An adviser's guide to AML Compliance
The FMA has just released its second annual AML Monitoring Report detailing its 2016 monitoring activities and report card on the 800 Reporting Entities (REs) under its supervision. Good Returns asked Meredith Cornelius of Financial Strategies Nelson to comment on her reading of the report and what it all means for the smaller retail financial adviser and their practice.
Friday, December 16th 2016, 11:33AM
As a qualified AML auditor and AFA in her own small practice, Meredith provides an unique perspective on AML compliance for other advisers like herself advising a client base made up of New Zealand “mum and dad” retail clients saving for, or in, retirement.
As one of three supervisors, the FMA is charged with overseeing AML compliance for about 800 financial service providers. These range from the ‘big end of town’ to the smaller independent or product-aligned AFA providing financial advice and service on Category 1 products deemed Reporting Entities (REs). Considering my own compliance programme and activities as well as my experience auditing scores of programmes for other retail advisers like myself, there are 4 key takeaways from the FMA’s latest monitoring report.
1 - Staff Training:
Under section 57 of the Act certain staff must be trained on AML/CFT matters. The FMA is very clear that REs who do not carry out staff training are in breach of their obligations.
I am often asked about what constitutes a compliant training programme for the solo AFA who may have a single administrative staff member, or none at all. For those small businesses, AML compliance may be limited to simply conducting Standard or Enhanced CDD on typical New Zealand clients in practice (driven by the rules prescribed by wraps and product providers), so what more is there to learn?
Maybe not a lot more. Regardless, the FMA is clear that Section 57 of the Act applies to all REs regardless of company size and your activities and documentation must include evidence of sufficient and regular AML training for you and your staff.
What might sufficient and regular AML training then look like for the small practice?
- Ensure your written AML Compliance Programme document includes a section on your company’s policies, procedures and controls for ongoing AML training and for yourself and any staff (e.g., your PA or administrative staff). For example, if you leave CDD collection to your PA, you must plan for, conduct and conduct ongoing training for him or her in addition to your own periodic training.
- At a minimum, ensure that you and your staff plan for and set aside time each year to review together your AML Compliance Programme document. Add, delete and revise to ensure the document remains relevant and compliant, and update any policies, procedures and controls. Record the review session in your own and your staff’s AML Training Log.
- If you attend an adviser workshop or conference that includes AML sessions, make a point of debriefing the session with your staff after the event. Make sure you record the debrief session in your respective AML Training Logs.
- Schedule time to periodically visit the FMA’s website and read/review recent content on AML. For example, you and your staff can easily access and review the relatively short 2015 and 2016 AML Monitoring reports and record the activity as training in your respective logs.
- Ensure you have the most recent identity verification guideline documents (available on the FMA website) at hand in your office. Schedule occasional reviews of the document to keep straight the wonders of CDD – and record the reviews in your training logs.
AML training doesn’t have to be onerous nor involve expensive, but it is required. Use the FMA website as your ‘go to’ AML resource.
2 - Suspicious Transaction Reporting (STR):
This year’s FMA monitoring report states that ‘… we are particularly concerned about the continued low level of filing of suspicious transaction reports (STR) by REs …’
Given the types of clients typical of the small retail adviser business, ST’s are unlikely and I suspect this concern relates to the large transaction volumes at the ‘big end of town.’ Regardless, you need to ensure the topic of STR is covered in your written AML compliance programme document to achieve full AML compliance. Here are some simple steps to follow around STRs:
- Ensure your AML Compliance Programme document includes a section on your policies, procedures and controls around STR.
- Review for yourself and share with any staff the red flags that would constitute a ST (e.g., a client who refuses to provide requested CDD, a client who appears under stress for withdrawal of a large and unusual sum, etc.) – and record the review as training in your respective training logs.
- Have a Suspicious Transaction Report Log. Yes, it might be empty, but have one set up as this supports your commitment to taking seriously your role in identifying and reporting ML/FT risks.
- Ensure you and your staff are signed up for email alerts from the Financial Intelligence Unit of the NZ Police (FIU).
3 - Sufficient Due Diligence for High Risk Clients:
Again, given the types of retail clients that AFAs generally advise (‘mums and dads’ and/or their family trusts), it is unlikely that we face ‘high risk’ situations. Again, as an RE you still need to understand what defines a high risk client and include a section on your policies, procedures and controls when dealing with them. This could simply be a statement that ‘ … our policy is not to engage with any clients deemed ‘high risk’ …’
To be clear, a high risk client isn’t necessarily the same as a client requiring Enhanced CDD (e.g., a family trust). A high risk client is more likely one that is:
- vulnerable to corruption due to the nature of a foreign public position (or related to someone in a foreign public position), also known as a Politically Exposed Person (PEP). The Act requires identification of only foreign PEPs, not New Zealand PEPs (i.e., Teresa May is a PEP; your local MP likely not). If you have identified a client or prospective client as a PEP, take extra steps to assess for ML/FT risk based on circumstances, record your findings (including source of wealth and funds) and review the situation periodically.
- requires or requests an unusual business relationship (unusual defined here as distinct to your normal advisory service). Again, assess any such situation for ML/FT risk and record your findings in a file note.
Finally, if you are approached by someone requesting you engage with them in an ‘unusual’ manner that appears suspicious, even if you do not engage further with the person if you deem the request suspicious, document the request in your Suspicious Reporting Log and report to the Financial Intelligence Unit (FIU).
4 - Governance and Culture:
The FMA has identified the need for better corporate governance to set the right culture within the organisation for effective AML compliance. Ultimately improved corporate governance helps better identify ML/FT risks and that is good for the entire financial system. My view is that the FMA is speaking again to the ‘big end of town’ with larger corporates and their compliance programmes. But the observation remains relevant for the small retail financial adviser and their practice in the following ways:
- Regardless of size, an RE is an RE. As a ‘small’ RE, take seriously your AML obligations, convey the importance of compliance to your staff and periodically check that your policies, procedures and controls remain relevant and sufficient.
- Do not consider your own RE obligations satisfied just because you follow the AML requirements of another RE (i.e., a product provider or wrap service). They may have a different AML/CFT Supervisor and their own requirements. You, and only you, are responsible for your own RE obligations as per the Act and FMA expectations.
- Final thoughts: Whether you enjoy them or not, statutory AML obligations are here to stay. But compliance does not need to be onerous. Here are some quick high level takeouts for small adviser businesses from the FMA Monitoring Report:
- Ensure you have ongoing training set out in your policies. Follow through with face to face meetings on appropriate issues with staff. Log the training.
- Check systems are in place for suspicious transactions. Know how to report them. Keep an STR log even if it has no entries.
- Each year review your definition of a ‘high risk’ client. Include a written policy on dealing with any ‘high risk’ clients. Your policy can be as simple as a clear definition and statement that ‘ … our policy is not to engage with any clients deemed ‘high risk’ …’
- The FMA has a “conduct” focus. Part of this is ensuring that each adviser business has appropriate corporate governance structures to promote a compliance culture. For small adviser businesses this simply means having clear AML policies and walking the walk each year with some training and on-going compliance.
Meredith Cornelius is a practicing AFA and holder of the globally recognised CAMS designation – Certified Anti-Money Laundering Specialist. These two qualifications combine to position her as a uniquely qualified AML/CFT audit alternative.
« Trump: Uncertainty as well as hope | US Fed hike: When a tiny move matters » |
Special Offers
Comments from our readers
No comments yet
Sign In to add your comment
Printable version | Email to a friend |