Money Laundering Flashcards
what is money laundering?
where criminals pass money through an organisation to clean it, so it has an audit trail making it look legitimate
what is terrorist financing?
Terrorist financing (TF) is an offence if any money is used, not just laundered money
what are those at risk of money launders called?
- Those at risk by money launders are called gatekeepers
what are the stages of money laundering?
3 stages of ML, a solicitor can become involved at any point:
1. Placement criminal money is introduced into the system
2. Layering the money is distanced from the criminal by passing through a number of parties or transactions
3. Integration money is returned to criminal and they are now in possession of laundered money
what are the areas of a solicitors’ work which are most at risk? How should his be dealt with?
- These are the areas of a solicitors’ work most at risk and should be addressed in the firm’s risk assessment:
o Company and trust work
o Use of client account
o Real estate
o Sham litigation
why is company and trust work a risk?
due to complicated structures
give an example of ‘use of client account’
client states they have put £x in their client account to purchase a business. The purchase then does not go ahead. The client asks if the money can be transferred to a company they own instead. If this money was from the proceeds of crime (PoC), the solicitor would have facilitated ML.
give an example of ‘real estate’
i.e. the client is due to buy a house for £500k. This is transferred to the client account to complete the purchase. The seller drops the price to £400k. The client asks for the remaining £100k to be paid to an associate in settlement of a debt. If the solicitor does and the money is from PoC, the solicitor would have facilitated ML.
give an example of sham litigation
o i.e. solicitor is instructed to issue a claim. It is not defended and default judgment is obtained, but D pays the solicitor’s firm who then transfers this to the client. This may be sham litigation to transfer illicit funds and the solicitor has assisted.
what are the main regulations?
- Main regulations = MLR 2017 (MLR)
who does MLR apply to?
- MLR applies to “relevant persons” (RP), inc. (non-exhaustive):
o Tax advisors
o Insolvency practitioners
o Trust or company service providers
o Independent legal professionals (ILP) a firm or SP who deals with financial or real property transactions
who do the regulations not apply to?
- MLR does not apply to independent legal professionals working in-house or for a public authority
if MLR applies, what must they do?
If MLR applies, the RP must:
o Conduct a ML and TF risk assessment
o Implement systems, policies, controls and to address ML and TF and apply these across the firm’s group structure
o Adopt appropriate internal controls
o Staff training
o Apply for approval
o Comply with client due diligence requirements
o Ensure record keeping and data protection systems, policies and procedures are compliant
what is the obligation under STARS?
- Under StaRs, firms must have structure in place to ensure compliance with AML legislation and identify, monitor and manage risks
re: firm risk assessment
what is the obligation?
- RPs must carry out a written RA and take appropriate steps to identify the risk of ML and TF, there will need to be a written record of the steps taken
re: firm risk assessment
what risk factors must be considered?
The following risk factors must be considered (they can consider more):
o Nature of the clients and industries they operate in
o Services delivered by the RP, particularly high risk services i.e. trust and company services, conveyance and client accounts
o Risks identified in the SRA’s RA of legal services as a whole
re: firm risk assessment
what can happen if the risk assessment is poor?
- The SRA can take enforcement action against a firm if the RA is inadequate
re: systems, controls, policies and procedures
what is the obligation?
- RPs must establish and maintain written policies, controls and procedures to manage risks identified in the RA.
re: systems, controls, policies and procedures
what must the policies etc cover?
o Risk management practices
o How the firm conducts customer due diligence
o Reporting and record keeping systems
o Monitoring, internally communicating and managing compliance
o Procedure for unusually complex or large transactions or unusual transactions with no apparent economic or legal purpose
o Procedure for new technology to assess and mitigate ML risk
o The making of disclosures under TF and PoC legislation
re: systems, controls, policies and procedures
what are the procedural requirements for the policies etc?
These must be:
o Proportionate to the size and nature of the business
o Approved by senior management
o Regularly reviewed and updated
o Communicated internally within the firm
If the RP is part of a wider group structure, they will need to make sure these apply to all subsidiaries (in and outside of the UK)
re: internal controls
what controls must be in place?
Under MLR, RPs must:
o Have a money laundering reporting officer (MLRO) and possibly a money laundering compliance officer (MLCO)
o Screen relevant employees
o Auditing functions
o Procedure for response to law enforcement
re: internal controls
who must have an MLRO?
- Firms must have an MLRO (unless they are an SP with no employees)
re: internal controls
who must have an MLCO?
- Firms only need to have an MLCO ‘where appropriate to the size and nature of the business’
o In practice, this is likely to be most firms (not inc. SPs)
re: internal controls
who can be the MLCO?
o Only “senior management” can be the MLCO
o Senior management = someone with sufficient knowledge of the firm’s ML & TF risk and with authority to take decisions
The MLRO and MLCO can be the same person
re: internal controls
what is the MLRO’s role?
they are the ‘nominated officer’ to receive TF & ML disclosures and must report suspicion of ML and TF to the NCA
re: internal controls
what is the MLCO’s role?
