COMBATING MONEY LAUNDERING AND TERRORISM FINANCE IN FINANCIAL INSTITUTION

By AML Unit of National Insurance Commission (NAICOM)

MONEY LAUNDERING (ML)

A broad label for the different means used to hide proceeds of criminal activities.  The investment of profits or transfer of funds derived from criminal activities into legitimate businesses, such that the original source becomes difficult to trace. Most jurisdictions have criminalized the act of ML

Money laundering is an example of economic and financial crime.

It is a condition for ML offence that there must have been a predicate offence.  We have many predicate offences under our laws.

These criminal enterprise seek to obtain money and power through criminal conduct and then attempt to infiltrate the legitimate society, thereby distorting the terms of the compact.

MONEY LAUNDERING/TERRORISM FINANCE PROCESS

Money Laundering: Funds from criminal acts

Financing of Terrorism: Legitimate assets, funds, or assets or funds from criminal acts

Placement: Assets deposited into financial system, e.g.  State bank, commercial bank, postal, bank, securities firm

Layering: Funds moved to other institutions to obscure origin, e.g. Insurance Company, non-Bank Financial Institutions

Integration: Funds used to finance criminal acts, and to acquire legitimate assets, e.g. real estate, property, stock, equipment, etc

Funds distributed to finance terrorist activities, and to acquire legitimate assets e.g. real estate, property, stock, equipment, etc

TYPOLOGY OF MONEY LAUNDERING

Banks, Capital market, Insurance, Building societies, Mortgage institutions, Hotels, Car dealership, Travel Agencies,Trust and company service providers, Lawyers, accountants and auditors and Dealers in high value items (artifice, metals, jewelries), Hawala (ancient method of money transfers).

TERRORISM DEFINED

From Latin word Terrere meaning to frighten.

An act of terror, designed to over awe civil authorities.

Evolved over a long period beginning with

The Zealots (Romans, as sicarii or dagger men).

The Assassins (break away faction of Shia Islam)

The term terrorism was first used in  France 1795 in relation to the popular regime of terror (French, la Terreur):

Al Qaida

ISIS, IS

Boko Haram

Al shabab

TERRORIST FINANCING:

Both under principles of international law and Nigerian domestic law, a person engages in terrorist financing if he, “directly or indirectly, provides or collects funds with the intention or knowledge that they will be used to carry out an act of terrorism.”

“Providing” is defined to include giving, donating and transmitting terrorist funds. Collecting is construed to cover both raising and receiving such funds.

AML/CFT REGIME

AML/CFT constitute all efforts directed at combating money laundering, terrorist financing and proliferation of weapons of mass destruction (WMD);

AML regime is the legal framework for combating ML,TF and Proliferation.

The regime is known as soft law because of how the laws are made. The regime’s frameworks are products of international instruments.

The primary source is the FATF 40 Recommendations;

Other  sources include conventions, protocols and some UN resolutions; For example, the Vienna Conventions

AML/CFT REGIME IN NIGERIA

FATF 40 Recommendations

Money Laundering (Prohibition) Act 2011 (As amended),

Terrorism (Prevention) Act 2011 (As Amended)

Terrorism Prevention (Freezing of International Terrorist Funds and Other Related Measures) Regulations, 2013.

AML/CFT Regulation for the Insurance Industry, 2013

SECTOR VULNERABILITY

The insurance sector’s vulnerability lies on the following considerations:

Weak implementation of AML/CFT program;

Acceptance of cash as premium;

Life insurance products with cash surrender value and investment features;

Possibility of bogus claims by Launderers who purchase policies; and

Brokers’ excessive drive for business

In the context of reinsurance, ensuring compliance on broad-based, multi-activity coverage has become an important challenge for reinsurers.

The shipping industry has been dramatically affected due to the implications of the sanctions both property underwriters (hull, machinery and cargo) and protection and indemnity (Marine Liability) Insurance coverage.

INSURANCE PRODUCTS VULNERABLE TO SANCTION.

Insurers and Brokers are perhaps uniquely vulnerable to sanctions since so many transactions subject to sanctions can affect  their business;

Several types of sanctions can directly affect the insurance industry including:

Marine Insurance;

Assets freezes against individuals and entities, which may prohibit the payment of claims or return premiums of even writing policies.

