AML/CFT Compliance Culture as a Strategic Tool in the Fight Against ML/TF

Money laundering (ML) is the legitimisation of ill-gotten gains. Terrorism financing (TF) is the act of providing financial assistance to those persons who undertake terrorist activities. The UAE government strives to regulate those entities that are vulnerable to being used as a conduit for ML and TF through its anti-money laundering / combating the financing of terrorism (AML/CFT) regulatory regime. This blog discusses the importance of establishing an AML/CFT compliance culture in businesses to counter the risks of ML and TF.

This blog also attempts to shed light on the meaning, components and importance of AML/CFT compliance culture. It also provides guidance on how to create a robust culture of AML/CFT compliance.

What is AML/CFT Compliance Culture?

An AML/CFT compliance culture is the shared beliefs, values and ethical standards regarding adherence to the duties and obligations under a country’s AML/CFT regulatory regime. Such culture flows throughout the entire organisational structure of the entity. It becomes inseparable from the entity’s identity and is reflected in the entity’s decisions, services, practices and conduct. It shapes the behaviour of each individual associated with the entity, from the board of directors to entry-level employees. An AML/CFT compliance culture helps the entity stay on the right side of the law. It increases the reputation of the entity and creates a positive brand image. Therefore, the importance of adopting an AML/CFT compliance culture is immense and should not be understated.

Components of AML/CFT Compliance Culture

An AML/CFT Compliance culture can be understood comprehensively through its various components. These components are discussed below.

Leadership and Management Commitment

The culture of an organisation flows from its leadership; in simple words, it sets the tone from the top. An entity’s AML/CFT compliance will not be effective unless the board of directors or top management lays a strong foundation for the AML/CFT compliance program. Low or inadequate support by the top brass would mean that the AML/CFT policy remains just a paper document and is not reflected in the entity’s culture. Employees’ motivation to promote the entity’s AML/CFT compliance culture depends on encouragement from the leadership.

The role played by the top management in promoting an AML/CFT compliance culture includes the following:

Overseeing the timely formulation and approving the Enterprise-Wide Risk Assessment (EWRA).
Ensuring assessment of the AML/CFT risks faced by the entity through a risk-based approach and approving the risk appetite of the entity based on its size, business and customer base.
Approving the AML/CFT Policies and Procedures.
Reporting on new ML/TF Red flags and Typologies.
Ensuring regular independent audits of AML/CFT Compliance Framework.

Ethical Standards and Values

An AML/CFT compliance culture is characterised by values and ethical standards such as integrity, accountability, transparency, trust and collaboration. Through these values, entities are able to embody the ‘spirit of the law’ rather than just adhering to its letter or simply having a tick-box box approach towards compliance. These standards help entities make ethical decisions when they encounter circumstances not provided for in AML/CFT laws and regulations.

AML/CFT Policies and Procedures

Compliance obligations include not only legally mandated requirements but also the entity’s own internal AML/CFT policies, procedures and controls. Robust internal policies help entities meet their AML/CFT regulatory requirements successfully without any lapses. Set policies and procedures also ensure that everyone involved in the compliance process is aware of their individual roles and responsibilities. This helps coordinate and speed up the resolution of any issues.

Training and Education

When employees are made knowledgeable about the meaning, mode of operation, and red flags of ML and TF, as well as their role in the organisation, they are able to detect and deter AML/TF threats effectively and promptly. Such awareness allows the staff to make informed decisions regarding corrective actions to be taken when they face an ML or TF threat. Thus, AML/CFT training and education are important components of a strong AML/CFT compliance culture.

Importance of AML/CFT Compliance Culture

After discussing the meaning and components of robust AML/CFT compliance culture, it’s time to move the discussion towards the question of why it is imperative for entities to build a strong AML compliance culture.

Enhancing Organizational Integrity

Rules and regulations seek to deter the crimes of ML and TF. However, laws are ultimately just words on paper. A strong AML/CFT compliance culture inculcates integrity into the organisation and helps ensure that these laws are properly implemented and adhered to. By embedding a culture of integrity, entities not only comply with legal requirements but ethically deal with all situations not dealt with by the law.

Building Trust with Stakeholders

When an entity practices and portrays a strong culture of proper AML/CFT compliance, it generates trust and a positive reputation among its customers, investors, associates and regulatory authorities. The employees working for the entity have faith in it, which boosts employee morale. This creates a positive feedback loop, which results in the further strengthening of the entity’s compliance culture.

Ensuring Regulatory Compliance

ML and TF are threats that continuously evolve to avoid detection. To curb them. AML/CFT laws are dynamic and continuously developing to deal with the new tactics of money launderers and terrorist financers. When entities have a strong AML/CFT compliance culture, they are able to regularly update themselves and evolve new ways to comply effectively with the AML/CFT regulatory obligations.

The Role of AML/CFT Compliance Culture in Combating ML/TF

Preventive Measures

Robust AML/CFT Policy and Procedures

AML/CFT rules and regulations mandate regulated entities to draft and implement their own AML/CFT policies and procedures. To be effective, the AML/CFT policies and procedures must include the following:

Roles and responsibilities for all employees involved in AML/CFT compliance.
Proactive senior management oversight and appointment of AML/CFT Compliance Officer.
Adoption of a risk-based approach to counter ML/TF.
Continuous training and awareness programs for the staff involved in AML/CFT compliance.
Customer Due Diligence (CDD), including Know Your Customer (KYC), customer risk assessment and profiling.
Sanctions Screening and Adverse Media Screening
Reporting Procedures for Suspicious Activities or Transactions (SAR/STR)
Ongoing monitoring of customers and transactions Record keeping procedures

When these components are clearly defined, there is better oversight and coordination within the entity. Compliance responsibilities should not be ‘siloed’, i.e., restricted to specific departments with no internal communication. This ensures that all red flags encountered during the AML/CFT compliance process are swiftly identified and dealt with promptly. This prevents ML or TF risks from arising.

Comprehensive Due Diligence

Customer Due Diligence (CDD) is a process that must be undertaken by entities to check the authenticity of their customer’s identity. It helps them assess the risks posed by a customer through risk assessment, sanctions screening and adverse media screening. Through CDD, entities are able to form an informed decision of whether to onboard customers based on their risk appetite. A rigorous CDD process prevents entities from onboarding clients exposed to ML or TF and thus reduces risk exposure of the entities.

Transaction Monitoring

Transactions monitoring involves continuously observing transactions to detect any anomalies or red flags that may indicate ML or TF. Suspicious activities and transactions are identified through red flags such as transactions involving large amounts of funds, unusual behaviour by customers, inconsistency of the transaction with the customer’s economic profile or past behaviour, multiple transactions within a short period of time, transactions from, to or through a high-risk jurisdiction, etc. Thus, transaction monitoring helps prevent ML and TF before they occur or are in the early stages of occurrence by detecting and dealing with suspicious activities. Timely and rigorous transaction monitoring is an important constituent of an effective AML/CFT compliance culture.

Detective Measures

Data Analytics

Data analytics helps entities analyse large amounts of information to detect ML and TF threats. Big Data enables entities to streamline their AML/CFT compliance obligations through real-time updates in customer risk scoring and profiling, automatic transactions monitoring, prompt sanctions screening and adverse media screening, recognising anomalies in customer behaviour, etc. Data analytics thus eases the process of compliance by digitising processes that would otherwise be done manually. Thus, data analytics has made the detection of ML and TF simple and swift.

Health checks and Audits

Detecting vulnerabilities in the AML/CFT policies and procedures is an important part of the entire AML/CFT compliance process. This detection exercise is done through a health check or audit of an entity’s AML/CFT compliance program. A health check or audit involves a review of risk assessment of the entity, its policies, procedures and controls, communication channels open in the entity for coordination or grievance redressal, CDD and KYC methodologies adopted by the regulated entity, the process of suspicious activities detection and reporting by the entity, adequacy of records obtained and kept, regularity and quality of staff training and awareness, etc. The health check and audit process also includes analysis of the vulnerabilities detected, discussion about the same with top management, and adoption of remediation measures to fill the gaps identified.

Employee Vigilance and Reporting Channels

The active participation of the employees in the entity’s AML/CFT compliance program ensures efficiency in dealing with ML and TF threats. For example, frontline employees are considered the first line of defence and compliance officers, along with the compliance department, are the second line of defence under an entity’s AML/CFT program. Employee vigilance at these levels will nip ML and TF in the bud. Employee vigilance will enable early detection of ML and TF threats, prompt communication of the threat to the compliance officer, senior management, or board of directors, and subsequent reporting to the AML/CFT regulatory authority of the country in which the entity operates.

Reporting Obligations

Investigating Suspicious Activities

Suspicious activities are to be reported mandatorily under a country’s AML/CFT laws and regulations. Suspicious activities are those that indicate the occurrence of ML or TF. For example, the following activities cause suspicion as to ML and TF:

Customer refuses or is hesitant to provide KYC details or identity documents
Third party gives instructions or undertakes transactions through the customer’s account
Too many transactions in a short period of time
Uncharacteristically large funds being transferred
No economic rationale behind transactions or the source of funds or wealth is unexplained

When these suspicious activities are detected and reported in a timely manner, ML and TF threats are dealt with successfully.

Collaboration with Regulatory Authorities

Collaborating with AML/CFT regulatory authorities is crucial in aiding the authorities in curbing ML and TF in the country. The collaboration includes adhering to the AML/CFT obligations put on the entity, providing information promptly when required by the regulatory authorities, reporting suspicious activities and transactions as prescribed, etc. Collaborating with regulatory authorities will improve the regulator’s trust in the entity and improve the reputation of the entity in the country as law-abiding and transparent.

Implementing Corrective Actions

As discussed before, regular health checks and audits are significant features of an effective AML/CFT compliance culture. After a thorough audit, remediating the vulnerabilities identified through corrective actions is an important part of the AML/CFT Compliance process. Such corrective actions include reassessing risk exposure to ML and TF, making necessary changes to AML/CFT policy and procedures, revamping the compliance team structure, establishing new communication channels, etc.

Building a Strong AML/CFT Compliance Culture

Building a strong AML/CF compliance culture requires businesses to develop an understanding of what strong and weak AML/CFT compliance culture looks like; knowing the distinction between the two shall enable them to formulate a customised strong AML/CFT compliance culture.

After understanding the meaning, components and importance of a robust AML/CFT compliance culture, it is time to understand how such a strong culture can be built. This is discussed below.

Top Management Commitment

To build a robust AML/CFT compliance culture, top management must commit to:

Setting the tone of integrity, transparency, morality and non-tolerance towards lapses that enable ML and TF to occur.
Allocating adequate resources for the entity’s AML/CFT compliance.
Overseeing the risk assessment process and drafting of internal AML/CFT policy for the entity.
Having an open channel of communication to handle all the complaints, doubts, criticisms, and concerns regarding the entity’s AML/CFT policy and ensuring accountability.
Duly appoint an AML/CFT Compliance Officer or Money Laundering Reporting Officer (MLRO) who is qualified for the role.
Reviewing the AML/CFT reports and independent audits and remedying any vulnerabilities found.
Leading by example and actively participating in AML/CFT training, encouraging employees to participate and take their role with seriousness and professionalism.

Crafting Clear and Effective AML/CFT Policies and Procedures

Preparing AML/CFT policies and procedures is a legal obligation under a country’s AML/CFT laws and regulations. It is the backbone of a strong AML/CFT compliance culture. An effective AML/CFT policy has the following characteristics:

It is framed after gaining a thorough understanding of the country’s AML/CFT laws and regulations in which the entity operates.
It is grounded in a risk-based approach, which involves identifying the specific ML and TF risks faced by the entity and implementing tailored measures to mitigate them. This approach is customised to address the unique challenges posed by the firm’s products and services, customer base, geographical operations, and other relevant factors.
It is framed in a clear and concise manner, with all roles and procedures defined to leave no doubt or scope for overlap of responsibilities and powers. Top of Form
It should set clear policies on all the AML/CFT obligations of the entity such as risk assessment, CDD and KYC, sanctions screening, suspicious transactions or activities reporting, etc.
It should be regularly reviewed and updated to ensure all vulnerabilities are filled.

Implementing AML/CFT Compliance Program

After preparing AML/CFT policies and procedures, it is important to implement them in a manner that achieves its intent and objectives. For effective implementation, the following approach should be adopted:

Make a detailed checklist and ensure that all entries are tick-marked through completion. Here are the components of the checklist:
Registering with the AML/CFT regulator if required. For example, in the UAE, entities have to register with FIU’s goAML portal.
Designating a qualified AML/CFT compliance officer or MLRO with adequate authority.
Conducting Enterprise-Wide Risk Assessment (EWRA) and defining risk mitigation measures.
Laying down the customer onboarding process along with adequate customer due diligence and sanctions screening measures to be adopted.
Establishing a monitoring program that tracks customers, transactions and activities on an ongoing basis
Preparing procedures to detect and report suspicious activities and transactions
Training the employees involved in the AML/CFT program. This step is discussed in detail below.
Conducting an independent audit of the AML/CFT program of the entity and regularly updating it to fill any gaps
To execute the prepared checklist in a timely manner, a comprehensive action plan should be created with deadlines. Senior management must regularly monitor the implementation process. Adequate resources should be allocated to the AML/CFT program.

Training and Awareness

Training and awareness enable employees and other stakeholders involved in the AML/CFT program to recognise and adopt corrective measures to deal with any ML or TF threats they encounter. The employees must be given regular training by qualified AML/CFT experts. The training module must include subjects such as:

Meaning and typologies of ML and TF
A brief overview of the international efforts to fight ML and TF and the AML/CFT laws and regulations of the country in which the entity operates
Detailed understanding of the internal AML/CFT policies and procedures of the entity
ML and TF risks assessed, and risk mitigation strategies adopted by the entity
Customer onboarding protocol, including customer risk assessment, risk scoring, risk profiling, customer due diligence, KYC, sanctions screening and adverse media screening
Detecting and reporting suspicious activities and transactions
Records acquired during the AML/CFT process that must be kept
Coordinating and cooperating with the AML/CFT compliance department of the entity

The training program should be a continuous process. When regulations change, or independent audits find discrepancies, employees should be retrained to perform their roles more effectively. Further, new employees must be given basic AML/CFT training when they are onboarded.

Challenges in Combatting Money Laundering and Terrorism Financing

Building a strong AML/CFT compliance culture may not be easy at first. An entity may face the following hurdles while implementing and maintaining its compliance practices:

1. Business Goals

Entities often place profit and growth as their highest priority, ignoring business ethics in the process. There is a need to balance both ethics and profits to build an effective AML/CFT compliance culture.

AML/CFT compliance must be seen as adding to the profits and growth of a company rather than an obstacle. This is so because a reputation of being AML/CFT compliant increases trust among the customers and reduces the costs incurred due to non-compliance. Thus, having a robust AML/CFT compliance culture gives positive dividends.