- bears the ultimate responsibility for breach of regulations
re: internal controls
explain employee screening
- Employees who undertake work relating to MLR 2017 or AML generally must be screened before and during their employment to assess their skills, knowledge and integrity
re: internal controls
explain auditing
- There must be an independent audit function to assess the RP’s policies and controls and make recommendations
- This need not be external, but must be independent of the function being reviewed
re: internal controls
explain response controls
- The firm must establish and maintain controls to ‘respond fully and rapidly’ to enquiries from law enforcement about whether the firm has had a business relationship with a person in the last 5 years and the nature of the relationship with that person (subject to any LLP restraints)
explain staff training
- Firm’s must provide training on ML, TF, data protection and recognising suspicious transactions
- Firms must keep and maintain a record of training provided
- This can be done face to face or by e-learning
explain ‘approval’
- As an AR, the SRA supervises anti-money laundering (AML) and so the ‘beneficial owner, officer or manager’ of the firm and SPs must apply to the SRA for AML authorisation
- Approval must be granted unless the applicant has been convicted of a relevant offence i.e. ML, terrorism, offences with deception or dishonesty
- It is a criminal offence and breach of StaRs to act without authorisation
o Sanction = Imprisonment, fine or both
what is client due diligence?
- CDD refers to verifying the clients’ identity
re: client due diligence
when must a relevant person carry out CDD?
o Establish a business relationship;
o Carry out an occasional transaction (at least partially) by electronic means of more than €1,000
o Carry out an occasional transaction of more than €15,000 (this can be one transaction or several linked transactions) (Occasional transaction = transactions not carried on within an ongoing business relationship)
o Suspect ML or TF
o Doubt the veracity of the ID documents
CDD applies to new clients and existing clients if there has been a change of circumstances relevant to the client’s RA (i.e. different transactions)
re: client due diligence
why must a relevant person carry out CDD?
RP must carry out a client RA to determine the appropriate CDD.
re: client due diligence
what are the types of CDD?
standard
enhanced
simplified
re: client due diligence
what are the potential risk factors?
o Purpose of the account, transaction or business relationship
i.e. client and their partner (P) divorce. P did not defend the divorce and is willing to transfer all assets. P is being investigated for fraud. High risk of ML, EDD necessary.
o Level of assets being deposited/size of transaction
o Regularity and duration of business relationship
re: client due diligence
what is required under standard due diligence?
Reg 28 sets out that an RP must:
o Identify the customer (unless they have already been verified);
o Verify the customer’s identity; and
o Assess the purpose of the business relationship or transaction
re: client due diligence
how is identity verified?
- Identity is verified by checking documents from a reliable source that is independent of the client
re: client due diligence
what is the verification document for a ‘natural person’? What is good practice?
Verification documents passports or photocard driving licence
Good practice to obtain either:
o 1 gov. document which states the client’s name and either their address or DOB; or
o 1 gov. document which states the client’s name plus a document which states the client’s name and either their address or DOB
The RP should see the original but a copy if permissible if the risk is justified
re: client due diligence
how is a non-LLP verified?
- Identification documents of each partners
- For well-known partnerships with substantial public information, the name, registered address and nature of the business may be sufficient
re: client due diligence
how is a company/LLP verified?
RPs must obtain and verify:
o Name
o Company number
o Registered office
o Principal place of business (if different)
o Understand ownership and control structures
If the company is not listed on a regulated market, the RP will need to take reasonable measures to verify:
o The law it is subject to;
o Its constitution / other governing documents
o Names of the BOD and other senior persons
o The identity of any beneficial owners
* The client must also provide proof of the entity’s registration
re: client due diligence
what else is important in relation to companies?
- The RP should consider if the client has authority to give instructions on behalf of the entity and verify their identity
re: client due diligence
what is the position in relation to beneficial owners?
- The RP must identify any BO where they BO is not the client
re: client due diligence
who is the beneficial owner of companies/LLPs?
BOs of companies & LLPs are anyone who:
o Exercises ultimate control over management; or
o Owns / controls more than 25% of shares or voting rights
o If the company is owned by a parent company, the RP should take a risk-based approach as to whether they need to verify the identity of the parent company’s BOs. They usually will.
re: client due diligence
who is the beneficial owner of non-LLPs?
