Source of Funds and Source of Wealth in Private Wealth Management Thematic Review 2019

Source of Funds / Source of Wealth in the Private Wealth Management sector Thematic Review – 2019 Published: 7 July 2020

i Executive Summary During the second half of 2019, the Commission undertook a thematic review to assess the measures firms in the private wealth management sector apply to establish the Source of Wealth (“SOW”) and Source of Funds (“SOF”) of their high risk customers. Establishing and understanding a customer’s SOW and SOF is an important part of the due diligence process undertaken as a customer is taken on. Consequently, the importance of maintaining an understanding of a customer’s SOF and SOW throughout the lifecycle of the customer relationship, particularly where new monies enter the relationship, cannot be overstated. Done effectively it can assist a firm in satisfying itself that it is not handling the proceeds of crime and therefore mitigate the risk of money laundering (“ML”) and the financing of terrorism (“FT”). Done poorly it exposes the firm and the Bailiwick to the increased risk of facilitating financial crime. Guernsey’s National Risk Assessment (“NRA”) reinforced that the main money laundering (“ML”) threats are from illicit financial flows, from foreign criminality such as fraud, including tax evasion, bribery and corruption. These crimes reduce domestic resources and tax revenue which are needed to fund economic development. International attention on money laundering’s costs is likely to intensify as countries count the cost of tackling the Covid-19 pandemic. 47 firms took part in this thematic, including private banks, trust and corporate service providers, investment managers and lawyers. We reviewed the SOW, SOF and beneficial ownership records of 107 high-risk relationships, 30% of which were with foreign politically exposed persons. We were heartened to find that 90% of firms ask all customers at client take-on how they made their money and all firms periodically considered the plausibility of their customers’ SOW and SOF. Remediation programmes were set for six of the firms we visited where deficiencies in establishing and understanding SOW and SOF were identified. One firm was referred to the Enforcement Division for further investigation because the deficiencies were particularly severe. These six firms, which operate in a sector with significantly more high risk customers than other parts of the industry, did not apply a risk based approach to corroborating SOW and SOF of their customers. They tended to take explanations of wealth at face value, in what the Commission considered to be some extremely high ML/FT risk relationships. Issues we identified also included an over reliance on open source information to corroborate the often sketchy information which had been provided,

ii indicating a reluctance to bother the customer or the third party for more information or documentary evidence to support the explanation. By contrast, those firms with good controls calibrated how much they should corroborate SOW and SOF information against the high risks factors identified within the particular business relationship. This report reflects the findings from a broad spectrum of large and small firms providing services in a higher risk part of Guernsey’s financial services industry. I hope the report will be useful to all regulated firms within the Bailiwick when seeking to assure themselves that their own controls are, and remain, effective and relevant to their business, particularly where their services or products are offered to customers, which have a similar risk profile to that of Guernsey’s private wealth management sector. We appreciate the energy and effort put in by the firms who met representatives of the Financial Crime Division, on handling our comments and questions on this important topic. Fiona Crocker 7 July 2020

iii Glossary of Terms AML/CFT - Anti-Money Laundering and Countering the Financing of Terrorism Board - The Board of Directors or equivalent or the senior management, where it is not a body corporate. Customer - A person or legal arrangement who is seeking to establish or has established, a business relationship with a financial services business, or to carry out or has carried out, an occasional transaction with a financial services business. CEP – Commercially Exposed Person ECDD – Enhanced Customer Due Diligence FATF – Financial Action Task Force Financial Crime Division - The Commission’s Financial Crime Division Firm - A financial services business which conducts business in, or from within, the Bailiwick of Guernsey and is subject to the requirements of the Schedule and the Handbook. Handbook – Handbook on Countering Financial Crime and Terrorist Financing ML - Money Laundering NRA – Bailiwick of Guernsey 2019 National Risk Assessment report on Money Laundering and Terrorist Financing OFAC – Office of Foreign Assets Control (US Treasury) PEP - Politically Exposed Person SOF – Source of Funds: the activity which generated the particular funds for a business relationship or occasional transaction SOW – Source of Wealth: the activities which have generated the total net worth of the customer or beneficial owner both within and outside a business relationship The Commission - The Guernsey Financial Services Commission The Schedule – Schedule 3 to the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999 FT – Financing of Terrorism

