Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Asset Management and Platform Firms
1. A LexisNexis White Paper
Anti-Money Laundering and Anti-Bribery
and Corruption Systems & controls: Asset
Management and Platform Firms.
Summary and highlights of
The Financial Conduct Authority Thematic Review
by Mark Dunn, Market Planning Manager,
Risk & Compliance, LexisNexis
November 2013
2. Index
3
Introduction
5
Governance, Culture, and MI
6
Risk Assessments
7
Specific Anti-Money Laundering Controls
9
Specific Anti-Bribery & Corruption Controls
10
Training & Awareness
11
Conclusions
LexisNexis has a world-class reputation for providing critical business tools.
For over 30 years we have been pioneers in intelligence and risk
management. As a digital pioneer, the company was the first to bring legal
and business information online with our Lexis® and Nexis® services. Today,
LexisNexis harnesses leading-edge technology and world-class content to
help professionals work in faster, easier and more effective ways.
Our solutions are used internationally by financial services, legal and
accountancy firms and blue chip multinational companies to enhance
business decision making, fulfill regulatory requirements and for premium
information research.
LexisNexis serves customers in more than 100 countries with 10,000
employees worldwide.
3. Introduction
In October 2013, the UK Financial Conduct Authority (FCA) published their thematic
review – Anti-Money Laundering and Anti-Bribery and Corruption Systems &
controls: Asset Management and Platform Firms – describing the steps banks and
other financial services firms in the UK take to control money laundering and
corruption risks in asset management and platform business and setting out the
findings from their recent assessment.
The FCA’s latest review assessed the systems & controls
implemented by firms to tackle anti-money laundering
and anti-bribery & corruption within asset management
and the platform sector.
The review was started by the Financial Services
Authority in 2012 and continued by the FSA’s successor
the Financial Conduct Authority. The FCA met with 22
firms including wealth and asset management firms,
fund administrators and platform firms. The sample of
firms selected aimed to reflect the asset management
and platform sectors as a whole and as a result firms of
all sizes and with different business models were
included in the review.
The FCA makes it clear in the report’s introduction that
this review focused specifically on the adequacy of
firms’ “AML systems & controls (including account
opening, transaction monitoring, and suspicious activity
reporting to mitigate money laundering risks); and ABC
systems & controls (including the use of business
introducers, third party payments, and gifts and
entertainment arrangements).”
Unlike early thematic reviews, the report does not focus
on firms’ systems & controls for complying with financial
sanctions regimes.
Overall, the results of the review highlight consistent
areas of concern as the report states:
“Although we found some good examples of money
laundering and bribery and corruption risk management,
we found a number of common weaknesses across the
firms in our sample. Given the communications we have
issued on AML and ABC, we expected the industry to
have done more in ensuring they had suitable systems &
controls in place.”
The FCA also highlights examples of common risks
associated with money laundering and corruption
including:
“Even though these findings are from our
review of the asset management sector, we
expect all firms to have appropriate systems
& controls in place for AML and ABC.”
•
Non face-to-face business, which can be
attractive for money launderers hiding behind
stolen or fabricated identities.
•
Customers from, or with links to, countries that
are considered high risk from a money
laundering and/or corruption perspective.
•
Wealthy and powerful clients, particularly
where they insist on a high degree of
confidentiality.
•
The use of offshore trusts and shell companies
to distance beneficial owners from their funds.
•
High value and/or unexpected transactions.
•
Payments or inducements, without a clear
business rationale, to third parties.
The FCA summarises the thematic reviews findings in
the reports overview:
•
Most firms had relatively well-developed
arrangements for the ownership of money
laundering and bribery and corruption risks.
However, some could not provide evidence to
demonstrate the effectiveness of senior
management oversight and challenge.
Page 3 | Summary and highlights - The Financial Conduct Authority Thematic Review
4. •
AML and ABC issues were dealt with primarily
as a compliance matter rather than as part of
proactive risk management. Failure to properly
identify and assess risk often led to weaknesses
in customer due diligence and on-going
monitoring of business relationships.
•
Most firms had a comprehensive suite of AML
policies and procedures approved by senior
management.
•
Some firms had inconsistent or absent controls
to assess, classify and record risks posed by
new customers, which meant that enhanced
due diligence and enhanced ongoing
monitoring was sometimes not carried out for
high-risk customers.
•
There were weaknesses in how most firms
acted on the outcomes of risk assessments.
•
•
Some firms considered that the longstanding
nature of some business relationships alone
was a satisfactory substitute for keeping
customer due diligence information up to date.
The FCA press release accompanying the report goes on
to say:
“We have provided feedback to those firms in our
review, but we expect all firms to consider our findings
and the examples of good and poor practice to improve
their AML and ABC frameworks where necessary. We
will be following up with some firms to discuss the
actions they should take”.
