Beruflich Dokumente
Kultur Dokumente
Risk Assessment
transposition EU Member
1st draft Passed EU Included in
into national law
published parliament EU law States to be
compliant
2013 2014 2015 2017 June
February March June (overdue)
The 4th EU AML Directive (adopted) includes changes forcing to respond in several areas
Page 2
The 4th EU Anti-Money Laundering Directive
poses new business challenges
Risk level needs to fit the organization and its
Adopt suitable customers
The purpose of the 4th EU Risk-based approach
risk level
AMLD is to enable participants Reduced use of Simplified Due Diligences (SDDs)
Obliged entities operating
to better identify, understand within the scope of the Enhanced Due Diligences (EDDs) required in
and mitigate ML and FT risks. directive would be required Customer due additional situations
to identify, understand and diligence
Measures for PEPs to cover a wider population
Among the changes, the risk- mitigate their risks, and to
based approach is considered document and update the Removal of “white lists” relating to positive third
to be core. assessments of risk that country equivalence
they undertake Other
More…
Increasing compliance requirements Three selected AMLD changes’ impact on private sectors
Asset
Retail banks Insurance Pension funds
management
CDD/PEP High High Medium Low
Figurativelevel
Figurative levelofof 33rd EUAMLD
rd EU AMLD 4th4+th5th
EU AMLD
EU AMLD
Cash threshold High - - -
compliance in Swedish
compliance in requirements
compliance compliance
requirements
entities
Romanian entities requirements requirements Beneficial
High High Medium Low
ownership
The gap to ensure compliance with EU’s directives will increase significantly with the passing of the 4th EU Anti-Money
Laundering Directive. Increasing compliance requirements allows for further sanctioning reasons.
In Romania, the Law no. 656/2002 on prevention and combating money laundering and setting up some measures for
prevention and combating terrorism financing is under amending process, in order to transpose the 4AMLD.
Source: EY Analysis
Page 3
Comparison of key areas
Between the 3rd vs. the 4th & 5th EU Anti-Money Laundering Directive
► CDD measures should be carried out when e.g. ► Enhanced Due Diligence (EDD) must be conducted in
carrying out occasional transactions amounting to situations defined as posing high risk
Customer Due EUR 15,000 or more when there is a suspicion of ► Simplified Due Diligence (SDD) only permitted in
Diligence (CDD) money laundering or terrorist financing certain lower risk situations (not regarding a specified
product or customer)
► The threshold for traders in high value goods dealing ► The threshold for traders in high value goods dealing
with cash payments is EUR 15,000 with cash payments is reduced to EUR 10,000 in order
Cash transactions to avoid exploitation
threshold ► Requirements of DD regarding occasional transaction
equal to or over the threshold
► EDD on PEPs residing in another EU member state or ► Includes EDD on PEPs who are entrusted with
Politically Exposed in a third country prominent public functions domestically and on those
Persons (PEPs) who work for international organizations
► Identification covers those who own/control 25 % or ► Clarification of what the "25 % threshold" refers to
more of a business ► Stricter requirements on availability of BO information
Beneficial Ownership ► Up to the institutions and persons to make use of - all companies should hold information on their
(BO) public records, ask their clients for relevant data or beneficial owners
obtain information otherwise
Page 4
Risk Assessment
Legal Framework: Directive (EU) 2015/849
A wind of change, notably triggered by the Directive (EU) 2015/849 on the prevention of the
use of the financial system for the purposes of money laundering or terrorist financing (“the
4th AML Directive”)
The purpose of the 4th EU AML Directive is to enable the companies to better identify,
understand and mitigate money laundering (ML) and terrorism financing (TF) risks.
Employing a risk based approach, set upon an AML/CFT exercise, enables organizations:
• to ensure that measures to prevent or mitigate money laundering and terrorist financing
are commensurate with the risks identified;
• to set an essential foundation for an efficient allocation of resources across the AML/CFT
regime.
Among the changes, the risk-based approach is considered to be the core one.
That is, the AML /CTF Risk Assessment should be commensurate with the nature and size of company’s business. For
example, for smaller or less complex organizations (customers falling into similar categories, range of products and
services offered are very limited etc.), a simple risk assessment may suffice, whereas, for more complex organizations
with multiple subsidiaries and a wider variety of products and customer base, a more sophisticated risk assessment
process is required.
Page 5
Risk Assessment
Legal Framework: Directive (EU) 2015/849 (cont.)
The latest Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or
requirements for terrorist financing (known as the 4th AML Directive) had the 26th of June 2017 as deadline for transposition into the
national legislation of the Member States. In Romania, the 4AMLD transposition bill amending the AML Law no. 656/2012
the companies in
is now under legislative revision’ procedure and it is estimated to be adopted by the end of the year.
anti-money
laundering and Among the new AML requirements introduced by the 4th AML Directive, we underline:
countering ► the obligation of performing AML risk assessment (at the national, sectoral and entity level);
terrorism ► assurance of a more transparent governance, including the identification and verification of the ultimate beneficial
financing owner (UBO) of the organization;
► the adoption of enhanced due diligence measures for extended category of Politically Exposed Person (PEP).
The Directive brings a significant increase in the sanctions’ level for breaching the AML legislation (i.e. max. of at least EUR 5 mil. or 10 % of the
total annual turnover for financial institutions and max. of at least EUR 1 mil. for non-financial institutions.)
How does this affect the client? Who is impacted by these changes?