iv Contents Executive Summary .................................................................................................................................. i Glossary of Terms................................................................................................................................... iii Scope ....................................................................................................................................................... 1 Approach ................................................................................................................................................. 2 Rationale for Thematic ........................................................................................................................ 2 Regulatory requirements .................................................................................................................... 4 Analysis ................................................................................................................................................... 5 Establishing and Understanding Source of Wealth and Funds .......................................................... 5

1. Gathering information from the customer ................................................................................. 5
2. Applying a risk based approach to corroborating SOW and SOF ............................................... 6 PEP relationships ............................................................................................................................. 8 Sources of corroborating SOW and SOF ....................................................................................... 12
3. A Sense Check ........................................................................................................................... 16 Reviewing SOW and SOF ............................................................................................................... 17 Conclusion ............................................................................................................................................. 19

1 Scope The purpose of this thematic review was to:

1. Identify what practices firms in Guernsey’s private wealth management sector apply to establish and understand a customer’s SOF and SOW;
2. Gauge the adequacy of current practices; and
3. Share areas of good and poor practice with the wider financial services industry, to assist in the interpretation of what reasonable measures are in the context of establishing and understanding a customer’s SOW and SOF, across a number of different high risk customer scenarios. The thematic review consisted of two stages:
4. A questionnaire was sent to 47 firms, asking for details of the measures they apply to establish and understand their customers’ SOW and SOF; and
5. On-site visits to 22 of these firms to gain a more detailed and practical understanding of their processes to establish and understand their customers’ SOW and SOF. The onsite visits consisted of a meeting with representatives of the Board and the compliance function to ask further questions on the process for establishing and understanding customers’ SOW and SOF. We reviewed the ECDD and beneficial ownership documentation for an average of five high risk customers per firm. In total, 107 high risk rated customers were reviewed, 32 of them connected to a foreign PEP. The Commission also considered whether information held on SOW and SOF for each relationship was consistent with the firm’s understanding of who the customer was and, where relevant, the beneficial owner. Whilst we did identify customer relationships where measures to establish and understand SOW and SOF fell short, we found no cases which caused us to question the identity of the customer or the beneficial owner, reinforcing our very positive findings from last year’s thematic review on beneficial ownership.

2 Approach The Commission uses thematic reviews as a tool to gather information on industry practices, or to assess risk on specific subjects or controls. On occasion, as in the case of this exercise, a thematic review can be used to respond to a recurring theme arising from general supervision. The firms which took part in this review represented both large and small firms. A breakdown of the classification of those firms surveyed and visited is as follows1 :

Onsite visit participants were chosen based upon factors such as the number of high risk relationships they have, their responses to the questionnaire, as well as relevant risk areas as identified in Guernsey’s NRA. Rationale for Thematic The NRA reinforced that the Bailiwick’s greatest ML risks stem from the laundering of proceeds of crime from foreign criminality, with two of the underlying offences most likely to be bribery and corruption. The sectors which are most vulnerable comprise those which make up the private wealth management sector of private banks, trust and corporate service providers, investment managers and, as this sector’s work commonly supports private wealth management structures or transactions, the legal sector. These sectors have proportionally more high risk and PEP relationships than other sectors of the Guernsey finance industry and they service high value structures.

1 All graphs contained within this report are based on the information and statistical data contained within the 47 responses to the thematic questionnaire, in combination with data obtained from the annual Financial Crime Risk Return. The practical examples are based upon a combination of those responses and the findings from the on-site visits.

