Guidance Note on AML/CFT Risk-Based Approach for the Accounting Profession

GUIDANCE NOTE ON AML/CFT RISK BASED APPROACH FOR ACCOUNTING PROFESSION ISSUED BY THE SPECIAL CONTROL UNIT AGAINST MONEY LAUNDERING 2019

2 Table of Contents 2. Risk-Based Approach for Accounting Profession .......................................................................4 2.1 Purpose and objective.....................................................................................................................6 2.3 Accounting Profession pipe-line diagram..................................................................................6 2.4.1 Vulnerability of Accounting Profession.....................................................................................7 3.0 Understanding of the RBA...............................................................................................................8 3.1 Components of the risk-based approach and risk profiling................................................10 3.2 Risk Factors.........................................................................................................................................10 3.3 Risk Factors For The Accounting Profession........................................................................11 3.4 Modified risk Variables...................................................................................................................13 3.5 RISK SCORING ..................................................................................................................................14 ANNEXURES...............................................................................................................................................18 Annexure 1: Customer Risk Assessment......................................................................................18 Annexure 2: Customer on boarding lifecycle...........................................................................19

3 1.Background The Special Control Unit against Money Laundering (SCUML) has commenced implementation of the outcome of the Nigeria National Money Laundering/Terrorist Financing (ML/TF Risk Assessment)(NRA) concluded in 2016. The Assessment was conducted as a response to Recommendation 1 of the Financial Action Task Force 40 Recommendations. The Recommendation urges countries to identify, assess and understand their ML/TF risks and apply mitigating measures commensurate to identified risks. Following the conclusion of the Nigerian National Risk Assessment (NRA) exercise, the country developed a National Strategy from the findings of the NRA as contained in the National AML/CFT strategy 2018-2020. Accordingly, individual reporting entities or DNFIs are required to conduct an assessment of their own Money Laundering /Terrorist financing risk (ML/TF)in line with the risks identified in the NRA using customers, countries or geographic areas, products and services, transactions or delivery channels.1 Such as when on-boarding new customers, and throughout the relationship with each customer, Designated Non financial institutions are required to perform anti-money laundering (AML) and know-your-customer (KYC) risk assessments to determine a customer’s overall money laundering risk. In order to achieve the above objective of combating ML/TF, it is essential to have a clear understanding of the threats/vulnerabilities to the dealers in precious metals and stones in particular and the Designated Non-Financial Institution sector in general. Consequently, SCUML has developed an AML/CFT risk assessment template and information collection tool herewith attached for your guidance. Please note that SCUML is available to guide your understanding and utilization of the developed template and tool where required. 2.0 Risk-Based Approach for Accounting Profession Introduction

4 In today’s emerging risks and challenges, Designated Non Financial Businesses and Professions (DNFBPs) which is referred to as Designated Non- financial institutions (DNFIs) in S.25 of the Money Laundering Prohibition Act, 2011 as amended are seriously exposed to vulnerabilities of money laundering, terrorist financing and proliferation of weapons of mass destruction and consequently risk being sanctioned. It is therefore necessary to adopt preventive measures that will ensure effective application of mitigation measures .According to the Financial Action Task Force (FATF) 2019 RBA Guidance for accountants,2 was reviewed in order to bring it in line with the new FATF requirements and to reflect the experience gained by public authorities and the private sector over the years in applying the RBA. The revised version applies to professional accountants in public practice (hereinafter also referred to as “accountants” or “accountancy. Risk Based Approach (RBA)“Risk Based Approach in AML/CFT means the identification, Understanding and Assessment of ML/TF risks to which they are exposed and take AML/CFT measures commensurate to those risks in order to mitigate them effectively. This approach should be an essential foundation to efficient allocation of resources across the anti-money laundering and combating the financing of terrorism (AML/CFT) regime and the implementation of risk based measures throughout the FATF Recommendations. Based on the foregoing, Nigeria conducted her maiden National Risk Assessment (NRA) on Money Laundering/Terrorist Financing in 2016, the assessment covered the period between 2010- June 2016. The report findings revealed that the risk posed by Accounting firm rated is medium-high in Nigeria.3In line with Regulation 10(7) of Federal Ministry of Industry, Trade and Investment (Designation of Non-Financial Institutions and Other Related Matters) Regulations, 2013, it is required that Accounting Profession conduct their risk assessment and come up with measures to mitigate the risks thereof.