2. Staff Resistance

Employees may not be aware of their role in combating ML or TF threats or may see their AML/CFT obligations as irrelevant to their overall job profile. They may resist changes when an entity first makes the decision to align their business with AML/CFT best practices. To deal with this challenge, it is necessary that positive behaviour is incentivised and encouragement is given to adhere to the entity’s AML/CFT compliance program that flows from the top leadership. When the leaders set the tone from the top, employees are bound to follow.

3. Resource Constraints

When the AML/CFT program is seen as a cost rather than an opportunity, AML/CFT compliance suffers. Developing and maintaining an AML/CFT program can be costly because it involves investments in technology, human resources, training, and services of AML/CFT experts. However, these costs have positive returns, such as a good reputation, trust from customers, and no non-compliance costs. Further, the costs of non-compliance, i.e., government-imposed fines and penalties, are significantly more than the cost of installing compliance measures.

4. Evolving Regulatory Framework

Since ML and TF typologies are evolving with advancing technology, AML/CFT laws and regulations are continuously adapting to deal with emerging threats. This means that the AML/CFT law is dynamic, and entities need to keep up. This may seem complex to regulated entities, which are already lagging behind in terms of AML compliance. However, being up to date with the AML/CFT regulatory changes is essential to ensuring AML/CFT compliance.

The Future of AML/CFT Compliance Culture in Combating ML/TF

After building an effective AML/CFT compliance culture, the next task is sustaining and developing it in a way that such culture becomes an enduring component of the entity’s identity. As ML/TF typologies, as well as AML/CTF regulations evolve, so must the culture surrounding AML/CFT compliance. Here’s a glimpse at the future of AML/CFT compliance culture.

Impact of AI and Machine Learning on Compliance

Artificial intelligence (AI), data analytics, and machine learning have made the AML/CFT compliance process easier, quicker and cheaper. These technological advancements make the following tasks more efficient:

Entering and keeping records of loads of customer data.
Detecting any red flags while conducting the customer due diligence process.
Sanctions Screening and Adverse Media screening using regularly updated databases.
Analyzing patterns of customer transactions and behaviour and detecting anomalies.

These technologies keep on improving and thus form the future of AML/CFT compliance culture by making compliance swift, simple and accurate.

Future Regulatory Developments

As the world becomes increasingly interconnected, ML and TF threats evolve, and AML/CFT measures adapt to combat them. This means more cross-border collaborations between countries to deal with the ML/TF threats effectively. AML/CFT regulations may become more stringent and standardised. However, with a strong AML/CFT compliance culture, navigating through evolving and stricter AML/CFT laws and regulations would be easily manageable.

Importance of Evolving Compliance Practices

AML/CFT compliance culture needs to be dynamic and adapt to the emerging ML/TF threats and challenges as well as keep up with the AML/CFT regulatory developments. Entities must keep pace with technological advancements and adopt them in their AML/CFT compliance program. All vulnerabilities should be detected and reported. Periodical training on new AML/CFT typologies, technology and regulatory developments will ensure a strong and efficient AML/CFT compliance culture.

Fostering a Culture of Continuous Improvement

Continuous improvement can only be achieved through frequent health checks, open communication and swift handling of grievances and concerns. Leadership commitment to AML/CFT compliance will ensure that the entity’s objectives and practices are aligned towards constant improvement and innovation of the AML/CFT compliance program.

Conclusion

Establishing a robust AML/CFT compliance culture is imperative to comply with AML/CFT regulatory obligations. It is also an important strategic tool to combat the emerging threats of ML and TF. However, if the entities regulated under a country’s AML/CFT legal regime do not take their compliance obligations seriously, the objective of curbing ML and TF will remain a distant dream. From the macroeconomic prospects of the country to the society and the entity itself, everyone will be severely impacted.

Therefore, establishing a robust AML/CFT compliance culture must involve essential components such as leadership commitment, ethical standards, comprehensive policies, and continuous training to ensure that entities build resilience against the said financial crimes such as ML/TF. By embedding AML/CFT principles deeply into their identity, entities can better detect and deter illicit activities.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

AML Compliance and Big Data Analytics

In today’s complex financial world, Anti-Money Laundering (AML) compliance with the help of big data is transforming how institutions detect and prevent financial crime. Traditional data analysis methods often fall short due to inaccuracies.

As financial transactions become more sophisticated, regulators demand stronger compliance measures, making it crucial for businesses to adopt advanced technologies.

Big data empowers financial institutions by providing deeper insights into customer behaviour, transaction patterns, and potential risks. With advanced analytics, organisations can identify anomalies, enhance customer due diligence, improve transaction monitoring, and streamline investigations.

By leveraging big data, compliance teams can not only meet regulatory obligations more effectively but also optimise resources and reduce operational costs. In this article, we discuss the limitations of traditional data analysis, the role of big data in AML compliance, and how data analytics addresses key challenges in financial crime prevention.

Drawbacks of Traditional Data Analysis Systems

Traditional data analysis methods synthesise data using typical statistical methods and human expertise to extract information and draw conclusions for the purpose of decision-making. Since traditional data analysis methods rely on manual techniques, they are prone to certain challenges, such as:

Human Errors

It is not possible to analyse enormous amounts of data manually. The human workforce tends to make wrong analysis or miss important data while doing the work manually because of extensive data. These human errors can be costly for a business.

Time Constraints

Lots of alerts are generated every single day for financial transactions. It is time-consuming to investigate each alert and make the right decision.

High Cost

Businesses need huge manpower to interpret large data sets, causing the need to hire more employees to reduce the workload. This adds up to the cost that the business must bear.

Greater Inaccuracies in Results

Traditional data analysis outcomes suffer from a high rate of false positives and negatives due to limited insights into the transaction patterns and connections between data sets. The inherent human bias based on past experiences, assumptions, and preconceived notions also contributes to inaccurate outcomes.

Lack of Scalability

When dealing with a high volume of data, it is not possible for traditional data analysis methods to efficiently deliver high-quality results in a short span of time, therefore reducing its scalability.

Understanding Big Data and Big Data Analytics in the Context of AML Compliance

While there is no standard definition for big data, the term commonly refers to a large volume of information that is generated through information systems. It can include financial data, personal data, data from the Internet of Things, social media data, etc.

Some of the most important data types required for data analytics in AML compliance include:

Customer Data
Beneficial Ownership Data
Sanctions Screening Data
Politically Exposed Person (PEP) Screening Data
Adverse Media Data
Geographic Risk Data
Transaction Data
Behavioural Data
Past History Data

Big data analytics means processing large amounts of structured or unstructured data, like customer feedback, news articles, legal judgements, etc., to make correct decisions. It helps in finding patterns and trends by analysing huge data sets accurately.

Businesses use data analysis to process financial transactions and customer data to detect suspicious behaviour.

Data analytics when integrated with AML solutions can help in effective risk management. The analysis is done with the help of data analytics tools.

Using Big Data Analytics in AML Compliance

Big data analytics can be instrumental in executing AML procedures. Here’s how Big Data Analytics can be incorporated in AML Compliance processes:

Business ML/TF Risk Assessment

Big data analytics, along with predictive assessment techniques, can synthesise past data to identify risk factors and potential threats. Thus allowing businesses to undertake a risk-based approach in allocating resources on the basis of the likelihood and impact of the potential threats

Know Your Customer (KYC)

Big data analytics can facilitate digital identity verification processes by integrating data sets from multiple channels, such as publicly available information and digital footprints, such as their social media accounts and online activities, and by comparing biometric information with existing databases.

To pass the KYC checks, a customer may submit false identification documents. Leveraging artificial intelligence (AI) backed by big data helps scan and identify fake documents. For example, with AI and data analytics, fake passports and identity cards can be detected.

Name Screening

Data analytics in name screening ensures that the customer information is screened against comprehensive sanctions watchlists, PEP databases, and adverse media sources.

Customer Risk Assessment

Data analytics can use classification algorithms to identify the various kinds of fraudulent transactions using past data, and supervised machine learning systems can classify customers into high-risk, medium-risk, and low-risk customers based on the characteristics that they display.

Ongoing Monitoring of Transactions and Customer Profile

Data analytics can be helpful in monitoring transactions as it can trace transactions from their origin until termination to identify anomalies in transaction patterns like sudden changes in the volume of transactions, the frequency of transactions below the reporting threshold in real-time, or any peculiar trends in transaction patterns, enabling prompt resolution of suspicious transaction alerts.

For example, consider a business that uses big data analytics to monitor customer transactions in the professional services sector. Over time, the monitoring tools driven by machine learning can be capable of identifying the usual transaction patterns of that customer and detecting deviations in case one arises.

With the help of data analytics, it is also easy to track customer behaviour by developing a customer profile, mapping data movement, and identifying any deviations from the customers’ usual behaviour. Data mining by the association rule is a great way to establish relationships between products and services.

Reporting

Businesses that are classified as reporting entities in Australia are required to report certain transactions and suspicious matters to AUSTRAC. Big data analytics can automate the filing process for Threshold Transaction Reports for the prescribed values and lead to prompt, precise risk evaluations by generating alerts for suspicious behaviour or transactions so that the compliance teams can make data-driven decisions when filing Suspicious Matter Reports.

Record-Keeping

Data analytics can be immensely helpful in keeping comprehensive records like timestamps, types of transactions, particulars of the customer and related parties, and mandatory documentation.

In today’s data-driven world, there is an abundance of data. However, these data sets are siloed across multiple sources. In such a situation, data in its original form can more likely deviate from compliance efforts rather than optimise them. To avoid unintended consequences for the use of big data, read about the best practices to adopt when using big data analytics in AML compliance.

Best Practices for Adopting Big Data Analytics in AML Compliance

When transitioning from traditional analysis systems and adopting big data analytics, businesses should adopt industry-wide accepted best practices like:

Include big data analytics strategies in your AML Program to ensure that the outcome of the data analysis aligns with the business’s AML compliance goals and regulatory obligations.
Ensure that the abundant and publicly available data is used for targeted investigation outcomes and not for hoarding futile information.
Deploy strong data privacy and security measures
Provide role-based training to employees in using data analysis outputs

The Future of AML Compliance with Big Data

As financial crime becomes more advanced, the role of big data in AML compliance will continue to expand. With the help of artificial intelligence and machine learning, businesses will be able to spot suspicious activities faster and more accurately.

This means fewer false alarms and better compliance with regulations. Automation will also make processes like tracking transactions and verifying customers more efficient and less expensive. At the same time, the importance of human oversight cannot be overstated.

Therefore, businesses that use big data wisely stand a better chance of having a stronger defence against financial crimes and staying ahead of changing regulations.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article Australia

A Framework for Decoding Sanctions Screening Results

Whether you use AML software or perform manual name screening, sanctions screening outcome interpretation is not limited to segregating screening outcomes into usual categories, such as those needing regulatory reporting and those requiring no action. Each match has a distinct implication, and the criteria for its analysis, disambiguation, and categorisation are based on the degree of similarity or distinction with key identifier details of the customer and sanctioned individual or entity. This blog provides a framework for decoding sanctions screening results so that you can categorise them into Perfect Match, Partial Match, False Match, and No Match.

A Framework for Decoding Sanctions Screening Results

What is Sanctions Screening?

Sanctions Screening is a process through which the names of prospective and existing customers, who can be natural persons or legal entities, are matched against names available in relevant and applicable sanctions lists to check if any of the customer names match those contained in the sanctions list.

What is Sanctions Compliance Program?

Financial Institutions, DNFBPs and VASPs operating in the UAE must have in place a Sanctions Compliance program that documents the Targeted Financial Sanctions (TFS) compliance measures, such as Sanctions Screening methodology, tools, and measures. Such a Sanctions Compliance Policy would generally elaborate upon the measures taken to assess sanctions-related risk by the regulated entity considering the regulatory framework in UAE concerning sanctions compliance and set rules and steps for conducting and disambiguating screening matches.

What is Targeted Financial Sanctions (TFS) ?

Targeted Financial Sanctions (TFS) are restriction measures imposed by UAE requiring Designated Non-Financial Businesses and Professions (DNFBPs) to freeze funds with other assets of any existing or prospective customer whose name is found in any of the:

Local Lists, including UAE local terrorist lists issued by the Cabinet and sanctions lists containing names of natural persons and legal entities linked to the Financing of Terrorism (FT) or Proliferation Financing (PF) of weapons of mass destruction.
Sanctions lists issued by the United Nations Security Council Resolutions (UNSCRs). The names of relevant UNSCRs for DNFBPs in UAE, according to Circular No. (2) of 2022 for implementation of Cabinet Decision No. 74 of 2020 are Resolutions 1718 (2006), and 2231 (2015) and following resolutions.

Also, read about aligning your business with global sanctions lists.

Why is Sanctions Screening important for AML compliance and fighting ML/TF/PF?

To ensure that prospective and existing customers do not bring along Money Laundering (ML), FT and PF risks to the regulated entity.
To identify if any prospective or existing customers appear in any of the relevant sanctions lists and report them to the UAE Financial Intelligence Unit (UAE FIU) through the goAML portal, ensuring regulatory reporting compliance obligation.
To ensure compliance with sanctions screening regulatory requirements prescribed in applicable Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) and TFS regulations in UAE.

Also, read the role of sanctions in achieving international peace and security.

What are the Common Sanctions Screening Outcomes?

Sanctions Screening process usually generates four types of outcomes, namely:

1. Perfect Match

The name of the customer matches completely with the screening outcome generated through screening across relevant Sanctions Lists. A complete match is also known as a full match, or complete match, or an exact match.

2. Partial Match

The name of the customer partially matches the screening outcome generated through screening across relevant Sanctions Lists.

3. False Match

The name of the customer does not match with the screening outcome generated through screening across relevant Sanctions Lists.

4. No Match

Screening the name of the customer across relevant Sanctions Lists generates no or zero outcomes.

Sanctions Screening Process

The Sanctions Screening Process is carried out by taking the following steps such as:

1. Subscription to relevant and applicable Sanctions Lists

The FIs, DNFBPs, and VASPs are required to subscribe to the Executive Office for Control & Non-Proliferation (EOCN) mailing list to receive updates as to the addition and deletion of names in the sanctions list.

2. Collection of Key Identifier details

The DNFBPs are required to collect information to input data for conducting sanctions screening, such as in the case of:

a. Natural Person:

Name
Aliases
Date of Birth
Nationality
ID or Passport information
Last known address

b. Legal Entity:

Name
Aliases
Address of Registration
Address of branches, if any
Other relevant information

c. Ultimate Beneficial Owner (UBOs) of Legal Entity

Same as that of a natural person

3. Name Screening

Upon collection of key identifier information, all there’s left to do is to enter the key identifier details of the customer into the appropriate fields given in the Sanctions Screening software and execute the name-match command, doing so, will trigger the sanctions screening software to start searching the customer name entered across various relevant and applicable sanctions list to which the DNFBP is subscribed to.

The name-matching process can also be undertaken manually by searching through the relevant sanctions lists.

