The legislation on the prevention of the use of the financial system for money laundering and terrorist financing (hereinafter referred to as the AML/FT legislation or AML, for Anti Money Laundering ) imposes duties and obligations on financial institutions and their collaborators. Failure to comply with the legal requirements may result in a criminal penalty.
Each collborator should be aware that he or she may be held personally liable for failure to comply with the measures outlined in this policy.
AML policies are established in order to comply with the applicable Belgian and European legislation, but also with the recommendations issued by the Belgian, European and international supervisory authorities, as well as by the various working or action groups in the field of money laundering and terrorist financing. For example, the Financial Action Task Force (FATF) or the European Banking Authority.
This document describes the policies and procedures implemented by the company in the context of the fight against money laundering.
The company adopts the following principles as its AML policy:
Definitions of "money laundering", "illicit origin" and "terrorist financing
The company ensures that its collaborators understand what constitutes money laundering, illicit origin or terrorist financing.
Appropriate AML governance and internal organization
The company has a senior AML manager in the form of the Chairman of the Executive Committee who steers the company's AML policy. The company also appoints an AMLCO in the person of the Compliance Officer who monitors the company's compliance with AML regulations.
AML risk management integrated into overall risk management
AML risk is one of the many risks to which the company is exposed. For the sake of consistency, AML risk management is an integral part of, and complies with, the risk management framework and the company's overall risk management policy and procedures.
An individual AML risk assessment for each client
The company maintains a structured AML risk assessment form for each client in its computer system that includes client, geography, transaction, and channel risk, as well as a total client AML risk score of "low," "standard," or "high.
Intolerance of suspicious and disproportionately risky AML situations
The company shall not enter into business relationships with persons about which it has concerns (e.g., authenticity, legality, legitimacy of activities) or with a "high risk" of BC/FT, as defined in its AML risk assessment procedures.
Identification of clients and their beneficial owners
The company identifies its clients and, if applicable, their beneficial owners, verifies their identification data, as well as the presence of these persons on financial embargo lists.
Retention of documents
The company keeps a copy of all documents related to the identification and operations performed.
Constant AML vigilance
The company exercises constant vigilance with regard to business relationships and transactions between the company and its clients. For example, each time the company updates its embargo or financial sanctions lists, it assesses whether any of its clients appear on them.
Staff training
The company's collaborators are made aware of the AML subject through internal training provided by AMLCO or external training provided by recognized institutions (e.g. Febelfin).
Internal and external cooperation on AML topics
The company cooperates actively and usefully, both internally through the client service staff with the Compliance Officer, and externally, through the Compliance Officer with the Financial Information Processing Unit (CTIF), by communicating all atypical operations and responding to requests for information.
Specific AML policies and procedures
In order to control AML risks, the company has specific policies and procedures for client acceptance, identification of client characteristics and the nature of their business relationship, updating of client files, vigilance with regard to atypical transactions, reporting of atypical operations internally and externally to CTIF, and compliance with financial sanctions. All these policies and procedures are the subject of separate documents.
The following procedures implement the principles of the company's AML policy.
Money laundering activities involve conduct of an intentional nature relating to :
the conversion or transfer of money or other property for the purpose of concealing or disguising its illicit origin or of assisting any person who is involved in the commission of the offence from which the money or property originated to evade the legal consequences of his or her actions;
the concealment or disguise of the nature, source, location, disposition, movement or ownership of money or property of known illicit origin;
the acquisition, possession or use of money or property of known illicit origin;
participation in, association to commit, attempts to commit, aiding, abetting, counselling or facilitating the commission of any of the acts referred to in the previous three points.
The origin of capital or property is illicit when it comes from the realization of a related crime:
terrorism or terrorist financing ;
organized crime ;
illicit drug trafficking ;
illicit trafficking in arms, goods and commodities (including anti-personnel mines and/or cluster munitions);
illegal labor trafficking;
human trafficking ;
the exploitation of prostitution;
the illegal use of substances with hormonal effect in animals or the illegal trade in such substances;
illicit trafficking in human organs and tissues;
fraud to the detriment of the financial interests of the European institutions;
tax fraud, organized or not;
social fraud ;
embezzlement by persons holding public office and corruption;
serious environmental crime;
counterfeiting of money or banknotes;
counterfeit goods ;
piracy ;
stock exchange offence, irregular public offering or irregular provision of investment services, foreign exchange trading or the transfer of funds without authorization;
fraud, breach of trust, misappropriation of corporate assets, hostage-taking, theft or extortion, bankruptcy-related offence;
computer fraud.
