Anti-Money Laundering and Counter Financing to Terrorist (AML/CFT) Workshop Series: AML Compliance Policies / Programme within a company Natalia Seng Chief Executive Officer China & Hong Kong Tricor Group / Tricor Services Limited 6 October 2014 Outline - Introduction - Adoption of policy and controls in relation to financial crime prevention - What should a policy statement include? - Risk Management - Implementing Risk Management Policies and Guidelines - Managing and mitigating the risks - Examples of risk-based control procedures - Customer Due Diligence (CDD) / Enhanced Due Diligence (EDD) - Politically-Exposed Persons (PEPs) - Agreeing to our respective responsibilities in writing - Ongoing monitoring of clients in a business relationship - Shell companies / Club, societies and charities - Trust and nominee accounts - Intermediaries - Staff awareness and training - Record keeping - Reporting suspicious transactions - Suspicious activity indicators - STR reporting process - What happens after Internal Report? 1 (Incorporated in Hong Kong with limited liability by guarantee) (All rights reserved) 1
Introduction As a leading global professional provider, Tricor Services Limited ( Tricor ) operates in a demanding and sometimes litigious environment Effective risk management enables us to understand, identify and manage these risks e.g. money laundering and other financial crimes Tricor employees, from our newest recruits to our executive directors and senior management are given frequent training and/or update on risk management to control and protect Tricor s reputation and financial resources Professional service providers e.g. accountants, trust and company service providers ( TCSPs ) and lawyers face risks entering into an inappropriate business relationship with a person or entity Tricor adopts relevant risk management policies and programmes 2 Adoption of policy and controls in relation to financial crime prevention Senior executives are responsible for ensuring that the company s policies and procedures are designed and operate effectively to manage the risk of the business being used for financial crime Systems of internal control should include: - Identification of senior management responsibilities - Provision of regular and timely information to senior management on money laundering and terrorist financing risks - Training of relevant employees on the legal and regulatory responsibilities - Documentation of the company s Anti-Money Laundering ( AML ) and Counter-Terrorist Financing ( CTF ) risk management policies and procedures 3 (Incorporated in Hong Kong with limited liability by guarantee) (All rights reserved) 2
What should a policy statement include? Recognition of the importance of staff promptly reporting their suspicions internally to Management Culture and values to be adopted and promoted within the business towards the prevention of money laundering and terrorist financing Commitment to ensuring all relevant staff are trained and made aware of the law and their obligations under it, and to establishing procedures to implement these requirements in line with legislation In Hong Kong legislation dealing with money laundering and terrorist financing includes: - Anti-Money Laundering and Counter Terrorist Financing (Financial Institutions) Ordinance (AMLO) - Drug Trafficking (Recover of Proceeds) Ordinance (DTROP) - United Nations (Anti-Terrorism Measures) Ordinance (UNATMO) 4 Risk Management The provision of any professional service involves a degree of risk and exposure Reputation risk: Sub-standard work or poorly managed risk issue may damage reputation. Once tarnished, reputation is not easily regained Financial risk: It is in the interest of a company to manage potential risks in order to ensure financial security Stringent policies and guidelines must be in place for identification, assessment, control, reporting, monitoring and mitigation of risk Tricor has established risk management policies and guidelines to be adhered to by all employees Guidance and management by our Legal and Compliance and Risk Management Department 5 (Incorporated in Hong Kong with limited liability by guarantee) (All rights reserved) 3
Implementing Risk Management Policies and Guidelines Assessing the suitability of the client - Who is/are the potential client, are they a person/people of integrity? - Are there any conflicts of interest and concerns over the client s background, business, source of funds or other reservations - What are the risks in accepting the client? - Is a risk posed by a client s behaviour? - How does the way the client comes to the business affect the risk? - What risk is posed by the services the customer is using? 6 Managing and mitigating the risk Application client due diligence measures to verify the identify of clients and any beneficial owners Obtaining additional information on higher-risk clients Conducting ongoing monitoring of the transactions and activity of clients with who there is a business relationship Having systems to identify and scrutinise unusual transactions and activity to determine whether there are reasonable grounds to suspect money laundering or terrorist financing 7 (Incorporated in Hong Kong with limited liability by guarantee) (All rights reserved) 4
Examples of risk-based control procedures Requiring photographic ID evidence and third party assurance More extensive due diligence checks, e.g. source of funds for higher risk clients Varying the level of monitoring of client transactions and activities according to identified risk that may be unusual or suspicious - Executives must decide what checks and controls are appropriate to address the risks that they have identified within their business activities - Employees need to be vigilant and use their experience and common sense when applying the company s riskbased criteria and rules 8 Customer Due Diligence (CDD) Regulations require companies to: - Identify their customers and verify their identity - Identify where applicable, the beneficial owner * involved in the business or transaction - For business relationships, obtain information on the purpose and intended nature of the business relationship * In the case of trusts, companies and other legal entities, the business must be satisfied that ownership and control structures are understood Enhanced Due Diligence (EDD) Regulations require companies to apply EDD: - When the client has not been physically present for identification purposes - In respect of a business relationship or occasional transaction with a politically exposed person (PEP) - In any other situation which by its nature presents a higher risk of money laundering 9 (Incorporated in Hong Kong with limited liability by guarantee) (All rights reserved) 5
