It would seem fair to assume that after eleven years the profession has got to grips with the anti-money laundering (AML) regulations. However they remain one of the key problem areas encountered on regulatory inspections.
Perhaps the obvious reason for failing to focus on AML procedures is that firms can’t raise a fee note for such work. Some view AML as an unwelcome and onerous regulation that puts barriers in the way of helping clients, and adds no value. Consequently, some firms give scant attention to AML procedures.
However, AML regulations are a global reality, one that firms have to get to grips with. If you establish appropriate procedures, they do not need to be regarded as onerous.
Long-established clients
There was an exemption in the implementation of the Criminal Justice Act, 1994 (that came into effect for accountancy firms in the Republic of Ireland from 15 September, 2003) that meant that customer due diligence (ID checks) were not required for clients in place at that date. However, the subsequent 2010 legislation removed that same exemption. A further piece of legislation called the Criminal Justice Act, 2013 updates certain parts of the 2010 law.
The 2010 law, called the ‘Criminal Justice (Money Laundering and Terrorist Financing) Act, 2010’, came into effect from 15 July 2010 and abolished the 1994 law while it re-implemented most of its requirements and added others. Firms should now therefore have due diligence for every client and retain that documentation for at least five years after the last business transaction with that client. See the latest guidance from the professional accountancy bodies at the Consultative Committee of Accountancy Bodies – Ireland, (CAAB-I), ‘ Anti-Money Laundering Procedures Republic of Ireland’ dated September 2010. (http://www.cmf.ie/picts/Anti-Money%20laundering%20procedures%20ROI.pdf)
In many cases firms will have documentation that will satisfy the due diligence requirements (e.g. a Revenue Commissioners tax demand or Department of Social Protection correspondence and details of a client’s personal bank statement or pension scheme). If this is not the case simply ask to see your client’s photo-driving licence and take a copy, or use some other form of electronic verification to get the evidence you need, using sources like C6 (http://www.c6-intelligence.com/) or Veriphy (http://www.veriphy.co.uk/), provided the client is assessed as ‘low’ risk. Politically Exposed Persons (PEPs) as defined in the legislation (which includes relatives and business associates of such persons) must be specifically identified and treated as high risk, which means additional evidence and explanations must be documented about their financial transactions and sources of wealth. Legislation is expected in 2015 to expand the definition of PEPs to include locally resident persons who are politically exposed.
Risk assessment
The customer due diligence procedures should be risk-based. While most firms complete some form of risk assessment, many go on to ignore it with regards to the amount of AML checking they undertake. This often leads to excessive checking for some clients and insufficient checking for others. Forms need to be completed to document the risk assessment and evidence gathering process and to show its subsequent regular review and action taken, following review.
Beneficial ownership
For most clients, this is not an issue as their structure is simple and ownership is clear. However, it can be a major issue when you have structures involving anonymity, such as trusts or companies in Panama, Delaware BVI and Cayman Islands, or other offshore as well as some onshore territories using ‘bearer shares’ (the latter regarded as ‘high’ risk).
The legislation requires any client using anonymous structures or clients that you have not met face to face, to be treated as high risk. You must have the same level of identification for high risk beneficial shareholders as you do for the client’s principals/directors. Without evidence to support this beneficial ownership you cannot act and continuing to do so may lead not only to breach of the legislation but also to unnecessary professional indemnity risks.
Keeping information up to date
Often firms might have done a blitz when the new laws first came in, in 2003 or 2010, but have done little since. You must regularly review the evidence you have to confirm that it is still accurate and up to date. If there have been changes in ownership, the principals or the nature of the business then you must update your records. If everything is still valid, no updates are necessary.
Training
The regulations require staff to receive training and evidence must be retained that the staff have understood the training (so some form of written quiz is necessary). This should form part of your induction programme for all new staff. You also have to provide ongoing training to staff in recognising and dealing with suspicious transactions and keep records of these regular updates and the names of staff attending.
Conclusion
AML regulations are here to stay and failure to comply can have regulatory consequences. Therefore, it makes sense to implement procedures to ensure compliance, but with the minimum effort required.
For more information contact John at 00 353 86 839 8360 or at john@jmcc.ie