AMLD customer due diligence
Leestijd: 5 min.
Customer due diligence consists of several components: assessing the customer, determining the nature of transactions, and determining the risk of money laundering and financing of terrorism. When identifying the customer, it is also important to determine in which country they are a tax resident. Can the customer pose a risk, and what are the customer's intentions? Since 25 July 2018, various parts of the Dutch Anti-Money Laundering Directive (AMLD) have been amended. Since those amendments to the AMLD, customer due diligence has become increasingly more extensive and complex. The amount of information that needs to be collected has grown, and the investigations have become more and more in-depth.
Compliance with the AMLD and the risk assessment
Today, there are numerous areas to investigate in order to comply with the regulations set out in the AMLD. For starters, it is important to identify the customer and their ultimate beneficial owner (UBO), as well as the source of the funds. The extent of customer due diligence process is adjusted to the extent of the risk of money laundering or financing of terrorism that this transaction or customer brings with it. To better estimate the risk, you can check whether your customer is named on one of the following lists or in one of the registers below:
Er wordt gecontroleerd worden of een persoon/bedrijf voorkomt op of te maken heeft gehad met: sanctielijsten, PEP-lijsten, risicolanden, insolventie register, bestuursverbod, financiële toezichthouders
Sanction lists include both the sanction lists kept by financial institutions and those of law enforcement agencies. These sanction lists mention not only current sanctions, but also past sanctions. If you are dealing with a ‘sanctioned person’, doing business with this person is prohibited and their assets should be frozen.
The Politically Exposed Person (PEP) list includes individuals in a prominent public function, which generally means that they present a higher risk for corruption. The PEP list includes not only persons who are politically active in their current function, but also persons who were politically active up until one year ago. Examples of PEP functions are: heads of state, army officers, senior executives of central banks, etc. The AMLD requires that you conduct enhanced customer due diligence if you are dealing with a PEP. Family and associates of the PEP are included in the high-risk group that needs to be investigated more extensively.
There are multiple lists of high-risk countries out there. For example, there is the list of the Financial Action Task Force (FATF), and the European Commission (EC) keeps a list as well. The FATF keeps track of high-risk countries. They maintain two lists:
- One contains countries against which the FATF has issued a ‘public statement’
- One of countries for which the FATF has identified strategic AML (Anti Money Laundering)/CFT (Counter Terrorism Financing) deficiencies
The public statement list is also divided into two parts:
- Countries against which other countries must take countermeasures
- Countries against which other countries must take stricter measures
Countermeasures mean that disciplinary action is taken against a country. An example of this is North Korea.
In the fourth Anti-Money Laundering Directive, the European Commission (EC) stipulated that the Commission itself would also designate high-risk countries. The main difference between the EC list and the FATF list is that the FATF will remove countries from the list if they have proven to have built up an adequate AML/CFT system. The EC does not remove countries from their list.
If a customer's company is located in one of the high-risk countries, or if the customer is a tax resident of one of these countries, it will be required to conduct enhanced customer due diligence.
The central insolvency register contains details of bankruptcies, moratoriums, and debt rescheduling of natural and legal persons.
Adverse media, or negative news, is defined as any form of unfavourable information found across a variety of news sources. This includes both traditional news outlets and unstructured sources. There are various risks associated with doing business with individuals or companies with an adverse media profile. One of the reasons you should investigate the existence of adverse media is that it could reveal that a customer or company was involved in money laundering, financial fraud, drug trafficking, organised crime, etc.
There are risks associated with working with a company that employs a disqualified director, or with a customer who is a disqualified director themselves. This company or customer could receive a civil directors' disqualification order, which offers the possibility of disqualifying under civil law a director who engages in bankruptcy fraud or has committed mismanagement during the period leading up to a bankruptcy. The disqualified director may then no longer manage legal entities.
In the Netherlands, there are two financial supervisors:
- De Nederlandsche Bank (DNB, The Dutch Bank)
- The Autoriteit Financiële Markten (AFM, the Netherlands Authority for the Financial Markets)
The DNB supervises the financial structure of institutions and the expertise and integrity of the directors of institutions. The AFM monitors how financial institutions treat their customers. For example, to monitor that they don't provide consumers with misleading information.
De risico-inschatting bepaalt het type cliëntenonderzoek
Risk assessment determines the level of customer due diligence
After you have checked whether your customer is named on the above lists or registers, you can make a risk assessment. This risk assessment decides the level of customer due diligence you will need to conduct. There are three levels of customer due diligence:
For example, if the level of risk is assessed as low, you may apply simplified customer due diligence. If the customer has previously been investigated by another party, it is not essential to repeat the steps they took; however, it is wise to do this anyway, and make a new risk assessment. After all, you don't know how long ago this investigation by the other party was carried out, or whether it was carried out correctly.
Er zijn drie soorten cliëntenonderzoeken; eenvoudig, standaard en verscherpt
Simplified customer due diligence
Simplified customer due diligence can be applied when a risk assessment has shown a low risk of money laundering or financing of terrorism. Contrary to what was previously the case, the current AMLD no longer specifies cases where simplified customer due diligence is sufficient. You will have to do your own research and provide evidence of low risk. To prove that the risk is low, an institution must take into account the “non-exhaustive list of factors and types of evidence of potentially lower risk” prepared by the European Parliament and Council. This annex mentions, among other things, public companies listed on a stock exchange which meet certain requirements, and public administrations or enterprises.
The fourth Anti-Money Laundering Directive no longer identifies cases in which simplified customer due diligence may always be applied. If, after investigation, the risk level has been assessed as low, a simplified customer due diligence will suffice.
Standard customer due diligence
In the vast majority of cases you will apply standard customer due diligence. Standard customer due diligence requires you to do the following:
- The client's identity must be determined, verified and recorded;
- The identity of the ultimate beneficial owner (UBO) must be determined, verified and recorded;
- The purpose and nature of the transaction/order must be determined and recorded;
- It must be determined whether a customer acts on behalf of themselves or on behalf of another;
- If necessary: it must be determined whether a natural person representing the client is authorised to do so;
- The customer must be continuously monitored and checked.
Enhanced customer due diligence
If the risk of money laundering or financing of terrorism is high, the institution must apply enhanced customer due diligence. Based on a risk assessment, prior to entering into a business relationship or conducting a transaction, you must determine whether such a higher risk exists. Factors for high risk include:
- Your customer is a politically exposed person (PEP), a relative of a PEP, or an associate of a PEP;
- The country in which the customer resides or is located has been designated as a high-risk country by the EC or FATF. High-risk countries are countries with a higher risk of money laundering or financing of terrorism;
- If it concerns a transaction or business relationship with a higher risk of money laundering or financing of terrorism. An example of this is a crypto transaction.
The level of your customer due diligence therefore depends entirely on the risk assessment. Risk assessment is extensive and time consuming. With the development of the CDD On Demand solution, SCOPE FinTech Solutions wants to support and simplify both risk assessment and the UBO investigation. In mere seconds, you will receive a certified report about your customer. The CDD On Demand solution automatically requests data about the relevant person or company from various sources. The person or company is audited on eight different points, ranging from PEP and sanction lists to insolvency. Based on this report, you can make the correct risk assessment and continue with customer due diligence. The CDD On Demand solution also supports you in customer due diligence, for example by automating the UBO investigation and continuous monitoring, so that you can focus on what is really important: your customer.