What to watch for in your anti-money laundering compliance
Over the past few months, accountants have been distracted by the new Covid-19 support schemes and may not have been thinking about their anti-money laundering and terrorist financing (MLTF) obligations and compliance with them.
However, it would be a mistake to leave this at the bottom of the list, especially as many of the risks of money laundering have increased with the changes to our lives caused by Covid-19.
The publication of the ICAEW’s 2020 anti-money laundering monitoring report provides an opportunity to look at common mistakes in compliance and therefore what action may need to be taken to avoid them. As all firms of accountants need to comply with the requirements of the money laundering regulations (MLR) most of the findings will be relevant whichever your professional body.
ICAEW carried out 1,725 reviews during 2019, the period covered by the report. High-risk firms are visited every two years, and for other firms the frequency of visits will vary dependent on risk. ICAEW’s helpline had over 1,500 calls or webchats answered to provide advice about members’ MLTF responsibilities. There is even an AML InfoBot (an artificial intelligence powered webchat) to provide answers to common questions and numerous other online resources which were accessed over 126,000 times during the year.
The report sets out common areas of non-compliance in order, with the most common failing first, as follows:
- Firm-wide risk assessments
- Updating Customer Due Diligence (CDD)
- Risk assessing clients
- Criminal record checks on Beneficial Owners Officers and Managers (BOOMs)
- Review of policies, controls and procedures
- CDD on new clients
Overall the reviews showed no breaches in the case of 309 (18%) of firms, insignificant breaches in 1,139 (66%) of firms and more significant breaches which required either follow up action or referral to the Practice Assurance Committee (PAC) at 277 (16%) of firms. This means that in 82% of firms at least a minor breach was identified, but in only 8.6% of cases was a referral made to the PAC. Fines were issued to just 38 firms, totalling £90,350.
If we now look at each of the common problems in turn, you can check that you won’t be hauled over the coals by your money laundering supervisor for similar failings.
Firm-wide risk assessment
If your first thought is that you don’t know what one is, then you probably have some urgent work to do! The MLR were significantly updated in 2017 and require all regulated firms to undertake and document a risk assessment at the level of the firm. The risk assessment must cover the core areas of:
- Delivery channels
The ICAEW has detailed guidance on how to prepare a firm-wide risk assessment, but if you are regulated by another body look at the information they have supplied. Your risk assessment will help identify in a broad sense how risky your practice is, based on the factors above. For instance, if your firm focuses on assisting Russian oligarchs who have come to the UK your risk assessment will be rather different to a focus on small local businesses and the people who run them. Your firm-wide risk assessment must also inform the individual risk assessment that you carry out on each client.
Some firms clearly remember to undertake CDD when taking on a client, but then forget that it must be updated. This is because the client’s risk may change, or indeed the beneficial owners or their names may change among other things. In order to make sure that CDD is updated, you usually need to have at least an annual check in place, as well as a policy to review and update the risk when anything significant about the client or its beneficial owners change, such as a PEP is now involved or a Suspicious Activity Report (SAR) has been made. A simple form could be completed each year showing that the risk assessment has been reviewed and updated, or that no updates are needed.
Risk assessing clients
Unfortunately, a few firms still seem to believe that CDD just means checking ID, such as a passport or photo driving licence. However, it must also include gathering information about the client to allow an assessment of risk to be done. This information is sometimes called Know Your Client (KYC) and will include the nature of what the client does, how they do it, their legal form, where their funds come from and who the beneficial owners are. The risk assessment is then used to determine how much and what verification information is needed, i.e. enhanced, normal or simplified.
Criminal record checks on BOOMs
Different professional bodies have slightly different requirements with regard to BOOMs. In all cases, a person is not permitted to be a partner, principal or MLRO if they have certain relevant (broadly financial crimes and perjury) criminal convictions. ICAEW requires firms to obtain and keep a Disclosure and Barring Service (DBS) criminal records check for all BOOMs and this will be inspected at any visit or must be supplied if requested. ACCA does not specifically require a DBS check to be done, but nonetheless it is still illegal for someone with a relevant conviction to hold a role as a BOOM, so a DBS check may still be useful.
Review of policies, controls and procedures
Life moves on, as they say and so it is essential that policies, procedures and controls are reviewed and updated as needed. For instance, the current pandemic means that there are greater risks of fraud for many clients in relation to the various support schemes set up by the government and a higher level of fraud more generally. Procedures should be adapted to take account of this, for example by adding a question to the annual review of risk form about Covid grant claims.
A regular review of should also be undertaken and this must involve (unless you are a sole practitioner with no relevant employees) a review of the adequacy and effectiveness of your policies, controls and procedures. Such a review can be done by an external provider, or internally, maintaining as much independence as possible. The review will need to include making sure you have all the appropriate policies in place and checking a sample of files to ensure those policies have been followed.
It is a requirement that all staff and partners understand the money laundering regulations, the firm’s policies and how to implement them. As part of this they must understand how to recognise suspicious transactions and make a report to the firm’s MLRO (or to the National Crime Agency, if you are the MLRO). Many firms choose to update staff annually, as information otherwise slips from the mind. It is vital that you keep records of who has had what training when and the results of any test taken.
CDD on new clients
Apart from in certain exceptional cases you must not start work for a client until all of the CDD, including both the risk assessment and the verification of information and identity, has been completed. Make sure that your procedures cover this and that there are relevant controls in place. For instance, you might block the creation of a new client code until the person responsible for CDD confirms that it is complete.
Running an accounting practice will always create a lot of compliance work, but on top of penalties for non-compliance from your professional body, there are criminal penalties, including jail, for non-compliance with the money laundering regulations. It might seem that all this is overkill but remember that in the UK the estimated cost of fraud annually in the private sector is £140bn, with about 3.4m instances of fraud.
It is naïve to suppose that none of your clients are engaged in fraud, victims of fraud, or unwittingly assisting a money launderer. This is why the regulations are there and this is why we must really think about how we comply with them to help make sure that we can play a part in making life for fraudsters, tax evaders and other money launderers difficult.
You might also be interested in
Julia Penny is the principal of JS Penny Ltd which provides technical and training consulting on anti-money laundering procedures, auditing and financial reporting. Julia is a member of ICAEW Board and Council, chair of the ICAEW Ethics Advisory Committee and past chair of the ICAEW...