3 Risk Rating Industry Sector Higher Private Banking & Trust and Corporate Services Medium Higher Retail Banking & Investment Management/Advisory/Execution Only Medium Legal & Collective Investment Schemes Medium Lower Life Insurance & Pensions; Accountancy E-casinos & NRFSBs Lower Captive Insurance; Reinsurance & Insurance Linked Securities Real Estate Agents; Dealers in Precious Metals & Registered NPOs Much Lower General Insurance Figure 1: Money Laundering residual risk ratings for regulated sectors in Guernsey. Source: Bailiwick of Guernsey 2019 National Risk Assessment. The Commission chose this topic because it had identified through its general supervision that there was considerable variation in the interpretation of what ‘reasonable measures’ were in establishing and understanding a customer’s SOW and SOF. All firms where deficiencies in SOF/SOW had been identified through normal supervision had to remediate those customer relationships within a certain timeframe and, depending on the severity of those deficiencies, some firms had to commission third party reviews to assess their remediation work. In a few cases, over the last few years, where the deficiencies were severe, they were referred to the Commission’s Enforcement Division for further investigation. In 2018 and 2019 the Commission has sanctioned two firms for serious AML/CFT deficiencies, which included SOW and SOF failings. One firm placed undue reliance on the assertions being made by high risk customers regarding the source of their wealth or funds, without obtaining supplemental documentary information to support these claims. The other firm failed to effectively scrutinise the source of funds for a transaction involving a high-risk business relationship – the firm was concerned that the source of funds may be linked to a sanctioned entity but due diligence to confirm the legitimacy of the funds was not received until after the transaction took place.

4 Regulatory requirements Mandatory ECDD measures, which must be applied to high risk relationships (including all foreign PEPs), include “taking reasonable measures to establish and understand the source of any funds and of the wealth of – (A) the customer, and (B) the beneficial owner, where the beneficial owner is a PEP2 .” Whereas it is mandatory to apply SOW and SOF measures, the legislation and rules in the Handbook do not prescribed the specific measures. This allows firms to apply a risk-based approach to the application of measures to establish and understand SOW and SOF. The Commission has issued guidance in Section 8.3 of the Handbook on what constitutes reasonable measures for the purposes of establishing and understanding SOW and SOF. This guidance explains that the firm should have regard to the particular risk factors present within a business relationship or occasional transaction. For firms in the private wealth management sector, no two customers are likely to present identical risk factors. This means that the measures to be taken for each customer must be tailored to the risk factors present within that relationship. Where the risk factors are higher for example where the value of the assets under administration is high, their provenance opaque, and the customer is connected to sensitive economic activity, the level of independent corroboration of the information provided by the customer will need to be greater than where the customer has transparent SOW arising from, for example, well publicised lower risk economic activities. Section 3.17.1 of the Handbook identifies a large number of customer risk factors to assist firms in determining where the risk might be higher. It is important for all firms to understand the difference between SOW and SOF. The source of funds refers to the activity, which generated the particular funds for the business relationship or occasional transaction. Source of wealth is distinct from source of funds and describes the activities which have generated the total net worth of the customer or beneficial owner, both within and outside of the business relationship, i.e. those activities which have generated a customer’s or beneficial owner’s net assets and property. The SOF for a business relationship or occasional transaction is sometimes overlooked in establishing the client’s SOW. Establishing and understanding both SOW and SOF is important, as both elements

2 http://www.guernseylegalresources.gg/CHttpHandler.ashx?id=70902&p=0, page 202, paragraph 5(3)(a)(iii)

5 complement each other. Whilst a firm may not be handling all the assets of a customer3 , understanding how the totality of those assets were acquired and the overall net wealth of the customer enables the firm to take an informed view on the veracity of the origins of the funds that it will be handling. Conversely, establishing and understanding the SOF will help to build and confirm the origins and plausibility of the customer’s overall wealth, or highlight discrepancies in that information, as well as guarding the firm from directly handling criminal proceeds. Analysis Establishing and Understanding Source of Wealth and Funds One way to meet the requirements in the Handbook is to consider the process of establishing and understanding the SOW and SOF of customers as a three step process:

1. Gathering SOW and SOF information from the customer;

2. Applying a risk-based approach in determining the extent to which that information is corroborated, which is commensurate with the risk factors present in the relationship ; and

3. Conducting a check that the information and documentation obtained under steps 1 and 2 make sense in light of all the information the firm knows about the customer from its wider due diligence including open source checks.

