Question of the Month
As you have probably
guessed from the format of this website, I am not
technically gifted. However, I do very much like the
idea of a forum where interested readers (hopefully those of
you working in the world of money laundering prevention) can
discuss topical issues of concern. My website design
skills are not up to creating a bulletin board, but what I
propose is this:
- Every month (when
possible - sorry for the recent hiatus) I will
post a Question of the Month.
- If the spirit moves
you, send me an email to express your view on it.
- As these emails come
in, I will post their content on this page. The
default is that I will not say who has submitted the
comment; if you want me to attribute your thoughts to you,
please make that clear. And I will undertake not to
edit what you say - unless I fear that publishing your
comments "as is" could be considered libellous....
I have no idea whether
this will work, but I'm happy to try it for a couple of
months.
Past
Questions of the Month
January 2007: Money laundering
conferences
November 2006: Data protection
October 2006: Guidance notes
September 2006: Introduction
certificates
September 2007 - Who would be an MLRO?
In the current climate of
every changing legislation and regulation, the demands
placed upon an MLRO are increasing rapidly. These changes
necessitate a required level of expertise particularly with
the penalties for mistake or error being so severe. Has the
time come for businesses to consider the appointment of an
MLRO as a key independent position requiring specialist
skill and expertise? Too often the size and scale of
business causes the responsibility to be shared with other
duties. My question is therefore very simple: in view of
the previous comments, who would want the job and what will
happen if a business has no-one to fill the role?
(Thanks to a Guernsey reader for supplying this question.)
To have your say on this issue, please
email Susan.
January
2007 - Are money laundering
conferences worth attending?
Quite a large proportion of my paper
mail and email this month has been adverts for forthcoming
money laundering conferences and shindigs - I think spring
is a popular time for these events. Do you attend such
events regularly? Do you find them value for money?
Why do you attend - for the content, or for the networking?
(Or to get out of the office for the day?) If you do
not attend, why not? And if you were Ruler of the AML
Universe, what would be your ideal conference (and sadly I
doubt Cameron Diaz or Daniel Craig could be enticed to
attend)?
To have your say on this issue, please
email Susan.
Responses (most recent first)
From the MLRO of a firm of accountants in Guernsey -
22 January 2007
"Primarily, one attends these things to be able to
demonstrate that one is up to date, and attending CPD
courses in the field of AML. This pleases the
regulators. A secondary reason is to actually keep
up to date (which I do mostly via reading and discussion).
Someone might just say something that sticks, or makes you
think about a client or situation in a new way.
Networking is nice, but pretty much a tertiary matter.
A good lunch comes next in importance.
"Time
away from office I can take anytime as I'm a proprietary
director of our firm.
"Value
for money is a difficult concept, If I come away
feeling that the "going through the motions" bit was
achieved, that's OK, but not VFM. If I felt
challenged, and had to think a bit, I feel a lot better.
If I get both, and a good lunch, and the course was
reasonably priced I'll come back and send the staff to
lower level versions of similar courses. I have done
that with Thinking about Crime Limited, so you are doing
something right. I'm also using your website, so
more points there. Lunch was a bit dodgy last time,
if I remember correctly. Your presentations are
usually marked by an excellent personal delivery - an area
others could learn a lot from.
"If I
were the supreme being, I would prevent all crime and
therefore ML in the first place, and make myself vanish in
a puff of logic. As I am evidently lacking some
powers in this area, I will try to address your question:
I prefer a day to start about 9.30 and finish mid to late
afternoon. I like to be with people who know what
they and I should be doing - peers in other words
(although I am, of course, peerless). Nothing worse
than being on a course where one knows it all backwards
already. There must be some interactivity sessions,
or group working ( I hate both, but one picks up a few
things). Must be news, too. And a bit of
history. Some iconoclastic pops at authority.
Some humour. Some real life examples (these are
difficult, as although real, they often do not bear any
semblance of real working life to two thirds of the
attendees). Some local interest (particularly
offshore items for me). Some input from regulator
or FIU (or launderer? - some computer hackers now lecture
on prevention - why not launderers?). Crisp,
engaging and intelligent delivery. Top all that off
with a voluntary, sit-round debriefing session in the bar,
or over coffee."
Back
to top of page
November
2006 - How does data protection interact with AML?
Since a brief guidance note issued in
April 2002 (click
here to read it), HM Treasury has been rather quiet on
the issue of how the Data Protection Act 1998 interacts with
the Proceeds of Crime Act 2002, the Money Laundering
Regulations 2003 and the FSA's Rules. Have you found
this to be an issue in your institution? For instance,
what do you do about SARs - keep them in client files and
remove them if you receive a Subject Access Request?
