FSMA newsletter on evaluating the risks with regard to combatting money laundering and the financing of terrorism
The FSMA recenlty issued a newsletter reminding the relevant entities of the principal obligations imposed by the new AML Law.
Regulatory Newsflash | 3 May 2018
- Evaluating the risks with regard to combatting money laundering and the financing of terrorism
- Consultation on the draft regulation by the FSMA on the prevention of money laundering and terrorist financing
- Download this article in PDF
On 20 April 2018, the Financial Services and Markets Authority (FSMA) published its newsletter on evaluating the risks with regard to combatting money laundering and the financing of terrorism (hereafter “ML/FT”). The purpose of this newsletter is to remind the relevant entities of the principal obligations imposed by the new Law of 18 September 2017 (hereafter “AML Law”) on the prevention of ML/FT and on the restriction of the use of cash as regards the assessment and management of the risks of money laundering and the financing of terrorism. The FSMA expects the concerned entities to carry out, by 30 June 2018, an overall risk assessment regarding ML/FT (“Enterprise Wide Risk Assessment or “EWRA”). The FSMA will publish further practical guidance to help the entities to set up and carry out the EWRA.
On 25 April 2018, the FSMA also published a consultation on its draft regulation on the prevention of money laundering and terrorist financing. Feedback on the consultation is expected by 25 May 2018.
The requirements as set in the Newsletter and Consultation are applicable to:
- Insurance intermediaries who carry out activities in the ‘life’ branches
- Other insurance intermediaries (agents and sub-agents) who carry out activities in the 'life' branches and work outside any exclusive agency agreement
- Intermediaries in banking and investment services
- Investment firms governed by Belgian law which are authorised as portfolio management and investment advice companies
- Branches in Belgium of foreign portfolio management and investment advice companies
- Management companies of Undertakings for Collective Investment (UCIs) and Alternative Investment Funds (AIFs)
- Belgian branches of management companies of UCIs and of AIFs
- Self-managed UCIs and AIFs to the extent that they are responsible for the trading of their securities
- Alternative funding platforms
- Exchange offices
- Independent financial planners
- Market operators
Evaluating the risks with regard to combatting money laundering and the financing of terrorism
Based on the obligations of the AML Law, entities must apply a Risk Based Approach (RBA). The FSMA identifies four steps for the implementation and application of the RBA:
Step 1: The Enterprise Wide Risk Assessment (EWRA)
The entity has to assess the ML/FT risks to which it is exposed. When making the EWRA, the entity has to undertake following three actions:
The entity has to identify the ML/FT risks to which it is exposed. When identifying the ML/FT risks, the entity has to take into account certain risk factors:
- The characteristics of the clients
- The characteristics of products, services or transactions
- The concerned countries or geographical areas
- The distribution channels
- The factors listed in Annex I of the AML Law and the indicative factors for a possible higher risk cf. Annex III of the AML Law
- Any other relevant risk factor (e.g. politically exposed persons, tax havens, ...)
Besides these risk factors, the entity has to take into account available information to identify the risks, e.g. ESAs Guidelines on risk factors.
The entity has to assign a score to each identified risk factor.
Definition of risk categories
The entity has to define the risk categories for which it will take appropriate due diligence measures (normal, enhanced, simplified).
A more detailed description of the EWRA obligation and methodology as set forward by the NBB can be found in our newsflash of 29 January 2018.
Step 2: Defining the appropriate organisational framework
Following step 1, the entity has to define appropriate organisational measures including the customer acceptance policy, procedures describing in detail the conditions that must be met for entering into business relationships or performing transactions and internal control measures to control the respect of the procedures.
Step 3: Individual risk assessment
Next to the EWRA, the entity has to perform an individual risk assessment. This means the entity must identify and assess the ML/FT risk of every client. Based on this assessment, the client must be classified in one of the risk categories as defined by the EWRA.
Step 4: Application of appropriate due diligence measures
Lastly, the entity must apply appropriate due diligence measures, depending on the identified risk level of the client. By varying the intensity of the measures, a higher level of effectiveness in the fight against ML/FT is achieved.
Consultation on the draft regulation by the FSMA on the prevention of money laundering and terrorist financing
The text of the draft regulation mainly covers two topics:
- The general risk assessment and risk classification
- The organizational and internal control measures which entities in scope need to apply
The general risk assessment and risk classification
Regarding this subject, the draft regulation determines:
- Which conditions apply for the general risk assessment (who should conduct the assessment, to which activities does it apply, a procedure should govern the assessment)
- The modalities for the determination of risk categories
- The obligation to determine how the risks identified are taken into account within the entity
- How the risk assessment should be conducted on a group level
The organizational and internal control measures
Regarding this subject, the draft regulation determines:
- The role and responsibilities of the compliance function
- The conditions applicable for the client acceptance policy that should be developed
- The requirements applicable to numbered contracts
- The requirements applicable for the gathering, verification and updating of identification data
- The conditions which apply regarding the investigation of transactions (detection and analysis of atypical transactions)
- The obligations for delegates, subcontractors and business introducers
- The consequences linked to the reporting of suspicions to the CFI/CTIF
- The modalities linked to the supervision on financial embargoes
- The requirements to be able to prove compliance with the requirements regarding the prevention of AML/TF and financial embargoes
- The way in which organization and internal control should be handled within groups
To have a better view on the elaboration and set-up of a practical and effective Enterprise Wide Risk Assessment and/or to build a risk based approach tailored to the risk level and appetite of the specific financial institution in line with the requirements of the new AML Law and Regulation, you can always contact our dedicated specialists.