Hong Kong encourages data use for AML effectiveness; Germany issues guidance on high-risk countries; Canada to create a Beneficial Ownership (BO) registry.
We share our financial crime regulatory highlights from the week of April 26, 2021.
Hong Kong Regulator Promotes Data-Driven AML
On April 26, the Hong Kong Monetary Authority (HKMA), the jurisdiction’s main financial services regulator, published new guidance for obligated financial institutions, supporting the use of external data in Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) platforms. It states that such institutions “should support the integration of information and data from external sources as a means to enhance the targeting and mitigation of specific ML/TF risks.”
The guidance is the outcome of a review of financial crime risks undertaken during the pandemic and follows extensive consultation with stakeholders in the public and private sectors. The thematic review investigated how financial institutions handle financial crime risk data throughout their AML/CFT and fraud processes, and how that data contributes to the effective completion of key compliance and risk management tasks.
The data reviewed covered a range of streams, including information from Hong Kong’s public-private partnership, the Fraud and Money Laundering Intelligence Taskforce (FMLIT), and wider public and internal financial institutional data sources. The review found that the combination of targeted threat information, additional contextual intelligence, and the use of Regulatory Technology (RegTech), enhanced institutions’ capabilities in detecting higher-risk relationships, suspicious transactions, and networks of mule accounts. A further downstream consequence was improved quality in Suspicious Transaction Reporting (STR) filed with Hong Kong’s Joint Financial Intelligence Unit (JFIU).
The HKMA review identifies a number of key ‘success factors’ in the effective use of data, comprising sustained senior management support, the adoption of appropriate RegTech tools, the development of data awareness and training within financial institutions, as well as collaboration and joint-working between relevant teams with compliance and risk management functions.
The guidance also notes a number of other important enabling factors, such as good data quality and technical skills, which were previously discussed in its report AML/CFT Regtech: Case Studies and Insights, published in January 2021 (see our Regulatory Highlights, January 28, 2021). This previous report found that the introduction of RegTech solutions could have an impact on both effectiveness and efficiency, with one case study involving the use of machine learning in screening processes reducing the need for manual reviews by 35%.
The guidance further indicates that financial institutions need to take a Risk-Based Approach (RBA) to the implementation of data-driven AML/CFT, ensuring that the solutions they choose are aligned to key the size, scale, and nature of the business. However, although the use of external data with relatively simple tools such as spreadsheets can bring some improvements to AML/CFT effectiveness, the application of more innovative RegTech tools was found to bring the greatest improvements.
In line with HKMA’s previous findings, therefore, this latest guidance reinforces the message that the use of high-quality risk data and RegTech solutions can help financial institutions deliver on their AML/CFT obligations, and provide a greater contribution in the fight against financial crime. Although the cost implications for the industry are not covered by the report, market experience also suggests that the exploitation of data-driven technologies can also help firms achieve these outcomes with greater efficiency than manual or even pre-existing legacy systems.
German Regulator Issues New Guidance on High-Risk Countries
On April 22, Germany’s Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, commonly described as ‘BaFin’), issued refreshed guidance on the list of ‘high risk’ third countries – jurisdictions assessed to present potential AML/CFT and weapons proliferation threats to the integrity of the international financial system – and to German businesses which have dealings in those countries.
The update reflects the recent refresh of high-risk country lists by the Financial Action Task Force (FATF), the international standard setter on AML/CFT, in February 2021. FATF maintains two lists – one for countries where there is a ‘Call to Action’ to remedial improvements (often known as the ‘black list’), and another for where there are ‘strategic deficiencies’ in national laws and regulations that require sustained reform programs (the ‘grey list.’)
The BaFin update also takes into account the amendment of the European Union (EU)’s own list of high-risk countries in December 2020, created originally under the EU’s 4th Anti-Money Laundering Directive (4AMLD). Although the methodology that shapes the list is based largely on FATF designations, it also provides the EU with the flexibility to vary the selection of jurisdictions based on the specific concerns of member states.
As a consequence, both the FATF and EU lists provided in the BaFin update now identify an overlapping core group of 17 high-risk countries: North Korea, Iran, Afghanistan, Bahamas, Botswana, Ghana, Jamaica, Yemen, Cambodia, Mauritius, Myanmar, Nicaragua, Pakistan, Panama, Zimbabwe, Syria, and Uganda. Seven further jurisdictions are on the FATF list alone – Albania, Trinidad and Tobago, Vanuatu, Burkina Faso, Cayman Islands, Morocco and Senegal – and a further two – Barbados, Iraq – solely on the EU’s list. It is possible that further refreshes in 2021 will bring the list into even closer alignment, but at present, German entities are obliged to count countries on either list as ‘high risk’, meaning that together, the consolidated FATF and EU lists now cover 26 countries.
Overall, the names on the FATF and EU lists have remained relatively stable over recent years, but this is partly the result of the COVID-19 pandemic, which has meant that FATF, and FATF-Style Regional Bodies (FSRBs) such as Europe’s MONEYVAL, have been unable to conduct in-country mutual evaluations. Once the execution of such visits begins to accelerate over the coming years, more potential for change is possible, and firms will need to maintain a close eye on developments.
