Regulatory Alerts2019-12-23
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations
The Norwegian Financial Supervisory Authority issued this guidance to clarify the obligations of accounting firms and individual accountants under the Money Laundering Act. It mandates the implementation of risk-based internal controls, including the appointment of a money laundering responsible person, comprehensive staff training, and regular enterprise-wide risk assessments. The document further details specific requirements for customer due diligence, enhanced measures for high-risk clients, and procedures for reporting suspicious transactions to the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime.
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations
FINANS TILSYNET Postboks 1187 Sentrum 0107 Oslo
CIRCULAR: 15/2019 DATE: Published 23.12.2019. Corrected 20.01.2020.
THE CIRCULAR APPLIES TO: Accountants Accounting firms
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations 2 | Finanstilsynet
Contents 1 Introduction 4 1.1 General 4 1.2 Scope of Application 4 2 Organisation 5 2.1 Money Laundering Responsible Person 5 2.2 Training 6 2.3 Internal Control and Compliance Officer 7 3 Risk-based Approach, Risk Assessment and Procedures 7 3.1 Risk-based Approach 7 3.2 Enterprise-wide Risk Assessment 8 3.2.1 Introduction 8 3.2.2 Details on Content 9 3.3 Procedures 12 3.3.1 Requirements for the Accounting Firm's Anti-Money Laundering Procedures 12 3.3.2 Content of the Procedures 13 4 Customer Due Diligence 16 4.1 Duty to Conduct Customer Due Diligence 16 4.2 Purpose and Intended Nature of the Customer Relationship 16 4.3 Duty to Make Copies and Verify Correct Copies of Identification Documents 16 4.4 Verification of Identity – Legal Persons 17 4.4.1 Lookup in or Printout from Register or Company Certificate 17 4.4.2 Requirements for Organisation Number and Registration Duty 18 4.4.3 Natural Persons Acting on Behalf of the Customer 18 4.5 Verification of Identity – Natural Persons 18 4.5.1 General 18 4.5.1.1 Identification Documents 18 4.5.1.2 Electronic Identification 19 4.5.1.3 Verification of Identity without Personal Appearance 19 4.5.2 Persons Acting on Behalf of the Customer 20 4.5.2.1 Verification of Identity 20 4.5.2.2 Confirmation of Authority to Act on Behalf of the Customer 20 4.5.3 Verification of Identity when the Customer is a Natural Person 20 4.6 Verification of Identity – Ultimate Beneficial Owners 20 4.6.1 Purpose 20 4.6.2 Identification and Verification 21 4.6.3 Understanding the Customer's Ownership and Control Structure 21 4.6.4 Documentation 22 4.7 Simplified Customer Due Diligence 22 4.8 Enhanced Customer Due Diligence 23 4.8.1 Risk Factors 23 4.8.2 Which Measures Should Be Carried Out? 23 4.8.3 Customer Due Diligence towards Customers Who Are Themselves Reporting Entities 23 4.9 Enhanced Customer Due Diligence – Politically Exposed Persons (PEPs) 24 4.10 Ongoing Monitoring 25 4.11 Customer Due Diligence Performed by Third Parties 26 5 Rejection and Termination of Customer Relationships 26
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations Finanstilsynet | 3
6 Investigation and Reporting 27 6.1 Duty to Investigate 27 6.2 Duty to Report 28 6.3 Prohibition on Disclosure 29 6.3.1 General Principle 29 6.3.2 Exceptions – Relationship to Accounting Legislation 29 6.4 Carrying Out Suspicious Transactions 30 7 Requirements for Systems Enabling Rapid and Complete Responses to Authorities 30 8 Processing of Information 31
Editorial Note 20.01.2020: Finanstilsynet has made certain minor corrections to this circular: These are in section 2.3 (page 7), in 4.4.3 (page 18), in 4.5.1.1 (page 19), in 4.5.2 (in the heading on page 20), in 4.5.2.1 (page 20) and in 4.7 (page 22).
