E.U. proposals look to strengthen and support Group-wide AML/CTF risk policies and management | Wolters Kluwer Financial Services
  • Insights

  • E.U. proposals look to strengthen and support Group-wide AML/CTF risk policies and management

    by Steve Blackbourn

    Published July 13, 2017

    The U.K., like other E.U. Member States, is currently grappling with the imminent implementation of a range of changes to its anti-money laundering and counter terrorist financing (AML/CTF) regime, under the latest iterations of the respective E.U. AML Directive (4MLD) and separate Fund Transfer Regulation (FTR). These collective developments and measures (known as the ‘MLR2017’) will see firms having to review and potentially amend their own internal arrangements and practices to ensure continued legal and regulatory compliance from mid-2017 onwards.

    Amidst this period of change, a further consultation exercise began at the end-May 2017 with a paper issued by its joint committee of European Supervisory Authorities (ESA’s). This seeks to specifically highlight and focus on how credit and financial institutions need to and are being encouraged to adopt effective Group-wide risk-management systems which reasonably forestall or address their vulnerability to being used for financial-crime and/or terrorist purposes.

    A matter of joined-up thinking and approach 

    The joint consultation (see JC 2017 25) covers a range of draft Regulatory Technical Standards (RTS) made by the respective E.U. regulators for banking (EBA), securities investment and trading (ESMA) and insurance and pensions (EIOPA) business activities. This is deliberately intended to provide a consistent approach and platform to harmonise standards and practices across all the dominant and critical areas of the financial-services market. And this especially applies and is directed at those entities that might be subsidiary or branch entities of a bigger global or cross-border Group organisation and structure(s).

    It specifically contains proposals to address the means and measures that such financial and credit institutions are still required to consider and adopt in regard to them adequately handling and mitigating the risks and circumstances associated where Group-wide policies and procedures are not permitted from being successfully applied or adhered to due to the legal and regulatory regime and limitations operating in any other ‘third country’.

    This development builds on the requirements under the latest update to the E.U.’s AML/CTF Directive (2015/849) to essentially establish additional policies and procedures that may be appropriate and necessary when an entity e.g. branch or subsidiary, is part of a Group but cannot consistently or effectively adopt or adhere in practice to its Group arrangements in any third-country due to prevailing circumstances. This could include circumstances where the related third-country laws or regulatory regime(s) effectively prohibits or restricts the implementation of Group-wide AML/CTF policies and procedures OR indeed where any restriction in access to the information held by effected entities by competent authorities is likely to be curtailed or hindered by the regime and environment operating within any third country.

    The respective regulatory technical standards (RTS) therefore seeks to establish and clarify the minimum considerations and actions that affected firms should take, with the hope of creating an more coherent and harmonised approach on this matter across the E.U. financial sector.

    Minimum requirements and expectations

    Under the generic risk-based approach embodied in both global and other more local inter/intra jurisdictional systems, it continues to be recognised that firms can reasonably adopt a variety of approaches and tools in ensuring it adequately identifies, understands and manages any prevailing and realistic AML/CTF threats and exposures. However, it remains an imperative that firms can properly evidence, justify and articulate how its own approach and processes effectively and proportionately work and deliver compliance in forestalling firms being used for financial-crime and terrorism purposes.

    The overarching arrangements under the relative E.U. Directive and/or Regulation requirements will typically extend across matters such as customer due-diligence (CDD), transaction monitoring and reporting and associated internal recordkeeping and governance control and oversight etc. However, under the proposed arrangements now under consultation, financial firms and credit institutions who exist or operate in any wider Group-structure will be expected to ensure their internal arrangements manifestly exist to manage and mitigate any risks.

    Firstly, those organisations under any Group structure will need to objectively analyse and assess the extent to which any third country might prevent or curtail the application of all or any part of its own Group-wide policies and procedures. Typically, this might result from some national/local legal systems that might be somewhat lower than any Group standard or provision. But it could also result from other local practices or controls that might for example arise from local restrictions in information sharing, data protection or even intentional secrecy provisions and rights.

    In regard to specific minimum and/or additional considerations firms should make and address, it is proposed these might include (but is not limited to):

    1. Creating and maintaining an assessment of any specific AML/CTF risks to the Group opposed by each/any third country.     
    2. Contemplating and creating robust and reliable mechanisms to overcome certain legal obstacles and concerns, such as the adoption of formal consent arrangements with customers’ legal/beneficial owner(s) regarding the ability to obtain and share information where appropriate.  
    3. Establishing and implementing any actions and procedures which the firm/Group deems is necessary and justified in being imposed at a Group-level regardless of specific local requirements. This might include the necessary and effective enhanced due diligence (EDD) in regard to customer and/or transactional situations regarded as presenting higher risk(s), and might extend to the standard adoption with senior-management approval of existing and ongoing specific higher risk business and even occasional transactions involving any third country.
    4. Undertaking proper legal and regulatory risk assessment of policies and procedures to mitigate against obvious legal and contractual rights of natural persons (individuals) or entities concerned.  
    5. There may also be a need to share and notify any Group or entity level regulators and/or other authorities of any adverse analysis judgements, and plans to address any conflicts and concerns identified or arising.     

    To properly meet the expected requirements, firms affected will also be required to suitably engage relevant senior-management and more generally staff too, in ensuring any outcomes and changes are duly reflected within the related policies, procedures and risk-management indicators and documentation. And perhaps most importantly, where firms cannot gain (or provide) assurance in effectively managing any AML/CTF risks, then they might then have to contemplate restricting or even closing down affected relationships, and/or also ensure that entities providing services or products within the wider Group to mutual customers do not rely on due diligence and/or monitoring performed by any branch or subsidiary in a third country. 

    Next steps and horizon-management

    The current consultation period ends in mid-July 2017, after which it is expected that any final and EU ratified provisions will then be quickly put into force.

    Any final regulatory technical standards emerging in this area do of course sit alongside the wider provisions of the related E.U. AML/CTF Directive and Regulations e.g. the impending changes coming in under the MLR2017 and specifically those under the latest 4MLD (2015/849) and the evolving and underlying global standards propounded by the Financial Action Task Force (FATF) as may be amended going forward. Obviously, such a development and its considerations and implications will also equally apply in regard to any forward and strategic planning and decision-making in regard to those circumstances where Group firms are expected to establish new branches or subsidiary entities in any third country.

    About the author: Over a 25-year career Steve Blackbourn has undertaken various operational and regulatory roles at senior-management level in a range of international financial services organisations before becoming established as a U.K.-based compliance and financial crime consultant in 2008. Steve has held key positions within a global bank assurance group, an Advanced Risk-Responsive Operating FrameWork (ARROW) supervisory inspection team at the UK FSA and an international life/pensions and investment organisation. Steve has worked and continues to work alongside Wolters Kluwer in delivering project-specific as well as rolling consultancy support services with mutual clients. He is also a regular monthly contributor to Wolters Kluwer Financials’ Compliance Resource Network. In addition, he also works with a range of direct clients applying his broad scope regulatory-compliance and financial-crime background and skills to deliver a reliable and quality service with an emphasis on practical approach and commercial orientated solutions.

  • Please take a moment and tell us what you think of our content.