headline verdana bold - creobis · 3/28/2017 · introduction of new types of advice: •...

KYC requirements AML, MiFID, FATCA/CRS and new technologiesEdwin Somers, 28 March 2017

KYC-requirements© 2017 Deloitte Belgium 2

Contents

I. MiFID/AssurMiFID KYC Requirements

II. AML KYC-KYT Requirements

III. FATCA/CRS

IV. Credit mortgage directive

V. Digital signature

VI. Practical approach on KYC


Customer Onboarding – Customer Risk Assessment & Acceptance

Key Principles

KYC

(Assur)MiFID

AML

FATCA/CRS

MCD

Digital signature?

Practical approach?

KYC-requirements © 2017 Deloitte Belgium 4

I. MiFID/AssurMiFID KYC Requirements


MiFID I MiFID II

• Definition of investment advice: the provision of personalrecommendations to a client, either upon its request or at theinitiative of the bank, in respect of one or more transactionsrelating to financial instruments.

• Introduction of following ‘subtypes’ of investment advice by FSMA(FSMA MiFID Cartography):

• Ad hoc advice: Investment advice with respect to one ormore individual transactions.

• Structural advice: Investment advice using a portfolioapproach rather than focusing on providing advice withrespect to one or more individual transactions. Often, thisservice is subject to an investment advice agreement.

Definition of investment advice has not changed. However,introduction of new types of advice:• Independent investment advice: Investment advice involving

the assessment of a sufficient range of financial instrumentsavailable on the market which must be sufficiently diverse withregard to their type and issuers or product providers to ensurethat the client’s investment objectives can be suitably met andmust not be limited to financial instruments issued or provided by:

• The firm itself or by entities having close links with it; or• Other entities with which the firm has such close legal or

economic relationships, such as contractual relationships,as to pose a risk of impairing the independent basis of theadvice provided.

• Investment advice with periodical assessment of thesuitability of the financial instruments recommended to that client:implies a review of the suitability of recommendations given,at least on an annual basis.

• The frequency of this assessment shall be increaseddepending on the risk profile of the client and type offinancial instruments recommended.

• Obligation to enter into written basic agreement (durablemedium).

Types of advice (1/2)

Investment advice


Investment Advice

Structural Independent

Periodic assessment

No periodic assessment

Non independent

Periodic assessment

No periodic assessment

Ad hoc

Framework MiFID I Additional framework MiFID IIFSMA

Investment advice

Types of advice (2/2)


Financial situation Investment objectives Knowledge and experience

MiFID I and FSMA guidance:• Source and extent of client’s regular

income• Client’s assets (including liquid

assets, investments and real estate)• Regular financial commitments (e.g.

monthly mortgage payments)

MiFID II:• Client’s ability to bear losses

(consistent with his investmentobjectives)

MiFID I and FSMA guidance:• Investment horizon• Risk appetite and client’s risk profile• Purpose of the investment

MiFID II• Risk tolerance

MiFID I and FSMA guidance:• Type of service, transaction and product with which

the client is familiar• When different products are grouped into

one category, sufficient granularity isrequired (knowledge of one product mayreasonably lead to knowledge of otherproducts only if all of these products havesimilar features)

• No self-assessment by client, banks shouldverify sufficient knowledge of the relevantproduct specifications (risk, possiblereturn, …)

• Nature, volume and frequency of transactions andthe period during which these have been carriedout

• Experience does not automatically lead toknowledge and vice versa

• Level of education and (former) profession

Suitability assessmentInformation to be gathered


Requirements under MiFID II (Level 2)

• Where a firm does not obtain the information required the firm shall not provide investment advice, or enter into transactions in thecourse of portfolio management, to the (potential) client.

• Firms may rely on the information provided by their clients or potential clients unless they are aware or ought to be aware that theinformation is manifestly out of date, inaccurate or incomplete.

• Firms must take reasonable steps to ensure that the information collected about their (potential) clients is reliable. This must include, butis not limited to, the following:

a) Ensuring clients are aware of the importance of providing accurate and up-to-date information;b) Ensuring all tools, such as risk assessment profiling tools or tools to assess a client’s knowledge and experience, employed in the

suitability assessment process are fit-for-purpose and are appropriately designed for use with their clients, with any limitationsidentified and actively mitigated through the suitability assessment process;

c) Ensuring questions used in the process are likely to be understood by clients, capture an accurate reflection of the client’sobjectives and needs, and the information necessary to undertake the suitability assessment;

d) Taking steps, as appropriate, to ensure the consistency of client information, such as by considering whether there are obviousinaccuracies in the information provided by clients.

• Firms having an on-going relationship with the client, such as by providing an ongoing advice, shall have, and be able to demonstrate,appropriate policies and procedures to maintain adequate and up-to-date information about clients.