4. Screening Outcome Generation

Once the name-matching process is executed by the name screening software, screening outcomes will be generated, depending upon the type of filters and match percentage accuracy threshold settings configured into the sanctions screening software.

5. Screening Outcome Disambiguation

Finally, the analytical role of a Screening Analyst comes in; the screening outcomes generated by the sanctions screening software need to be segregated and organised by the screening analyst into the following categories:

Perfect Match
Partial Match
False Match
No Match

Enabling the regulated entity to deploy adequate AML/CFT Customer Due Diligence (CDD) measures and imposing TFS freezing measures if the need arises, based on the framework for decoding sanctions matches.

Decoding Sanctions Screening Matches: A Step-by-Step Guide

Usually, in a large-scale organisation, distinct roles and responsibilities are assigned to relevant personnel, such as having a dedicated Screening Analyst to decode sanctions screening results. However, a small business, usually having very few or no employees, requires the owner or founder to take responsibility for decoding sanctions screening results.

Also read, risks of unaddressed matches in sanctions screening.

Decoding the Sanctions Screening Results requires the person entrusted with screening matches disambiguation to conduct the following measures:

1. Initial Assessment:

When attempting to decode sanctions screening results, an initial assessment needs to be carried out. Ideally, this can be commenced by segregating screening results into potential matches and obvious false matches.

2. Verification and Validation:

The potential matches derived need to be examined for further verification of potential matches with the key identifier details of the customer collected by the regulated entity.

This verification process would entail careful comparison between the key identifier details of the customer and those mentioned in the profile of a potential match. Based on comparison, the degree of similarity between customer details and the screening outcomes generated can be validated.

Followed by verification, the validation of such findings is carried out with the help of government-issued customer identification documents or copies of the same available with the regulated entity. Examples include a Passport or Emirates ID for a natural person as a customer and a trade license or the certificate of registration of the legal entity.

The validation process helps in determining whether the potential match can be classified as:

Perfect Match
Partial Match
False Match
No Match

3. Risk-Based Approach (RBA):

The fundamentals of RBA dictate that risk mitigation measures must be applied in proportion to the extent of risk faced by an entity. In the AML/CFT and TFS compliance context, adopting RBA would mean that a business applies ML/FT and PF risk mitigation measures, such as Standard Due Diligence, Simplified Due Diligence, and Enhanced Due Diligence (EDD) based on the degree and extent of ML/FT and PF risk posed by the customer to the business.

Sanctioned individuals and entities pose a high degree of ML/TF/PF risks, and hence, the regulated entities are obligated not to establish a business relationship with them, apply freezing measures and submit a Funds Freeze Report (FFR). Further, in the case of partial matches, the risks could be higher, and hence, the regulated entities are required to submit a Partial Name Match Report (PNMR) with the UAE FIU.

4. Escalation:

Depending upon the severity of the sanctions screening outcome finding, the case can be escalated internally to the AML Compliance Officer or Money Laundering Reporting Officer (MLRO).

5. Documentation:

The regulated entity must document all the procedures, steps, methodologies, tools, sanctions lists subscribed to, verification findings, and validation exercises carried out while conducting match disambiguation and the sanctions compliance process.

6. Regulatory Reporting:

Depending upon the screening outcome, if a perfect match or partial match is found, such an observation and finding must be reported through the goAML portal by the regulated entity within 5 calendar days of such an observation.

7. Record-Keeping:

To ensure compliance with record-keeping requirements imposed by relevant regulators, regulated entities conducting Sanctions Screening must maintain all records of their Sanctions Compliance Program, including sanctions screening results, screening disambiguation findings, and CDD measures taken for the prescribed period.

Let us now delve into decoding screening results based on customer profile and details of potential match found during sanctions screening process.

Decoding Sanctions Screening Results: Perfect Match

Decoding Sanctions Screening Results when there is a Perfect Match requires the person conducting screening outcome disambiguation to know how the perfect match outcome is derived. A perfect match outcome is derived when all key identifier parameters of the customer match the screening outcome in totality.

Understanding the Sanctions Screening Perfect Match Disambiguation Matrix

Understanding the Perfect Match disambiguation matrix is quite straightforward. The comparison between the customer profile and screening outcome would visually appear like the matrix given:

In a Perfect Match scenario, all the key identifier parameters of sanctions screening outcome and the customer profile are compared with one another. The conclusion of such comparison is that both the customer profile and sanctions screening outcome have been found to match exactly with one another, resulting in the initiation of the regulatory reporting process by the regulated entity conducting sanctions screening.

Note:

The human element is always required in disambiguating sanctions matches. The screening analyst may rely on the information available and his professional judgment to conclude the sanctions screening outcome.
For a sanctions-perfect match, it is not necessary to possess all the information outlined in the above example. The key is to satisfy oneself that the customer and the name appearing in the sanctions list are the same. The screening analyst must document his findings and conclude the match type.

AML/CFT Regulatory Requirements Around a Sanctions Perfect Match

Upon finding a perfect match because of sanctions screening, the regulated entity is required to:

Freeze the assets of the sanctioned customer within 24 hours and prevent making any funds or services accessible to them.
File a Funds Freeze Report (FFR) on the goAML portal within 5 calendar days of becoming aware that the customer has been sanctioned.

In case a prospective customer is found to be a perfect match, the regulated entity is required to:

Reject or avoid onboarding the prospective customer.
File a Funds Freeze Report (FFR) on the goAML portal within 5 calendar days of becoming aware of the customer being sanctioned.

While taking the above measures, regulated entities must ensure that they do not let prospective or existing customers become aware of such a perfect match outcome.

Decoding Sanctions Screening Results: Partial Match

Decoding Sanctions Screening Results when there is a Partial Match requires the person conducting screening outcome disambiguation to know how partial match outcomes are usually found. Partial match outcomes are found only when the name of the customer matches partially with that of the screening outcome as either due to lack of further information, the match disambiguation exercise on remaining key identifying factors cannot be concluded or only limited key-identifier details match, such as first name only.

Understanding the Sanctions Screening Partial Match Disambiguation Matrix

The partial match disambiguation comparison between the customer profile and screening outcome would visually appear like the matrix given:

In a Partial Match scenario, upon a comparison of all the key identifier parameters of sanctions screening outcome and the customer profile, only the partial name of the customer matches with that of the screening outcome. Some of the reasons for partial name match are as follows:

Lack of complete information with screening data, sanctions data aggregator, or the DNFBPs themselves, where the screening analyst can neither confirm nor deny the potential match as perfect match or no match.
Lack of validating documents such as government-issued identification cards or licenses (in case of a legal entity customer) that can help rule out a potential match result as no match or perfect match. Also, upon request, the customer fails to provide or avoids providing additional or missing validation documents, or repeated requests for the same might result in ‘tipping off’ the customer.
Though the regulated entity is in possession of validating identifying documents or the screening aggregator provides such information through their database, the authenticity of such information or documentation is questionable due to identifying documents appearing to be forged or tampered with, resulting in inconclusive findings, often the photographs match, date of birth or age matches, and the partial name matches but remaining information is different. Such a situation can be the result of forged or tampered documents or identity theft, making it impossible to decide whether the match is a perfect match or no match.

The conclusion of comparison is that both the customer profile and sanctions screening outcome match only on the aspect of partial name and are inconclusive on the status of match likelihood of other key identifier parameters. Resulting in the initiation of a partial name match regulatory reporting process by the regulated entities conducting sanctions screening.

Note:

The human element is always required in disambiguating sanctions matches. The screening analyst may rely on the information available and his professional judgment to conclude the screening outcome.
For a partial match, it is not necessary to possess all the information outlined in the above example. The key is to satisfy oneself that the customer and the name appearing in the sanctions list are potentially the same. The screening analyst must document his findings and conclude the match type.

AML/CFT Regulatory Requirements Around a Sanctions Partial Match

Upon coming across a partial match, the regulated entity is required to:

Suspend all transactions with existing customers and prospective customers with immediate effect and maintain the suspension of the business relationship until further instructions from the UAE FIU.
File a Partial Name Match Report (PNMR) on the goAML portal within 5 calendar days.

While taking the above measures, the regulated entity must take care of tipping off provisions and ensure that it doesn’t let prospective or existing customers become aware of the partial name match outcome and its regulatory reporting.

Decoding Sanctions Screening Results: False Match

False match outcomes are found when the customer’s name initially generates a screening outcome. However, upon comparing the customer profile and screening outcome, the screening analyst conducting screening disambiguation can conclude that the potential match is a false match.

Understanding the Sanctions Screening False Match Disambiguation Matrix

The false match disambiguation comparison between the customer profile and screening outcome would visually appear like the matrix given:

In a False Match scenario, upon a comparison of all the key identifier parameters of sanctions screening outcome and the customer profile initially appear similar or sanctions screening software has generated the false screening outcome due to the following factors:

Customer data quality and uniformity issues, due to which the screening software is generating false matches.
Algorithmic errors in the screening tool result in the generation of false matches.
The fuzzy match threshold is set too low while conducting sanctions screening.
Lack of knowledge as to what nationalities, languages, and cultures the screening data and customer details belong to, leading to not setting screening parameters accordingly.
Lack of fine-tuning the screening parameter filters or lack of customizability of the screening tool.
Outdated screening data and lack of whitelisting.

Note:

The human element is always required in disambiguating sanctions matches. The screening analyst may rely on the information available and his professional judgment to conclude the screening outcome.
For a false match, it is not necessary to possess all the information outlined in the above example. The key is to satisfy oneself that the customer and the name appearing in the sanctions list are not the same. The screening analyst must document his findings and conclude the match type.

AML/CFT Regulatory Requirements Around a Sanctions False Match

When a False Match is found during sanctions screening, no regulatory reporting or compliance measures need to be initiated. The regulated entity can onboard the potential customer or continue the business relationship as usual with an existing customer upon finding a false match.

Sanctions Screening Best Practices to Avoid Unusually High False Matches

As a best practice measure, the regulated entities can analyse if the occurrence of false matches is normal or higher than usual, based on its experience and acceptable thresholds. If false matches appear higher than normal, the regulated entities must take measures to minimise false matches by taking measures such as:

Re-tuning the sanctions screening tool
Opting for a better sanctions screening tool with a proven record of least false matches.
Opting for whitelisting certain repetitive false matches, but with caution.
Conducting a sanctions screening software testing and validation exercise or conducting an AML software audit to identify the cause of false matches.
Ensure that the sanctions screening tool is customisable to modify rules and re-set match percentage parameters.

Thinking of changing your sanctions screening software because of its inability to detect false matches? Read Switching Sanctions Screening Software: Pain or Gain?

Decoding Sanctions Screening Results: No Match

When conducting sanctions screening of a customer across sanctions lists generates no result, then such lack of screening outcome is also known as ‘No Match’. This simply means that the screening exercise generated no results, and the customer’s name does not appear in any of the sanctions lists to which the regulated entity has subscribed.

Understanding the Sanctions Screening No Match Disambiguation Matrix

The no-match screening result between the customer profile and screening outcome would visually appear like the matrix given. However, such a matrix happens in the background of the screening software process, and the illustrative matrix helps visualise how a no-match result is generated by screening software. This happens when, on all customer key identifier parameters and names available in the sanctions list, the screening software is unable to find any remotely matching outcome.

Note:

The human element is always required in disambiguating sanctions matches. The screening analyst may rely on the information available and his professional judgment to conclude the screening outcome.
Sanctions Screening software must be properly tested, leaving no room for false negatives.

AML/CFT Regulatory Requirements Around a Sanctions No Match

When there are no matching results while conducting sanctions screening, the regulated entity may onboard such a customer and conduct CDD according to its customer onboarding policy or may continue the business relationship as usual in case of an existing customer relationship.

Conclusion

The Sanctions Screening Compliance is not merely limited to conducting sanctions screening and regulatory reporting if needed. Businesses in UAE, such as DNFBPs, need to understand the intricacies of why sanctions screening is required in the first place, the laws governing sanctions compliance, and the methodology and process of conducting sanctions screening to be able to decode the sanctions screening outcomes with the framework illustrated effectively.

Regulated entities must also understand their rights and obligations in the event of every possible type of sanctions screening outcome generated, and they must be equipped with personnel and know-how to ensure AML compliance that a possible screening outcome requires, be it filing FFR, PNMR, or proceeding with customer onboarding, as the need be.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

Art and Money Laundering: The Hidden Brushstrokes of Crime

Art has always been looked at as a medium of expressing emotions, creativity, and thoughts. In the brushstrokes of art lie serious crimes like money laundering, which are well hidden due to the unregulated nature of this industry. In this article, we have covered the connection between art and money laundering, the red flags to look for when selling art items, and practices to follow to prevent money laundering.

There is a need for AML training of art market participants, be it art galleries, museums, or auction sales, to identify suspicious transactions and adopt preventive measures for making the art industry free from financial crimes.

Why Criminals Use Art for Money Laundering

Absence of Price Control

The price of art items is not fixed, which gives criminals the chance to fix prices the way they want. As the price is not regulated, a criminal can buy a less costly painting for a huge price to launder a large amount of money.

Organisations should perform background checks on current employees as well as potential hires.

Less Regulations

The art and antiques market is not governed under the AML/CTF laws in Australia, making it convenient for criminals to evade regulatory scrutiny.

Anonymity of Transactions

Transactions in arts and antiques are not transparent in nature, making it difficult for regulatory authorities to verify the trail of money. This gap is exploited by criminals for their benefit.

Involvement of Intermediaries

Purchase and sale of art items by forming shell companies as intermediaries to hide the origin of dirty money. The purpose is to receive or transfer money in the company’s name.

Involvement of Multiple Jurisdictions

Consider an example where a painting can be bought in one country. Payment for that painting can be wired from a different country, leaving less room to find the origin and source of the funds. Thus, criminals also favour the export and import of art. However, it must be noted that Australian legislations seek to restrict the movement of artworks and historical, archaeological, numismatic, philatelic, science, or technology objects that are of cultural significance. This bid to retain the country’s cultural heritage has a role to play in preventing money laundering through art and artifacts.

How Art is Used for Money Laundering

Money Laundering is the process of disguising the proceeds of crime and its origin to give it the mask of legitimately earned money. A series of complex transactions are performed to put the illegal money into the financial system and disguise its source with the intention of making it look clean or legal money. The whole process of money laundering is divided into three stages: Placement of money into the financial system, Layering to hide the source of illegal money and Integration of money to make it appear legal.

Art is a multi-million-dollar industry. It is also one of the industries that are least regulated by the authorities. Criminals do not prefer traditional methods of money laundering as countries regulate industries to prevent money laundering. The art industry, being the least regulated, attracts criminals. Money launderers use high-value art items to hide their illicit money.

Criminals use people to auction less-value art at high prices anonymously. It is also convenient to move art pieces across countries without declaration to customs authorities. Criminal money is used to buy art collections in cash.

