Registering my displeasure

When I was a schoolgirl, in the late Victorian era, BO had a different meaning: if some poor soul had BO, you flapped your hand in front of your nose and worked the word “deodorant” into your conversation with them as often as you could.  But nowadays we’re concerned much less about body odour than about beneficial ownership, which almost everyone agrees is a central plank of any AML endeavour.  Sadly, we in the UK have been poorly served by our register of beneficial ownership: since its inception in June 2016, the register of people with significant control has been nothing more than a giant filing cabinet.  As I heard someone describe it so well, those who run it are librarians rather than detectives – they have no power or obligation to validate what they are told.  This means, of course, that the PSC register is all but worthless for AML purposes: it serves as perhaps a second or third corroboration, but certainly cannot be relied upon as a primary check.

And then along came MLD5.  It amended Article 31 of MLD4 to this: “Member States shall require that the information held in the central register [of beneficial ownership] is adequate, accurate and current, and shall put in place mechanisms to this effect.  Such mechanisms shall include requiring obliged entities and, if appropriate and to the extent that this requirement does not interfere unnecessarily with their functions, competent authorities to report any discrepancies they find between the beneficial ownership information available in the central registers and the beneficial ownership information available to them.  In the case of reported discrepancies Member States shall ensure that appropriate actions be taken to resolve the discrepancies in a timely manner and, if appropriate, a specific mention be included in the central register in the meantime.”

How marvellous: thanks to the EU (oh, the irony) the UK government can sidestep the eminently sensible (but costly) step of requiring all submissions to the PSC register to be verified and validated, and instead throw responsibility for pointing out “discrepancies” (i.e. fraudulent submissions) onto the regulated sector and the FIU.  Isn’t this rather like a doctor asking his patient to let him know if he finds a better diagnosis on the internet, so that he can improve his own diagnostic skills?  Useful for the doctor, but rather alarming for the patient.

HMG has been talking of reforms to the system for some time.  In September 2020 it published its response to a consultation on the matter, in which it confirmed that “the Government’s vision is for a register built upon relevant and accurate information that supports the UK’s global reputation as a trusted and welcoming place to do business and a leading exponent of greater corporate transparency”.  However – and more tellingly – it immediately continued: “Companies House will play an even stronger role [my italics] as an enabler of business transactions and economic growth, whilst strengthening the UK’s ability to combat economic crime.”  So that’s the true purpose of the registry, is it, to enable business?  And all this talk of reform cannot disguise the fact that we are starting from an extremely low base.  In Guernsey, for instance, submissions to the Guernsey Registry can be made only by “resident agents”, who are covered by stiff legal obligations to gather and maintain information about beneficial owners – and face heavy penalties if they don’t.  In the UK, on the other hand, that consultation response confirms that it’s all much more informal: “Information on companies may be filed at Companies House by a range of individuals.  They may be people connected with the company, such as a director or some other employee.  Alternatively, information may also be filed by third party agents (professional intermediaries who provide such services, including accountants and trust and company service providers, who should be registered with a supervisory authority).”  Should be registered (and covered by AML obligations) – but might not have bothered, and CH won’t know…  And as for penalties for refusing to verify yourself as a PSC, or indeed lying about it, well, “we will develop a suite of compliance activities and sanctions to ensure that as many PSCs as possible are verified within a certain time period of them confirming that they are the PSC with the company”.  I’m sure those dastardly money launderers are quivering in their boots – there’s little that scares them more than a suite of compliance activities.

So why I am so het up about this?  Well, on 5 May 2021, HMG published “Economic Crime Plan: Statement of Progress”, covering the period July 2019 to February 2021.  (It contains enormous amounts of repetition – but perhaps that’s necessary, when progress has been so slow.)  In the section on “strategic priority six – transparency of ownership”, it confirms that there will be “compulsory identity verification for all directors, People with Significant Control and those filing information on behalf of a company”.  Together with obliging the regulated sector and FIU to report any pesky discrepancies, this will “improve the accuracy of the information on the register”.  And – so important that it’s said twice in the same section – “the outcome should be that the millions of users of the register, including the regulated sectors, can have greater faith in the information, so that it continues to serve its vital role facilitating business transactions and underpinning confidence in our economy”.  As someone immersed in the world of AML, I had quite lost sight of the vital role of such registers.

