As financial crimes spread further throughout our globalised economy, regulators are cracking down hard on organisations that let their Anti-Money Laundering and Countering Financing of Terrorism compliance fall by the wayside.
Whether they hold large customer data sets or facilitate billions of payment transactions, these harsh and wide-ranging penalties for non-compliant businesses are enough to cripple and de-stabilise a company’s viability.
But despite the universal understanding that AML/CFT must be taken seriously, a new report by DIA has found an astonishing number of New Zealand businesses are failing to properly assess their customer types, identify new customers, and are not taking proper action to establish quality due diligence.
At a time when COVID-19 has revealed hidden risk and compelled organisations to reevaluate their operations, this is a terrific opportunity for companies to perform an AML/CTF audit to ensure compliance and save themselves a huge headache.
Let’s take a look at where companies are largely falling down and then outline some steps to avoid a crippling non-compliance fine.
The Department of Internal Affairs (DIA), which supervises the largest number of New Zealand businesses that have obligations under the Anti-Money Laundering and Countering Financing of Terrorism Act, has found customer assessment and identifying risk factors one of the largest areas in need of improvement.
When it comes to assessing customer types, 17 per cent of reporting entities are not compliant, with 33 per cent only partially compliant.
There are standard Customer Due Diligence and Identity Verification requirements that call for companies to identify new customers and any beneficial owner or person acting on their behalf.
Based on site observations, DIA found only 34 per cent of reporting entities are fully compliant and only 21 per cent are compliant with the Identity Verification Code of Practice, which indicates organisations are not taking the time to check things like whether a driving license holder is in fact the holder of the license.
Gone are the days when a bank teller or customer service person could quickly check a person matched their driver’s license and establish their validity. The proliferation of digital self-service portals means identity verification can easily slip through the cracks, introducing serious non-compliance issues for businesses.
DIA also found there were failures in enhanced due diligence. In some instances, the activities or transactions of higher risk customers are not being consistently monitored or even looked at.
For Politically Exposed Persons (PEPs) in particular, between 21 per cent and 41 per cent of organisations are non-compliant, with 35 per cent only partially compliant. The risk of PEPs to the business is serious and businesses must work hard to obtain and verify information regarding their source of funds or wealth.
While many organisations have presented comprehensive written AML/CFT programs, DIA found ongoing customer due diligence was lacking with procedures applied less consistently than the company’s documentation suggests.
When it came to real estate agents who hold particularly sensitive data on individuals and corporates, DIA found many did not understand ownership structures of customers and had not, in some cases, identified beneficial ownership.
Ultimately, the DIA identified five areas for improvement:
- Inconsistent implementation of AML/CFT programs;
- Generic templates for both risk assessments and AML/CFT programs;
- Few entities are registered with goAML, a portal enabling entities to report SARs and PTRs within the required timeframe;
- Unidentified/risks not understood;
- Unidentified/unverified sources of funds or wealth.
“Identifying and understanding the ML/TF risks is the first step to being able to effectively counter them,” reads the DIA report. “This allows a reporting entity to focus its compliance resource on those customers, transactions, activities or circumstances where the ML/TF risk is higher.”
A Good Time to Audit
An estimated $1.35 billion is generated annually in New Zealand as a result of money laundering. This includes drug offending ($750 million), fraud ($500 million) and other offences such as burglary ($100 million).
Businesses are often unknowingly used to facilitate these crimes that cause harm to our communities and damage our international reputation, which is why it is critical to identify whether a customer poses an increased ML/TF risk to an organisation.
To discover inconsistencies, reporting organisations must ensure that they are compliant through risk-based reviews and assessments, education, engagement and remediation.
Businesses must develop systems that have visibility on:
- The type of business the customer is involved in (including whether it involves cash);
- Whether the customer is a legal person or arrangement that is a vehicle for holding personal assets;
- Whether the ownership structure of a company appears unusual or excessively complex. It helps to check whether there are nominee directors or shareholders that could obscure beneficial ownership;
- Whether a customer is an unusual type for an organisation or the business relationship is unusual. For example, unexplained geographical distances between the customer and the reporting business, or they have requested an unusual service.
- Politically Exposed Persons must be verified, as must their immediate family members and close associates, and the reporting entity must have visibility over the source of their funds or wealth.
- The “countries dealt with” and “institutions dealt with” are other risk factors that must also be considered.
Maintaining visibility over billions of transactions from an evolving and changing customer base is an enormous challenge for New Zealand businesses, and every year they must meet strict AML/CFT requirements.
But creating a fully compliant solution is often overwhelming for both small and large businesses and is seen as a trade-off between cost, customer experience and time.
Fortunately, advances in technology and a sophisticated understanding of AML/CFT behaviour mean organisations can take advantage of onsite practical consultants and best-in-class data services to secure their AML ecosystem and maintain compliance.
Click here to learn more about illion’s solutions.