JERSEY FINANCIAL SERVICES COMMISSION 5 TH ANNIVERSARY SEMINAR 1. Introduction 1.0 The FATF Forty Recommendations have been revised and these revised Recommendations are with immediate effect the new international anti-money laundering standard. The original Recommendations were drawn up in 1990 as an initiative to combat the misuse of financial systems by persons laundering drug money. In 1996 the Recommendations were revised for the first time to reflect evolving money laundering typologies. The 1996 Forty Recommendations have been endorsed by more than 130 countries and are the international anti-money laundering standard. 1.1 In recent years the Financial Action Task Force has noted increasingly sophisticated combinations of techniques, such as the increased use of legal persons to disguise the true ownership and control of illegal proceeds, and the increased use of professionals to provide advice and assistance in laundering criminal funds. These factors, combined with the experience gained through the FATF s Non-Cooperative Countries and Territories process, plus a number of national and international initiatives, led the FATF to review and revise the Forty Recommendations into what is a new comprehensive framework for combating money laundering and terrorist financing. 1.2 The review process for revising the 40 Recommendations was an extensive one, open to FATF members, non-members, observers, financial and other affected sectors and interested parties. The FATF
2 is now calling upon all countries and jurisdictions to take the necessary steps to bring their national systems for combating money laundering and terrorist financing into compliance with the new FATF Recommendations and to effectively implement these measures. The FATF recognises however that countries have diverse legal and financial systems and so cannot take identical measures to achieve the common objectives, especially over matters of detail. 1.3 The FATF and the IMF will now produce a methodology based on the revised Recommendations which will be used to test the extent of compliance. The FATF style regional bodies such as the Caribbean Financial Action Task Force - and this extends to the Offshore Group of Banking Supervisors of which Jersey is the chair will be participating in this process. The present target is for the methodology to be agreed by June 2004 and for assessments of compliance to commence by the end of the year. Jersey can expect to be the subject of a further review, this time on its compliance with the revised Forty Recommendations, in 2005. 2. The Scope of the Criminal Offence of Money Laundering (Recommendations 1 and 2) 2.1 The Revised Forty Recommendations start by defining the scope of the criminal offence of money laundering. 2.2 Each country is required to criminalise money laundering on the basis of the 1988 United Nations Convention Against Illicit Traffic in Narcotic Drugs and Psychotropic Substances (the Vienna Convention) and the 2000 United Nations Convention on Transnational Organised Crime (the Palermo Convention).
3 2.3 Each country is required to apply the crime of money laundering to all serious offences, with a view to including the widest range of predicate offences. Predicate offences may be described by reference to all offences, or to a threshold linked either to a category of serious offences or to the penalty of imprisonment applicable to the predicate offence (the threshold approach), or to a list of predicate offences or a combination of these approaches. 2.4 Whichever approach is adopted each country is expected at a minimum to include a range of offences within what are described as the designated categories of offences, listed in the glossary attached to the Revised Recommendation. 2.5 The FATF is also recommending that predicate offences for money laundering should extend to conduct that occurs in another country, which constitutes an offence in that country, and which would also have constituted a predicate offence had it occurred domestically. Countries are being strongly encouraged to extend this to situations where the only prerequisite is that the conduct would have constituted a predicate offence had it occurred domestically. 2.6 The Revised Forty Recommendations will apply to all financial institutions and to certain designated non-financial businesses and professions. 2.7 Financial institutions are defined as any person or entity who conducts as a business one or more of a list of thirteen activities or operations for or on behalf of a customer.