Posted in Uncategorized | Tagged , , , , , , , | Leave a comment

Calling a spade an earth spoon

If you’re a fan of the current UK government – and particularly the Eton mess whose name shall not be spoken – I suggest you stop reading now.  For my part, I consider them a corrupt regime equal to that run by the Cheeto-in-Chief across the pond for four years, and I can only hope that our democracy rights itself as theirs has done.  Corruption is actually remarkably easy to spot because the definition is so straightforward: Transparency International defines it as “the abuse of entrusted power for private gain”.  Sure, you can subdivide it into kleptocracy and extortion and embezzlement and so on, but that central tenet holds true: if you use your position of entrusted power to feather your own nest (and the nests of your friends and family) – including by buying support so that you stay in office for longer, for further feathering – then you’re corrupt.  As my niece would have it, with attendant teenage eye-roll, “end of”.

And yet the media seems reluctant to use a word that is so clear.  Instead, they talk of cronyism, or a chumocracy, or sleaze – all of which are revolting, but none of which is a crime.  Is it because the UK has spent so many decades – perhaps centuries – wagging its finger at other corrupt regimes that it would be too embarrassing to admit that it has come home to roost (in that nest so comfortably feathered by a store that is not the skip-furnishing John Lewis)?  But by shying away from naming it as corruption, we give those involved the opportunity to deny it to us and to themselves.

A while ago I watched an absorbing documentary called “The $50 Million Art Swindle”, about Michel Cohen, an art dealer who conned people in the art world out of US$50 million before going on the run.  When the documentary maker puts it to him that what he did was wrong, he shrugs.  It was not theft, he contends: they were loans that I have not yet paid back.  Eighteen years later.  It’s all a matter of what you call it – and telling himself that people gave him the money willingly and it’s just a matter of paying it back means that, in his mind, he’s not a criminal.

And it’s the same in the world of money laundering.  If we let people call it clever accounting, or tax efficiency, or complex structures that you couldn’t possibly understand, we’re giving them permission to deny responsibility for their crime.  Sometimes a spade is clearly a spade.

(And if you’re as sick to the back teeth as I am of the UK government sticking its fingers in its ears and going “Na-na-na-we-can’t-hear-you” whenever anyone asks for a bit of transparency, you might like to follow/support the work of the Good Law Project – dedicated to holding power to account.)

Posted in Uncategorized | Tagged , , , , , , , | 2 Comments

Gone but not un-rotten

Last week a client asked me a question about dead PEPs, and in looking for the answer I realised that this is not a topic addressed by the regulator.  Which is odd, given that it is the inevitable final status of all PEPs.  Everyone’s AML guidance discusses how you should treat PEPs who have left office, but no-one talks about those who have Left Office in the most final sense of all.  Of course, none of us – I don’t think – is imagining that a corrupt PEP will go on laundering money after death.  As someone put it to me, “the risk of someone laundering money or financing terrorism significantly decreases after they shuffle off this mortal coil”.  But although their activity may cease, their wealth does not disappear – and their heirs are still around, and their close associates are still associated.  So I put the question to my AML-obsessed tribe on LinkedIn, and all sorts of issues were raised and debated.

First, it seems that we must draw a risk-based distinction between PEPs who die while in office, and those who pop their clogs during a long and happy retirement from PEP-dom.  If someone is still in the throes of their position of influence, with access to public money, and then falls off the perch, this is a different risk to someone who has been absent from the corridors of power for some time.  Note that I say different risk – not lower risk – because of course it all depends.  We all know of puppet-master PEPs, who no longer have the public title or profile but very much hold the puppet strings of their successor – as another contributor says, “a former PEP’s level of influence can outlive him/her”.

