Press Image

Thomson Reuters Regulatory Intelligence: AML/KYC due diligence protocols for effective cross-border compliance

The seriousness of efforts to prevent money laundering has been emphasised by U.S.
Bancorp's $613 million settlement with the Treasury
Department's Office of the Comptroller of the Currency and the Federal Reserve, for inadequate
AML controls.

U.S. Bancorp failed to detect many suspicious transactions and later sought
to conceal its mistakes from regulators. Banks and other financial institutions worldwide now
operate in a zero-tolerance regulatory environment where governments increasingly demand
effective due diligence on prospective and established clients.

The International Monetary Fund (IMF) has estimated that $600 billion per year is
involved in international money laundering supporting terrorism, criminal fraud, graft,
slavery and other illegal activity.

Targeting opaque ownership
International regulatory efforts, coordinated by the Basel Committee on Banking
Supervision and the Financial Action Task Force on Money Laundering, have now attacked
opaque ownership structures such as beneficial and nominee ownership arrangements, trusts, and
bearer securities. These structures can be used "by criminals, kleptocrats, and others looking to
hide ill-gotten proceeds to access the financial system anonymously", the Financial
Crimes Enforcement Network (FinCEN) said when implementing its new regulations under the U.S.
Bank Secrecy Act.

Country-specific regulations, as typified by FinCEN's Customer Due Diligence Requirements
for Financial Institutions, now scheduled for implementation on May 11, 2018, set
increasingly tight standards for identifying owners of such beneficial and nominee owner entities,
and mandate customer risk profiles in an effort to stop money laundering.

Increasingly stringent AML and know-your-customer (KYC) standards make cross-border
financial services yet more challenging when financial institutions follow or accept
customers into new national or regional markets with different customs, cultures, laws and
personalities. Entry into such new markets also invokes additional agency KYC requirements
such as the
U.S. Internal Revenue Service's qualified intermediary withholding agreements involving other
countries. As a result, AML and KYC requirements will complicate the expansion of
international financial services by adding significant risk assessment responsibilities.

The definition of a financial institution: broader than banks

The definition of financial services providers subject to AML and KYC requirements is broad,
and some entities contemplating expansion into other countries or regions may not know they are in
scope. Besides the predictable classification of commercial and private banks and trust
companies, the requirements also apply to credit unions, thrift institutions, brokers or
dealers in securities, insurance companies, investment banks and investment companies, and,
surprisingly, to travel agencies and pawn brokers, to dealers in precious metals, stones and
jewels, and to auto dealerships and real estate brokers.

Best practices in new markets

Local customs, practices and personalities in new jurisdictions where existing or prospective
customers operate by acquisitions, mergers, or other business entry strategies, present a more
formidable challenge to increasingly strict anti-money-laundering regulation and the KYC
requirements designed to identify questionable financial services customers. Compliance
professionals must therefore implement and follow best practices. FinCEN has determined
that such best practices meeting minimum customer due diligence (CDD) criteria include:
Identifying and verifying the customer's identity;


identifying and verifying the identity of beneficial owners of a minimum 25 percent individual
ownership of legal entity customers (namely, the natural persons who own or control legal
entities);
understanding the nature and purpose of the customer relationship; and

conducting continuing monitoring of the customer.
Implementing the CDD criteria against prospective and existing customers presents a practical challenge. Financial institutions
must:
- verify customers' identity through collection and validation;
- screen customers' and associated parties' names against adverse information databases, including politically exposed
persons (PEPs) and sanctions lists;
- identify the ultimate beneficial owner (UBO) and senior management persons;
- publish customer records with risk rankings based on strict verification, screening and validation processes; and
- automatically and regularly screen existing customers, and investigate any changes such as mergers or acquisition of
businesses in such customers' records.

Mandatory risk assessments in new markets
Once identified, KYC requirements must assess the customer's AML risk by considering the complexity of the customer's
ownership structure; whether the customer operates in a closely regulated industry such as aviation; where the customer is
based, and whether that jurisdiction has effective AML regulations or known levels of corruption; whether the customer's
business is cash-based; whether the customer's ownership structure includes hidden ownership through trusts, nominees, or
bearer shares; and whether the financial institution has a direct, face-to-face relationship with the customer or its ownership.

The customer conundrum
These CDD and KYC requirements can be time-consuming and difficult for customers to understand and accept. Thomson
Reuters' independent survey, KYC challenges in 2017: A focus on the impact of global regulations in the United States,
reported an average 27 days for a financial institution to accept a new customer.
Twelve percent of the survey respondents reported changing banks after experiencing KYC issues, and 26 percent of the
respondents criticised "inconsistent requests for information and documents", while 37 percent decried the lack of any common
standard during the CDD effort. Financial institutions ultimately bear the brunt of much customer frustration. Besides better
communication of the regulatory reasons for such delays and complexity, financial institutions must pursue the most effective
and efficient CDD processes in their AML and KYC compliance efforts.

The future of compliance
Automation, through algorithmic applications, should inevitably shorten time-consuming CDD procedures. Financial institutions
must, however, regularly monitor such applications while keeping abreast of regulatory requirements in the never-ending catand-
mouse dynamic between established governments and corrupt individuals, organisations, and rogue regimes. Such efforts,
and the predictable complications virtual currencies will generate, require continuing and costly investments in staffing and
training. Financial institutions may take some comfort in knowing that effective compliance programmes are barriers to entry
that help create valuable franchises.

Although time-consuming and exacting, the CDD and KYC requirements can benefit compliant customers. A rigorous CDD
programme can help identify customer compliance issues, risks, and other concerns, including Foreign Corrupt Practices Act
issues and their counterpart requirements in other jurisdictions, embezzlement, fraud, and other criminal and civil damage.