In the middle of May 2012, after four and a half years and a trial, numerous hearings and an appeal, the case of Shah vs HSBC finally came to an end. Money Laundering Reporting Officers (MLROs) had followed it avidly because it was not a money-laundering case but an anti-money-laundering case. In short, HSBC made a suspicious activity report about their client, Mr Shah, to the Serious Organised Crime Agency – as required under the UK’s anti-money-laundering (AML) regime – and Mr Shah contested that report, saying that it should never have been made.
For MLROs, the case was invaluable in that it laid bare all the elements of the UK’s money-laundering reporting system, and tested them in court. What sort of suspicion is strong enough to warrant a report? What information should appear in a suspicious activity report? Are reporting individuals allowed to remain anonymous? And just what is a reporting institution allowed to say to its client?
Pronouncements were made on all of these points, but the extract that sticks in the mind is this: “It is plain that the Proceeds of Crime Act has intervened in the contractual relationship between banker and customer in a way which may cause the customer prejudice. This has been recognised by the courts. However, the courts also recognise that it is a price parliament has deemed worth paying in the fight against money laundering.”
The price worth paying
The UK’s AML regime is laid out in two main pieces of legislation: the Proceeds of Crime Act 2002 (PoCA) and the Money Laundering Regulations 2007. PoCA contains the individual money-laundering offences: concealing the proceeds of crime; entering into an arrangement to help someone else to conceal proceeds of crime; acquiring, possessing or using proceeds of crime; failing to disclose knowledge or suspicion of money laundering; and tipping off.
These five offences are echoed in almost every jurisdiction in the world, though some aspects of the UK regime are more rigorous than most, notably in that all crimes, not just serious ones, are covered and it includes lawyers and accountants.
Amount Habib Bank was fined for failing in its AML procedures
The value of pursuing criminals’ money -laundering activities rather than proving the underlying crime has been repeatedly demonstrated. Terry Adams, head of the Clerkenwell crime syndicate in London, evaded the police for years. They tried to secure convictions against him for many criminal activities – among them extortion, drug trafficking, bribery, serious assault and murder – but the fearsome reputation of Terry and his brothers Tommy and Patsy meant that few victims were willing to talk to the police, and none was prepared to give evidence in court.
In 2007 Terry was convicted of a specimen offence of money laundering. Unable to prove any legal provenance for his large fortune and fancy possessions, he was sent to prison for seven years. He is now also subject to a Financial Reporting Order, which requires him to report to the authorities every financial transaction he undertakes for 10 years.
The Money Laundering Regulations 2007 require those businesses covered – including auditors and external accountants – to put in place policies and procedures to “prevent the use of the financial system for the purpose of money laundering”, covering customer due diligence, record-keeping, internal reporting of suspicions of money laundering, and staff training.
Management at the most senior level – the board of directors, or the senior partners – are responsible for overseeing these policies and procedures and making sure that they are appropriate and proportionate to the money- laundering risks facing their business, while the MLRO is responsible for implementing them.
Senior staff may not generally recognise their oversight role, believing they can leave everything to do with AML to the MLRO. But, the Financial Services Authority’s recent finding against Habib Bank AG Zurich demonstrated that this is not the case. For protracted failures in its AML regime, particularly with regard to poor identification of high-risk clients and the unsatisfactory application of enhanced due diligence, the MLRO was fined £17,500 for failing to implement certain AML procedures – but the bank was fined £525,000 for “failure to take reasonable care to establish and maintain adequate AML systems and controls”. In short, the senior management of Habib Bank had failed to apply a risk-based approach when designing procedures that would mitigate the AML risks.
The risk-based approach
The risk-based approach is the opposite to the one-size-fits-all structure: in short, accountants must adjust the level of initial and ongoing due diligence that they apply to a client on the basis of the money-laundering risk they believe that client’s activity presents. That risk is assessed by looking at four elements: customer risk – some clients are inherently more complex and risky than others; product/service risk – money launderers favour products and services that offer anonymity or put distance between assets and owners; delivery channel risk – how dealings with the client take place, whether face-to-face or at a remove; and jurisdiction risk – some jurisdictions are known to have high levels of criminal activity or inadequate AML requirements.
Accountants must use these elements to decide the risk category for each of their clients, and then apply an appropriate level of due diligence. There are some exceptions to this assessment – politically exposed persons (PEPs), for instance, must always be considered high risk. And as the point of the exercise is to ensure that in-house AML procedures address current money-laundering risks, it is vital that procedures are regularly reviewed to make sure they are still appropriate and proportionate. Accountants should also perform regular reviews of clients to check their risk category along with the level and frequency of due diligence that follows.
The beauty of the system is that accountants’ familiarity with their clients’ activities can be used to adjust their risk ranking, so that time is spent on due diligence checks where they are most needed and will have most effect, rather than wasted in unnecessary checks on clients who appear to present a low risk.
In spite of every precaution, sometimes it can feel as though something is not right with a client
Information about jurisdictions is perhaps the simplest to obtain, as several agencies busy themselves in providing lists of high-risk jurisdictions. The world’s AML agency, the Financial Action Task Force (FATF), has a well-regarded list of “jurisdictions with inadequate AML regimes” that is updated about three times a year, and forms a backbone for an MLRO’s list of risky jurisdictions.
Leading anti-corruption body Transparency International (TI) publishes an annual Corruption Perceptions Index, ranking countries according to how corrupt they are perceived to be. TI also assembles a Bribe Payers’ Index once every three years, looking at the supply side of corruption. Other indices can also help inform your jurisdictional risk rankings, such as the second volume of the annual International Narcotics Control Strategy Report published by the US Department of State (state.gov), which lists countries of money-laundering concern. The new Basel AML Index on the same website has a free public version and a more detailed one for subscribers.
