is the process by which criminals attempt to conceal the true origin and ownership of the proceeds generated by illegal means, allowing them to maintain control over the proceeds and, ultimately, providing a legitimate cover for their sources of income.
involves 3 main stages:
- Placement – where cash obtained through criminal activity is first placed into the financial system.
- Layering – where the illegal cash is disguised by passing it through complex transactions making it difficult to trace.
- Integration – where the illegally obtained funds are moved back into the legitimate economy and is now ‘clean’.
There are five basic offences:
Acquiring, possession or use of criminal property.
Concealing or disguising or transferring criminal property, or removing it from the country.
Failure to disclose knowledge or suspicion of .
Failure by a financial services business to meet their obligations under regulations.
‘Tipping off’ means to carry out any action that may make suspected money launderers aware that they are under investigation, or prejudicing the outcome of an investigation.
Failure to disclose knowledge or suspicion of may include:
Failure by an individual in the regulated sector to inform the Financial Intelligence Unit FIU or the firm’s Reporting Officer MLRO , as soon as practicable, of knowledge or suspicion that another person is engaged in , or
Failure by MLROs in the regulated sector to make the required report to the FIU as soon as practicable if an internal report leads them to know or suspect that a person is engaged in .
Criminal property and criminal conduct
Criminal property is property that has arisen from criminal conduct.
Property acquired by theft
The proceeds of tax evasion
Bribery or corruption
Saved costs arising from a criminal failure to comply with a regulatory requirement.
Consider the following scenarios.
Whilst preparing or auditing accounts you realise that a client has incorrectly reclaimed value added tax or other national recoverable taxes on the purchase of a motor car. You point this out to the client and propose an adjustment to the financial statements to provide for the additional tax that is due. You also advise the client that they must rectify this with the tax authorities. However, the client tells you that they have just had an inspection by the tax authorities that did not reveal the error and they do not wish to do anything further.
An auditor knowingly receives payment for one invoice twice i.e. payment has been duplicated . The sole director has told the accounts department to ignore negative balances when they issue statements of account to customers hoping that they fail to notice.
Errors and mistakes of the type illustrated above may not constitute criminal conduct, provided they are corrected. However, in both cases there appears to be an intention to gain a permanent benefit from another’s mistake or to avoid a legal liability. As such, each of these cases would result in the accountant knowing or suspecting that a client is involved in .
Anti- program: basic elements
The main legislation and requirements below relate to the regulatory regime as it stands in the UK. The principles, however, are appropriate on an international basis.
Regulations impose certain obligations on financial services businesses, which are designed to assist in detecting and preventing the financial services organisations being used for purposes.
At a minimum, an anti- program should incorporate:
and terrorist financing risk assessment.
Implementation of systems, policies, controls and procedures that effectively manage the risk that the firm is exposed to in relation to activities and ensure compliance with the legislation.
Compliance with customer due diligence, enhanced due diligence and simplified due diligence requirements.
Enhanced record keeping and data protection systems, policies and procedures.
In the UK, for example, these measures are covered by the Regulations 0 7 MLR 0 7 with reporting to the National Crime Agency NCA .
and terrorist financing risk assessment
A written risk assessment must be carried out to identify and assess the risk of . The risk assessment must take into account information provided by the Supervisory Authority on risk factors in the sector. The following risk factors must also be taken into account:
The firm’s customers
The countries or geographic where the firm operates
The firm’s products or services
The firm’s transactions, and The firm’s delivery channels.
The risk assessment should be used to:
Develop policies, procedures and controls to mitigate the risk of .
Apply a risk based approach to detecting and preventing .
The firm must establish and maintain written policies, controls and procedures to effectively manage and mitigate the and terrorist financing risks identified in the risk assessment. These must be proportionate to the size and nature of the business, approved by senior management, regularly reviewed and updated and communicated internally within the firm.
Officer responsible for compliance
Firms must appoint a Compliance Principal MLCP and this person must be on the board of directors or a member of senior management. Sole practitioners with no employees are exempt from this requirement.
Firms must also appoint a nominated officer, Reporting Officer MLRO , to receive internal suspicious activity reports and assess whether a suspicious activity report should be made to the appropriate regulatory body. The MLRO and MLCP may be the same person if the MLRO is sufficiently senior.
Firms must assess the skills, knowledge, conduct and integrity of employees involved in identification, preventing or detecting .
Staff training must be provided on an ongoing basis in how to recognise and handle transactions and activities which may be related to .
Independent audit function
Firms must establish an independent audit function to assess the adequacy and effectiveness of the firm’s anti- controls and procedures. Sole practitioners with no employees are exempt from this requirement.
Customer due diligence
Accountants are required to establish that new clients are who they claim to be by obtaining satisfactory evidence of identity from the client. This is often referred to as ‘customer due diligence’ or ‘know your customer’ procedures.
Customer due diligence is an essential part of the anti- requirements. It ensures that accountants:
know who their clients are, and
do not unknowingly accept clients which are too high risk.
