anti-money laundering and anti-bribery and corruption systems & controls: asset management and...

Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Asset Management and Platform Firms.

Summary and highlights of The Financial Conduct Authority Thematic Review by Mark Dunn, Market Planning Manager, Risk & Compliance, LexisNexis

November 2013

A LexisNexis White Paper

Index

3 Introduction

5 Governance, Culture, and MI

6 Risk Assessments

7 Specific Anti-Money Laundering Controls

9 Specific Anti-Bribery & Corruption Controls

10 Training & Awareness

11 Conclusions

LexisNexis has a world-class reputation for providing critical business tools. For over 30 years we have been pioneers in intelligence and risk management. As a digital pioneer, the company was the first to bring legal and business information online with our Lexis® and Nexis® services. Today, LexisNexis harnesses leading-edge technology and world-class content to help professionals work in faster, easier and more effective ways.

Our solutions are used internationally by financial services, legal and accountancy firms and blue chip multinational companies to enhance business decision making, fulfill regulatory requirements and for premium information research.

LexisNexis serves customers in more than 100 countries with 10,000 employees worldwide.

Introduction In October 2013, the UK Financial Conduct Authority (FCA) published their thematic review – Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Asset Management and Platform Firms – describing the steps banks and other financial services firms in the UK take to control money laundering and corruption risks in asset management and platform business and setting out the findings from their recent assessment.

The FCA’s latest review assessed the systems & controls implemented by firms to tackle anti-money laundering and anti-bribery & corruption within asset management and the platform sector.

The review was started by the Financial Services Authority in 2012 and continued by the FSA’s successor the Financial Conduct Authority. The FCA met with 22 firms including wealth and asset management firms, fund administrators and platform firms. The sample of firms selected aimed to reflect the asset management and platform sectors as a whole and as a result firms of all sizes and with different business models were included in the review.

The FCA makes it clear in the report’s introduction that this review focused specifically on the adequacy of firms’ “AML systems & controls (including account opening, transaction monitoring, and suspicious activity reporting to mitigate money laundering risks); and ABC systems & controls (including the use of business introducers, third party payments, and gifts and entertainment arrangements).”

Unlike early thematic reviews, the report does not focus on firms’ systems & controls for complying with financial sanctions regimes.

Overall, the results of the review highlight consistent areas of concern as the report states:

“Although we found some good examples of money laundering and bribery and corruption risk management, we found a number of common weaknesses across the firms in our sample. Given the communications we have issued on AML and ABC, we expected the industry to have done more in ensuring they had suitable systems & controls in place.”

The FCA also highlights examples of common risks associated with money laundering and corruption including:

• Non face-to-face business, which can be attractive for money launderers hiding behind stolen or fabricated identities.

• Customers from, or with links to, countries that are considered high risk from a money laundering and/or corruption perspective.

• Wealthy and powerful clients, particularly where they insist on a high degree of confidentiality.

• The use of offshore trusts and shell companies to distance beneficial owners from their funds.

• High value and/or unexpected transactions.

• Payments or inducements, without a clear business rationale, to third parties.

The FCA summarises the thematic reviews findings in the reports overview:

• Most firms had relatively well-developed arrangements for the ownership of money laundering and bribery and corruption risks. However, some could not provide evidence to demonstrate the effectiveness of senior management oversight and challenge.

“Even though these findings are from our review of the asset management sector, we expect all firms to have appropriate systems & controls in place for AML and ABC.”

| Summary and highlights - The Financial Conduct Authority Thematic Review

• AML and ABC issues were dealt with primarily as a compliance matter rather than as part of proactive risk management. Failure to properly identify and assess risk often led to weaknesses in customer due diligence and on-going monitoring of business relationships.

• Most firms had a comprehensive suite of AML policies and procedures approved by senior management.

• Some firms had inconsistent or absent controls to assess, classify and record risks posed by new customers, which meant that enhanced due diligence and enhanced ongoing monitoring was sometimes not carried out for high-risk customers.