The FATF has published helpful guidance specifically for the accountancy sector on designing, implementing and reviewing a risk-based approach. This guidance highlights those functions performed by accountants “that are the most useful to the potential launderer”:
• giving financial and tax advice – seeking such advice is a common cover for money launderers who are really seeking to conceal the source of funds;
• creation of corporate vehicles or other legal arrangements – such as trusts – which can disguise the link between a criminal and his proceeds of crime;
• buying or selling property – to provide a cover story for money movements, or as a convenient final investment for criminal proceeds;
• performing financial transactions on behalf of a client: and
• providing introductions to financial institutions.
Of course, all of these are valuable services provided every day by accountants to their honest clients; the only way to avoid providing them to criminals is to take precautions against acquiring active criminals as clients. And the key here is to ensure that staff are aware of and apply your AML procedures, particularly where due diligence and record-keeping are concerned.
The FATF is a rich source of examples of how accountancy services have been used by criminals to launder money. In recent years, it has produced detailed documents – including case studies from member countries, among them the UK – on laundering through trust and company service providers, securities and real estate. The detailed case studies demonstrate the deviousness and imagination of criminals, and are useful for staff training.
The best defence
Although the regulations require procedures that cover four areas, the most vital of these is staff training. The other three areas are worth nothing if staff don’t know about them, or how to implement them. The aim should be to create an AML training programme that sensitises staff to money-laundering issues – without terrifying or overwhelming them or inducing paranoia – and tells them about the company’s procedures for customer due diligence, record-keeping and internal reporting.
The regulations require accountants to train relevant staff, and it is perfectly acceptable – indeed it is expected – that training is varied according to the staff roles, with more detailed training given to client-facing staff and a less detailed overview to back-office staff. Regular refresher training is expected, not just to revise key points, but also to develop staff understanding of AML issues and growing areas of criminal activity, and to give them the opportunity to raise questions and concerns.
Guidance from the Consultancy Committee of Accountancy Bodies (CCAB) makes it clear that specific tailored training should be given to MLROs and senior management. Accountancy firms need to be able to show that their AML training has been effective, and to keep careful records of all training activities.
If staff fail to make an internal suspicion report when there are grounds to do so, they commit the non-reporting offence under PoCA – unless they can demonstrate non-existent or inadequate training. If the firm has given them inadequate training, it has committed an offence under the AML regulations.
Do the right thing
In spite of every precaution, sometimes it can feel as though something is not quite right with a client or a transaction. A client may have asked their accountant to do something that is unusual, abnormal or unexpected for them, without ample explanation. In these circumstances, the path is clear: the suspicions must be reported to the MLRO. In turn, the MLRO must evaluate the report and, where appropriate, make a disclosure to the Serious Organised Crime Agency.
The findings of Shah vs HSBC confirm those of an earlier case that a suspicion need not be “clear or firmly grounded” nor “based on reasonable grounds”, simply that it must be “more than fanciful”. In other words, it does not have to be a strong suspicion – but must be reported nevertheless. The uncomfortable four days spent in the witness box by HSBC’s MLRO Michael Wigley shows it is crucial that full and detailed contemporaneous records are kept of all suspicions and the decisions that surround them.
Sometimes a suspicion may arise that a client has been an innocent party in money-laundering activities by a third party, or that they are the victim of a money-laundering scheme or remunerative crime. All money-laundering suspicions need to be reported wherever there is information that could be used to identify the money launderer, or the whereabouts of the proceeds of the crime.
It can also happen that accountancy staff are concerned not about their clients but about their colleagues. They may fear that AML procedures are not being followed, or even designed properly, or they may think that reports of suspicion are not taken seriously. To allow for these kind of concerns to be expressed, along with others that relate to any area of compliance, firms should provide a whistle-blowing route – whether an in-house hotline, one provided by a commercial organisation or, for FSA- regulated firms, by a supervisory body. Detailed guidance on offering a whistle- blowing path, and making sure that it complies with the terms of related egislation such as the Public Interest Disclosure Act 1998, has been published by ICAEW. However, reports of suspected money laundering should be made to the MLRO, not via a whistle-blowing hotline.
The UK’s AML regime is strong and comprehensive, placing obligations both on individuals and businesses. But there is plenty of detailed and practical guidance available for accountants who, in their role as gatekeepers and facilitators, are in an excellent position to guard the financial and its related sectors from infiltration by criminal money. As HHJ Supperstone said to HSBC and Mr Shah, “This is a price worth paying.”
ICAEW says: acting on suspicion
Publicly available examples of draconian enforcement action relate mostly to actual or potential money laundering by banks. That is not a reason for complacency in accounting firms. Accountants act for most businesses in the UK, and see different aspects of the business than those seen by bank staff. The intelligence supplied in suspicion reports made by accountants can therefore be uniquely valuable in detecting and prosecuting criminals and preventing organised crime and terrorism. If an accountant failed to provide that intelligence this would not just be a failure of professional ethics and integrity – it could also lead to professional and even criminal action against the accountant.
The financial action task force (FATF)
FATF has introduced reforms to its global anti-money laundering standards (known as the 40 Recommendations, but which are taken more seriously than many more impressively named requirements). The EU is considering an update to the Money Laundering Directive, to implement the FATF changes and improve the operation of the AML system throughout Europe. Changes will need to be made to UK legislation, to ensure it complies with international requirements, but these are unlikely to have a significant effect on what accountancy practices in the UK need to do. The reforms are more an indication that other countries wish to introduce something similar to the UK standards
Susan Grossey provides AML training and advice, and is the author of many articles and books on the subject, including Anti-Money Laundering: A Guide for the Non-Executive Director (UK Edition). See thinkingaboutcrime.com