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations 4 | Finanstilsynet
1 Introduction
1.1 General
Services offered by accountants are suitable for preventing and detecting all involvement in proceeds from criminal activities (money laundering) and financing of terrorist activities, terrorist organisations or individual terrorists (terrorist financing). Accounting firms and accountants who operate accounting businesses as sole proprietorships (both referred to as accounting firms) therefore play an important role in protecting the financial and economic system and society as a whole.
This circular is intended as guidance to help understand the obligations that an accounting firm and those who perform work for the accounting firm have under the Money Laundering Act. The circular also contains a more detailed discussion of what follows from good accounting practice under Section 2, second paragraph of the Accounting Act when the customer is a reporting entity. The circular replaces Circular 4/2017.
The guidance does not provide a complete overview of all obligations under the Money Laundering Act. When it comes to a closer interpretation of how certain provisions are to be understood, reference is made to Finanstilsynet's general guidance to the Money Laundering Act – Circular 8/2019. 1
Obligations under the Money Laundering Act also apply to existing customer relationships that were entered into before the law came into force.
1.2 Scope of Application
The Money Laundering Act applies to accounting firms and accountants in the exercise of their profession. This means that all accounting firms are covered by the law. Accountants who are employed in other businesses are not covered by the law.
Several of the obligations under the Money Laundering Act apply to the accounting firm (at the "firm level"). Reference is made in particular to the requirement for enterprise-wide risk assessment, establishment of internal procedures, appointment of a money laundering responsible person and training. Other obligations must be fulfilled by the person responsible for the assignment on behalf of the firm (at the "assignment level"). This applies, for example, to the implementation of risk classification of the current customer and the implementation of initial customer due diligence and ongoing monitoring. It is also the person responsible for the assignment and the employees who must investigate further matters that may indicate that the customer is involved in money laundering or terrorist financing. It is the accounting firm that must report to Økokrim (the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime).
Finanstilsynet assumes that all services where an authorised accountant is responsible for the execution of the assignment on behalf of the accounting firm will be covered by the Money Laundering Act. Also services that are performed by persons other than authorised accountants on behalf of the accounting firm will be covered by the Money Laundering Act even if the service itself is not subject to authorisation requirements under the Accounting Act.
Examples of such services are: • a-meldinger (employer's returns) • tax returns for private individuals • preparation of VAT compensation returns • payroll services • invoicing services • IT services • advisory services (e.g., tax, corporate or investment advice) • tax representation • execution of due diligence assignments in connection with acquisitions and mergers
If the accounting firm offers business services, the services are subject to the anti-money laundering regulations on this basis regardless. See further on this in the Money Laundering Act §§ 2 letter j), 4 second paragraph letter b) and § 42 and information on Finanstilsynet's website, 2 which deal with business services.
2 Organisation
2.1 Money Laundering Responsible Person
A money laundering responsible person must be appointed, cf. Money Laundering Act § 8, fifth paragraph, who shall: • be a person in management • have sufficient experience, competence and drive to make decisions related to the firm's measures against the risk of money laundering and terrorist financing • have specific responsibility for developing and following up anti-money laundering procedures, including that the procedures are complied with in the firm • have overall responsibility that matters that may indicate money laundering or terrorist financing are investigated and that information about suspicious matters is forwarded to Økokrim if necessary • be a resource and contact person for the firm and its employees on the anti-money laundering area
The appointment of a money laundering responsible person does not exempt the accounting firm's top management from the responsibility they have for the business under general company law, including responsibility for compliance with the Money Laundering Act.
In smaller accounting firms, Finanstilsynet assumes that the money laundering responsible person must be a person in the top management, i.e., the managing director or board member. In sole proprietorships, the owner will be the money laundering responsible person. If the money laundering responsible person is not part of the top management, the firm must justify why another solution has been chosen. The justification must be sound and can be documented. The money laundering responsible person cannot be the same person as a possible compliance officer, see section 2.3.
The money laundering responsible person may delegate work tasks to others in the firm, but cannot delegate the responsibility as the money laundering responsible person has under the Money Laundering Act.
If a risk assessment of the business's scope and nature indicates this, cf. section 3.2.2 below, the suitability of the money laundering responsible person must be assessed, cf. Money Laundering Act § 35, second paragraph, letter b). In these cases, as a minimum, the money laundering responsible person's competence, experience and personal suitability must be assessed. It is not necessary to obtain a police certificate.
