As money laundering rules become more onerous we look at what the finance director has to consider and how a strategy to handle them should be developed. Abe Abrahami gives his advice.

It has long been a necessity for the criminal, making their ill-gotten gains appear legitimate to their family friends and government. But today with the illegal drugs' business rivalling the size of the pharmaceutical industry and terrorists acting like multi-national executives, money-laundering has become an even more sophisticated business.

New laws and renewed vigour by global intelligence and police agencies to stamp it out, have put more pressure on companies and their directors to be pro-active in fighting it. And like anything that revolves around money, the process of monitoring it and being prepared to defend against it, falls to the beleaguered finance director.

In the simplest terms money-laundering is a criminal attempt to conceal the true origin and ownership of proceeds from theft, fraud, drug trafficking, insider-trading or terrorism. On the other side of the coin it is also the attempt to use legally derived funds for illegal purposes, such as financing arms trade, although this is less common.

The process of laundering money can be broken down into a three-tier process:

As with the counterfeiting of goods it is a common public perception that money laundering is not a problem for the man-on-the-street, however as the internationalisation of terrorism has proved, financing illegal activities can hurt anyone in the most unexpected of circumstances.

Most directly affected by the process of cleaning dirty cash, however, are those entities most used to help wash the stains of criminality from the money: banks, financial institutions, insurance companies, building societies, accountants, fund managers, auditors, lawyers, gaming companies, stockbrokers or traders. But today even a company can become an unwitting participant.

The major AML regulations

There are numerous national and international AML regulations and depending on the jurisdiction their scope and definitions vary. The ones that UK directors ought to be aware of are:

The Institute of Chartered Accountants offers guidance [1] on any revisions to money laundering. It is also worth noting that other legislation has AML requirements implied within them such as the UK Fraud Act 2006, Know-Your-Customer (KYC), MiFID, Basel II, Solvency II, the Sarbanes-Oxley Act and IFRS rules.

All these rules ultimately mean that chief financial officers and chief executive officers have distinct responsibilities. They must ensure that they do not conduct business with money-launderers and terrorists,or cover up money-laundering activities and sources.They must take precautions to reduce the risk of money laundering by having sufficient controls/procedures in place andc an confidently certify their financial statements as to their accuracy/correctness.

To meet their responsibilities, CFOs and CEOs must ask themselves;

1. What risks are we taking if found guilty of a money laundering offence?
2. If we are at risk of committing a ML offence, what should we do about it?
3. If found guilty of an offence what will be the penalties?
4. What should we do if we suspect someone of money laundering?
5. What are the penalties for an organisation who does not train its staff to prevent and halt money laundering?
6. What are acquisition, arrangements, concealing, possession, tipping-off and use?
7. What is ‘authorised disclosure’ and non-authorised disclosure?
8. What is a ‘protected disclosure’ and non-protected disclosure?
9. What is ‘appropriate consent’ and inappropriate consent?
10. What are KYC, red flags, risk-based approach, type of product, size of financial relationship, geographic location?
11. Under what circumstances could somebody who performs relevant business commit the offence of failure to disclose?
12. What are acceptable identification procedures?
13. What is the role of the National Criminal Intelligence Service in AML?
14. What are the ripple effects of The Serious Organised Crime and Police Act 2005?
15. What’s included in the EU Third Directive on Money Laundering?
16. Does the EU Third Directive introduce simplified/enhanced due diligence?
17. What impact does the EU Third Directive have on UK Legislation?
18. What impact does the FSA Money-Laundering Directive 2007 have?
19. If we do business internationally how do we cover the multitude of national and international AML compliance obligations (e.g. USA or Australia)?

Challenges to international companies

For a CFO and a CEO whose company trades globally, fulfilling their obligations becomes a real headache, because of the international nature. However it should also be remembered that even a national firm can become embroiled in the money-laundering process.

If a transaction began in the UK and its subsequent processing went through five countries with all their individual rules and regulations, how do you deal with this? For example, is it sufficient to comply with one country’s laws or do you have to handle the legal minutiae of all five, plus the international regulations concerned?

The reality is that the finance director has to comply with them all. This can be a costly and complex challenge although there are software solutions to help you resolve the issues such as Peach's Integrated-AML-Compliance Solution.

This system follows step-by-step solution that is commonly used by blue chip companies along with proprietary steps privately developed. However the basic process outlined below is something that can help a finance director understand both the complexity of the issues and how they should be tackled.

One has to identify all the national AML regulations and create a master template questionnaire. This audit check-list helps to identify what needs to be done and where there are gaps that need to be resolved. Ideally this work should be certified by a suitably qualified professional authority, a double-check on the process itself and offering some sort of insurance.

Take the most severe AML regulations you need to comply with (national or international), compare and over-lay them over the master check-list and note any overlaps or duplication and conflicts. Resolve these. Then combine the two audit check-lists with special annotations so that you still can distinguish between each.

Repeat the same exercise for the the other less-arduous AML regulations. This provides a system that complies with all the relevant AML regulations and identifies gaps to be resolved.

But you have not finished yet. What about your software applications, how do you prove which of these satisfies specific AML requirements on your check-lists? Having a solution for this also proves compliance for whichever regulatory inspector might turn up on your doorstep. The reality is that it becomes a jigsaw puzzle: you could have 10 relevant computer applications, some of which overlap and others which leave you with compliance gaps. How will you know and prove which system satisfies specific AML requirements? You have to analyse and map these application functionalities against the check-lists above to prove compliance, identify and resolve gaps.

Ideally you will generate as a result AML compliance maps and proof. The process is indicated by the diagram below.

As a result of the unique described above, you can end up with a credible, useful, multi-purpose AML compliance check-list along with compliance maps, proof of the compliance landscape and the gaps to be addressed.

You will be able to test your controls and procedures to identify other gaps and improve your AML compliance by far. Of course doing this in a manual way is a time-heavy and ultimately costly exercise which benefits from a dedicated software solution. Instead of working is costly silos, you can create an integrated, modular cost-effective solution that can be used by any country in which your company does business.

Dr Abe Abrahami is the CEO of Peach, a company that supplies anti money-laundering software and consultancy on a range of compliance and regulatory issues. He is also the author of "Compliance & Change Management". www.peachqc.com