• There were weaknesses in how most firms acted on the outcomes of risk assessments.

• Identified risks were often non-measurable and not actively monitored. This impacted the extent to which appropriate controls were defined to mitigate those risks.

• Some firms considered that the longstanding nature of some business relationships alone was a satisfactory substitute for keeping customer due diligence information up to date.

The FCA press release accompanying the report goes on to say:

“We have provided feedback to those firms in our review, but we expect all firms to consider our findings and the examples of good and poor practice to improve their AML and ABC frameworks where necessary. We will be following up with some firms to discuss the actions they should take”.

The full FCA report and press release can be accessed via the following link:

http://www.fca.org.uk/news/thematic-reviews/tr13-9-anti-money-laundering-and-anti-bribery




Examples of good and poor practice

Governance, culture, and MI

• Senior management roles and responsibilities are clearly defined.

• There is a clear organisational structure that meets on a regular basis to discuss risks, including money laundering and bribery and corruption risks.

• Risk-based quality assurance work is carried out by the firm on a rolling basis.

• The firm regularly assesses and evaluates emerging regulatory and industry developments and the impact(s) this may have on its business.

• The firm takes into account staff compliance with AML and ABC obligations in remuneration and staff incentive structures.

• The firm has defined breach and escalation procedures.

• The firm implements senior management approval procedures in relation to the acceptance (or continuation) of higher risk business relationships.

• There is limited senior management involvement and challenge in AML and ABC compliance activities.

• Management information in relation to money laundering and bribery and corruption risks is not collated.

• Money laundering and bribery and corruption risks are dealt with only on a reactive basis.

• MLRO reports and other MI are not submitted in a timely manner.

• There is limited quality assurance activity carried out to review the effectiveness of AML and ABC systems & controls.

Page 15. Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Asset Management and Platform Firms. FCA October 2013

LexisNexis view

As AML, ABC and sanctions systems & controls converge, ensuring associated technology continues to align to business requirements and deliver a return on investment is often overlooked. The growing convergence of AML, ABC and sanctions regime compliance demands firms take a more holistic approach to tackling financial crime risk driven by top level commitment. Examples of good practice illustrate where firms have proactively aligned their business structures to best meet the increasing challenges of evolving legislation and industry guidance focused on reducing financial crime. As senior management recognises the risks of non-compliance, the associated impacts on business reputation and the balance sheet, firms are increasingly centralising their approach and the resources deployed to mitigate risk. Once in place,

firms continue to regularly monitor their exposure to risk to ensure systems & controls remain effective and are aligned to changing business requirements, incoming legislation and regulators’ expectations. As AML, ABC and sanctions issues converge, it is critical firms ensure that the technology used to tackle such evolving risks continues to meet expectations. Through consultation and review LexisNexis has helped firms successfully implement AML, ABC and sanctions systems & controls to ensure firms’ clients and third-party agents are being efficiently screened and monitored.



Risk assessments

• Risk assessments are used to assess the money laundering and bribery and corruption risks and undertaken regularly.

• Processes are in place for undertaking risk assessments including collaborative engagement with front-line business personnel, and adequate senior management sign-off, review, and challenge (including sufficient engagement at board-level).

• Limited or no activity is undertaken to identify and assess money laundering and bribery and corruption risks in a firm.

• Risk assessment activity is ad hoc and it is not proactively undertaken to inform senior management and/or the design and implementation of AML and ABC policies and procedures in a firm.

• Risk assessment activity is not dynamic to ensure firms are capturing money laundering and bribery and corruption risks.

• Risk assessments do not include an overall assessment of money laundering and bribery and corruption risks for a firm.

• ABC risk assessments were carried out as a one-off exercise.