Regarding the money laundering responsible person in a group context, see section 3.2.2 in Finanstilsynet's general guidance to the Money Laundering Act (Circular 8/2019).
2.2 Training
The accounting firm is obliged to ensure that employees and others who perform assignments for the firm are given sufficient training, cf. Money Laundering Act § 36. What is considered sufficient will depend on the services the accounting firm offers, the size of the firm and the risk that the firm can be used as part of money laundering and terrorist financing. The individual employee's role, responsibility and tasks will have significance for what training is considered sufficient. The training program must always be up to date.
The training must be given so that employees and others who perform assignments for the firm are familiar with the firm's risk exposure and obligations under the Money Laundering Act, and are enabled to recognise matters that may indicate money laundering and terrorist financing. As a minimum, the accounting firm must give employees training in: • What money laundering and terrorist financing are
It is fundamental that each employee has good knowledge of what money laundering and terrorist financing are. Without knowledge of money laundering and terrorist financing, it will be difficult for the individual employee to detect matters that may indicate that funds are connected to money laundering or terrorist financing.
• Knowledge of own firm – including possible vulnerabilities of the firm
Employees must have good knowledge of why the accounting firm can be vulnerable to being used as part of money laundering or terrorist financing. Examples can be how the firm is organised, different technological systems used, that some services delivered are more susceptible to being used as part of money laundering or terrorist financing, and whether the firm has outsourced parts of the anti-money laundering work.
• Knowledge of the type of customers the firm has – possible threats to the firm
Each employee must further be aware of the threats that can be directed against the accounting firm, including in particular which types of customers, including PEPs (politically exposed persons), that the accountant must have extra attention directed towards.
The accounting firm must give training in indicator lists and characteristics that are relevant for the employees. The training must be updated as criminal trends change.
The National Intelligence Service (NTAES) has prepared a list of "Indicators of Suspicious Transactions for Reporting Entities within Accounting and Auditing". Other relevant indicator lists may also be conceivable. For members of Regnskap Norge, this will be available on their member site. 3
Members of Økonomiforbundet will have access to the indicator list on the union's website. 4
• Accountants' obligations under the Money Laundering Act
Each employee must be aware of the obligations under the anti-money laundering regulations. The firm's procedures will be indicative of which topics are relevant.
Training must be given to all new employees and regularly to all employees, so that necessary knowledge is maintained. Training does not necessarily have to take place annually, unless the training program is updated. How often training should take place for each employee etc. also depends on their responsibility and role in the accounting firm. For example, the persons affected by changes in an anti-money laundering procedure must be given new training.
The firm's board and management must also receive training that reflects their role and responsibility for the firm's compliance with the anti-money laundering regulations.
The firm must be able to document that the training obligations have been fulfilled.
2.3 Internal Control and Compliance Officer
The accounting firm must ensure through internal control in the business that the anti-money laundering regulations are observed, cf. Money Laundering Act § 35, second paragraph. See further on the requirement for internal control in section 3.3.2.
If the nature and scope of the firm indicate this, a compliance officer must be appointed. This must be decided based on a concrete assessment. Finanstilsynet assumes that it is only in the largest accounting firms that it is necessary to assess the need to appoint a compliance officer.
3 Risk-based Approach, Risk Assessment and Procedures
3.1 Risk-based Approach
The accounting firm must have a risk-based approach in the development of enterprise-wide risk assessment, procedures and in customer due diligence.
It is not permitted to deviate from the regulations even if the risk is assessed as low, but low risk can be significant for which measures must be implemented.
1 https://www.finanstilsynet.no/nyhetsarkiv/rundskriv/2019/veileder-til-hvitvaskingsloven/ 2 https://www.finanstilsynet.no/konsesjon/tilbyder-av-virksomhetstjenester/ 3 https://www.regnskapnorge.no/ 4 https://www.okonomiforbundet.no/
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations 8 | Finanstilsynet
3.2 Enterprise-wide Risk Assessment
3.2.1 Introduction
All accounting firms must conduct an overall risk assessment, cf. Money Laundering Act § 7. It is the accounting firm's own risk profile that must be mapped. Even if templates for risk assessments prepared by industry associations and others are used as a starting point, these must be adapted to the individual accounting firm. The risk assessment must be documented.