Suitability assessmentAccuracy of information


Requirements under MiFID II (level 2)

Responsibility• Firms shall not create any ambiguity or confusion about their responsibilities in the process when assessing the suitability of investment

services or financial instruments.• When undertaking the suitability assessment, the firm shall inform (potential) clients, clearly and simply, that the reason for assessing

suitability is to enable the firm to act in the client’s best interest.• Where investment advice is provided (in part) through a (semi-) automated system (so-called ‘robo-advice’), the responsibility to undertake

the suitability assessment shall lie with the firm providing the service and shall not be reduced by the use of an electronic system.

• Firms shall not discourage a (potential) client from providing the required information.

Legal persons / joint accounts / representation• Where a client is a legal person or a group of two or more natural persons or where one or more natural persons are represented by

another natural person, the firm must establish and implement a policy as to who should be subject to the suitability assessment and howthis assessment will be done in practice, including from whom information about knowledge and experience, financial situation andinvestment objectives should be collected. The firm must record this policy.

• Where a natural person is represented by another natural person or where a legal person has requested to be considered asprofessional client the financial situation and investment objectives shall be those of the legal person or, in relation to the natural person,the underlying client rather than of the representative. The knowledge and experience shall be that of the representative of the naturalperson or the person authorized to carry out transactions on behalf of the underlying client.

Suitability assessmentResponsibility


II. AML KYC-KYT requirements


1988 1990 1991 1996 2001 2003 2004 2005 2012 2015

U.N. Convention Fight against illicit traffic in narcotic drugs & psychotropic

substances

FATFFirst

document on the 40

recommen-dations

AMLD IFirst directive on prevention of the use of the financial

system for the purpose of

money laundering

FATFSecond

document on the 40

recommen-dations

AMLD IISecond

directive on prevention

on the use of the financial system for the purpose of money laundering

FATFThird

document on the 40

recommen-dations

FATFNine special recommen-

dations concerning terrorist financing

AMLD IIIThird directive

on the prevention of the use of the

financial system for the purpose of money

laundering or terrorist financing

FATFFourth

document on the

recommen-dations

AMLD IVFourth directive

on the prevention of the use of the

financial system for the purpose

of money laundering or

terrorist financing

1993

Belgian Law AML

Transpositionof AMLD I

In 2016, Proposition of AMLD V

In 2017, Belgian Law AML (transposition of AMLD IV) Action Plan

AML KYC-KYT requirementsHistory of the regulation – from 1988 to now...



1. Enterprise-wide risk assessment & Risk based approach


AMLD IV

Enterprise-wide risk assessment

RISK BASED APPROACH (Draft AML Act/AMLDIV)

A risk based approach implies that, in a more

clear way than before, all measures

(organisation, business and transaction wise)

should aim at avoid/minimalising the risk of

being misused for money laundering or

terrorism financing purposes.

A risk based approach should enable financial

institutions to take less profound measures in

situations where the risk is limited. The

resources that are redeemed, should be used

for more profound measures in situations

where the risk is higher.

RAISE IN EFFICIENCY

Profound and actual knowledge/insights in ML/FT risks required

ENTERPRISE WIDE RISK ASSESSMENT (EWRA)


ScopeInherent Risk

Assessment

Define the scope and the structure of business areas to

assess, including business units, legal entities, divisions,

countries and regions

Controls

AssessmentResidual Risk

Action Plan and

Reporting

Select risk areas and factors to assess and determine the inherent risk present in your business based on empirical data analysis and analytical

techniques

Assess design and operative effectiveness of mitigating

controls based on self-evaluation questionnaires and document evidence of

controls

Highlight risk factors without sufficient mitigation and

business areas posing the greatest risk and evaluate results against institution’s

risk appetite statement

Develop action plan for underperforming controls based on identified gaps,

create reporting and prepare documentation for

audit/exam purposes


Risk Factors and MeasuresCustomers

Products & Services

Transactions Channels Geographies Other Qualitative Factors

• Customer type

• Ownership structure

• Industry

• PEPs

• Length of relationship

• Customer Risk Rating (CRR)

• High degree of anonymity or limited

• High degree of currency or equivalents

• Facilitate payments to third parties

• Readily frequently more value from one jurisdiction to another

• Transactions processed on behalf of client’s clients

• Account origination and servicing

• Account servicing

• Location of business

• Location of customers

• Origin / destination of transactions

• Recent / expected growth

• Mergers & acquisitions

• New products / services

• Indirect Sanctions risk

Risk Factors

Measures

EWRA scheme



• EWRA analyses:

• Clients

• Products and services offered

• Transactions

• Countries/geographical zones

• Distribution channels

• EWRA needs:

• Involve the general risk assessment (documentation is key)

• Timely – regularly updated

• Available for the competent authorities

• Demonstrate that measures and procedures are fit and proper for the reduce of risks regarding money laundering and terrorism financing

EWRA can be used to justify the (level of) implemented measures and procedures

Key principles EWRA

Annex draft law includes a list of potential lower/higher risks and risk variables (see next slides)


Examples



Risk based approach (RBA)

Key principles for a RBA:

• Policies, procedures, measures and controls to mitigate the ML/TF risks should be consistent with the risk assessment. Financialinstitutions should be able to prepare a customer risk profile. This will determine the level and type of ongoing monitoring andsupport the FI’s decision whether to enter into, continue or terminate the business relationship normal, enhanced or exitmeasures;

• Banks should adjust the extent and depth of monitoring in line with their enterprise wide risk assessment (EWRA) and individualcustomer risk profiles;

• The Risk criteria and profiles must be reviewed periodically and review is needed when there are changes in circumstances or whenrelevant new threats emerge;

• The criteria and parameters used for customer segmentation and for the allocation of a risk level for each of the clusters ofcustomers must be properly documented and communicated to relevant personnel within the financial institution. This approachmust be applied consistently.

