Know Your Client—Or Else
ARE POLITICALLY EXPOSED PERSONS TOO RISKY TO TAKE ON AS CLIENTS?
By Rhea Wessel
With the release of the Panama Papers and a tightening of anti-bribery and anti-corruption regulations around the world over the past decade, the risk posed by politically exposed clients has never been clearer. Financial firms and others who serve private clients must be increasingly effective in identifying and monitoring the activities of their clients— especially those of politically exposed persons (PEPs),
The potential liabilities are many. If an organization fails to comply with know-your-client (KYC) and due diligence requirements intended to uncover money laundering, bribes, and corruption, among other crimes, it could face lawsuits, loss of clients, reputational risk, share price drops, and crippling fines.
Along with the rising stakes, the cost and complexity of KYC rules are also on the rise, and they’re leaving customers with a sour taste.
Two surveys conducted in 2016 by Thomson Reuters indicate that the average costs financial firms must pay to meet their obligations are $60 million a year, with some spending up to $500 million on KYC and due diligence compliance. A parallel survey found that 89% of corporate customers had not had a good KYC experience, and 13% had changed their financial institution relationship as a result.
PEPs and those close to PEPs are frequently stereotyped due to high-profile cases involving the affairs of particular individuals. Often, PEPs have the allure of being high-networth individuals, but their ability to influence state coffers can make them suspicious. The thinking among law enforcement officials is that, in theory, a PEP’s influence could lead to more opportunities or temptation for wrongdoing than is available to other people.
But being a PEP doesn’t automatically make a client one of the bad guys, according to Amber D. Scott, founder of Outlier Solutions, a consultancy based in Toronto that is focused on anti-money-laundering (AML) services and strategies. “They’re just riskier as customers because they could be exposed to bribery or corruption, not because they necessarily have been,” says Scott. “Many PEPs are ideal clients and used to answering the additional questions that come with being a PEP.”
The Financial Action Task Force (FATF), established by the G7 Summit held in Paris in 1989, has a strong focus on combatting money laundering and terrorist financing. The FATF defines PEPs as “persons with prominent public functions.” More specifically, there are five categories: foreign, domestic, international organization, family members, and close associates. For many financial services firms, the greatest risk may come from foreign PEPs—individuals who have been entrusted with prominent public functions by a foreign country. Typical roles include such examples as heads of state or senior military officials. PEP due diligence became more frequently discussed in the 1990s after investigations revealed that Ferdinand and Imelda Marcos of the Philippines had hidden millions in illicit funds in Swiss bank accounts. Today, many organizations have adopted the FATF’s PEP definitions as a baseline.
Best practices for PEPs regarding cost-effective compliance and customer due diligence typically include having senior management sign off on all high-risk clients, keeping a robust and experienced compliance team, and mapping PEPs to ultimate beneficial owners. Firms also need to run regular client and transaction searches to look for anomalies and suspicious activity and maintain electronically verifiable proof of due diligence.
Other important practices include taking a tough stance up front, providing extra support to employees in identifying and reporting suspicious activities (no matter how small), monitoring risk ratings with effective data tools, and having in place a communications plan in case a client with ill will successfully misrepresents him- or herself to your firm or succeeds in cloaking questionable affairs.
“A CLEAR CODE OF CONDUCT”
In a segment titled “Anonymous, Inc.,” which aired 31 January 2016, the TV news program 60 Minutes showed via hidden camera how multiple New York–based lawyers reacted when they were asked to move highly questionable funds into the US. Global Witness, a UK nonprofit, made recordings of a fake prospect who wanted help moving funds into the country without revealing the identity of the client. The lawyers did not break any laws by hearing out the story of the prospect, which included implications that the funds were illicit, but only one lawyer outright refused to represent the fake client. Others went so far as to suggest ways to transfer the funds into the US.
Sending such messages about your firm’s position on questionable dealings is the wrong way to go, says Antonino Vaccaro, an associate professor of business ethics at University of Navarra’s IESE Business School.
“Be very clear and transparent about your zero-tolerance policy for people who are involved in bribes, corruption, or crimes of any sort,” says Vaccaro, who is also an expert witness specializing in corruption and is often asked to review contracts and company holding structures as part of investigations. “You need a clear code of conduct, and you may need to hire an investigator. But if you are very clear in your marketing, the criminals won’t knock on your door anyway.”
