The Financial Action Task Force (FATF) is an inter-governmental body established in 1989 by the Ministers of its Member jurisdictions. Its mandate is to set standards and to promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and the financing of proliferation, and other related threats to the integrity of the international financial system. In collaboration with other international stakeholders, it also works to identify national-level vulnerabilities with the aim of protecting the international financial system from misuse. FATF recently released a new document, entitled “International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation”.
While most of the recommendations in the document were directed at financial institutions, I found several of them to converge over and into the area of anti-corruption. Further, several of the recommendations will be of high value to companies in evaluating or enhancing their own compliance programs. They include some of the following recommendations which I have adapted for anti-corruption and anti-bribery compliance programs.
Companies should identify, assess, and understand the money laundering and terrorist financing risks for the country in which they seek to do business, and should take action, including designating an authority or mechanism to coordinate actions to assess risks, and apply resources, aimed at ensuring the risks are mitigated effectively. Based on that assessment, companies should apply a risk-based approach to ensure that measures to prevent or mitigate compliance risks are commensurate with the risks identified. This approach should be an essential foundation to efficient allocation of resources across the anti-money laundering and countering the financing of terrorism (AML/CFT) regime and the implementation of risk based measures throughout the FATF recommendations. Where companies identify higher risks, they should ensure that their AML/CFT regime adequately addresses such risks and here lower risks are identified, they may decide to allow simplified measures for some of the FATF recommendations under certain conditions.
Customer Due Diligence
Companies should be prohibited from keeping anonymous accounts or accounts in obviously fictitious names. Companies should be required to undertake customer due diligence measures when:
(i) establishing business relations;
(ii) carrying out occasional transactions, above the applicable designated threshold (USD/EUR 15,000);
(iii) there is a suspicion of money laundering or terrorist financing; or
(iv) the company has doubts about the veracity or adequacy of previously obtained customer identification data.
FAFT recommends the following due diligence is performed by companies:
(a) Identifying the customer and verifying that customer’s identity using reliable, independent source documents, data or information.
(b) Identifying the beneficial owner, and taking reasonable measures to verify the identity of the beneficial owner, such that the financial institution is satisfied that it knows who the beneficial owner is. For legal persons and arrangements this should include an understanding of the ownership and control structure of the customer.
(c) Understanding and, as appropriate, obtaining information on the purpose and intended nature of the business relationship.
(d) Conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution’s knowledge of the customer, their business and risk profile, including, where necessary, the source of funds.
FAFT recommends the following additional due diligence for politically exposed persons (PEPs), including family members and close associates, whether as customer or beneficial owner, in addition to performing normal customer due diligence measures, including:
(a) have appropriate risk-management systems to determine whether the customer or the beneficial owner is a politically exposed person;
(b) obtain senior management approval for establishing, or continuing for existing customers, such business relationships;
(c) take reasonable measures to establish the source of wealth and source of funds; and
(d) conduct enhanced ongoing monitoring of the business relationship.
Companies should be required to maintain, for at least five years, all necessary records on transactions, both domestic and international, to enable them to comply swiftly with information requests from the applicable authorities. Such records must be sufficient to permit reconstruction of individual transactions (including the amounts and types of currency involved, if any, so as to provide, if necessary, evidence for prosecution of criminal activity.
Companies should be required to keep all records obtained through customer due diligence (e.g. copies or records of official identification documents like passports, identity cards, driving licenses or similar documents), account files and business correspondence, including the results of any analysis undertaken (e.g. inquiries to establish the background and purpose of complex, unusual large transactions), for at least five years after the business relationship is ended, or after the date of the original transaction.
Companies should be required by law to maintain records on transactions and information obtained through the customer due diligence measures. The customer due diligence information and the transaction records should be available to applicable domestic authorities upon appropriate authority.
One of the areas which many companies do not consider is that of new and cutting edge technologies to combat corruption. FAFT clearly makes use of new technologies as a part of its overall efforts. It states that companies should identify and assess the money laundering or terrorist financing risks that may arise in relation to (a) the development of new products and new business practices, including new delivery mechanisms, and (b) the use of new or developing technologies for both new and pre-existing products. In the case of financial institutions, such a risk assessment should take place prior to the launch of new products, business practices or the use of new or developing technologies and they should take appropriate measures to manage and mitigate those risks.
On wire transfers and related messages which a company may send out to a third party, it should include originator information, and required beneficiary information and that the information remains with the wire transfer or related message throughout the payment chain. Companies should also monitor wire transfers for the purpose of detecting those which lack required originator and/or beneficiary information and take appropriate measures.
Many of the above areas are currently covered in more traditional anti-corruption/anti-bribery compliance programs, such as those covered by the US Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. However, these FAFT recommendations, with their focus on anti-money laundering, can be of useful guidance to companies to make their compliance programs more robust. I recommend that you read the entire report and adapt some of their suggestions into your compliance regime.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2012