Terrorist financing is the raising or providing of funds or other material means, by any means, directly or indirectly, with the intent that they be used or knowing that they will be used, in whole or in part, by a terrorist organization or by a terrorist acting alone, even if not linked to a specific terrorist act.
In order to comply with AML legislation, the company has designated a senior person responsible for the prevention of money laundering and terrorist financing (i.e. the "senior officer responsible for AML") in its executive committee, in the person of its president.
Its role is to verify that operational measures are taken and to ensure that they are proportionate to the conclusions of the overall AML/CFT risk assessment.
The sales department acts as the primary source of information and defense in terms of AML. In fact, it is the commercial collaborators who draw up an individual AML assessment sheet for each client and report the observed risks to the Compliance Officer.
In addition to the senior officer responsible for AML, the company appoints an AML committee (i.e. "AMLCO") is in charge of the application of the AML policy and procedures within the company as well as the awareness and training of collaborators.
In view of the company's size and risk profile, the company appoints the Compliance Officer as AMLCO. The Compliance Officer is therefore responsible for all regulated tasks usually assigned to the AMLCO.
The Compliance Officer regularly reports on AML matters to the senior officer responsible for AML, the Chairman of the executive committee.
It is worth recalling here a basic principle, namely that the Compliance Officer has every right of initiative and independence in respect of checks, reviews and actions relating to AML matters.
Although in his investigative duties the Compliance Officer may call upon the various departments and management bodies of the company to clarify his understanding or refine his opinion, it is he in fine who decides on the controls and actions to be taken in terms of AML, in particular when he considers that an atypical transaction is suspicious and must be reported to CTIF.
The Compliance Officer does not only play a reactive role when a transaction or an atypical fact is reported to him.
He also plays a proactive role in identifying atypical transactions. For example, he receives periodic and automatic reports from the company's IT system highlighting transactions that appear to be atypical, according to a list of criteria that the Compliance Officer defines in collaboration with the IT department.
Through these automated reports, the Compliance Officer is alerted to transactions that are "red flags" and should be subject to a thorough due diligence review by the Compliance Officer.
In accordance with applicable legislation, the company adopts an AML Comprehensive Risk Assessment (CRA) approach that is integrated with the overall corporate risk assessment.
Identification: description and classification of existing and emerging AML risks;
Impact analysis: quantitative and qualitative assessment of probability and severity;
Appetence: explicit choice of the board of directors on the tolerance of the impact ;
Diffusion: existing mitigation measures, including residual risk assessment;
Monitoring: evaluation of the sufficiency or inadequacy of the reduction measures;
Reporting: communication and trace of the AML global risk analysis report;
Answer: ambitious action plan when a dissemination measure is insufficient ;
Recovery: reassessment of the overall AML risk assessment on an annual basis.
As part of this overall AML risk assessment, the company takes into account the characteristics of its clients, the products, services, transactions or operations it offers, the countries or geographical areas concerned, and the distribution channels it uses.
Each risk is evaluated according to an evaluation grid. The assessment focuses on the likelihood of the risk occurring and the severity that an occurrence of the risk would represent for the company.
This analysis leads to an overall exposure of the company to each individual risk. This global exposure to a risk can be "low", "standard" or "high".
The company then assesses its appetite for taking each risk. In particular, if the company wants to be tolerant of an overall risk that is assessed as high, the company will have to implement risk reduction measures that will have the effect of reducing the overall residual risk to standard or low.
If the residual risk remains high, the company's risk management policy is to manage this risk by refusing to accept this risk situation and therefore refuse to enter into a relationship with a client who would be in a high risk situation. This type of risk must be managed with heightened vigilance and these heightened vigilance measures are that the company would rather not take any risk and refuse the client.
If the risk is standard (also called "normal risk" or "ordinary risk"), the company may adopt ordinary vigilance measures. If the risk is low, the company may adopt simplified due diligence measures.
For each client, the company's sales department fills out an AML information sheet in its computer system.