Second – and this was something that I had not appreciated before, so thanks, tribe – the wording of the specific legislation is important.  In the UK legislation, for instance, we have this: “A relevant person must have in place appropriate risk-management systems and procedures to determine whether a customer or the beneficial owner of a customer is (a) a politically exposed person; or (b) a family member or a known close associate of a PEP.”  In other words, the PEP definition refers to the PEP alone – the obligation is to look for PEPs and then also consider their family and close associates.  But in the Guernsey legislation, we have this: “’Politically exposed person’ means… a natural person who has or has had at any time a prominent public function… an immediate family member of [such a person], or a close associate of [such a person].”  Here, the family and close associates are PEPs as well – generally known as “PEPs by association”, but still PEPs.  The dePEPping arrangements are therefore different: in the UK, family and close associates can cease to be of interest the moment the PEP leaves office (or kicks the oxygen habit) – but in Guernsey, they are subject to the same dePEPping timetable as the headline PEP.

And third, the actual answer is, of course, that it all depends.  As with everything AML, it’s a risk-based decision.  You may have a PEP who left office three years ago, after a worthy career unblighted by scandal, and now squawks his last – you are unlikely to be overly concerned about his widow and what she does with the family art collection.  Or you may have Sani Abacha – dead for more than two decades and still causing trouble.  As my grandma advised me when I told her I was engaged: choose carefully, because you’re lying next to them for a long time.

Posted in Uncategorized | Tagged , , , , , , , , , , | Leave a comment

The woes of UWOs

Unexplained Wealth Orders are now three years old.  Although many would like to see their reach expanded – divorce lawyers are particularly interested – they remain available only in cases involving PEPs or those suspected of serious criminality.  And indeed, we’ve seen successful examples of both: the PEP contingent has been ably represented by Zamira Hajiyeva (wife of the former chairman of the International Bank of Azerbaijan, and perhaps better known as the woman who spent £16 million in Harrods), while the serious criminals have put forward Leeds businessman Mansoor Mahmood Hussain (ordered to hand over 45 properties and various other assets believed to be the fruit of his connections with murderers, fraudsters, armed robbers and money launderers).  Others wait in the wings, including Donald Trump (whose purchase of two Scottish golf courses might stand a little source of funds enquiry).  But what is the UWO to the MLRO – apart from a pleasing bit of Schadenfreude?  I can see two reasons for MLROs to take a more professional interest in UWOs and their operation and scope.

First – perhaps surprising, given my propensity to assume GUILT when confronted with any sniff of financial misdoings – you might be asked by a client to help them meet the demands of an UWO, thereby allowing them to explain their unexplained wealth.  For instance, they might ask you to confirm to the court that yes, they are your client, and yes, they supplied all CDD information as required, and yes, it all seemed fine to you, and yes, they have conducted themselves with dignity and uprightness throughout their relationship with you.  (They might also ask you to confirm that you have never had the slightest suspicion of any whiff or taint of money laundering in their activity, but of course, this you cannot do.)

And second – which will be more common, I fear – is that UWOs will reveal financial structures, relationships and connections that investigators will then be able (indeed, eager) to unpick.  They will look at every institution and professional involved, and wonder whether they did their AML stuff properly – did they ask the right CDD questions, did they monitor the relationship, and did they report any suspicions promptly (remember, the standard is not “did you suspect”, but “should you have suspected”).

So make sure you keep track of the UWOs that are granted and what happens in response to them.  And if you were involved in selling a golf course to an orange-hued former US president, it might well be your turn next.

Posted in Uncategorized | Tagged , , , , , , , , , , , , , | Leave a comment

Systems to manual

I have a confession: I love writing AML manuals.  I know, I know – it’s akin to saying that for Sunday lunch I enjoy a nice roast kitten with puppy gravy, but there it is.  Who knows when it started, but I have always relished gathering information, sorting it into a logical order, and then determining the best way in which to communicate it.  Add my Favourite Subject Ever, and I’m in clover.  Rather marvellously, clients do occasionally ask me to redraft their AML manuals; they raise the subject almost apologetically, but I’ve got Word open and a skeleton table of contents in place before they’ve hung up.  But, dear readers, I do see some shockers.

