Anti-money laundering fines reach record highs: Four experts tell you how to protect your organisation

The fines come amid a spike in financial crimes during the pandemic, ongoing anti-money laundering (AML) investigations and general concerns about the integrity of the global financial system. The widespread crackdown on money laundering has affected institutions across the globe. Regulations are evolving, and organisations must provide an increasing amount of information related to ultimate beneficial ownership, the sources of funds and more when opening a bank account, transferring funds and engaging in other transactions.

To get a better understanding of AML trends now, we interviewed four experts based in different jurisdictions. Desmond Ko has worked in international finance for over 25 years. Based in Hong Kong, as Vistra’s head of client acceptance in North Asia. Orestis Mourtzis, head of legal and regulatory advisory, works in Vistra’s Frankfurt office. He has more than 10 years’ professional experience in regulated and unregulated environments. Frederike Sips-Brons is a lawyer with over 20 years’ experience in the corporate services industry. She is Vistra’s head of legal services in Amsterdam. Krzysztof Wojcik is head of legal and corporate secretarial services in Poland. He specialises in corporate and labour law, and provides advice on capital investments, fundraising and other matters.

Over 200 countries have committed to implementing recommendations developed by the Financial Action Task Force, a global money laundering watchdog. Related regulations are often referred to as AML/CFT — or anti-money laundering/combating the financing of terrorism. What are some of the most important compliance elements of these regulations across jurisdictions?

Orestis: The FATF recommendations are commonly accepted, not only by legislators and auditing supervisory authorities, but by multinational operating companies themselves. So with a few exceptions, it’s now possible to speak of a global minimum standard that can be applied by an organisation, whether or not it is strictly speaking regulated by AML/CFT regulations.

Krzysztof: In Poland, the implementation of AML/CFT regulations happens to be combined with the implementation of tax regulations. The most significant AML/CFT requirements relate to KYC procedures. It’s worth mentioning that in Poland there are three levels of legislation and implementation. The first is official state legislation, which generally follows EU directives. The second is made up of resolutions and recommendations from official bodies such as the Polish Financial Supervision Authority [KNF] and the Polish Bank Association [ZBP]. The third is comprised of the internal regulations of each financial institution, including banks and insurance companies, to name two types. The second and the third levels are actually the most restrictive.

Frederike: The Netherlands has adopted the Money Laundering and Terrorist Financing (Prevention) Act [Wwft], which is derived from the European AML Directives. The Wwft contains provisions on customer screening, identification and verification, along with the reporting of unusual transactions. It aims to maintain the integrity of the financial system and has a risk-oriented approach. This means that entities themselves must assess the risks associated with certain customers and/or products. The Wwft does not prescribe how an entity must achieve a result, it only describes the required result.

That said, all parties subject to the Wwft are required to report unusual transactions to the Financial Intelligence Unit, the Netherlands [FIU] on the basis of objective or subjective indicators. Also, as of September 2020, legal entities — but also partnerships and soon to follow trusts and other types of legal arrangements — must register one or more UBOs [ultimate beneficial owners] with the Dutch UBO register, which is publicly accessible. This is a key factor in creating transparency and tracing ultimate beneficial owners.

Do AML/CFT regulations vary significantly by country, and if so can you provide any examples?

Orestis: In the EU there are no significant AML/CFT rule deviations among member states. There are however administrative differences. For example, state registers — and those who are authorized to prepare and arrange filings — differ by member state. So, the individuals and institutions that are involved in the regulatory process vary by country, and each member state safeguards the EU’s AML/CFT principles in its own way.

Desmond: In the APAC region we’ve seen a high level of cooperation among AML regulators, including an increase in the exchange of information. Generally speaking, regulators want to be cooperative and flexible to account for the digital economy while preventing money laundering and promoting transparency.

KYC, or know-your-customer, rules are closely linked to AML regulations. Are they synonymous?

Krzysztof: AML rules focus on knowing your customer. Other parts of AML regulations address identification and reporting. You should be able to identify the risk of money laundering and report it in a prescribed manner, and KYC is part of the due diligence process. KYC steps usually end the AML process, but they may lead to further AML-process steps.

Orestis: I’d emphasise that KYC-procedures are probably the most important part of AML regulations. KYC procedures help a vendor get to know their clients, and also their clients’ company structures and business models. Essentially, the KYC process helps the vendor and client meet each other’s expectations.

The process also represents the beginning phase of trust within a business relationship. The fewer hurdles there are in the process, the more quickly trust is established. So while the steps are regulatory in nature, they have a direct influence on the working relationship. If a client doesn’t want to disclose the company structure, right down to a possible economic beneficiary, this can disturb or even dissolve the business relationship.

Frederike: I think of the KYC process as enabling companies (but also service providers and funds) to take a risk-based approach to AML, so they know who their customers are and what level of money laundering risk they present. In situations where a customer presents a particularly high risk of money laundering, the KYC process should involve enhanced due diligence [EDD]. This may involve collecting additional customer identification materials, verifying the source of customer funds and taking other steps to assess money-laundering risks and take mitigating measures.

Could you describe the importance of determining the ultimate beneficial owner in the KYC process, and why it’s often a time-consuming process?

Frederike: UBO and counterparty identification increases transparency in the financial services industry, lowering the risk of laundering money and the financing of terrorism. The Dutch UBO register makes clear who is really in charge of organisations founded in the Netherlands, so that persons who have engaged in financial-economic crimes can’t hide behind those organisations. Because the register is public, it allows you to perform a more thorough check of your business partners.

