Anti-Money Laundering Risk Assessment: Performing a comprehensive AML Business Risk Assessment is very important to identify the money laundering and terrorist financing risks that the business is exposed to and develop adequate mitigation measures.
The business risk assessment is conducted basis the factors such as the type of customers, their legal structure, the geographies of the company’s business operations and that of the customers, etc.
To efficiently manage the potential ML/FT risk a customer can pose to the business, it is essential to understand each customer’s risk profile and deploy appropriate mitigative measures.
Such risk categorisation depends on several factors such as their identity, jurisdictions they are associated with, the nature of business, etc.
If Product is non-registered
- UL/whole life
- Segregated fund
- Endowment or annuity or
- Any plan with a lump sum payment of $100,000 or more
- Consider these higher risk.
Anti-Money Laundering Risk Assessment Questions
- Did the producer meet with the client? If “no”, this makes it high risk.
- If a money order was submitted, this is a higher risk.
- Does this sale involve trusts, corporations, foundations/charities?
Any complicated sale that makes it hard to figure out who’s doing what is a higher risk.
Is a lawyer, accountant, power of attorney or someone else acting for the client?
This kind of involvement is a higher risk.
Did producer identify that a 3rd party or PEFP is involved?
Always a higher risk. PEFP – Politically Exposed Foreign Person
If you know this producer’s usual business, does this sale seem to be unusual because of
- Much larger face amount or deposit amount
- Does the customer live outside of the producer’s usual geographic territory?
- Some other reason?
- No problem if you don’t know the producer’s business
- Does owner’s or payor’s occupation generate a lot of cash, if known? (i.e. variety stores, pizzerias, money service businesses, jewellers, metal dealers etc).
Cash businesses are higher risk than others.
Risk Assessment – Inforce Transactions
- Does an inforce transaction bump up cash value significantly?
- Is a lawyer, power of attorney, accountant or someone else acting for the client?
- Was a 3rd party or PEFP was involved in original sale? Is a 3rd party or PEFP involved now?
- Does transaction involve trusts, corporations, foundations, charities?
- Is this a change of banking, address, payor, owner or beneficiary?
All can be a sign of fraud/money laundering
– Is this a free look return?
- Is this an unplanned dump in or additional deposit?
- If a lump sum of $100,000 or more, has producer done PEFP determination?
Trust Your Gut
According to FINTRAC, “as a general guide, a transaction may be connected to money laundering or terrorist activity financing when you think that it (or a group of transactions) raises questions or gives rise to discomfort, apprehension or mistrust.”
You’re looking for things that seem out of the normal.
Escalate to Compliance Officer
- All PEFPs, all non-registered charities
- Advisors who specialize in high cash value policies
- Any time a producer’s business doesn’t seem right
- Whenever the answers or other information available cause staff to be concerned about what is being attempted with application or inforce transaction.
Suspicious Transaction Reports (STATRs) to FINTRAC
We are required to:
- Submit within 30 days of having reasonable grounds to suspect a transaction/attempted transaction relates to money laundering or terrorist activity financing offenses. No minimum dollar threshold.
- Take reasonable measures to ascertain the identity of the person making/attempting the transaction unless we believe this would tip the person off. We can’t disclose to the customer (or producer) that we have filed a report.
- Keep a copy of any STATRs we file.
- This is why we risk-assess the business that comes in.
Common Suspicious Transaction Indicators – The Client:
- Doesn’t want mail sent to home address.
- Uses same address but changes recipient’s name.
- Is very interested in internal systems, controls, policies.
- Home or business phone has been disconnected or there is no such number when contact is attempted after account opening.
- Insists on quick transaction.
- Frequent transfers among client’s products.
- Inordinate delay in presenting incorporation documents.
- All identification is foreign or newly issued.
Other Indicators – (Particularly if There are Other Red Flags)
- Cheque offered is drawn on an account other than client’s personal account.
- Free look return.
- Transaction involves payments coming from outside of Canada.
- Using life insurance like a bank account, with frequent premium payments and partial withdrawals.
- Early surrender.
Terrorist Group or Listed Property Reports to FINTRAC
- Compliance Officer will report to FINTRAC if our MGA has property in its possession or control that it (or an associated person) knows is owned or controlled by or on behalf of a terrorist group or listed person. This includes a premium payment., benefit payment, or policy.
- Criminal Code of Canada requires each Canadian, regardless of where residing, to disclose to CSIS and the RCMP the existence of property in that person’s possession or control that meets the criteria above.
- If anyone encounters any such circumstance, they may not complete or be involved in the transaction or attempted transaction. They must remove themselves from any involvement . The property might need to be frozen.
Time is of the Essence!! – Escalate Quickly!
- We only have a limited time to make any of the required reports before we’re in violation of rules, so don’t delay in notifying the Compliance Officer of your concerns.
- Better safe than sorry.