The worst – and most common – mistake that MLROs make with their AML manuals is taking shortcuts.  When something changes, they make the minimum number of edits that they think they can get away with – which means, invariably, that bits are missed.  I know it sounds dull (actually, it doesn’t – but that’s my problem and not yours) but when you change any part of a document you must re-read the whole thing to make sure it still works.  Every single page.  Otherwise contradictions and omissions will creep in (can an omission creep in, or does it slink out?).

Another regular bugbear is inconsistency.  You call it KYC in one chapter and CDD in another.  They’re “high risk clients” in this table and “High-Risk Customers” in that one.  It sounds nit-picking (and what’s wrong with that?) but inconsistencies will lead to uncertainty and misinterpretation.  It’s worth remembering that very few of your staff, no matter what they tell you to the contrary when they sign their form, will read the AML manual from cover to cover.  They will turn to it in extremis, when they need to find reliable and unambiguous information quickly.

And tied to inconsistency is style.  I love a good, wide, illuminating, fascinating range of adjectives as much as the next person.  But the AML manual is not the place to practise your Booker-worthy prose.  Keep it clear.  Keep it repetitive.  If you mean “certified copies of all CDD documents must be obtained and kept on the client file”, don’t say, in the next chapter, “obtain certified copies of the documents” – just repeat exactly the same phrase to make it clear that the standard is unchanging.  Keep it clear.  Keep it repetitive.

It’s been attributed to almost everyone, from Thomas Hood to Nathaniel Hawthorne, Lord Byron and Maya Angelou, but the maxim remains true: easy reading comes from hard writing.  And it’s the responsibility of the MLRO to make sure that the AML manual is very easy reading.

Posted in Uncategorized | Tagged , , , , , , , | 2 Comments

Loophole in the wall

Cash is a problem during a pandemic.  Cash-intensive businesses like nail bars cannot trade, and takeaway food outlets have turned into delivery hubs with payment in advance by card.  Luckily, anyone desperate to offload their criminal cash has a new-ish option that has been steadily gaining ground.  The cryptocurrency ATM is a freestanding machine that is appearing in the corner of shops, petrol stations and (I’m reliably informed by the Daily Telegraph newspaper) strip clubs, and it will happily swap your cash for cryptocurrencies and vice versa.

The CATM (no-one else calls them that – it’s my own invention and you’re welcome) was something of a novelty when a Robocoin machine opened in the Waves coffee shop in Vancouver in Canada in October 2013.  Europe got its first one two months later, in Bratislava in Slovakia.  CATMs come in two flavours: uni-directional ones allow you to buy cryptocurrency using cash or a debit card, while bi-directional ones allow you sell cryptocurrency as well.  Now you know what a dinosaur I am when it comes to matters cryptocurrency, so you will forgive me for quoting from the admirably clear description in Wikipedia: “[CATMs] look like traditional ATMs, but do not connect to a bank account and instead connect the user directly to a [cryptocurrency] wallet or exchange.  While some [CATMs] are traditional ATMs with revamped software, they do not require a bank account or debit card.  On average, transaction fees are 10-20% but can go as high as 25% and as low as 7%.”

As eny fule no, Bitcoin is having a moment – its value is surging.  And it’s dragging the CATM trend with it.  According to Coin ATM Radar, in February 2020 there were 6,759 CATMs in the world – and today there are 17,868.  Speaking to the Daily Telegraph, Ben Phillips of RockItCoin said that his company now has 900 CATMs installed in the US: “It just appears that more people are using Bitcoin for the first time and obviously more people are continuing to come back and use the machines.  We do add that element of privacy where users can feel secure, like they’re dealing just with us.  They’re not putting any bank information in.”

