Fincrime Briefing: U.K. updates AML rules, new chief at ABN Amro must shoulder AML probe, SEC lays out 2020 exam priorities, including crypto, and more

By Brian Monroe
bmonroe@acfcs.org
January 10, 2020

Quote of the Day: “The soul becomes dyed with the color of its thoughts.” – Marcus Aurelius

In today’s briefing, the United Kingdom updates its fincrime defenses, including capturing art world, new chief at ABN Amro must navigate compliance minefield, SEC details exam priorities, including crypto, fraud, AML, cyber, U.K. creates new group to create, share cyber defense tactics, resources, and more.

Please enjoy this unlocked story, part of the many benefits of being an ACFCS member.

Want to talk about industry trends, story ideas or get published? Feel free to reach out to ACFCS Vice President of Content Brian Monroe at the email address above. Now, on to more sweet sweet content!

REGIONAL SPOTLIGHT: U.K. UPDATES AML RULES

New U.K. AML, counter-terror defenses coming into force, captures pricey art, luxury rentals, tightens beneficial ownership obligations, and more

New, stronger compliance rules came into effect across the United Kingdom Friday, bolstering a host of areas at a greater risk of financial crime, including capturing the typically opaque and shadowy art world, individuals renting luxury apartments and enhancing oversight of gatekeepers.

Those are just some of the critical updates to the United Kingdom’s (U.K.) money laundering and terrorist financing (amendment) regulations 2019 (MLRs), moves by the government to address both longstanding gaps in coverage for certain higher risk industries along with addressing historical illicit bastions for creative criminals.

Her Majesty’s Revenue and Customs (HMRC) is taking a much more taciturn tack with several sectors in the latest broad update to anti-money laundering (AML) rules, including more aggressive oversight of money services businesses (MSBs) – which can include money remitters and currency exchangers, accountants, trust and company service providers and tax advisors, among others.

The key changes for HMRC customers include:

  • money service businesses and trust or company service providers who apply to register from 10 January 2020 will not be able to carry out relevant activity until HMRC has determined their application for registration
  • HMRC will now supervise two new groups of businesses that are subject to the new anti-money laundering regulations – high value items can be a good way of hiding criminal proceeds and laundering money, so the regulations are being expanded to include businesses trading in art and high value letting agents
  • letting agents which rent out property valued at 10,000 euros or more for a minimum of one calendar month, including both commercial and residential property – the online system for these letting agency businesses to register will open in May 2020
  • those in the art market who deal in in sales, purchases, and storage of works of art with a value of 10,000 euros or more, whether this is for a single transaction or series of linked transactions, regardless of payment method used – art market participants can register via the online system from 10 January
  • Businesses must register by 10 January 2021.

Specific changes to the regulations that may affect your business include: 

  • regulation 11(d) provides an expanded definition of what a tax adviser is, which means anyone who provides support with tax matters will now come under the definition of an accountancy service provider
  • regulation 13 (3) to (7) defines letting agency businesses
  • regulation 14 defines what an art market participant is and what a ‘work of art’ is
  • regulation 19 means that businesses need to carry out a money laundering risk assessment of new products, business practices, or technologies before they implement them
  • regulation 20 sets out requirements in respect of business group-wide policies on the sharing of information about customers, customer accounts, and transactions for money laundering/terrorist financing purposes
  • regulation 24 agents of money service business principals who are delivering the regulated business must receive relevant training from their principals
  • regulation 26 (7)(b) sets out requirements to ensure individuals convicted of relevant offences do not act in key roles in regulated firms
  • regulation 27 requires art market participants to apply customer due diligence measures on all transactions of 10,000 euros or more regardless of payment method
  • regulation 27 sets out requirements for relevant persons to apply customer due diligence measures where there is a legal duty under the relevant international tax compliance regulations, or a duty to review information relevant to the risk assessment or beneficial ownership of the customer
  • regulation 28 sets out requirements for measures to be taken to understand the ownership and control structure of persons, trusts and companies as a customer, and to verify the identity of senior managing officials responsible for managing corporate bodies, particularly when the beneficial owner cannot be identified
  • regulation 28 sets out circumstances in which information may be regarded as being reliable and independent of the person providing it where it has been obtained by means of an electronic identification process
  • regulation 30(a) sets out a requirement to check trust and company beneficial ownership registers before establishing a business relationship, and to report any discrepancies found to companies house
  • regulation 33 sets out requirements to apply enhanced due diligence, explains what a ‘relevant person’ is, and what ‘being established’ means
  • regulation 33 extends the factors a responsible person must consider when assessing the risk of money laundering to include whether the customer is third country national applying for residency rights in an EEA state
  • regulation 33 extends ‘risky’ products to include oil, arms, precious metals and tobacco
  • regulation 38 reduces the threshold for which low risk electronic money products can be exempt from customer due diligence from 250 euros to 150 euros
  • regulation 56 explains that money service business and trust or company service businesses who apply to register from 10 January 2020 will not be able to carry out relevant activity until they are registered with HMRC

The update comes as several U.K. government agencies attempt to bolster the countermeasures they deploy directly against criminals, but also create new idea incubation hubs encompassing the public and private sectors to counter the most challenging threats, including cybersecurity, (via the U.K. HMRC).