Bans on Insurance – may prohibit the provision of some or all insurance to broad categories of persons (Iranian Companies) or sectors (major Russian Banks), types of exports (Arms to Russia) or even entire country (Cuba).

Funds Transfers Restrictions – These prevent or restrict insurers from receiving payments from or paying out to persons in certain countries such as Iran.

The prohibition and restrictions also affects Cargo, Aviation, Oil & Gas, Construction, Military Defense, etc.

AML/CFT SYSTEMS AND SENIOR MANAGEMENT OVERSIGHT

How well do insurance institutions understand their ML/TF risks and apply mitigating measures commensurate with their risks?

Country risk – whether countries / geographical locations connected with its customers and intermediaries are subject to high levels of organized crimes, corruption and inadequate AML/CFT systems.

Customer risk – who the customers are, what they do and other information that may suggest the customer is of higher risk

Product/service risk – what are the characteristics of the products and services offered and the associated ML/TF risks.

Delivery/distribution channel risk – whether they are direct sales, through intermediaries, or non face-to-face channels.

Are the AML/CFT policies and procedures reviewed and updated on a regular basis by the management of insurance institutions to take account of changing environment and legislation?

Do insurance institutions have adequate resources to implement AML/CFT policies and controls relative to their size, complexity, business and risk profile?

ML/TF Risk Assessment at Insurance Institution Level

Detailed analysis of data identified within each of the categories of ML/TF risks;

Are the AML/CFT policies and procedures reviewed and updated on a regular basis to take account of changing environment and legislation?

Document and Communicate the risk assessment to the Board, senior management and relevant staff.

Focus on certain lines of business and services that pose higher risk of activities potentially prohibited by Sanctions.

Conduct periodic risk assessments when designing or updating the AML/CFT Policies & Procedures and sanction compliance program;

AML/CFT risk assessment is a holistic review of entity assessing its touch points to the outside world;

This will help in identifying customers, products or geographic locations that could pose a risk and the potential areas in which an Insurer may engage with ML/FT parties and jurisdictions.

Do insurance institutions have adequate resources to implement AML/CFT policies and controls relative to their size, complexity, business and risk profile?

The results of a risk assessment can improve compliance, policies, procedures, internal controls and quality of training.

CUSTOMER RISK ASSESSMENT

Insurer should: mitigate customer risks through effective customer due diligence (CDD) at on boarding and through regular monitoring.

Insist on warranties and representations from customers after detecting unusual/suspicious patterns of customer behavior.

Conduct broad screening to include corporate principals and addresses.

Understand and screen beneficial owners.

Check adverse media report on customers /clients.

Build an in-depth understanding of the customers’ business i.e. location of its business, major customers/ counterparties, and check online.

Obtain warranties and representations with respect to potential prohibited business.

Explain its AML/CFT regime to customers/ clients during the customer acceptance process.

WHAT IS DUE DILIGENCE {DD}

involves collecting and analyzing data, information and facts about a customer that should enable the entity assess the extent to which the customer is exposed to a range of risk i.e. ML, TF, Fraud, etc.

It involves profiling and monitoring the customer appropriately in order to mitigate risks, threats and vulnerabilities throughout the relationship with the insurer.

It is the duty of care undertaken from the beginning of business relationship and continuing throughout the lifespan of the relationship in order to serve the customer efficiently and effectively.

WHY DUE DILIGENCE

To protect the insurer against any misuse of its products, services & channels by the customer;

To serve the customer better by understanding his needs, aspirations, and opportunities for success.

To comply with required regulations and legislations;

To help the insurer at the time of the due diligence is carried out, to be  reasonably certain that the customer are who they say they are;

To recommend appropriate products or services for the customer;

To guard against ML/TF, Fraud, including impersonation and identity fraud;

To assist the insurer identify what is unusual about the customer’s transactions, and activities and decide if a suspicious transaction/activity report should be sent to the NFIU.

WHO IS A CUSTOMER

An individual or entity that maintains a policy and /or has a business relationship with the Insurer;

One on whose behalf the policy is maintained (ultimate/beneficial owner);

The beneficiary of transactions conducted by professional intermediaries (Gatekeepers) such as Lawyers, Brokers, Accountants, Agents as permitted under the law;

Any individual or entity connected with a financial transaction which can pose significant reputational or other risks to the insurer.

