Danger in the Laundry: AML for Lawyers #2
-
Upload
paddy-oliver -
Category
Documents
-
view
219 -
download
0
Transcript of Danger in the Laundry: AML for Lawyers #2
-
7/28/2019 Danger in the Laundry: AML for Lawyers #2
1/4
40 L I J D E C E M B E R 2 0 0 8
M O N EY L A U N D ER I N G
These obligations will apply to practices
which provide designated services. Desig-
nated services have yet to be finalised, but
will most likely reflect the Financial ActionTask Force (FATF) Recommendation 12 3
for lawyers when they prepare for or carry
out transactions for clients concerning the
following activities:
buying and selling of real estate;
managing of client money, securities or
other assets;
management of bank, savings or securities
accounts;
organisation of contributions for the
creation, operation or management of
companies; and
creation, operation or management of legalpersons or arrangements, and buying and
selling of business entities.
ILLUSTRATION JIM TSINGANOS
M
easures are available to miti-gate the money laundering
and terrorist financing (ML/
TF) risks to legal practices (allstructures) and practitioners.1
As all practitioners face ML/TF risks,
not just those who will be regulated by theAnti-Mon ey L aund erin g & Counter-Terro ris m
Financ ing Act2006 (Cth) (AML Act) and theAnti-Mon ey L aund erin g & Counter-Terro ris m
Fin anci ng Rule s 2007 (Cth) (Rul es), thesemeasures should be universally considered.Practices regulated by theAML Act (regu-lated practices) will be obliged to implement
these measures.2 The majority of the meas-ures should be identifiable in a competently
run practice.If the current systems in a practice are
used and built on, it may be that the mitiga-tion of ML/TF risks, and complying withthe AML A ct, will be less problematic than
envisaged. As Tranche Two has yet to befinalised, there may be changes to the obli-
gations under theAML Act.The major obligationsunder theAML ActAt the outset it is important to outline the
major obligations which may apply to reg u-lated practices, namely, to: identify and know your client and to collect
and verify identification information; undertake ongoing client due diligence
throughout the retainer; report suspicious matters to the Australian
Transaction Reports and Analysis Centre
(AUSTRAC); retain records for defined periods; and adopt an anti-money laundering/
counter-terrorism financing (AML/CTF)program.
BARRICADEYOUR FIRM
-
7/28/2019 Danger in the Laundry: AML for Lawyers #2
2/4
41L I J D E C E M B E R 2 0 0 8
M O N EY L A U N D ER I N G
The risk-based approachThe AML/CTF framework under theAML
Actis a risk-based approach, ensuring that
measures to prevent or mitigate [ML/TF]
are commensurate to the risks identified,
allow[ing] resources to be allocated in themost efficient way [and] that the greatest
risks receive the highest attention. 4 This
will allow a regulated practice to leverage
off existing risk management systems and
to design its AML/CTF program to its own
unique risk profile. However, the internal
systems and controls, once designed, should
be prescriptive, allowing for ease of use by
the fee-earners and staff.
The risk-based approach will requi re a
regulated practice to identify, manage and
mitigate the risk reasonably faced with
providing designated legal services to clients
that might (inadvertently or otherwise)
involve or facilitate money laundering or
financing of terrorism: ss84 and 85.
AML/CTF programA regulated practice will be required to have,
and to comply with, an AML/CTF program:
ss81 and 82. An AML/CTF program has two
parts: Part A general; and Part B client
identification: s84. A non-regulated practice
could consider using these as a basis for an
AML/CTF program.
Part A relates to the identification, manage-
ment and mitigation of the ML/TF risks thatthe regulated practice may reasonably face,
including (Ch 8): ensuring systems are in place to assess the
ML/TF risk of designated legal services
provided; screening staff prior to employment and
ongoing screening; training staff in ML/TF risks, internal
systems and processes, and the conse-
quences of non-compliance; and ongoing client due diligence, including the
monitoring of client matters.
Part B relates to client identification proce-
dures and includes (Ch 4): establishing methods for identifying
clients (and their agents), to enable the
regulated practice to be reasonably
LEGAL PRACTITIONERS NEED TO BE PRO-ACTIVE IN
UNDERSTANDING AND REDUCING MONEY LAUNDERING
AND TERRORIST FINANCING RISKS. BY PADDY OLIVER
satisfied that a client is who they claim to
be;5 and collecting and verifying minimum know
your customer (KYC) information.