This fact sheet assesses the total AML risk of a particular client through approximately 20 questions. The questionnaire assesses the risk in terms of the nature of the client, the geography, the nature of the operations and the distribution channel:
*AML Client | |
Collaborator Knows Person? |
Yes/No |
Intermediary Relationship Context |
|
Is ID verified? |
Yes/No |
All Data Obtained? |
Yes/No |
Incomplete Data Reason |
|
Is Traded? |
Yes/No |
Relationship involves PEP? |
Yes/No |
Financial Sanctions List |
Display |
Is On Financial Sanction List? |
Yes/No |
AML Client Risk |
Low/Standard/High |
*AML Transaction | |
Funds Origin |
|
Funds Origin Context |
|
Is Transaction Amount > 250.000€? |
Yes/No |
Is Transaction Amount > 1.000.000€? |
Yes/No |
Is Proportionate Transaction? |
Yes/No |
Not Proportionate Transaction Reason |
|
Is First Transaction Of Kind? |
Yes/No |
Same Transaction Of Kind Context |
|
Payment Done From |
|
Is Payer Currency Exchange? |
Yes/No |
Currency Exchange Name |
|
Third Party Payer Relationship |
|
Clients Acts In Own Name? |
Yes/No |
Clients Acts For Third Party |
Yes/No |
Accepts Proccessing Time? |
Yes/No |
Not Accepts Processing Time Reason |
|
Is Transaction Normal? |
Yes/No |
Not Normal Transaction Reason |
|
AML Transaction Risk |
Low/Standard/High |
*AML Geography | |
Has Address? |
Yes/No |
No Address Reason |
|
AML Geographic Region |
|
AML Geographic Risk |
Low/High/Standard |
*AML Channel | |
Is Physically Identified? |
Yes/No |
Is Authentified? |
Yes/No |
AML Channel Risk |
Low/High/Standard |
*AML Summary | |
Is AML Accepted? |
Yes/No |
Additonnal AML Comments |
|
Is Declared to CTIF? |
Yes/No |
AML Global Risk |
Low/High/Standard |
Based on the answers provided, the system calculates a total client AML risk. This risk can be "low", "standard" or "high". The company refuses to do business with clients who have a "high" AML risk.
In particular, the reader will find in this document an in-depth explanation of the company's own AML risk assessment framework.
The AMLCO and the Senior AML Manager receive a weekly AML report from the company's computer system. This report will highlight the distribution of the company's clients into low, standard or high risk AML categories, as well as clients for whom the AML profile is non-existent or incomplete.
Total number of clients over the past period |
|
Individuals |
|
Legal entities |
|
Low risk clients |
|
Standard risk clients |
|
High risk clients |
|
Clients domiciled in Belgium |
|
Clients domiciled in the EU |
|
Clients domiciled outside the EU |
|
Clients domiciled in high risk countries AML |
|
Clients identified in physical presence |
|
Clients identified remotely |
|
PPE clients |
|
EPP clients Belgium and non high risk countries |
|
EPP clients from high-risk countries |
|
Production totale |
|
New contracts in the past calendar year |
|
Number of internal reports on atypical transactions |
|
Number of declarations to CTIF |
|
Number of cases subject to financial sanctions or emargos |
|
In addition, each time a client becomes a "high" AML risk in the computer system, the AMLCO will be alerted by e-mail in order to take the necessary measures quickly. This alert can, for example, be triggered by an employee of the sales department who modifies the client's AML file, the program that checks the presence of the company's clients on the embargo list on a daily basis, or the program that checks the geographical origin of fund transfers to client portfolios (e.g. from Luxembourg).
The company shall ensure the effectiveness of the measures implemented to combat money laundering and terrorist financing in order to identify any shortcomings and remedy them.
This AML policy and procedures, and the detailed AML policies and procedures derived from it, are reviewed by the AMLCO annually or when there is a material change that affects the company's ability to apply the terms and conditions defined. They are validated by the Executive Committee and approved by the Board of Directors.
The Compliance Officer is responsible for enforcing this policy and implementing these procedures within the company.
The company must determine the conditions under which it agrees to enter into a business relationship with its clients or to intervene in the execution of occasional operations for its clients. It must therefore provide a framework for the decision-making process regarding the entry into a business relationship or the execution of the occasional operation, and regarding the nature and intensity of the vigilance measures to be implemented. This document describes the policy and procedures for accepting clients under the lens of the anti-money laundering and terrorist financing (i.e. AML) regulations.