Key principles


Segmenting client portfolio

according to the Risk Matrix

– Template - For Illustration Purposes Only –

A model for a risk-based approach

Risk based approach


– Template - For Illustration Purposes Only –Risk based approach

RBA Visual



2. Onboardinga. Customer Risk Assessment & Acceptance



Key Principles

• Financial institutions are required to develop and implement a clear policy to identify the ML/FT risk profile of customer and to ensure theapplication of risk sensitive customer due diligence and ongoing monitoring measures (“the Customer Acceptance Policy”).

• Components:

• Allocation of the authority to allow the establishment of a business relationship;

• Risk factors on the basis of which customers must be divided into risk groups (“customer ML/FT risk assessment”);

• Description of the customer due diligence measures and ongoing monitoring measures that must be applied for each risk group;

• Description of the situations in which deviations from the normal rules are allowed and the conditions for such deviations;

• Overview of the circumstances under which the financial institution would not accept a new business relationship or terminate anexisting one (for example shell banks and financial institutions servicing such banks).

• Ensure compliance with financial sanctions & embargoes.

CURRENT REGIME



Key Principles

• The Customer Acceptance Policy as driver for customer due diligence and ongoingmonitoring

Customer Due Diligence

Customer Acceptance Policy

Ongoing Monitoring

Collecting the information required to perform the customer ML/FT risk assessment.

Determines the extent and depth of customer due diligence and ongoing monitoring.

• Keeping the information on which the risk assessment is based up-to-date;

• Detection changes in risk factors.

CURRENT REGIME



• Customer should be defined into risk groups based on objective risk criteria.

• Two types of risk criteria:

• Obligatory risk factors, i.e. risk factors indicating an increased ML/FT risk that are defined in the legislation;

• Entity specific risk criteria, i.e. ML/FT risk factors defined based on the activities of the institution.

• Obligatory risk factors and entity specific risk factors should be combined to form risk categories and be aligned with risk factor for theentity/group level ML/FT risk assessment.

• Basis for the decision whether to establish or maintain a business relationship.

• The outcome of risk assessment determines the extent of the customer due diligence and ongoing monitoring measures to be applied:

• The extent of the measures that are applied must be increased where the ML/FT risks associated with a business relationship arehigher;

• The extent of the measures that are applied may be decreased where the ML/FT risks associated with a business relationship are lower(to the extent allowed by law).

• The customer risk assessment needs to be kept up-to-date during the business relationship to ensure alignment between the ML/FT riskassociated with business relationships and the extent and depth of the preventive measures being applied.

Risk Assessment

CURRENT REGIME


Obligatory risk factors for increased ML/FT risk Entity specific risk factors for increased ML/FT risk (illustration)

Customer Risk Factors:

• The customer was not physically present for identification purposes• The customer was not physically present for identification purposes and has been

identified based on a copy of an identification document• The customer is a PEP or a related person• A beneficial owner of the customer is a PEP or a related person• The identify of a beneficial owner of the customer could not verified and/or it was

not possible to gather information about the place of birth, date of birth and/oraddress of the beneficial owner


• Non-resident customer• The activities of a customer carry an increased ML/FT risk (incl. customer base and business)• The profile of a customer is unusual taking into account the characteristics of the usual customer

of the financial institution• A customer does not comply with its AML/CFT obligations and/or has an inadequate AML/CFT

programme• A customer or a beneficial owner of a customer is subject to financial sanctions• Unusually or excessively complex ownership or control structure given the nature of the

company’s business

Product, service, transaction or delivery channel risk factors:

• The customer requests wealth management services• The customer requests the opening of a numbered account• Provision of cross-border correspondent banking services to financial institutions

established in third countries


• A customer wishes to use a product or service with a high inherent ML/FT risk• Non-face-to-face service delivery

Geographical risk factors:

• The customer is established or has his place of residence in a jurisdiction that isconsidered by the FATF as High-risk or non-cooperative or to which an FATF call toaction applies


• The customer is established or has his place of residence in a jurisdiction:• Subject to sanctions, embargoes or similar measures• Regarded by credible sources as not having effective AML/CFT systems• Identified by credible sources as having significant levels of corruption or other criminal

activity• Providing funding or support for terrorist activities, or that have designated terrorist

organisations operating within their country

Risk Assessment


CURRENT REGIME



Introduction of (non-exhaustive) lists of:

• Risk Variables; and

• Risk Factors.

that need to be taken into account when determining the ML/FT risk profile of the customer (and consequently the extent of the customer duediligence measures to be applied).