BOs of non-LLPs are anyone who:
o Exercises ultimate control over management; or
o Is entitled to more than 25% of the capital, profits or voting rights
re: client due diligence
who is the beneficial owner of trusts, unincorporated associations and foundations?
o Settlors, trustees, beneficiaries, class of persons that have an interest in the trust and anyone with control over the trust
o If the beneficiary is a company, they will need to determine the BOs of the company (i.e. control & 25% ownership as above)
o A trust does not have SLP so the trust is not the client.
re: client due diligence
when must standard and enhanced due diligence be carried out?
o There is a high risk of ML or TF identified by the firm’s RA or by information provided by the SRA or law society
o Any business relationship or transaction with a person established in a high-risk country
o The client is a politically exposed person (PEP) or a family member or close known associate (CKA) of a PEP
o The client has provided false of stolen ID and the RP proposed to continue to deal with them
o The transaction is complex or unusually large, there is an unusual pattern of transactions, or the transactions have no apparent economic or legal purpose
o In any other case which presents a higher risk of ML or TF, i.e.:
re: client due diligence
who is a politically exposed person?
PEP = an individual entrusted with a prominent public function (other than middle ranking or junior officials), i.e.:
* Heads of State / Government
* Ministers and deputy / assistant ministers
* Member of the Supreme Court, Constitutional Court or other high-level judicial bodies
* Members of Court of Auditors
* Members of boards of central banks
* Ambassadors, charges d’affaires and high ranking officers in the armed forces
* Members of administrative, management or supervisory bodies of state owned enterprises
re: client due diligence
who is the family member of a PEP?
PEP family members include:
* Parents of PEP
* Spouses / CP
* Children & their spouse/CP
re: client due diligence
who is a close known associate of a PEP?
= in a business relationship with the PEP
re: client due diligence
what is the position regarding PEPs?
there is SDD, EDD and some additional measures for the PEP
re: client due diligence
give some examples of cases which might present a higher risk of ML/TF
The relationship is in unusual circumstances i.e. not in-person
Payments are received from unknown associates / 3rd parties
re: client due diligence
what is the RP’s obligations in terms of EDD?
the RP must undertake the following EDD measures as far as necessary (the extent will depend on the RA of the client)
re: client due diligence
what measures may the RP undertake as part of EDD?
o Examine the background and purpose of transaction
o Increase the degree & nature of monitoring the relationship/transaction
o Obtain additional independent verification evidence
o Learn more about the customer and parties i.e. background, ownership
Additional measures in relation to PEPs only:
Obtain approval from senior management
Adequate measures to establish source of funds for the transaction
Conduct enhancing ongoing monitoring of the business relationship
re: client due diligence
when must this be undertaken?
CCD must be completed before the establishment of a business relationship or carrying out of a transaction
In other words, verification should be obtained at the first contact
(NB: there is an exception to this)
re: client due diligence
what is the exception to the general position regarding timing?
Exception - verification can be completed during the establishment of a business relationship, if:
It is necessary to not interrupt the normal conduct of business;
There is little risk of ML and TF; and
CDD takes place as soon as practicable after the first contact.
re: client due diligence
whether apply the normal rules on timing or relying on the exception, what cannot be done before CDD has been completed?
In either case, CDD must be completed before:
o Substantive work is performed
o Permit funds into the client account (unless they are for fees or disbursements)
o Transfer property
o Allow final agreements to be signed/completed
re: client due diligence
what happens if the RP cannot complete CDD?
If the RP is unable to carry out CDD they must:
o Not carry out any transactions with or on behalf of the client
o Not establish / terminate any existing business relationship
o Consider making a disclosure to the NCA
re: client due diligence
when is simplified DD possible?
- RPs can apply simplified DD measures in relation to a client where they have undertaken an individual risk assessment which identifies a low risk of ML or TF
re: client due diligence
what risk factors are to be considered in the simplified DD risk assessment?
Risk factors to be considered include:
o Customer risk i.e. is it a publicly owned enterprise? Is it on a regulated market and if so where?
o Product and service risk i.e. certain insurance & financial products
o Geographical risks i.e. where is the client established and do business
re: client due diligence
if simplified DD is appropriate, how does this operate? Give an example.
If the RP applies simplified DD, they must still undertake CDD, but they can downward adjust the extent, timing or type of measures it would normally undertake under standard DD
i.e. they might not require proof of BO and/or verification of a well-known PLC might be satisfied with evidence it is on the stock exchange
explain record keeping
- RPs must keep original or copies of all the CDD documents and records relating to the transaction that mean it could be reconstrued in the future for 5 years after the business relationship/transaction
what does the SRA warning notice do?
- Sets out indicators of ML & TF
what are the indicators set out in the SRA warning notice?
o Client secretive, obstructive, refuse to provide certain information, avoid in-person meetings, has criminal connections
o Funding large cash payments, payments from 3rd parties, multiple / foreign accounts
o Transactions loss making, repetitive instructions, unexplained urgency, litigation settled quickly/easily
o Unusual instructions outside firm’s expertise, client is not local
o Geography high-risk countries, foreign transactions