Keep them elsewhere and not refer to them anywhere in the
client file? And how do you reconcile the requirement
of the DPA to keep only the information that you need to
provide a service to your clients, with the requirements of
our AML regime to collect as much information as possible in
order to assess risk and guard against money laundering?
To have your say on this issue, please
email Susan.
Responses (most recent first)
Back
to top of page
October
2006 - Should guidance notes be prescriptive or flexible?
In the recent months, we have seen a
flurry of guidance notes being issued - UK in January,
Jersey in May and Guernsey promised soon. This has
reignited an old debate, which has yet to be resolved.
Do you think guidance notes should provide full detail and
prescription (e.g. you must train all of your staff at least
once a year) or just a flavour of what is expected (e.g. you
should train relevant staff at appropriate intervals)?
How does this fit with the risk-based approach that is being
widely adopted? And, as an MLRO, have you found it
hard to get budget to implement measures if they are not
strictly required by guidance notes?
To have your say on this issue, please
email Susan.
Responses (most recent first)
Back
to top of page
September 2006 - Introduction
certificates
I have recently been asked by a client
to look into the issue of introduction certificates,
and it has got me thinking. Do you think these are
worthwhile? Does your institution accept and/or issue
them? Should the wording of introduction certificates
be agreed on a national or international level? What
do you see as the main advantages and shortcomings of a
system whereby (in effect) institutions can perform KYC
checks on behalf of other institutions? Should there
be geographical limits to such a system? Can you think
of a viable alternative to an introduction certificate?
To have your say on this issue, please
email Susan.
Responses (most recent first)
From a bank in the UK - 12
September 2006
"Our
concerns lie primarily within the UK, following this
year's revisions to the JMLSG Guidance. It appears from
the Guidance that we are all now encouraged to begin
placing reliance upon these (renamed) Confirmations. My
own concern with this stance however stems from the
simultaneous introduction of the Risk-Based Approach,
now being adopted by firms. If Introducer A has offered
a client a product by certain means, which when assessed
is (quite legitimately) defined within that firm's
environment as being at the lower end of the risk scale,
the diligence carried out is likely to be minimal rather
than extensive. Should that party then introduce the
client to Bank B, providing a Confirmation and no
accompanying copies/details of the actual checks carried
out, how can the receiving institution be satisfied that
the checks undertaken by the introducing firm will meet
its own standards for the product/service they will be
offering this customer? The circumstances could quite
feasibly be categorised at a higher risk level within
the receiving firm and therefore be subject to stricter
levels of diligence.
"We would be keen to accept Confirmations from firms of
satisfactory standing who are domiciled within the UK
(and indeed comparable jurisdictions) - however we feel
that in order to ensure our own standards are met, we
would prefer to be provided with accompanying detail as
to the checks that have been carried out. We would then
decide whether or not any additional diligence is
required once we have risk-rated the customer and could
then determine whether the work carried out to date by
the introducer is adequate to meet our own standards.
"Recent feedback received indicates that many IFAs and
other introducers are now keen to follow the new JMLSG to
the letter and cease providing copies (or even details) of
the checks undertaken. This leaves receiving firms with
the difficult choice of accepting the confirmations
without knowledge of what risk-rating was applied to that
client and what level of checks were undertaken as a
result, or of requesting the supporting information and
as a result annoying the introducer and potentially losing
the business to a competitor as a result.
"I
would be keen to establish how other firms are approaching
this issue."
From a bank in Guernsey - 1 September
2006
"We
accept them from regulated entities in equivalent
jurisdictions, we are not allowed to accept them where they
are sent to us by another institution who has accepted one
for the same case. In other words they must come from the
institution who has the relationship (that might sound
obvious but when you are dealing with a mix of trustees,
investment managers, custodians and possibly brokers it can
get a little confusing as to who has what on whom!).
In all cases we are expected to get the basic details on the
underlying beneficial owner / settlor or principal
beneficiary etc and perform our own checks on them to
satisfy ourselves of their bona fides.
"Introductory certificates work well intra group where our
regulators expect us to treat introductions from within our
group in the same way as those from intermediaries etc. They
don’t work so well when the so called equivalent
jurisdiction you are dealing with has a slightly different
set of goal posts with regard to their own due diligence
requirements.
"There
is an industry standard intro cert in Guernsey for trust
companies introducing business to banks which has been
issued by the GFSC [Guernsey's regulator]. It is a start as
most trust companies don’t seem to use it or even be aware
of it, and it only covers Guernsey so is fairly limiting."
Back
to top of page
