Thoroughly Modern Piggies

So tell me: what did you do this weekend?  Sit in the garden?  Sail to France?  Slap a few prawns on the barbie?  I did none of these: instead, I sat at my desk, surrounded by the new Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, wielding a red pen, and updated five piggy books.

But let’s start at the beginning.  On Friday I was minding my own business, writing an article, when an email came in announcing that HMT had put out a press release about the new Regs.  “Crack down on terrorist and criminal financing”, said the headline. “Terrorists and criminals will find it harder to move money through the UK financial system thanks to new rules coming into force on 26th July 2017.”  I did a double-take: July?  Had we missed the deadline by exactly a month?  Was it normal to bring out new Regs on a Wednesday?  Or was it a misprint?  I called everyone I could think of at HMT – barring Gladstone, the Treasury cat, who never gives much away – and eventually tweeted them.  After an exciting hour, it was confirmed that it was indeed a typo, and that we were all systems go for the MLD4-sanctioned deadline of 26 June.

As for the major changes, well, I don’t want to spoil your fun as you hunt for them yourselves, but there’s a lot about risk assessment (the government must do a national risk assessment, supervisory bodies must do sectoral risk assessments, and firms’ in-house risk assessments must take these external ones into account).  “Where appropriate with regard to the size and nature of the business” you must: appoint a Board member or similar senior person to be responsible for AML/CFT compliance (and give their name to your regulator); and establish an internal audit function to check your AML/CFT efforts.  If you can’t identify a beneficial owner, you must keep records of all your attempts to do so – I’m really not happy with this one.  There’s plenty of information about EDD – when it must and could be applied, what it must and might entail, etc.   And then there’s that change to record-keeping that I highlighted before, with one small alteration: if you’re looking at transaction records in the context of a client relationship, you must keep them for ten years, or for five years after the end of the relationship, whichever comes first.

The piggies, as I say, are all updated and raring to go – forgive the plug, but now that I’ve spent a whole weekend force-feeding them the new Regs, I want to see them flourish.  Thanks to the magic of print-on-demand publishing, there are no piles of old stock lying around – in a rather fairytale way, no piggy exists until someone orders him.  The link to the updated piggy for UK NEDs can be found here, and the updated four piggies for staff in the UK regulated sector (accountancy, banking, insurance and investment versions) can be found here.

Posted in AML, Legislation, Money laundering, Publications | Tagged , , , , , , , | 4 Comments

A reliability rating for Regs

I regularly visit Switzerland which, being such a lumpy little country, has a lot of weather – and many ways in which the weather can kill you (avalanches, mountain mists, tsunamis, etc.).  (I know you won’t believe me about the tsunamis, but it’s true.)  As a consequence, Swiss weather forecasts are very detailed, and as well as the usual indicators also feature a “fiabilité” rating – how reliable that forecast is.  So if it’s all very settled and not too far in the future, and the forecaster is just about certain that that’s what’s going to happen, it will get a 90% fiabilité score.  More changeable conditions will reduce the fiabilité, sometimes down to as low as 20%.  This is very handy, as it tells you how much to trust what is being forecast.

She’s lost the AML plot, I hear you cry – but my point is this.  Here in the UK we are currently in a strange limbo – and I’m not talking about Brexit and Mayhem.  On 15 March 2017 (beware the Ides…) the UK government published draft new Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.  MLD4 requires them to be in force by 26 June 2017.  The prudent MLRO will of course have looked at the new Regs, going through them with a red pen to pick out those points at which in-house procedures will need to be altered to meet the new standard.  But there’s many a slip ‘twixt cup and lip, as they say (“they” being the ancient Greeks), and I’m certainly not doing my own version of alterations (i.e. updating all my UK piggy books) until I see the final, approved, passed, signed, in-force Regs.