Whoa there, missy – did you say “adding an element of privacy”?  So people can feed stacks of cash into the CATM and get cryptocurrency added to their e-wallet, all without any pesky financial information being checked?  With the recent publicity about the dangers of – and to – money mules, this is surely a risk area that must be addressed.  Thankfully the regulator has CATMs in its sights: in a speech on 24 March 2021, Mark Steward, (Executive Director of Enforcement and Market Oversight at the FCA) announced that “we have now developed a version of the Warning List, called the Unregistered Cryptocurrency Businesses List, to help consumers and FCA authorised firms identify cryptocurrency firms that appear to be carrying on business in the UK but are not registered with the FCA or sought such registration – we placed the first names on the Unregistered Cryptocurrency Businesses List earlier this month, all crypto ATM firms”.  Sadly, CATMs are also on the criminal radar: at the end of last month, a man in Sydney was jailed for laundering money through CATMs – in this case, money was stolen from people’s cryptocurrency wallets and he then withdrew it in cash via CATMs.  So when lockdown lifts and you return once more to The Saucy Minx Exotic Dancing and Dining Club for Discerning Gentlemen and spot a new CATM in the corner, the strippers might not be the only ones losing their shirts.

Thanks to David Winch for pointing out this issue to me – I do love an AML issue

Posted in Uncategorized | Tagged , , , , , , , , , | 5 Comments

Faint at art

It’s a tricky thing, art.  No – I don’t mean those arguments over whether an unmade bed or a black painted square is art, but the deliberations about when the art world is part of the AML community and when it isn’t.  Before the advent of the Fifth Money Laundering Directive, an art auction house or similar would be subject to the AML requirements (at least in the UK and other jurisdictions with EU-derived AML regimes) only as part of the “high value dealer” category.  And the definition of a high value dealer comes from the previous Directive, MLD4: “other persons trading in goods to the extent that payments are made or received in cash in an amount of €10,000 or more, whether the transaction is carried out in a single operation or in several operations which appear to be linked”.  In short, the key characteristic was the acceptance of large amounts of cash – actual folding (or clinking) cash.

MLD5 moved the goalposts, and many involved in the trade in art found themselves ejected from their cosy home with the HVDs and lodged in a new category of their own, with the requirements of MLD5 now additionally applying to “persons trading or acting as intermediaries in the trade of works of art, including when this is carried out by art galleries and auction houses, where the value of the transaction or a series of linked transactions amounts to €10,000 or more; [and] persons storing, trading or acting as intermediaries in the trade of works of art when this is carried out by free ports, where the value of the transaction or a series of linked transactions amounts to €10,000 or more”.  In other words, although the €10,000 threshold remains, the form of payment – cash or otherwise – is immaterial.  So any art market participants who had managed to exclude themselves from the AML requirements by refusing to accept cash are now back in.

Perhaps understandably, there has been some confusion about who is included – overlaid by the inevitable reluctance to accept their fate.  And some leeway has been permitted in these troubled times.  But the art sector is now in the spotlight.  On about 19 March 2021 the National Crime Agency issued one of its occasional “amber alerts”, the time to art dealers.  I can’t unearth the actual document on the NCA website [if you can, please post the link in a comment – I’d love to find it], but a report on it in the Evening Standard quotes Graeme Biggar (DG of the NCA’s National Economic Crime Centre) as saying that although they have been encouraged to file more SARs, there has been an inadequate response from dealers, despite their sector being “a relatively high risk area for money laundering because it is a market used to operating with anonymity, where they use third parties, and where the source of the funds is often not clear”.  He also comments that “HMRC will be looking a bit harder too at art dealers”.  Let’s hope the art sector is finally getting the picture.

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , | 1 Comment

The young and the riskless

I never thought I’d say this, but there are two great advantages to being 55: (a) I’ve had my first covid jab (one shivery night afterwards but apart from that – woohoo!), and (b) I’m not being targeted quite as doggedly by fraudsters or aggressive sales tactics.  Youngsters, however, are paying the price for their porcelain complexions and silent knee joints by having to be ever more vigilant against such approaches.

