DFSA Annual Supervision Outreach Breakout Group # 3 Financial Crime Risks 25 June 2018
Breakout Group 3 - Agenda Opening Comments - Lawrence Paramasivam Director, Supervision General updates from the Financial Crime Team - Sara M. Bin Kalban Associate Director, Supervision Update from Policy in relation to CP118 & CP 120 - Elisabeth Wallace Senior Manager, Policy & Strategy Market Abuse - Wael El-Nagar Senior Manager, Markets Annual AML Return 2017 Findings - Sean Higgins Senior Manager, Supervision Closing remarks - Sara M. Bin Kalban Associate Director, Supervision
General Updates From The Financial Crime Team Sara M. Bin Kalban Associate Director, Supervision
Financial Crime Priorities 2018/2019 Preparation for the upcoming FATF Mutual Evaluation in 2019 Risk Based Supervision of Authorised Firms and DNFBPs annual AML Return AML focused risk assessments sectoral reviews Implementation of AML Rule Changes Sanctions compliance FATCA & CRS reporting through the DIFC Registrar of Companies
Overview of the FATF Mutual Evaluation Process The FATF Mutual Evaluation will be based on the FATF 40 Recommendations of 2012 and The Methodology for Assessing Technical Compliance with the FATF Recommendations and the Effectiveness of the AML/CFT System of 2013. The FATF 40 Recommendations of 2012 have seven themes: AML/CFT Policies and Coordination Money Laundering and Confiscation Terrorist Financing and Financing of Proliferation Preventive Measures Transparency and Beneficial Ownership of Legal Persons and Arrangements Powers and Responsibilities of Competent Authorities and Other Institutional Measures International Cooperation
FATF 2013 Methodology The FATF 2013 Methodology is used for assessing technical compliance with the FATF Recommendations and the effectiveness of AML/CFT systems and controls. It stems from the high level objective which is Financial systems and the broader economy are protected from the threats of money laundering and the financing of terrorism and proliferation, thereby strengthening financial sector integrity and contributing to safety and security. Technical Compliance Focus on implementation of FATF recommendations in terms of laws, regulations and powers/procedures of institutions. A five scale rating systems being: Compliant (C), Largely Compliant (LC), Partially Compliant (PC); Non-Compliant (NC); and Not Applicable Effectiveness Assessment On-site assessment focussing on 11 immediate outcomes which focus on results. It affects multiple competent authorities and private sector. It involves substantial complex analysis. A four scale system being: High Effectiveness (HE), Substantial Effectiveness (SE), Moderate Effectiveness (ME); and Low Effectiveness (LE)
FATF Preparation Process The UAE will be subject to joint FATF-MENAFATF Mutual Evaluation in June/July 2019. In Mid-2017, the UAE s National Anti-Money Laundering and Combating Financing of Terrorism Committee (NAMLCFTC) has engaged a team of AML/CFT Experts to assist in the preparation process. As per the provided mandate, the Experts Team will be providing legal, technical and all other relevant assistance in preparation for the Mutual Evaluation.
Schedule and preparation of the UAE Preparation with the Expert Team commenced in September 2017. The UAE (including the DIFC) is currently working on three key work streams being: National Risk Assessment Technical Compliance self-assessment Effectiveness Compliance self-assessment The submission to the FATF-MENAFATF Assessors will be as follows: Technical Compliance questionnaire & National Risk Assessment: Q4 2018 Effectiveness questionnaire: early Q1 2019 Discussion of Mutual Evaluation Report at the Plenary is expected to take place in 2020.