The enterprise-wide risk assessment is important because it forms the basis for which procedures are established in the firm. The procedures are again important for implementing measures to counteract the risk and ensure that the accounting firm's work against money laundering and terrorist financing is responsibly organised, and that sufficient attention is directed towards this work in the execution of individual assignments. Furthermore, the enterprise-wide risk assessment forms the starting point for the risk classification of each customer. This is necessary to determine whether the customer should be subject to enhanced customer due diligence, and which risk-reducing measures must be implemented. A thorough enterprise-wide risk analysis is important for the firm's resources to be allocated to the areas where the risk of money laundering and terrorist financing is highest.
The enterprise-wide risk assessment consists of identifying and understanding threats to the accounting firm (external factors) and vulnerabilities in the firm (internal factors), and the significance of these.
The scope of the risk assessment will vary depending on the size, risk exposure and complexity of the accounting firm, cf. Money Laundering Act § 7, fourth paragraph. For smaller accounting firms with a simple and clear service offer and customer segment, the risk assessment can be less extensive, but can never be omitted. Larger accounting firms that offer many different services to different customer groups, with exposure to different risk-prone industries and geographical areas, will have to conduct more extensive risk assessments.
Most firms will have a customer portfolio where some customers pose a higher risk that the accounting firm will be used as part of money laundering or terrorist financing than others. One of the purposes of the risk assessment is to have a good overall overview of the risk in the portfolio. This means that the accounting firm must identify customers with higher risk to ensure that these can be subjected to a stronger control regime. This will put the firm in a better position to prioritise customer due diligence, and can detect possible money laundering or terrorist financing.
A development trend that affects accountants' ability to detect money laundering is increased use of information technology. Manual bookkeeping of documents is taken over by machine processing. This means that the basis for the accountant's concrete assessment of whether a transaction is suspicious may become weaker.
The risk assessment must be updated regularly. A renewed assessment must be made annually, or more frequently if necessary. The need to update the risk assessment may arise in the following cases: • the accounting firm launches new services, • there is new knowledge about methods and trends for money laundering and terrorist financing that are used by criminals, • the accounting firm's accumulated knowledge and experience indicate a need for updating,
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations Finanstilsynet | 9
• the anti-money laundering regulations change.
The risk assessment and changes to it must be documented. The overall risk assessment must be set by the accounting firm's top management, which is the board and the managing director.
3.2.2 Details on Content
The accounting firm must have knowledge of what money laundering and terrorist financing are. Without knowledge of money laundering and terrorist financing, it will not be possible to assess the risk that the firm itself can be misused by criminals for these purposes.
As a minimum, all accounting firms must have a risk assessment that covers the points in Money Laundering Act § 7, second paragraph, letters a) to d).
Internal Factors The risk assessment must reflect internal factors in the accounting firm that make the accounting firm vulnerable to being exploited as part of money laundering and terrorist financing.
Own business, including the nature and scope of the business – letter a) The following factors regarding the firm itself can be a vulnerability that increases the risk of being used as part of money laundering or terrorist financing: • Number of employees and competence level of these, organisation and turnover. New employees or employees with a low competence level can be a vulnerability that requires increased follow-up and training. The same applies the larger the firm is. For example, branch offices spread over a larger geographical area can lead to vulnerability for lack of follow-up, coordination and training. • Use of technology. Technology can be deficient, for example, electronic systems containing checklists for acceptance of customer relationships may contain deficiencies or incorrect programming. Also new technology that is put into use must be assessed against the anti-money laundering regulations. • Outsourcing. Outsourcing leads to vulnerability because the contracting party is not necessarily familiar with, or has attention directed towards, the anti-money laundering regulations. It is the accounting firm that is responsible for ensuring that the obligations under the Money Laundering Act are observed. The accounting firm must therefore assess whether the persons or companies to which tasks have been outsourced have sufficient knowledge and competence to fulfill the obligations in the anti-money laundering regulations for the assignments that are outsourced. • Closeness to the customer. If there is a closeness to or dependence on customers, this can increase the vulnerability that the accountant does not carry out all mandatory customer due diligence. A closeness that can make the firm vulnerable is, for example, that the business is operated in a small place where the customer, or persons acting on behalf of the customer, are known, either as a result of business cooperation or in a private context. A limited customer base can also be a vulnerability because it can lead to not all mandatory customer due diligence being performed for fear of losing income.