The full FCA report and press release can be accessed via
the following link:
http://www.fca.org.uk/news/thematic-reviews/tr13-9anti-money-laundering-and-anti-bribery
Identified risks were often non-measurable and
not actively monitored. This impacted the
extent to which appropriate controls were
defined to mitigate those risks.
Page 4 | Summary and highlights - The Financial Conduct Authority Thematic Review
5. Examples of good and poor practice
Governance, culture, and MI
•
•
•
•
•
•
•
Senior management roles and
responsibilities are clearly defined.
There is a clear organisational structure that
meets on a regular basis to discuss risks,
including money laundering and bribery and
corruption risks.
Risk-based quality assurance work is carried
out by the firm on a rolling basis.
The firm regularly assesses and evaluates
emerging regulatory and industry
developments and the impact(s) this may
have on its business.
The firm takes into account staff compliance
with AML and ABC obligations in
remuneration and staff incentive structures.
The firm has defined breach and escalation
procedures.
The firm implements senior management
approval procedures in relation to the
acceptance (or continuation) of higher risk
business relationships.
•
•
•
•
•
There is limited senior management
involvement and challenge in AML and ABC
compliance activities.
Management information in relation to
money laundering and bribery and
corruption risks is not collated.
Money laundering and bribery and
corruption risks are dealt with only on a
reactive basis.
MLRO reports and other MI are not
submitted in a timely manner.
There is limited quality assurance activity
carried out to review the effectiveness of
AML and ABC systems & controls.
Page 15. Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Asset Management and
Platform Firms. FCA October 2013
LexisNexis view
As AML, ABC and sanctions systems & controls converge, ensuring associated
technology continues to align to business requirements and deliver a return on
investment is often overlooked.
The growing convergence of AML, ABC and sanctions
regime compliance demands firms take a more
holistic approach to tackling financial crime risk
driven by top level commitment. Examples of good
practice illustrate where firms have proactively
aligned their business structures to best meet the
increasing challenges of evolving legislation and
industry guidance focused on reducing financial
crime. As senior management recognises the risks of
non-compliance, the associated impacts on business
reputation and the balance sheet, firms are
increasingly centralising their approach and the
resources deployed to mitigate risk. Once in place,
firms continue to regularly monitor their exposure to
risk to ensure systems & controls remain effective
and are aligned to changing business requirements,
incoming legislation and regulators’ expectations.
As AML, ABC and sanctions issues converge, it is
critical firms ensure that the technology used to
tackle such evolving risks continues to meet
expectations. Through consultation and review
LexisNexis has helped firms successfully implement
AML, ABC and sanctions systems & controls to
ensure firms’ clients and third-party agents are
being efficiently screened and monitored.
Page 5 | Summary and highlights - The Financial Conduct Authority Thematic Review
6. Examples of good and poor practice
Risk assessments
•
•
Risk assessments are used to assess the
money laundering and bribery and
corruption risks and undertaken regularly.
Processes are in place for undertaking risk
assessments including collaborative
engagement with front-line business
personnel, and adequate senior
management sign-off, review, and challenge
(including sufficient engagement at boardlevel).
•
•
•
•
•
Limited or no activity is undertaken to
identify and assess money laundering and
bribery and corruption risks in a firm.
Risk assessment activity is ad hoc and it is
not proactively undertaken to inform senior
management and/or the design and
implementation of AML and ABC policies and
procedures in a firm.
Risk assessment activity is not dynamic to
ensure firms are capturing money laundering
and bribery and corruption risks.
Risk assessments do not include an overall
assessment of money laundering and bribery
and corruption risks for a firm.
ABC risk assessments were carried out as a
one-off exercise.
Page 15. Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Asset Management and
Platform Firms. FCA October 2013
LexisNexis view
Keeping the compliance team and key staff updated with changing risk
indicators and regulator expectations needn’t be a costly and cumbersome
exercise.
The inability for a regulated firm to maintain its
risk assessment process has been highlighted by a
number of recent enforcement actions. Regulators
expect companies to be aware of changing risks in
their markets and to apply a risk assessment
process that is agile enough to be amended and
updated accordingly. This flexible approach to risk
assessment is not only important to take account
of ad hoc changes in risks related to specific
countries and entities for example, but also to be
able to quickly assign risk assessment to the firm’s
business development strategy and new product
adoption etc. Industry best practice recommends
the risk assessment be reviewed at minimum
annually. However, as mentioned above, many
firms need to ensure their risk assessment process
is flexible enough to respond to market forces.
Page 6 | Summary and highlights - The Financial Conduct Authority Thematic Review
7. Examples of good and poor practice
Specific anti-money laundering controls
•
•
•
•
•
•
Ensuring AML policies and procedures
reflect the legal and regulatory framework,
and communicated to staff in the firm.