The art market is also used for carrying out fraud and theft to raise funds for money laundering, where the purpose is typically personal enrichment. For example, forged artworks or unauthorised distribution of artwork by agents are some of the common means of art crimes where the proceeds of such crimes can be used for the purpose of money laundering.

Spotting Red Flag Indicators of Money Laundering in Art Market

As an innocent participant in the art market, it may be difficult for individuals or businesses to identify organised crimes such as money laundering. However, there are some signs of suspicious behaviour or red flags which can indicate potential risks of money laundering. Some of the red flag indicators that art dealers, auctioneers or agents should be aware of when dealing with a buyer are:

If art is bought by a shell company from a high-risk country
If the address of the buyer or company is from a place which is fake and cannot be located on a map
If the buyer provides false identity information
If the buyer uses a large amount of cash to buy art which is inconsistent with the customer’s profile or business
If the payment is made by third-party not related to the transaction on behalf of the buyer
If the buyer participates in the auction over the telephone or Internet and pays an unusually large sum of money

Protecting the Art Industry from Financial Crimes

To spot the red flags and prevent exploitation from financial crimes, it is important for art market participants to undertake certain AML compliance actions. These actions include:

Establishing the AML/CTF Compliance Program

Establishing a comprehensive AML/CTF compliance program by first making an assessment of the ML, TF, and PF risks that the art participant may face and developing internal policies, procedures, systems, and controls to mitigate the risks.

Performing Customer Due Diligence

Before entering into a business relationship, art participants should undertake due diligence measures for their buyers or their beneficial owners if the buyer is not a natural person. This includes:

Collecting the buyer or beneficial owner’s information and verifying it against independent and reliable sources during the Know Your Customer (KYC) process.
Name screening the buyer or beneficial owner’s name to check if he/she is a politically exposed person or a person designated for targeted financial sanctions.
Undertaking the buyer and the beneficial owner’s ML/TF risk assessment in relation to the kind of service that the art participant is providing, its delivery channel, and the country in which they are dealing with the buyer.
Performing Risk-Based Due Diligence specific to the buyer’s risk criteria. For example, Simplified Due Diligence for low-risk buyers and Enhanced Due Diligence for high-risk buyers

Avoiding Cash Transactions above a Threshold Value

High-value cash transactions can be indicative of financial crime risks. Therefore, as a best practice, art market participants should avoid cash transactions above a certain threshold value specified in their AML program to prevent themselves from being exploited by illicit actors.

Staying Updated about the Red Flags and Emerging Patterns Concerning Money Laundering in the Art Industry

Art dealers or art auctioneers can stay updated with the emerging patterns by subscribing to weekly newsletters or other such sources concerning Anti-Money Laundering, just like AML Australia’s weekly email newsletter, where all regulatory updates, industry trends, and expert insights are shared at absolutely no cost.

Conducting Staff Training

People in the art business should know about unusual transactions, high-risk factors and measures to mitigate them. Thus, art dealers, auctioneers, and art houses must conduct regular training programs for the staff to identify, assess, and mitigate ML, TF, and PF risks.

AML Australia’s Key Takeaways on Breaking the Link between Art and Money Laundering

Art is a high-risk market due to anonymous transactions, high-value items, and easy movement of art in different jurisdictions. Although the art sector is not covered under the AML/CTF regulations in Australia, it can still undertake due diligence measures to prevent ML, TF, and PF risks by understanding the red flags and adopting the AML compliance processes suggested in this article.

Frequently Asked Questions on Art and Anti-Money Laundering

Why is the art industry considered a vehicle for money laundering?

Anonymous transactions, high-value items, and easy movement of art in different jurisdictions make the art industry a suitable vehicle for criminals to launder money.

What is AML in art?

Anti-Money Laundering (AML) is a set of compliance procedures that Art Market Participants can perform to prevent money laundering risks to their business.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article Australia

AML Compliance for Foreign Dealers of PSPM in Singapore

Regulated dealers of Singapore who are based overseas but conduct regulated dealings in Singapore may not necessarily be aware of their detailed legal obligations when undertaking business activities in Singapore. However, when dealing in Precious Stones and Precious Metals (PSPM), they must be aware of their Anti-Money Laundering, Counter-Terrorism Financing, and Counter-Proliferation Financing (AML, CTF, and CPF) obligations. This article focuses on AML compliance for Foreign Dealers of PSPM in Singapore.

Who Is a Foreign Dealer of PSPM in Singapore

If a regulated dealer in Singapore

Is registered outside Singapore, or
Is incorporated outside Singapore, or
Habitually resides outside Singapore,

And such a regulated dealer does not have

A permanent establishment in Singapore, or
A place of management in Singapore, or
A branch in Singapore

Then, such a regulated dealer can be classified as a foreign dealer of PSPM in Singapore.

Why Should Foreign PSMDs Comply with AML Regulations

The overall jewellery and luxury goods market is susceptible to Money laundering, Terrorism Financing, and Proliferation financing (ML, TF, and PF) risks due to their cash-intensive nature and involvement of high-value goods.

However, this risk is heightened for foreign PSMDs due to greater complexities in the supply chain and more cross-border transactions. Thus, Foreign PSMDs must comply with AML regulations to protect their business against heightened ML, TF, and PF risks.

AML Compliance Obligations for All Foreign Dealers of PSPM in Singapore

All foreign dealers of PSPM in Singapore are required to adhere to transaction-based requirements that also apply to domestic regulated dealers. These transaction-based requirements include:

Performing Customer Due Diligence or Enhanced Due Diligence stipulated in the Precious Stones and Precious Metals (Prevention of Money Laundering, Terrorism Financing and Proliferation Financing) Act 2019
Filing Cash Transaction Report (CTR) with the Suspicious Transaction Reporting Office (STRO) for designated transactions and submitting a copy of the CTR with the Anti-Money Laundering/ Countering the Financing of Terrorism Division (ACD), Ministry of Law.
Filing a Suspicious Transaction Report with STRO if any suspicion arises regarding the involvement of ML, TF, or PF activities.

AML Compliance Exemptions Granted to Transitory Foreign PSPM Dealers under Singapore Regulations

Foreign PSPM dealers are exempted from registering with the GoBusiness portal if they are conducting regulated dealing or acting as an intermediary for regulated dealing on a transitory basis.

This means that if a foreign dealer carries a business of regulated dealing or acting as an intermediary in Singapore for a period of 90 days or less in a calendar year, they are not required to register on the GoBusiness portal or comply with entity-based AML compliance requirements.

However, foreign dealers seeking this exemption must inform the Ministry of Manpower regarding their intention to perform a Work Pass Exempt (WPE) activity. Conducting WPE activities without notifying the Ministry of Manpower amounts to an offence in Singapore.

When Should Foreign Dealers Notify the Ministry of Manpower for Work Pass Exempt (WPE) Activities

Foreign dealers must notify the ministry about their Work Pass Exempt (WPE) Activity after arriving in Singapore and getting a short-term visa pass from the Immigration and Checkpoints Authority and before starting the exempt activity.

Particulars that Foreign Dealers Need to Submit Via E-Notification to the Ministry of Manpower for WPE Activities

When submitting an e-notification to the Ministry of Manpower for WPE activities, foreign dealers must furnish the following details

Name
Date of Birth
Passport Number
Disembarkation/Embarkation (DE) card number
Expiry Date of the Passport
Expiry Date of the Short-Term Visit Pass
Type of Activity that the Foreign Dealer is Undertaking
Total Period for Which the Foreign Dealer is Undertaking the Activity and the Start Date and End Date of Such Period
Foreign Dealer’s Workplace Address

As a best practice, foreign dealers should print the acknowledgement letter if, in any case, they need to produce it in the future.

Extension of Foreign Dealer's Notification Duration for WPE Activities

Foreign dealers can apply to extend the duration of their notification for a WPE activity before the end date of the activity, as mentioned in the original notification. They can do so by re-submitting a new notification if they fulfil the following criteria:

The foreign dealer’s total period of activity does not exceed 90 days in a calendar year.
The foreign dealer’s Short-Term Visit Pass is valid for the term of extension that the foreign dealer seeks.

GoBusiness Registration for Foreign Dealers

If a foreign dealer carries on a business in Singapore for more than a period of 90 days, then the foreign dealer will have to register on the GoBusiness portal.

Getting a Foreign Singpass or Corppass Account before GoBusiness Registration as a Foreign Dealer

Foreign dealers require a valid Foreign Singpass or Corpass Account for transacting with selected government digital services in Singapore, such as accessing digital services on GoBusiness portal.

Here is a list of information and documents required for registration for a Corpass Account:

Foreign Entity’s Information

- Business Registration Number
- Business Name
- Date of Incorporation
- Country of Incorporation
- Entity’s Registered Address

Foreign Entity’s Supporting Documents

- Business Registration Document
- Official Proof of Address, in Case the Business Registration Document Does Not Contain the Foreign Entity’s Registered Address
- Certified or Notarised Copy of English Translated Supporting Document, in Case the Supporting Document Is Not in English

Foreign Entity’s Admin’s Information

- Full Name
- Personal Identification Number from the Admin’s country of origin or residence
- Country or Region of Issuance
- Expiry Date of the Personal Identification Document
- Email and Mobile Number

Foreign Entity’s Admin’s Supporting Documents

- Identity Document indicating the Admin’s Personal Identification Number, for example

GoBusiness Registration Process for Foreign Dealers

Foreign Dealers can follow the following steps for GoBusiness registration:

Step 1: Selecting the License to Apply

Selecting Registration of Precious Stones and Precious Metals Dealers

Step 2: Adding General Information

Applicant’s Information
Filer’s Information, if a third party is applying on behalf of the applicant
Applicant’s Address
Organisational Information
Organisation’s Registered and Operating Address

Step 3: Adding Application Information

Information about Owners/Directors/Partners/Company Secretaries/Managers
Information about the Compliance Officer
Information about Substantial Shareholding
Information about PSMD License or its Overseas Equivalent
Place of Business where regulated dealing is conducted. For foreign dealers who do not have a physical place of business, the details of the organisation’s operating address should be included
Determining the class of registration based on the net price of the precious products sold
Category of products that the foreign dealer deals in

Step 4: Uploading Supporting Documents

Work Pass/Passport of the applicant
Work Pass/Passport of the Substantial Shareholder
Work Pass/Passport of the Director
Work Pass/Passport of the Manager
Work Pass/Passport of the Partner
Work Pass/Passport of the Company Secretary
Work Pass/Passport of the Employee managing the applicant’s business
Work Pass/Passport of the Persons holding any equivalent position
Foreign Business Registry Records

Step 5: Payment of Application Fee

The application fee is payable upfront when a new application is submitted, and it is non-refundable.

Step 6: Payment of Registration Fee

It is initiated after receiving an in-principle approval of the registration application
Payment of Registration Fee based on whether it is Class A registration tier or Class B registration tier

Entity-Based AML Compliance Obligations for Registered Foreign Dealers of PSPM in Singapore

Registered foreign dealers of PSPM in Singapore are required to perform entity-based AML compliance functions such as

Conducting Enterprise-Wide Risk Assessment to gauge the business’s risks from ML, TF, and PF activities
Developing Internal Policies, Procedures, and Controls (IPPC) to manage the ML, TF, and PF risks to which the business is exposed.

Summarising the AML Compliance Requirements for Foreign Dealers of Luxury Goods in Singapore

While individuals or businesses outside Singapore may not be fully aware of all their compliance functions, this article ensures that the foreign dealers of luxury goods in Singapore are well aware of their AML compliance obligations.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

What is a White-Collar Crime and Its Inter-Relationship with ML/TF

A non-violent and financially motivated crime is termed a white-collar crime when it is executed by an employee while carrying out their responsibilities at work. This blog aims to elaborate upon the concept of white-collar crime, its characteristics, and its types. The blog also sheds light on how white-collar crime impacts not only the country where it originates but also its impact across the globe and how white-collar crime is carried out.

In addition, the blog elaborates upon how machine learning helps counter white-collar crime, the challenges in investigating and prosecuting the same, the steps that businesses can take to combat the occurrence of white-collar crime, and how white-collar crime is closely linked to money laundering (ML) and terrorism financing (TF).

What is a White-Collar Crime

The term ‘white collar’ refers to any person employed in an organisation who does not carry out manual labour and makes use of their intellectual capacities.

White-collar crimes refer to crimes carried out by white-collar employees. White-collar employees may tend to misuse their ability to make decisions at work to conceal, deceive, violate trust or commit fraud related to large amounts of money upon any other company or person.

Characteristics of a White-Collar Crime

White-collar crimes have the following characteristics which make them different from blue-collar crimes:

1. Non-Violent

White-collar crimes, by definition, are non-violent in nature. An example of this would be no violent activity being carried out in committing white-collar crimes such as insider trading. This crime takes place by misuse of unpublished price–sensitive information by any person within the business (usually a white–collar employee in this example) to book profits or facilitate price manipulation. Here, the entire crime gets executed, generating immense profits for the criminal without the use of violence.

2. Financially Motivated

The primary motive behind white-collar crimes is generating quick financial gains illegally. In many businesses, where the management itself is ignorant about ethical conduct and does not set the tone from the top for utmost good behaviour and ethically carrying out duties in the interest of the business. This mismanagement, coupled with frustrated employees who are morally and ethically compromised, get attracted to making quick money by disclosing confidential company information or carrying out corrupt and fraudulent activities to enrich themselves financially.

3. Carried Out by Professionals

The nature of white-collar crime is such that it can be carried out by knowledgeable and educated professionals in their relevant sphere, as they are aware of how to misuse the loopholes in compliance within their workspace. This can be better understood with the help of an example: a white-collar employee, such as a screening analyst facilitating terrorism financing, can simply manually manipulate sanctions screening results flagging a sanctioned individual to a non-sanctioned individual, resulting in the onboarding of such a sanctioned person carrying out terrorism financing by using the business as a vehicle to move funds for terrorist end-use.

4. Carefully Planned

The execution of white-collar crime requires the person executing it to devise steps to work around the checks and balances and plan for carrying out the intended white-collar crime. Generally, white-collar crimes are carried out by identifying loopholes and navigating checks and balances well in advance, as a lack of planning would result in the employee getting caught and questioned for misconduct.

5. Technology-Driven

A lot of white-collar crimes these days, such as forgery, misappropriation of funds, cybercrime, personal data privacy violations, and intellectual property infringement, are carried out online or with the help of hacking into secure databases containing sensitive data or information.

6. Concealment and Deception

White–collar crimes, in general, have an element of concealment and deception as a normal–appearing employee facilitates the planning and execution of crime in the background. Such employees, in the guise of their routine work, look for opportunities which they can exploit to make financial gains.

Understanding White-Collar Crime

White-collar crimes are non-violent, sophisticated crimes. Professionals in high-paying private or government jobs and big corporations engage in such crimes. These crimes are more strategic, innovative, and meticulously planned to avoid detection.