WHEN IS CDD REQUIRED

Undertake CDD measures when establishing business relations;

Carrying out occasional transactions above the applicable designated threshold;

Suspicious of ML/TF exist regardless of any exemption or thresholds.

Doubts about the veracity or adequacy of previously obtained customer identification data.

CDD MEASURE FOR ALL CUSTOMERS

Identify and verify the customer’s identity using reliable, independent source data and information.

Verify that any person purporting to act on behalf of the customer is so authorized.

Identify the beneficial owners;

Understand and obtain appropriate information on the purpose and intended nature of the business relationship.

EXISTING CUSTOMERS

Apply Due Diligence (DD) measures to existing customers on the basis of materiality risk;

Conduct due diligence on such existing relationships at appropriate times;

Take into account when previous DD was undertaken and the adequacy of data

Conduct on-going due diligence on the business relationship;

Conduct DD measure on the beneficiary of life insurance and other investment related insurance policies

Include the beneficiary of life insurance policy as a relevant risk factor in determining whether the DD measures are applicable.

CDD REQUIRED FOR LEGAL PERSONS/ARRANGEMENTS

Understand the nature of customer’s business, its ownership and control structure.

Verify the customer and the identity through official registration records;

Identify and take the reasonable measures to verify the identity of beneficial owners for legal persons through official registration records;

Verify the identity of beneficial owners of trusts and other legal arrangements through the official registration records.

CUSTOMER DUE DILIGENCE (CDD) AND RECORD-KEEPING

How well are insurance institutions documenting their customers’ ML/TF risk assessments, and keeping them up to date?

How well do insurance institutions apply the CDD and record-keeping measures? To what extent is business refused when CDD is incomplete?

How well do insurance institutions apply the EDD measures for high-risk situations, including PEPs?

ONGOING MONITORING

Have the insurance institutions taken steps from time to time to ensure that the customer information that has been obtained are up-to-date and relevant?

Do internal policies and controls of the insurance institutions enable timely review of complex or unusual transactions?

SCREENING

Have the insurance institutions conducted comprehensive ongoing screening of its complete customer database to prevent terrorist financing and sanction violations?

Have the insurance institutions put in place proper procedures to establish whether or not a customer or a beneficial owner of a customer is a PEP?

SUSPICIOUS TRANSACTION REPORT (STR )

Do internal policies and controls of the insurance institutions enable timely review of potential STRs for reporting to the NFIU?

To what extent do the STRs reported contain complete, accurate and adequate information relating to suspicious transaction?

Are dedicated email account for internal STR reporting with automatic acknowledgement of receipt and reminder of the obligation not to tip off in place?

Avoid unnecessary delay and inaccurate reporting to Senior Management on STRs filed to the NFIU.

STAFF TRAINING

Have the insurance institutions implemented a clear and well articulated policy for ensuring that relevant staff receive adequate AML/CFT training?

Have the insurance institutions monitored who have been trained, when the staff received the training, the type of the training provided and the effectiveness of the training?

Dos

Training materials should be regularly reviewed for update;

E-platform of training system used for systematic monitoring of attendance and assessment result;

Use of case studies for illustration of AML/CFT requirements

DON’Ts

No training/delayed training

No assessment/assessment not comprehensive/ ineffective to test understanding

Statutory obligations and possible consequences of breaches under various ML/TF legislations not fully covered in training materials

No induction/refresher training policy and schedules

MANAGEMENT COMMITMENT

The Commitment of Senior Management to supporting AML/CFT compliance program is a critical factor in determining the success of any AML/CFT program.

Demonstrate this commitment by, among other measures, appointing dedicated compliance personnel, providing compliance teams with adequate resources and support, and by promoting a “culture of compliance”.