Ensuring customer identification and
verification procedures are in place,
including detailed operational processes for
customer take on.
A customer risk classification framework is
applied consistently to assess customer risks
at the time of onboarding, and on an ongoing basis.
Identification and verification information
for customers is periodically reviewed and
‘refreshed’, on a risk-sensitive basis.
The firm has defined senior management
approval procedures for accepting new (or
continuing existing) business relationships
which pose a high risk of money laundering.
A clearly articulated definition of a PEP (and
any relevant sub-categories) which is well
understood by relevant staff.
•
•
•
•
Failure to ensure that AML policies and
procedures reflect the legal and regulatory
environment and are up to date.
Failure to conduct enhanced due diligence
(EDD) for high risk/PEP customers.
Failure to identify and verify beneficial
ownership, source of funds, and source of
wealth.
Transaction monitoring governance
arrangements are not clearly defined (for
example, in relation to the investigation and
review of transaction monitoring alerts).
Page 16. Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Asset Management and
Platform Firms. FCA October 2013
LexisNexis view
Having in place effective anti-money laundering systems & controls is long
considered the norm for any financial services firm operating within the UK
and other regulated markets.
With an EU Fourth Money Laundering Directive on
the horizon and ongoing enforcement in this area,
it is critical that firms have in place effective AML
procedures that are both proportionate to their
business risk profile and regularly reviewed to
reflect changing compliance standards.
The FCA has made it very clear that supervision of
banks’ financial crime controls will continue to be
as intensive as ever and that tackling poor
compliance or “taking action against firms that do
not meet our standards’ will continue to be a key
priority. AML compliance receives close attention
in the FCA 2013 Business Plan which heralded the
FCA’s ‘Intensive intrusive Systematic Anti-Money
Laundering Programme (SAMLP) across the highimpact firms to investigate their anti-money
laundering, terrorist financing and sanctions
systems and controls.”
Page 7 | Summary and highlights - The Financial Conduct Authority Thematic Review
8. The SAMLP (formerly known as the Core Financial
Crime Programme) aims to: “Look into the
financial crime systems and controls of 14 major
retail and investment banks every four years and
will focus on their anti-money laundering,
countering terrorist finance (AML/CTF) and
financial sanctions risks. We will also include antibribery and corruption (ABC) in the programme”.
Against this backdrop of ongoing supervisory
scrutiny and enforcement activity it is essential
firms do not neglect the technology services they
have in place to help mitigate such risks. Ensuring
screening, due diligence and monitoring services
continue to not only reflect firms’ changing risks
but also deliver business process efficiencies is key
as budgetary constraints on Compliance resources
continue to bite.
LexisNexis regularly helps firms to review their
AML, ABC and sanctions systems & controls to
ensure clients and third-party due diligence checks
are delivered in a timely and cost efficient manner.
Page 8 | Summary and highlights - The Financial Conduct Authority Thematic Review
9. Examples of good and poor practice
Specific anti-bribery and corruption controls
•
•
•
•
•
ABC policies and procedures are
documented and kept up to date.
ABC policies and procedures will vary from
firm to firm however they must address
relevant areas of bribery and corruption
risks (either in a standalone document, or as
part of separate policies).
Gifts and entertainment policies and
procedures clearly define the approval
process; include clear instructions for
escalation, definitions and guidelines for
staff to follow.
The rationale for using agents or introducers
to generate new business is documented,
and monitored through review and
assessment on a continuing basis.
The firm implements robust operational
controls to monitor, review, and approve
third party payments.
•
•
•
•
•
ABC policies and procedures are not tailored
to the business.
ABC policies and procedures do not address
other areas of bribery and corruption risk
but focuses on one area only e.g. gifts and
entertainment.
Firms do not maintain a list of third party
relationships and rely on informal means to
assess the risk.
A firm using intermediaries fails to satisfy
itself that those businesses have adequate
controls to detect and prevent where staff
have used bribery to generate business.
Gifts and entertainment activity is not
consistently monitored by senior
management.
Page 16. Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Asset Management and
Platform Firms. FCA October 2013
LexisNexis view
A primary goal for the compliance function is to have a consistent approach to
onboarding which ultimately improves customer service and provides a
competitive edge.
By auditing the local and international systems
used for ABC third party due diligence, the
business is able to demonstrate consistent
compliance. Risk solutions from LexisNexis® enable
approval of new third parties at the appropriate
level and escalation to senior management for
review when needed.
All information gathered on an entity can be
collated into one file and forwarded together with
any notes, providing an efficient and auditable
review process. A separate file is created for all
PEPs and high risk entities, making closer ongoing
monitoring straight forward and routine.