4 2.8 Designated non-financial businesses and professions covers casinos, real estate agents, dealers in precious metals, dealers in precious stones, accountants, lawyers and independent legal professionals, notaries and trust and company service providers. 3. Customer Due Diligence (Recommendations 5-12) 3.1 The FATF Revised Recommendations expand on the measures to be taken by financial institutions and the designated non-financial businesses and professions to prevent money laundering and terrorist financing. The FATF has been greatly influenced in developing its recommendations on customer due diligence by the Basel Committee on Banking Supervision s paper on Customer Due Diligence for Banks published in October, 2001 and endorsed by the International Community of Banking Supervisors in September, 2002. 3.2 The customer due diligence and record keeping requirements apply to all financial institutions. For designated financial businesses and professions they apply in certain defined circumstances. For example, the essential customer due diligence and record keeping requirements only apply to lawyers, accountants and trust and company service providers when they prepare for and carry out transactions for their clients concerning certain listed activities. 3.3 The Revised Recommendations call for all institutions to be required by law or regulation to undertake customer due diligence measures, including identifying and verifying the identity of their customers when establishing business relations;
5 carrying out occasional transactions; (i) above the applicable designated threshold of $15,000; or (ii) that are wire transfers in the circumstances covered by the interpretative note to Special Recommendation VII; there is a suspicion of money laundering or terrorist financing; the financial institution has doubts about the veracity or adequacy of previously obtained customer identification. 3.4 The FATF is recommending that the basic customer due diligence obligations should be set out in law or regulation but the more detailed elements can be covered either by law or regulation or by other enforceable means issued by a competent authority. 3.5 The customer due diligence measures to be taken are (a) identifying the customer and verifying that customer s identity using reliable, independent source documents, data or information; (b) identifying the beneficial owner and taking reasonable measures to verify the identity of the beneficial owner such that the financial institution is satisfied that it knows who the beneficial owner is. For legal persons and arrangements this should including taking reasonable measures to underline the ownership and control structure of the customer.
6 [Legal persons refers to bodies corporate, foundations, anstalts, partnerships, or associations or any similar bodies that can establish a permanent customer relationship with a financial institution or otherwise own property. Legal arrangements refer to express trusts or other similar legal arrangements. Beneficial owner is defined as the natural person(s) who ultimately owns or controls a customer and/or the person on whose behalf a transaction is being conducted. It also incorporates those persons who exercise ultimate effective control over a legal person or arrangement.] (c) Obtaining information on the purpose and intended nature of the business relationship; and (d) Conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution s knowledge of the customer, their business and risk profile, including, where necessary the source of funds. 3.6 In applying each of the customer due diligence measures institutions may determine the extent of such measures on a risk sensitive basis depending on the type of customer, business relationship or transaction. The measures that are taken should be consistent with any guidelines issued by a competent authority. For higher risk
7 categories institutions should perform enhanced due diligence. In certain circumstances where there are low risks countries may decide that institutions can apply reduced or simplified measures. 3.7 Where institutions are unable to comply with the customer due diligence requirements for identification and verification they should not open an account, commence business relations or perform the transaction; or should terminate the business relationship and consider making a suspicious transactions report in relation to the customer. Customer Due Diligence and Tipping Off 3.8 If an institution forms a suspicion that transactions relate to money laundering or terrorist financing they should take into account the risk of tipping off when performing the customer due diligence process. If an institution reasonably believes that performing the CDD processes will tip off the customer or potential customer, it may choose not to pursue that process and should file an STR. Institutions should ensure that their employees are aware of and sensitive to these issues when conducting customer due diligence. Customer Due Diligence for Legal Persons and Arrangements 3.9 When performing customer due diligence through identification and verification in relation to legal persons or arrangements, institutions should (a) verify that any person purporting to act on behalf of the customer is so authorised, and identify that person;
8 (b) identify the customer and verify its identity the type of measures that would be normally needed to satisfactorily perform this function would require obtaining proof of incorporation or similar evidence of the legal status of the legal person or arrangement, as well as information concerning the customer s name, legal form, address, directors, and provisions regulating the power to bind the legal person or arrangement; (c) identify the beneficial owners, including forming an understanding of the ownership and control structure, and take reasonable measures to verify the identity of such persons. The types of measures that would normally be needed to satisfactorily perform this function would require identifying the natural persons with a controlling interest and identifying the natural persons who comprise the mind and management of the legal person or arrangement. Where the customer or beneficial owner is a public company that is subject to regulatory disclosure requirements, it is not necessary to seek to identify and verify the identity any shareholder of that company. The relevant information or data required to carry out (a), (b) and (c) above may be obtained from a public register, from the customer or from other reliable sources. Reliance on identification and verification already performed 3.10 The customer due diligence measures set out in the Recommendations do not imply that institutions have to repeatedly identify and verify the identity of each customer every time that a
