Archives

A Regulator's Perspective

Presentation delivered by the Assistant to the Governor of the Central Bank of Sri Lanka Dr. Ranee Jayamaha at a seminar on "Know Your Customer (KYC) to prevent money laundering" jointly organised by the Ceylon Chamber of Commerce and the Sri Lanka Association of Securities and Investment Analysts (SLASIA) at the Ceylon Chamber of Commerce auditorium recently.

Many of these best practices in relation to the adoption of Customer Due Diligence (CDD) and Know Your Customer (KYC) by Banks and Financial Institutions, if adopted, would no doubt raise the levels of Sri Lanka's financial services industry profile and protect its integrity by reducing the likelihood of or becoming a victim of financial crime, and the consequent sufferings of reputation damage. Indeed, ensuring compliance with these best practices is a significant responsibility cast on regulators and supervisors and is a practical difficulty for Banking and Financial Institutions (BFIs). BFIs would be required to keep constant vigil on their customers and regulators and supervisors on the institutions they supervise.

The CDD and KYC are closely associated with the fight against money laundering and the Financial Action Task Force (FATF), which is an inter-governmental body that develops and promotes these policies, is promoting them. Most CDD and KYC policies are dealt with in the new FATF 40 guidelines, which recognise that CDD is an important component of any financial institution's anti-money laundering process. These guidelines have been revised recently but the number remains unchanged at 40. Together with 8 regulations on terrorist financing, they are well-known as "FATF 40 + 8".

The CDD and KYC guidelines are now internationally recognised as critical elements in the effective management of BFIs' risks in that they constitute an essential part of sound ricks management, say for example, by providing the basis for identifying, limiting and controlling risk exposure in asset and liability management. That's why FATF guidelines specifically require the identification of customers and appropriate record keeping by making it obligatory on the part of BFIs.

They should identify and verify the identity of the beneficial owner and perform the necessary due diligence, having regard to current best practice. KYC is, therefore, a co-feature of BFI's risk management and control procedures and is complemented by regulatory compliance, reviews and internal audits. All BFI's therefore, are required to have in place adequate policies, practices and procedures that promote high ethical and professional standards and prevent BFI's from being used intentionally or unintentionally by criminal elements.

Key Elements of CDD Process and KYC Policy

The CDD requires BFIs to identify the direct customers, i.e. to know who the person or legal entity is; verify the customer identity by using reliable independent source documents, data or information; identify beneficial ownership and control; verify the identity of the beneficial owner of the customers and/or the person on whose behalf a transaction is being conducted; and conduct ongoing due diligence and security.

Compliance with customer identification also involves: identifying a customer when business is first established; monitoring to ensure that a customer does not carry out occasional transactions above a certain threshold, and watching of fund contact between staff of financial institutions and their customers.

These developments, whilst enhancing customer services and economic efficiency, provide money launderers with additional opportunities that financial institutions need to address. Consideration needs to be given to the nature of the potentially higher money laundering risk in this regard.

Reliance on Third Parties to Perform Identification

The issue of "eligible introducers" is part of a wider issue, namely, the financial institution accepting the customer and relying on third parties to perform certain elements of the due diligence process concerning identifying customers and verifying identity. In practice, the reliance on third parties often occurs through introductions made by another member of the same financial services group, or in some jurisdictions, from another financial institution or third party. It may also occur in business relationships between insurance companies and insurance brokers/agents or between mortgage providers and brokers.

In addition, BFIs should conduct periodic reviews to ensure that an introducer, which it relies on, continues to conform to the criteria set out in the Law. The International Association of Insurance Supervisors (IAIS) has also issued guidance on this issue in January 2002. The insurance entity can then rely upon the third party introducer to verify identity if the introducer is:

(i) A professionally qualified person or independent financial adviser operating from an acceptable jurisdiction; (ii) The insurer is satisfied that the rules of his/her professional body or regulator include ethnical guidelines, which taken in conjunction with the money laundering regulations in that jurisdiction include requirements at least equivalent to the Guidance Notes; and (iii) is reliable and in good standing and the introduction is in writing, including an assurance that evidence of identity has been taken and recorded.