However, the fight against these crimes is not so strong because detection is challenging and often goes unaddressed in terms of legislation. Since these crimes are non-violent and involve many complexities, misuses, and misrepresentations, uncovering these crimes and the persons committing them before they impact society is challenging. The major impact is on individuals, corporations, economies, and communities. If caught, the perpetrators will face financial penalties, jail terms, and bankrupt business.

Why is White-Collar Crime a Matter of Global Concern

The impact of white-collar crimes on – employees, customers, and society – is enormous. They lose money, assets, jobs, and mental peace. Even the countries suffer substantial economic costs, investor confidence loss, and customer trust reduction. Bankruptcies and business failures can destroy the entire country’s economy. It can also distort competition, create social unrest, weaken integrity, and aggravate inequality and poverty.

These effects on the societies and economies sometimes spread to other jurisdictions. This is because of globalisation, which has interconnected many global financial systems. Cross-border white-collar crimes have also become frequent, affecting several countries. So, it is a matter of grave concern for global watchdogs and regulatory authorities.

Types of White-Collar Crime

The different types of white-collar crimes include:

Fraud

Fraud involves misrepresentation or the use of a false pretence to obtain something from someone. There are various ways to deceive someone to get their money or other valuable assets.

Embezzlement

Embezzlement occurs when someone entrusted with funds or assets misappropriates them without the consent of the company or agency allocating the funds or assets.

Insider trading

Insider trading refers to misusing unpublished price-sensitive information that has the potential to sway market prices to make profits out of it.

The insiders can be directors, promoters, employees, executives of the company, or someone closely related to such people who have access to inside information.

Bribery

Bribery involves influencing the decision or action of an individual or entity in power to get preferential treatment in exchange for gifts, payments, or valuable items. The bribe can be cash, property, services, or favours. The reason can be anything like getting a government contract or an award.

Cybercrimes

Cybercrimes are crimes occurring using digital means, including laptops, mobile phones, computers, and the internet. Criminals use these mediums to harass someone, lure people online, or conduct fraudulent activities. These are sophisticated crimes conducted for monetary or non-monetary gains. This can be data theft, mental harassment, stealing online money, or any other crime.

Money Laundering

Money laundering is a white-collar crime in which criminals disguise the illegal origins or sources of funds by layering them with legal transactions or integrating them into the legal financial system. Criminals hide the sources of such funds through complex transactions or a series of money movements. These activities lead to cleaning the illegitimate origins of the funds to make them appear legal.

Tax Evasion

Tax evasion means avoiding taxes by falsifying data, hiding income, or other illegal ways. Some common tax evasion strategies include underreporting income, using shell companies to hide the beneficial owners of assets, not reporting illegal income, avoiding tax audits, altering financial statements, having offshore accounts in tax havens, and many more.

Ponzi Schemes

It is a type of white-collar crime involving fraudulent investment schemes. The initiator of the scheme promises investment of money to generate higher profits for distribution. However, the investments of new investors are actually used as returns to pay off earlier investors. When the new investments are less than the amount to be paid off to previous investors, the scheme fails.

Forgery

Forgery includes altering or copying legal documents or records to defraud someone. Criminals can forge currency, cheques, identity documents, artwork, wills, certificates, or contract agreements. It can be a physical forgery or electronic. Criminals use sophisticated technologies to forge or create false documents. For example, employees may create a false letter of recommendation to get a job in a company.

Counterfeiting

Counterfeiting means imitating a genuine or authentic object. Counterfeiting aims to replace the original and earn greater value from the sale of fake products. The objects generally counterfeited are currency, identity documents, luxury goods, chemicals, spare parts, medicines, and food items. It primarily affects the trader of original products who suffers losses. Counterfeiting can also harm the lives, health, safety, and well-being of individuals, companies, or economies.

Extortion

Extortion involves threatening a person or their family or friends to gain some money or other valuable things. The criminal might threaten the victim’s family, use force to intimidate them or use violence to harm them. The criminal gains money, property, valuable security, or a signature on a critical document from the victim.

Environmental Crime

Environmental crime means the exploitation of natural resources or causing harm to the environment. It affects a country’s natural resources, human health, plants and animals’ lives, food chains, life expectancy, and biodiversity. These can include crimes such as improper disposal of waste, the killing of protected wild animals, illegal trading of plant species, illegal operations of destructive substances or materials, and others. Chemical pollutants released by industries and factories are a big crime, destroying environments across the globe.

Common Methods Used in White-Collar Crime

Knowing these common methods of conducting white-collar crimes enables businesses to detect them before the crime occurs. The common ways in which white-collar crimes occur are:

Identity Theft

Identity theft occurs when someone illegally obtains or uses an individual’s identity details without consent.

This information includes personal identification documents such as an identity, credit/debit card, bank account details, and many more. Criminals use this information to conduct any of the following:

Open new accounts
Obtain products and services in the victim’s name
Use the victim’s existing bank accounts to conduct transactions
Apply for loans
Spend money on travel, tickets, property purchases, etc.
Buy medicines or medical facilities, affecting health insurance coverage
Commit a crime under the victim’s name, leading to legal consequences

Accounting Data Manipulation

Another way criminals conduct white-collar crimes is by manipulating accounting data. It involves the misstatement or misrepresentation of a company’s or individual’s financial data. Companies manipulate these statements to avoid the repercussions of showing an adverse financial scenario. Some of the ways they manipulate this information are:

Recording fictitious revenues or adding other incomes to it
Change the accounting period for a few expenses
Adjusting accounting estimates and assumptions
Understating liability or overstating assets
Creating fake invoices
Falsifying cash and bank balances.

Market Manipulation

Manipulating the markets is another way to conduct white-collar crimes. The aim is to influence people’s behaviour in one direction so that the criminal can benefit. It means artificially affecting a financial instrument’s demand, supply, or price. It can be a currency, commodity, or share. Market manipulation can involve any of the following:

Manipulating the quotes or prices of securities
Spreading misleading information about a company
Posting fake orders
Acting on insider information not made public yet.

Exploitation of New and Emerging Technology

Technological advancements are a benefit to any economy because they solve problems. However, the exploitation of such technologies by criminals has increased. Financial criminals know how to utilise technology to deceive businesses, regulators, or individuals to achieve some financial benefits.

The primary ways in which fraudsters exploit emerging and new technologies for their personal gain are:

Data breaches
Gaining wrongful access to sensitive customer information
Malicious software or hacking to steal money
Hacking financial systems to get insider information
Technologies make identity theft easier
Cyber fraud
Fake online marketplaces
Using digital currencies to launder money.

Challenges in Investigating and Prosecuting White-Collar Crime

White-collar criminals exploit technologies, manipulate data, and misuse information to conduct crimes. Their work is so sophisticated that detecting the crime is challenging.

Cross-Border Transactions

Investigating cross-border transactions is challenging, given the jurisdictional variances and the need for cross-border collaborations. Currency fluctuations and regulatory differences make it easier to commit crimes. Prosecuting becomes even tougher due to legal differences in civil and criminal laws.

Resource-Intensive Investigations

Having adequate compliance measures in place and implementing them to avoid the materialisation of white-collar crimes requires funding, as compliance tools such as the screening software or employee background and monitoring policy require substantial funding, which not all types of businesses can afford. Even if the funding is available, it is difficult to recruit the right skills. This gives scope for businesses being used for conducting white-collar crimes.

Influential Perpetrators

The wrongdoers in white-collar crimes are employees, top management, or leaders of entities. In most cases, they are business and government professionals. These people have earned respect in their community. They are influential people with known credibility and trust among their professional and personal networks. So, detecting such people and understanding their criminal minds is challenging. Further, if they are guilty of having committed a white-collar crime, they use their influential network to jeopardise the investigation against them.

Evolving Crime Typologies

Crimes worldwide are increasing day-by-day. Countries are introducing new laws, and companies are developing new technologies to restrict the execution of crimes. But criminals find loopholes and harness them for their benefit. They try new ways, identify new loopholes in laws, and harness technologies’ weak points to commit crimes.

Difficulty in Gathering Evidence

White-collar crimes involve either the entire organisation, a few top managers, or one individual. One can identify all these only after in-depth investigations. Detecting the part where the fault lies or from where it all started is challenging.

Machine Learning and its Application in Detecting White-Collar Crimes

Machine learning (ML) learns the data patterns and predicts future occurrences. Based on these predictions, potential red flags can be spotted and stopped before occurrence. Machine learning helps businesses with the following:

Anomaly Detection

Anomaly means the behaviour in contrast to the usual customer activity. ML helps spot unusual patterns, outliers, or irregularities in customer or transaction data. These irregularities point towards a potential fraud, vulnerability, or failure. Incomplete data, unexpected manual intervention, or inconsistencies in the dataset are warning signs.

These signs indicate a problem which needs further investigation. Anomaly detection helps businesses to spot suspicions in datasets in real time so that immediate action can be taken.

Predictive Analytics

Predictive analytics in machine learning predicts future outcomes based on historical data analysis. So, while studying the old data, predictive analytics identifies patterns and trends and analyses them. It uses past learnings while analysing the new data. Based on the analysis of old data on user behaviour, ML predicts potential patterns in new data. It recognises similar trends and behaviour and flags them as suspicious.

Automated Monitoring

Any system using ML techniques to sift through data runs on automated monitoring. It is in continuous action. It continuously monitors it. It studies the old data, identifies patterns, and applies the same learning to the new incoming data. It checks and tracks the data in real-time to identify trends and flag them for further investigation.

Network Analysis

Network analysis means studying the relationships between factors. Businesses can identify the linkages between data points under study in machine learning and detect the following:

Relationships between various people involved in the crime
The pattern of relationships between them
Key influencers in the group who control others
The spread of unique behaviour that led to the crime
The organisation and hierarchy of criminal groups

Natural Language Processing (NLP)

Natural language processing means processing and understanding the natural language of humans. Using this feature, ML helps study, comprehend, and analyse text. Text-based data can be from emails, videos, audio, social media posts, or other sources. It helps understand the text exchanged between white-collar criminals. It sifts through all this qualitative data and detects suspicious behaviour. Whether it is phrases, keywords, tone, or patterns, it can study them to identify suspicious behaviour.

What is Money Laundering and Terrorist Financing

Money laundering means disguising the origin or source of illegal money and introducing it into the legal financial system. It is a financial crime committed by individuals, entities, and big criminal organisations. When an individual earns or generates illicit funds from a transaction, they layer these funds with complex transactions and integrate them with legal money. This entire process of placement, layering, and integration is called money laundering.

Terrorist financing means funding the activities of terrorists and terrorism. This can include operational activities of terrorism, terrorist attacks, travel, and lives of terrorists, or buying weapons. Any activity that provides financial support to terrorist organisations to carry out their terrorist acts is terrorist financing. The process of terrorism financing is carried out by collecting funding either legally or illegally, followed by making provisions to store or park such funds until they can be moved safely for further use without raising suspicion.

The Inter-Relationship between White-Collar Crime and Money Laundering and Terrorist Financing

Generally, it’s the greed of some individuals or entities that leads to white-collar crimes. These criminals are already in a position of power and prestige and command respect for it. But they want a commercial or personal advantage, more money, or avoid losing their assets.

White-collar crimes involve manipulating data or markets, misusing identities, or exploiting technology. Using these techniques, white-collar criminals can deceive the legal and regulatory authorities and people. Now, hiding this illegal money or disguising illegal funds and reintroducing it into the financial system as legitimate gains or income is possible with money laundering.

Criminals hide the illegal money or assets gained from such white-collar crimes by taking the money far from their origins. The aim is to confuse the investigators who want to trace the money or assets. So, criminals either layer them with several transactions or integrate them with the legal financial system. This is how white-collar crimes, in a way, facilitate money laundering.

White-collar criminals might also use money from such crimes to fund terrorist activities. If they have more dangerous aims, they will transfer the money to terrorist organisations. In doing this, they use false identities to save their name from all crimes.

To distance themselves from illicit sources of income or gains, white-collar criminals resort to:

Hiding the source or destination of funds
Creating layers of transactions to conceal them
Using the illicit layered money for a legal transaction

This is how white-collar crimes are interrelated with ML/TF. Not only this, the financial gains from white-collar crimes are also used in drug trafficking, arms dealing, and other transnational criminal activities. So, they create a maze of unlawful and unethical activities to hide their face and name.

Measures to Combat White-Collar Crimes, ML, TF

Businesses need to find a weak link in interrelationships between these white-collar crimes to catch them and implement the following measures to prevent these crimes by having in place:

Strong Legal and Regulatory Framework

In cognisance of the white-collar crimes in the country, UAE has taken strong steps to fight them and reduce their impact. The UAE Penal Code, the Federal Decree Law on AML/CFT and TFS Compliance are measures taken by the government to identify and take action in the event of any white-collar crime and have in place measures to report suspicious activity to the goAML portal by filing a Suspicious Activity Report.

Also, laws governing the protection of whistleblowers contribute to quick detection of potential white-collar crime.

Enhanced Supervision and Oversight

Businesses must strive to improve the supervision and oversight of their anti-crime measures. This will enable the business to know the status of each procedure, internal control, and technique applied against these white-collar crimes and gauge the following with such supervision:

Positive points of its anti-financial crime measures
Gaps, weaknesses, and areas of concern
Ways to fill these gaps and solutions for them
Whether these measures facilitate compliance with regulations
Reporting the compliance status to authorities
Any non-compliance penalties or legal proceedings against the business

Corporate Governance

The senior management in a company must set the tone at the top. Once that is taken care of, it is possible to design and implement effective measures against these crimes. Businesses must have a strong board of directors and top management who define the plan, accountability, and responsibilities.

Other corporate governance practices that help in preventing these white-collar crimes are:

Defining clear roles and responsibilities to facilitate faster crime prevention initiatives.
Defining a code of conduct, including acceptable and unacceptable behaviours, to create an ethical environment in the entity.
Ongoing training to employees and other stakeholders on crime prevention, compliance, and ethical behaviour.
Defining data permissions and accessibility to prevent data theft or misuse by internal people.
A reporting structure to keep everyone in the entity aware of the entity’s financial health and any potential crime threats.
Auditing by internal and external parties to ensure accuracy and completeness of the anti-crime measures.

Enhanced Compliance

UAE has specific laws against money laundering, terrorism financing, proliferation financing, fraud, embezzlement, cybercrimes, and many more. These laws mention the mandatory requirements needed to be followed to prevent white-collar crimes by enabling businesses to:

Identify and analyse the risks to the business from these crimes
Implement policies, procedures, and internal controls to fight these crimes
Train employees on these procedures
Conduct processes to know your customers and their transactions better
Appoint relevant officers and team to handle the compliance requirements
Perform audits of all these systems, technologies, and procedures to improve

Performing all these activities leads to compliance with these regulations.

Technological Solutions

Technology is a sure-shot solution to white-collar crimes. Advanced technologies like artificial intelligence, machine learning, data analytics, and others can help detect suspicious activities. They can identify potential warning signs in customers’ behaviour and transactions.

These technological solutions help mitigate crimes besides prevention. Technological systems help in conducting audits, monitoring, and investigations of measures against financial crimes.