9 customer conducts a transaction. An institution is entitled to rely on the identification and verification steps that it already has undertaken unless it has doubts about the veracity of that information. Examples of situations that might lead an institution to have such doubts could be where there is a suspicion of money laundering in relation to that customer, or where there is a material change in the way that the customer s account is operated which is not consistent with the customer s business profile. Timing of verification 3.11 Institutions are expected to verify the identity of the customer and beneficial owner before or during the course of establishing a business relationship or conducting transactions for occasional customers. However countries may permit financial institutions to complete the verification as soon as reasonably practicable following the establishment of the relationship, where the money laundering risks are effectively managed and where this is essential not to interrupt the normal conduct of business. 3.12 The type of circumstances where it would be permissible for verification to take place after the establishment of the business relationship would include non face-to-face business, securities transactions and life insurance business. With non face-to-face business the FATF states that institutions should refer to the Basel Report on Customer Due Diligence for Banks (section 2.2.6) for specific guidance on examples of risk management measures for non face-to-face business. 3.13 Financial institutions will also need to adopt risk management procedures with respect to the conditions under which a customer
10 may utilise the business relationship prior to verification. These procedures should include a set of measures such as a limitation of the number, types and/or amount of transactions that can be performed and the monitoring of large or complex transactions being carried out outside of expected norms for that type of relationship. Requirements to identify existing customers 3.14 Institutions are expected to apply the customer due diligence requirements to existing customers on the basis of materiality and risk, and should conduct due diligence on such existing relationships at appropriate times. The FATF indicate that for existing customers the principles set out in the Basel report on Customer Due Diligence for Banks should serve as guidance when applying customer due diligence processes to institutions engaged in banking activity, which guidance it is stated could apply to other financial institutions where relevant. Simplified or reduced customer due diligence measures 3.15 The general rule is that customers must be subject to the full range of customer due diligence measures, including the requirement to identify the beneficial owner. Nevertheless there are circumstances where the risk of money laundering or terrorist financing are lower, where information on the identity of the customer and the beneficial owner of a customer is publicly available, or where adequate checks and controls exist elsewhere in national systems. In such circumstances the FATF states that it could be reasonable for a country to allow its institutions to apply simplified or reduced customer due diligence measures when identifying and verifying the identity of the customer and the beneficial owner.
11 3.16 Simplified or reduced customer due diligence measures could apply to the following types of customers financial institutions where they are subject to requirements to combat money laundering and terrorist financing consistent with the FATF Recommendations and are supervised for compliance with those controls; public companies that are subject to regulatory disclosure requirements; government administrations or enterprises. 3.17 Simplified or reduced customer due diligence measures could also apply to the beneficial owners of pooled accounts held by designated non financial businesses or professions provided that those businesses or professions are subject to requirements to combat money laundering and terrorist financing consistent with the FATF Recommendations and are supervised for compliance with those controls. Banks should also refer to the Basel CDD Paper which provides specific guidance concerning situations where an account holding institution may rely on a customer that is a professional financial intermediary to perform the customer due diligence on his or its own customers (i.e. the beneficial owners of the bank account). Where relevant, the CDD Paper could also provide guidance in relation to similar accounts held by other types of financial institutions.
12 3.18 Each country could also decide whether financial institutions could apply these simplified measures only to customers in its own jurisdiction or allow them to do for customers from any other jurisdiction that the original country is satisfied is in compliance with and has effectively implemented the FATF Recommendations. Enhanced customer due diligence 3.19 The FATF has identified higher risk areas where additional measures should be applied. There are specific recommendations relating to politically exposed persons, cross border correspondent banking and other similar relationships, and non face to face business relationships or transactions. For example, politically exposed persons institutions are expected to have appropriate risk management systems to determine whether the customer is a politically exposed person; obtain senior management approval for establishing business relationships with such customers; take reasonable measures to establish the source of wealth and source of funds; and conduct enhanced ongoing monitoring of the business relationship.
13 Use of third parties 3.20 The FATF state that countries may permit financial institutions to rely on intermediaries or other third parties to perform the identification and verification requirements provided that certain criteria are met. However where such reliance is permitted the ultimate responsibility for customer identification and verification remains with the institution relying on the third party. 3.21 Designated non-financial businesses and professions also may rely on third parties, provided the conditions in the Recommendation are met. 3.22 The criteria that should be met are that an institution relying on a third party should immediately obtain the necessary information concerning customer identification and verification. Institutions should take adequate steps to satisfy themselves that copies of identification data and other relevant documentation relating to the customer due diligence requirements will be made available from the third party upon request without delay; the institution should satisfy itself that the third party is regulated and supervised for, and has measures in place to comply with customer due diligence requirements in line with the FATF Recommendations on customer due diligence and record keeping.