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations 10 | Finanstilsynet
The firm's products, services and customer relationships – letter b) The vulnerability to being exploited as part of money laundering and terrorist financing will vary depending on which services are delivered. The accounting firm must therefore identify and assess which factors regarding the individual services offered can make the firm vulnerable to being used as part of money laundering or terrorist financing.
The accounting firm must have an overview of all services it delivers, and an understanding of which customers are covered by the Money Laundering Act, cf. above in section 1.2.
The firm must assess how each service delivered can be vulnerable to being used as part of money laundering or terrorist financing. For new services, the risk assessment must be made before they are launched.
An example that can constitute a vulnerability that increases the risk that the accounting firm can be used as part of money laundering or terrorist financing concerns payment orders. Where the accountant has authority to charge the client's account, the accountant can actually contribute to money laundering or terrorist financing, which will constitute a threat. Such customer assignments may require enhanced customer due diligence, cf. Money Laundering Act § 17.
External Factors The risk assessment must reflect external factors that constitute threats that the accounting firm can be exploited as part of money laundering and terrorist financing. This means that the accounting firm must know its clients.
Type of customers and customer groups – letter c) • Natural persons The category includes several groups, e.g., Norwegian citizens, foreign citizens, incapacitated persons etc. Increased threat may exist alone or in combination with other factors, including that the person is a politically exposed person (PEP), comes from, or is resident abroad, is known to be criminal, has connections to tax havens, or uses proxies.
• Politically Exposed Persons – PEP The customer, the person acting on behalf of the customer, or the ultimate beneficial owner, is a politically exposed person. The category also includes close family members5 and known associates6 to politically exposed persons. The threat is linked to the laundering of proceeds from corruption.
• Ultimate Beneficial Owners If the ultimate beneficial owners of the customer turn out to be established in high-risk countries, it requires particular attention from the accountant. Reference is made to Finanstilsynet's overview of high-risk countries. 7
5 Money Laundering Act § 2 letter g) 6 Money Laundering Act § 2 letter h) 7 https://www.finanstilsynet.no/tema/hvitvasking-og-terrorfinansiering/geografisk-risiko--oversikt-over-listeforte-land/
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations Finanstilsynet | 11
• Persons listed on sanctions lists Customers, persons representing customers or ultimate beneficial owners who are on the UN or EU lists of persons or organisations suspected of participating in terrorist financing, can constitute a threat to the accounting firm, see the Ministry of Foreign Affairs' "freeze guide". 8
• Criminal persons connected to customers Central persons in the management of the customer or ultimate beneficial owners have a criminal background, are members of a group engaged in crime, or are close relatives of criminals, can constitute a threat. The threat can e.g. be
8 https://www.regjeringen.no/no/tema/utenrikssaker/sanksjoner/frysveileder/id2335044/
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations 12 | Finanstilsynet
related to money laundering of proceeds from crime. The firm must assess the risk associated with such customers and implement appropriate measures.
• Customers in high-risk countries Customers established in countries with weak anti-money laundering controls or high levels of corruption pose a higher risk. The firm must assess the risk and implement enhanced due diligence measures.
• Cash-intensive businesses Customers operating in cash-intensive businesses may pose a higher risk of money laundering. The firm must assess the risk and implement appropriate measures.
• Complex legal structures Customers using complex legal structures may pose a higher risk of money laundering. The firm must assess the risk and implement appropriate measures.
• Non-profit organisations Non-profit organisations may pose a higher risk of terrorist financing. The firm must assess the risk and implement appropriate measures.
• Virtual assets Customers using virtual assets may pose a higher risk of money laundering or terrorist financing. The firm must assess the risk and implement appropriate measures.
3.3 Procedures
3.3.1 Requirements for the Accounting Firm's Anti-Money Laundering Procedures
The accounting firm must establish procedures for complying with the Money Laundering Act. The procedures must be documented and available to employees. The procedures must be updated regularly to reflect changes in the law, the firm's business, and the risk landscape.