5 For the purpose of guidance, find below a risk based approach manual to guide the accounting Profession operations of the sector. 2.1 Purpose/Objective of the Guidance Note The development of guideline is in line with the FATF Recommendation 25 to assist DFNIs in applying national measures to combat money laundering and terrorist financing. The objectives of the guidance note include: o Understanding the vulnerability of the sector to ML/TF o Understanding of what risk-based approach involves o Principles involve in applying risk-based approach o Showcase good practice in the design and implementation of an effective risk-based approach 2.1 Vulnerability of Accounting Profession o Financial and tax advice o Company and trust formation o Buying and selling of properties o Performing financial transactions o Gaining introductions to financial Institutions 2.3 Understanding of the RBA Risk is defined as the possibility of some adverse event occurring and the likely consequences of this event. Risk is expressed as; • combination of threat and vulnerabilities Risk is also defined as Risk = Likelihood x Consequence

6 ML threat refers to The proceeds of crimes in a country which includes • The proceeds generated in the country (internal threat) • The proceeds that come from other countries (external threat) ML Threat Assessment should analyze • The frequency of predicate crimes that generate illicit proceeds • The scale of illicit proceeds in the country • The scale of ML in the country • ML methods and trends in the country TF threat • Refers to the scale of funds raised/ moved/used or utilized/transiting to support TF activities and groups Vulnerability • Is the state of being exposed to weaknesses and gaps in defense mechanisms against ML/TF, which can be at the national and/or sector level. A vulnerability assessment analyzes the following: • Lack of awareness, commitment, knowledge, resources • Weaknesses/gaps in AML/CFT laws and regulations • Weaknesses/gaps within institutional frameworks (FIU, police, judicial, etc.) • Weaknesses in infrastructures (ID infrastructure, STR collection and analysis) • Economic, geographical, or social environment factors • Low awareness and general or specific control mechanisms 2.4 Components of the risk-based approach and risk profiling Designated Non Financial Institutions are required to take appropriate steps to identify, assess, understand and mitigate their ML/TF. The assessment should be

7 documented. FATF Recommendation 1 is considered the groundwork towards the implementation of the risk-based approach: See figure 1 below: Figure 1: Risk based approach implementation Groundwork4 2.5 Risk Factors Accordingly, the main components that drive a risk assessment by the Designated Non financial institution are as recommended by the Wolfsberg risk￾based approach guidance has provided an insight on the approach by identifying these components that can assist in measuring the risk5. “Money laundering risks may be measured using various categories, which may be modified by risk variables. The most commonly used risk criteria are as follows: • Geographical/country risk • customer risk • Product and Services risk • Industry risk See figure 2 below for details: Identify the risk factors Assess the level of risk Understand the impact of the risk Mitigation plan Identify Assess Understand Take action

8 Figure 2: Risk Based Approach: Risk Factors 2.6 Risk Factors For The Accounting Profession The risk factors have been modified as seen below for the Accounting Profession for the purpose of conducting a risk based assessment in the sector. The list is non exhaustive. Customer Risk • Public quoted companies • Politicians(PEP) • Civil Servant • Business Person(type of business) • Foreigner/Resident • Unknown beneficial owner • Offshore companies • Lawyers, TCSPs • NGOs

