Contribution - Alfi

Adopting an AML risk-based approach


Marco Zwick, director de la CSSF. (Photo: CSSF)

The concept of a risk-based approach determines the basis for the industry to apply effective risk-sensitive measures and allocate their resources in an efficient way. Whilst offering flexibility, it also renders all entities responsible for deploying the means which are necessary to mitigate the money laundering and terrorist financing risks they are exposed to.

The Financial Action Task Force (FATF), as an intergovernmental body, issued its initial set of recommendations in 1990. They have been reviewed and updated four times in order to reflect its extended mandate from anti-money laundering to include ­ counter-terrorist financing and the fight against proliferation financing, as well as to consider threats emerging from new actors, businesses and technologies. These recommendations represent the foundation of our national laws and regulations.

Setting the basis

Recommendation 1, released in 2012 as probably the most material novation of the last FATF update, stresses the importance for countries to “identify, assess, and understand the money laundering and terrorist financing risks for the country, and (…) apply resources, aimed at ensuring the risks are mitigated effectively”.

It sets the basis for the other 39 recommendations in that it requires a detailed review of threats and vulnerabilities, which Luxembourg has done via its National Risk Assessment and will continue to detail further via specific sectoral risk assessments.

It also focuses on the obligation for countries and financial institutions, as well as designated non-financial businesses and professions, to implement measures that effectively mitigate money laundering and terrorist financing risks. Hence there has been a shift from pure technical legal and regulatory compliance to the demonstration of the effectiveness of measures put in place.

Sector-specific guidance documents

In addition, FATF has issued a number of sector-­ specific guidance documents to the industry and to supervisors. Notably, the Guidance for a risk-based approach in the securities sector, released in October 2018, includes investment funds in its non-exhaustive definition of “securities” and recognises the variety and complexity of securities transactions. It outlines key characteristics of the securities sector, as well as the role of securities providers and, in particular, intermediaries in securities’ transactions.

The guidance is particularly relevant for the investment fund industry by describing the typical cross-border correspondent relationship in the securities sector as a “relationship between the securities provider (correspondent) with an intermediary (respondent), which is regulated and supervised by a supervisory authority”. The correspondent generally does not have direct relationships with the customers of the respondent and, as such, there is no direct expectation or requirement for the correspondent to apply customer due diligence on a respondent’s customer (“KYCC”), which is instead the responsibility of the respondent. This approach is not synonymous with reliance. The guidance stresses the need to assess the risk of the underlying client base and to perform risk-based due diligence at the level of the intermediary, as shareholder in the fund register, as well as on its beneficial owners. It also emphasises the importance to conduct an enhanced due diligence on the correspondent relationship with the intermediary.

Fund managers requirements

Performing a risk-based approach to improve the effectiveness of the framework of supervised entities calls for a thorough understanding of the network of all involved delegates and securities providers. With that view, the CSSF circular 18/698 on the authorisation and organisation of investment fund managers outlines the need to perform enhanced due diligence on regulated distributors before opening omnibus or nominee accounts in their names.

Besides, the circular stresses the obligation for investment fund managers to implement due diligence measures on clients, initiators of UCIs, portfolio managers and on investment advisers. This is a good example where regulations and guidance have been adapted to strengthen operational distribution models relied upon by the industry without the requirements of the standards being questioned. In addition to the distribution side, the circular requires investment fund managers to apply due diligence measures on the assets of the fund they manage.

More news on the fund industry in  Paperjam’s Alfi  supplement.