Risk variables:

• The purpose of an account or relationship;

• The level of assets to be deposited by the customer or the size of transactions undertaken;

• The regularity or duration of the business relationship.

Risk Assessment

NEW


Factors and types of evidence of potentially lower risk Factors and types of evidence of potentially higher risk


• Public companies listed on a stock exchange and subject to disclosurerequirements, which impose requirements to ensure adequate transparency ofbeneficial ownership

• Public administrations or enterprises• Customers that are resident in geographical areas of lower risk• …


• The business relationship is conducted in unusual circumstances• Customers that are resident in geographical areas of higher risk• Legal persons or arrangements that are personal asset-holding vehicles• Companies that have nominee shareholders or shares in bearer form• The ownership structure of the company appears unusual or excessively complex given the nature

of the company's business


• A pension, superannuation or similar scheme that provides retirement benefits toemployees

• Products where the risks of money laundering and terrorist financing are managedby other factors such as purse limits or transparency of ownership

• …


• Products or transactions that might favour anonymity• Non-face-to-face business relationships or transactions, without certain safeguards, such as

electronic signatures• Payment received from unknown or unassociated third parties• New products and new business practices, including new delivery mechanism, and the use of new

or developing technologies for both new and pre-existing products• …


• Member States• Third countries having effective AML/CFT systems• Third countries identified by credible sources as having a low level of corruption or

other criminal activity• Third countries which, on the basis of credible sources such as mutual evaluations,

detailed assessment reports or published follow-up reports, have requirements tocombat money laundering and terrorist financing consistent with the revised FATFRecommendations and effectively implement those requirements


• Countries identified by credible sources, such as mutual evaluations, detailed assessment reportsor published follow-up reports, as not having effective AML/CFT systems

• Countries identified by credible sources as having significant levels of corruption or other criminalactivity

• Countries subject to sanctions, embargos or similar measures issued by, for example, the Union orthe United Nations

• Countries providing funding or support for terrorist activities, or that have designated terroristorganisations operating within their country

Risk Factors


NEW



2. Onboardingb. Customer Due Diligence


Overview


• Performance of customer due diligence (“CDD”):

• Identification and verification of identity on the basis of information obtained from a reliable and independent source for:

‒ Customers;

‒ Representatives;

‒ Ultimate Beneficial Owners (UBO’s);

‒ Beneficial Owners of life insurance contracts and other investment insurances.

• Obtain information on the characteristics of the client and the purpose and intended nature of the business relationship;

• Perform ongoing monitoring proportional to risk.

• Existing exemptions for identification no longer included only risk based / simplified CDD

• The extent of the customer due diligence measures to applied may be adjusted in line with the ML/FT risk associated with a individualbusiness relationship:

• Basic customer due diligence;

• Simplified customer due diligence - the extent of the measures that are applied may be decreased where the ML/FT risks associatedwith a business relationship are lower;

• Enhanced customer due diligence - the extent of the measures that are applied must be increased where the ML/FT risks associatedwith a business relationship are higher.


Client Type Required Identification information

Natural Person • Full name

• Date & Place of birth

• Address of the place of residence (to the extent possible)

• Powers of representation (in case of a representative)

Legal Entity • Full legal name and legal form • Address of the registered office• Names of the directors • Powers of representation

Trusts or other similar legal constructions • Full (legal) name of the customer

• Trustees, founders, protectors (if any) – see UBO’s

• Powers to bind the trust or similar legal construction

• Further information by regulation (existence, nature, purpose, the manner in which the customer is managed)

Beneficiary of a life insurance contract • Beneficiary is mentioned in contract: full name

• Beneficiary is indicated as category / description: entity collects all information necessary to identify the beneficiary at the moment of pay-out

Principle: • Collection of relevant information which makes it possible to distinguish them with sufficient certainty from other persons

(taking into account the risk level of the customer).

Identification requirements



General Requirements – Verification Requirement


• Verify the correctness and trustworthiness of the provided identification information by comparing this information with information containedin documents from a reliable source.

• Key attention points:

• Taking into account the risk level of the customer:

‒ Low risk information to be verified can be limited (but sufficient certainty regarding knowledge of client);

‒ High risk all information needs to be verified.

• Identification & verification at distance to be included in Regulation.


Current regime New regime

General definition

Ultimate beneficial owners (UBO) of customers = the natural person(s):

• For whose account a customer carries out a transaction or establishes a business relationship; or

• Who ultimately own or control a customer.

General definition

Extended Definition – UBO’s = the natural person(s):

• For whose account a transaction is carried out or a business relationship established: persons who benefit from the transaction/relation and who have the power to decide on the transaction/relation or on the modalities of these; or

• Who ultimately own or control a customer, representative or beneficiary of life insurance contracts or other investment insurance contracts.