As the BaFin notice outlines, it is vital for AML/CFT obligated firms which are regulated under the country’s Anti-Money Laundering Act (AMLA, or in German, Geldwäschegesetz – GwG) to ensure that they risk managing their exposures to high-risk jurisdictions, especially those most heavily sanctioned countries of North Korea and Iran.
Firms need to make sure they conduct appropriate levels of Enhanced Due Diligence (EDD) to mitigate inherent financial crime risks for all clients and partners with links to countries on the lists. As we note in our recent report on robust AML/CFT frameworks for fintech in EMEA, it is vital that firms look at key issues such as beneficial owner when conducting EDD, but also ensure that the kinds of EDD measures used are robust and focused on the specific risks that the business faces.
It also means that businesses should ‘think beyond’ the core lists of high-risk countries provided by governments and international organizations, to ask whether some jurisdictions not on these lists could be ‘high risk’ for them in particular, depending on the type of products, channels, and customers involved. The concept of ‘high-risk’ can be fluid and complex and requires proper attention by firms to be fully assessed.
At the same time, it also means that firms need to be well-equipped, with the best sources of risk data, in order to make informed judgments. Although businesses can seek to collate and assess risk information themselves, it can be a costly and challenging process. As our recent report also notes, it can often be more efficient and effective to work with experienced partners to achieve the right risk outcomes. As the prospect of further changes to high-risk lists grows over the coming years, firms would be well-advised to consider how they source that data sooner rather than later.
Canadian Government Plans New Registry
On April 19, the Canadian federal government released its 2021 budget, which includes a plan to create a public registry of corporate Beneficial Ownership (BO). The project is expected to cost $2.1 million (Canadian), around $1.68 million (US), over the next two years.
The registry is expected to go ‘live’ in 2025 and is part of a package of wider measures introduced by the Canadian government to strengthen the country’s AML and CFT defenses. These include $4.6 million (Canadian) over four years to support the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), the country’s Financial Intelligence Unit (FIU), which is building its expertise in key sectors such as Virtual Assets (VAs). The budget will also tighten up taxation law to prevent the terrorist financial abuse of charities.
Although the Canadian Department of Finance has not provided any details on how the registry will work, media reports already show widespread support from civil society organizations such as Transparency Canada, Publish What You Pay Canada, and Canadians For Tax Fairness.
In a joint statement, the groups – known collectively as the End Snow-Washing Coalition – noted Canada’s “notorious reputation as a country where it is easy to hide dirty money and fund illegal activity from abroad, known as ‘snow-washing’’”. The coalition argues that Canada has amongst the weakest corporate transparency requirements of all G20 countries, and suggests that anywhere from $46 to over $100 billion (Canadian), equivalent to around $37 to $80 billion (US), is laundered through the Canadian economy annually.
Specific examples of how this has occurred through the gambling industry, and investments in the high-end property market by anonymous shell companies, have been revealed in the ongoing inquiry into money laundering in the province of British Columbia (B.C.), known as the ‘Cullen Commission’, which is due to report in full later this year. The flow of dirty money into the Canadian real estate market is estimated to have inflated the cost of housing by up to five percent, according to the Coalition.
In light of the role anonymous shell companies have potentially played in facilitating the flow of illicit funds into the Canadian economy, the Coalition argues that a public registry of who stands behind these firms will be one of the best ways to deter them. “There is growing international evidence that public registries are powerful tools to fight dirty money and this announcement is monumental for Canada,” said Sasha Caldera, Beneficial Ownership Campaign Manager at Publish What You Pay Canada.
Toby Sanger, Director of Canadians for Tax Fairness, also argued that registry would have an enormous impact on the scale and effects of tax evasion in Canada. “Tax dodging and money laundering cost the Canadian economy billions annually,” he said, and “a beneficial ownership registry will help…recover significant tax revenues, and ensure…[that]…companies who play by the rules and pay their share are not unfairly disadvantaged.”
The Canadian move follows in the wake of the recent US decision to create its own BO registry (see our recent guide to the US Anti-Money Laundering Act), and the ongoing development of national BO registries in EU member states, following the requirements of 4 and 5AMLD. As the Coalition notes, the development of Canada’s own registry provides further evidence of the international community taking the issue of transparency increasingly seriously.
However, an experience beyond Canada suggests that the path to full transparency does not necessarily run smoothly – the US registry will not be publicly available, and even where such registries are intended to be so, as in EU jurisdictions, there can be barriers to access that limit their usefulness to individuals and businesses (see our recent EMEA blog post). Without further details about how the Canadian registry will work, therefore, businesses need to remain cautious about how much transparency the registry will deliver in practice.
Although a step forward, therefore, even with the implementation of the registry, firms operating in Canada will need to continue accessing high-quality corporate data and risk information to meet their AML/CFT obligations effectively. To do so, it will make sense for them to consider how to partner with others with specialist expertise in this area, who can help them best deliver on the requirement.