Ensure you’re prepared to collect adequate customer due diligence (CDD) information on your new and existing customers. Verifying client identity and reporting suspicious activity are the two cornerstones of the AML/CFT (anti-money laundering and countering financing of terrorism) regime.
CDD is the process through which you develop an understanding about your customers and the ML/TF risks they pose to your business. Verifying information about your customer’s identity, beneficial owners, and representatives is very important to help protect your business from ML/TF.
People who launder money or finance terrorism try to mask:
- their identity
- the illegal source of their funds
- their intention to misuse legally obtained funds
- the identity of the beneficiaries of the funds
If you know who your customer is (and understand their financial activities), it will make it more difficult for money launderers or financers of terrorism to use your business for illegal transactions. You get to know your customer by having adequate and effective procedures, policies and controls in place.
How do you assess your team’s knowledge, application and retention of AML/CFT training?
There are three levels of CDD:
- Simplified CDD
- Standard CDD; and
- Enhanced CDD
You need to be sure you’re using the right level of CDD for each customer, which depends on:
- the characteristics of the customer
- the nature of the activity or transaction being undertaken
- the customer’s potential for ML/FT risk
Simplified CDD is for specific customer types including government departments, local authorities and certain listed companies.
Standard CDD applies to most New Zealand customers. It involves the collection, and verification, of identity information of the customer, any beneficial owner of the customer, or any person acting on behalf of the customer. The identity information required for standard CDD is:
- name of customer
- relationship to customer if the person isn’t the customer
- address or registered office
- company identifier or registration number
- nature and purpose of the proposed relationship
You must take reasonable steps to satisfy yourself that the identity information you have gathered is correct, which can only be done by collecting and sighting documents, data and information provided by a reliable and independent source.
The information should be collected according to the amended Identity Verification Code of Practice (IVCOP) which provides suggested best practice for reporting entities seeking to verify the name and date of birth of customers (who are natural persons) that they have assessed as low to medium risk. Compliance with a code of practice is not mandatory although IVCOP is the recommended safe harbour route, detailing what you need to do and how to do it in terms of knowing your customer. If you opt out of the code, you must inform your supervisor and adopt practices that are equally effective, otherwise you risk non-compliance.
Standard CDD will usually mean asking your customer to bring in original identity documentation and checking that it’s not expired, and also verifying that the original identification documentation is actually for that customer. You should take, and retain, copies of the identification documents.
Even if the proposed transaction or business you are undertaking is fast-paced, verifying customer identity information must take place before the business relationship is established, except in exceptional circumstances. If verification is delayed the reasoning must be justifiable and recorded.
Enhanced CDD is for situations where there is a higher level of risk. It involves standard due diligence as well as inquiring about the source of funds and wealth and verifying that information according to the level of risk. Your customer’s source of wealth is the origin of their entire body of assets. This information gives an indication of the amount of wealth your customer would be expected to have and a picture of how they acquired it. Your customer’s source of funds is more narrowly focused. It is the origin of the funds used for the transactions or activities that occur within the business relationship with you.
Enhanced CDD needs to be conducted in specific circumstances, including:
- when a customer is a trust
- when a customer is a non-resident from countries that have insufficient AML/CFT regimes
- when a customer is a company with nominee shareholders or bearer shares
- when a customer is a politically exposed person
- when a customer seeks to conduct a complex, unusually large transaction that has no apparent lawful purpose
- any situation where you believe the AML/CFT risk is high enough that enhanced CDD should apply
You will need to use your own risk assessment to assess the level of money laundering or financing of terrorism risk before establishing the business relationship or conducting an occasional transaction or activity.
Next in the Dirty Money Series: Suspicious activity
Joel’s Investments notices that regular client Jack has made several high-value cash deposits on the same day. Compared with previous account records, these transactions are in contrast to Jack’s usual business activities. What should Joel’s Investments do?
- Issue a formal warning to Jack within 10 working days of forming its suspicion
- Not take any action unless there is evidence that Jack has been involved in money laundering activities or the financing of terrorism
- Submit a suspicious activity report to the Financial Intelligence Unit as soon as practicable after forming its suspicion
- Submit a suspicious activity report to the Financial Intelligence Unit within 3 working days of forming its suspicion
Hint: High-value deposits made on the same day and client activities outside of the norm may signify potentially suspicious transactions and should raise red flags for a reporting entity.