Earlier this month, fraud prevention service Cifas confirmed that more than 40% of the more than 17,000 cases of money muling in 2020 involved victims aged 21 to 30 – leading the media to dub them “generation Covid”.  According to Cifas, “with thousands [of young people] facing job losses as a result of the pandemic and graduates entering the jobs market at a time of unprecedented uncertainty… criminals are exploiting people’s financial difficulties by using social media platforms, jobs websites and phishing emails to approach them with offers of easy cash”.

Last week a friend contacted me to say that her daughter – aged 20 – had narrowly escaped “financial meltdown”.  Daughter had received a text purportedly from Royal Mail, claiming that a parcel was waiting to be delivered to her but she needed to click on a link to pay the £2.99 settlement.  Now, daughter is engaged in online shopping 23½ hours a day and employs a postman pretty much full-time so this did not seem unusual to her – the only thing that concerned her was the word “settlement”, which she asked her mum about.  Mum was suspicious and unearthed the warning from the trading standards people.  We’re all old and cynical, and know how the postal system works, but with customs changes post-Brexit and general pandemic shenanigans, even the savviest of us can be tricked.  Now there’s a jolly slogan: just don’t click – it might be a trick!

And yesterday the Financial Conduct Authority issued the results of research it commissioned into “Understanding self-directed investors”.  What caught my eye was the FCA warning that “younger investors are taking on big financial risks”: “There is a new, younger, more diverse group of consumers getting involved in higher risk investments, potentially prompted in part by the accessibility offered by new investment apps.  However, there is evidence that these higher risk products may not always be suitable for these consumers’ needs as nearly two thirds (59%) claim that a significant investment loss would have a fundamental impact on their current or future lifestyle.”  In other words, they’re staking what they can’t afford to lose.

But even the investor who is longer in the tooth displays a worrying lack of awareness.  The word “risk” runs through the bones of every MLRO like Blackpool through a stick of rock.  But the FCA’s research reveals that “there is a striking lack of awareness and/or genuine belief in the risk of investing, with over four in ten (45%) [respondents] not viewing ‘losing some money’ as a potential risk of investing – despite the presence of disclaimer warnings”.  They then turn a second blind eye to danger: “Additionally, most have high confidence in their abilities to identify scams and fraud, although in reality strategies largely rely on an investment opportunity ‘not feeling right’ or looking unprofessional” – despite some confessing to having fallen for scams that looked perfectly professional.  Add to this the boredom that comes with being stuck at home during lockdown, the speed with which investment “buzz” can be generated on social media, and the spare money that some people have now that they can’t go out or on holiday, and it’s prime time for fraudsters.

Posted in Uncategorized | Tagged , , , , , , , , | Leave a comment

Mind your own business

One of the trickier aspects of the MLRO’s job is the juggling act they have to perform to keep everyone happy – staff, Board (or whatever their firm’s top layer of control is called), regulators and investigators.  Although this can be done, it takes a stern resolve, a stiff spine and a clear understanding of just who is entitled to just what.  And one of the regular points of conflict is the sharing of information about SARs with the Board.

Some MLROs – notably, those working within FCA-regulated firms – are required to make an annual report to their Board, and most MLROs of my acquaintance (regardless of their sector or jurisdiction) choose to do this.  Part of any MLRO annual report to the Board is going to be information about SARs – number of internal reports received and number of external disclosures made (which gives a conversion rate), and observations about any discernible patterns (e.g. the majority of reports are made by one member of staff in the take-on team, or no-one in the Birmingham office has even made a report, or a growing proportion of reports feature clients who are PEPs).  Looking at it from the other side, Boards are required to make sure that they are conducting sufficient oversight of their firm’s AML/CFT regime, which will include checking that the reporting/disclosing system is working well.  Where the conflict arises is when the Board demands to know more than the MLRO wishes – or is permitted – to say.  Directors will sometimes want to see specific SARs, or will ask for the names of clients reported to the FIU.  And this type of request triggers the “tipping off klaxon” with which all MLROs are fitted on appointment (a painless but necessary procedure).

