The European Banking Authority, the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority have published guidelines regarding the factors that credit and financial institutions should consider when assessing the money-laundering risk associated with business relationships or occasional transactions.

In addition, they set out the ways in which institutions can adjust the extent of their "know your customer" measures to mitigate the money-laundering and terrorist-financing risks they have identified.

The EU expects national regulators to use these Guidelines when assessing whether the ML/TF risk assessment and management systems and controls of EU credit and financial institutions are adequate. Although the three Euro-authorities have referred to these rules as 'final,' they intend to keep them under review and update them. Indeed, they are already envisaging reforms to these rules, which therefore appear to be far from final.

The guidelines receive their legal force from Articles 17 and 18(4) of the EU's fourth money-laundering directive, whose main job it is (alongside the propagation of a risk-based approach to compliance outside the UK, which has been taking it for a decade) to centralise regulation in the EU under one regime.

Sectoral guidelines for wealth management

The EU takes many of the features typically associated with wealth management, such as wealthy and influential clients, very high-value transactions and portfolios, complex products and services, tailored investment products and an expectation of confidentiality and discretion to be indicative of a higher risk for money laundering relative to the risks typically present in “retail banking” which, unlike the UK’s Financial Services Authority, it thinks of as separate from wealth management. It is very concerned about wealthy clients who wish to evade tax in their home jurisdictions.

Risk factors

On the subject of product, service and transaction risk factors, the EU believes that the following factors may contribute to increasing risk:

• customers who ask for large amounts of cash or other physical stores of value such as precious metals;
• very valuable transactions;
• financial arrangements involving jurisdictions associated with higher ML/TF risk (firms should pay particular attention to countries that have a culture of banking secrecy or that do not comply with international tax transparency standards);
• lending (including mortgages) secured against the value of assets in other jurisdictions, particularly countries where it is difficult to ascertain whether the customer has legitimate title to the collateral, or where the identities of parties guaranteeing the loan are hard to verify;
• the use of complex business structures such as trusts and private investment vehicles, particularly where the identities of the ultimate beneficial owners may be unclear;
• business taking place across multiple countries, particularly where it involves multiple providers of financial services;
• cross-border arrangements where assets are deposited or managed in another financial institution, either of the same financial group or outside of the group, particularly if the other financial institution is based in a jurisdiction associated with a high(er) money-laundering risk.

Firms should pay particular attention to “jurisdictions with higher levels of predicate offences” (an ambiguous phrase that the EU does not define, but which might refer to jurisdictions where non-financial crimes are more prevalent than elsewhere) or a weak AML/CFT regime or weak ‘tax transparency’ standards.

Risk factors to do with customers

The following types of customer may be more likely to launder money than others.

• Customers with income and/or wealth from high-risk sectors such as arms, the extractive industries, construction, gambling or private military contractors.
• Customers about whom credible allegations of wrongdoing have been made.
• Customers who expect unusually high levels of confidentiality or discretion.
• Customers whose spending or transactional behaviour makes it difficult to establish ‘normal’ or expected patterns of behaviour.
• Very wealthy and influential clients, including customers with a high public profile, non-resident customers and ‘politically exposed persons’ or PEPs. If a customer or its beneficial owner is a PEP, firms must always apply ‘extra due diligence’ or EDD.
• A customer who asks the firm to help him acquire a product or service by a third party without a clear business or economic rationale.

National or geographical risk factors

In the eyes of the EU, there might be a high ‘risk of money laundering’ when a financial institution conducts business in countries that have a culture of banking secrecy or do not comply with international tax transparency standards, or when the customer in question lives in, or their funds are derived from activity in, a jurisdiction associated with higher ML/TF risk. In the US State Department’s International Narcotics Control Strategy Report, the United Kingdom is listed as one of the world’s “countries of primary money-laundering concern.”

Measure by measure

The staff member who manages a wealth management firm’s relationship with a customer (the relationship manager) should, the EU believes, play a ‘key role’ in assessing risk. His close contact with the customer ought to facilitate the collection of information that allows a fuller picture of the purpose and nature of the customer’s business to be formed (e.g. an understanding of the client’s source of wealth, why complex or unusual arrangements may nonetheless be genuine and legitimate, or why extra security may be appropriate). The EU is not blind to the fact that such close contact may also lead to conflicts of interest if the relationship manager becomes too close to the customer. This is where the compliance department and senior managers come in.

Enhanced customer due diligence

This is a rare moment at which a public body has stated that ‘ECDD’ and ‘EDD’ are one and the same thing. The ECB/EIOPA/EBA paper also states that ‘simplilfied due diligence’ (SDD, one and the same as SCDD) is never to be used in private banking and wealth management generally because of the high risk of money laundering that the whole sector poses. The Euro-regulators believe that firms ought to take the following ‘extra duly diligent’ or EDD steps in highly risky situations.

• Obtaining and verifying more information about clients than in standard risk situations and reviewing and updating this information both on a regular basis and when prompted by material changes to a client’s profile.
• Establishing the source of wealth and funds, by reference to the following things: (i) an original or certified copy of a recent pay slip; (ii) written confirmation of annual salary signed by an employer; (iii) an original or certified copy of contract of sale of, for example, investments or a company; (iv) written confirmation of sale signed by an advocate or solicitor; (v) an original or certified copy of a will or grant of probate; (vi) written confirmation of inheritance signed by an advocate, solicitor, trustee or executor; (vii) an internet search of a company registry to confirm the sale of a company.
• Establishing the destination of the funds.
• Scrutinising business relationships more closely than would be typical in mainstream financial service provision, such as in retail banking or investment management.
• Carrying out an independent internal review.
• Monitoring transactions continually, in some cases reviewing each transaction as it occurs, to detect unusual or suspicious activity. The EU is especially suspicious of: (i) transfers (of cash, investments or other assets); (ii) the use of wire transfers; (iii) significant changes in activity; (iv) transactions involving jurisdictions associated with higher money-laundering risks.

Monitoring measures may include the use of thresholds, and an appropriate review process by which unusual behaviours are promptly reviewed by relationship management staff or (at certain thresholds) the compliance functions or senior management.

• Monitoring public reports or other sources of intelligence to identify information that relates to clients or to their known associates, businesses to which they are connected, potential corporate acquisition targets or third-party beneficiaries to whom the client makes payments.
• Ensuring that cash or other physical stores of value (e.g. travellers’ cheques) are handled only at bank counters, and never by relationship managers.
• Looking at the client’s use of complex business structures such as trusts and private investment vehicles to see whether he is using them for legitimate and/or genuine purposes.
• Finding out the identities of the ultimate beneficial owners of these structures.

During the EU's consultative process several respondents suggested that it was unreasonable for wealth managers to visit the clients’ locations in highly risky cases. The EU super-regulators airily replied that the guidelines do not prescribe EDD measures but merely set out the alternatives.