Follow the money

The UAE’s geographical location, its open economy and status as crossroads between the East and West, exposes it to increased risks. The recently published Financial Action Task Force (FATF) Mutual Evaluation Report¹ complimented the UAE on demonstrating a high-level of commitment to better understand and mitigate its money laundering and terrorist financing risks. However, the report also highlighted gaps in the effectiveness of the financial crime controls in the country, which may impact its development as a global financial and business center.

The pressure for global tax transparency from governments around the world—in Europe in particular—to focus on tax evasion and tax fraud has led to a significant scrutiny of free zones, offshore centers, private banks and wealth managers, including in the UAE. The good news is that the European Union removed the UAE from a list of countries described as tax havens², but more work needs to be done.

Based on our experience and insights, Financial Institutions (FI), particularly in the private banking and wealth management sector, are struggling to comply with the regulatory requirement of taking a risk-based approach to mitigating financial crime risks.

Common challenges include:

• Insufficient Know Your Customer and ongoing Customer Due Diligence procedures, particularly around corroborating clients’ Source of Wealth (SOW) and Source of Funds (SOF).
• Absence of comprehensive financial crime risk assessment as a basis for a risk-based approach.
• A suitable customer risk assessment methodology that should be dynamically updated.
• Adequate monitoring of client behavior.

Our focus in this article will be on the challenges with the SOW/SOF corroboration and approach an institution can take to address the gaps.

Challenges with Source of Wealth and Source of Funds corroboration

Regulations on Customer Due Diligence have evolved over time and have not been sufficiently descriptive and consistent. This has made it more difficult for FIs to answer the following questions:

• What constitutes sufficient documentation to corroborate the SOW/SOF of a client?
• Is it required to verify the complete amount in the account or only large deposits?
• What are the acceptable documents for verification of the SOW/SOF? What is included in primary corroboration vs. secondary corroboration?
• In case of SOW, what is the furthest point in time required to be verified?

The industry faces a number of common challenges in SOW corroboration that include: 

• Pace of regulatory change: In a survey carried out by the UK’s Financial Conduct Authority (FCA)³, FIs identified that the pace of regulatory change was ranked among their greatest challenges. Remaining abreast of the latest regulatory changes can be a costly and time-consuming process, putting strain on institutions’ compliance functions. For this reason, FIs have collected client information in differing detail.
• Inconsistency across jurisdictions: The SOW/SOF requirements often differ across jurisdictions (e.g. the definition of the ultimate beneficial owner). There is also lack of consistency and standardization with regards to the information that FIs are required to obtain from clients (client can become non-cooperative towards institutions which follow a higher standard).
• Inconsistency in client risk assessments: Client risk assessments regulations are not clearly defined, which leads to a number of FIs incorrectly classifying their clients and hence not corroborating their SOW/SOFs as per the regulations.
• Legacy clients: FIs have been there for a long time and given the changing and varying regulatory requirements, the information available may not be of the regulatory environment of today. Furthermore, the information available is in various formats in multiple sources and after
  numerous client outreach.
• Impact on Business As Usual (BAU): Addressing the gaps in SOW/SOF information is time consuming, labor intensive and costly as it entails collecting, corroborating and updating data for a large number of clients. FIs may face challenges with accessing and consolidating data and significant pressure on staff involved in any remediation program.

It has been challenging for FIs to keep up to date with the requirements for the identification and verification of the SOW/SOF of their clients. While a proactive approach to regulatory compliance is always preferable, sometimes a reactive response is unavoidable.

How to implement an effective SOW/SOF remediation program

Based on our experience of conducting KYC remediation projects, we have identified a number of key steps in SOW/SOF corroboration for any FI.

Comprehensive framework – Due to regulatory pressure, FIs are under constraint to complete the SOW/SOF identification and verification swiftly to reduce the potential reputational and regulatory risks and the impact on BAU. This increases the risk for FIs to overlook a number of key aspects required to truly mitigate the risk arising from incomplete SOW/SOF corroboration. To address this, FIs need to consider a comprehensive framework customized to their respective requirements to provide a structured approach that will help them address all gaps efficiently in a time-bound manner.  

• Adequate list of documents – Each client has made their money in a different way. The FIs need to articulate an acceptable list of documents and information to be collected for each client to verify the SOW/SOF.
• Reasonable verification – FIs need to clearly articulate the extent to which each client’s SOW/SOF is required to be reasonably verified to comply with its requirements, including the time period for which information needs to be requested. They also need to adopt a customized approach for different clients in verifying their SOW/SOFs, sometimes on a case-to-case basis.
• Structured approach – FIs need to have structured a step-by-step SOW/SOF remediation process flow ensuring requisite checks and controls through stakeholder involvement. This approach will allow FIs to document evidence and record a complete audit trail to help in future reviews and client communication. It further encourages a culture of discussion among stakeholders and enhances awareness of risks related to the client portfolio.
• Stakeholder management – Due to the nature of private banking and wealth management clients, there are multiple stakeholders involved from senior management, and sometimes even the directors on the board and the regulator. This, coupled with the sheer volume of work required and the dependency on clients’ timely responses, makes reporting and stakeholder management an onerous task. What is required is a solution that can serve as a fit-for-purpose case management platform with key functionalities such as workflow, audit trail, document repository, quality metrics and stakeholder reporting dashboards.

Effective remediation programs help FIs meet regulatory obligations and provide opportunities to improve their technological and reporting capabilities. Digital technology solutions can improve effectiveness of remediation programs while helping to reduce operational costs, client interaction and human error. Due to more accurate reporting and monitoring, FIs have a more comprehensive understanding of their risk portfolio, allowing them to build their business by attracting the appropriate clientele and tailoring their service propositions.