• wblogo
  • wblogo
  • wblogo

ASIFMA publishes guide to best AML/KYC practice

Chris Hamblin, Editor, London, 7 June 2018

articleimage

It comes as no surprise to learn that jurisdictions in Asia follow different anti-money-laundering rules and guidelines, or that each financial institution puts its own gloss on them. The Asia Securities Industry and Financial Markets Association, based in Hong Kong, has come up with some suggestions to remedy this.

The association is calling for Asia-wide standardisation in accordance with its own set of suggestions. Decrying the scourges of "fragmentation, inconsistencies and varying practices among financial institutions," it notes that firms have started to "adopt a forward-looking, client-centric and digitised approach to reduce the resource challenges associated with meeting KYC/AML requirements."

Taking an overview of market practice, and having organised an exhausting series of working groups, ASIFMA has evolved a set of 'best practices' that it hopes are as 'jurisdiction-neutral' as possible. They look at the identification and verification of customer-firms and their beneficial owners; the obtaining of information before banks form business relationships with customers; the identification and verification of people and firms who/that purport to act on behalf of customers; the timing of various background checks and other checks; the right times at which to 'simplify' such checks; the monitoring of business relationships; factors one ought to consider when developing a risk-based approach to compliance; the use of oher firms to carry out 'customer due diligence' or CDD (an ugly term invented by the Basel Committee for Banking Regulation and later taken up by the Financial Action Task Force, the world's AML standard-setter); and the features of CDD-related documents.

Who is the customer when the bank is dealing with a fund?

Private banks deal with funds extensively on behalf of HNW customers. The part of the code that deals with the identifying work that a bank ought to do when taking a fund on board as a customer is therefore highly relevant.

One way of identifying the customer in this context is to seek out the party that is going to provide the bank with instructions and/or exercising influence and control. Ordinarily, this is the fund manager which has been delegated decision-making authority by the fund. If the party that provides instructions is acting as an agent, identifying information about the underlying client is required.
 
Another way of identifying the true customer is to identify the party that is contracting with the bank. This approach dictates that:

  • if a fund manager contracts with a bank on behalf of an investment vehicle/fund, the bank can perform 'simplified due diligence' SDD on the fund manager as long as that fund manager has performed CDD on the fund. It may be possible to obtain limited KYC information about the fund; and
  • if an investment vehicle or fund contracts with a bank, it should apply CDD/SDD (as appropriate) to it, depending on its legal form. In this context, a fund manager should be regarded as a person purporting to act on behalf of a customer if it has the authority to place an order on behalf of an investment vehicle or fund.  

'Equivalent' regulation for fund managers

'Equivalence' is an oft-used word in compliance. The association says that if an 'equivalently' regulated fund manager - i.e a fund manager from a jurisdiction with similar regulations - provides instructions to a financial institution such as a private bank, that bank can perform CDD on the fund manager rather than on the fund itself. For example, the Anti-Money-Laundering Ordinance (AMLO) of Hong Kong takes the phrase "equivalent jurisdiction" to mean:

  • a jurisdiction that is a member of the Financial Action Task Force or FATF, the world's AML standard-setter, other than Hong Kong (a list that takes in Mexico and Russia); or
  • a jurisdiction that imposes requirements similar to those found in Schedule 2 of the ordinance.

ASIFMA adds enigmatically that the institution should still collect some information about the fund "on a risk-based basis."

When fund managers are not regulated 'equivalently'

If a fund manager is not equivalently regulated, the institution should perform full CDD on both him/it and the underlying fund unless:

  • it can perform SDD in Hong Kong under Schedule 2, Part 2, para 4 of the ordinance or in Singapore under the relevant SDD provisions; or
  • it can rely on another firm that performs the CDD as specified in Singapore's and Hong Kong's laws and regulations.

When the fund is the customer

If the fund is to be considered the customer for AML purposes, the bank should nonetheless identify the fund manager and his/its identity "due to the instructions issued and control exercised by the fund manager."

In what capacity does the financial institution act?

If a financial institution is acting as a prime broker, a clearing broker, a settlement agent or a custodian, both the fund and the fund manager (once again, "due to instructions being provided by and control exercised by the fund manager") should be considered as customers. If the financial institution is acting as an executing broker only, the fund manager (and not the investment vehicle/fund) should be considered as the customer.

Trusts

The bank should take a similar approach with trusts. That is, the trustee should be considered the contracting party and thus the customer, although the bank should also obtain certain identifying and verifying information with respect to the trust.

Brokers

When dealing with so-called third-party brokers, the financial institution ought to obtain 'licence proof' (a commonly-used phrase in the document) from the relevant authorities. If it cannot, it should refer the matter to its compliance department. There are two 'levels' of KYC checking to be done. For 'level 1 KYC' the institution shoud obtain proof of existence by seeking out constitutional documents such as certificates of incorporation or registration of company searches on registers, or (for an 'equivalently' regulated body) the latest printout from the regulator's or exchange's website with the full name. It should obtain lists of all controllers or directors and lists of beneficial owners, except for 'low risk' beneficial owners. A beneficial owner's profile should include his recent employment history, main business activities, nationality, permanent residence and source of wealth (estimated net worth, assets and notable shareholdings). The institution should conduct World-Check screenings and adverse media checks on Google, LexisNexis, Factiva or any other relevant sources on all the aforementioned identified parties.

For 'level 2 KYC,' to occur if there are positive matches from screenings and adverse news, ASIFMA calls on the financial institution to unearth further information that can "elaborate on issues" or that corroborates the documents that it has obtained from level 1, plus further documents to verify the authenticity of the information it has gathered at level 1. It also calls for the employment "of a reputable external investigation agency to investigate into or review an entity or individual with a particular focus on financial crime or reputational risks," whatever that might mean.

Agent banks and custodial banks

When dealing with these banks, the financial institution should obtain 'licence proof,' but also use screening IT to look on open sources for 'red flags' (adverse media, sanctions) by conducting sanction checks using World-Check; and conducting adverse media checks using Google, LexisNexis, Factiva, Baidu or any other relevant sources. 

Latest Comment and Analysis

Latest News

Award Winners

Most Read

More Stories

Latest Poll