  for Financial Institutions, now scheduled for implementation on May 11, 2018, set  increasingly tight standards for identifying owners of such beneficial and nominee owner entities,  and mandate customer risk profiles in an effort to stop money laundering.

Increasingly stringent AML and know-your-customer (KYC) standards make cross-border  financial services yet more challenging when financial institutions follow or accept  customers into new national or regional markets with different customs, cultures, laws and  personalities. Entry into such new markets also invokes additional agency KYC requirements  such as the U.S. Internal Revenue Service’s qualified intermediary withholding agreements involving other  countries. As a result, AML and KYC requirements will complicate the expansion of  international financial services by adding significant risk assessment responsibilities.

The definition of a financial institution: broader than banks

The definition of financial services providers subject to AML and KYC requirements is broad,  and some entities contemplating expansion into other countries or regions may not know they are in  scope. Besides the predictable classification of commercial and private banks and trust  companies, the requirements also apply to credit unions, thrift institutions, brokers or  dealers in securities, insurance companies, investment banks and investment companies, and,  surprisingly, to travel agencies and pawn brokers, to dealers in precious metals, stones and  jewels, and to auto dealerships and real estate brokers.

Best practices in new markets

Local customs, practices and personalities in new jurisdictions where existing or prospective  customers operate by acquisitions, mergers, or other business entry strategies, present a more  formidable challenge to increasingly strict anti-money-laundering regulation and the KYC  requirements designed to identify questionable financial services customers. Compliance professionals must therefore implement and follow best practices. FinCEN has determined  that such best practices meeting minimum customer due diligence (CDD) criteria include:

Identifying and verifying the customer’s identity; identifying and verifying the identity of beneficial owners of a minimum 25 percent individual  ownership of legal entity customers (namely, the natural persons who own or control legal  entities); understanding the nature and purpose of the customer relationship; and conducting continuing monitoring of the customer.
Implementing the CDD criteria against prospective and existing customers presents a practical challenge. Financial institutions must:
– verify customers’ identity through collection and validation;
– screen customers’ and associated parties’ names against adverse information databases, including politically exposed
persons (PEPs) and sanctions lists;
– identify the ultimate beneficial owner (UBO) and senior management persons;
– publish customer records with risk rankings based on strict verification, screening and validation processes; and
– automatically and regularly screen existing customers, and investigate any changes such as mergers or acquisition of businesses in such customers’ records.

Mandatory risk assessments in new markets
Once identified, KYC requirements must assess the customer’s AML risk by considering the complexity of the customer’s ownership structure; whether the customer operates in a closely regulated industry such as aviation; where the customer is based, and whether that jurisdiction has effective AML regulations or known levels of corruption; whether the customer’s business is cash-based; whether the customer’s ownership structure includes hidden ownership through trusts, nominees, or bearer shares; and whether the financial institution has a direct, face-to-face relationship with the customer or its ownership.

The customer conundrum
These CDD and KYC requirements can be time-consuming and difficult for customers to understand and accept. Thomson Reuters’ independent survey, KYC challenges in 2017: A focus on the impact of global regulations in the United States, reported an average 27 days for a financial institution to accept a new customer. Twelve percent of the survey respondents reported changing banks after experiencing KYC issues, and 26 percent of the respondents criticised “inconsistent requests for information and documents”, while 37 percent decried the lack of any common standard during the CDD effort. Financial institutions ultimately bear the brunt of much customer frustration. Besides better communication of the regulatory reasons for such delays and complexity, financial institutions must pursue the most effective and efficient CDD processes in their AML and KYC compliance efforts.

The future of compliance
Automation, through algorithmic applications, should inevitably shorten time-consuming CDD procedures. Financial institutions must, however, regularly monitor such applications while keeping abreast of regulatory requirements in the never-ending catand- mouse dynamic between established governments and corrupt individuals, organisations, and rogue regimes. Such efforts, and the predictable complications virtual currencies will generate, require continuing and costly investments in staffing and training. Financial institutions may take some comfort in knowing that effective compliance programmes are barriers to entry that help create valuable franchises.

Although time-consuming and exacting, the CDD and KYC requirements can benefit compliant customers. A rigorous CDD programme can help identify customer compliance issues, risks, and other concerns, including Foreign Corrupt Practices Act issues and their counterpart requirements in other jurisdictions, embezzlement, fraud, and other criminal and civil damage.