ML/TF risk assessmentsTo identify the ML/TF risks, an ML/TF risk
assessment (RA) must be undertaken. The
RA will provide the basis for the AML/CTF
program. A robust ML/TF risk assessment
process, and ongoing ML/TF risk manage-
ment, can be built into a practice-wide risk
management system.
The RA is the identification and analysis
of the ML/TF risks before those risks can be
mitigated and managed. An RA should not
be too onerous to undertake, especially as a
practice should undertake similar exercises
with regard to risk management in general.Also, guidance is available to assist practi-
tioners in understanding and undertaking
an RA.6 RAs on client instructions are a task
that most practitioners execute. Any ML/TF
RA should encompass the whole practice, not
just the regulated practice areas.
The factors to be considered in an RA
include business and regulatory risks such
as (Ch 8): the ML/TF risk profile of the firms clients; the ML/TF risk of the ty pe of designated
legal services provided to clients; the methods by which those designated
legal services are delivered (face-to-face
or non face-to-face etc.); the ML/TF risk profiles of the foreign
jurisdictions with which it deals; and risks resulting from the provision of desig-
nated services through permanent offices
in foreign countries.
Business risksClient risk factorsClients with the following ML/TF risk indi-
cators may pose a higher risk to a practice: cash businesses with the potential to
co-mingle legitimate and illegitimate
funds;
complicated business structures which
make it difficult to ascertain the real or
beneficial owners; complex, unusual or uneconomic transac-
tions; and no underlying legal service.
These client ML/TF risks are closely
aligned to the risks overall faced by a prac-
tice. If a practice keeps potential high risk
clients from becoming clients, it reduces the
overall risk profile of the practice and the
ML/TF risk.
Legal services risk factorsCertain areas of legal practice are more
susceptible to use by money launderers or
terrorist financiers. These areas relate to
financial, property and business-type trans-
actions and include:
property transactions; complex financial transactions; complex company or trust arrangements
which obscure beneficial ownership; and cash transactions.
The more complex and opaque a trans-
action, the more difficult it is for law
enforcement agencies to understand the
underlying transaction and to trace the
source of the underlying funds.
Geographic risk factorsA practice must consider the ML/TF risks
emanating from jurisdictions in which it
does business. Jurisdictions with a higherML/TF risk can be ascertained from govern-
ment agencies.7
There are also ML/TF risks from local and
national geographic areas. These a re prob-
ably more significant to practitioners. For
example, does an a rea where the practices
clients reside have a high crime rate or a
high rate of mortgage fraud? Within these
locations there is the potential that clients
may possess, and attempt to use, money or
property that is the proceeds of crime.8
Delivery channel risk factors
There are ML/TF risks in delivering desig-nated legal services to non face-to-face clients,
agents, and via online delivery methods.
-
7/28/2019 Danger in the Laundry: AML for Lawyers #2
3/4
42 L I J D E C E M B E R 2 0 0 8
M O N EY L A U N D ER I N G
UNDER THE RISKBASED SYSTEM, IT WILL BE FOR THE PRACTICE
TO JUSTIFY THE REASONABLENESS OF ITS DECISIONS, SYSTEMSAND PROCESSES TO AUSTRAC OR, POTENTIALLY, A COURT.
Regulatory risksA regulated practice faces regulatory risk
by breaching the civil penalty provisions of
theAML Act. These include: failure to report
a suspicious matter (s41); failure to keep
records (Pt 10); and failure to identify a client
(Pt 2). Regulatory risk is mitigated by putting
systems and controls in place to ensure thatthese obligations are not breached and by
auditing those systems.
Result of the RAThe outcome of the RA will be informa-
tion which will allow the practice to rank
the ML/TF risks as high, medium or low.
The ranking is the product of the chance
of the risk happening (likelihood) and the
impact if the risk happened (consequence).
After ranking, an informed decision can be
made as to the risk mitigation strategy and
controls. One mitigation strategy for high
risks may be to stop providing a service or
servicing a segment of clients. Alternatively,
high risk se rvices and/or clients may have
extra controls placed on them. The practice
may accept all the low and medium ML/TF
risks, but place extra controls around the
medium risks.
Ongoing RAsAfter the initial RA it is important to under-
take regular ongoing reviews of the RA.
There is an obligation, and best practice for
those non-regulated practices, to assess the
ML/TF risk posed by: all new designated legal services (e.g. new
practice areas); all new methods of delivery of designated
legal services; and all new technologies used for the provision
of designated legal services: Ch 8.
Key controls preventionKnow your client and clientacceptance proceduresClient acceptance and due diligence is an
integral part of the process of forming a
contract of retainer, and a key element of
a practices risk management strategy.
