This article aims to support Treasury functions in understanding and combating money laundering risks to which they are exposed through their customers, products and services, geographical footprint and delivery channels. The most important point to note is that much of the anti-money laundering (AML) regime applies to unregulated as well as regulated companies. This article discusses key recent legislative changes in the money laundering arena as well as articulating the money laundering risks associated with Treasury activities, with a focus on practical considerations targeted towards Treasury functions. It also highlights further developments which are anticipated in the pipeline to support horizon scanning activity.
Background and context
The process of money laundering involves taking funds derived from illegitimate sources, i.e. criminal activity, and processing them in a manner which makes them look legitimate and places distance and complexity between the funds and their origin.
As a result, the prevention of money laundering is increasingly considered to be an expectation for all firms operating within domestic and international economies, regardless of their status with respect to the remit of national money laundering regulations. For example, in the UK, the Money Laundering Regulations apply largely to the financial services sector, however all UK firms have baseline AML obligations under the Proceeds of Crime Act 2002 (PoCA).
Treasury functions therefore play an integral part in the fight against money laundering, regardless of the regulated status of the institution in which they sit. Therefore, it’s important for Treasury functions to understand how their geographical footprint and products and services, as well as the attributes of the customer bases they serve, could expose them to money laundering risks. This knowledge is key to enable controls to be implemented to detect, prevent and deter criminal activity, remain complaint and support the global AML agenda.
Key legislative changes
Over the last 12 to 18 months there has been considerable evolution in the global AML legislative landscape. From an EU perspective, the 5th and 6th AML Directives (MLD5 and MLD6) came into force in January and December 2020 respectively. Amongst other things, these Directives:
- provided greater clarity over more stringent measures to be applied with respect to higher risk customer relationships (known as Enhanced Due Diligence (EDD));
- evolved provisions regarding the understanding beneficial ownership structures; and
- introduced a harmonized set of 22 predicate offences to money laundering which firms should be aware of.
The European Commission has also updated its list of high risk third countries, further impacting the application of EDD measures, and committed itself to a 6-point AML action plan to be delivered over the next 24 months.
Significant changes at national level have also been observed in many jurisdictions worldwide. For example, following the end of the Brexit transition period, the UK was empowered to implement and enforce its own national AML and sanctions framework. Across the pond, the US National Defense Authorization Act for Fiscal Year 2021 was approved to seek to deter and curb the use of US-owned shell companies for the purposes of money laundering and terrorist financing by obliging such entities to disclose beneficial ownership information to local authoritative bodies. In addition, new provisions within the Act encourage individuals privy to criminal practices to come forward as whistle-blowers by offering greater protection and incentive for doing so.
Key money laundering risks associated with Treasury activities
In 2018, the Financial Action Task Force (FATF) published guidance for the application of a risk-based approach targeted at the securities sector in general, and since then it has been more widely acknowledged by regulators globally that markets-related activity has the potential to be vulnerable to money laundering. However, detecting potentially suspicious activity indicative of money laundering for Treasury-related activity can be challenging given the complexity of products and services augmented with the sophistication of criminals’ methods.
For example, Treasury management products and services often enable companies to transfer monetary ownership/value globally in a fast-paced and sometimes complicated manner. In recent years, a number of financial institutions have faced regulatory action following offences, such as the facilitation of mirror trading, which capitalise on these attributes.
Treasury functions may therefore wish to consider the questions set out below in order to understand how their activities may elevate the risk that their products and services could be exploited for money laundering purposes:
- Who is the counterparty, and any other parties involved in the transaction? How much do you know about the identity and legitimacy of the parties, especially third parties?
- Does the transaction involve multiple jurisdictions? How robust are the AML frameworks in these jurisdictions, and are there any other concerns with respect to these jurisdictions which could predicate money laundering (such as corruption or drug trafficking)?
- Will the transaction be executed using means which could foster anonymity or reduce transparency, such as electronic rather than face-to-face or telephone instructed transfers
- Does the transaction involve rapid movement and/or conversion of funds which could be exploited to obfuscate the origin of the funds?
- To what extent do you have visibility over the overall end-to-end transaction? How does this impact the extent to which you can apply monitoring and surveillance?
It is also important to acknowledge that risk exposures manifest in different ways and to different extents depending on the nature of Treasury product or service. Two examples are set out below:
| Financial derivatives
Considerations from an AML perspective:
- Financial derivatives trading often involves international transactions – the jurisdictional considerations noted above are therefore critical, augmented with a clear understanding of the nature of the counterparty, their source of funds and their expected level of activity.
- Derivatives transactions have the potential to be highly complex and involve a chain of underlying assets. Firms should therefore consider (with respect to their risk-based approach) to what extent they require oversight over any underlying assets.
- In general, greater resource allocation may be required to assess and monitor over the counter (OTC) business, which may be comparatively riskier than exchange-based trading given attributes such as a lack of central counterparty (CCP).
Considerations from an AML perspective:
- The nature of parties involved in commodity-related transactions are unique to this sub-sector and different to those involved in other Treasury-related transactions. In commodities transactions, firms will likely need to consider the level of due diligence applied to the producers of the commodity (e.g. miners or fracking firms) and the financial institutions involved.
- Commodity price fluctuation is normal and often driven by external factors (such as geopolitics). Criminals may seek to capitalise on market volatility to mask illicit activity.
