AMLD IV: Prove you’re doing it right
Anti-Money Laundering systems and controls continue to make news in the wake of the high profile failures of 2012. On 5 February, the proposal for the updated EU Anti-Money Laundering Directive was finally released. The proposal imposes a number of new requirements significantly increasing the scope and volume of firms’ KYC processes likely to be required by 2014:
• Fewer due diligence exemptions – regulated institutions are now not always eligible for SDD
• PEP definition includes domestic politicians – PEPs may no longer be automatically high risk
• Disclosure of firms’ beneficial ownership – new calculation requirements and disclosures of beneficial owners
• Transaction monitoring thresholds for due diligence have been decreased by 50%
These new requirements will heavily impact customer due diligence meaning the ways firms view their money laundering risk will have to be updated in their entirety. And the burden of proving this has gone up.
Drawing heavily on the extensive review of the 3rd Money Laundering Directive, as well as the 2012 Financial Action Task Force recommendations, the 4th Anti-Money Laundering Directive gold-plates the FATF recommendations in a number of areas with the aim of tightening existing rules and increasing the scope of the risk based approach.
So what does this actually mean for firms? The risk-based approach is designed to be all about proportionality. The more risk, the greater the due diligence done. For financial services, however, it has long been considered that certain categories of client or transaction can be automatically considered to be low risk. Historically this has meant that, for example, a Tier 1 sell-side institution would likely not conduct extensive due diligence with other large, regulated (and therefore assumed to be ‘low risk’) institutions.
A number of these exemptions have been removed and AMLD IV is requiring firms to challenge the assumption that some categories can be considered low risk without any knowledge to verify that assumption. Judgement is required, and firms will be forced to defend that judgement. It may very well be the case that in the next round of regulatory visits firms will be asked difficult questions about relationships considered low risk for many years that firms will be without evidence for.
After lobbying, what will the final measures entail?
Will the directive get the Swiss, British or German finish?
What standards will be available for defining a risk based approach within the firm?
The result of this, for many institutions, will be a vast expansion in the number of clients now requiring documentation, checks, and enhanced controls. The lowered transaction monitoring thresholds will also further increase the scope and volume of due diligence checks required.
However, it’s not just these (lack of) exemptions that are increasing focus on a judgement based approach. The new definition of politically exposed persons, that has been amended to include domestic politicians and members of international organisations, has the ability to vastly increase the volumes of accounts requiring due diligence.
While a minor requirement taken in isolation, considering that the application of PEP checks now required for the client base is no longer exempt from automatic low risk status, the cost quickly rises. The identification and subsequent reviews to uncover all new PEPs within firms’ client bases, as well as new accounts, will significantly increase the cost, complexity and latency of acquiring customers.
There are still opportunities for cost savings, however. Domestic political exposure doesn’t necessarily mean an increased risk of money laundering in-and-of-itself; but PEP checks have now become another indicator of risk to be taken into consideration when making a holistic assessment of a client. Making a holistic assessment, as part of the risk based approach, requires extensive data sources, controls and rules on how to treat data. Implementing this into an automated solution may be tricky.
This article will appear in the April edition of RegTech, a regular section in Banking Technology magazine produced in partnership with regulatory think-tank JWG.
The proposed rules still require formal adoption by the European Parliament and the Council of Ministers. Thus, it is likely that implementation at the national level won’t be scheduled until late 2014. Firms will need to start the dialogue now.
AMLD IV means firms will need to know significantly more about their overall client base’s business for AML purposes. That may require investment in new staff and monitoring systems. While it may be that firms’ customers’ risk levels will remain the same, it may be very expensive to prove it.