LexisNexis view

Keeping the compliance team and key staff updated with changing risk indicators and regulator expectations needn’t be a costly and cumbersome exercise. The inability for a regulated firm to maintain its risk assessment process has been highlighted by a number of recent enforcement actions. Regulators expect companies to be aware of changing risks in their markets and to apply a risk assessment process that is agile enough to be amended and updated accordingly. This flexible approach to risk assessment is not only important to take account of ad hoc changes in risks related to specific

countries and entities for example, but also to be able to quickly assign risk assessment to the firm’s business development strategy and new product adoption etc. Industry best practice recommends the risk assessment be reviewed at minimum annually. However, as mentioned above, many firms need to ensure their risk assessment process is flexible enough to respond to market forces.



Specific anti-money laundering controls

• Ensuring AML policies and procedures reflect the legal and regulatory framework, and communicated to staff in the firm.

• Ensuring customer identification and verification procedures are in place, including detailed operational processes for customer take on.

• A customer risk classification framework is applied consistently to assess customer risks at the time of onboarding, and on an on-going basis.

• Identification and verification information for customers is periodically reviewed and ‘refreshed’, on a risk-sensitive basis.

• The firm has defined senior management approval procedures for accepting new (or continuing existing) business relationships which pose a high risk of money laundering.

• A clearly articulated definition of a PEP (and any relevant sub-categories) which is well understood by relevant staff.

• Failure to ensure that AML policies and procedures reflect the legal and regulatory environment and are up to date.

• Failure to conduct enhanced due diligence (EDD) for high risk/PEP customers.

• Failure to identify and verify beneficial ownership, source of funds, and source of wealth.

• Transaction monitoring governance arrangements are not clearly defined (for example, in relation to the investigation and review of transaction monitoring alerts).


LexisNexis view

Having in place effective anti-money laundering systems & controls is long considered the norm for any financial services firm operating within the UK and other regulated markets. With an EU Fourth Money Laundering Directive on the horizon and ongoing enforcement in this area, it is critical that firms have in place effective AML procedures that are both proportionate to their business risk profile and regularly reviewed to reflect changing compliance standards.

The FCA has made it very clear that supervision of banks’ financial crime controls will continue to be as intensive as ever and that tackling poor compliance or “taking action against firms that do

not meet our standards’ will continue to be a key priority. AML compliance receives close attention in the FCA 2013 Business Plan which heralded the FCA’s ‘Intensive intrusive Systematic Anti-Money Laundering Programme (SAMLP) across the high-impact firms to investigate their anti-money laundering, terrorist financing and sanctions systems and controls.”


The SAMLP (formerly known as the Core Financial Crime Programme) aims to: “Look into the financial crime systems and controls of 14 major retail and investment banks every four years and will focus on their anti-money laundering, countering terrorist finance (AML/CTF) and financial sanctions risks. We will also include anti-bribery and corruption (ABC) in the programme”.

Against this backdrop of ongoing supervisory scrutiny and enforcement activity it is essential firms do not neglect the technology services they have in place to help mitigate such risks. Ensuring

screening, due diligence and monitoring services continue to not only reflect firms’ changing risks but also deliver business process efficiencies is key as budgetary constraints on Compliance resources continue to bite.

LexisNexis regularly helps firms to review their AML, ABC and sanctions systems & controls to ensure clients and third-party due diligence checks are delivered in a timely and cost efficient manner.



Specific anti-bribery and corruption controls

• ABC policies and procedures are documented and kept up to date.

• ABC policies and procedures will vary from firm to firm however they must address relevant areas of bribery and corruption risks (either in a standalone document, or as part of separate policies).

• Gifts and entertainment policies and procedures clearly define the approval process; include clear instructions for escalation, definitions and guidelines for staff to follow.

• The rationale for using agents or introducers to generate new business is documented, and monitored through review and assessment on a continuing basis.

• The firm implements robust operational controls to monitor, review, and approve third party payments.

• ABC policies and procedures are not tailored to the business.

• ABC policies and procedures do not address other areas of bribery and corruption risk but focuses on one area only e.g. gifts and entertainment.

• Firms do not maintain a list of third party relationships and rely on informal means to assess the risk.

• A firm using intermediaries fails to satisfy itself that those businesses have adequate controls to detect and prevent where staff have used bribery to generate business.