4. Gathering information from the customer

3 A lawyer advising on a private wealth structure or transaction is unlikely to receive the funds that will form part of that structure or transaction. Even though the funds do not pass through its client account, reasonable measures to establish and understand SOW and SOF will still apply to those funds within the structure or in the transaction the lawyer is advising on. Do you ask all customers, irrespective of risk rating, how they generated their total wealth?

6 Most firms seek information on the SOW of all their customers during the on-boarding process, with a significant number of respondents also asking their customers how they generated the funds specific to the business relationship. This is important information to consider as part of the risk assessment and highly relevant for firms operating in the private wealth management sphere, as they are exposed to a greater risk of ML from foreign predicate offences such as bribery and corruption. Therefore taking steps to gather information on both SOW and SOF for all potential customers is a sensible step to assess the risk posed by the customer. It was encouraging to see this because the Handbook identifies taking steps to establish and understand SOW and SOF as an enhanced measure, which should be taken when a firm provides private banking services, or is dealing with non-resident customers or customers which are personal asset holding vehicles, regardless of the risk the firm attributes to these relationships. We are therefore reassured that the majority of firms are doing this for all customers. 2. Applying a risk based approach to corroborating SOW and SOF After collecting initial information from the customer on their SOW and SOF, the next step is determining the extent to which that information should be corroborated by further information and/or official documentation from the customer and/or reliable external sources, in order to assist the firm in ascertaining that it will not be handling the proceeds of crime. Do you ask all customers, irrespective of risk rating, how they generated the funds specific to the business relationship / occasional transaction?

7 Across all sectors surveyed, there was a broadly even split on whether firms i) required the same level of SOF and SOW corroboration for all of their high risk customers, or ii) applied a risk based approach. As stated in the Executive Summary, the deficiencies we identified were in the firms which did not apply a risk based approach. If firms take the first approach they risk setting the bar too low and obtaining insufficient corroboration for those high risk customers where the risks are much higher, or risk setting the bar too high whereby it becomes overly resource intensive relative to the higher risk factors present in the relationship. Taking a risk based approach in obtaining corroborating documentation enables a firm to flex the extent to which SOW and SOF information from the customer is corroborated to the risks present in the relationship and deploy its resources more effectively. Those firms which applied a risk-based approach provided examples of the types of customers where they would require additional corroboration. This generally involved the identification of high risk factors in the relationship and considering what ECDD was needed to mitigate the specific risks identified. Examples of high risk customer factors where more corroboration was necessary included:  customers who are PEPs or CEPs;  customers who are the subject of adverse media;  customers with wealth/activities emanating from jurisdictions with reported higher levels of corruption and less established AML/CFT regimes; Do all of the firm's high risk customers require the same level of corroboration to establish SOF and SOW?

8  customers who have generated their wealth in industry activities where bribery and corruption is more commonplace, for example in the minerals and hydrocarbon extraction industries; and  customers where there is very little information about how they have generated their wealth and the entities / companies involved in the public domain. This is a poor practice example where a firm had failed to follow its own policy to consider all pertinent risk factors when determining what SOW and SOF corroboration is required. A common trend identified throughout the files we reviewed was the firm’s overt reliance on open source information to corroborate short SOW statements provided by its customers. Whilst open source searches can be useful when corroborating information provided by the customer, in this case the firm relied too heavily on this without seeking information from other sources, particularly when there was little open source information to support the statements made by some of its highest-risk customers. In one case, the firm used open source information to confirm statements made by a high risk customer that his wealth emanated from the sale of mining companies operating in a higher risk country. Those sources confirmed the customer’s connection to the companies but the firm did not obtain any information or documentation on the sale value of those companies, how their sale contributed to the customer’s overall wealth or how he had originally acquired these businesses. Without taking these additional steps, the firm has failed to adequately demonstrate that it had established and understood its customers SOW or SOF. PEP relationships Guernsey’s NRA reports that foreign PEPs are usually involved in the corruption cases that the Bailiwick has dealt with. PEP relationships can present a particular challenge for firms in managing and mitigating the risks of handling the proceeds of corruption, as the PEP’s involvement may be masked by the use of a family member or close associate. Guernsey’s NRA reflects that: AREA FOR IMPROVEMENT:

9 “the most likely modality of laundering the proceeds of foreign corruption involves the holding or management of assets that result from or are otherwise linked to illicit enrichment by PEPs. The asset values are often very significant and it is common for the assets in question to be held in the name of a close relative4 …” Therefore accurately establishing and understanding the SOW and SOF of PEPs, and particularly those of a family member or a close associate of a PEP, is extremely important. Within the Guernsey framework, both the immediate family members of a PEP and a close associate also fall within the definition of a PEP. The FATF, to whose standards for combatting money laundering and terrorist financing the Bailiwick adheres, has issued guidance5 surrounding establishing and understanding the SOW and SOF on PEPs: “Information about the source of wealth and source of funds is useful for ongoing due diligence purposes. When conducting ongoing due diligence of the business relationship, it is important for financial institutions … to ensure that the level and type of transactions are consistent with the institution’s knowledge of the PEP’s source of wealth and source of funds. The aim is to ensure that the reason for the business relationship is commensurate with what one could reasonably expect from the PEP, given his/her particular circumstances. When making this determination, the following factors should be taken into account: the current income of the PEP; sources of wealth and funds which could be explained from previous positions, business undertakings, and family estates. Where the level or type of activity in the business relationship diverges from what can be reasonably explained, given the knowledge of the PEP’s source of wealth and source of funds, prompt further assessments of the situation should be undertaken. The outcomes of that assessment should determine if the business relationship is to be established or maintained, or whether further steps would be necessary, such as termination of the business relationship and/or filing STRs to the financial intelligence unit (FIU).”

4 https://gov.gg/nra – page 42, paragraph 4.12 5 https://www.fatf-gafi.org/media/fatf/documents/recommendations/Guidance-PEP-Rec12-22.pdf

10 We asked private wealth management firms: The Commission is encouraged to note that the majority of firms apply a higher threshold for establishing and understanding SOW and SOF when a PEP is involved in the customer relationship. Fiduciary respondents in particular explained that the PEP’s role, seniority and level of influence were key considerations during the risk assessment on SOW and SOF and in the determination of appropriate mitigants to address the risks. These firms would consider the nature of the prominent function held by the PEP, the seniority of the position, access to or control of public funds, publically disclosed salaries and register of interests and the nature and responsibilities of the position (such as the awarding of licences), resulting in higher thresholds that are commensurate with the level of perceived, or actual risk. For some firms this would include requesting a specialist agency report investigating on the ground sources of information, such as local registries and media, to build a profile of the customer. It must be noted that the provision of a third party report on a PEP or other high risk customer in itself is only as good as the level of consideration a firm gives to the information within it. The Commission noted a few examples where firms had obtained such a report and appeared to have simply filed it away without giving due consideration to any of the new information or risk factors provided or the conclusions drawn. A number of respondents across all sectors surveyed explained that they had internal committees (comprising of senior management and/or compliance and risk functions) which would hold specific PEP reviews, in which consideration of the level of independent information and official documentation to corroborate SOW and SOF formed a key decision making element in whether to accept / maintain the relationship. This is a practice the Commission would encourage. Is there a higher threshold for determining what reasonable measures are when a PEP is the customer or the beneficial owner of the customer?