However, what I would really value is a fiabilité indicator for each major change.  I think we can take it as read (95% fiabilité) that the PEP definition is going to extend to bring in domestic PEPs.  But what about that rather troubling suggestion (in s28 of the draft Regs) that if it proves difficult to ascertain the beneficial ownership of a corporate client, it will be permissible to “treat the senior person responsible for managing the customer as its beneficial owner” as long as you have “exhausted all possible means of identifying the beneficial owner of the body corporate” and you “keep records of all the actions… taken to identify the beneficial owner”?  How likely is that to come in?  Personally I’m hoping for a negative fiabilité rating on that one, but we’ll have to wait and see.

And that’s my concern: waiting and seeing is not comfortable for MLROs, who by their nature are happiest with plans and details.  In-house procedures cannot be changed overnight, and the more notice that can be given, the better.

Posted in AML, Legislation, Money laundering | Tagged , , , , , | Leave a comment

It’s for you-hoo!

Apart from the days when I am out preaching the AML gospel, I work alone in an office above my garage.  Although this means that I get all the Jaffa Cakes and can break off to dance to ABBA’s “When I Kissed the Teacher” whenever I need to stretch and loosen my shoulders, it also means that I quickly fall out of touch with modern office manners.  And what has been on my mind recently is the use of the mobile phone.

When mobiles first became ubiquitous, people would bring them into AML training sessions but hide them: for some reason, they thought that I wouldn’t spot them fiddling around under the desk with their phones (at least, I hoped that’s what they were doing under there).  But now mobiles are brought in completely openly, placed brazenly on the desk, and picked up and consulted with impunity, which does rather discombobulate me.  I realise that some of the fault is mine: I should check with the MLRO beforehand, to ask about the in-house policy on phones in training sessions.  (Nowadays of course, in life outside work, it is perfectly acceptable to have your phone with you – and to check it at will – wherever you are: out with friends, in bed, in the cinema, on a date…  So we’re swimming against the tide here.)

That said, my concern is less about etiquette than about concentration.  I know we think we can multi-task, but actually we can’t.  The current fixation with mindfulness is the predictable outcome of a realisation that although we can do several things at once, it really means that we’re doing none of them well.  And – I would suggest – if you’re reading an email or surfing the web during a training session, you’re not listening to the trainer or processing what is said.  And where will it go next?  Actually, I know: in a recent training session, I had someone answer their phone (I’ve had this before) and then stay in the training room and have a loud conversation (that, I will admit, was a first).

So help me out here, those of you who work in offices: what is the expectation these days?  Phones in all meetings?  Can you check/surf/email/talk – or only some of those?  And do you find it enervating to try to do it all?  Would you actually find it a welcome relief to have a phone-free session?

Posted in AML, Training | Tagged , , , | 12 Comments

Now and forever

As regular readers will know, I have a great fondness for Guernsey.  It has a mild climate, lovely scenery, excellent food – and a rather admirable AML regime.  (That last bit doesn’t make it into the VisitGuernsey brochures or telly ads, but it matters a lot to me.)  In many respects, the Guernsey AML regime takes a more pragmatic, more workable and indeed more demanding approach than that of the UK.  But in one key area the Guerns have it wrong, and those who are reading this will know what I am going to say.  Yes, it’s their definition of PEPs.  Well, not the definition exactly, but rather their longevity.

As was first suggested by the Third Money Laundering Directive *wavy lines to suggest time shift back to 2005* and then confirmed by the Fourth one, PEPs can be de-PEPped when they have been out of power for a year.  Or, to put it in official terms: “Where a politically exposed person is no longer entrusted with a prominent public function by a Member State or a third country, or with a prominent public function by an international organisation, obliged entities shall, for at least 12 months, be required to take into account the continuing risk posed by that person and to apply appropriate and risk-sensitive measures until such time as that person is deemed to pose no further risk specific to politically exposed persons.”  Now I have talked before about how I don’t think a year is quite long enough, and how – if they’d bothered to ask me, which they didn’t – I would have advised, say, five years.  And I have also said that I think the Guernsey approach (shared by Jersey and the Isle of Man) is barking: in those three jurisdictions, it’s once a PEP, always a PEP, with only the shuffling off of the mortal coil putting an end to the EDD.