Article 8 of the 4AMLD provides that the organizations shall take ► credit institutions
appropriate measures to identify and assess the risks of money ► non-banking financial institutions (payment services, electronic
laundering and terrorist financing, taking into account risk factors, currency, leasing, exchange offices, money remittance)
such as ► financial institutions (insurance, securities, private pensions)
► Customer risks, ► legal professions (lawyers, notaries, auditors, accountants, insolvency
► Countries or geographic areas risks, practitioners, fiscal consultant)
► Products & services risks, ► service providers (with the conditions that they provide professional
► Transactions/operations risks, services to third parties/other legal entities), such as extractive
► Delivery channels risks. industry (oil and gas) and energy industry, hotels and restaurants,
mass-media and advertising/ Radio + TV, water and electricity
The risk assessments shall be documented, kept up-to-date and made (supplying and distributing), including scrap collection, telecom & IT,
available to the relevant competent authorities. real estate developers / agents / administrators, private health care
providers, transporters, privatization companies
The entities should also adopt policies, controls and procedures to
► luxury goods dealers, automobiles & dispatch, precious metals and
mitigate and manage effectively the risks of money laundering and
stones
terrorist financing identified at the entity’s level.
► casinos
► NPOs – sports federations / clubs and foundations
Page 6
Risk Assessment
Banking Sector Opinion on AML Risk Management: Study
Money Laundering is on the top conduct risks The respondents to the EY/IIF
Survey 2016 indicated the top
initiatives needed to strengthen
conduct risk management:
* A set of blueprints for success is the seventh annual global survey of banks by EY and the Institute of International Finance (IIF). It
follows the industry’s progress in improving risk management by surveying senior risk executives. In 2016, 67 banks from 29
countries participated, including 23 of the 30 institutions designated as global systemically important banks (G-SIBS) .
ey.com/bankingrisk
Page 7
Risk Assessment
Key Challenges
Financial services have been considered for the last two decades to be on the front line in the fight against all types of financial crimes
associated to money laundering/terrorism financing. The evolution of the regulatory framework came in parallel with increased threats
and risks.
Managing the compliance risks, including the ML/TF ones, is a key area of focus for top-executive management and relevant key persons
(CEO, CCO, COO) in the banks around the world.
More focus on Regulators require more focus on the risk based Increasing As stricter rules are imposed by the 4th AML Directive,
approach and creating of a culture of proactively local regulators will tend to increase the demands on
mitigating the identifying, understanding and mitigating the ML/TF
regulatory the monitoring and compliance systems. More focus
high risks risks. pressure on the internal process’ control.
Page 8
Risk Assessment
Key Benefits
Identification, understanding and mitigation of the ML/TF risks has a paramount contribution in setting up an efficient anti-money
laundering compliance program. The risk assessment especially aims to detect those high risk areas that have to be mitigated by
proportional measures and a continuous monitoring process. Moreover, the results of the assessment aims to identify gaps or
opportunities for improvement of the AML policies procedures, as well as of the internal control processes. This preventive approach will
offer a safe-heaven for the company towards regulatory, legal and reputational disrupting factors.
By knowing the exposure to the ML/TF risks and the Focus on real Companies having a formal AML compliance program,
based on identified risks, are able to focus on the
Effectiveness measures needed to mitigate them, the entities are more threats and ML/TF threats and vulnerabilities the company’ faces.
effectively reacting to the particular risks.
vulnerabilities
Client Risk Service / Product Risk Client Activity Risk Geographical Risk Political Risk
► It refers to the type of The category refers to the It refers to the It refers to the countries or It refers to the persons
natural and legal risks associated with new and environment (industry or regions with a less strong associated to politically
persons, the client innovative products and sector) in which clients defense or considerable exposed persons (real
Description
behavior and the services; it involves operate – from low to deficiencies in fighting beneficiaries, close
consistency between developed and modern highly vulnerable to money against money laundering associates, family
the client background technologies by which the laundering, terrorism or terrorist financing. members etc.) and
and expected or services are provided that financing and associated political parties
performed activity favor anonymity of the illegal activities.
parties involved.
PEP private banking Industries: countries with high levels head of state
non-residents non-face to face casinos of corruption / organized parliamentary
transactions exchange offices crime
intensive cash heads of political parties
businesses payment instruments non-banking financial countries subject to
mayor of the city
institutions terrorism and/or to
businesses with virtual currencies counsellors working with
international sanctions
complex ownership high value lending foundations or non-profit politically exposed
offshore territories,
Examples
Page 10
Risk Assessment
Examples of risks identified
Risks related to implementation of AML policies and procedures
► A lack of commitment at senior management level for ► Failing to consider money laundering alerts generated since the
implementing the AML policies; last review for updating the customer’ risk level;
► Including waivers from AML policies without solid ground; ► Allocating higher risk countries with low risk scores to avoid
having to conduct Enhanced Due Diligence;
► Undocumented Know-Your-Customer processes for identifying,
classifying and declassifying the customers’ risk levels; ► Accepting regulatory and/or reputational risk where there is a
high risk of money laundering;
► Companies consider the reputational risk rather than the AML
risk presented by customers; ► Performing unusual payments/transactions to third parties
without obtaining a legal base and/or an economic justification;
► Drawn up AML policies & procedures by external consultants, but
not further implemented by the company; ► Not sufficient focus on non-face-to-face transactions performed
via intermediaries;
► Failing to allocate adequate financial, human or IT resources to
the AML function; Applying a ‘one size fits all’ approach in CDD with no assessment
Description
Page 11
Risk Assessment
Methodological Approach
Page 12
Risk Assessment
Risk Matrix (for illustrative purposes only)
Page 13
Contact person:
Laura Lica-Banu
Senior Manager | FIDS
EY Romania