What do we find on proactive AML monitoring reviews

At 27.4% of non-compliant firms, we found that the firm had performed ineffective client identification procedures. In some cases, the firm had failed to properly identify all of the beneficial owners. In others, the firm had failed to properly understand the nature of the client’s business, or the jurisdictions that it operated in. During our reviews, we perform basic open source checks on the client and for some non-compliant firms, we identified information about the client that the firm didn’t know.

• Access recommended resources and guidance to support compliance in this area

At 25.6% of non-compliant firms, we found ineffective risk assessment documentation. During our monitoring reviews, we re-perform the risk assessment to check that the firm has identified all the risks. We do this by reviewing the know your client information as well as open-source information about the client, and cross-checking this information with sources of risks and red-flags such as the AASG Risk Outlook. Ineffective risk assessment documention is where the firm has not documented all the same risks that we identified but where the firm is able to discuss and describe the risks.

At 27.9% of non-compliant firms, we found that the firm had failed to perform risk assessments on any of their clients. Risk assessments are a core element of the MLRs and all firms must perform a risk assessment to direct the amount of verification work they do.

• Access recommended resources and guidance to support compliance in this area

Of the three stages of CDD, verification is performed least effectively with 34.4% of firms performing ineffective verification procedures. Where we have raised this area of non-compliance, the firm has not gathered sufficient evidence to manage or mitigate the risk identified. In some cases, the firm has simply performed more ID verification on a beneficial owner, when the AML risk relates to transactions in a high-risk third country. Firms must tailor their verification work to ensure they gather enough evidence to satisfy themselves that the risk of being used to launder is suficiently reduced.

• Access recommended resources and guidance to support compliance in this area

We review cases of non-compliance to understand the root causes. The most common themes behind non-compliance are:

• Lack of knowledge / understanding of regulations
  We generally find that firms are trying their best and will believe that they have good compliance, policies and procedures in place but our monitoring reviews find that they have failed to grasp the requirements fully. Firms can be overly focused on collecting passports/ID verification and don’t devote enough time to identifying risks within their clients and/or don’t perform enough work to mitigate those risks. We also find that firms have not regularly revisited their risk assessments and mitigation work.
• Lack of understanding of risk
  Firms fail to identify obvious risks and red flags within their clients.
• ‘It will never happen to me‘
  Firms assume that ‘it will never happen to them’, leading them to fail to identify obvious risks and red flags within their clients.
• Insufficient resource allocated to anti-money laundering compliance. 
  We have found some of our largest firms have money laundering reporting officers or compliance principals with insufficient time and resources to dedicate to AML compliance.