The reason the criminals will avoid highly ethical firms is simple. “People who are fraudsters are looking for professional criminals,” says Vaccaro.
DOCUMENT EVERYTHING
Christian Focacci, the CIO and co-founder of the AML technology startup TransparINT in New Jersey, says a common monitoring approach is one that is risk based and rooted in best practices. Risk-based approaches typically involve assigning risk scores to clients and monitoring them at different intervals, depending on the risk level.
Risk-based monitoring is recommended for investment advisers as well, even though investment advisers in the US are not actually required to maintain AML programs. The Financial Crimes Enforcement Network (FinCEN) did propose a rule in August 2015 to require AML compliance by registered investment advisers that would involve the filing of suspicious activity reports and currency transaction reports. The requirement comes with FinCEN’s proposal to include investment advisers in the definition of a “financial institution.”
In a 25 August 2015 press release, FinCEN Director Jennifer Shasky Calvery was quoted as saying, “Investment advisers are on the front lines of a multi-trillion-dollar sector of our financial system. If a client is trying to move or stash dirty money, we need investment advisers to be vigilant in protecting the integrity of their sector.”
In May 2016, FinCEN released final rules on AML compliance that covered “financial institutions” without addressing registered investment advisers. The outcome of the August 2015 proposal regarding advisers still remained to be decided. Some observers now expect FinCEN to take additional steps to include registered investment advisers in the definition of “financial institutions.”
Focacci’s company offers customers a screening tool that aggregates multiple data sources, such as government and global watch lists, and allows users to track and save historical searches so they can prove that specific searches were conducted on a particular day and that no relevant information was available at that time.
“We aggregate information in real time, and we have computers that are trained to look for information relevant to financial crime, such as arrests for money laundering or terrorist financing,” says Focacci. The tool is designed to be used as an input for, and in conjunction with, risk ratings.
CFA charterholders working at small firms who want or need to perform more customer due diligence may not have access to a large compliance and legal department, but there are some advantages. “One of the things that makes it very hard for these mega-banks to comply is the number of clients they have,” says Focacci. “When you’re a smaller shop, it’s not just knowing your client on paper. You know much more about them when it’s an informal relationship.”
That includes understanding your client’s motivation, according to Scott. “Investment advisers have some very interesting conversations with their clients in terms of the nature of their transactions and what they want to achieve,” Scott says. “Quite often, people who are doing something that is not 100% legal will talk about that. In those cases, you can’t un-know that.”
To protect your firm, she says, everything should be documented for use against any allegations of wrongdoing. This documentation should include the monitoring and escalation of any activities that seem like they may not be proper and the subsequent reporting of these activities to the appropriate authorities. For each firm, client, and transaction, the documentation may differ. “What exactly you need to do will depend on the nature of your business and the nature of the products and services that your PEP client is accessing,” Scott says.
DAMAGE CONTROL
As exposure to PEPs broadens through expanded definitions by authorities and increased informal media coverage, it is likely that many successful businesses will have PEPs as clients, according to Scott. If a client commits a crime, your firm will need to act quickly on the communications front to limit media damage.
Hagar Hajjar Chemali, an expert in AML and terrorism financing in the Middle East and the owner of Greenwich Media Strategies in Connecticut, provides strategic communications for her clients. Chemali says responses should be fast and clear: “If a report suggests your organization is involved in wrongdoing, first you must take action to investigate and rectify the matter and then you must respond by telling the truth about what you’re doing.”
In other words, communication is important at every stage, whether you’re looking into the matter yourself, working with the relevant authorities, or in the process of implementing measures to make sure it doesn’t happen again. “You’ll see companies make the mistake of not telling the truth,” Chemali says. “The public is too smart for that. Always be honest. If you don’t have the full story, that’s OK. Say you’re working to get the full story.”
With proper checks and balances, vigilance, and documented due diligence, it’s not necessary to avoid the PEP client group altogether. According to Scott, firms should instead be asking three questions: (1) What is the risk that PEPs truly pose to our business? (2) How do we effectively mitigate that risk? (3) Are our current methods of documentation and recordkeeping sufficient to prove that we have effectively mitigated the risk?
She adds: “Businesses that can answer these questions with confidence will reap the rewards.”