FINMA published a draft amendment of the AMLO-FINMA for consultation containing, inter alia, more detailed obligations relating to group-wide monitoring of legal and reputational risks, a further tightening of KYC requirements and more detailed criteria for the risk classification.
First step of the follow-up work on the Financial Action Task Force (FATF) mutual evaluation report
On September 4, 2017, the Swiss Financial Market Supervisory Authority (FINMA) published a draft amendment of its Ordinance on the Combat of Money Laundering and Financing of Terrorism in the Financial Sector (AMLO-FINMA) ("Draft"). The Draft is the result of a decision of the Swiss Federal Council of earlier this year to define the required follow-up work on the fourth FATF mutual evaluation report on Switzerland published on December 7, 2016. Both the Federal Council and FINMA take the view that the proposed amendments of the AMLO-FINMA are covered by the existing provisions of the Federal Act on Combating Money Laundering and Terrorist Financing (AMLA). The proposed amendments to the AMLO-FINMA are the first step of the implementation of the findings of the latest mutual evaluation report of FATF in respect to Switzerland. The Federal Council has instructed the Federal Department of Finance to prepare a consultation draft until end of the current year setting out due diligence duties for specific non-financial intermediary activities, steps to increase transparency of associations (Vereine) and measures in connection with precious metals and precious stones traders, the purchase of old precious metals and amendments in relation to the AML reporting regime.
The following outlines the proposed changes relating to consolidated supervision, KYC requirements and risk classification which are the areas mostly affected by the Draft. These changes will affect all financial intermediaries including banks, asset managers and trust companies. Self-regulatory organisations will have to amend their regulations to reflect the proposed changes to the AMLO-FINMA, and the CDB 2016 will likewise have to be updated as a result. Internal regulations and forms of financial intermediaries may have to be updated and IT systems may have to be adjusted in a timely manner in case the Draft is enacted in its current form.
New detailed obligations with respect to group-wide monitoring of legal and reputational risks
Swiss financial intermediaries are required to ensure that certain key principles of the AMLA are observed by their foreign branches and subsidiaries. Moreover, the legal and reputational risks relating to money laundering and financing of terrorism have to be monitored on a group-wide level. Whereas these principles are already contained in the current AMLO-FINMA, the Draft includes new detailed obligations for Swiss financial intermediaries with a presence abroad in relation to the monitoring of group-wide legal and reputational risks.
It requires financial intermediaries to:
- undertake a periodic risk analysis on a consolidated basis;
- create an annual standardised reporting on a consolidated basis;
- automatic notification by foreign branches or subsidiaries of certain key mandates and transactions as well as of the change of the legal and reputational risks; and
- periodic internal controls including on-site sample-testing by group compliance.
The proposed changes will require the implementation of formal policies and procedures and likely increase the administrative burden and costs of financial intermediaries with a presence abroad.
Further tightening of KYC obligations
The KYC obligations of financial intermediaries have already been extended by a recent amendment of the AMLA which became effective on January 1, 2016. The self-regulatory organizations as well as the financial intermediaries were required to update their regulations to implement the new FATF rules, in particular the requirement to identify controlling persons of operating entities. Despite the recent changes in this area, FINMA intends to further tighten the KYC obligations. The proposed changes will require an update of internal regulations and likely increase the administrative burden and compliance costs of most financial intermediaries.
a) Verification of beneficial ownership
The Draft contains an obligation for financial intermediaries to verify the indications as to beneficial ownership. In case the Draft is enacted in its current form, it will not be sufficient anymore for a financial intermediary to obtain a declaration of beneficial ownership from its contracting party. An additional verification using risk-based measures has to be conducted with respect to all contractual relationships irrespective of their risk classification. The verification has to be properly documented. Where the contracting party is an entity, the verification must cover the beneficial ownership of the entity as such, as well as of its assets.
The explanatory report mentions the obtaining of documents or information from reliable sources as potential means of verification. In the mass business with retail clients, it may be sufficient to compare the information about beneficial ownership with the information contained in the client profile, e.g. on income, profession etc.
b) Update of customer information
Pursuant to the Draft, financial intermediaries will be required to update customer information on a regular basis, independently from any indications for changes. A risk-based approach will have to be applied when determining level of detail and the renewal periods. The renewal periods need to be defined in the internal regulations of the financial intermediary. The periodic update of customer information comes on top of the event-driven update and renewal of customer information.
Customer information not only means the details of the contracting-party but also includes information about the beneficial owner, the origin and source of funds and the status as politically exposed person (PEP) of the customer or beneficial owner. It is, however, not required to renew the documentation on file if no changes occurred, even if documents such as passports would have expired. The periodic update of customer information may be made in meetings with the customer, by standardised forms or through ebanking platforms.
c) Increased scrutiny on domiciliary companies and structures
Business relationships with domiciliary companies and structures are affected by a number of the proposed changes to the AMLO-FINMA. The Draft introduces an explicit requirement for financial intermediaries to identify and document the reasons for the use of domiciliary companies and structures. Under the current rules, a financial intermediary is required to identify the purpose and background of a business relationship more generally. Although this also implies to a certain extent the identification of reasons for the use of domiciliary companies and structures, the new explicit provision will likely require some adjustments to take-on procedures.
The background information on domiciliary companies and structures is required in order to comply with the more detailed criteria used for the risk classification proposed by the Draft. While the complexity of a structure is currently one criterion for the risk classification, the Draft intends to introduce the following specific criteria that would trigger a high-risk classification as regards domiciliary companies and structures:
- The use of domiciliary companies in connection with further domiciliary companies or with an operating business;
- The use of nominee shareholders (which may also generally include the existence of bearer shares);
- The use of domiciliary companies or structures to conduct operational activities;
- The use of non-transparent jurisdictions;
- The absence of reasonable grounds for the use of domiciliary companies and structures; and
- The use of domiciliary companies and structures for the short term placement of funds (flow-through).
More detailed criteria for the risk classification
The Draft further specifies that when considering connections with other jurisdictions for purposes of the risk classification of business relationships or transactions, the jurisdiction which are considered "high risk" or non-cooperative by FATF are of particular relevance. This is relevant for a number of existing risk criteria such as residence of contracting parties or beneficial owners or the place of business activities.
The following new risk criteria should be added:
- For the classification of business relationships: The referral or servicing of business relationships by third party service providers such as external asset managers, lawyers, trust companies or introducing brokers; and
- For the classification of transactions: The jurisdiction of origin or destination of payment transfers (currently only mentioned for the classification of business relationships).
In its Draft FINMA introduces the presumption that business relationships with contracting parties resident in a jurisdiction identified by FATF as "high risk" or non-cooperative and for which FATF calls for increased diligence are “high risk” and have to be classified as such in all cases.
Financial intermediaries would be required to determine for each risk criterion contained in the AMLO-FINMA individually whether it is relevant for the financial intermediary on the occasion of each periodic risk analysis.
Timing and grandfathering rules
The consultation closes on October 16, 2017. FINMA expects that the revised AMLO-FINMA will enter into force in the year 2019.
The verification of the beneficial ownership will have to be conducted for new business relationships opened after the entry into force of the revised AMLO-FINMA and for existing business relationships upon the next periodic update of customer information. In the context of the periodic updates of customer information, financial intermediaries will also be required to obtain information about controlling persons of business relationships which currently fall under the transitional carve-out, i.e. business relationships existing prior to January 1, 2016.