Customer due diligence must be performed as soon as is reasonably practicable after contact is first made between the two parties. Where satisfactory evidence of identity is not obtained by the accountant, the business relationship or one-off transaction must not proceed any further.
Basic identification procedures include:
For individuals including key management personnel where the client is an entity : inspection of evidence to establish the full name and permanent address of the client, e.g.
– Driving licence
– Recent utility bill to confirm the address.
For businesses: inspection of evidence to verify company name, company number, address of registered office, e.g.
– Certificate of incorporation
– Lists of registered members and directors
– Certificate of registered address.
For trusts: inspection of evidence to establish and confirm:
– Nature and purpose of the trust
– Original source of funding
– Identities of the trustees, controllers and beneficiaries.
It may be helpful for the auditor to explain to the client the reason for requiring evidence of identity and this can be achieved by including this matter in the engagement letter.
Enhanced due diligence
For higher risk clients, enhanced due diligence must be carried out. Enhanced due diligence procedures include examining the background and purpose of the transaction and increased monitoring of the business relationship.
Simplified due diligence
For clients presenting a lower risk of , simplified due diligence may be carried out.
Enhanced record keeping
It is very important that accountants keep comprehensive records to show that they have complied with regulations, and protect themselves if there is an investigation into one of their clients.
Records must be kept of:
All customer due diligence completed, including copies of the evidence inspected.
Transactions with each client.
Internal and external /suspicious activity reports.
Records must be held for five years after a relationship with a client has ended or the date a transaction is completed.
It is a criminal offence not to report knowledge or suspicion of . regulations require that:
A person in the organisation is nominated to receive disclosures usually an MLRO .
Anyone in the organisation, to whom information comes in the course of the relevant business as a result of which he suspects that a person is engaged in , must disclose it to the MLRO.
Where a disclosure is made to the MLRO, they must consider it in the light of any relevant information which is available to the organisation and determine whether it gives rise to suspicion.
Where the MLRO does so determine, the information must be disclosed to a regulatory body authorised for the purposes of these regulations the FIU , such as the NCA in the UK.
The MLRO completes a standard form that identifies:
– Suspect’s name, address, date of birth and nationality
– Any identification or references seen
– Nature of the activities giving rise to suspicion
– Any other information that may be relevant.
Note that in the UK the obligation to report does not depend on the amount involved or the seriousness of the offence. There are no de minimis concessions.
Potentially suspicious transactions
There is no formal definition of suspicious. A suspicious transaction will often be inconsistent with the client’s known or usual legitimate activities. Examples include:
Unusually large cash deposits.
Frequent exchanges of cash into other currencies.
Overseas business arrangements with no clear business purpose.
3 The need for ethical guidance on
ACCA provides guidance in its Code of Ethics and Conduct in the area of .
This is needed because there is a clear conflict between:
- the accountant’s professional duty of confidentiality in relation to his client’s business, and
- the duty to report suspicions of to the appropriate authorities is required by law.
Professional accountants are not in breach of their professional duty of confidentiality if they report in good faith their knowledge or suspicions of to the appropriate authority.
Disclosure in bad faith or without reasonable grounds would possibly lead to the accountant being sued.
It may be helpful to inform clients of the auditor’s responsibilities to report knowledge or suspicion that a offence has been committed and the restrictions created by the ‘tipping off’ rules on the auditor’s ability to discuss such matters with their clients.
Example engagement letter clauses
‘In accordance with the Proceeds of Crime Act 00 and Regulations 0 7 you agree to waive your right to confidentiality to the extent of any report made, document provided or information disclosed to the National Crime Agency NCA .
You also acknowledge that we are required to report directly to the NCA without prior reference to you or your representatives if during the course of undertaking any assignment the person undertaking the role of Reporting Officer becomes suspicious of .
As a specific requirement of the Regulations we may require you to produce evidence of identity of the company and its owners and managers. This will include for the business, proof of registration and address, and for the individuals, proof of identity and address. Copies of such records will be maintained by us for a period of at least five years after we cease to act for the business.’
Note: The above clauses include references to the relevant legislation and regulatory bodies in the United Kingdom. The references would be amended for the specific jurisdiction s .
Financial Action Task Force
International efforts to combat
The Financial Action Task Force FATF is an international body that promotes policies globally to combat and terrorist financing. FATF issued recommendations to combat .
The recommendations included:
International cooperation including extradition of suspects.
Implement relevant international conventions on .
Criminalise and enable authorities to confiscate the proceeds of .
Implement customer due diligence, record keeping and suspicious transaction reporting requirements for financial institutions and designated non-financial businesses and professions.
Establish a financial intelligence unit to receive suspicious transaction reports.
As an example, the UK Financial Intelligence Unit is run by the National Crime Agency NCA .The NCA became operational in October 0 3 and replaced the Serious Organised Crime Agency SOCA .
FATF focuses on three principal areas:
Setting standards aimed at combating and terrorist financing.
Evaluating the degree to which countries have implemented measures that meet those standards.
Identifying and studying and terrorist financing techniques.
The ACCA has issued Technical Fact Sheet 45 ‘Anti- Guidance for the accountancy sector which is available from the ACCA website.