And so it was with feverish anticipation that I clicked on the draft amendment to Guernsey’s AML legislation that was issued last week for consultation.  I’m leaving the real excitement of a close read and a red pen mark-up until Friday (I used to be a schoolteacher, and always have a red pen to hand) but I couldn’t resist a peek at the PEPs.  In all honesty, I had fully anticipated the ditching of the eternal PEP – but then I thought we’d vote Remain and that the Americans would choose Clinton.  And indeed my unerring streak of mis-prediction continues, for there it is in the draft amendment: “’politically exposed person’ means… a person who has, or has had at any time, a prominent public function…”  I may need a really thick red marker for this one.

Posted in AML, Due diligence, Legislation | Tagged , , , , , , , , | 9 Comments

A fine fortnight

What else could I blog about today but the seemingly daily fines on financial institutions for AML failings?  Here’s what has happened (you can see the links to all of these stories on the Newsroom page of my website):

  • 22 May: Citicorp agrees to pay US authorities US$97.4 million [about £75.7 million] in settlement of an AML enquiry into the activities of its unit that dealt with Mexican remittances
  • 30 May: the Monetary Authority of Singapore fines Credit Suisse and United Overseas Bank a total of S$1.6 million [about £900,000] for AML failings around the 1MDB theft, while the US authorities fine Deutsche Bank US$41 million [about £32 million] for AML failings, AND the Irish authorities fine Bank of Ireland 3.15 million euros [about £2.75 million] for – you guessed it – AML failings
  • 2 June: the French authorities fine BNP Paribas 10 million euros [about £8.7 million] for (all together now) AML failings

Now either these regulators are planning maHOOsive summer picnics, or there is something going on.  Looking at the detail of the findings (and there’s not much visible to the outsider), common themes are: weaknesses in conducting initial CDD; insufficient monitoring of potentially suspicious transactions; and failing to make timely SARs.  The general picture seems to be that the institutions became so focused on profitable/critical business that they failed to spot atypical transactions and activity and – if they do spot it – they fail to report their concerns to the authorities.

As we gird our loins to deal with the obligations of MLD4 (only nineteen days away now) before taking a breath and starting to consider the even-more-complex potential of MLD5, it is worrying to read that so many institutions – large, important, established, international institutions – are still struggling with the absolute basics: keep an eye on your clients and react if they do something odd.

Posted in AML, Due diligence, Money laundering | Tagged , , , , | 1 Comment

From little acorns

I work regularly in the UK and four UK-related jurisdictions, and for those five I take pains to learn their AML legislation, regulation and guidance.  When it comes to the other jurisdictions of the world and their AML regimes, I take a passing interest.  And in my most recent passing, I have spotted something of a trend: extension and expansion.  Countries are taking their existing AML legislation and extending it.

India, for instance, recently announced that it is going to extend its current AML requirements – CDD, record-keeping and the like – to what they call “property dealers”.  They have taken this decision after a 2016 study into irregularities in the real estate sector revealed that an estimated 5.7 lakh crore rupees [that’s 5.7 trillion rupees, or about £68.5 billion] of criminal money had been used to buy property.

In Taiwan they are – perhaps unsurprisingly – more concerned about the financial misdoings of PEPs.  And there they have decided that at the end of June 2017 their AML legislation will expand to require EDD to be conducted not only on retired as well as current PEPs (which was the original suggestion for an amendment) but also the friends, family and lovers of PEPs.  Taiwan is a conservative society, and the idea of digging into the private lives of PEPs has caused quite a stir.

And now I read that the Philippine Congress has had enough of criminals laundering money through the country’s gambling sector – notably US$81 million stolen in 2016 from the Bangladeshi central bank in a “cyber-heist” – and has voted in an amendment which adds casinos to its AML family.  This comes just ahead of a deadline set by the Asia/Pacific Group on Money Laundering (the FATF-style regional body that had expressed concerns on the matter) – and just in time for the July opening of an understated new casino resort in Manila by Japanese gaming magnate Kazuo Okado.