Culture must be endorsed and demonstrated from the top

Specific Management actions recommended include:

Review and sign off on AML/CFT policy;

Have sufficient authority and regular interactions with management;

Provide sufficient resources for AML/CFT regime;

Appoint a dedicated compliance staff;

Upon discovery of suspected/apparent violations, management should implement measures to remedy and prevent violations in the future

TIMING OF VERIFICATION

Verify the identity of the customer and beneficial owner as soon as reasonably practicable,

Adopt risk Management procedures concerning the conditions under which a customer may utilize the business relationship prior to verification,

RISK BASED APPROACH

Perform due diligence (DD) when ML/TF risk are higher;

Apply simplify DD measure where lower risks have been identified.  Note that the simplified measures are not acceptable whenever there is suspicion of ML/TF or specific higher risk scenarios

FAILURE TO SATISFACTORILY COMPLETE DD

Unable to comply with relevant DD measures, they should not enter into business relationship and consider making a suspicious transaction report.

Where there is concern of suspicion of ML/TF and reasonably believes that continuing CDD process will tip off the customer, insurer should not pursue the CDD, but instead file an STR.

Do not underwrite the risk

Terminate the transaction if possible;

Apply specific terms and /or exclusion to the contract;

Freeze the transaction and ensure that no payment is made; and

Report details of the transaction to the NFIU

TRAINING  & AWARENESS

Training should be tailored based on risk – including as to individual employees or functions and should be relevant to the organization’s business activities, including the products and services that it offers.

It should communicate job-specific compliance information to employees as well as individual and corporate sanctions compliance responsibilities, and should provide easily accessible compliance resources and materials.

Training is an absolutely essential element of an effective compliance program.   A few of recent settlements have included robust training commitments.

Training should Occur at least annually, involve operational staff as well as compliance officers inclusive of Senior Management and include easily accessible resources and material available to all personnel.

Insurers should hold employees accountable through assessments, and should take immediate corrective action upon learning of a negative auditing or testing results.

Ensure that all staff understand: How AML/CFT sanction apply

Entity’s AML/CFT compliance policies/procedures

How to escalate AML/CFT concerns.

Training should be regular, formal and recorded;

Reinforced by intranet feeds and emails alerts with updates;

Ensure that Intermediaries are informed of your AML/CFT risk policies/procedures, that they are asking the right questions and are aware of red flags.

INTERNAL  CONTROL

Insurers should have appropriate internal controls, including policies & procedures in place to identify, mitigate AML/CFT risks;

Make sure the policies are easy to understand & are relevant to how the entity actually operates;

Have procedures in place to identify, stop, escalate and report suspicious activities;

Keep compliance policies up to date and ensure that employees are aware of the dynamic sanctions environment and keep records.

These policies and procedures should be tailored to the entity’s day to day operations and activities, and are designed to prevent misconduct.

In addition, policies and procedures should also be able to adjust to sanctions developments, such as updates to Sanctions list and changes in AML/CFT programs and regime.

TESTING & AUDITING

Regular audits is required to ensure that they can accurately identify AML/CFT regime’s weaknesses and deficiencies and remediate and improve on them as needs arises;

Testing and auditing can be internal or external, enterprise-wide or specific, but they should reflect a “comprehensive and objective assessment of the organization’s AML/CFT-related risk assessment and internal controls

Tests and audits should be: Adequately resourced; Accountable to senior Management

Provide a comprehensive and objective assessment of AML/CFT risks;

Insurers should take remedial actions after a test or audit uncovers a deficiency.

Will ensure that the testing or audit function is accountable to the Board and independent of audited activities.

Will ensure testing and audit procedure are appropriate to the level and sophistication of its compliance program.

Will update its risks assessment and review its AML/CFT policies, procedures, and practices on a periodic basis in order to identify and correct any weaknesses or deficiencies;

Will ensure that it will take immediate and effective action and identify and implement compensating controls after discovering weaknesses.

CONCLUSION

Compliance policy should be part of the pillars of an effective AML/CFT regime;

It should involve Senior Management and Board

Dedicated sanction desk and compliance officers.

The culture of compliance should be cultivated and watered throughout the organization.

Regulators and operators have joint responsibility in managing ML/TF risk in the insurance sector.

Among the critical elements of ML/TF risk management are risk assessment, policies and procedures, effective control system, adequate transaction monitoring, STR reporting, and ongoing monitoring.

ML/TF remain serious challenges to national and international economies

Being A Paper Presented By AML Unit of National Insurance Commission (NAICOM) At the CIIN Education Conference at Enugu November 7th, 2019