AML can be easy

I often have calls from accountants who are panicking about their supervisory visits. They’re either aware that they’re not fully compliant and want to avoid a fine. Or they’ve received a poor assessment and need to shape up.

Until the point that they call, most of them haven’t really given their AML a second thought. They collect their clients’ details along with a copy of a passport because that’s what they’ve always done.

It’s only when faced with the possibility of their AML processes being put under the spotlight that they take the time to analyse what they’re doing and realise that it’s not up to scratch.

Suspicious activity reporting

All your AML activity boils down to this: Can you effectively detect money laundering (ML), terrorist financing (TF) or proliferation financing (PF) in your firm and do you have the information necessary to file a comprehensive report to the National Crime Agency (NCA) using a Suspicious Activity Report (SAR)?

If the answer’s no, then your AML compliance, risk management and education aren’t doing their job, and you need to review them with urgency.

Every employee, agent and member of senior management in your firm must understand the correct procedure for this process, including being trained in what constitutes suspicious activity, how to identify it and the specific information needed by the NCA.

Make it simpler for yourself

Compliance with The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 is not optional. It’s a legal requirement for all accountancy professionals. The regulations not only help combat financial crime and promote ethical business practices, they are also there to protect you, your business and your employees.

Failure to comply can lead to severe penalties, including fines, disciplinary action and even imprisonment.

You can make it much easier by following all your responsibilities set out in the Regulations. When you have all the correct processes in place and everyone in the business is working to the same aims, you should be able to effectively and efficiently identify and manage any ML, TF or PF risks.

Training employees and agents in AML policies, control and procedures (PCPs)

Education is a critical aspect of AML compliance. After all, if your employees and agents acting for you don’t fully understand what they should be doing and why, your firm will have lots of weak links in the AML chain.

Training should cover a broad range of areas, from recognising red flags to understanding your firm’s specific legal obligations to sector-specific risks. Make sure training is updated to incorporate the latest changes to regulations or sector guidance.

Conducting a firm-wide risk assessment

Your firm’s risk assessment is at the heart of understanding where its biggest risks are, allowing you to take a risk-based approach and direct resources to where you need them most. They involve the systematic evaluation of potential risks faced by your firm and posed by your clients.

In firm-wide assessments, you need to consider the entire scope of your business operations to determine which of your services, or types of clients, present the highest risk. This will identify areas of vulnerability and the outcome must determine your internal AML policies, controls and procedures.

You need to conduct this assessment regularly, at least annually or when your firm’s situation changes. Take into account factors such as changes in your clients’ business activities, geographical locations, transaction volumes and the nature of your relationship with clients.

Creating your firm's PCPs

You must have robust AML PCPs in place to prevent, spot and report ML, TF or PF, which are specifically tailored to your business and the risks it faces and the risks your clients present. This involves devising a comprehensive strategy that ensures consistency and compliance throughout all levels of the firm.

Take time to clearly define each policy, control and procedure, addressing each potential risk associated with ML, TF and PF. Look to industry best practices and regulatory advice to shape your PCPs and regularly review and update them (at least annually) to mirror the changing landscape of AML regulation.

Onboarding and performing Client Due Diligence (CDD)

Onboarding is the start of your business relationship with your client and before you start your work with them. There are several stages involved.

Identification

The first stage is gathering information about the identity of the client, the purpose and nature of the intended business relationship and the source of funds. In the case of companies and other organisations you must establish the identity of who ultimately owns or controls the client, the UBO.

Client risk assessment

The next stage is to carry out an initial risk assessment based on the information gathered about the client.

Client risk assessments involve evaluating the potential risks and vulnerabilities that a client may pose in terms of money laundering, terrorist financing and proliferation financing.

You should consider a number of factors such as:

• The client's business activities and industry
• The geographic location of the client
• The complexity of the client's ownership structure
• The client's potential exposure to high-risk jurisdictions, industries or individuals

The outcome of this risk assessment may prompt you to gather additional information to complete stage one (identification) and will help you to adopt the risk based approach to determine the appropriate levels of CDD, ongoing monitoring, and other steps required to mitigate any potential risks.

Verification

The third stage is to gather evidence of your client’s identity from an independent and authoritative source. You need to be able to demonstrate that what you’ve been told is true.

Knowing who your client is AND being able to demonstrate they are who they claim to be is essential as the NCA will need accurate details should your client raise suspicion or you obtain knowledge of any AML criminal activities. Once you have completed verification, you may need to update your risk assessment.

Client Due Diligence

The level of CDD required depends on the assessed risk level of the client (the risk based approach). I would recommend that you adopt a set approach to your initial CDD tailored to your firm’s circumstances. This level of CDD must include a check of the UK’s Sanctions lists, to make sure your client isn’t subject to any economic restrictions imposed by national or international authorities.

For high-risk clients, you’ll need to perform Enhanced Due Diligence. This includes gathering additional information and, as far as reasonably possible, examining the background and purpose of the engagement, as well as increasing the degree and nature of monitoring of the business amongst other measures.

The Regulations give the option of carrying out Simplified Due Diligence (SDD) for very low risk clients. There is no explanation of how SDD can be carried out, however, so I recommend using your set approach to CDD unless EDD is required in high risk situations.

Using tech to keep it simple

AML is an ongoing commitment that requires vigilance, due diligence and continual learning. Developing comprehensive PCPs, conducting accurate business and client risk assessments, maintaining rigorous CDD, providing excellent training and effectively reporting suspicious activities are not just regulatory requirements. These elements are the backbone of ethical professional practice in accounting.

The good news is that, while the thought of implementing all of this might be overwhelming, there is technology out there to help you. Some providers offer a solution to one part of your AML challenges: KYC software, for example, will provide different levels of client identification and verification. However, you must ensure that you are competing every step of your legal obligations. AMLCC offers every tool you need to complete all of your legal obligations.

By fully embracing AML, you can convert what appears to be a regulatory burden into a competitive advantage. Disciplined compliance not only safeguards against punitive action by your supervisor, or legal action against yourself, but also raises your firm's professional standards, contributing to the credibility and reliability of the industry as a whole.

Richard Simms, MD of FASimms and AMLCC, is a licensed insolvency practitioner, chartered accountant and a leading authority on anti-money laundering. He is a sought-after guest at accountancy and AML conferences worldwide due to his knowledge of changes in guidance and legislation that impact DNFBPs.

To discover how AMLCC could help keep your firm compliant, visit www.amlcc.com