KYC and client identification proceduresare obligations in an AML/CTF program
and key controls: AML Ac tPt 2; Rules Ch 4.
help from inside organisations to assist and
facilitate ML/TF. EDD ensures that a regu-lated practice will: determine whether and how to screen
any prospective staff member who, if
employed, may be in a position to facilitate
an ML/TF offence;
determine whether and how to re-screena staff member whose role changes and
thereafter may be in a position to facilitatean ML/TF offence; and
manage any staff member who fails tocomply with the AML/CTF program:
(Ch 8.3).
All staff members, including accountsstaff, fee-earners, solicitors and partners,
should be considered for EDD as there are
ML/TF risks at all levels.
Staff education and awarenessOne of the most important and effectivecontrols against ML/TF risk is the education
and awareness of staff: Ch 8.2 . Staff includespartners, solicitors, other fee-earners andsupport staff. They all need to know and
understand, to differing degrees, what
ML/TF is, the ML/TF risk to the practice,the AML regulatory regime and the AML/
CTF program. Accounts staff are of partic-ular importance as t hey are the gateway to
the practices banking. Launderers have
been known to try to deal directly withaccounts staff in an attempt to circumvent
practitioners.
Key controls detectionTransaction monitoringA transaction monitoring program (TMP)
is a requirement for Part A: Ch 15. A TMPin the context of a legal practice means
ensuring that partners and fee-earnersmonitor matters/transaction when desig-
nated legal services are being provided, to
identify, having regard to ML/TF risk, anytransaction that appears to be suspcious
within the terms of s41. A TMP does not
necessarily require an IT monitoring system;this is especially so in a legal practice where
practitioners are knowledgeable about their
clients and their legal affairs. Once a poten-
tially suspicious matter is identified, theappropriate internal reporting and investi-gation procedures must be carried out.
The concepts are complementary. Client
acceptance procedures include: identifying the client, who is providing
the instructions, and the extent of those
instructions; assessing client risk, including ML/TF
risk; politically exposed persons (PEP)
risk;9prohibited persons subject to sanc-tions risk; conflicts of interest; client
financial risk; location does the client come from a
jurisdiction or area with a higher ML/TF
risk?; work type does the practice carry out the
type of work required?; the ability and capacity of the practice to
do the work to the required standard in the
timeframe available; the client accepting standard, and AML-
related, terms and conditions; and the overall terms of the retainer.
Ongoing client due diligenceOngoing client due diligence (OCDD) is the
obligation to monitor clients with a view
to identifying, mitigating and managing
any ML/TF risk reasonably faced when
providing designated legal services: s36.
OCDD obligations are: systems to determine whether the collection
of further KYC information is necessary; a transaction monitoring program; and enhanced client due diligence (ECDD): Ch 15
ECDDECDD involves extra procedures that a prac-
tice would adopt when a client or matter
meets certain defined risk criteria. In thecontext of legal practice it may be that ECDD
will al ready be standard practice around
retainer management. If a practice has
robust client and matter acceptance proce-
dures, they will most likely cover the ECDD
requirement. ECDD may arise in situations
where the client is new, is a non face-to-face
client or a PEP. ECDD must be applied when
a regulated practice: determines that there is a higher ML/TF
risk; or a suspicion has arisen under s41: Ch 15
Employee due diligenceEmployee due diligence (EDD) is important,as there have been instances of launderers or
terrorist financiers seeking and/or gaining
-
7/28/2019 Danger in the Laundry: AML for Lawyers #2
4/4
43L I J D E C E M B E R 2 0 0 8
M O N EY L A U N D ER I N G
system, it will be for the practice to justifythe reasonableness of its decisions, systems
and processes to AUSTRAC or, potentially,
a court.It is important to keep records of RA
decisions throughout a matter, including
matter opening and periodic assessments.A contemporaneous note is best practice.
AuditingThere is an obligation to independently
audit, internally or externally, the AML/
CTF program: Ch 8.6. A good risk manage-ment system will provide for auditing and
review of the system. Practices should carryout an annual risk audit which includes the
AML/CTF program. A practices ML/TF
risk profile will change over time, just as its
overall risk profile changes. Partners need toknow and understand the risks to allow for
strategic risk decisions to be made. The auditfindings should be included in the annual
AML report to the partners.
AML-related checks can be incorporatedin general file auditing. Is the client accept-
ance and file opening procedure beingcircumvented? Do fee-earners and staff know
and understand the overall file opening
procedure and the importance of the AMLchecks? Is the ML/TF risk being considered
through the life span of the matter or client
relationship?