14 3.23 It is left to each jurisdiction to determine in which countries and jurisdictions the third parties that meet the conditions can be based, having regard to information available on jurisdictions that do not or do not adequately apply the FATF Recommendations. Record keeping 3.24 The FATF extends to the designated non-financial businesses and professions the existing requirement that financial institutions maintain, for at least five years, all necessary records on transactions, both domestic or international, to enable them to comply swiftly with information requests from the competent authorities. Such records must be sufficient to permit reconstruction of individual transactions (including the amounts and types of currency involved if any) so as to provide, if necessary, evidence for prosecution of criminal activity. 3.25 All institutions should be required to keep records on the identification data obtained through the customer due diligence process (e.g. copies or records of official identification documents like passports, identity cards, driving licences or similar documents), account files and business correspondence for at least five years after the business relationship is ended. 3.26 The identification data and transaction records should be available to domestic competent authorities upon appropriate authority. Unusual transactions 3.27 The FATF requires that all institutions pay special attention to all complex, unusual large transactions, and all unusual patterns of transactions which have no apparent economic or visible lawful
15 purpose. The background and purpose of such transactions should, as far as possible, be examined, the findings established in writing, and be available to help competent authorities and auditors. 4. Comparisons Between the FATF Revised Forty Recommendations and the Basel Committee Paper on Customer Due Diligence on Banks 4.1 Overall the FATF Revised Recommendations equate well with the Basel CDD paper. This is not surprising because the FATF in undertaking the review based their work on customer due diligence on the Basel paper. What differences occur arise partly from the fact that the FATF is concerned with money laundering whereas Basel is concerned with prudential supervision; the FATF is covering nonbank financial institutions and also non-financial institutions whereas the Basel Committee is solely concerned with banks; and the FATF has faced greater difficulties in obtaining a political consensus. 4.2 Customer Due Diligence - There is a greater emphasis on risk sensitivity in the FATF Revised Recommendations than in the CDD paper. Whereas in the CDD paper the emphasis is on minimum standards which are then supplemented for higher risk; in the case of the FATF Revised Recommendations there are opportunities for simplified measures for low risks as well as a requirement for enhanced due diligence for higher risk categories. However, some of the simplified measures that are identified by the FATF for example, in respect of pooled accounts - are mirrored in the CDD paper.
16 4.3 Timing of Verification - The FATF is somewhat looser than the CDD paper on the issue of the timing of verification in relation to the establishment of a business relationship. The CDD paper states that the identity of a new customer should be satisfactorily verified before a banking relationship is established (para 21) but also states (para 28) that if problems of verification arise when an account has been opened, which problems cannot be resolved, the bank should close the account and return the monies to the source from which they were received. 4.4 Higher Risk Areas - On the higher risk areas of PEPs, correspondent banking and non face to face business, the FATF Revised Recommendations and the CDD paper are generally in parallel. 4.5 Third Parties/Introducers - Both the FATF and Basel accept the idea of third parties/introducers, providing they are of a required standard, but the FATF Revised Recommendations depart from the CDD paper in the treatment of documentation. Whereas the CDD paper states that all relevant identification data and other documentation relating to the customer s identity should be transferred by the introducer to the receiving institution immediately, the FATF Revised Recommendations say that the relevant documentation should be made available from the third party upon request without delay and there is no immediate requirement to transfer the documentation. Both Basel and the FATF indicate that a financial institution relying on a third party should immediately obtain the necessary information concerning the identification and verification process. It is only in respect of the passing of the original documentation that the FATF takes a more relaxed view than the Basel Committee.
