AML/CFT: Compliance Costs, Non-Compliance Costs More
Last week saw the first penalties ordered against a reporting entity for breaching the Anti-Money Laundering and Countering the Financing of Terrorism Act. The Act, although passed in 2009, only took effect in 2013 and this is the first court imposed sanction under the legislation.
Ping An Finance (Group) New Zealand Company Limited, a money remittance and foreign currency services provider, was fined a total of $5.29 million for what the Court termed a “calculated disregard” of its obligations under the Act. In addition, the company and its sole director, Xiaolan Xiao, were banned from carrying out any financial activities until further order of the Court.
In finding Ping An guilty of “serious, systemic deficiencies in complying with a multiplicity of obligations under the Act” it is important to note that, as with most of the significant international penalties that have been imposed in countries with AML regimes, there was no finding that the behaviour had actually facilitated laundering.
The civil liability acts in respect of which the reporting entity was found liable related to:
· Failure to carry out customer due diligence and verification
· Failure to adequately monitor accounts and transactions
· Entering into or continuing a business relationship with persons who didn’t produce or provide satisfactory evidence of their identity
· Failure to report suspicion transaction reports.
Over recent years, financial institutions have undoubtedly been stung by the seeming endless barrage of new regulation and the inevitable ensuing compliance cost. In respect of anti-money laundering legislation, the political drive to respond to a poor mutual evaluation from FATF saw a comprehensive overhaul of New Zealand’s regime, imposing significant monitoring and reporting obligations on financial institutions and casinos. As of August, those obligations have been extended to lawyers, accountants and real estate agents who have between 9 and 15 months to be fully compliant.
For even the smallest business captured by the legislative regime, the cost is substantial, both in terms of money and time. You must appoint a specialist compliance officer, undertake a full risk assessment of your business and record it in writing, and implement a compliance programme that sets out procedures and policies to manage the identified risks. You must conduct due diligence on customers (clients), people acting for your customers, and beneficial owners of your customers, including enhanced due diligence for those identified as higher risk. You must identify suspicious transactions (soon to be activities) and report them, file annual reports and ensure records are maintained.
In recent months I have rolled out these obligations in many rooms to many soon to be reporting entities. The sighs are often barely audible, although when prescribed transaction reporting is mentioned (mandatory reporting of international wire transfers over $1000 and domestic physical cash transactions of $10,000) the response is often more spontaneous.
Is it a sledge hammer to crack a walnut? Will it work to genuinely and effectively deter and detect money laundering and financing of terrorism? Has it proved effective with the current reporting entities?
I don’t know the answer to these questions – although there has most certainly been a significant increase in seizure of assets using the Criminal Proceeds (Recovery) Act 2009 which was also passed into law in 2009. Given this legislation does not require a conviction prior to seizure, it seems intuitive that the information gathered through the AML/CFT reporting regime, is partly responsible.
But in any event, effective or not, the regime is here to stay. And the decision last week should send a clear message to those new reporting entities who may still be somewhat indifferent, that there will be little tolerance to systemic contraventions of key regulatory requirements.
In fining Ping An $5.29 million out of a total potential penalty of $8 million, Justice Kit Toogood drew attention to the need to deter and denounce non-compliance, and highlighted the fact that the maximum penalties under the 2009 legislation are 20 times greater than the fines for the equivalent breaches under the predecessor legislation, reflecting Parliament’s intention to award significantly higher penalties. Notably His Honour recorded that his approach, absent guidance from appellate courts, was conservative, and that it was incumbent on courts to deal sternly with non-compliance, indicating even higher penalties are on the cards in the future.
Some businesses may be able to recover from the financial impact of such a level of fines, but it is questionable whether reputational recovery would ever be achieved, particularly where the party involved was a professional such as an accountancy or legal practice.
There are some other take homes from the judgment for both existing and new reporting entities as well.
· The Court refers to the regime as imposing “onerous” duties on reporting entities in an effort to detect and deter – so there is no underestimating the level of engagement that is expected.
· Record keeping, while always an obligation, has never warranted the same attention and focus as areas such as customer due diligence or reporting. However, in his judgment Justice Toogood describes the obligation to keep transaction records as a “cornerstone” of the regime, stating that without records the ability of the AML/CFT supervisors to detect money laundering and financing of terrorism is significantly impeded, while the lack of records also increases the considerable time and expense involved in enforcement, the cost of which is ultimately borne by the taxpayer. So, existing entities should revisit their record keeping processes and ensure they can readily access transaction details to respond to information requests, while new entities need to build robust record keeping and storage systems.
· The legislation requires suspicious transaction (activity) reports to be filed no later than three working days after a reporting entity has formed its suspicion. In its guidance material, the Financial Intelligence Unit has advised reporting entities that in practice, where account monitoring processes identify a transaction, the three-day requirement does not commence until a suspicion based on reasonable grounds is formed and that reasonable grounds may not exist until there has been time to consider the transaction in light of the surrounding circumstances. The guidelines go on to say that once the requisite suspicion is formed, the three-day requirement commences. Justice Toogood’s judgment has held that the guideline does not reflect the law. While acknowledging it may be correct that there are not reasonable grounds until an entity has had time to consider the transaction in light of the surrounding circumstances, His Honour emphasises that the obligation to report is to be judged by an objective test, so the three days is triggered when the reporting entity either becomes aware of the facts constituting the reasonable grounds for suspicion, or by reasonable diligence would have become aware of them. This refinement needs to be factored into any reporting processes and relevant staff training.
It is four years since the AML/CFT Act came into force. For much of that time, the supervisors have taken an educative and conservative enforcement approach, preferring to engage with reporting entities. Inevitably, that approach is not sustainable in the face of calculated disregard for compliance and the supervisors have signalled they will exercise their powers accordingly by commencing a number of proceedings in the last year.
But more significantly, the Court has indicated that it will not tolerate non-compliance and when faced with cases of repeated and on-going breaches, it will not hesitate to utilise the significant teeth of the legislation. For the Act’s newest reporting entities, if you haven’t got serious about your obligations yet, this really should be the final wake up alarm.