Thankfully, this conflict is increasingly being recognised by regulators and by FIUs, and MLROs are being offered more guidance on just what they can and cannot (or should and should not) share – which gives them something to show their Board to explain their course of action.  For instance, the JMLSG in the UK has produced a template for the MLRO’s annual report, which, in the section on reporting, suggests the following content:

  • Internal reporting
    • Summarise the number of internal reports made by business area. Distinguish between the number of reports picked up by central monitoring units and staff.
    • Number of ‘false positives’ generated where internal reports were not forwarded to [the FIU]. Whether this has increased or decreased since the last report.
    • Summarise the circumstances that may have led to increased/decreased reporting and consider any significant trends in reporting.
    • Summarise any quality checks that are made by the Nominated Officer in the area of reporting.
  • External reporting
    • Note whether there have been any money laundering cases that have arisen where reports have not been made.
    • Provide a breakdown by business area of reports passed on to [the FIU], and the number of reports that have not been made.
    • Consider any significant trends in reporting that might require the Nominated Officer to change system parameters for suspicious transaction reporting. Indicate whether such changes have been actioned or are requested.
    • Any feedback from [the FIU] on reporting, individually or by sector.

This makes it clear that the MLRO should be sharing anonymised, general information with the Board, post facto – and the Board should not expect to receive identifying information (about either reporting individuals or reported-on clients), and certainly should not expect to be involved in reviewing or (heaven forfend) approving the submission of SARs.  Some MLROs – particularly those new to the job, or those working with particularly dominant directors – might feel obliged to share more than is necessary, or indeed safe.  To them I say bon courage – the law is on your side.

Posted in Uncategorized | Tagged , , , , , , , , , , , , , | Leave a comment

Hang on every word

I have been called pedantic, but that’s not strictly accurate.  The fact is that I make my living from – and spend much of my leisure time with – words.  Most compliance-y people are good at detail: at school we were the ones who always did what the teacher said (“Read all the way through all the questions before starting”) and as working people we’re the ones who fill in all the forms fully and correctly.  Moreover, we know the importance of words.  Precise and specific words.  This matters greatly when wrestling with legislation and when dealing with regulators.

Let’s take a look at legislation first.  I’m in the UK, so I will refer to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, but feel free to grab your own domestic AML legislation to play along.  I’m turning, feverishly, to Regulation 28, which sets our “Customer due diligence measures”, and it says this: “The relevant person must – (a) identify the customer… (b) verify the customer’s identity…; and (c) assess, and where appropriate obtain information on, the purpose and intended nature of the business relationship or occasional transaction.”  Later on, in Regulation 35, and with reference to PEPs and EDD, it says this: “A relevant person [with a PEP client] must… take adequate measures to establish the source of wealth and source of funds which are involved in the proposed business relationship or transactions with that person.”  Can you see those words?  We have “identify”, “verify”, “assess”, “obtain information on” and “establish”.  I’m not going to go into a great dissection of their specific meaning (that’s for training, not a blog post), but it’s important simply to see that they are different.  The people who drafted and approved the legislation chose them carefully (assessment is not verification, and obtaining information is not establishing), and we must obey them.

And now let’s have a little think about regulator-speak.  As you almost certainly know, you can open any AML/CFT guidance – take your pick from at least half a dozen versions in the UK – and you will soon spy three levels of obligation: must, should and could/may/might.  If something is expressed using the word “must”, you as MLRO have no choice: it’s either straight from the legislation (and not doing it is a criminal offence) or it’s a regulatory obligation (and not doing it puts you at risk of losing your licence).  If something is couched in the woolly words – could, may, might – then it’s up to you: it’s a suggestion, but if you have a preferred alternative, then so be it.  But it’s the middle one that catches people out: the “should”.  If a regulator says that you “should” do something, the expectation is that you will do it and if you don’t, you will explain clearly why you have not done it – conform or confirm, if you will.  Too many firms think that “should” and “could” are equivalent – it’s a dangerous stance.  And I have chosen that word carefully.

Posted in Uncategorized | Tagged , , , , , , , , | Leave a comment