The company adopts the following principles as its client acceptance policy from an AML perspective:
Protection of the company's reputation as a guiding principle
The client acceptance policy aims to prevent the risk to the company's reputation. Indeed, the company's reputation could be seriously damaged as a result of relationships or transactions that it may have entered into with a client who is convicted of money laundering or terrorist financing, especially if, through its behavior, the company has not effectively contributed to the full application of the legal and regulatory requirements.
Permanent attention to the client's AML risks
In general, the collaborator must ensure that constant attention is paid to the risks of calling into question the reputation of the company and its collaborators. The collaborator must ensure, as far as possible, that the client is reputable.
Formal identification of the client
The client must be fully identified according to the company's procedures. In particular, the company is careful not only to identify its clients (i.e. to put a name on the person of the client), but also to authenticate them (i.e. to make sure that the client is who he claims to be). This nuance is particularly important in the context of the provision of remote services, via the Internet, by the company to its clients.
Identification based on documents
Each client (i.e. each individual and/or each legal entity) must be identified on the basis of copies of evidentiary documents from reliable and independent sources.
Retention of documents
Copies of documents must be kept in a centralized system in electronic format.
Registration of the client in the database
Each client must be registered in the database of the company's computer system. The data is kept for the time necessary in accordance with the time limits prescribed by the regulations.
No contractual relationship without complete identification
No person (natural or legal) can be accepted as a client until the identification procedure is completed.
Relationship with Belgium
The client must have a relationship with Belgium, whether in terms of establishment or resources or historical, relational or family ties. The company considers it atypical that a person foreign in every respect to Belgium calls upon its services.
Refusal of business relationships
The company refuses to enter into a business relationship with any person whom it considers to be "high risk" overall. This is the case, for example, when the person is included in Belgian, European Union or United Nations lists of persons or entities under financial sanctions, or with any person residing in a country under embargo.
The company must identify each client, its characteristics, the purpose and nature of the relationship. The company shall develop principles and procedures for identification and verification, based on the risks of each individual situation.
The company adopts the following principles as its policy regarding the identification of client characteristics, purpose and nature of the business relationship:
Identification of client characteristics
In addition to formal client identification data, the company also collects and processes data that relate to other client characteristics, such as socio-demographic data, behavioral data, and AML interest data (e.g. PEP, UBO).
Special measures for PEP
Specific measures are taken with regard to Politically Exposed Persons (PEP), notwithstanding their country of residence.
Special measures for UBOs of legal persons
For legal entity clients, the company identifies all of its beneficial owners (UBOs), whose suitability in terms of AML is also assessed (e.g. Are they PEP? Are they subject to financial sanctions?).
Identification of the nature of the business relationship
The firm determines why the client is a client. In particular, does the client use portfolio management and/or life insurance intermediation? Does the client want to grow his capital over the long term or generate a short-term annuity from his capital invested with the firm?
The company must ensure that information regarding the identity of its clients, documents to verify that identity, and any data of interest to AML is current. The following document describes the policy and procedures for updating client data.
The company adopts the following principles as its policy for updating and periodically reviewing client data:
Importance of having up-to-date data
In order to participate effectively in the fight against money laundering and terrorist financing, it is important that the company be able to detect atypical transactions based on current information. More generally, the company must maintain up-to-date data in its IT system in order to offer relevant services to its clients.
Items to be updated
The firm maintains the information collected in connection with the identification and verification of the identity of clients, their characteristics, and the purpose and nature of the business relationship or proposed transactions. The firm considers that MiFID information is an integral part of the business relationship and must also be kept up to date.
Frequency and modalities of the update
Client data is updated at different frequencies depending on the type and importance of each data. Some data is updated over the course of the client relationship by an advisor (e.g. change of address), others are updated at least once every 5 years (e.g. MiFID profile), others are updated daily in an automated way on critical AML elements (e.g. financial sanctions verification).
Governance and rigor in updating
The company's sales department, through its client service function, is responsible for updating all client data. For certain data of interest to AML, the Compliance Officer is responsible for ensuring that the data is properly updated, if necessary through an automated computer program. When updating this information, the company applies the same degree of rigor and seriousness as for the initial collection of information before the start of the business relationship.
Power to terminate the relationship
If the client does not comply with the request to update the data, the company reserves the right to terminate the business relationship.