• Gifts and entertainment activity is not consistently monitored by senior management.


LexisNexis view

A primary goal for the compliance function is to have a consistent approach to onboarding which ultimately improves customer service and provides a competitive edge. By auditing the local and international systems used for ABC third party due diligence, the business is able to demonstrate consistent compliance. Risk solutions from LexisNexis® enable approval of new third parties at the appropriate level and escalation to senior management for review when needed.

All information gathered on an entity can be collated into one file and forwarded together with any notes, providing an efficient and auditable review process. A separate file is created for all PEPs and high risk entities, making closer ongoing monitoring straight forward and routine.

It is possible to allow Business Managers minimal “privileges” and for any red flags to automatically drive escalation to Compliance, ensuring an appropriate risk-based approach at each stage.

Using PEP databases in isolation is not sufficient and broader news checks are needed to clearly identify associations and other high risk indicators. Building an end-to-end workflow that looks across broader data sets also ensures ongoing monitoring is regular and efficient. By seamlessly combining the initial onboarding process with an ongoing monitoring process, all alerts can be handled in the same manner and a consistent approach is guaranteed.



Training and awareness

• AML and ABC training is delivered to all staff, including senior management.

• There is enhanced training for senior management and staff in key AML or ABC roles.

• Training is tailored and includes practical examples relevant to the firm’s business activities.

• The content of the AML and ABC training is periodically reviewed and refreshed.

• Staff records setting out what training was completed and when and using those results to test staff understanding and quality of the training. Ensuring training covers how to escalate matters and/or report potential suspicions.

• Senior management does not sign off or engage in training.

• New employees do not receive new joiner training promptly after joining a firm.

• The firm does not extend its AML and ABC staff training requirements to overseas employees who perform functions on behalf of the firm’s UK customers.

• Training is a one-off exercise. ABC training material does not include training guidelines in relation to gifts and entertainment limits and pre-approval procedures.

• The effectiveness of AML and ABC training is not monitored or assessed by a firm.

• Training records are not maintained and staff are not encouraged to ensure they meet their training obligations.


LexisNexis view

Applying consistent, up to date and tailored training is essential to ensure staff remains fully aware of their individual roles & responsibilities both regulatory and ethical. The onset of poor practices is more common when resources are tight and adequate support is not offered to the compliance function. LexisNexis works with thousands of financial institutions of all sizes, offering scalable solutions that meet the needs and budgets of most organisations. Increasingly organisations are being more selective in their use of different training materials and technology to deliver updates to staff. Training and tutorials that are

targeted to the requirements of specific personnel and the risks they manage can be delivered via short webinar updates and supplements to the comprehensive training undertaken by staff when they join the firm. When multiple systems are deployed gaps in AML and ABC procedures can be unavoidable. We help our clients ensure they have a consistent end-to-end process based on a single platform.


Conclusions from the Thematic Review The FCA review on Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Asset Management and Platform Firms uncovers a number of concerns and overall the FCA is unhappy that “Given our strong regulatory focus and previous publications on AML and ABC we expected firms to have taken more action to ensure their controls reduced the risk of money laundering and bribery and corruption.” The FCA highlights the various approaches taken to AML compliance by firms across the review sample and particularly “where the firms were part of major financial groups, which should have been aware of our expectations. In some cases, the firms we visited were from groups that had been subject to previous regulatory attention but we still found significant weaknesses.” The FCA expects improvement and for firms to take note of the reviews findings and other guidance within the FCA Financial Crime: a Guide for Firms.