- Commodities transactions can include high risk jurisdictions, as these are the locations in which the commodity emanates. This exemplifies the need for application of a risk-based approach as the presence of a high risk jurisdiction may not be an automatic indicator of higher risk for commodities trading. It is often difficult to replicate the equivalent of first and second line defence in the context of a corporate Treasury function but this needs to be considered. Ideally, there would be two-way dialogue between second line of defence compliance functions and first line of defence business functions to appropriately assess the level of risk in this context.
Considerations for firms and Treasury functions
Firstly, the national and supranational AML legislative changes referenced above will bring a number of process changes both for firms and authoritative bodies. Market participants are therefore encouraged to undertake a gap analysis to stay abreast of the changes and evaluate the impact these will have on their AML controls. Any identified enhancements required to uplift the control environment to current standards could then be assessed on an impact vs likelihood basis, helping firms to prioritise them. Firms should also proactively engage in horizon scanning in order to understand incoming legislative changes. As noted above, the question of how to replicate the concepts of first and second lines of defence needs to be considered. This is particularly relevant to evaluating how changes in legislation and regulation will impact a firm based on its unique operating environment.
Firms which are regulated from an AML perspective are advised, or in some jurisdictions obliged, to undertake an AML risk assessment to understand the specific risks to which their business (including their Treasury function) are exposed to and the effectiveness of their control environment to mitigate these risks. However, there is an increasing expectation even for Treasury functions within unregulated firms to develop a strong understanding with regards to their unique risk exposure to enable them to operate mitigating controls proportionate to the risks identified. As a starting point, firms could consider whether existing risk assessment frameworks can be leveraged for AML purposes, such as those used to comply with national market abuse regulation and anti-corruption frameworks. A risk assessment can then be used to understand the risk exposure from a money laundering perspective with respect to the firm’s counterparties and intermediaries, geographical footprint, products and services offered and the distribution channels used to acquire and service customers.
Firms are also encouraged to apply a risk-based approach with respect to AML compliance, and in particular in the application of customer due diligence (CDD) measures and monitoring of a business relationship. With respect to Treasury-related transactions and business relationships, this may include, for example:
- varying to what extent identity information and evidence is collected from different parties involved in the transaction prior to the transaction being executed;
- applying EDD or simplified due diligence measures (SDD) in instances which have been assessed to pose a greater or lesser level of risk respectively based on the assessment of risk on a case-by-case basis; and
- applying different due diligence measures depending on the nature of the products/services offered, for example exchange vs OTC business.
In order to support the development of a robust AML framework relevant to Treasury activities, firms should leverage the wealth of publicly available industry guidance. For example, the FATF risk-based approach guidance for the securities sector explores the risks associated with Treasury products and services and details aspects of the controls environment which can be used to mitigate these risks. This can be augmented with local/national practical guidance, such as that produced by the Joint Money Laundering Steering Group in the UK.
Finally, firms should also consider the extent to which the measures and controls referenced above (as well as others) may have been affected by the ongoing COVID-19 pandemic and, as a result determine what alternative/interim methods are required to mitigate risk to adapt to external environment developments. This will likely also require the implementation of effective governance mechanisms to enable staff to disseminate information and expectations as well as escalate and report potentially suspicious activity.
Whilst it is important to focus on today, firms must remain cognisant of the evolutionary nature of their operational environment. There are a number of anticipated changes incoming in the next 12 to 18 months with respect to AML which Treasury functions, as well as the wider financial services sector, should be aware of. Some examples of these are:
- Prudential supervision with respect to AML – crucially, this includes supervision in some cases of the unregulated sector at least for criminal enforcement purposes.
- Additional new regulation concerning cryptocurrency and AML – a number of jurisdictions worldwide have recently published updated guidance with respect to the treatment of customers engaged in cryptoasset activity. In 2019 the FATF published guidance to, amongst other things, support entities which “engage in or provide virtual asset covered activities” in applying a risk-based approach from an AML perspective. Further, supranational bodies such as the European Commission are anticipated to announce further legislation with respect to crypto in the coming year.
- Development of industry standard practice – the evolution of firms’ capabilities and controls with respect to AML drives the industry standard that firms are expected to meet. For example, common views and standards have emerged with respect to whether it reasonable or sufficient to justify the application of SDD measures where counterparties are large regulated or listed institutions albeit that this is not an automatic determination.
In summary, the trend of increasing regulatory expectations and authoritative body scrutiny on AML compliance is continuing.
To respond to external factors, such as the ongoing effects of the Covid-19 pandemic and evolving regulatory change, firms need to be agile and often innovative to identify and implement new ways to maintain standards and keep pace with developments. In particular, firms and their revenue-generating functions must remain vigilant when applying and adapting their risk-based approach to protect the financial system and support domestic and international anti-financial crime investigation. For example, it is vital for firms to continue to notify relevant national bodies of any discrepancies identified in beneficial ownership information.
Treasury functions in particular should also maintain a focus on the intrinsic linkage between market abuse and money laundering. If a suspicion of market abuse is identified, Treasury functions need to work alongside compliance teams to consider whether this has also potentially given rise to a money laundering offence. They should then make use of dual external reporting mechanisms accordingly to raise both types of illicit activity to local authoritative bodies.
It is evident that there is much for firms to do just to remain compliant or aligned to industry standard practice. It is therefore important for firms to continually assess money laundering risk and implement effective mitigating controls commensurate to risk identified to enable them to survive and thrive these turbulent times and gain assurance with respect to their efforts in the global fight against financial crime.