Updated Guidance from the Supervisors

As signalled in last week’s newsletter, the AML/CFT Supervisors have released new and updated guidance:

New:

• Lawyers and Conveyancers Guideline
• Enhanced Customer Due Diligence Guideline (EDD Guidance)

Updated:

• Identity Verification Code of Practice (IVCOP) – Explanatory Note
• Designated Business Group – Scope Guideline
• Designated Business Group – Formation Guideline
• In the Ordinary Course of Business Guideline

All of these documents are available in the Resource Centre section of our website.

The updated guidance essentially reflects changes to the Act as part of Phase 2 including new definitions. The exception to this is the updated Explanatory Note to the Identity Verification Code of Practice which seeks to clarify the application of electronic identity verification (EIV) under this code.  This is required reading for any entities that currently use, or may be considering using, EIV in their AML/CFT Compliance Programmes.

We are currently digesting the guidance and will be liaising with the AML/CFT Supervisors to clarify some of the material. In the meantime, we provide some initial thoughts on the EDD Guidance below.

EDD Guidance

After much anticipation, the EDD Guidance has been released and is mandatory reading for all AML/CFT Compliance Officers. As expected, this is not in the form of a code of practice (and, as such, it does not provide a ‘safe harbour’ like the IVCOP) but rather seeks to provide clarification and guidance around the application of EDD. The EDD Guidance does a good job of capturing the interplay between EDD, an entity’s AML/CFT risk assessment, the collection of information on the nature and purpose of a business relationship, and ongoing CDD (including account monitoring).  Too often reporting entities fail to see how each of these areas flow into each and treat each as essentially separate obligations or processes.

Some of the key messages in the EDD Guidance:

• Reasonable steps to verify source of fund/wealth (SOF/W) information does not mean “no steps” (see para 33), that is, you must do something to verify the SOF/W information collected.
• In addition to collecting and verifying SOF/W, when conducting EDD, you may also need to use increased or more sophisticated measures to verify information collected for the purposes of verifying name, date of birth and address (see para 57). An example of how this may apply in practice is included in the Lawyers and Conveyancers Guideline (see pages 35-36).
• To comply with the IVCOP, you must have appropriate exception handling procedures in place, for circumstances when a customer demonstrates they are unable to satisfy the requirements of the IVCOP. However, this does not apply to EDD due to the higher risk of ML/FT (see para 61).
• The EDD Guidance reinforces the requirements around termination of existing relationships where EDD cannot be completed (see paras 41-44). In addition, the EDD Guidance suggests that to reduce ML/FT risk, when you terminate a relationship where funds or other assets have been received, you should return the funds or assets to the source from which they were received (see footnote 18 on page 8).
• The circumstances of the customer and the reason for suspicion (where applicable) will dictate whether you seek confirmation and verification of source of funds or source of wealth or both. It is not an ‘either/or’ exercise – where the concern is around source of funds, comfort around the source of wealth will not be sufficient and vice versa.
• The EDD Guidance is clear that you need not account for all of a customer’s wealth but:
  • you must develop an understanding of the size and nature of your customer’s overall wealth and how it was acquired; and
  • you must be satisfied that the nature and size of your customer’s wealth matches what you know about them (see paras 99-101).
• The EDD Guidance suggests that documentary information to support EDD should be certified (see para 106).

There are no shortcuts here – each reporting entity will need to consider the guidance and how it will practically apply EDD. This will include an examination of risk assessments at an entity and customer level, procedures around standard CDD (including collection of nature and purpose of a business relationship) and ongoing CDD.

If you would like assistance with improving your enhanced CDD policies, procedures and controls in your business, please contact us.