There are a lot of laws and regulations regarding AML practices globally, and you might be wondering which major AML regulations will impact your business in 2019. You might also ask what are the consequences of non-compliance for companies like yours? What are the best practices according to regulators? Is automation as an approach to AML acceptable?
Sumsub helps hundreds of B2B companies from all corners of the globe to be compliant on a daily basis. Needless to say, we know a lot about regulations and legislation, so we created a guide on the main laws to help you have a clear and proper start in your company’s AML compliance program.
1. The Financial Action Task Force (FATF)
TheFATF comprises of 36 member jurisdictions and 2 regional organisations, representing most of the major financial centers in the world including the United Kingdom, United States, Singapore, the European Commission (EC) and Hong Kong.
Facts you need to know
- The role of the FATF is to set standards for AML compliance laws globally and also promote effective implementation of anti-money laundering compliance. The FATF recommendations set out a comprehensive framework of measures which most countries implement in order to combat money laundering and terrorist financing.
- The FATF recommends legal entities to conduct Know Your Customer ID verification of clients by requesting and verifying the client’s Proof of Identity. It could be a genuine photograph of the client’s official document such as a passport.
For more details on documents for a KYC process, you can read our article on KYC and its necessary steps here
- FATF guidance on AML/CFT measures known as the 2017 supplement on customer due diligence allows the use of simplified customer due diligence measures such as electronic identity verification, while appropriately mitigating the ML/TF risks.
- All records of high-risk clients should be kept for a duration of 5 years. If a company fails to keep these records within the mandatory time period, they may face fines set by local laws.
- Accounts should be regularly monitored for suspicious activities by checking if transactions exceed an established threshold, also if reasons behind said transactions are inconclusive.
- Suspicious activity should be reported to the appropriate FIU, if there are reasonable grounds that these activities are related to money laundering and terrorist financing.
- FATF recommends a range of effective sanctions, including fines, to deal with legal persons and obliged entities, that fail to comply with AML/CFT requirements.
2. The United States’ Bank Secrecy Act (BSA) | USA Patriot Act
Jurisdiction: the Bank Secrecy Act (BSA) is to assist U.S. government agencies in detecting and preventing money laundering and terrorist financing. In essence. In essence, the BSA and certain provisions in the Patriot Act comprise the AML compliance laws in the United States.
Facts you need to know
- Under the BSA, banks and other financial institutions are required to file reports of cash transactions, currency transactions (CTR) and International Transportation of Currency or Monetary Instruments (CMIRs) in the sum of USD 10,000 or more.
This sum may be attained in a single transaction or a series of transactions that appear to be connected.
- Section 352 of the USA Patriot Act requires financial institutions to establish AML compliance programs, which must include: the development of internal controls; designation of an AML compliance officer; an ongoing employee training program; and scheduled independent audits.
- In accordance with 18 USC 1956, the U.S. Department Of Justice may bring criminal actions for money laundering that may include fines, imprisonment and forfeiture actions.
Any individual, including a bank employee, intentionally violating the BSA or its implementing regulations is subject to a criminal fine of up to USD 250,000 or 5 years in prison, or both.
- A bank that violates certain BSA provisions, including 31 USC 5318(i), or special measures imposed under 31 USC 5318A, faces criminal money penalties up to USD 1 million or twice the value of the transaction.
- Legal entities should keep records of all cash transactions and inform the Financial Crimes Enforcement Network FinCEN of transactions that are linked to money laundering and terrorist financing.
In a bid to decrease the success rates of financial crimes, the BSA mandates financial institutions to make Monetary Instrument Logs (MLIs) for cash purchases of monetary instruments in total value of USD 3,000 to 10,000.
3. European Union – Fourth and Fifth Anti-Money Laundering Directives (AMLD4 & AMLD5)
Jurisdiction: The Anti-money laundering directives whose aim is to prevent the use of the European financial system for money laundering and terrorist financing purposes, is valid for all legal entities operating in the European Union.
EU Fourth Anti-Money Laundering Directive (AMLD 4)
- The 4th AML directive allows companies to employ electronic identity verification or e-KYC to verify customers remotely. This can be done through selfie-based ID verification or video-based ID verification. Here’s an excerpt from the directive in regards to e-KYC.
“…in particular with regard to notified electronic identification schemes and means that offer high-level secure tools and provide a benchmark against which assessing the identification methods set up at a national level may be checked.”
In previous articles, we discussed how different local AML laws in European countries like Germany and Austria affects electronic ID verification. Read about them here
- Article 58-62 of AMLD 4 : The consequences of non-compliance by legal entities are administrative fines of at least twice the amount of the benefit derived from the breach of AML laws, where that benefit can be determined, or at least EUR 1 million.
