Supervision of the Anti Money Laundering Act is increasing. The notifiers are under pressure from many directions to meet their legal obligations. No one seems to know where the bar set by the supervisory authorities is. However, here’s one free piece of advice that is sure to save you some resources.
The key feature of the law is risk-based. This means that the notifier must scale the control measures according to the identified risk factors. If the risk of money laundering and terrorist financing of an individual customer is small, then it is sufficient to collect minimum information about the customer, which is:
Information on the actual beneficiaries and their political influence
Members of the company’s Board of Directors
Verification of the identity of the company representative
The minimum requirement of the Anti Money Laundering Act is to find out who owns the company, who belongs to its board and whether the beneficiaries have political influence. I wonder if it is unnecessary bureaucracy to know who gets the financial benefit from a client company?
Higher risk customers need to be asked for more detailed information and their activities need to be monitored more closely. Risk-increasing factors could be listed all day long. However, the most important ones are related to the industry and the countries where the customer operates. It is perfectly fair to say that there is more money laundering in the restaurant and construction sector than in the retail sector, for example. On the other hand, a company with a customer base on the other side of the eastern border is certainly more likely to be exposed to suspicious activity than a purely domestic company.
Let’s get back to risk-based nature of the anti money laundering act. The notifier does not have to request unnecessary information from his customers. However, the notifier must create an operating model in which the customer’s risk-freeness is justified and documented. This can be done, for example, by the notifier making a classification model for himself, in which customers are categorized into different risk categories on the basis of significant risk factors. With such a classification, in general, the majority of customers can reasonably be classified as low-risk, so that the amount of the information collected and its upkeeping does not cause an unnecessary work load. It is essential to document the classification and provide a justification for each customer for the chosen risk category!
The notifier’s greatest task is therefore not the information gathering but to know the customer. Unfortunately, familiarity has not occurred if it has not been documented. Clento will focus on streamlining these measures. Identify the risk and document it. Don’t do unnecessary work but do it in an organized way with a pre-designed tool.
Jukka Kojola AML expert, Clento Oy