UBO’s of clients who are companies:

• Natural persons who own or control directly or indirectly more than 25% of the shares or voting rights (this is 25% + 1 share/voting right) of a customer;

• Natural persons who, without controlling or owning more than 25% of the shares or voting rights, have de facto control of a customer;

• Natural persons who, without having the power to represent the client in its relations with the financial institutions, are a member of the management bodies of the client.

UBO’s of companies:

• Natural persons who own or control directly or indirectly a sufficient percentage of the shares ore voting rights: >25% (directly) is considered as an indication of a sufficient percentage; Clarification on indirectly ownership/control: Control of a corporate entity which holds a

shareholding of 25% plus one share or an ownership interest of more than 25% in the customer is considered as an indication of indirect ownership. This will also be the case where the shareholding or ownership interest is held by multiple corporate entities which are under the control of the same natural person.

• Natural person(s) who have control by any other means;

• Natural person(s) member of the management of the company – in case all other means cf. above are exhausted.

UBO’s




UBO’s of customers who are legal entities (other than companies) and legal

arrangements without legal personality:

• Where the future beneficiaries have already been determined, the naturalperson(s) who is (are) the beneficiary(ies) of 25% or more of the property ofthe legal entity or legal arrangement;

• Where the natural persons who are beneficiaries of the legal entity or legalarrangement have yet to be determined, the class of persons determined inabstracto in whose main interest the legal entity or legal arrangement is set upor operates. In these cases, a broad description of the class of persons whostand to benefit is sufficient so that the financial institution understands whothe persons are who benefit;

• The natural person(s) who exercise(s) control over 25% or more of theproperty of the legal entity or legal arrangement, incl. persons who have asignificant influence on the management of the legal entity or legalarrangement and natural persons who, without having the power to representthe client in its relations with the financial institutions, are a member of themanagement bodies of the client.

UBO’s of trusts

• Founder(s);

• Trustee(s);

• Protector (if any);

• Beneficiaries (if not identified yet – group of persons in whose main interest the trust is set up oroperates);

• All other natural person(s) who are (in)direct owner or have control by any other means.

UBO’s of foundations, VZW/ASBL and legal constructions comparable to trusts

• Natural persons with comparable functions / positions as for the trusts.

UBO’s




Identification of UBO’s:

• Required Information:

• Name;

• Surname;

• Date of birth (to the extent possible);

• Place of birth (to the extent possible);

• Address of the place of residence (to the extent possible).

• Customers that are legal entities or legal arrangements without legalpersonality are legally required to provide financial institutions with thenecessary information about their beneficial owners.

• When it is not possible to collect information about date of birth, place of birthand/or address of the place of residence this should be taken into accountwhen determining the customer ML/FT risk profile.

• Exception for listed companies (client/owner).

Identification of UBO’s:

• Cf. current regime.

• UBO identification includes a view on the ownership / control of the customer / representative(reasonable measures).

• Risk based approach.

• Introduction of a requirement for to set up a central public register for UBO’s:

• Access for financial institutions;

• Obliged entities may not rely exclusively on the central register to comply with CDDrequirements.

UBO’s




Verification of UBO’s:

• Verify whether the information with regard to which natural persons are UBO is correct:

• Identification of UBO’s is the responsibility of financial institutions;• Reliance on information provided by customers insofar this information can be considered as

pertinent and trustworthy;• Scrutinize the information provided based on official documentation (including the

documents obtained during the identification of the client) and other documents that areconsidered as trustworthy.

• Verification waterfall:

• To the extent possible, the verification of the correctness and trustworthiness of theprovided identification information with respect to the identified UBO’s must be performed inthe same manner as the identity verification of customer-natural persons;

• If not possible the verification should be attempted using other documents from a reliablesource (such as: annual reports, notarized deeds,…);

• In case the verification of the provided information is not possible using the above measures financial institutions must document the measures that have been taken to try to verifythe information.

• Financial institutions must refuse to enter into a business relationship with a client when theysuspect that the customer for trying to hide the identity of an UBO is providing information thatis not pertinent and/or trustworthy. The CTIF-CFI should also be notified in case there issuspicion that money laundering or the financing of terrorism is being attempted.

Verification of UBO’s:

• Cf. current regime.

• Verification of UBO’s – cf. verification of customer (to be considered as anobligation of result? – quid Circular letter).

• Introduction of a requirement for to set up a central public register for UBO’s:

• Access for financial institutions;

• Obliged entities may not rely exclusively on the central register tocomply with CDD requirements.

UBO’s



UBO - Changes


• Introduction of a requirement for Member States to set up a central public register for UBO’s.

• Introduction of waterfall regime for the identification of UBO’s of companies:

• The natural person(s) who hold the position of senior managing officials must only be considered as beneficial owners when:

‒ It was not possible to identify the natural person(s) who ultimately owns or controls a legal entity through direct or indirect ownership;

‒ There is doubt that the persons identified are the UBO’s.

• Requirement to document the actions taken to identity the beneficial ownership.

• Clarification of who should be considered as the UBO’s of trusts.