Monroe’s Musings: These are critical areas for the U.K. to improve when it comes to strengthening compliance and countering a broad array of criminals.

Firms also have a very short turnaround time to make these changes, with regulators stating that some firms may not even be allowed to operate fully until their AML programs are examined and given at least a provisional go-ahead by reviewers.

The undercurrent in this missive is that the U.K. is changing its tone when it comes to AML compliance, going from a country that “gold plates” regulations, but lacked enforcement bite, to a region that weights effectiveness and results much higher than technical compliance to laws on the books. 

COMPLIANCE

ABN Amro picks new chief executive amid money-laundering probe

Dutch bank ABN Amro has chosen Robert Swaak as its new chief executive, turning to the former chairman of PwC Netherlands to guide it through a criminal investigation into potential money laundering and financing of terrorism.

Mr Swaak, 59, will succeed Kees van Dijkhuizen, who is stepping down from the state-controlled lender in April after three years in charge, the Amsterdam-based bank said in a statement on Thursday.

The top priority during Mr Swaak’s four-year term will be to settle a probe by the Dutch Public Prosecution Service into allegations of money laundering.

It alleged in September that ABN failed to carry out sufficient due diligence and monitoring of customers, and failed to report suspicious transactions to the government’s financial intelligence unit.

Last year ABN pledged to spend an extra €220 million to tighten its anti-money laundering (AML) procedures after a series of scandals at local rivals. It said it had tripled staff in areas such as compliance, financial crime and anti-money laundering to more than 1,400 in five years.

The bank has already taken a €25 million provision for potential legal liabilities after announcing the probe. ABN chairman Tom de Swaan said in Thursday’s statement that “high priority” would be given “to the further implementation of improvement programs relating to detecting financial crime, promoting public-private co-operation on detecting financial crime, and compliance with the growing number of rules and regulations.”

The bank’s shares rose about 2 per cent following the announcement of Mr Swaak’s appointment, but are down 22 per cent over the past 12 months, underperforming the benchmark regional banking index.

The appointment comes after an almost seven-month search that started when Mr van Dijkhuizen said in June last year that he would leave when his term finished. A year earlier, Olga Zoutendijk quit as ABN’s chairman after falling out with the government, prompting an investigation by the European Central Bank into the bank’s governance.

Other Dutch lenders have also been embroiled in money-laundering scandals over the past few years.

In 2018 ING, the country’s largest lender, received a record €775 million fine after compliance failings had allowed companies to launder hundreds of millions of euros and to pay bribes.

In the same year Rabobank paid the US government $369 million after it tried to cover up weaknesses in its compliance systems that allowed Mexican drug gangs to launder hundreds of millions of dollars.

Mr Swaak served as chief financial officer, operating officer and management board chairman during his 15 years at PwC Netherlands.

He has a masters degree in corporate economics from Erasmus University Rotterdam, (via the Financial Times). To read the full ABN Amro press release about the new CEO, click here.

Monroe’s Musings: ABN Amro has struggled with a bevy of compliance problems over the past decade, including high-profile sanctions and AML compliance failings in the U.S.

Now, with Nordic and Baltic banks under intense pressure due to the fallout from the Danske Bank scandal, ABN Amro must take a three-pronged approach to dealing with its problems, lest it fall behind.

In short, the bank must: Identify and strengthen historical AML failings, dedicate resources to find tendrils to the current Danske scandal and prepare a holistic, transparent and powerful remediation plan for U.S. and regional regulators. 

SECTOR SPOTLIGHT: SECURITIES IN 2020

SEC lays out 2020 exam priorities, giving more scrutiny to AML programs, crypto-related firms, how firms protect seniors from fraudsters

The country’s top securities watchdog has laid out its exam priorities for 2020, echoing many of the focal points of prior years, including fraud against seniors, crypto-related assets and supposed investments, cybersecurity and financial crime compliance programs, among others.

The Securities Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) will again focus on many of the riskier, emerging and more exotic areas of trading, while also putting more pressure on trading firms, individual brokers and any entity in the stock supply chain to strengthen anti-money laundering (AML) compliance, counter fraud and identify and report on potentially risky behavior.

Here are some snapshots:

Countering fraud against retail investors, particularly seniors

OCIE’s analytic efforts and examinations remain firmly grounded in its four pillars: promoting compliance, preventing fraud, identifying and monitoring risk, and informing policy.

Examinations will focus on recommendations and advice given to retail investors, with a particular focus on: (1) seniors, including recommendations and advice made by entities and individuals targeting retirement communities; and (2) teachers and military personnel.

Additionally, OCIE will focus on higher risk products—including private placements and securities of issuers in new and emerging risk areas—such as those that: (1) are complex or non-transparent; (2) have high fees and expenses; or (3) where an issuer is affiliated with or related to the registered firm making the recommendation.