3.3.2 Content of the Procedures
The procedures must cover at least the following: • Customer due diligence, including identification and verification of identity, understanding the purpose and intended nature of the business relationship, and ongoing monitoring. • Risk assessment, including enterprise-wide risk assessment and customer risk classification. • Reporting of suspicious transactions to Økokrim. • Internal control and compliance monitoring. • Training of employees. • Record keeping. • Management of conflicts of interest. • Handling of information and confidentiality.
The procedures must be proportionate to the firm's size, complexity, and risk profile. Smaller firms may have simpler procedures, but must still comply with all legal requirements.
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations Finanstilsynet | 13
4 Customer Due Diligence
4.1 Duty to Conduct Customer Due Diligence
The accounting firm must conduct customer due diligence when establishing a business relationship, carrying out an occasional transaction, or when there is suspicion of money laundering or terrorist financing.
4.2 Purpose and Intended Nature of the Customer Relationship
The accounting firm must understand the purpose and intended nature of the customer relationship. This includes understanding the customer's business activities, source of funds, and the reason for using the accountant's services.
4.3 Duty to Make Copies and Verify Correct Copies of Identification Documents
The accounting firm must make copies of identification documents and verify that the copies are correct. This applies to both natural persons and legal persons.
4.4 Verification of Identity – Legal Persons
The accounting firm must verify the identity of legal persons by obtaining information from official registers or company certificates.
4.4.1 Lookup in or Printout from Register or Company Certificate
The accounting firm must obtain a lookup in or printout from the Norwegian Business Registry (Brønnøysundregistrene) or equivalent official register in other countries.
4.4.2 Requirements for Organisation Number and Registration Duty
The accounting firm must verify that the customer has a valid organisation number and is registered in the relevant register.
4.4.3 Natural Persons Acting on Behalf of the Customer
The accounting firm must verify the identity of natural persons acting on behalf of the customer and confirm their authority to act on behalf of the customer.
4.5 Verification of Identity – Natural Persons
4.5.1 General
The accounting firm must verify the identity of natural persons using reliable, independent source documents, data, or information.
4.5.1.1 Identification Documents
Acceptable identification documents include passports, national ID cards, driver's licenses, and residence permits.
4.5.1.2 Electronic Identification
Electronic identification methods that meet the requirements of the eIDAS regulation are acceptable.
4.5.1.3 Verification of Identity without Personal Appearance
Verification of identity without personal appearance is permitted if reliable electronic identification methods are used or if other secure methods are employed.
4.5.2 Persons Acting on Behalf of the Customer
4.5.2.1 Verification of Identity
The accounting firm must verify the identity of persons acting on behalf of the customer.
4.5.2.2 Confirmation of Authority to Act on Behalf of the Customer
The accounting firm must confirm the authority of the person to act on behalf of the customer.
4.5.3 Verification of Identity when the Customer is a Natural Person
The accounting firm must verify the identity of the natural person customer.
4.6 Verification of Identity – Ultimate Beneficial Owners
4.6.1 Purpose
The accounting firm must identify and verify the identity of the ultimate beneficial owners of the customer.
4.6.2 Identification and Verification
The accounting firm must identify the ultimate beneficial owners and verify their identity using reliable, independent source documents, data, or information.
4.6.3 Understanding the Customer's Ownership and Control Structure
The accounting firm must understand the customer's ownership and control structure to identify the ultimate beneficial owners.
4.6.4 Documentation
The accounting firm must document the identity of the ultimate beneficial owners and the ownership and control structure.
4.7 Simplified Customer Due Diligence
Simplified customer due diligence may be applied in low-risk situations, as defined by the Money Laundering Act and this guidance.
4.8 Enhanced Customer Due Diligence
4.8.1 Risk Factors
Enhanced customer due diligence must be applied in high-risk situations, including customers from high-risk countries, PEPs, and complex legal structures.
4.8.2 Which Measures Should Be Carried Out?
Enhanced measures include obtaining additional information, verifying the source of funds, and obtaining senior management approval for the business relationship.