Further Reference

Financial Crime: a Guide for Firms (Financial Conduct Authority) FCA compilation of good and poor practice from a number of thematic reviews http://fshandbook.info/FS/html/handbook/FC/link/PDF Bribery Act 2010 - Guidance on compliance (British Bankers Association) BBA’s sector guidance to help firms tackle the UK Bribery Act http://www.bba.org.uk/media/article/bribery-act-2010-guidance-on-compliance Guidance about procedures which relevant commercial organisations can put into place to prevent persons associated with them from bribing (Ministry of Justice) Official UK guidance to accompany the Bribery Act 2010 http://www.justice.gov.uk/downloads/legislation/bribery-act-2010-guidance.pdf A Resource Guide to the U.S. Foreign Corrupt Practices Act (US DoJ and SEC) Official guidance for the US Foreign Corrupt Practices Act http://www.justice.gov/criminal/fraud/fcpa/guidance/ Guidance (Joint Money Laundering Steering Group) JMLSG anti-money laundering guidance for the UK financial services sector http://www.jmlsg.org.uk/

“There is still work for most firms to do to ensure bribery and corruption risks are appropriately mitigated.”


http://fshandbook.info/FS/html/handbook/FC/link/PDF

http://www.bba.org.uk/media/article/bribery-act-2010-guidance-on-compliance

http://www.justice.gov.uk/downloads/legislation/bribery-act-2010-guidance.pdf

http://www.justice.gov/criminal/fraud/fcpa/guidance/

http://www.jmlsg.org.uk/

How LexisNexis helps organisations comply with AML CDD obligations LexisNexis risk solutions can protect your business in a number of ways – we simplify the compliance process, we reduce the related costs and we enable an effective risk based approach based on the right information at the right time. Our fast, intuitive solutions do not require any additional IT investment or training. All searches are time and date stamped providing you with the audit trail you need for the regulator.

Manage enhanced due diligence checks on new and existing parties Search on a company, individual or country through our online due diligence solution. Lexis Diligence® searches global news and business information, sanctions and PEPs delivering accurate and relevant matches immediately. Results can be saved, printed or put into a report to enable a decision to be made on whether to progress the relationship.

Be confident that your decisions are based upon content you can trust, and save valuable time with account opening or third party due diligence checks.

Lexis Diligence is used by the world’s top five banks, law firms and blue chip companies to mitigate risk every day. Achieve a competitive advantage by speeding up the client acceptance process whilst maintaining necessary controls.

Conduct ongoing screening of existing customers Monitor customers and other third-parties through LexisNexis Bridger Insight XG. Stay compliant and safeguard your organisation’s reputation by regularly monitoring high risk customers in case their status changes, as per your risk-based approach.

Simply upload all the customers you need to monitor to LexisNexis Bridger Insight. You can screen as many companies and individuals as you need in one transaction. The list will be screened against our global sanctions, watch lists and PEP data and the results file returned for review. Any matches are clearly highlighted so that you can choose which alerts would merit further investigation in Lexis Diligence.

Our superior fuzzy-name matching algorithm ensures better matches saving you valuable time and money investigating irrelevant results.

Monitor high risk customers across the media Monitor news across all key media on your high risk third parties through your own early warning system.

Fuzzy matching is not used, ensuring you only get the relevant results you need to see. Automated monitoring enables you to anticipate and mitigate any financial and reputational risks to protect your organisation.Using a unique mix of multi-lingual data mining and sentiment analysis techniques, supplemented by our in-house analysts’ expertise, LexisNexis® Analytics automatically monitors internal, online and press coverage through a single interface.

LexisNexis Analytics can also be used to monitor competitor movement, partner’s reputations and key customers and suppliers, arming you with invaluable insight.

Trust LexisNexis to protect your business LexisNexis has a world-class reputation for providing professional firms with critical business tools. For over 30 years we have been pioneers in risk management and intelligence. Our solutions are used internationally by over 75,000 organisations.To find out more about how LexisNexis can help your business:

t. +44 (0) 20 7400 2809 e. [email protected] w. www.lexisnexisrisk.co.uk

These materials are not intended to provide legal advice for specific circumstances and should not be relied upon in place of professional advice and judgment. © 2013. Reed Elsevier (UK) Ltd. All Rights Reserved.

anti-money laundering and anti-bribery and corruption systems & controls: asset management and...

Economy & Finance

financial conduct authority

sanctions systems

corruption systems

abc systems

risk assessment process

risk assessment activity

money laundering controls

systems