UK Tightening Laws
The response of accountancy bodies to changes in requirements around assessment of risk and management of client portfolios could be critical in the fight against money laundering, according to leading experts
The 2017 regulations place a duty on all entities to carry out a comprehensive firm-wide risk assessment of potential exposure to money laundering. This should be robust and documented, as it will form a key part of the supervisory process
The new regulations are more prescriptive. Obliged entities must demonstrate that they’re taking appropriate, proportionate, steps to identify and assess the risks of money laundering and terrorist financing. Their assessments will need to take into account key risk factors such client, product, geographic transaction and channel risk.
The risk assessment must have senior management approval, be recorded, kept up to date and made available to authorities and regulatory bodies.
The Consultative Committee of Accounting Bodies (CCAB) recently published guidance which calls for a comprehensive set of group wide policies to manage anti-money laundering (AML) risk. Depending on the entity’s size, this could include appointing a separate compliance manager where the existing money laundering reporting officer (MLRO) is not considered to be of sufficient seniority. There will also be a requirement, appropriate to the size of the business, for those policies to be subjected to regular independent audit.
“As accountants, we attach very specific meaning to the terms ‘independent’ and ‘audit’,” says Angela Foyle, head of financial crime at BDO. “However, for the purposes of this legislation, independent does not necessarily mean external and audit does not mean statutory – it means developing a monitoring exercise that looks at the firm’s existing AML policies and procedures, and ensuring they’re acceptable.
“Firms may already carry out, for example, cold file reviews. These could now include reviews of the AML processes, which we think would satisfy that requirement.”
A further stipulation is that those whose work is relevant to compliance, or is capable of identifying, mitigating, preventing or detecting money laundering, must be subject to screening. They will be required to demonstrate suitable knowledge, expertise, and appropriate levels of conduct and integrity.
Compliance activities should pay particular attention to services identified in the 2017 National Risk Assessment (NRA). These include company formation and liquidation, misuse of client accounts, the facilitation of tax evasion and using an accountant’s ‘stamp’ to disguise falsified records.
“Certain services are attractive to criminals. They may use them to gain legitimacy, create corporate structures or transfer value,” says Stephen Briars, specialist economic crime detective for City of London Police.
“Red flags” may provide indicators of risk. These could include a lack of permanent office space, short shelf lives of associated companies, unusually complicated activity, unexpectedly high returns or opaque connections between entities and individuals. Where suspicions are raised, Briars recommends digging deeper, such as checking the business model, corroborating professional qualifications, verifying regulatory claims or identifying an address on Google Streetview.
“Firms can further mitigate their risk with a process of coordinated due diligence across the client portfolio,” explains Stevens. “After the risk assessment, they should design client due diligence procedures that would clearly identify a situation where a criminal might use the firm. This may include performing enhanced due diligence for clients when you are providing services identified as high risk.”
“Employees must be trained to understand risk areas and how criminals may use them to exploit accountancy firms. Training should also reiterate their obligation to report any suspicions to their MLRO,” adds Foyle.
“I occasionally see a lack of confidence, despite the fact that employees deal daily with companies, and develop an instinct about when things aren’t right. It’s important to encourage a degree of professional scepticism, and promote understanding that a concern may be justified. Flagging it up can be crucial.”
The profession, led by ICAEW, is currently developing a common risk assessment framework. This is intended to aid firms to complete risk assessments, due diligence reviews and independent audits to satisfactory standards.
Supervisory activity is complemented by Flag It Up, a campaign encouraging vigilance and, where necessary, submission of a suspicious activity report (SAR).
“Many diverse investigations have been developed from SARs, from investment frauds to cryptocurrency crimes,” says Briars. “Law enforcement can come from a position of being two steps behind the criminal, reacting to what’s reported, but SARs are a way to see where money is coming from and what’s happening to it.”
“It’s imperative that those who are obligated to submit SARs do so when required. They’re a critical part of the picture.”
Briars urges accountants to heed the message of the “Flag It Up” campaign, and ensure that they properly embed the guidance provided by their supervisor within their AML policies for 2018.
*David Stevens is integrity and law manager at ICAEW