Politically-exposed persons (PEPs) Increased risk in entering into business relationships with individuals holding important public positions PEPs are those entrusted with prominent public functions e.g. heads of state, government, senior politicians, judicial or military officials, senior political party officials etc. Risk factors when conducting a business relationship with PEPs: - The country where they are from, taking into account their position(s) - Any unexplained sources of wealth or income - Expected receipts of large sums from governmental bodies or stateowned entities - Any sources of wealth described as commission earned on government contracts - Requests by them to associate any form of secrecy with a transaction 10 Agreeing to our Respective Responsibilities in Writing Tricor s Letter of Engagement ( LOE ), with our standard Terms of Business ( TOB ) is our contract with a client The basic components of the LOE: - Terms of Business - Parties to the contract - Authorized persons and their specimen signatures - Reporting - Scope of work - Respective responsibilities - Disclaimer and liability capping - Fees - Applicable law 11 (Incorporated in Hong Kong with limited liability by guarantee) (All rights reserved) 6
Ongoing monitoring of clients in a business relationship Companies must conduct ongoing monitoring of their business relationships with their clients to identify unusual activity: - Scrutiny of transactions to ensure they are consistent with the company s knowledge of the client, their business and risk profile - Ensuring that the documents, data or information held evidencing the client s identify are kept up to date Monitoring requirements: - Flagging transactions and/or activities for further examination - These reports are reviewed promptly by the right person(s) - Appropriate action is taken on the findings of any further examination 12 Shell companies Legal entities with no business substance Common tool for money laundering and other financial crimes Cheap and easy to set up and operate Lack of transparency Clubs, Societies and charities Must be satisfied that the organisation s purpose is legitimate e.g. need to establish a charity s bona fides People who control it Source of income and/or donations 13 (Incorporated in Hong Kong with limited liability by guarantee) (All rights reserved) 7
Trust and nominee accounts A trust is not a separate legal entity Can be a legitimate way of protecting property and assets but can also be used to conceal true beneficial owner of criminal acts Client who undertakes a transaction on behalf of another person without sufficient identification of the trust or nominee capacity Further inquiries as to underlying principals and nature of the trust and its purpose Require a copy of the trust deed to understand the trust and identifies of the trustees, the settlor and beneficiaries 14 Intermediaries Clients can be introduced by third parties e.g. law firms, accountants etc Before relying on an intermediary in performing the Customer Due Diligence ( CDD ) on a client, the following should be satisfied: - That the intermediary s CDD procedures are as stringent as your own - That the intermediary s CDD systems are reliable - That you will be permitted to verify the intermediary s CDD at any stage 15 (Incorporated in Hong Kong with limited liability by guarantee) (All rights reserved) 8
Staff awareness and training All client facing staff will require frequent and sufficient training in recognising and handling suspicious transactions Executives and nominated officers involved in ongoing monitoring of business relationships and other internal procedures will receive training and updates in respect of Anti-Money Laundering ( AML ) and Counter-Terrorist Financing ( CTF ): - Potential effect on the company, its employees and its clients - Risks of money laundering and terrorist financing - Policies and procedures that have been put in place to reduce and manage risks - How to recognise potential suspicious activity - Whom to report the potential suspicious activity 16 Record keeping Records that must be kept are: - Copy of, or references to the evidence of the client s identity obtained under Customer Due Diligence ( CDD ) requirements - Supporting records in respect of the business relationship which are subject of CDD measures or ongoing monitoring - Transaction and business relationship records e.g. relevant correspondence, receipts, cheques to compile a satisfactory audit trail - Records must be kept for a minimum period according to statutory compliance 17 (Incorporated in Hong Kong with limited liability by guarantee) (All rights reserved) 9
Reporting Suspicious Transactions Employees have an obligation to report suspicious transactions (i.e. from internal company policy and laws of HKSAR) Suspicious Transaction Reports ( STRs ) should be made to the Joint Financial Intelligence Unit ( JFIU ) Their role is not to investigate suspicious transactions but to receive, analyse and store these reports and to disseminate them to the appropriate investigative unit Failing to report may lead to prosecution carrying a maximum penalty of 3 months imprisonment and HK$50,000 fine 18 Suspicious activity indicators The Narcotics Division of HKSAR Security Bureau published the following indicators for accountants and TCSPs: Examples of indicators for TCSPs (list is not exhaustive) 1. Multi-jurisdictional and/or complex structure of corporate entities and/or trusts established without valid grounds 2. Payments (local or foreign) made or received without a clear connection to the actual activities of the corporate entity 3. Use of off-shore bank accounts without legitimate economic necessity 4. Client unwillingness or refusal to provide information or documentary proof on himself/beneficial owners of trusts/companies 5. Sources and/or destinations of funds unknown 19 (Incorporated in Hong Kong with limited liability by guarantee) (All rights reserved) 10
STR Reporting Process Where employees observe that one or more Suspicious Activity Indicators are present, have to report this to members of the Management A report shall include the grounds of suspicion and as much information regarding the suspicious activity For employees below Manager grade, reporting of suspicious circumstances may also be made to his/her Manager-in-charge Where a report is made other than to the Compliance Officer ( CO ), the person receiving the report shall immediately inform the CO who will coordinate with the Joint Financial Intelligence Unit ( JFIU ) as appropriate 20 What happens after Internal Report? On receipt of a report, the Compliance Officer ( CO ) will inform our CEO and our Group CE/MD and record the matter in the Register of Claims and Reports It is an offence to disclose any information that reveals a Suspicious Transaction Report ( STR ) that has been made to Joint Financial Intelligence Unit ( JFIU ) or the identity of the person who reports the suspicious activity Employees may not necessarily be notified of the actions taken by the CO following internal investigations. All STRs to the JFIU are kept strictly confidential 21 (Incorporated in Hong Kong with limited liability by guarantee) (All rights reserved) 11
Thank you Natalia Seng Chief Executive Officer China & Hong Kong Tricor Group / Tricor Services Limited Telephone number: 2980 1633 Email: natalia.seng@hk.tricorglobal.com Website: www.tricorglobal.com 22 (Incorporated in Hong Kong with limited liability by guarantee) (All rights reserved) 12