• Clarification of what constitutes an indication of “indirect ownership”.

NEW


Politically Exposed Persons (PEPs)


Current Regime

• Natural persons who are or have been entrusted with prominentpublic functions (such as heads of State, heads of government,ministers and deputy or assistant ministers, members of parliaments,members of the administrative, management, supervisory bodies ofState-owned enterprises or prominent public functions exercised atEU or international level) and that are living abroad;

• Immediate family members of natural persons who are or have beenentrusted with prominent public functions (such as the spouse,parents, children,…);

• Persons known to be close associates of natural persons who are orhave been entrusted with prominent public functions (such as anynatural person who is known to have joint beneficial ownership oflegal entities or legal arrangements, or any other close businessrelations, with a person).

New Regime

• Extended definition, now includes:

• Domestic natural persons who are or have been entrusted withprominent public functions;

• Members of legislative institutions comparable to parliaments;

• Members of the governing bodies of political parties;

• Directors, deputy directors and members of the board orequivalent function of an international organization.


Characteristics of the customer / Purpose and intended nature of the business relationship


• Take appropriate measures to gather further insight on:

• The characteristics of the customer, required to perform the client acceptation rules and the ongoing monitoring (business relationships and transactions);

• PEP status;

• Information in relation to the purpose and intended nature of the business relationship.



3. Ongoing monitoring of business relationships and transactions


Ongoing monitoring of business relationships and transactions

General requirements

1. Ongoing monitoring oftransactions:

Scrutiny throughout the course of thatrelationship to ensure that thetransactions being conducted areconsistent with the financial institution'sknowledge of the customer, hisbusiness and risk profile.

2. Ongoing monitoring of businessrelationships:

Identification of changes to thecustomer profile and ensuring thedocuments, data or information heldare kept up-to-date.

• Ongoing monitoring consists of two components:

• The extent and depth of the ongoing monitoring of business relationships and transactions must be aligned with the ML/FT risksassociated with the business relationship as determined via the customer ML/FT risk assessment and the entity-level risk assessment.

• Enhanced monitoring must be applied for higher risk situations, while financial institutions may decide to reduce the frequencyand intensity of the monitoring where risks are lower.

• Criteria that are defined for the purpose of detecting atypical transactions must take into account the customer ML/FT risk profile.


Ongoing monitoring of business relationships

Ongoing monitoring of business relationships and transactions

• Two requirements:

1. Customer information and customer profile need to be updated when there are indications that it is no longer up-to-date;

2. Periodic risk-based validation of customer information.

• The customer ML/FT risk profile must be reviewed taking into account the updated information. When required, additional due diligencemeasures need to be applied.

• Methods to be used:

• Periodically request customers to validate correctness and pertinence of the customer information being held;

• Periodic screening of customer databased to detect PEPs and relevant persons and other high-risk clients.

• Enhanced monitoring must be applied for higher risk situations, while financial institutions may decide to reduce the frequency and intensity ofthe monitoring where risks are lower.

• Examples of risk-based ongoing monitoring measures:

• Monitoring in high risk situations: daily transaction monitoring, frequent analysis of information, shorter periods for customer profilereviews and actualization, considering the destination of funds, establishment of red flags based on typologies reports, reporting ofmonitoring results to senior management, etc.;

• Monitoring in lower risk situations: thresholds for monitoring, longer periods for customer profile reviews and actualization, lowerfrequency of transaction monitoring,…


III. FATCA/CRS


General

Foreign Account Tax Compliance Act (FATCA)

• FATCA is an American Law to combat tax evasion and money laundering worldwide

• Tax transparency framework

• Since 23 April 2014 Belgium has an agreement with the US to comply with FATCA

• Responsibility for the identification and the reporting of such accounts lays with the Financial Institutions (FI)

• Financial institutions have to report to the FPS Finance

• FPS Finance informs the Internal Revenue Service (IRS)

• A FI can rely on a third party service provider to fulfil its obligations under the legislation, but the obligations remain the responsibility of the FIand so any failure will be seen as a failure of the FI


US persons


• Purpose: identify and report US reportable accounts, being accounts of US persons, or Passive NFFE (Non-Financial Foreign entity) with one or more controlling persons who are specified as a US-person

• FATCA indicia for a US-person:

• A persons with a US-passport

• A US-resident

• A person born in the US

• A person owning a property in the US

• A person performing periodic transfers to the US

• A proxy holder with a US-address

• In-care or hold-mail address in the US

• A US company

• A company with (a) US person(s) as UBO’s

• If a person is identified as a US-person, the FI is required to obtain a US Taxpayer Identification Number (TIN) of the US person


US persons


• How to identify?