Posted in AML, Legislation, Money laundering | Tagged , , , , , , , , , , , | Leave a comment

Adiós a la Cara de Piña

Panama has been in the news recently for its Papers, but long before then we had Noriega (or “Old Pineapple Face”, as his braver countrymen called him – behind his back, of course).  Indeed, when I started out as a baby AML trainer, Manuel frequently featured as one of my cautionary tales (novelist Catherine Aird probably said it best: “If you can’t be a good example, then you’ll just have to be a horrible warning.”).  And today we hear that Noriega has died in hospital in Panama City, from complications following an operation on a brain tumour.

Manuel was one of those worrying PEPs who start out as friends and then abuse their position to such an extent that photos of them shaking hands with the political great and good later become an embarrassment.  His story also illustrates the deals that are sometimes done with the devil: from the 1950s, Noriega proved such a useful source of intelligence to the CIA that they were willing to overlook his thriving cocaine trafficking business.  But then he outgrew their control.  In 1983 he seized power during a military coup and assumed absolute power as a dictator, until the Americans unseated him in 1989 when they launched what they called (very American, this) “Operation Just Cause” and sent in 28,000 troops.  Anticipating Julian Assange, Noriega hid in the Vatican’s diplomatic mission in Panama City – but the Americans flushed him out by playing deafening pop and heavy metal music non-stop outside, and whisked him off to the US in April 1992 to face charges of drug trafficking, racketeering and money laundering (mainly through the late and not-much-lamented BCCI).  On 16 September 1992 he was sentenced to forty years in prison (reduced on appeal to thirty).

The French joined the queue, asking for him to be sent there to serve sentences for convictions in absentia for murder (1995) and money laundering (1999 – using US$3 million of drug proceeds to buy luxury apartments in Paris).  Noriega arrived in Paris in April 2010, faced the retrial that is mandated in France for any conviction in absentia, and was jailed for seven years.  He was granted a conditional release in September 2011 and returned to Panama three months later to serve twenty years in El Ranacer prison (held by many to be one of the worst prisons in the world – although Noriega’s quarters had aircon, TV and computer access, and daily visits from a doctor).  Very roughly, he spent the first 51 years of his life free, and the last 28 in prison.

In the summer of 2015 Noriega made a televised appeal to Panamanians, asking for forgiveness and appealing for early release: “I apologise to anyone who was offended, harmed, injured or humiliated by my actions or those of my superiors in compliance with orders or those of my subordinates in the same status.”  But viewers were not tempted: the consensus was that Noriega showed no emotion or contrition, and relatives of those who were tortured and murdered during his regime expressed outrage, calling for him to die in prison.  In the end, he was put under house arrest in January 2017 to prepare for brain surgery – from which he never recovered.  Many will feel that he was unfairly lucky to make old bones.

Posted in Bribery and corruption, Money laundering, Organised crime | Tagged , , , , , , , , , | 5 Comments

A record number of records

I know I said last time that I wouldn’t be doing anything until the UK’s new Money Laundering Regulations 2017 and their attendant guidance notes are finalised and approved (we’re working towards 26 June 2017), but that doesn’t stop me having a think about them.  And one change they have brought in (or – more correctly – are proposing bringing in) concerns record-keeping.  I know: yawn-o-rama.  But still, important to those of you tasked with designing and implementing in-house record-keeping procedures.

In the olden days of the Third Money Laundering Directive (written on vellum by monks, you may recall), the distinction was drawn between KYC records (yes, way back before CDD was born) and transaction records.  The former had to be kept for at least five years from the date of the end of the business relationship, and the latter for at least five years from the date of the completion of the transaction.  But this time round – see Article 40 of the Fourth Money Laundering Directive – the line has moved.  Now the two categories are: CDD and transaction records relating to business relationships; and transaction records relating to occasional transactions.  For the former, it’s five years from the end of the business relationship, and for the latter, five years from the completion of the transaction.  You may need a Venn diagram at this point, but the category affected is transaction records associated with a business relationship – which must now be kept for much longer.  You can no longer bin them once the transaction itself is five years old, but must wait until the client has been gone for five years.  (Gone from you, I mean: not departed this life.  That’s probably coming in the sixth directive.)