Training and Awareness

It is difficult to achieve success in anti-crime measures without knowledge. Businesses must conduct employee training on the above aspects to make them aware and diligent in their approach. Building a positive, anti-crime culture in any business is crucial so that no employee resorts to white-collar crimes. Such culture also ensures that employees report or discourage others from committing white-collar crimes. Having a legally compliant and ethical culture is an excellent anti-crime measure.

Collaborative Approach

Collaboration and coordination with regulators, peers, and industry-specific associations is an effective step against these crimes. Such collaboration helps businesses by:

Understanding the challenges and finding their solutions
Learning about the best practices peers have implemented
Detecting the new emerging risks and white-collar crime tactics
Improving record-keeping and reporting procedures by consulting with regulators.

Harmonisation of Laws

By coordinating with authorities of the free zones and federal, regional, and international jurisdictions, businesses can create consistent anti-financial crime/AML frameworks and internal guidelines. Harmonised laws make compliance easier and faster. Also, it reduces criminals’ opportunities to exploit jurisdictional differences in laws.

Whistleblower Protection

One vital activity that can help businesses uncover white-collar crimes or criminals is whistleblowers. They are people from inside the organisation who report suspicious activities or operations. However, one factor that discourages them from such reporting is personal risks. If businesses do not keep them anonymous, criminals or their associates can harm whistleblowers or their families’ lives or jobs.

Whistleblower protection programs are essential to encourage employees to report their suspicions. They must feel safe and secure to report such crimes. Businesses must create policies to protect their anonymity and keep their information confidential. With a guarantee of a safe environment, whistleblowers will be active in detecting suspicions and reporting them on time.

Media and Civil Society Participation

This is also a measure not in the hands of entities but other associations and society. Regulatory authorities must run campaigns to increase the awareness of white-collar crimes and the significance of measures against them. They must impart training on ethics, fraud prevention strategies, and corporate governance to improve the workforce’s integrity. Besides, the following can help:

Media must write articles on such crimes and measures businesses implement against them.
The supervisory authorities must keep a check on businesses in their industry to ensure the implementation of anti-crime measures.
Civil society must provide platforms for whistleblowers to voice their concerns and protect them.
The media can create anonymous reporting channels so whistleblowers feel safe and secure to report.
Media and civil society can create public pressure and lobby for stronger laws against white-collar crimes.
They can facilitate collaboration between different stakeholders and the community to devise a plan against crimes.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

Performing Background Checks on Employees for AML Compliance

Charity begins at home, and due diligence begins within the organisation. Customer Due Diligence is an integral part of Anti-Money Laundering (AML) compliance, but Employee Due Diligence is equally valuable in the eyes of law. Therefore, in this Article, AML Australia discusses the intricacies of performing background checks on employees for AML Compliance.

Anti-Money Laundering (AML) Regulations and Background Checks of Employees

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 require their reporting entities to perform due diligence for persons who are employed or engaged or to be employed or engaged by the reporting entity for performing the reporting entity’s AML functions under these regulations. Additionally, the reporting entities are required to develop an employee due diligence program with proper risk-based systems and controls for the following functions:

Determining whether the prospective employee must be screened
Determining the manner in which screening must be conducted for a prospective employee
Determining if and when re-screening must be conducted for employees
Managing employees who fail to comply with the reporting entity’s policies, systems, controls, and procedures without any reasonable excuse

Organisations should perform background checks on current employees as well as potential hires.

Current Employees:- When employees are considered for promotion to take a higher position or get transferred, they must be screened if they may be in a position to facilitate Money Laundering or Terrorism Financing (ML/TF) activities to know if there has been any significant change in their status. Some professional licenses expire with time. The validity of such licenses can be determined by background checks. This allows a reporting entity to promote the right people. It is good practice to periodically screen the existing employees.

Potential Employees:- As part of the hiring process, background checks on potential candidates should be done to see if they may be in a position to facilitate ML/TF activities if they are hired. Whether done by external agencies or internal staff, these checks should be performed vigilantly as per the role. By doing so, reporting entities stay compliant with the regulatory requirements.
To implement the mandate of the Employee Due Diligence Program, a checklist should be created, which can be customised depending on the role of a candidate.

To implement the mandate of the Employee Due Diligence Program, a checklist should be created, which can be customised depending on the role of a candidate.

Employee Background Checklist for Anti-Money Laundering (AML) Compliance

What points should form part of the background screening depends on the role of an individual. Some roles have a higher influence on internal control systems and exposure to ML/TF risks than others. For example, broader enhanced screening is required for an individual at the board/top management level as compared to an entry-level employee in a junior role. The candidate’s consent must be obtained before initiating screening.

Here is an employee background checklist for reporting entities to refer to for the purpose of AML compliance:

Identity Verification: This is a check on the identity of a person to confirm they are who they say they are. Undertake to Know Your Employee (KYE) procedures just as you undertake to Know Your Compliance (KYC) procedures. This includes verifying personal details such as name, date of birth, and place of birth and verifying them against reliable and independent documentation.

Name Screening: A name screening involves screening a person’s name against various global watchlists to identify persons having negative media attention, criminals, PEPs (local or international) and sanctioned individuals.
Reporting entities should adopt a risk-based approach when screening and re-screening customers.

National Police Check/ National Police Certificate (NPC): A police check provides information on whether an individual is or has been a criminal in Australia. In Australia, this can be taken from the Australian Federal Police.

Employment & Educational Background Check: To verify the information given by a candidate on a resume, checks on employment history and educational qualifications must be performed.
For employment checks, official documents from previous employers, such as employment and experience letters, can be obtained.
Degrees & certificates can be collected to verify the educational background of a candidate.
These official, original, and certified documents can be further verified with written references, referee reports or by contacting universities or training institutions to know about the time of education, degree received, year of completion, grade and scores obtained and by getting official degrees and passing certificates sealed and signed by the institution.

Self-Disclosure & Attestation: It may not be practically feasible for reporting entities to update their employee’s information on a real-time basis based on changing circumstances due to the lack of availability of accurate information. Hence, some employers get signed and attested disclosures from potential and existing employees to update the reporting entity on changes in the material information provided.

Background Check through Social Media Platforms: Social media platforms like LinkedIn provide a great deal of information about a person, such as their employment history, education, and professional certificates. To know about employability and work ethics, reporting entities can check recommendations given by people they have worked with in the past.

Additional Checks: For positions where the risk of M/TF activities is high, employers perform credit checks and obtain the history of the geographic location where the candidate has lived. This is to verify the employee’s creditworthiness and to confirm if the employee is from any high-risk jurisdiction. It is also important to know if the employee has an interest in another business/company to mitigate the risk of conflict of interest. Further, checks on financial standing help ascertain whether the candidate is or has been declared bankrupt or has a poor credit history.

Importance of Employee Due Diligence in Anti-Money Laundering (AML)

When doing business with a customer, a reporting entity wants to understand the customer before entering into a business relationship. Having knowledge about customers and their businesses helps in identifying high-risk customers, unusual transactions and activities.

Similarly, when a reporting entity hires an employee, it is important to understand the background of the employee to see if the person is a good fit for the role as well as the reporting entity and does not pose any ML/TF risks to the reporting entity. Hiring the wrong candidate can be costly for a reporting entity. This is because, as per the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, reporting entities are vicariously liable for the actions of their employees or agents.

This can cause significant legal and reputational damage to the said entity.

Moreover, as employees have access to confidential data about the reporting entity and customers, it is important to ensure that the data does not go into unwanted hands. It helps in preventing risks of fraud and creates a safer work environment. Background checks help identify illicit actors and prevent the risks of hiring them.

Best Practices for Employee Background Checks

All the observations and decisions made during the employee due diligence process must be recorded and maintained throughout the period of employment and for a period of 7 years after the record is no longer relevant
Adopting a Risk-Based Approach in Employee Due Diligence, i.e. subjecting persons holding high-risk positions to Enhanced Due Diligence
Setting up an internal system to deal with employees who fail to comply with the reporting entity’s AML/CTF program
Using emerging technologies for automating due diligence processes, such as KYE and name screening
When outsourcing hiring processes, reporting entities should ensure that the agency to whom they outsource hiring conducts employee due diligence.

AML Australia’s Key Takeaways on Performing Background Checks on Employees for AML Compliance

Hiring the right candidate can be advantageous for a reporting entity, and hiring the wrong candidate can be disadvantageous money-wise and reputation-wise. To know about candidates, their conduct in previous employments, and if their values align with the reporting entity, background checks are required. Screening on potential hires should be done at all levels to verify the information given by a candidate and to avoid any risks from financial crimes.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article Australia

Corporate Service Providers Act 2024: AML/CTF Updates for CSPs in Singapore

To prevent the misuse of corporate vehicles for the purpose of Money Laundering, Terrorism Financing, and Proliferation Financing (ML/TF/PF), the Accounting and Corporate Regulatory Authority (ACRA) implemented the Corporate Service Providers Act 2024, transforming the Anti-Money Laundering/ Counter-Terrorism Financing (AML/CTF) obligations for Corporate Service Providers. This blog highlights the AML/CTF updates for CSP in Singapore.

Understanding the Terms Registered Filing Agents (RFAs) and “Corporate Service Providers (CSPs)

Corporate Service Providers are persons engaged in the business of:

Formation of a corporation or any other legal entity on behalf of any other persons
Acting or making arrangements for any other person to act as:

A Director or Secretary of a corporation
A Nominee Director of an un-listed corporation
A Partner of a partnership firm
Any other contemporary position for any other type of legal entity

Provision of a registered office, business, correspondence, or administrative address or any such other related services for legal entities
Conduct of designated activity as a part of their accounting service
Carry out transactions with ACRA

As a Registered Filing Agent
For companies in the capacity of a Secretary

Filing Agents are a type of CSPs that are natural or legal persons who are in the business of carrying out transactions with ACRA on behalf of other persons. Under the Accounting and Corporate Regulatory Authority (ACRA) Act 2004, Filing Agents can carry out transactions with ACRA only if they are registered as RFA with ACRA.

AML/CTF Obligations Prior to Implementation of the Corporate Service Providers Act 2024

Although CSPs perform a range of services, only RFAs that prepare to carry out or carry out transactions on behalf of their customers for those services are subjected to AML/CTF requirements under the Accounting and Corporate Regulatory Authority (Filing Agents and Qualified Individuals) Regulations 2015.

The AML/CTF obligations include:

Establishing Internal Policies, Procedures, and Controls
Making arrangements for AML compliance management, including appointment of a Compliance Officer
Undertaking Customer Due Diligence Measures, including proper identification and verification of the customer, their beneficial owner, and the agent’s identity.
Ongoing Monitoring of the business relationship
Implementing Screening during the hiring process and Training employees on AML/CTF compliance
Implementing an Independent Audit function
Reporting suspicious activities and transactions
Record-Keeping

However, a large group of CSPs that cater to businesses are not RFAs and are not required to perform any AML/CTF compliance obligations. This creates a legislative gap that can be misused by illicit actors.

The CSP Act 2024 seeks to fill this gap.

Key Changes under the CSP Act 2024

The CSP Act has brought some major changes to the AML/CTF compliance obligations for CSPs. This includes:

Requiring all CSPs that provide corporate services in Singapore and from Singapore to register with ACRA as a registered CSP.

This means that even the CSPs which do not transact on behalf of their clients with ACRA, for instance CSPs dealing with foreign customers will also need to register themselves with ACRA.
Interestingly, even the accounting entities that carry out designated activities are also now covered under the definition of CSP.
It is important to note that such accounting entities are subjected to AML/CTF compliance requirements at present under the Accountants (Prevention of Money Laundering and Financing of Terrorism) Rules 2023.

Extending the Anti-Money Laundering, Countering Terrorism Financing and Counter Proliferation Financing (AML/CTF/CPF) obligations to all the registered CSPs.

In line with the developing international obligations, all CSPs are required to not only implement measures to counter ML and TF, but also PF risks.
All CSPs must perform Customer Due Diligence (CDD) before providing any corporate service to a customer, before lodging any transactions with ACRA, and any instance if they suspect involvement of ML/TF/PF or have doubts about the information previously submitted by the customer.
CSPs must maintain the client documents and keep them updated as a part of their ongoing monitoring efforts.
CDD documents and customer records should be retained for a minimum period of five years

Adding obligations on CSPs to check if a person is fit and proper before making any arrangement for them to act as a nominee director of a company.

At present, CSPs are under no obligation to ensure that the natural persons who are arranged to act as nominee directors are fit and proper to carry out the duties of a director.
However, this lack of scrutiny gives criminals a scope to misuse the post of nominee director in creating shell companies, especially if the nominee director is unaware of the duties and obligations of the position they hold.
Thus, the new CSP Act requires CSPs to appoint an individual as a nominee director only if the CSP is satisfied that such a person is fit and proper by taking reasonable steps like:

- Ensuring that such a person is not disqualified from acting as a director under any law
- Verifying their compliance records and previous conduct in the companies that he/she was a director of

Assessing if the potential nominee director has the competency, capacity, and capability to properly fulfil the obligations of a nominee director
Considering their past experience and present commitments, including the number of existing directorships, to determine if they can take on more directorships
Taking into consideration any other factors prescribed by regulatory authorities

By imposing this obligation on CSPs, the new CSP Act seeks to ensure that CSPs do not arrange unqualified persons as nominee directors for their clients.

Bringing in provisions for imposing penalties on registered CSPs and their senior management if there is any violation of AML/CTF/CPF obligations by them.

The new CSP Act seeks to enhance the effectiveness of the registration obligation by making non-registration a punishable offence.
This means that if CSPs fail to register themselves with ACRA, they may be subjected to either a maximum penalty of SGD 50,000 or imprisonment for a maximum period of two years, or both.
An additional penalty of SCD 2,500 per day will be charged to CSPs in case of continued offence.
According to the CSP Act 2024, if CSPs fail to ensure the fit and proper criteria when arranging for a nominee director, they will be liable for an offence with a maximum penalty of SGD 100,000.
Presently, the penalty for violation of AML/CTF requirements by RFAs or their Registered Qualified Individuals (RQIs) is a maximum of SGD 25,000 for every instance of violation. However, this limit is increased for CSPs under the new CSP Act to a maximum of SGD 100,000 proportionate to the risks of ML/TF/PF.
Additionally, the senior management of the CSP, who does not ensure that the CSP should comply with AML/CTF/CPF obligations, shall also be held personally liable and be subjected to the same fine.

Suggesting reasonable steps to ensure the CSP’s activities do not amount to an offence.

The CSP Act 2024 suggests a list of non-exhaustive steps that CSPs can reasonably take to avoid committing any offence, including:

Checking if the CSP’s compliance set-up is sufficient to avoid the conditions making up for an offence.
Putting in place periodic assessments by experts to assess the compliance set-up.
Making sure that the CSP’s employees, agents, and contractors are all equipped with the right set of instructions, information, and training so they can fulfil their compliance obligations to avoid the offence of non-compliance under the act.
Making sure that there are proper systems, processes and structures in place along with the required equipment and other resources for proper compliance to avoid any offence.
Creating an overall compliance culture with zero tolerance for acts of non-compliance that may amount to an offence.