• Indicia search: searching for indicia by reference to documentation or information held or collected in accordance with maintainingor the opening of an account

• Self-certification: from an accountholder or a controlling person of a NFFE where applicable

- W9 for US persons (request for Taxpayer Identification Number – TIN)

- W-8BEN, W-8BENE, W-8IMY, etc. for non-US persons

• Information in possession of the FI or publicly available information (for entities only): public information can be used to determinethe FATCA status of an entity account holder

• Evidence

• Self-certification (IRS forms – W8/W9 – or similar agreed forms)

• Acceptable document delivery (certificate of residence, valid identification issued by authorised government, financial statement,third party credit report, document referenced in the Belgian attachment to the QI agreed as accepted, such as e-ID, driverslicense, etc.)


General

Common Reporting Standard (CRS)

• Developed by the Organisation for Economic Co-operation and Development (OECD) on request of the G20

• Call on jurisdiction to obtain information from their financial institutions and automatically exchange that information with otherjurisdictions on an annual basis. CRS sets out:

• Financial account information to be exchanged

• Financial institutions required to report

• Different types of accounts and tax payers covered

• Common due diligence procedures to be followed

• The four key parts:

• A model Competent Authority Agreement (CAA), providing the international legal framework for the automatic exchange of CRSinformation

• Common Reporting Standards

• Commentaries on the CAA and CRS

• CRS xml Scheme User Guide


Timeline and framework


Framework

• Directive 2014/107/EU of 9 December 2014 amending Directive 2011/16/EU as regards mandatory automatic exchange ofinformation in the field of taxation

• Regulation (EU) 2015/2378 of the Commission of 15 December 2015 laying down detailed rules for implementing certain provisionsof the Council Directive 2011/16/EU on administrative cooperation in the field of taxation and repealing Implementing Regulation(EU) No 1156/2012

• Act of 16 December 2015 arranging the information sharing on financial accounts by the financial institutions and the FPS Finance,in the framework of automatic exchange of information on international level and for tax purposes

Other documents

• OECD Convention on Mutual Administrative Assistance in Tax Matters

• Multilateral Competent Authority Agreement on Automatic Exchange of Financial Account Information

2013: Request G20 to OECD to develop a

reporting standard

2014: OECD Council approved CRS on July 14;

Mutual Agreement between Belgium and

competent authorities on CRS in October

2016: 87 jurisdictions have

signed agreement on CRS

2017: First 53 jurisdictions will share CRS

information on fiscal year 2016

(including Belgium)

2018: Remaining 34 jurisdictions will share

CRS information on fiscal year 2017


Overview



Reporting Financial Institutions


• Reporting Financial Institution = the institutions which are required to collect and report the information on CRS

• Conditions (all should be fulfilled):

• Entity

• Located in a participating jurisdiction for tax purposes (entities and branches)

• Financial institution

• Not exempted as a non-reporting Financial Institution (FI exempted due to a low risk of being used to evade tax)

Reporting FI Non-reporting FI

• Depository Institutions (savings banks, commercial banks,

savings and loan associations and credit unions)

• Custodial institutions (custodian banks, brokers and central

securities depositories)

• Investment entities (entities investing, reinvesting or trading in

financial instruments, portofolio management or investing,administering of managing financial assets)

• Specified insurance companies (most life insurance companies)

• Governmental entities and their pension funds• International organisations• Central Banks• Certain Retirement Funds• Qualified Credit Card Issuers• Exempt Collective Investment Vehicles• Trustee Documented Trusts• Other low-risk Financial Institutions


Financial Accounts


• Reporting Financial Institution should review “Financial accounts” to identify whether any of them need to be reported to the tax authority

• Financial account = account maintained by a Financial Institution

• Excluded account = financial accounts that are seen to have a low risk on tax evasion

(A participating jurisdiction can define other excluded accounts)

Financial accounts Non-reportable accounts

• Depository accounts• Custodial accounts• Equity and debt interests• Cash value insurance contracts an annuity contracts

• Retirement and pension accounts• Non-retirement tax-favoured accounts• Term life insurance contracts• Estate accounts• Escrow accounts• Depository accounts due to not-returned overpayments• Other low-risk excluded accounts


Reportable Accounts


• A Financial Institution should review its financial accounts to identify whether any of them are “Reportable accounts” on which they mustreport

• Reportable account:

= account held by one or more reportable persons, being persons resident for tax purposes in a country engaged for CRS; or

= account held by a Passive non-financial entity (NFE) with one or more controlling persons that is a reportable person.

Due diligence procedures




General rule:

Rely on

information the FI

has on file*

General rule:

Rely on

information the FI

has on file and

publicly available

information*

Request additional

information

relevant to tax

compliance

Request additional

information

relevant to tax

compliance

* If insufficient information is available, the FI must contact the client for additional information




New individual account of a reportable person

• A self-certification on the tax residency from the accountholder is required

If a self-certification establishes that the account holder isresident for tax purposes in a reportable jurisdiction, then itis a reportable account

Participating jurisdictions are expected to provide informationto assist tax payers to determine their residence(s) for taxpurposes

• To be valid it should be:

• Signed by the account holder

• Dated

• Include name, residence address, jurisdiction(s) ofresidence for tax purpose, TIN(s) and date of birth