Update from Policy in Relation to Recent AML Consultation Papers Elisabeth Wallace Senior Manager, Policy and Strategy
Consultation Paper 118 & Consultation Paper 120 CP 118 published in February and closed in March dealt with: clarifications of the DFSA s AML remit in the DIFC; and changes to deal with DFSA powers relating to DNFBPs CP 120 published in April and closed in May dealt with: changes to align our regime with FATF recommendations including: Customer Due Diligence (CDD) FATF Recommendation 10; Record Keeping FATF Recommendation 11; New Technologies FATF Recommendation 15; Wire transfers - FATF Recommendation 16; Reliance on third parties FATF Recommendation 17; Internal controls and foreign branches and subsidiaries FATF Recommendation 18; Higher risk countries FATF Recommendation 19; and Transparency and beneficial ownership of legal arrangements FATF Recommendation 25. Next steps changes to the Regulatory Law and AML Module to come into force in Q3 2018
Market Abuse Wael El-Nagar Senior Manager, Markets
DIFC Markets Law - Application The market abuse prohibitions are set out in DIFC Markets Law, Articles 54 63 and they prohibit any person from engaging in of the activity noted under Art 54-63. The market abuse prohibitions apply to: A person: an entity or an individual, regulated or not In the DIFC or elsewhere i.e. applies to a person that is physically located in another jurisdiction (provided it affects DIFC markets or users of DIFC markets) Directly or indirectly Investment, related investment
Therefore it follows that The Markets Law applies to Recognised Members and Authorised Firms in respect of conduct relating to Investments (not just those admitted to trading)
What is Market Abuse? 8 Provisions under the Markets Law 1. Fraud and market manipulation 2. False or misleading statements 3. Use of fictitious devices and other forms of deception 4. False or misleading conduct and distortion 5. Insider dealing 6. Providing Inside Information 7. Inducing Persons to deal 8. Misuse of information
Prohibitions against Market Abuse and Financial Crime GEN Rule 5.3.20 requires an Authorised Person to establish and maintain systems and controls that ensure, as far as reasonably practical, that the Authorised Person and its employees do not engage in conduct, or facilitate others to engage in conduct, which may constitute market abuse, whether in the DIFC or elsewhere; or a financial crime under any applicable U.A.E. law:
Notification of Suspected Market Abuse GEN Rule 11.10.12A requires an AF to notify the DFSA immediately if it: receives an order from a client, or arranges or executes a transaction with or for a client; and has reasonable grounds to suspect that the order or transaction may constitute market abuse under Part 6 of the Markets Law The notification must specify: sufficient details of the order or transaction; and the reasons for the AF suspecting that the order or transaction may constitute market abuse
Notification of Suspected Market Abuse (cont d) An AF must not inform the client, or any other person involved in the order or transaction, of a notification under this Rule If an AF reasonably suspects that a client's order or transaction may constitute market abuse under the laws in another jurisdiction, it will also need to consider if it needs to notify the regulator in that other jurisdiction (under any corresponding obligation to notify). If an AF becomes aware that the firm itself, or an employee of the firm, (rather than a client) has engaged in conduct that may constitute market abuse in the DIFC or elsewhere, it has a separate obligation to notify the DFSA under Article 67 of the Regulatory Law and GEN Rule 11.10.7.
Annual AML Return 2017 Findings Sean Higgins Senior Manager, Supervision
The Annual AML Return The DFSA is committed to combating money launderers, terrorist financiers and other financial criminals and is also committed to demonstrating effective compliance with the 40 Recommendations of the Financial Action Task Force. Bryan Stirewalt Managing Director Supervision DFSA Similarly, collecting better data and using that data efficiently is a key objective of the DFSA. The AML Return brings each of these objectives mentioned above together in our effort to gather data more efficiently and use that data is a way that helps us achieve compliance with global standards for combating financial crime.
The Annual AML Return 600 500 400 300 279 200 100 0 339 445 2014 2015 2016 2017 546 Number of Returns submitted to the DFSA As the DIFC grows, we will continue to evolve this tool to allow us to assess Relevant Persons compliance with their AML/CFT and sanctions compliance.
Annual AML Return Structure There are a number of factors that are key differentiators in the highest performing compliance and AML programmes and these were included in the annual AML return structure. These are considered to be: Senior Management Governance Tone at the top Risk Assessments and Customer Due Diligence Reliance and Outsourcing Audit (applicable to Authorised Firms) Correspondent Banking (applicable to Authorised Firms) Sanctions and other international obligations AML training and awareness MLRO notifications and Suspicious Activities Reports
Presentation Overview The presentation will cover the findings of 5 main topics being: Senior Management Governance AML Business Risk Assessments Suspicious Activities and Transactions Audit (applicable to Authorised Firms) AML Training During the course of the presentation, we will have a number of survey questions related to the topics under discussion. In order to participate in the survey, you will need to download the DFSA app and access the survey link via the events page.
Topic 1 : Senior Management Governance The first ingredient of a world class compliance and AML programme is the right tone at the top. The tone at the top sets a firm s Board guiding values and ethical climate. It is the ethical glue that binds everything together.
Total Respondents 546 Senior Management Participation in AML: Findings From The AML Return The AML Return sought to understand how Senior Management carry out their AML responsibilities. The findings are as follows: Discuss AML at Board Meetings 78% Participate in AML compliance reviews 82% Participate in AML business risk assessments 90% Approve high-risk customers 68% 497 Approve policies and procedures 91% Approve high-risk transactions 46% Senior Management involvement is critical
Survey Question 1 Q: How are AML/CFT policies and controls communicated to senior management and staff? a Through AML training Through circulated directives or guidelines Through embedded compliance staff in business lines Through being integrated in the firm s dayto-day activities?