It is possible to allow Business Managers minimal
“privileges” and for any red flags to automatically
drive escalation to Compliance, ensuring an
appropriate risk-based approach at each stage.
Using PEP databases in isolation is not sufficient
and broader news checks are needed to clearly
identify associations and other high risk indicators.
Building an end-to-end workflow that looks across
broader data sets also ensures ongoing monitoring
is regular and efficient. By seamlessly combining
the initial onboarding process with an ongoing
monitoring process, all alerts can be handled in
the same manner and a consistent approach is
guaranteed.
Page 9 | Summary and highlights - The Financial Conduct Authority Thematic Review
10. Examples of good and poor practice
Training and awareness
•
•
•
•
•
AML and ABC training is delivered to all
staff, including senior management.
There is enhanced training for senior
management and staff in key AML or ABC
roles.
Training is tailored and includes practical
examples relevant to the firm’s business
activities.
The content of the AML and ABC training is
periodically reviewed and refreshed.
Staff records setting out what training was
completed and when and using those
results to test staff understanding and
quality of the training. Ensuring training
covers how to escalate matters and/or
report potential suspicions.
•
•
•
•
•
•
Senior management does not sign off or
engage in training.
New employees do not receive new joiner
training promptly after joining a firm.
The firm does not extend its AML and ABC
staff training requirements to overseas
employees who perform functions on behalf
of the firm’s UK customers.
Training is a one-off exercise. ABC training
material does not include training guidelines
in relation to gifts and entertainment limits
and pre-approval procedures.
The effectiveness of AML and ABC training is
not monitored or assessed by a firm.
Training records are not maintained and
staff are not encouraged to ensure they
meet their training obligations.
Page 16. Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Asset Management and
Platform Firms. FCA October 2013
LexisNexis view
Applying consistent, up to date and tailored training is essential to ensure staff
remains fully aware of their individual roles & responsibilities both regulatory and
ethical.
The onset of poor practices is more common when
resources are tight and adequate support is not
offered to the compliance function. LexisNexis works
with thousands of financial institutions of all sizes,
offering scalable solutions that meet the needs and
budgets of most organisations. Increasingly
organisations are being more selective in their use of
different training materials and technology to deliver
updates to staff. Training and tutorials that are
targeted to the requirements of specific personnel and
the risks they manage can be delivered via short
webinar updates and supplements to the
comprehensive training undertaken by staff when
they join the firm. When multiple systems are
deployed gaps in AML and ABC procedures can be
unavoidable. We help our clients ensure they have a
consistent end-to-end process based on a single
platform.
Page 10 | Summary and highlights - The Financial Conduct Authority Thematic Review
11. Conclusions from the Thematic Review
The FCA review on Anti-Money Laundering and AntiBribery and Corruption Systems & controls: Asset
Management and Platform Firms uncovers a number
of concerns and overall the FCA is unhappy that
“Given our strong regulatory focus and previous
publications on AML and ABC we expected firms to
have taken more action to ensure their controls
reduced the risk of money laundering and bribery and
corruption.”
“There is still work for most
firms to do to ensure bribery
and corruption risks are
appropriately mitigated.”
The FCA highlights the various approaches taken to
AML compliance by firms across the review sample
and particularly “where the firms were part of major
financial groups, which should have been aware of our
expectations. In some cases, the firms we visited were
from groups that had been subject to previous
regulatory attention but we still found significant
weaknesses.”
The FCA expects improvement and for firms to take
note of the reviews findings and other guidance within
the FCA Financial Crime: a Guide for Firms.
Further Reference
Financial Crime: a Guide for Firms (Financial Conduct Authority)
FCA compilation of good and poor practice from a number of thematic reviews
http://fshandbook.info/FS/html/handbook/FC/link/PDF
Bribery Act 2010 - Guidance on compliance (British Bankers Association)
BBA’s sector guidance to help firms tackle the UK Bribery Act
http://www.bba.org.uk/media/article/bribery-act-2010-guidance-on-compliance
Guidance about procedures which relevant commercial organisations can put into place to prevent persons associated
with them from bribing (Ministry of Justice)
Official UK guidance to accompany the Bribery Act 2010
http://www.justice.gov.uk/downloads/legislation/bribery-act-2010-guidance.pdf
A Resource Guide to the U.S. Foreign Corrupt Practices Act (US DoJ and SEC)
Official guidance for the US Foreign Corrupt Practices Act
http://www.justice.gov/criminal/fraud/fcpa/guidance/
Guidance (Joint Money Laundering Steering Group)
JMLSG anti-money laundering guidance for the UK financial services sector
http://www.jmlsg.org.uk/
Page 11 | Summary and highlights - The Financial Conduct Authority Thematic Review