AMLCOThe AMLCO will be a vital role, both stra-tegic and operational, and therefore should
be a partner with seniority who knows
and understands the risk profile of thepractice: Ch 8.5. The AMLCO has many
responsibilities, the most important beingdecision making around reporting, both
internally and externally; audit and review
of the AML program; and staff training.11A good AMLCO could save a practice from
criminal prosecution or regulatory action,
save its reputation and ensure its continuedsurvival.
Suspicious matter reportingSuspicious matter reporting (SMR) (s41) is
the most controversial obligation under the
AML Actas it impinges on the duty of clientconfidentiality. The only defence to the SMR
obligation will be claiming legal professional
privilege, not client confidentiality: s242. If
a regulated practice forms a suspicion on
reasonable grounds, a subjective and objec-
tive standard,10 it must report to AUSTRAC
within 24 hours for TF suspicions and three
days for all others: s41(2). Practices will need
to train all relevant staff to be aware of what
is potentially suspicious. Robust systems
are required to get the internal reports to the
Anti-Money Laundering Compliance Officer(AMLCO) for investigation as the reporting
times externally are short. The AMLCO will
need to investigate and record the findings,
whether or not the suspicion was reported.
Fraud surveillanceAlthough not anAML Actobligation, it would
be considered best practice to adopt fraud
surveillance systems, especially to identify
mortgage and power of attorney fraud.
Other obligationsand controlsRecord-keeping requirements
Records of designated services, transactionsand KYC procedures must be kept for seven
years: Pt 10. In the case of KYC records,
this is seven years from the end of the client
relationship: s113(2). Currently, files must
be kept for a minimum of seven years, and
many practices keep files for considerably
longer, so some of these requi rements may
be met with relative ease. Care must be taken
when the client relationship is ongoing.
Records must be kept of the adoption
and retention of the AML/CTF program:
s116. This encompasses the initial RA itself
and ongoing RAs. Under the risk-based
ConclusionA robust AML/CTF program based on a
thorough ML/TF risk assessment and linked
to the current risk management system will
provide an effective method to mitigate the
ML/TF risks reasonably faced by a prac-
tice. It may also help improve overall risk
management.
PADDY OLIVER is a lawyer, management consultantand director of legal risk with SSAMM Management
Consulting. He has worked extensively in the areasof risk management, compliance and anti-money
laundering for both legal and financial services organi-sations in Australia and the UK.
Parts and sections in this article refer to theAnti-Money
Laundering & Counter-Terrorism Financing Act 2006
(Cth) and chapters refer to theAnti-Money Laundering
& Counter-Terrorism Financing Rules 2007 (Cth).
1. This article is a sequel to the authors article Danger
in the laundry: risks for all under money laundering laws
(2008) 82(11) LIJ 62. All opinions expressed are those of
the author and are based on materials publicly available.
2. Practitioners are currently regulated by the Financial
Transactions Reports Act1998 (Cth) (FTRA), requiring
reporting of cash payments over $10,000, and will
continue to be so regulated until theAML Ac tsuper-
sedes the FTRA in relation to practitioners.
3. FATF, Forty Recommendations on Money Laundering,
2003, http://fatf-gafi.org/pdf/40Recs-2003_en.pdf.
4. FATF, Guidance on the Risk Based Approach to AML,
June 2007, para 1.7.
5.It is arguable that practitioners should ac tually know
who the client is before forming a retainer.
6. AUSTRAC Guidance Note, R isk Man age ment and
AML/CTF Programs; AS4360:2004, Risk Management.
7.Department of Foreign Affairs & Trade; US State
Department.
8.Criminal Code Act1995 (Cth), Div 400.
9. PEPs are foreign high-ranking government or military
officials, their family members and close associates.
Names of PEPs and prohibited persons are available
from government and commercial watch lists.
10. AUSTRAC, Public Legal Interpretation No 6 of 2008:
Suspect transactions and suspicious matters, para 56.
11. AUSTRAC Guidance Note, AML /CT F Co mpli ance
Officers, 08/02.
The Holmes ListBARRISTERS OF THE VICTORIAN BAR
Licensed by the Victorian Bar since 1992
Ground Floor,555 Lonsdale Street, MelbournePh 03 9225 6444Fax 03 9225 6464DX 88 MelbourneEmail [email protected] 0417 362 010
LPaul HolmesBarristers Clerk
List
www.holmeslist.com.au
The Holmes List welcomes the following Readers:
ANDREW BARBAYANNISAMY BRENNAN
PaulHolmes_4H_1208.indd 1 3/11/2008 10:19:05 AM