- Records must be retained for 5 years from the date created or from the date of the last transaction. Records must be in machine-readable form or in electronic form with a proper electronic signature. They must be provided to FINTRAC within 30 days after a request.
- (In fact, most policy records must be kept for 15 years past date of policy termination, according to insurers’ rules).
Client ID Records – Individual owners
For life, segregated fund and annuity policies where premiums paid over the life of the policy would reach $10,000 or more, an insurer and a producer must verify client identity by referring to valid original documents within 30 days and by creating a record that contains the Owner’s
- Date of birth
- Principal business or occupation.
- Advisor must also identify the “business relationship” with the customer – so check to make sure that the “purpose for insurance” is identified on the application.
Client ID and Beneficial Ownership – Corporate
ID Must be govt issued – information required includes Company’s:
- Name and address
- Name, address and occupation of all of the corporation’s directors)
- Information on ownership, control and structure of organization.
- Names and addresses of all direct or indirect beneficial owners (25% or more ownership) If unavailable, complete ID on most senior officer.
- Corporate ID (if missing, do a corporate search)
– If paper record, retain a copy
– If electronic record, corp.’s registration number, type of document and source of record.
Client ID – Trusts
- Name and address of all trustees and known beneficiaries and settlors of the trust.
- Information on ownership, control and structure of the trust.
Ownership by entities other than corporations
- Names and addresses of all beneficial owners
- Information on ownership, control and structure of the entity.
Our Client ID Procedures
- Insurers have embedded (most of ) the ID requirements on their applications.
- Check to make sure that all requirements are filled out
- Check make sure that insurer has asked all the necessary questions.
- Client means owner.
- Ensure that the advisor has identified the purpose of insurance, as this is the same as his “business relationship” with the owner.
Not-for-Profit Organization Record
If owner is a not-for-profit organization, record must indicate:
- whether the customer is a charity registered with CRA (check for CRA number) or
– a non-registered entity that solicits charitable financial donations.
Non-registered charities are higher risk. Escalate to the Compliance Officer.
3rd Party Determination Record
- Advisors must make every reasonable effort to determine if a policy owner is acting on behalf of a 3rd If so, a 3rd Party Determination Record must be created.
- An individual Record consists of:
- Principal business of the 3rd party
- Nature of the relationship between the policyowner and the 3rd
- Any suspicions of 3rd party involvement identified by the Advisor or staff.
- An entity or corporate Record consists of all above except DOB plus
- Incorporation number
- Place of incorporation
- Escalate 3rd party involvement to the Compliance Officer.
Politically Exposed Foreign Person (“PEFP”) Record
- For all lump sum payments of $100,000 or more for an immediate or deferred annuity or life policy if owner is identified as a PEFP:
- Source of funds used for the transaction
- The position that causes this person to be a PEFP
- Date PEFP status was determined
- Name of senior management who reviewed within 14 days.
- Date reviewed.
- Escalate all PEFPs to Compliance Officer immediately. They are always high risk and must be monitored.
Who Exactly is a PEFP – Politically Exposed Foreign Person?
Anyone who holds or has held one of these positions in a foreign country and their immediate family*:
- head of state or government
- member of executive council or legislature
- deputy minister
- ambassador, attache or counsel
- Military general (or higher)
- President of state-owned bank or company
- Head of government agency
- Leader of a political party in a legislature
- *spouse, partner, parent, child, sibling, spouse’s parent
What is our Procedure for Records, Client ID and Beneficial Ownership?
- Check all applications and change forms to make sure the Advisor has provided the required information.
- Check to make sure the insurer has actually included all the requirements.
- Email Advisor asking for missing information – don’t hold up processing unless insurer won’t accept without the information
- Retain a copy of the communications with the Advisor, as evidence of “reasonable efforts” to obtain the information
- Where corporate records/ID are incomplete, attempt to do a corporate search
- Escalate any higher risk or concerning cases immediately to the Compliance Officer
Ongoing Monitoring Required for all High Risks
- High cash value whole life, non-registered segregated funds
- Any policy with a premium of $xxx or more
- Unexpected large dump-ins
- Advisors who are
- New to the business
- New to the MGA
- Sell big, complicated cases or specialize in sales to professional corps.
- Customers who have red flags
- Country of origin or ties
- Cash businesses
- Known criminal connections
Risk Assessment for Anti Money Laundering
We do a corporate risk assessment at least every two years and client risk assessments daily.
- Our risk assessments take into account
- Product risk
- Channel risk
- Client risk
- Supplier risk
- Geographic risk
- Other risk
Ongoing Staff Training
- Staff training at least once a year
- Bring insurers in to do some training
- Advisors are directly subject to the Act, but offer training as a value added.
Regular Review of Policies and Procedures
- Policies and procedures represent “controls” that “mitigate” some of the risks of money laundering.
- We have to kick the tires of our program at least once every 2 years.