4.8.3 Customer Due Diligence towards Customers Who Are Themselves Reporting Entities
The accounting firm must assess the risk when the customer is itself a reporting entity and apply appropriate measures.
4.9 Enhanced Customer Due Diligence – Politically Exposed Persons (PEPs)
Enhanced customer due diligence must be applied to PEPs, including their family members and close associates. This includes obtaining senior management approval, taking reasonable measures to establish the source of wealth and source of funds, and conducting enhanced ongoing monitoring.
4.10 Ongoing Monitoring
The accounting firm must conduct ongoing monitoring of the business relationship, including ensuring that documents, data, and information obtained for the purpose of customer due diligence are kept up to date and are relevant for the risk assessment.
4.11 Customer Due Diligence Performed by Third Parties
The accounting firm may rely on third parties to perform customer due diligence, but remains responsible for ensuring that the due diligence is performed correctly. The firm must obtain necessary information from the third party without delay.
5 Rejection and Termination of Customer Relationships
The accounting firm must reject or terminate customer relationships if customer due diligence cannot be performed or if there is suspicion of money laundering or terrorist financing.
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations Finanstilsynet | 15
6 Investigation and Reporting
6.1 Duty to Investigate
The accounting firm must investigate matters that may indicate money laundering or terrorist financing. This includes assessing the customer's activities, source of funds, and purpose of the business relationship.
6.2 Duty to Report
The accounting firm must report suspicious transactions to Økokrim. Reports must be made without delay and must contain all relevant information.
6.3 Prohibition on Disclosure
6.3.1 General Principle
The accounting firm and its employees must not disclose to the customer or any third party that a report has been made or that an investigation is being conducted.
6.3.2 Exceptions – Relationship to Accounting Legislation
There are exceptions to the prohibition on disclosure in certain circumstances, such as when required by law or when necessary for the purpose of the investigation.
6.4 Carrying Out Suspicious Transactions
The accounting firm must not carry out suspicious transactions unless permitted by Økokrim. If a transaction is suspected to be related to money laundering or terrorist financing, the firm must report it and not proceed with the transaction.
7 Requirements for Systems Enabling Rapid and Complete Responses to Authorities
The accounting firm must have systems and procedures in place to enable rapid and complete responses to requests from authorities regarding anti-money laundering matters.
8 Processing of Information
The accounting firm must process personal information in accordance with data protection regulations and the Money Laundering Act. Information must be kept confidential and secure.
Editorial Note 20.01.2020: Finanstilsynet has made certain minor corrections to this circular: These are in section 2.3 (page 7), in 4.4.3 (page 18), in 4.5.1.1 (page 19), in 4.5.2 (in the heading on page 20), in 4.5.2.1 (page 20) and in 4.7 (page 22).
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations 16 | Finanstilsynet
1 https://www.finanstilsynet.no/nyhetsarkiv/rundskriv/2019/veileder-til-hvitvaskingsloven/ 2 https://www.finanstilsynet.no/konsesjon/tilbyder-av-virksomhetstjenester/ 3 https://www.regnskapnorge.no/ 4 https://www.okonomiforbundet.no/ 5 Hvitvaskingsloven § 2 bokstav g) 6 Hvitvaskingsloven § 2 bokstav h) 7 https://www.finanstilsynet.no/tema/hvitvasking-og-terrorfinansiering/geografisk-risiko--oversikt-over-listeforte-land/ 8 https://www.regjeringen.no/no/tema/utenrikssaker/sanksjoner/frysveileder/id2335044/
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations Finanstilsynet | 17
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations 18 | Finanstilsynet
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations Finanstilsynet | 19
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations 20 | Finanstilsynet
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations Finanstilsynet | 21
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations 22 | Finanstilsynet
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations Finanstilsynet | 23
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations 24 | Finanstilsynet
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations Finanstilsynet | 25
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations 26 | Finanstilsynet
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations Finanstilsynet | 27
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations 28 | Finanstilsynet
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations Finanstilsynet | 29
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations 30 | Finanstilsynet
Guidance on Accountants and Accounting Firms' Compliance with Anti-Money Laundering Regulations Finanstilsynet | 31