Topic 2: AML Business Risk Assessments Step 1 Identify your risks Step 6 Revisit your AML risks annually Step 5 Assess risk potential & impact AML Business Risk Assessment Process Step 4 Identify controls & reduce risks Step 2 Create your risk library Step 3 Identify your risk owners
Total Respondents 546 The AML Business Risk Assessment: Findings From The AML Return The AML Return sought to note the vulnerabilities that Relevant Persons take into account when identifying and assessing AML/CFT and sanctions risk. The findings are as follows: Type of customer & their activities 97% The countries or geographic areas in which it does business 98% Products, services & activity profile 94% Distribution channels & business partners 86% Complexity & volume of transactions The use of new or developing technologies for new/existing products 61% 84% Which of these returns should be at 100%? Development of new products & business practices 70% 70%
Key Message: AML Business Risk Assessments Keep your AML Business Risk Assessment (BRA) up to date. AML risks change over time; circumstances change, the firm changes and threats evolve. You should consider how your policies and procedures adapt to emerging risks, i.e. how do you stay up to date? Adopting an AML BRA can never eradicate all risks; the firm and your staff should exercise constant vigilance. Your AML BRA is a living document, ever changing with rules or guidelines for its modification.
Survey Question 2 Q: What is your biggest challenge in keeping your AML Business Risk Assessment robust? Difficulty in capturing and priortising relevant risks Difficulty in measuring risks Difficulty in getting a buy-in from senior management Difficulty in understanding regulatory expectations?
Topic 3:Suspicious Activities And Transactions Relevant Persons are part of an intelligence chain. The Federal AML Legislation and the DFSA Module requires Relevant Persons where there is a suspicion or reasonable grounds to suspect that funds are the proceeds of criminal activity, or are related to TF, to make a report to the Financial Intelligence Department. Transactions and attempt transactions, regardless of amount, must be reported as soon as practicable after reasonable grounds for suspicion are formed.
Suspicious Activities and Transactions: Findings From The AML Return Internal Notifications External Reporting 88% of Relevant Persons reported no internal suspicious transaction or activity notifications 90% of Relevant Persons did not file an SAR with the FID.
Suspicious Activities And Transactions: Findings From The AML Return Number of SARs lodged with FID versus notifications received by the DFSA 57 56 55 54 53 52 51 50 49 48 Lodged an SAR with FID Submitted a notification to the DFSA Reminder: Relevant Persons are required to notify the DFSA following the submission of an SAR with the FID.
Survey Question 3 Q: What challenges are you facing filing SARs? Uncertain about criteria for filing Unsure how to file an SAR FID portal Limited or non existent staff notifications All of the above?
Topic 4: Audit Your firm s third line of defence for AML risk is provided by your internal audit. Tasked by, and reporting to the board / audit committee, it provides an evaluation, through an AML risk-based approach, on the effectiveness of governance, risk management, and internal control to your firm s senior management. It can also give assurance to sector regulators and external auditors that appropriate controls and processes are in place and are operating effectively.
Audit: Findings From The AML Return Total Respondents 546 The AML Return sought to capture the date an Authorised Firm s audit function last conduct a review of its AML policies, procedures, systems and controls. The findings are as follows: 2017 44% 2016 20% 495 2015 6% 2014 3% 497 2013 1% Before 2012 1% 3rd line of defence Stated scheduled for 2018 or left blank 25%
Topic 5: AML training AML training is a vital element in mitigating risk for a firm s exposure to money laundering, terrorist financing and meeting sanctions obligations. The DFSA requires under the AML Rulebook 12.1.1 that Relevant Persons provide AML training to all relevant employees on regular intervals and as soon as reasonable practicable after commencing employment. It must be tailored to the relevant persons activities, including the firms products, services, Annually customers and channels. Whenever a significant event occurred. Rule change
AML Training: Findings From AML Return Total Respondents 546 When did the Relevant Person provide AML training to all relevant employees? Annually 86% As soon as reasonably practical following commencement of employment 82% Whenever a significant event occurred (e.g. Rule changes) 52%
Survey Question 4 Q: What challenges are you facing to meet the AML training needs of your firm? 1. The AML training is not specific to the particular business line of the firm 2. Staff availability 3. AML training is not at the same level as other financial crime training provided 4. Cost?
Annual AML Return: Key Take Away The 2017 annual AML Return was the first submission using the online forms system. Next year, the DFSA will have the opportunity for more comparable statistics and highlights. The results are reliant on the completeness of the response and the correctness of the information provided. Overall, the AML Return has identified good levels of overall adherence to regulatory obligations; however, there are key elements in the AML space that still need to be addressed. The DFSA will be focusing on this elements in its supervisory approach. In between times remember, people may hear your words, but will feel your attitude and see your actions. Lead by example.
QUESTIONS
Thank You