• There may be no reason to believe the self-certification isincorrect

New entity account of a reportable person

• A self-certification by the account holder is required

• To be valid it should be:

• Signed by a person authorised to sign on behalf ofthe entity

• Be dated

• include the account holders’ name, address,jurisdiction(s) of residence for tax purposes andTIN(s)

• There may be no reason to believe the self-certification isincorrect

• The check must also be perform for all controllingpersons, if they are a reportable person, they should fillin a self-declaration as well


Reporting


Information that should be reported:

• Identification information in order to identify the account holder

(name, address, jurisdiction of residence, TIN(s), date of birth, place of birth)

• Account information to identify the account and where it is held

(account number, name and identification of reporting financial institution, account balance/value)

(for some types of accounts, more information is needed)

• Financial information in relation to the activity taking place in the account and the account balance

Identify account & compliance risk

Reporting must be done as of the end of the relevant calendar year (or other appropriate reporting period)


IV. Credit mortgage directive


General

Credit mortgage directive

Framework

• Directive 2014/17/EU of the European Parliament and of the Council of 4 February 2014 on credit agreements for consumers relating toresidential immovable property and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU) No 1093/2010

KYC requirements within the framework of credit worthiness assessment

• Information on consumer’s income and expenses, and other financial and economic circumstances

• Necessary, sufficient & proportionate

• Can be obtained from internal/external source, incl. client, credit intermediary and appointed representative

• Information shall be verified, incl. independently verifiable documentation when necessary

If information is incomplete => no ground for termination

If information was withheld or falsified knowingly => ground for termination

• Creditors should have access to databases for assessing the creditworthiness of consumers, and for monitoring consumers’ compliance withthe credit obligations over the life of the credit agreement


V. Digital signature


General

Digital signature

Framework:

• eiDAS Regulation: Regulation 910/2014 of the European Parliament and the Council of 23 July 2014 on electronic identification and trustservices for electronic transactions in the internal market and repealing Directive 1999/93/EC

• Book XII, article 24 and further of Code Economic Law

Electronic identification

= the process of using person identification data in electronic form uniquely representing either a natural or legal person, or a natural personrepresenting a legal person

1) Electronic signature

• Pin-code

• Password

• Scanned signature

2) Advanced electronic signature

− Asymmetric encryption

3) Qualified signature

• e-ID

Acceptable in the context of article

1322 Civil Code (a deed)

No final answer yet, however accepted in case of necessity


General

Digital signature

Identification:

• e-ID includes identification information:

• Full name

• Address

• Date of birth

• Place of birth

• Etc.

Verification:

• e-ID includes digital certificates for the verification of the identity; they can be used in combination with the pin-code

• Authentication certificate: verifies/confirms identity

• Signature certificate: digital signature

Reading of e-ID

Import identification and verification data in data systems


VI. Practical Approach on KYC


(Assur)MiFID

AML

FATCA

CRS

MCD

(Identification

(Identification

(Identification

(Identification

(Identification

Financial situation

Financial situation

Investment

objectives

Intended nature of

business

Knowledge &

experience

Tax residency

Tax residency

TIN number

TIN number

Financial situation

KYC Overview

Client

characteristics


KYC Challenges

Thomson Reuters KYC survey (2016)

• Increased costs and complexity of KYC and CDD

• Lengthening KYC procedures (Onboarding time for

new clients is rising)

• Lack of skilled people and appropriate

technology to perform KYC activities

• Increased internal resources working on KYC

• Difficulty to deal with ongoing regulatory and

legislative change

• Risks related to regulatory fines and cost of

remediation

• Potential damage to brand and reputation


The cost of KYC

The cost of

KYC ?

Counterparty risk level Low Medium High

Counterparty type INDIV CORP INDIV CORP INDIV CORP

KYC onboarding XX EUR XX EUR XX EUR XXX EUR XX EUR XX EUR

KYC maintenance XX EUR XX EUR XX EUR XX EUR XX EUR XX EUR

Compliance

Inhouse

People

Infrastructure & Technology

Back Office

Front Office

External

Specialist support

Technical support

Legal, Reputation, Commercial,…

Counterparty onboarding and initial risk assessment

Risk based due diligence Ongoing monitoring and Ongoing due diligence

Oversight and reporting


KYC optimization – Still some questions…

Data

Ownership

Regulator

TrustInter-

operability

Utilities

Managed

Services

BAU /

Remediation

Information

Security

Standardisation

of quality


Compliance Officer – A hard job ?


Contact details

DirectorRisk Advisory – Governance, Risk & Regulation

E-mail: [email protected]

Phone: + 32 2 800 2159

Mobile: +32 499 98 95 13

Edwin Somers

mailto:[email protected]

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL and its member firms.

Deloitte provides audit, tax and legal, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte has in the region of 225,000 professionals, all committed to becoming the standard of excellence.

This publication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the “Deloitte Network”) is, by means of this publication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this publication.

© 2017 Deloitte Belgium

headline verdana bold - creobis · 3/28/2017 · introduction of new types of advice: •...

Documents