Anti-Money Laundering (AML)
What is an AML policy?
Anti-money laundering policy involves a number of measures used by a financial institutions to stop the reintroduction of the proceeds of illegal activities. The implementation of such rules is mandatory and overseen by regulatory authorities.
Who regulates the process?
Business AML policy is often a combination of the FATF recommendations and locally introduced laws. The location of a business determines the regulatory authority that oversees the implementation of the appropriate controls and issues fines for non-compliance. For example BaFin in Germany, FINTRAC in Canada, and MAS in Singapore.
AML policy (8 steps)
The AML Policy is based on the US Bank Secrecy Act (BSA), EU 4th Anti-Money Laundering Directive (AMLD4), and FATF recommendations.
Step 1: Defining the purpose of the policy
First, a business must introduce three main statements.
- Definition for money laundering and terrorist financing;
- Reasons why the policy is necessary;
- Regular regulatory reviews to stay within regulatory demands.
These are the three pillars on which a company builds the foundation for everything else.
Step 2: Appointing an AML officer
At this point, a business needs to nominate a compliance officer — a company member responsible for everything concerning the business’ AML program. It needs to state their name, qualifications, and responsibilities.
Step 3: Reporting to the Financial Intelligence Unit (FIU)
Here a company describes how they will be able to satisfy financial intelligence units and law enforcement requests for information on criminal activity. A company must describe its actions and the procedures that will be initiated upon such a demand from the authorities. Also, how the company is going to document the situation.
Step 4: Sharing data with financial institutions
This part is dedicated to the process of sharing the accumulated AML data with other financial entities to identify and prevent money laundering elsewhere. The policy must describe a secure and confidential process that will not allow for data leaks.
Step 5: Screening across sanction lists
Before entering a business relationship or opening an account for a client, financial companies must verify that the person they are working with is not on any sanction or blacklist, such as the US Specially Designated Nationals List (SDN).
A company must state what would be the standard procedure for checking their clients through these lists and establish their awareness of the latest changes.
Step 6: Verifying a client’s identity
Identity checking is the central part of an AML compliance policy. Here a company must specify a list of comprehensive and reliable measures that will help them accurately verify the identities of their clients upon opening an account or registering with their service. There are 8 major points to correctly establish this part of a business AML policy.
1) What personal data is gathered?
The first step of identity verification is to ask a person to submit the relevant data. The company must determine what data they will find sufficient for the check of individual, corporate and high-risk clients.
2) What if a client submits false data or no data at all?
There are many cases of people rejecting to share sensitive information for fear of data leaks. For that, a company needs to state how it will handle cases when a customer intentionally rejects the request for information or submits a false name, address, etc.
3) What is done to verify the information?
A company must state the means they will use to verify their clients’ identities. It could be via documents, biometrics, or both, and with the use of a verification software, or manually.
4) What is the time limit for the check and the waiting list terms?
Here a company must indicate how long it will take to verify a client and their policy regarding the restriction on transactions for unverified accounts.
5) What if a client can’t be verified?
An AML policy must include a strategy for those occasions when a client is impossible to identify — restrict them from opening an account, limit their transactions, or block them entirely.
6) What is done to keep record of AML processes?
This part refers to the measures taken to keep track of all AML-related procedures and documents, including the format of identity verification and its results. A company should also mention how long these documents will be kept (according to the relevant regulatory requirements) – under BSA and AMLD4 it is 5 years.
7) What is the client notification process?
Here a company describes the system they use to adequately notify clients about the necessity of identity verification and its results.
8) What if identity verification is outsourced to a third party?
The last point under identity verification would be to describe the process of client identification and information handling if the data is verified by a different organization.
Step 7: Performing customer due diligence (CDD)
This step is about the measures taken as a part of CDD for those identified as beneficial owners, senior management, politically exposed persons (PEP), etc. A company should also specify the basis of its risk rating system, how it determines whether the case requires simplified due diligence, customer due diligence, or enhanced due diligence.
Here, it would be necessary to add when a customer triggers adverse media or sanctions list checks, and be subject to ongoing monitoring.
Step 8: Filling out suspicious activity reports
Lastly, a very important part of an AML policy is to promptly respond to the detection of suspicious activity and correctly form a compliant declaration—Suspicious Activity Report (SAR). A company must specify the necessary information that needs to be mentioned in the report alongside the deadlines. As an example, BSA gives 30 days to file a report before issuing a fine.
What are OFAC sanctions?
OFAC sanctions are diplomatic, economic and trade regulations enforced by the United States of America and targeted against terrorism, drug trafficking, foreign regimes, mass destruction weapons proliferation, or any countries, individuals and entities engaged in activities that threaten the US foreign policy, economy or security.
To give an example, sanctions can be:
- restrictions on financial transactions;
- investment bans;
- arms embargoes;
- trade barriers and tariffs;
- import/export bans on goods;
- travel bans;
- freezing of assets.
OFAC sanctioned countries and how to work with them
The Office of Foreign Assets Control (OFAC) sanctions list is periodically updated and as of today includes the following regions and countries:
- Cote D’Ivoire
- Democratic Republic of Congo
- North Korea
Any individuals, entities or companies acting on behalf, controlled or owned by these targeted countries are directly subjected to case-related sanctions such as barring certain parties from operating in the US, prohibiting financial transactions and declaring a travel ban. Specially Designated Nationals — is a collective name adopted for sanctioned individuals falling under these restrictions.
To decrease manual OFAC checks, companies use automated solutions like AML/KYC software that covers more than 200 countries and territories with 100% of profiles checked for updates daily.
Sanctions are defensive, restrictive measures taken by our governments to shield us from financial crime. These sanctions are mainly aimed at individuals, entities, or even countries in general, those that pose a potential threat as a result of certain factors such as the involvement with criminal or terrorist activities.
These high-risk, sanctioned actors are formed by different governments and divided into type-of-threat sanction lists available for public reference. The most powerful peacekeeping regulator to make a sanction list is the United Nations.
What are UN sanctions?
The UN sanctions list was introduced by the United Nations member countries and organizations to prevent terrorism, weapons proliferation, oppose human rights violations or violations of international treaties, money laundering, deliberate destabilization of sovereign countries, narcotics trafficking, etc.
Depending on the situation, these sanctions put restrictions on economic, cultural, trading, or diplomatic relationships. An example of a UN sanction is the U.S. long-standing embargo on all commercial activity with Cuba.
The UN list includes such countries as Afghanistan, Central African Republic, Democratic Republic of the Congo, Democratic People’s Republic of Korea, ISIL and Al-Qaida, Iran, Libya, Mali, Somalia, Sudan, and Yemen.
What are the UN sanction types?
There are five main types of sanctions.
This is the end of cooperation, involving removals of diplomatic ties such as a country’s embassies and councils, and exiting joint cultural events.
Trade bans and various forms of trade barriers such as tariffs are placed on certain goods such as food, weapons, medicine, etc.
Restrictions are placed on travel, which could be anything from a comprehensive ban on travel by all nationals of a country, a ban on travel to rebel-held territory within a country, or an aviation ban on all flights into or out of a country.
The disqualification of a certain nation from participating in international events, sports, and cultural boycotts is used as a way of psychological warfare.
These restrictions result in sanctioned nationals and companies not being allowed to conduct monetary transactions or business interactions with certain UN countries.