Update, then review, then action
Updating is not an end in itself. Each update must be reviewed, even if only briefly, of the general impact and, more specifically, of the risks (AML or other) incurred by the company as a result of the change. This review may lead to specific actions to be taken (e.g., signing an updated portfolio management agreement or reporting an atypical transaction to AMLCO).
The company must carefully examine the financial operations and transactions carried out by its clients during the business relationship. This obligation aims to monitor occasional operations of clients and to pay attention to intriguing facts and atypical transactions which, if they are suspicious, must be reported to CTIF.
The company adopts the following principles as its client transaction due diligence policy:
Evolution of a client's individual AML risk over time
The individual AML risk of a client is defined at the time of entering into a business relationship and evolves over time, in particular through the transactions carried out by the client. Therefore, a low-risk client may, for example, become a normal or high risk client following a particular transaction.
Clear definition of "at risk", "atypical", and "suspicious" transactions
The company defines what it means by risky transactions (i.e. all incoming or outgoing transfers of cash or securities), atypical (i.e. abnormal in relation to the type of client), and suspicious (i.e. atypical with characterized suspicion of fraud or AML irregularity).
Constant vigilance and permanent control over risky transactions
The company adopts a constant vigilance on all client transactions, but focuses more particularly on transactions identified as risky. A permanent control of risky transactions is carried out in order to detect operations considered as atypical in relation to the client's profile.
Client justification for atypical transactions
If an atypical transaction is identified, and there is no evidence of irregularity, the company will ask to prove the transaction.
Internal and external reporting of atypical transactions
Any atypical transaction is reported to the AMLCO for analysis. If the AMLCO does not obtain conclusive justification for the atypical nature of the transaction, the transaction becomes suspicious and will be reported to the CTIF by the AMLCO.
Refusal of occasional operations
The company does not accept occasional clients under any circumstances. For all operations, the opening of an account is required.
Transaction Control Governance
The AMLCO is ultimately responsible for the control of transactions. The Commercial Department plays a front-line role in the classification of transactions. The Compliance Officer, in his AMLCO role, is the privileged relay for the analysis of atypical operations.
When atypical facts or transactions are detected, the collaborator must report them to the AMLCO (i.e. the Compliance Officer), so that the latter can carry out an analysis and, if necessary, ensure that the company complies with its obligation to report suspicious transactions to CTIF.
The company adopts the following principles as its internal policy for reporting atypical transactions to AMLCO:
AMLCO = Compliance Officer
The company's AMLCO is its Compliance Officer.
Systematic reporting
Whenever an atypical transaction is detected - and without exception - the collaborator reports it to the Compliance Officer.
Timeliness of reporting
When an atypical transaction is detected, the collaborator informs the Compliance Officer as soon as possible.
Complete and structured reporting
The collaborator will provide the Compliance Officer with complete and structured information concerning the transaction, its context and the client's context.
The company must frequently verify whether or not its clients are on national and international financial sanctions lists.
The company adopts the following principles as its policy in terms of financial penalties:
List of verified databases
The company verifies the presence of its clients in the official freeze list of the Belgian Government, the European Union or the UN.
Automation and criteria for matching
The company implements an automated checking algorithm within its IT infrastructure to compare the names of its clients with those in the above-mentioned databases.
Periodicity of the checks
The verification algorithm runs once a day. The result of the algorithm is systematically sent as a report by e-mail to the AMLCO (i.e. the Compliance Officer), the senior office responsible for AML (i.e. chairman of the board), and the head of the commercial department.
Action plan in case of a match
The AMLCO (i.e. the Compliance Officer) has a clear plan of action in case of suspicion of a client in one of the monitored databases, including a possible report to CTIF.
Collaboration with the custodian
The company collaborates with its custodian in the identification of the presence of its clients on sanction lists. In fact, the custodian has the same obligations but perhaps different procedures that are complementary to those of the company and reinforce the respect of these obligations.
1 The RME framework presented by the National Bank of Belgium (NBB) foresees 3 steps: (1) Identify the risks, (2) Analyze the risks, and (3) Frame / reduce the risks.
In order to maintain a single risk management framework within the company, the company has chosen not to use exactly the same framework with the same names as that of BNB, but to maintain the risk management approach structure that it uses for the assessment of all its risks.
Of course, the company's approach covers all the points recommended and required by the NBB. Only the denominations are different. The spirit recommended by the NBB behind the overall AML risk assessment is also strictly observed.