Other Specific Issues requiring Clarification

This requires BFIS to identify all customers, including existing customers, but on the basis of materiality and risk assessment. If a BFI becomes aware that it lacks sufficient information on an existing customer, it should take steps to ensure that all relevant information is obtained as quickly as possible, within a reasonable time period.

Suspicious Transactions reporting

FATF's latest guidelines address issues concerning suspicious transaction reporting. It is now well recognised that FIUs have an essential role to play and that they be set up in every country under their respective Anti Money Laundering Laws. The FIU would be a central, national agency responsible for receiving, analysing and disseminating to the competent authorities, disclosures of financial information regarding suspected proceeds of crime or information required by national legislation or regulation in order to counter money laundering. The FIUs in turn should give a feedback to the reporting agencies indicating the quality of information received by the FIU and suggesting further improvements, if needed. The FIU should also be empowered to exchange information with other foreign supervisory and regulatory agencies.

Regulation and Supervision

BFIs should report to regulatory and supervisory authorities on the following:

* CDD procedures, including a description of the types of customers that are likely to pose a higher than average risk, customers' background, country of origin, public or high profile position, linked accounts, business activities or other risk indicators;

* CDD procedures that require more extensive due diligence for higher risks customers including basic account opening requirements even for an individual with a small account balance;

* extensive CDD for high networth customers, including PEPs.

Regulatory and Supervisory Role

Many of the KYC policies and supervisory guidelines set out for banks by the Basel Committee are equally applicable to other financial service providers, such as insurance companies, stock markets, debt markets, investment companies, unit trusts, venture capital companies, etc. The Central Bank, the SEC, the Insurance Board and all other regulatory bodies will have to be responsible for ensuring the compliance by BFIs of the CDD and KYC. Many of the supervisory requirements will be included in the proposed Anti-Money Laundering Law. In general, supervisors and regulators are expected to ensure that BFIs have adequate controls and procedures in place, so that they know the customers with whom they deal. To effectively perform the supervisory role, countries are obliged to have an effective FIU and establish adequate cooperation and coordination between and among all, relevant supervisory authorities.

Specifically, regulatory and supervisory authorities may:

(a) adopt any necessary measures to prevent or avoid any person who is unsuitable from controlling, or participating, directly or indirectly, in the directorship, management or operation of the financial institution;

(b) examine and supervise the financial institution, and regulate and verify, through regular examinations that a financial institution complies with the requirement of the AMLL laws;

(c) ensure that BFIs adopt adequate risk management controls in relation to money laundering and suspicious transactions;

(d)impose requirements to ensure foreign financial institutions, their branches and subsidiaries adopt and observe measures consistent with the provisions of the local AML and regulations. Where the foreign branch or subsidiary is unable to adopt and observe such measures, the host supervisory authority should report the matter to the financial institution's home country supervisor;

(e) issue guidelines to assist financial institutions to detect suspicious patterns of behaviour in their customers; and

(f) cooperate with law enforcement agencies, FIU and foreign and domestic supervisory agencies in any investigation, prosecution or proceedings relating to a serious offence, a money laundering offence, and an offence of the financing of terrorism or any offence under the AML laws;

(g) disclose information relating to property of terrorist groups or property used for commission of offences under the Money Laundering and Criminalisation Acts. Supervisors are also expected to ensure that KYC standards are adopted in a cross-border context. Supervisors should ensure that parent banks of foreign bank branches communicate their policies and procedures to their oversees branches and subsidiaries, including non-banking entities, such as trust companies and have a routine for testing compliance against both home and host country's KYC standards.

External auditors will check such compliance tests by supervisors. to enable supervisors to acquire information, they should not face any impediments at on-site inspections.

Similarly, the home supervisors of foreign banks should continue to communicate with host supervisors and other relevant authorities and obtain confirmation whether there are any genuine legal impediments and whether they apply extraterritorially. In essence, host country supervisors should have no restrictions in accessing foreign bank information in so far as they relate to money laundering.

www.crescat.com

News | Business | Features | Editorial | Security
Politics | World | Letters | Sports | Obituaries

Produced by Lake House
Copyright © 2003 The Associated Newspapers of Ceylon Ltd.
Comments and suggestions to :Web Manager