Updates under the Companies and LLPs (Miscellaneous Amendments) Act 2024 in Consonance with the CSP Act 2024

Requirement for Disclosing nominee director and shareholder’s nominee status along with the particulars of the nominator with ACRA.

In order to ensure greater transparency within companies and foreign companies in line with the international standards on beneficial ownership, the ACRA seeks disclosure on nominee arrangements under the Companies and LLPs (Miscellaneous Amendments) (CLLP) Act 2024 so other entities that are obligated to perform AML functions can perform due diligence measures more accurately.
Thus, moving forward, companies and foreign companies will have to share all the particulars maintained in the nominee director and shareholder register with ACRA
All the updates in the particulars must also be communicated to ACRA

Companies, Foreign companies, and LLPs are now required to set up RORC on the date of incorporation.

It is a step moving on from the earlier requirement of setting up RORC within 30 days of incorporation.

Heightened penalty for offences relating to register of registrable controllers, nominee directors, and nominee shareholders

For the RORC and register of nominee directors and shareholders-related offences, the penalty has been increased to a maximum of SGD 25,000.

Implementation Timeline

The CSP ACT and the CLLP Act were both passed by the parliament in July 2024. However, it is said to come into effect in the first quarter of 2025. Following which, the new CSP entrants will be provided with a transition period of six months.

CSPs Stay Updated with AML Singapore

With the implementation of the CSP Act and CLLP Act in the first quarter of 2025, many more resources and guidance can be expected from regulatory authorities. CSPs are thus suggested to keep an eye on the regulatory communications and stay tuned with AML Singapore as we bring you the latest industry updates!

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

The significance of cash thresholds in fighting money laundering and terrorist financing

Money Laundering and Terrorist Financing are global concerns. They have an adverse effect on the economy and society. Governments across the world have enacted various laws and regulations. One of the important controls implemented by regulators across the world is establishing cash thresholds, i.e., setting up cash transaction limits to ensure that criminals don’t indulge in large-scale placement of their illicit money.

Definition of cash thresholds

Cash thresholds are the limitations on cash transactions that regulatory authorities impose to monitor them. Cash threshold is a monetary limit and if the transaction value exceeds that limit, the regulated entities are required to report it to the authorities.

This article focuses on the significance of cash thresholds in the fight against money laundering and terrorist financing. We will understand how criminals generate illicit cash by committing predicate offences and try to place it into the legitimate economy and how regulators try to control it, and the blog throws light on the following:

Importance of UBO identification in cash transactions
Challenges in implementing cash thresholds
Best practices to implement cash transaction limits effectively
Role of technology in enforcing cash thresholds

Overview of how cash thresholds function in AML/CFT framework

Financial Action Task Force (FATF)

Money laundering and terrorism financing are foremost matters of interest worldwide. These are types of financial crimes that are damaging the international financial system. These crimes can also affect people’s security, economic stability, and a country’s integrity.

Money laundering involves hiding the origin of illegal funds and placing them in the legal financial system. Terrorist financing means funding activities related to or causing terrorism. Thus, both are financial crimes plaguing the global economy.

Importance of fighting ML/TF for global stability and security

These are transnational crimes that affect many countries worldwide. So, regulators need to implement proper AML/CTF measures to prevent or mitigate these threats. Fighting against ML and TF guarantees strong financial systems and economies worldwide.

By fighting against ML and TF, you can also contribute to global stability, security, and integrity in the following ways:

The proper drafting and implementation of AML/CFT regulations help curb financial crimes, creating a stable, trustworthy, and secure financial system.
The AML/CFT measures aimed at blocking illicit funds from entering the financial system help prevent and detect financial crimes. They also ensure that legitimate businesses are not used as conduits for conducting illegal activities.
The fight against terrorist financing helps ensure the safety and security of citizens.
Various ML/TF countermeasures like cash transaction limits help track funds generated from other illegal activities like corruption, drug or human trafficking, bribery, and fraud. Thus, these measures help reduce crimes in the world, making it secure and better.
The implementation of proper AML/CTF measures contributes to international cooperation in the fight against the ML/TF.

How can cash transactions be used for money laundering and terrorist financing?

Cash payment is the most convenient way for customers to buy products and services. At the same time, it’s the most accessible medium for money launderers to commit crimes. Financial criminals use cash to launder money or finance illicit activities.

Money Laundering

Cash transactions can enable any of the three stages of money laundering – placement, layering, and integration. Whether it is placing illegal funds in the legitimate financial system, creating layers to hide its source, or bringing back the illicit money into the financial system in a clean form, cash transactions facilitate all three.

Money laundering and cash transactions:

Conducting small cash transactions from different bank branches or accounts.
Using illegal cash to buy property and then selling it at lower prices.
Overvaluing or undervaluing the property price to launder the difference.
Using illegal cash to buy luxury items and resell them to make the transaction legitimate.
Using cash-intensive businesses like restaurants to mix dirty money with legal revenues.
Placing illegal cash between legitimate cash transactions and showing higher business revenues.
Processing illicit cash transactions through shell companies or offshore bank accounts.
Using money mules to conduct multiple small cash transactions across borders.
Using dirty money in cash form to buy insurance or securities.
Converting illicit cash into different currencies through currency exchange services.
Using illegal cash in gambling and casinos and requesting a cheque for the remaining amount to make it look legal.
Moving cash across borders by over or under-invoicing or misrepresenting the quantity or quality of goods.

Terrorist financing

Cash transactions also enable the four stages of terrorism financing – collecting, storing, moving, and using funds for terrorist activities. Since one can use cash in any of these stages, terrorist financing becomes possible with cash transactions in the following ways:

Terrorist financing and cash transactions:

Direct cash transactions to buy weapons, explosives, or any other items necessary for terrorism.
Using cash to support the living needs of terrorists.
Buying luxury items with illicit cash and selling them later to raise funds for terrorist activities.
Terrorists run cash-intensive businesses like casinos, restaurants, etc., and disguise illicit money as cash generated from legitimate business activities.
Cash can be transported across borders via individuals, bags, or vehicles using multiple routes to avoid detection.
Creating charitable and religious organisations to receive cash donations and use them in terrorism activities.
Misrepresentation of quality, quantity, or value of goods in international trade to fund terrorism.
Terrorists over or under-invoice goods across borders for international trade to hide illegal cash movements.
Using cash to support terrorist movements across borders by blending them with refugees or migrants.
Using students, tourists, or other mules to transfer cash across borders to fund terrorism activities.

Why do criminals prefer cash transactions?

Criminals prefer cash transactions to conduct various activities for the following reasons:

No records

Cash transactions leave no trail, so criminals prefer them.

Involvement of third parties

It is easier to include third parties or intermediaries in cash transactions. No need to maintain records of such persons and use as many to add layers of complexity.

Convenience

Cash is a preferred way of conducting a financial transaction in several jurisdictions. In particular, cash-intensive businesses like restaurants, casinos, and retail stores. One can mix illegal money with the revenues of such businesses to show exaggerated revenues.

Easy and fast

Cash transactions are easy and fast, involving no hassles or tedious procedures.

Easy to smuggle

It is easier to smuggle cash across jurisdictions.

Convertible

Cash is the preferred payment method to buy luxury goods or deposit in bank accounts. Thus, one can convert dirty money into legitimate money.

Easy to hide

It is easier to hide illicit cash. Moreover, one can break down a large cash transaction into several smaller valued ones. Whatever way one uses, one can avoid thresholds or restrictions.

Cash thresholds and AML/CFT regulatory requirements

The UAE has laid relevant cash threshold requirements under AML/CFT regulations to curb ML/TF. Here is the list of Cash Transaction Limit in UAE:

Cash Transaction Limit for Real Estate Agents and Lawyers

Real Estate Cash Transaction Limit for Free Hold Real Estate Buy/Sale Transactions:

Real Estate Agents and Lawyers are required to report any single cash transaction or several transactions that appear to be interrelated equal to or exceeding AED 55,000/- to the UAE FIU in the form of a Real Estate Activity Report (REAR).

Cash Transaction Limit for Dealers in Precious Metals and Stones

Gold, Jewellery, Precious Stones Cash Transaction Limit:

Dealers in Precious Metals and Stones are required to submit Dealers in Precious Metals and Stones Report (DPMSR) with the UAE FIU for any single cash transaction or several transactions that appear to be interrelated equal to or exceeding AED 55,000/-.

Other AML/CFT Regulatory thresholds

Customer Due Diligence

Ocassional Transaction Limit:

Customer Due Diligence is a mandatory requirement for establishing a business relationship. In case of occasional transactions, if the transaction value equals to or exceeds AED 55,000/-, Customer Due Diligence must be performed.

If the occasional transaction involves a wire transfer equal to or exceeding AED 3,500/-, customer due diligence must be performed.

Further, Virtual Asset Service Providers (VASPs) have to carry out customer due diligence when conducting occasional transactions in favour of a client for amounts equal to or exceeding AED 3,500, whether the transaction is carried out in a single transaction or in several transactions that appear to be linked.

Threshold related to DPMS and Applicability of AML/CFT Laws

Dealers in Precious Metals and Stones when they engage in carrying out any single monetary transaction, or several transactions which appear to be interrelated, whose value is equal to or greater than AED 55,000 are required to follow AML/CFT obligations under the AML/CFT legislative and regulatory framework of the United Arab Emirates.

Record keeping

UAE requires regulated entities to maintain records of all transactions for five years. However, the record keeping duration varies from one supervisory authority to another.

The Virtual Assets Regulatory Authority (VARA) mandates Virtual Assets Service Providers (VASPs) to maintain records for a duration of 8 years
Dubai International Financial Centre (DIFC) requires DNFBPs to maintain AML/CFT compliance and CDD records for 6 years.
UAE Securities and Commodities Authority (SCA) requires regulated entities to maintain AML/CFT compliance and CDD records for 10 years.

This applies to transactions above and below the cash thresholds.

Customs Declaration Form

Besides AML/CFT regulations, Travellers entering or leaving the UAE carrying currencies, negotiable bearer financial instruments, precious metals, or precious stones of value exceeding AED 60,000 have to submit the customs declaration form.

Thus, cash thresholds are a significant part of AML/CTF regulations. With these limits, one can detect and report suspicious transactions.

Why is it important to identify UBOs in cash transactions?

By the risk factors of cash transactions, you would have understood why AML measures are necessary for them. These AML measures enable an intense fight against cash transaction threats. You can also prevent possible money laundering and terrorism financing activities.

Such appropriate AML measures include KYC and CDD. Identifying UBOs is a critical element of KYC and CDD. So, make it a practice to identify the ultimate beneficial owners of cash transactions.

A UBO means an individual controlling, owning, or benefitting from an entity. They might not be the apparent owners, but they receive all the benefits or control the operations in the background. In the case of a cash transaction, it means the individual that benefits from the cash transaction.

Identifying UBOs of cash transactions helps figure out the actual person behind a cash transaction and check if they are sanctioned individuals, PEPs, or persons with criminal history. If there are any red flags around the UBOs, you can take a risk-based approach, conduct EDD and submit SAR/STR as per the facts of the case.

Significance of cash thresholds in fighting ML/TF

Cash transaction limits play a huge role in the early detection of a possible crime. Here are the points highlighting the significance of cash thresholds in fighting money laundering and terrorist financing:

Helps identify suspicious activities

Cash transaction thresholds help identify suspicious activities where customers resort to purposefully keeping transaction amounts below the regulatory reporting thresholds.

Helps fight ML/TF effectively

Cash transaction thresholds enable the identification of suspicious activities. You can stop them or conduct further investigations to confirm the suspicion. Thus, these cash transaction limitations help you strengthen your fight against money laundering, terrorism financing, and other crimes.

Ensures regulatory compliance

Setting cash transaction thresholds helps you detect reportable transactions to the UAE FIU. Hence, it ensures regulatory compliance with UAE’s AML laws.

Ongoing monitoring

Cash transaction thresholds help in the ongoing monitoring of a business relationship. One can study various trends and patterns and identify customers who structure their transactions to avoid them being reported to the authorities.

Discourages illicit activities

Cash transaction thresholds discourage illicit activities because it makes it difficult for criminals to make large-scale cash deposits.

Helps take a risk-based approach

Setting a cash transaction limit helps you identify customers conducting such risky transactions. You know their risk levels and define enhanced due diligence measures for them. Thus, you can take a risk-based approach to AML measures against money laundering and terrorism financing.

Facilitates international cooperation

Defining cash thresholds and implementing them helps follow global best practices and FATF recommendations. It shows commitment to the global fight against financial crimes by facilitating cross-border investigations.

Challenges in establishing and enforcing cash transaction thresholds

So, you can see that the significance of cash transaction thresholds is in the prevention of financial crimes. However, it is not easy to establish these thresholds, here is the list of challenges:

Structuring

Criminals tend to structure transactions in such a way that they are able to avoid reporting thresholds. The detection of this is resource-intensive, and not all small and medium-sized businesses are equipped to detect such transactions.

Use of multiple accounts

Another way criminals avoid cash thresholds is by conducting transactions through multiple accounts. When they use different accounts in the same or different financial institutions, they can avoid detection.

Resource-intensive

Cash threshold necessitates transaction monitoring to detect and analyse various trends and patterns. This increases operational burden.

False positives

Another challenge of cash thresholds is the number of wrong suspicions they generate. Many transactions exceed the cash transaction limits when they are linked, so you mark them as suspicious and generate reports. However, on further investigation, many of them will be false. Dealing with such false positives can overwhelm you and regulatory authorities.

Data quality

Data quality is also a critical test in such cash thresholds. The customer data you check has little to no information on all factors. Or the data is inaccurate. Handling all these data quality issues is a big challenge while enforcing cash thresholds.

Varying AML/CFT regulations

The problem in cash threshold implementation occurs at the time of cross-border transactions. The varying limits around cash transaction reporting make it difficult to detect illicit transactions. It becomes challenging when a customer prefers transactions in jurisdictions with no cash thresholds or limits.

Privacy concerns

Data privacy is a challenge while enforcing cash thresholds. Per the transaction monitoring requirements under AML, one needs to collect a lot of personal information about the customers. Customers might find all these queries invasive and not cooperate or form a business relationship. Thus, compliance with data privacy laws becomes a challenge with implementing cash transaction thresholds.

Employee awareness and training

Establishing and enforcing cash thresholds becomes difficult if the employees are not trained. Awareness of these cash thresholds, red flags of suspicious transactions, and managing the procedure is essential. In the absence of such awareness and training, it becomes challenging to enforce cash transaction limits.

Insider threats

Insider threats are crucial challenges in any compliance-related topic. If employees comingle with criminals, the regulatory threshold enforcement becomes next to impossible.