11 This example highlights the effective measures one firm took to satisfy itself about the legitimacy of the SOW and SOF of a PEP, who in this case was a retired senior member of the judiciary in a high risk jurisdiction. The customer provided the firm with a SOW and SOF declaration that his wealth was generated from career earnings, together with corroborating documentation in the form of personal bank statements from across his period of employment showing salary receipts. The firm confirmed through an open source check that he had held that role, and checked the accuracy of information provided by the customer against open source information on the salary bands for the country’s judiciary, which provided the firm with additional independent evidence from which to determine that customer’s wealth was legitimate. This example shows the value of requesting information directly from the customer when an impasse is reached with the customer’s advisor. A firm administered a joint venture investing in a high-end luxury European residential development. One of the beneficial owners was an ultra-high net worth individual from a higher risk jurisdiction, which the firm had classified as a PEP due to political connections in his home jurisdiction, who also held a role on the country’s sovereign wealth fund. The firm’s point of contact was through a specific adviser based in a large global financial centre. The firm took reasonable measures to establish and understand the customer’s SOW and SOF at the beginning of the relationship, which included provision of a specialist third party report. The firm undertook detailed consideration of the contents of the report, including an assessment of whether the relationship was within its risk appetite. When the venture came to the end of its economic life, the firm questioned if the vehicle was still needed. Its queries were initially rebuffed by the advisor, but when the firm escalated its requests to the customer’s family office, that office made significant efforts to explain to the firm why the structure was still required. This culminated in representatives of the firm visiting the family office and meeting with the customer to discuss face to face the information the firm required. Following this the firm were able to gather further information, which CASE STUDY: CASE STUDY:

12 included details on the source of new funding of the structure. Accordingly the firm decided to maintain the structure and all its subsequent information requests were satisfied without delay. It is not unusual for access to an extremely wealthy and influential individual, particularly when they are PEPs, to be the preserve of a close adviser or small group of advisers. This example shows the benefits of persevering with an issue where a customer’s adviser may, for whatever reason, seek to limit access to the customer or beneficial owner. It also shows the benefit to a firm of being able to forge direct contact with the customer to establish an ongoing dialogue. Sources of corroborating SOW and SOF Documentation and information to corroborate the customer’s SOW and SOF can be obtained from a variety of sources. This table highlights the most common sources for corroborating SOW and SOF: Description Source A Financial information, such as bank statements / inheritance documents / contracts of sale, etc. Customer sourced B Audited financial statements C Information provided by the firm’s group entities with an existing business relationship Third party sourced D Information from professional adviser, such as an introducer, solicitor, accountant or tax adviser etc. E Specialist agency report F Open source internet searches and public filings Open source Figure 2: Common sources of corroboration documentation

13 How much and what information will be required will depend on the complexity of the structure and types of risk present in the relationship. The extent to which a firm can rely on public source information and documentation to corroborate the customer’s SOW and SOF will also differ. It could be feasible on grounds of risk to rely on open source where there is high degree of transparency of SOW, because the customer’s wealth is well documented and emanates from lower risk sources; for example a best-selling author. Questions to the customer on the specificities of the SOF would likely be appropriate, but could feasibly be supported by open source material. On the other hand, open source searches are unlikely on their own to be sufficient if the customer holds a senior position or owns a private company about which there is little authenticated public information. Where such a company operates in a higher risk industry and/or jurisdiction it is imperative that the firm takes these additional factors into account when determining that it is satisfied that it has established and understands the customer’s SOW and SOF. Whilst the most appropriate source for information for corroboration purposes will vary depending on the risk factors within the customer relationship, including the level of transparency over the origins of SOW and SOF, seeking information and documentation directly from the customer was commented on positively by Moneyval during its 2015 assessment6 : “Financial institutions appear to ascertain the source of funds and wealth mainly through responses from customers to enquiries about their source of funds and wealth. Most internal AML procedures reviewed by the assessors contained very comprehensive guidance on the details of information details to be obtained for each type of fund or wealth source.”

6 https://rm.coe.int/report-on-fourth-assessment-visit-anti-money-laundering-and-combating-/16807160f3 - paragraph 625 How do you most commonly corroborate SOW information for high risk customers?