9 Geography/Country Risk • Central Business District • Crime Prone Areas • State/Town/Country of buyer • Safe haven location for Terrorism • Safe haven location for Tax evasion • Commercial cities Industry/Sector Risk o Financial and tax advice o Company and trust formation o Buying and selling of properties o Performing financial transactions 3.1 Modified risk Variables It is important to identify the risk factors which will assist in defining the weight age or classification of the customer (weighted risk level) by listing each component and attributing a rating or score that will allow the risk rating. 3.1.1 Customer Risk In order to define the customer risk, the Designated Non-financial institution should understand the nature of the customer that should be rated based on its vulnerability to money laundering and terrorist financing (e.g., the AML/CTF risk would be higher for a PEP customer than for a civil servant). It can be difficult to effectively identify all high risk customers based on prevailing circumstances, it is therefore necessary that a thorough understanding of all the risks associated with the customers should be obtained prior providing a risk rate. 3.1.2 Country Risk

10 High-risk countries to ML/TF have been identified by many regulatory and advisory bodies such as the Financial Action Task Force (FATF), World Bank, Transparency International, United Nations, Office of Foreign Asset Control (OFAC) etc based on certain characteristics as stated below which can assist in understanding the level of risk such as the level of stability and corruption, terrorist and criminal activity. • Countries not having adequate AML/CTF systems • Countries subject to sanctions, embargoes issued by the U.N., EU and OFAC • Countries having significant levels of corruption or other criminal activities such as narcotics, arm dealing, human trafficking, illicit diamond trading, etc. • Countries identified to support terrorist activities, or have designated terrorist organizations operating within their country. 3.1.3 Product /Services Risk The risk level of products and services should be identified based on their vulnerability to money laundering and terrorist financing. E. g Products/services that involve trust and legal arrangements which is characterized by anonymity and high patronage by politically exposed persons (PEPs) can be determined as high risk and requires further scrutiny. 3.1.4 Industry The industry refers to the nature of business activities and related activities which typically involves financial transactions. Information on the ultimate beneficial owners on these transactions is often limited thus posing a risk.

11 3.2 RISK SCORING After the identification of the risk variables, the next stage is to develop a risk assessment by calculating the risk, based on the level of impact and threat considering the weight age and risk scoring in order to classify the risk properly. Attributing the risk rating should be in a numerical format. The DNFI can choose ranges from 1 to 5 with 1 being the lowest and 5 being the highest 100% 80% 60% 40% 20% 5 4 3 2 1 Very High High Medium Medium Low Low Risk Scoring 5 4 3 2 1 Risk Level Very High High Medium Medium Low Low Due Diligence Level EDD Simplified due diligence CDD Approval AML Committee CCO HOD Relationship Manager/Staff The first step in implementing RBA is identifying the risk factors and setting up risk scoring. The process can be simple or sophisticated depending on the size, nature of business and its complexity. The method should allow the integration of RBA with the Designated Non financial institution’s customer on-boarding process. Accounting Professions should do risk assessments of their business and developing appropriate risk mitigation policies.

12 4. SUSPICIOUS TRANSACTION REPORTING • The reporting of suspicious transactions or activity is critical to a country’s ability to utilize financial information to combat Money Laundering and Terrorist Financing. The Money Laundering Prohibition Act 2011 as amended and other legislation requires Designated Non Financial Institutions to file suspicious transaction reports when the need arises. See list of relevant sections of legislation: • Section 6(2)of the ML(P)A2011 as amended — • Section 14(1) of the Terrorism (Prevention) Act 2011 • Section 8(a) of the Terrorism (Prevention)(Amendment)Act 2013 • Regulation 8(1) of the Terrorism Prevention (Freezing of International Terrorists Funds and Other Related Measures)Regulations 2013 • Reg. 22 of the (FMITI) Federal Ministry of Industry Trade and Investment, AML/CFT Regulations 2013,SCUML • Where a legal or regulatory requirement mandates the reporting of suspicious activity as enshrined in the various legislation: o Section 6(2)of the ML(P)A2011 as amended o Section 14(1) of the Terrorism (Prevention) Act 2011 o Section 8(a) of the Terrorism (Prevention)(Amendment)Act 2013 o Regulation 8(1) of the Terrorism Prevention (Freezing of International Terrorists Funds and Other Related Measures)Regulations 2013 o Reg. 22 of the (FMITI) Federal Ministry of Industry Trade and Investment, AML/CFTRegulations2013,SCUML • Designated Non Financial Institutions are required when once a suspicion has been formed, to file a report and therefore, a risk-based approach for the reporting of suspicious activity under these circumstances is not applicable. All these instruments mandate reporting entities to file STRs to the NFIU via info@nfiu.gov.ng.