Examiners will also give more attention to firms tied to penny stock trades, an area that has been ripe for fraudsters related to a range of pump-and-dump and other low-priced securities schemes.

Firms will also have to bolster cybersecurity programs to counter infiltration from external fraudsters along with accidentally being duped into being part of stock scams from hackers gaining knowledge about non-public information that can be used in insider trader schemes.

Digital assets will again garner extra exam time

The OCIE in 2020 will renew its focus on crypto-related securities, noting that the nascent but burgeoning digital assets market presents new challenges to retail investors who aren’t clear related to how these virtual assets differ from traditional securities backed by brick-and-mortar assets. 

“Due to these risks, OCIE will continue to identify and examine SEC-registered market participants engaged in this space. Examinations will assess the following: (1) investment suitability, (2) portfolio management and trading practices, (3) safety of client funds and assets, (4) pricing and valuation, (5) effectiveness of compliance programs and controls, and (6) supervision of employee outside business activities,” the report noted.

The SEC first announced an intention to expand oversight of crypto-related securities in 2018, crypto focus and more clearly stated its plan to monitor market participants in terms of portfolio management, trading practices, safety of client funds, pricing, compliance, and internal controls.

This year, the agency reiterated its 2019 objectives while adding an assessment goal regarding the “supervision of employee outside business activities.”

Enhanced focus on AML compliance to continue

The OCIE will “continue to prioritize examining broker-dealers and investment companies for compliance with their AML obligations.”

Examiners will be reviewing key program areas, including:

  • Whether firms have established appropriate customer identification programs
  • Whether they are satisfying their suspicious activity report (SAR) filing obligations,
  • Conducting due diligence on customers
  • Complying with beneficial ownership requirements
  • Conducting robust and timely independent tests of their AML programs.

“The goal of these examinations is to ensure that broker-dealers and investment companies have adequate policies and procedures in place that are reasonably designed to identify suspicious activity and illegal money-laundering activities,” according to the SEC.

The OCIE also detailed what it considers some of the “hallmarks” of an “effective compliance program,” including adequate training, expertise and authority and active support from the executive and board levels.

“In the course of conducting thousands of examinations of many different types of firms, the hallmarks of effective compliance become apparent,” according to the SEC. “One such hallmark includes compliance’s active engagement in most facets of firm operations and early involvement in important business developments, such as product innovation and new services.”

Another hallmark is a “knowledgeable and empowered chief compliance officer with full responsibility, authority, and resources to develop and enforce policies and procedures of the firm.”

But those must be paired with a “tone from the top,” something echoed loudly in federal regulatory circles and a line mentioned in many high-profile penalties in the banking and securities sectors.

“And perhaps most importantly, a commitment to compliance from C-level and similar executives to set a tone from the top that compliance is integral to the organization’s success and that there is tangible support for compliance at all levels of an organization,” according to the SEC’s enforcement team, (via the SEC).

Monroe’s Musings: The SEC focusing on these areas is not surprising, in fact, it’s expected. 

Crypto has been rising in terms of focus by regulators and watchdogs around the world and there is a major securities component as, in some cases, government bodies have dubbed them securities.

As well, many fraudsters have been trying to engage in classic Ponzi and pyramid schemes, with a crypto twist, in faux initial coin offerings that are just scams to steal money and disappear.

But while the SEC publicly stating it has updated its overarching “priorities” will surely get the trading sector’s attention, the real proof of enforcement, and potentially nudging operations into compliance with dissuasive actions, will be in the number and size of penalties for flouting these rules.

One that issue, stronger enforcement for large and longstanding compliance failures is something that has been rising in recent years from the SEC and its AML exam partner, the Financial Industry Regulatory Authority – a trend firms should well heed when deciding the depth of training, resources and expertise devoted to compliance programs. 

CYBERSECURITY: NEW RESOURCE

In cyber defense world first, U.K. launches the Cyber Security Body of Knowledge to be foundation for cyber training, incubator for ideas from public, private, academia

The United Kingdom in what it is calling a “world first” has launched the Cyber Security Body of Knowledge (CyBOK), which will provide a foundation for cyber security education, training and professional practices comprising, and also being a critical resource, for members of academia, industry and Government.

The 828-page resource has the potential to help organisations to better protect themselves. It covers the foundations of cyber security, ranging from the human element through to issues in computer hardware security.

Launched at a special event at London’s Science Museum, CyBOK was sponsored by the National Cyber Security Centre (NCSC), which is a part of GCHQ, and funded by the National Cyber Security Programme with support from DCMS. The development of CyBOK was led by the University of Bristol.

Chris Ensor, the NCSC’s Deputy Director for Growth, said:

“This guide will act as a real enabler for developing cyber security as a profession. It’s been developed by the community, for the community and will play a major role in education, training and professional practice.”

The next stage of the CyBOK project will see the guide being used by those designing university education and professional training courses in the UK and globally.

The CyBOK project is overseen by a steering committee comprising international experts from industry, professional bodies and academia, (via the U.K. National Cyber Security Centre).