I did warn you: dull but important.  (And I’m as certain as I can be that we can count on this change, as it’s MLD4-driven, not a UK localisation.)

Posted in AML, Legislation, Money laundering | Tagged , , , , , , , , | 6 Comments

A state of grace

Someone asked me recently about grace.  Not the spiritual kind, or indeed the physical – if there is a loose paving stone within a hundred yards, I will trip over it.  No, what they were concerned about is the period of grace granted after the passing of new legislation, to allow those affected to catch up.  Specifically he was talking about the UK’s imminent Money Laundering Regulations 2017, which we confidently (hah!) expect to come into being on 26 June 2017.

Of course, the main thing to bear in mind when planning ahead is that there is many a slip ‘twixt cup and lip.  And this is doubly so at the moment, with all UK politicians jockeying for position with regard to both the General Election (on 8 June) and the Brexit negotiations.  Personally (and you’ll keep this to yourself, I am sure) I don’t trust a word any of them says at the moment, with so much at stake.  For my part, I have read the draft new Regs, and indeed the draft new Guidance Notes that flow from them, but I am changing nothing about what I say or what I write until it is set in stone.  In my diary I have blanked out the whole of the week of 26 June to “update the piggies” – my suites of AML books – and I’m not touching them until then.

But back to grace.  It has been so long – all but a decade – since we had an update to the Regs that I have, to be honest, forgotten.  But I seem to remember that the word on the street (the street in question being Canary Wharf, home of the FCA) was that firms would be allowed six months to get themselves straight, before regulators would descend and expect to see the new standards in place and work well underway – if not completed – on remediation of client files.  I know that some regulators and legislators read this blog, so can anyone put us straight?  Is this an official acknowledgement (on which we can count) that things cannot be changed overnight, or simply an understanding between friends?

Posted in AML, Legislation, Money laundering | Tagged , , , , , , , , , | 2 Comments

More haste, less progress

I’m one of those annoying people who take deadlines really, really seriously.  Last year I accidentally prepared two tax returns because I did the first one so far in advance of the deadline that I clean forgot that I had already done it.  So I find the “last minute” working style both perplexing and frightening.  And yet, in recent weeks, I have had to stand by, helpless, and watch it happen in the most important arena: legislation.

As I wrote a few days ago, the UK’s Criminal Finances Act 2017 has just been passed.  I had been tracking it day by day from the beginning – when it had its first reading in the Commons on 13 October 2016 – and could see that it was going to be close.  Of course, the closeness was not part of the plan: the date of prorogation (the closing of a session of parliament, at which point, to put it simply, Bills must become Acts or fall by the wayside) was abnormally affected by the announcement of the coming General Election.  And so the race was on: would the Lords be able to debate all their proposed amendments and send them back to the Commons for approval before prorogation?  As you know, they did, and for the most part, it has worked out as we had anticipated.

Not so for the (confusingly similarly named) Finance Act 2017 (“a Bill to grant certain duties, to alter other duties, and to amend the law relating to the national debt and the public revenue, and to make further provision in connection with finance”).  This one started on its legislative journey much more recently – on 14 March 2017 – and so the sudden looming appearance of prorogation had a more drastic effect on it.  As you can see here, in this handy table showing which bits survived and which were sacrificed in the name of expediency.  You will note that of the original 135 clauses, 72 were removed in order to push the legislation through – that’s 53% of them, and presumably they’re the tricky ones that might have held things up.  The slimline Finance Act 2017 did receive Royal Assent on 27 April 2017, but I’m not sure I am comfortable with the way that parliamentary timetabling can trump (please can we reclaim that word?) original legislative intentions.

Posted in Legislation, Money laundering | Tagged , , , , , , , | Leave a comment