13 5. INTERNAL CONTROL SYSTEMS Many DNFIs differ significantly from financial institutions in terms of size. By contrast to most financial institutions, a significant number of DNFIs have only a few staff. This limits the resources that small businesses and professions can dedicate to the fight against Money Laundering and Terrorist Financing. This peculiarity of DNFIs, including Accounting Profession, should be taken into account in designing a risk-based framework for internal control systems. In order for the Accounting Profession to have effective risk-based approaches, the risk-based process must be imbedded within the internal controls of the firms. The success of internal policies and procedures will be dependent largely on internal control systems. The two key systems identified are as follows;

1. Culture of compliance amongst all
2. Senior management ownership

1. Culture of compliance amongst all This should encompass: • Developing, delivering and maintaining a training program for all designated agents and employees. • Monitoring of any government regulatory changes. • Undertaking a regularly scheduled review of applicable compliance policies and procedures within the agent firms will help constitute a culture of compliance in the industry.
2. Senior management ownership Strong senior management leadership and engagement in AML/CFT is an important aspect of the application of the risk-based approach. Senior management must create a culture of compliance, ensuring that staff adheres to the Accounting professions policies, procedures and processes designed to limit and control risks. Therefore, policies and procedures are effective only at the point that firm/company owners and senior management support the guidance.

14 Having regard to the size of the firm, the framework of internal control should: • Provide increased focus on firms’ operations (products, services, customers and geographic locations) that are more vulnerable to abuse by Money Launderers and other criminals. • Provide for regular review of the risk assessment and management processes, taking into account the environment within which the Accounting profession operates and the activity in its market place. • Designate an individual or individuals at management level responsible for managing AML/CFT compliance. • Provide for an AML/CFT compliance function and review programme. • Inform senior management of compliance initiatives, identified compliance deficiencies, corrective action taken and suspicious activity reports filed. • Implement risk-based customer due diligence policies, procedures and policies. • Provide for appropriate training to be given to all relevant staff.

15 ANNEXURES Annexure 1: Customer Risk Assessment Risk Factors Risk Description Rating Range Description Risk Rating Customer type Public Sector Private Sector Business man Nature of the customer • Ex.Governor • Captains of Industries • Civil Servant 1-5(5- Highest,1 lowest) • 5 Country of incorporation/ Nationality • Foreigner(BVI,Ira q) • 5 UBO Ultimate beneficial owner Company in BVI • 5 Products & Services Type • Purchase of property • Third party transactions Use of cash for payment Use of 3rd party account Use of Professional (Lawyer) • 5 Date 9/8/2018 Department Private Sector Sales Customer introduced by Agent Account Manager Customer Name Abubakar Emeka Yemi

16 Annexure 2: Customer on boarding lifecycle Customer Customer Type of Customer and Watch List screening(PEP, Natural or Legal Person) Country Country of residence and origin and risk factors of the country(sanctioned, highly corrupt, high risk)

Industry Nature of business that the customer is involved the risk level

Product and Services Type of products the firm is offering and type of products/services required by a customer. Appro ach based Risk KYC Process High Risk Customer Low Risk Customer Medium Risk Customer Risk Rating

17 1 FATF Recommendation 2012-Interpretatiove Note to Recommendation 1 2 FATF Guidance 2016 for Risk Based Approach Accounting Profession. 3 National Risk Assessment of Money Laundering and Terrorist Financing in Nigeria 2016. 4 FATF Recommendations, Recommendation No.1, 2012. 5 Wolfsberg Statement, Guidance on a Risk Based Approach for Managing Money Laundering Risks, 2006.