14 However, this same report also noted that the assessors had gained the view that this information was requested ‘rather infrequently’ by some firms, as: “… the internal procedures do not clearly specify in which instances it would be considered mandatory to obtain evidence with respect to the customers’ responses regarding the source of funds and wealth7 .” The Commission thinks it sensible that firms clarify in their procedures that when certain high risk factors are present in a relationship, documentary evidence should be sought. This is a positive example of a firm utilising Group based resources. This firm relied primarily upon relationship managers employed by its off-island parent as a conduit for contact with its customers. The Commission had previously raised issues over its corroboration of SOW/SOF information in an earlier supervisory engagement. The firm worked with the Commission to put in place a process to facilitate timely access to accurate and reliable customer information from the parent entity, which included a letter of commitment from the parent entity to provide CDD and ECCD information upon request. These changes meant that it could press the Group based relationship managers to provide information quickly if, for example, as part of a risk review it identified a change in the customer’s circumstances through adverse media. The firm also sought to enhance the relationship managers’ understanding of Guernsey’s AML/CFT requirements by providing quarterly training, which served to strengthen the practices agreed in the letter of commitment. When a firm relies on another group entity to provide documentation and information about a customer because it is the primary relationship manager, it is important that it sets clear expectations on what it considers to be acceptable documentation and information and the service level standards to work to.

7 https://rm.coe.int/report-on-fourth-assessment-visit-anti-money-laundering-and-combating-/16807160f3 - paragraph 626 CASE STUDY:

15 In this example, the firm had not adequately considered the value of the information and documentation that it had obtained when corroborating its customer’s SOW and SOF. The customer cited that his SOW and SOF were professional fees from his consultancy company specialising in a sensitive industry, in higher risk countries, all of which are higher risk factors. To corroborate the customer’s SOW, the Firm obtained a copy of a consultancy service agreement between the customer and his own consultancy company, signed by the customer’s son in his capacity as a Director of the consultancy company. Regarding SOF corroboration, the firm obtained a certified copy of the customer’s bank statement. This statement confirmed the client had funds, but there was no narrative on the statement to explain the origin of the funds in the bank account. In this example the Commission would have expected the firm to have sought information on the ownership of the consultancy company and applied one or, depending on the information it contained, more of the following measures in order to assist it establish and understand the customer’s SOW and SOF:  obtaining audited financial statements of the customer’s consultancy company to ascertain the fees it earnt and its value to compare with information it held about the customer’s net worth and SOF the firm would be managing;  a list of firms to whom the customer’s services had been provided, the value of the contracts for these services, and a description of the services provided, which could further be supported by a copy of a service contract between the consultancy company and third party company;  open source searches including company and business registers to confirm the business profile of the company and/or the nature of the customer’s connection to the company as a shareholder, director and/or consultant employee. Obtaining additional information would have afforded the firm the opportunity to corroborate the customer’s explanation of wealth with data that was independent of the customer’s sphere of influence. AREA FOR IMPROVEMENT:

16 3. A Sense Check We suggest that firms adopt a sense check to see if all the information and documentation it has obtained makes sense in light of what it knows about the customer from its wider due diligence. A firm would be wise to ask itself “does this all make sense?”

In this positive example, a firm found that obtaining additional corroborating documentation from a secondary source assisted it in ‘sense checking’ the information provided by the customer. The firm had assessed a customer as high risk based on the following factors:  The customer fell with the definition of a PEP by virtue of being a close associate to a PEP;  Residence in a higher risk jurisdiction;  Ownership of oil and gas companies (a sensitive industry), from which the customer’s wealth derived; and  The customer had stated in the application that SOF came from ‘earnings and investment’. In order to corroborate the customer’s SOF statement, the firm obtained salary and bonus information from the customer’s current flagship company, as well as a list of previous positions held. In addition, to corroborate the customer’s statement that earnings came from ‘investments’, the firm obtained a list of the customer’s current investments and their value from the firm managing the investments, as well as information on past investments, to gauge whether that supported the customer’s claimed wealth generation. The firm then undertook a sense check of this information and documented its consideration that it was comfortable that the funds it was managing were not the proceeds of criminal activity. The Commission would encourage all firms to consider the information they have collated and question whether the value and economic origin of a customer’s wealth, and of the funds they will be managing, are consistent with what they know about the customer and make sense. CASE STUDY:

17 Reviewing SOW and SOF The Commission was interested in understanding how often a firm would consider if the information it holds on SOW and SOF remained sufficient to ensure that the firm still understood its customer’s SOW and SOF, particularly if new funds were received into an existing structure8 .

The Commission was encouraged to find that all firms review the SOW and SOF during periodic reviews, with the majority also conducting a review as a result of trigger events. The Commission would encourage all firms to consider if, based on the nature of the trigger, a review of the SOW/SOF information held is appropriate. Examples given where firms would require a review of SOW and SOF include:  Funds received from a new source;  A change in the expected activity within the administered structure ;

8 This data does not include the legal sector as it generally engages with customers on a one-off basis to advise on a structure / transaction. How is SOW / SOF information reviewed? (Collective data) How is SOW / SOF information reviewed? (Sector data)

18  A change in customer risk rating; and  Adverse media about the customer. We identified some firms who considered SOW and SOF together, rather than giving separate consideration to each component. In our experience firms which consider SOW and SOF together invariably focus on overall wealth but then run the risk of overlooking the origin of the funds which it will be handling and which may change the risk profile of the relationship. This occurred in the following example. A firm had a high risk customer whose SOW was transparent and it could be corroborated, through open source searches, that the customer had accumulated wealth through commercial real estate development, initially in the UK and Ireland. However, the customer’s commercial property interests had recently expanded into Eastern Europe, where a number of countries have higher levels of corruption. The firm had documented the customer’s SOF as the bank account from which the funds had been sent, but made no enquiry with the customer as to the origin of the specific funds it would be handling, whether emanating from its established operations in the UK and Ireland or from Eastern Europe. An example where a firm determined that it required additional corroboration due to a change in customer activity was noted during the onsite visits. Outside of the trust and company structure that the firm managed and administered, the customer managed his own investments. The firm identified that the customer had started investing in a product which had an inherently higher associated ML risk, which resulted in the Firm reassessing the overall risk rating of the customer to high risk. The firm reviewed the SOW and SOF information that it held and determined that, based on this new risk factor, additional information was required. Upon consideration of this additional information, the CASE STUDY: AREA FOR IMPROVEMENT:

19 firm was satisfied that any funds deriving from this higher risk activity did not increase the money laundering risks to the firm. The Commission would encourage all firms to ensure that their monitoring controls are effective in detecting changes to client activity which would impact the overall risk rating of the customer and the risk appetite of the firm. Conclusion This thematic reviewed the practices of the sectors most exposed to the threat of laundering illicit funds, where multiple high risk factors are likely to be present. Whilst not all sectors share this risk profile, the Commission would encourage all firms to apply a risk-based approach to establishing SOW and SOF which is calibrated to take account of risk factors associated with the customer, the customer’s economic activity, country connections and what and how the firm’s products and services are delivered. There are extensive examples of these factors in section 3.17 of the Handbook to assist firms. If measures to establish and understand a high risk customer’s SOW and SOF are to be effective and meet the requirements in the Handbook, the Commission encourages all firms, regardless of their sector, to undertake the following steps at the commencement of the relationship and when significant new funds are received: 1- Ascertain at the outset how the customer generated his or her total net worth and that of the particular funds to be used in the business relationship or transaction; 2- Take into account the various risk factors present within the relationship (including customer, country, product/service and deliver channel risks, and their cumulative impact) in considering the extent to which this information should be corroborated by further information and official documentation from the customer, appropriate third parties and/or independent open source information, 3- Finally, consider if this make sense against what the firm knows about the customer and the intended purpose and rationale for the business relationship or occasional transaction.