shutterstock-435907885-3d-imagination
3d imagination/Shutterstock
21 October 2016News

Facing threats in the world of finance

Money laundering is a term that everyone has heard of and possibly dismissed as something of concern to other people. But as the world of finance gets more complicated and more international, companies need to take it very seriously. Failure to do so could be more than costly—it could drive a company out of business.

Global audit, tax and advisory service company KPMG is fully aware of just what’s at stake, and the sheer size of the problem.
According to figures obtained by KPMG from the Financial Transactions and Reports Analysis Centre of Canada, global criminal proceeds from money laundering are estimated to be between $590 billion and $1.5 trillion per year.

“The modern era of anti-terrorism financing (ATF) and anti-money laundering (AML) really started with the tragic events of September 11, 2001,” says Charles Thresh, managing director, advisory at KPMG in Bermuda. “There had always been proceeds of crime legislation in most jurisdictions leading up to that event, but in the immediate aftermath of 9/11 and the so-called war on terror, one of the front lines of that war was trying to strangle the terrorist organisations by tackling the sources of their finance.

"The higher you go through an organisation the higher the burden of awareness around AML-ATF principles needs to be, up to and including the board of directors."

“There was a series of initiatives, including the Financial Action Task Force (FATF) issuing a set of additional nine recommendations to specifically tackle terrorist financing, in addition to the 40 recommendations already formulated to combat money laundering,” he says.

“FATF is an inter-governmental body that was established in 1989 by the Organisation for Economic Cooperation and Development (OECD) that sets international AML-ATF standards and has become synonymous with global standards. Post-9/11, FATF issued these so-called ‘40-plus-nine’ recommendations, which were the heads of requirements that FATF recommended individual jurisdictions implement into local law and guidance around AML, with the nine specifically referring to anti-terrorism financing.”

According to Thresh, this was then followed by a wave of implementation of the 40-plus-nine recommendations at a national level, starting with the major economies, principally the main sponsors of the OECD, and then after that pretty much every other jurisdiction in the world over the subsequent 15 years. They have set the framework through which global AML-ATF takes place and they’ve pretty much remained the same, although in 2012 the nine were subsumed into the wider 40 recommendations.

Thresh stresses that this is an important point, because FATF doesn’t really recognise much of a difference between ATF and AML, because the proceeds of crime and the proceeds of terrorism are treated, and the risk of it are mitigated, under the same framework.

“If Al-Qaeda was the cause of 9/11, then it was also the genesis, so to speak, of the modern framework of AML globally,” says Thresh. “The principles of those 40 recommendations are now applied by just about every developed jurisdiction in the world to combat Al-Qaeda and its ilk that have emerged subsequently.”

Good business practice

“Why is it important to be aware of AML and ATF? The first answer is to avoid being involved in any crime, in effect. A governance structure in your organisation that is designed to minimise the risk of your being involved in any money laundering or terrorism-financing transactions is a matter of good practice.

“Further, management should be taking steps to avoid the risk of committing a crime or exposing the business to reputational damage—as well as the financial consequences of those things, such as criminal fines or reduced business because people don’t want to do business with organisations associated with illegal activity,” he says.

Thresh adds that in a country such as Bermuda, it is important on a jurisdictional level to be a good corporate citizen and to be a part of the overall strength of the AML-ATF environment by there being no weak link in any chain that is associated with the jurisdiction. This becomes particularly important in light of the mutual evaluation that’s scheduled to take place in 2018, when the Caribbean branch of FATF will organise a review of Bermuda as far as its AML-ATF regime is concerned. These mutual evaluations set a very high hurdle of examination by the representatives of other countries over a third party jurisdiction as to how well they are doing against international AML-ATF standards, including the 40 recommendations.

The consequences of not doing well in those evaluations are severe. For example, the OECD for many years maintained a blacklist of countries that were not sufficiently robust in implementing the 40 recommendations. Those on the blacklist were not considered to be good corporate citizens and various sanctions were applied by OECD members against countries that were on that list.

Measuring performance

Although progress has been made and there is no longer a blacklist, there is still a risk that that might change if any individual country fell into disrepute via one of these evaluations. Bermuda, the Cayman Islands—which is in the same position as it also has a mutual evaluation coming up—and other jurisdictions take these evaluations very seriously.

One of the criteria that the mutual evaluation team look at is the extent and frequency of enforcement action against organisations in the jurisdictions they review, as a measure of how effective the AML-ATF regime is. There is a heightened sense of awareness that the Bermuda Monetary Authority (BMA) will prosecute and publicise enforcement actions on entities in breach of the AML-ATF regulations.

In particular, since 2009, Bermuda has been beefing up its AML regime in accordance with the 40 recommendations and steadily widening the range of AML-ATF requirements to different sectors of the economy, starting with financial services, but now widening into other sectors such as high-value dealers of goods and estate agents. The professional services firms are now also subject to AML-ATF requirements.

“Another aspect is that the evaluation team selects participants in the economy, which could well include large reinsurance companies, and interviews them as to their awareness of AML-ATF principles and how these are to be implemented in practice under the local legislation,” says Thresh.

“So individual companies have a role in demonstrating to the mutual evaluation team that the country’s AML-ATF regime is robust. Those interviews could be with the chief compliance officer, the chief executive officer, the chief financial officer—anyone the mutual evaluation team chooses to interview.

“One of the requirements of the AML-ATF regime is that the whole organisation needs to be trained to the appropriate extent on AML-ATF principles, so there is a minimum level of awareness in everyone and heightened training for all those who handle cash, who are in positions of oversight, who are responsible for getting new clients on board, or for monitoring large and unusual transactions. The higher you go through an organisation the higher the burden of awareness around AML-ATF principles needs to be, up to and including the board of directors.

“One of the core principles in establishing an effective AML-ATF control environment is to undertake a business risk assessment, which looks at all relevant areas in the business, including where you do business, who you do business with, what channels you do business through and in each case, identifies what the inherent risk is of money laundering or terrorist-financing through those areas,” says Thresh.

“Managements need to view their business practices carefully and identify which criminal typologies—methods through which crime is conducted—they are vulnerable to and put in place specific controls that address the particular risk. Everything the company then does in terms of AML-ATF procedures and controls will cascade from that risk assessment.”

Charles Thresh is managing director, advisory at KPMG in Bermuda. He can be contacted at: charlesthresh@kpmg.bm