Evolving methods of ML/TF

Money launderers keep innovating to have as many opportunities to conduct crimes. They engage in discovering techniques to circumvent AML measures. In such cases, the existing cash thresholds might not serve the purpose.

Multiple-party transactions

A big challenge in enforcing cash thresholds is complex customer transactions. Complexity increases when there are multiple parties or jurisdictions in a transaction. The multiplicity makes tracking and detection challenging.

Cash-based economies

Establishing cash thresholds in cash-based economies is a challenge. Since most of the transactions in cash-based economies are in cash, highlighting each suspicious transaction above the cash threshold and further investigating it will be an operational burden. Thus, cash thresholds in cash-intensive countries are a challenge.

Best practices in enforcing cash transaction thresholds to fight ML/TF

To address these challenges in establishing and enforcing cash thresholds, one must adopt the following best practices:

KYC and CDD

Regulated must adopt comprehensive KYC procedures to collect all the required details of customers and carry out identity verification checks. The documentary evidence should be cross-checked, and proper due diligence must be carried out to understand the customer’s business, the expected volume of transactions, beneficial owners, and the risks associated with them. The data points resulting from KYC and CDD help create customer risk profiles. If you have these risk details on customers, it is easier to enforce cash thresholds.

Transaction monitoring software

A robust transaction monitoring software helps track transactions. It helps you create rules based on potential red flags of money laundering in your industry. Based on these rules, the software spots patterns, trends, and anomalies for you to investigate them further.

The software generates an alert if the transaction exceeds the cash threshold amount. Such software enables real-time monitoring of transactions to detect suspicion as and when they are being conducted. Thus, the software facilitates quick identification, reporting, and recording of transactions equal to or exceeding reporting thresholds.

Advanced analytics and AI

The latest advanced technologies canhelp identify linked transactions which are carried out to circumvent reporting thresholds. Data analytics allow the detection of patterns, unusual trends, or anomalies. Machine learning algorithms make pattern detection accurate. You can reduce the number of false positives and improve genuine alerts. It also helps you adapt to the evolving ML/TF risks.

Staff training

Cash threshold enforcement is enhanced if the staff is aware of its importance. Knowledge of transaction monitoring tools and cash thresholds help comply with the regulatory requirements around cash transaction reporting.

Besides training, motivating employees to align with AML/CTF initiatives is crucial.

Data privacy

Data privacy and confidentiality are common challenges in such AML compliance measures. Since you monitor your customers and their transactions, you have tons of data on them. It’s possible that you lose data, it gets hacked, or some employee leaks the data.

To solve this concern, you must implement effective data protection policies. With such data confidentiality and privacy guarantees, your customers trust you more with their details. They will give due importance to AML measures and cooperate with you.

Keeping up with regulatory updates

Despite the implementation of cash transaction threshold rules, one might commit errors in AML compliance. One must stay up-to-date with UAE’s AML requirements to avoid such mistakes. Keep checking the latest guidelines and updates on AML rules. One must also keep an eye on international AML standards.

The internal AML policies, procedures, and controls must align with national regulations and international AML best practices.

Insider threat mitigation

Insider threat is a critical challenge for regulated entities under AML laws. Insiders in the business might misuse customer data. They might also collude with customers to avoid detection of their transactions as suspicious.

One must be wary of such insider threats. Segregate the duties based on employee skills, past performance, and behaviour. Hold them accountable and responsible for the AML procedures they perform. Insider threat mitigation helps one implement cash transaction limits more effectively.

Continuous learning and adaptation

One best practice while enforcing cash thresholds is learning from past experience and innovations. One can make this possible by conducting regular reviews and health checks. One can improve upon the areas where there are gaps.

Concentrate on high-risk areas

One needs to take a risk-based approach and prioritise risks to target. Customers coming from high-risk jurisdictions, known ML/TF typologies and red flags, cash-intensive business, etc., must be taken into consideration while designing controls and cash transaction thresholds.

Global information sharing

The regulatory authorities conduct a National Risk Assessment and provide information about inherent risks related to ML/TF. Regulated entities should participate in this exercise and provide all the required information and assistance to the authorities to counter the global menace of money laundering and terrorist financing.

Record-keeping

Record-keeping is a best practice for all entities. The regulated entities must maintain all the records related to KYC, screening, risk assessment, business transactions, and regulatory reporting.

Public awareness campaigns

The regulators must run public awareness campaigns around the cash transaction threshold limits so that genuine customers cooperate with regulated entities in providing the required information.

Role of technology in enforcing cash transaction thresholds

Technology is one of the key best practices for establishing and enforcing cash thresholds. It helps you fight most of the challenges of implementing cash thresholds while monitoring transactions. Technology solutions provide the following benefits:

Automated reporting with transaction monitoring systems

Transaction monitoring systems have a reporting feature. This feature allows the generation of reports on transactions equal to or exceeding the reporting thresholds.

Thus, this automated reporting feature enables accurate and timely reports that you can submit to authorities, making you AML-compliant. Technology solutions also streamline data storage and record keeping.

Data analytics and patterns identification

Technology solutions make transaction monitoring faster, more accurate, and easier. Data analytics, predictive analytics, and machine learning help you study the data and identify patterns. You can detect the possible anomalies in transactions and better understand them.

Customer risk assessment

AML software enables ongoing monitoring of a business relationship. This helps detect trends and patterns and assign appropriate risk ratings to customers. This goes a long way in prioritising resources and countering money laundering and terrorist financing.

Real-time alerts and notifications

The best feature of transaction monitoring solutions is alerts. The solution generates alerts when it spots a reportable transaction. It also notifies you of the suspicion or a pattern or trend identified in a transaction so that you can take the required action.

Predictive analytics

Transaction monitoring technology systems use predictive analytics techniques. This technique allows you to predict future outcomes. The system generates alerts when it detects a linked

transaction crossing the statutory threshold. Such predictive analytics lets you take proactive measures so that issues do not escalate.

Adaptive learning and scalability

Transaction monitoring software with cash thresholds is adaptive to changes. Over a period of time, your business grows, risks change, new customers come, transactions increase, and various other adjustments happen. Amid all these amendments, your system also updates. It adapts to the new transaction monitoring rules based on customer and transaction characteristics. Thus, your existing system learns the new patterns, assesses large cash transactions, and adapts to changes.

AML compliance automation

AML compliance is the biggest concern for reporting entities under AML laws. With such technology systems, you can perform the AML procedures efficiently. They automate KYC, CDD, customer screening, and transaction monitoring processes. Such automation helps you achieve compliance in a faster, comprehensive, and more accurate way. Moreover, there are fewer possibilities of violating cash transaction threshold compliance requirements with audit facilities.

Location-based monitoring

Such technology systems for monitoring transactions allow location-based monitoring. This means that if the transaction is from a high-risk jurisdiction, the system highlights it. Since transactions from high-risk jurisdictions are highly risky, you can put such transactions on hold and submit the necessary SAR/STR.

Summarized output

Technology solutions enable summarized results through dashboards. User-friendly interfaces provide detailed and summarized insights to help management make quick decisions. This also facilitates collaboration with other industry players and authorities.

Security

Technology solutions for enforcing cash transaction thresholds are secure and safe systems. These solutions come with biometric and multi-factor authentication features, ensuring no unauthorised access. Data encryption and secured storage facilities keep your data private and protected from cyber threats.

Conclusion

Thus, cash thresholds play a critical role in AML/CFT compliance framework. You must understand the significance of identifying reportable transactions by setting appropriate limits on cash transactions.

Since cash will always remain a critical part of most economies, implementing cash thresholds is an excellent prevention technique. Moreover, using technological solutions with AI, machine learning, and data analytics features makes them more capable.

So, use cash thresholds to detect suspicious transactions and reduce the likelihood of money laundering in cash transactions. If you need help with these AML measures, AMLUAE is your one-stop destination. We provide a wide range of AML compliance services to help your business from the impact of money laundering, terrorism financing, and other crimes.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

Why AML/CTF Risk Awareness Training Program is Non-Negotiable for Businesses Today

Reporting entities like Financial Institutions (FIs) and Designated Non-Financial Businesses and Professions (DNFBPs) are at risk from money laundering and terrorism financing activities. Criminals use a variety of methods to carry out their illicit transactions. It is indispensable for reporting entities in Australia to impart Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Training to counter Money Laundering or Terrorism Financing (ML/TF) risks effectively. The staff must be trained around red flags, control mechanisms deployed, and regulatory reporting requirements, considering their role in the business.

In this blog, we explore why a comprehensive AML/CTF Risk Awareness Training program is non-negotiable for businesses today.

Importance of AML/CTF Risk Awareness Training

In Australia, reporting entities must have an AML/CTF risk awareness training program to train employees on the risks of ML/TF as part of their AML/CTF program. Ongoing training equips the employees to identify suspicious transactions to prevent financial crimes. When the staff does not have adequate AML knowledge, the business is more prone to ML/TF risks. To prevent this, an effective AML/CTF Risk Awareness Training program is required. A well-informed employee on AML regulations, internal AML/CTF policies & procedures, ML trends and cases is better equipped to detect and prevent suspicious activities and transactions. Employees should not only be trained at the time of joining a company but also periodically to refresh their knowledge. When businesses follow the applicable laws, it builds a good reputation for them. It creates a sense of trust amongst the customers.

Customer will be at ease knowing the business has experienced and skilled staff and their personal information are in good hands. The intention behind AML/CTF Risk Awareness Training should not only be to comply with laws but also to prepare the staff to identify and mitigate the threats of financial crimes.

Best Practices Concerning AML/CTF Risk Awareness Training Program

Before starting an AML/CTF Risk Awareness Training program, it is important to ensure that the training program is in line with Australian regulations on AML compliance. Here are some important goals to keep in mind when formulating a training program:

Understand the Regulations: Familiarising the team with the Anti-Money Laundering and Counter-Terrorism Financing Act, 2006, the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act, 2024, and related rules to build a strong foundation on the laws applicable to the reporting entities.

Identify Your Obligations: The training program should explain the reporting entity’s obligations under the AML/CTF regulations.

Align with AML/CTF Program: The AML/CTF Risk Awareness Training program should be tailored to the reporting entity’s business’s AML/CTF program, including the policies, procedures, and controls.

Risk Awareness: Ensuring that the staff understands the ML/TF risks that the reporting entity may face as well as the consequences of those risks as a part of the training.

Quintessential Questions in AML/CTF Training: Who to Train and When

Training the right people at the right time is a way to ensure that employees have sufficient knowledge to meet the AML/CTF obligations. All the relevant employees, including

Board Members
Directors
Contractors
AML/CTF Compliance Team
Consultants
Operational Staff
Front-line Workers

should be trained based on their roles and the ML/TF risks they may face.

While the frequency of training must be determined in the reporting entity’s AML/CTF program, there are a certain set of events that would require reporting entities to provide AML/CTF Risk Awareness Training, such as:

When employees fail to comply with the AML/CTF program
When there is a change in the roles or responsibilities of employees
When new risks to the reporting entity’s business emerge, or new typologies are developed
If there is any feedback from the regulatory authorities regarding the reporting entity’s compliance program or the ML/TF risks that they may face.

In addition to the periodic training sessions, regular correspondence by way of emails and bulletins on the latest updates for employees can be helpful in creating a compliance culture that is not subject to the occurrence of specific events.

Topics to Cover in an AML/CTF Risk Awareness Training Program

A comprehensive AML/CTF Training program should be inclusive of the following topics –

The AML/CTF legislative framework and the obligations of the reporting entity under the legislative framework
The implications of non-compliance with AML/CTF legislative framework
Insights on the ML/TF Risk Assessment exercise conducted by the reporting entity and the ML/TF risks associated with the service, product or technology that the reporting entity offers and their consequences
Behaviours, techniques, and practices of money launderers or terrorists, so reporting entities can protect themselves against the ML/TF patterns
Role-specific training for senior management, AML compliance team, front-line workers, and operational staff on the AML/CTF Program, including the policies, procedures, and controls established by the reporting entity
Familiarity and coordination between non-compliance team members and compliance staff, such as the compliance officer and other members responsible for implementing the ML/TF Risk Assessment and AML/CTF Program
Guidance on how to identify suspicious transactions or activities and prepare and submit a Suspicious Matter Report (SMR)
Industry guidance, trends, and standards that the reporting entity should stay updated with

Reporting entities are at liberty to include more diverse subjects for AML/CTF Risk Awareness Training, subject to their AML Program.

Ways to Deliver an AML/CTF Risk Awareness Training

Training can be provided in various ways. An organisation can either go for in-house staff training or opt for outsourcing to external experts.

Best Practices to Counter Placement in Money Laundering

In-house training: When the organisation has time, required experience & expertise available, it can prepare the AML/CTF Risk Awareness Training program by itself that is best suited for its employees. Reporting entities can opt for in-house training as it is easy to organise and cost-savvy.
External training: A company can opt for outsourcing the AML/CTF Risk Awareness Training program to external service providers who specialise in AML/CTF Risk Awareness Training.
It is a good practice to perform due diligence before appointing external trainers to determine if they possess the required skills, experience, knowledge, and expertise. Reporting entities should have appropriate control systems to monitor and review the performance of the external trainers.
As a best practice, reporting entities must document all the steps, like the due diligence processes, performance management, and senior management approval on the outsourcing arrangement.

Reporting entities can choose to conduct training either way depending on their budget, size of business and availability of resources. Likewise, training can be imparted either online or offline. Both have their advantages and disadvantages:

Offline Training: It is a traditional training method where knowledge is provided at a training centre either on the business premises or at the premises of a consultancy agency. It is a great way of fostering cross-department collaborations.
Online Training: The biggest advantage of online training is it provides flexibility. Employees can take such training at their own pace for better understanding.

In addition to the regular AML/CTF training sessions, reporting entities also encourage their senior management to attend specific webinars and conferences to gain knowledge on current AML trends.

A Trained Team is the Backbone of an Effective AML Compliance Program

AML/CTF risk awareness training program is not only a legal requirement in Australia but also a way to safeguard a business from financial crimes like money laundering and terrorist financing.

Training, whether delivered in-house or externally, is the effectiveness of the AML/CTF Risk Awareness Training program that empowers the staff with appropriate knowledge and resources to identify and mitigate ML/TF risks. This way, reporting entities can save themselves from ML/TF risks and build a good reputation and a sustainable business.

Frequently Asked Questions on AML/CTF Risk Awareness Training

Why is training important in AML?

To fight against the risks of money laundering, the staff must know applicable rules and regulations. A trained staff is always better equipped to identify risks of ML and TF and prevent and detect such risks compared to a non-trained staff.

Is AML training mandatory?

Yes, the AML/CTF Act in Australia mandates reporting entities to perform AML/CTF risk awareness training.

Who needs AML training?

According to Australia’s regulatory regime, all employees or persons engaged by reporting entities like financial institutions and other businesses should be trained if they are performing any functions that are relevant to the reporting entity’s AML/CTF obligations.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article Australia