June 29, 2021

Edwin Hers – June 2021

Authorities are showing their teeth. Multiple financial institutions have settled with the authorities over the last couple of years related to inadequacies in their KYC frameworks, requiring them to pay many millions of euros in fines among them ING (775 million euros in 2018), ABN AMRO Bank (480 million euros in 2020) and Rabo Bank to follow soon. It doesn’t stop there, the authorities have now also started criminal proceedings against employees, primarily senior managers who they hold accountable for inadequacies in the KYC policies and procedures. It has sent a shockwave through the financial world and as a result not only the “big three” in the Netherlands as mentioned before but the financial sector as a whole has hired thousands of staff to run existing and new customers through the CDD process. Most of these employees have no previous experience or background in CDD and must get productive in the short term, given the tremendous pressure to (re)visit the complete customer base through CDD. As a result, most staff are being put to work with little relevant knowledge to begin with.

Banks make life easy for themselves by streamlining the process as much as possible, running them through standardized steps often with a proposed risk rating at the end. It may be efficient, but does it make an analyst do what they are supposed to do? Analyse information and assess risks? Too often analysts feel they are conducting a “tick the box” exercise. Where they expect to work on analysing risks, they spent much of their time collecting and/or inputting data in the systems. Given the pressure to deliver output there is little time to really look at the customer and “see” the real risks involved. It leaves many of the analysts disillusioned as many of the staff hired have recently graduated and expect more challenging work. As a result the turnover of junior analysts is very high.

Other than allowing more time for the “real” analytical work more training is needed for analysts to be better able to recognise risks/red flags, or in other words make them “see”.

In general more emphasis should be put on the following areas:

The purpose and nature of the customer

Understanding the customer starts by understanding the business activities and the business model of the customer.

Assessment of the ownership and control structure

The major part of financial economic crime is committed through legal entities. Criminals often set up complex ownership and control structures with various entities in different countries, immediate and multiple intermediate parents (multiple layers) and often the ultimate parent(s) is incorporated in offshore centres as it provides a high level of secrecy. Structures like these hinder following/monitoring the money flows very much as obtaining information cross border is time consuming and cumbersome (usually through authorities that subsequently must contact foreign authorities and obtain their cooperation to obtain information).

Although there may be legitimate reasons/motives for the set-up of such complex structure for instance tax avoidance, other than looking into the rationale of the structure, strong emphasis must be put on obtaining sufficient assurance that the UBO(s) identified is indeed the real UBO and not a stand-in as a nominee shareholder. Background checks are critical but also assessing the Source of Wealth of the UBO(s) in general besides obtaining information on the financial flows related to the purchase of economic entitlement shares/voting rights in that entity. The latter can sometimes indicate that the amounts involved have not been transferred by the UBO that presents him-/herself as the UBO but originates from the real UBO.

UBO connection(s) with Politically Exposed Persons

Politically exposed persons form a risk in terms of corruption and bribery. Oftentimes they like to hide their association with an entity through concealment of ownership for instance by means of a (informal) nominee shareholder. With any PEP in the structure irrespective of the position, solid screening and determining the rationale of that PEP in that position is paramount. Other (in)formal connections between an entity, its UBOs and/or directors can be discovered by PEP screening on the individuals. If any of those is a known close associate to a PEP, the known data vendors such as Worldcheck or Fircosoft should reveal that.

Thorough attention to the Expected Transaction Pattern.

(Post) transaction monitoring of transactions by customers can benefit a lot from understanding the financial flows through the customer. This consists not only a good overview of where the incoming money flows originate from (Source of Funds in terms of sales/turnover, interest receipts or dividends) as well as the main counterparts involved but also where the outgoing money flows are directed (let us call this the Destination of Funds) in terms of payments to suppliers, (intercompany) payments in the form of interests, loan repayments and dividends. Especially if money flows are expected with offshore companies there may be reason to further investigate the underlying documentation such as the loan agreement etc.

In terms of training the ability of analysts not only to be able to look but more so “to see” can be much improved by focussing on the following training areas:

  • The known money laundering schemes and set-ups as well as recognition of elements that may indicate such schemes.
  • Knowledge of the various entity types in particular in terms of the way they are controlled/governed.
  • Ways to conceal ownership.

Other than delivering knowledge content on the above mentioned training areas, case studies are the best way to allow participants to relate the content to real life situations that they may come across in their daily work.

As long as so many institutions have to work on a tremendous back-log of customer files to be CDD (re-assessed) and much administrative labour still goes into it, demand for CDD analysts will remain strong. Though in some years from now when the backlog will have vanished and much of the administrative work will have been automated, fewer analysts will be needed. They however will need to be of a considerably higher knowledge skills and analytical level. Today we should already start training these analysts of the future. Those that will not only “look” but also will be able to “see”.