By now, all accountants should be aware of their obligations in preventing money laundering and terrorist financing under the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2018. Equally important is the need to take a risk-based approach to identify, understand, assess and take action against the money laundering and terrorist financing risks to which they are exposed.
But what does this mean on a practical level? This, the first in a two-part series, is a guide to the basics.
Business risk
Under the act, all firms, no matter what size, must complete a business risk assessment. A well thought out assessment is essential as it informs the firm’s due diligence measures and documents the risk determination process. It also dictates the policies, controls and procedures that are needed to combat the risks identified.
Client risk
Practitioners must identify any high-risk clients and assess factors such as the nature of the client’s business, the client relationship, the client’s location, and any characteristics that would increase their risk level (eg if they are a politically exposed person).
Once the client risk assessment is complete, consideration should be given to the percentage of the firm’s overall client base deemed to be high risk. Appropriate policies, controls and procedures can then be drafted, and a mitigation plan implemented.
Geographical risk
When considering geographical risk, practitioners should assess variables such as the beneficial owner’s country of residence, the origin of the source of funds, the country of incorporation, and the location of the client’s main operations. These should be evaluated to determine if they include any high-risk countries or jurisdictions deemed inadequate in terms of money laundering and terrorist financing regulation.
Practitioners should consult credible sources during this process, such as the Financial Action Task Force Risk Based Approach for Accounting Profession.
Services risk
Products and services should be assessed on the basis of their vulnerability to money laundering and terrorist financing. Compiling a list of services offered and consulting the National Risk Assessment will assist in determining whether any are deemed to be high risk.
Again, accountants should consider what portion of their revenue is generated through high-risk services, and implement effective controls accordingly.
Transaction risk
When identifying the risk associated with transactions, firms should consider information such as:
- level of transparency
- complexity
- value
- origin
- purpose of transaction
When it comes to reporting suspicious transactions, there is no minimum value, so assessments should be clearly documented.
Delivery channel risk
Delivery channels are another variable that can increase the money laundering and terrorist financing risk. For example, practitioners may not meet with clients face to face, they may have no direct business relationship with them or all their business may be conducted through an intermediary.
Due to Covid-19, practitioners currently have less direct interaction with clients than they used to, so the risk potential may increase in this area.
Customer due diligence
Under the law, accountancy firms must carry out customer due diligence when they are undertaking regulated work. Sufficient evidence should be obtained to establish that a real person or organisation is being dealt with, and this evidence should be used to assess the risk of the client being involved in money laundering and terrorist financing or perhaps seeking to use the firm to assist them in laundering money or financing terrorism.
Customer due diligence can be simplified or enhanced depending on the risk level identified in your business risk assessment.
Simplified due diligence
Where the money laundering and terrorist financing risk associated with a client is deemed low, then customer due diligence should be commensurate with that risk. Simplified due diligence measures should include:
- verifying the identity of the client or beneficial owner
- identifying any beneficial owners (company or trust)
- assessing the purpose and intended nature of the business relationship
- checking for politically exposed person status
- ongoing monitoring of the business relationship
Enhanced due diligence
In higher risk situations, firms must apply an enhanced level of customer due diligence to manage and mitigate risks appropriately. These measures are in addition to, not instead of, standard customer due diligence measures. The law specifically lists the following as requiring enhanced due diligence:
- when the customer, or beneficial owner, is a politically exposed person
- when the relationship is with a client from a state outside the EU countries or Iceland, Liechtenstein or Norway (all of which are members of the European Economic Area)
- clients in high-risk third countries
- complex and unusually large transactions, or unusual patterns of transactions, that have no obvious economic or lawful purpose
Enhanced due diligence measures may include obtaining additional information including the intended nature of the business and source of wealth, or introducing payment and transaction controls.
Ongoing monitoring
Firms are required to monitor all business relationships on an ongoing basis. This involves the scrutiny of transactions, including where necessary, the source of funds, to ensure they are consistent with the firm’s knowledge of the client, their business and risk profile. Periodic client reviews should be carried out, as well as key trigger events identified that will require an updated client risk review.
Part two in this series will cover: policies, controls and procedures, reporting suspicious transactions, and training.
For more information
Read ACCA’s anti-money laundering guidance
