Industry analysis from Encompass: Show me the laundry
This article was originally featured as an industry analysis in the April issue of LPM. To read the issue in full, download LPM.
Since the implementation of the Third Anti-Money Laundering Directive by the Financial Action Task Force (FATF), legislators have been looking for ways to further thwart the risk of money laundering and other criminal endeavours.
As a result, the EU’s Fourth Anti-Money Laundering Directive was launched in 2015, and comes into full effect in June this year – as the two-year period member states were given to write the directive into national law comes to an end. These new compliance regulations will have wide-reaching effects on the legal industry, impacting the steps law firms take when onboarding new customers.
The new directive also affects risk assessments and the vetting of politically exposed persons (PEPs) – individuals that typically present a higher risk to businesses. In addition, the new directive requires EU member states to produce a central register of beneficial owners – defined as those with ultimate control over funds in an account.
The goal of the Fourth AML Directive is to provide greater transparency in legal transactions, making it more difficult to disguise money laundering and easier for authorities to identify law firms who are unwittingly or deliberately caught up in money-laundering activities. In addition, the FATF wants to improve consistency across EU member states and remove any ambiguities that may exist within current anti-money laundering legislation.
Customer due diligence (CDD) is already playing an important role in the fight against money laundering and terrorism, with ‘know-your-customer’ policies ensuring clients are who they say they are. But under the Fourth AML Directive, employees dealing with compliance must be aware of a business’s knowyour-customer policies and how that policy varies according to different clients. They must also show evidence that the process is followed for each and every client. The problem, of course, is that these processes are often long and drawn out, meaning it could take weeks or even months for clients to be onboarded.
Legislators are also likely to be stricter in their enforcement of customer duediligence, and law firms have to ensure policies are fully enacted – or they could be subject to sanctions and fines. Those who fall foul in terms of customer due diligence could also face embarrassment and reputational damage.
Customer due diligence policies must also be standardised under the Fourth AML Directive, as must the implementation of national laws, regardless of location – meaning the same due diligence must be carried out on a customer whether they open an account in London or Lisbon (or anywhere else in the EU).
Regulators will be looking for evidence that firms have taken all appropriate steps to assess, understand, identify and mitigate risk associated with anti-money laundering and counter-terrorism risks.
As well as looking at new accounts opened, law firms must consider their current client base – as they have an obligation to regularly review existing clients. This is because the new directive is more prescriptive regarding the monitoring of existing clients.
But perhaps the most radical change from the third to the fourth AML directive is the requirement for each EU member state to hold information on beneficial owners of all corporate entities incorporated within their territory in a national central register. In the past, complex corporate structures have made it difficult to identify beneficial owners – with authorities often resorting to identifying them through company statements – but this new central register will make it simpler for firms to see who the beneficial owner of a company is.
The new directive will also see a departure from the classification of a PEP – broadening and strengthening regulations to include domestic and foreign PEPs. In addition, the period before an individual is subject to reduced monitoring has been increased from 12 to 18 months. The challenge for law firms is to ensure compliance while mitigating risk and associated cost.
The answer to the challenges of this new directive for many firms is to use the know-how of regtech software providers. These providers offer automated know-your-customer compliance solutions that lower cost and the need for manual labour, while ensuring compliance. Using data aggregation and visualisation, software solutions allow for resources to be directed to client-facing roles while minimising risk, accessing information from a wide variety of data providers, visualising complex structures and remediating clients at the touch of a button.
The impact of these regulations on the legal community will be far reaching, requiring additional manpower, resource and process to be in place to ensure compliance with regulations. In addition, the wealth of new information (including access to the central register of beneficial owners) is a double-edged sword. Customer due diligence processes may be more robust, but the increased information that makes this possible also has the potential to make institutions ever more vulnerable to data breaches. The need to stop money laundering occurring must not increase the risk of data infringements.