- According to the 4th directive, The EU Financial Intelligence Units (FIUs) are responsible for receiving and analysing information from legal entities on transactions connected to money laundering and terrorist financing.
EU Fifth Anti-Money Laundering Directive (AMLD 5)
There’s not much difference between the 4th and 5th AML directive. The 5th Anti-Money Laundering directive amends certain provisions of the 4th directive while also including its own new provisions. We’ve listed below, the important facts you should know:
- Transparency on the issue of beneficial owners of legal entities, trusts as well as the creation of central register of bank and payment accounts and safe-deposit box holders.
- Companies and other legal entities will have to keep current information on their beneficial ownership, including the level of beneficial interest held. Also the information will be sent to this central register.
- Domestic politically-exposed persons PEPs will now be subject to the same scrutiny as foreign PEPs, together with high-ranking officials of international organisations and members of the governing bodies of political parties.
- For domestic PEPs, AMLD5 allows member states to apply Customer Due Diligence (CDD) rather than Enhanced Due Diligence in those cases where there are no risk factors that indicate that a higher risk exists.
- The threshold for identifying holders of prepaid cards will be reduced from EUR 250 to EUR 150. E-Money online transactions with prepaid cards will be limited to a max of EUR 50. Member states can reduce this amount, but not increase it.
- Adding ICOs and e-wallet providers to the list of AML/CTF obliged entities in the EU. This list will also include persons involved in trading works of art or real estate property, whose value amounts to €10 000 or more.
- Increased sanctioning powers for FIUs and supervisory authorities.
- Scope of gambling will be extended to include the entire gaming sector (including remote gaming and online casinos).
AMLD 5 will be effectively put into practice on the 10th of January, 2020. Further amendments to the fifth directive are already underway at the EU, and are expected to be directed towards the harmonization of the predicate offences and the efficacy of legal prosecution procedures.
4. Hong Kong Monetary Authority (HKMA)
The Hong Kong Monetary Authority is the relevant authority under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) for supervising compliance with the legal and supervisory requirements set out in the AMLO and the Guideline on Anti-Money Laundering and Counter-Financing of Terrorism.”
Facts you need to know
- The HKMA requires obliged entities to establish AML/CFT program including procedures and controls to manage and mitigate money laundering and terrorist financing risks.
- These controls include a risk-based approach (RBA) to effective implementation of an AML/CFT compliance program.
- The company should conduct an institutional ML/TF risk assessment to identify and understand its money laundering and terrorist financing risks in relation to its customers; the countries or jurisdictions its customers are from or in; the countries or jurisdictions it has operations in; and its products, services, transactions and delivery channels.
- The AML/CFT compliance program should include compliance management arrangements; an independent audit function; employee screening procedures; and an ongoing employee training program.
- Senior management in the company should appoint a compliance officer at the management level to have the overall responsibility for the establishment and maintenance of the its AML/CFT Systems; and a senior staff as the MLRO to act as the central reference point for suspicious transaction reporting.
5. Monetary Authority of Singapore (MAS)
The AML compliance law for legal entities operating in Singapore are set out in the MAS’ Notices on the Prevention of Money Laundering and Countering the Financing of Terrorism (AML/CFT Notices).
Facts you need to know
- The obliged entity must carry out customer due diligence procedures when dealing with customers, or persons appointed to act on the customer’s behalf and beneficial owners.
- Enhanced customer due diligence procedures are also necessary when there is a suspicion of money laundering or terrorist financing or if the institution has doubts about the veracity or adequacy of any information previously obtained.
- Identification of Customers include obtaining and keeping a record of customer’s information such as full name, including any aliases, existing residential address, registered or business address and contact telephone number, date of birth, incorporation or registration and place of incorporation or registration (as may be appropriate).
- The organization must verify the identity of the customer using reliable, independent sources, and retain copies of all reference documents used to verify the identity of the customer.
- Every legal entity is also required to conduct regular account reviews, and to monitor and report any suspicious transaction.
- Under the MAS Act, a financial institution that fails or refuses to comply with the requirements of its applicable AML/CFT Notice is guilty of an offence and will be liable on conviction to a fine not exceeding $1 million.
Anti-Money Laundering compliance laws are constantly modified to match new techniques for perpetuating financial crimes. An example is the EU’s adoption of ALMD5 in response to the recent terrorist attacks in Europe and to the Panama Papers.To ensure your company is compliant with these rapidly changing AML laws, our technical and legal experts are always at your service. For more information, contact us directly.