17 4.6 Other Matters On existing customers and record keeping the FATF Revised Recommendations and the CDD paper appear to be in parallel. 4.7 The Basel Committee Cross Border Banking Working Group has taken the view that there was nothing in the FATF Recommendations that calls for a revision of the Basel paper. When the Basel paper was produced in 2001 it had been thought that the FATF Revised Recommendations would refer to a higher standard than that presented by the Basel Committee but this has not been the case. The Basel Committee believe that any differences between the CDD paper and the FATF Revised Recommendations should be seen as a function of the different scope of the Revised Recommendations and the Basel paper. 5. Reporting of Suspicious Transactions (Recommendation 13-16) 5.1 The recommendations relating to the reporting of suspicious transactions apply to all financial institutions, and to designated nonfinancial businesses and professions subject to certain qualifications. 5.2 For lawyers, notaries and independent legal professionals, and accountants, the requirement to report is only in respect of suspicious transactions when, on behalf of or for a client, they engage in a financial transaction in relation to the same activities that are covered by the customer due diligence and record keeping requirements.
18 5.3 Countries are strongly encouraged to extend the reporting requirement to the rest of accountants professional activities including auditing. 5.4 In the case of trust and company service providers they are required to report suspicious transactions when, on behalf of or for a client, they engage in a transaction in relation to activities that are listed in a glossary attached to the recommendations. 5.5 The FATF recommend that institutions, their directors, officers and employees should be prohibited by law from disclosing the fact that an STR or related information is being reported to the Financial Intelligence Unit. 6. Regulation and Supervision (Recommendations 23-25) 6.1 The FATF recommends that countries should ensure that financial institutions are subject to adequate regulation and supervision and are effectively implementing the FATF recommendations. Competent authorities also should take the necessary legal or regulatory measures to prevent criminals or their associates from holding or being the beneficial owner of a significant or controlling interest or holding a management function in a financial institution. 6.2 Countries are asked to ensure that designated non-financial businesses and professions are subject to effective systems for monitoring and ensuring their compliance with requirements to combat money laundering and terrorist financing. This should be performed on a risk sensitive basis.
19 6.3 The competent authorities are expected to establish guidelines and provide feedback which will assist financial institutions and designated non-financial businesses and professions in applying national measures to combat money laundering and terrorist financing, and in particular to detect and report suspicious transactions. 7. Institutional and Other Measures Necessary in Systems for Combating Money Laundering and Terrorist Financing (Recommendations 26-34) 7.1 The FATF recommends that countries should establish a Financial Intelligence Unit. Countries are also expected to ensure that designated law enforcement authorities have responsibility for money laundering and terrorist investigations. 7.2 When conducting investigations of money laundering and underlying predicate offences countries are expected to be able to obtain documents and information for use in those investigations, and in prosecutions and related actions. 7.3 Supervisors are expected to have adequate powers to monitor and ensure compliance by financial institutions with requirements to combat money laundering, including the authority to conduct inspections. 7.4 Each country is expected to provide all its competent authorities involved in combating money laundering and terrorist financing with adequate financial, human and technical resources. 7.5 The FATF Revised Recommendations include two recommendations relating to transparency of legal persons and arrangements.
20 7.6 Countries are expected to take measures to prevent the unlawful use of legal persons by money launderers. In particular, countries should ensure that there is adequate, accurate and timely information on the beneficial ownership and control of legal persons that can be obtained or accessed in a timely fashion by competent authorities. 7.7 On bearer shares the FATF recommends that countries that have legal persons that are able to issue bearer shares should take appropriate measures to ensure that they are not misused for money laundering and be able to demonstrate the adequacy of these measures. 7.8 Countries are expected to take measures to prevent the unlawful use of legal arrangements such as express trusts by money launderers. In particular, countries should ensure that there is adequate, accurate and timely information on express trusts, including information on the settlor, trustee and beneficiaries, that can be obtained or accessed in a timely fashion by competent authorities. 8. International Cooperation (Recommendations 35-40) 8.1 Countries are expected to rapidly, constructively and effectively provide the widest possible range of mutual legal assistance in relation to money laundering and terrorist financing investigations, prosecutions and related proceedings. 8.2 In addition countries are expected to ensure their competent authorities provide the widest possible range of international cooperation to their foreign counterparts.
21 8.3 Where the ability to obtain information sought by a foreign competent authority is not within the mandate of its counterpart, countries are also encouraged to permit a prompt and constructive exchange of information with non-counterparts. 8.4 Countries should also establish controls and safeguards to ensure that information exchange by competent authorities is used only in an authorised manner, consistent with their obligations concerning privacy and data protection. Colin Powell Chairman Jersey Financial Services Commission June, 2003