Dutch UBO legislation is relatively new, however, and without expert guidance it’s sometimes difficult to classify the UBO and gather supporting documentation. It’s also true that some clients may need to disclose more information than they would like, for example if their structures are established for the purposes of estate planning or maintaining privacy.

Krzysztof: Determining the true UBO is a basic goal of the KYC procedure. In theory, this determination should not be a complicated task, but in practice it can be difficult for at least a couple of reasons. One is that the legislative definition of what constitutes a UBO may be complicated. In some non-standard cases, there can be doubts about the accuracy of a UBO determination. The other reason is that ownership structures are often complicated.

Orestis: That point about the complexity of some ownership structures is an important one. In some cases, a structure may be complex for the purpose of tax optimisation or a desire not to disclose personal information or the source of funds. But it’s important to add that complexity alone does not make a structure illegal. Cross-border structures, for example, are inherently complex.

According to a recent study, authorities issued over USD2.2 billion in fines last year, five times more than the year before. What are some of the reasons for this increase, and do you see it as an anomaly or part of a wider trend?

Desmond: I see it as part of a wider trend of promoting transparency and risk assessments. Anti-money laundering is at the forefront of regulators’ agendas, along with environmental, social and governance [ESG] and blockchain and digital assets [BDA] issues. They’re also looking to promote operational resilience as we emerge from the pandemic.

Krzysztof: In Poland, insisting on business transparency is a new trend, but it’s one that appears to be here to stay. The government wants more insight into local entities, and I believe high-value fines will be given in Poland. Public notaries were one of the first professions obliged to follow the AML rules. When authorities eventually audited them, they found widespread non-compliance and imposed many fines.

Frederike: Supervisory bodies have increased their scrutiny and their fines, and I believe this is not an anomaly but a trend. That said, local authorities’ ability to monitor and audit institutions is limited by their available resources.

What are some significant AML-related changes or trends in your respective jurisdictions?

Orestis: Germany has adopted related EU directives and their updated versions [EU/2011/16; EU/2018/843; EU/2019/1153]. Among other things, these changes have increased reporting and filing obligations for market participants. To take an example, Germany’s Transparency Register has existed since 2017 and initially was intended only to identify ultimate beneficial owners who were not reflected in other applicable local registers. But its requirements have evolved. The form has been updated accordingly, and now collects information on, for example, “fictitious beneficial ownerships” and the nationalities of UBOs as well. 

Frederike: The Dutch Implementing Act for the trust register is under consultation. The draft bill outlines requirements for registering the UBOs of trusts and other legal arrangements. It’s the Netherlands’ second UBO implementation act and is expected to be adopted by the end of 2021.

Krzysztof: The most noticeable phenomenon in Poland is the huge emphasis on KYC and local banks’ perceived risks of money laundering. Many banks terminate bank account agreements even with long-time customers who, if only by certain characteristics, are identified as high-risk. KYC procedures are increasingly strict, and the amount of information that must be provided to banks is increasing almost every month.

What do you think multinationals should be most concerned about now in this area?

Krzysztof: It’s becoming more difficult to transfer money by wire, particularly if the amount is significant or if the entities don’t have bank-recognised business relations. If you’re planning a significant money transfer, you should be ready to provide the bank with documentation explaining the legal basis for the transfer. I’ve witnessed several transaction postponements due to AML procedures. This underscores the need to contact the bank early and ensure you provide it with the required information.

Orestis: Most multinationals will be comfortable fulfilling AML filing obligations when opening a simple bank account. Of course, an inability to fulfil these requirements should be cause for concern!

Frederike: I agree about the general comfort level when fulfilling these requirements. You can even view the requirements as an opportunity to raise corporate standards, assuming you have access to relevant expertise and enough resources.

Are there any important considerations in this area that our clients routinely miss or don’t know to ask about?

Orestis: It’s difficult to make a general statement here because each business model calls for different solutions. That said, you’ll want to aim for a holistic solution that will allow you to compliantly and effectively carry out your business activities. You’ll of course need to register your company in a compliant way, but you’ll also want to safeguard your tax and trade positions, to give two examples of important considerations.

Frederike: Enhanced due diligence is also critical, and it can be time-consuming, especially for complex structures. Maintaining a good paper trail is important for audit purposes.

Krzysztof: Some clients believe KYC rules can be completed solely on the basis of the clients’ own statements. That was the case some time ago, but in Poland now, you must provide documentation, including official excerpts from registers, internal company documents, passports and more. If your organisation has a complicated structure, you may need considerable time to collect the required documents. Until you do, you won’t be able to use your bank account. The process is further complicated by the fact that compliance departments are now overloaded.

If you could only give one piece of advice in this area, what would it be?

Frederike: Start with gathering, updating and organizing your KYC information and data. Also, establish an effective process for screening your counterparties — including investors, clients, suppliers and/or targets — and for monitoring them on an ongoing basis. Technology can be a big help, but it’s not a substitute for gathering good data and implementing effective work processes.

Desmond: I would encourage compliance officers to strictly monitor changing regulations. As we’ve seen, AML/KYC regulations in particular are evolving rapidly. To monitor regulations effectively, and to fulfil related obligations and leave clear audit trails, officers should embrace new technologies.

Krzysztof: Remember that above all, AML/KYC regulations promote transparency. You should always be prepared to provide documentation proving your UBO and the details of any transactions.

Orestis: Transparency is indeed critical in this area. This is true when preparing and submitting documentation to banks or when working with a third-party AML expert. Only a relationship based on trust and clear communication can produce satisfactory results for all parties.