At the end of April 2023 and May 2023, theAMF (Autorité des Marchés Financiers) published two sanctions(here and here) for breaches of obligations AML-CFT (Fighting Money Laundering and Terrorist Financing). In addition to the Asset Management Companies, it is also the Chairmen/CEOs and CEOs who have been implicated and sanctioned not only with a warning, but also with fines of up to €150,000!
Despite the explicit request to make the sanction anonymous, so as not to undermine the confidence that investors have in these SGPs, the AMF decided to expressly name the respondents.
From now on, as the latestACPR and/or AMF sanctions prove, the publication of sanctions is not anonymous. In addition to monetary fines, bans on practice, etc., there is also the reputational risk that these breaches of obligations entail.
The AMF audit/control covered a period of 3 and ½ years and the following subjects:
- Human resources
- Risk control system
- Anti-Money Laundering and Anti-Terrorist Financing (AML-CFT)
AP Solutions IO takes a closer look at this new sanction:
What are the risks for managers?
Based on Articles L. 532-9 II 4° of the Monetary and Financial Code and 60.1 of Delegated Regulation (EU) n°2031/2013, the AMF reminds managers that :
the failings of [his company] could be attributable to him personally in his capacity as Chairman
AMF sanction
The risks incurred by the manager are as follows:
- a warning,
- a reprimand,
- temporary or permanent withdrawal of the professional card,
- a temporary ban on trading for its own account,
- temporary or permanent disqualification from all or part of its activities or from exercising management functions within a portfolio management company,
- a financial penalty
The importance of risk policies and procedures AML-CFT... And their application
The AMF criticizes this SGP for failing to establish and implement a risk management policy and procedure AML-CFT.
These policies and procedures must be :
- appropriate
- complete
- documented
- operationally maintained
- updated
- dated
- validated
- respected
They must also be applied consistently, formally and efficiently.
In most of the decisions handed down by the AMF or ACPR Enforcement Committee, one of the most frequently cited grievances is theinconsistency between the theoretical compliance procedure/policy and the one implemented on a day-to-day basis.
APS notice:
It is essential that the screening tool can be parameterized to precisely match the internal criteria of policies and/or procedures.
Today, the supervisory authorities are adamant about any inconsistencies.
It should be noted that these settings can also be used to automate certain decisions and streamline KYC / LCB FT / Customer processes.
Supervision & Reporting
The AMF criticizes this SGP for failing to carry out formal checks, and above all for responding dishonestly and unfairly to the mandatory AML questionnaires.
APS notice:
In order to support professionals in their monitoring, control and reporting obligations, the tools used must be fully traceable and easy to understand.
The audit trail must be non-alterable, so that the regulatory authorities have no doubts about the veracity of the information transmitted to them.
What's more, the tool must be able to provide very fine granularity on the data it can return, both quantitatively and qualitatively.
Finally, the tool must enable decision workflows to be defined, whether for alert qualification and/or due diligence, or even for permanent control. In this way, for example, it is possible to define user authorizations according to the level of escalation of a customer file and/or to call on key people to validate decisions...
Data quality and quantity
Some criticisms concern the level and quality of customer knowledge:
- Information that is too vague or too imprecise does not allow for acceptable customer profiling and risk classification.
- In addition, proof of identity and knowledge of the customer is essential.
- Lack of identification of Beneficial Owners for a legal entity
The AMF refers to article R. 561-5 of the CMF, which stipulates the mandatory information to be collected:
- If the customer is a natural person, by presenting a valid official document bearing his or her photograph. The information to be recorded and retained is the customer's surname, first names, date and place of birth.
- If the customer is a legal entity, by providing the original or a copy of any deed or extract from an official register that is less than three months old recording the name, legal form, registered office address and identity of the partners and corporate officers referred to in 1° and 2° of article R. 123-54 of the French Commercial Code, or their equivalents under foreign law.
- Reporting professionals shall identify the beneficial owner of the business relationship, where appropriate, by suitable means, and shall verify the identification details gathered on the beneficial owner by collecting any appropriate documents or supporting evidence, taking into account the risks of money laundering and terrorist financing. They must be able to justify their diligence to the supervisory authorities.
APS notice
It is essential that every action, decision (manual or automatic), supporting document, comment, etc. be traced and stored in your AML-CFT tool, with the possibility of making them available at any time. ACPR inspection reports prove that investigators know exactly what to ask to verify compliance of AML-CFT systems. What's more, your system must be capable of integrating and analyzing any data you may transmit to it. The quality of the information transmitted is essential if the regulatory authorities are to consider your AML-CFT system as adequate.
Relevant screening requires a high quality and quantity of customer database data (distinct first and last names, date of birth and country of birth, gender, etc.).
Reporting companies can therefore use a detection tool to enrich customer data by retrieving and verifying Beneficial Owners and/or the representatives of legal entities.
Human resources
In this sanction publication, the AMF points the finger at the limited human resources deployed and the lack of training on AML-CFT subjects.
APS notice:
Although in this particular case the grievance relates mainly to organizational and organizational chart problems, the human resources put in place is a subject that recurs in most sanctions.
Under-staffing of operator teams can cause :
- Processing times too long
- Too many unprocessed alerts
- Alerts reviewed too quickly and misjudged
- ...
That's why it's so important to have a tool with augmented intelligence and a high-performance (and fully explainable) reduction engine .
In this way, the tool automates certain decisions to relieve KYC/Compliance operators.
Asset freeze: an obligation to achieve results!
Last but not least in this article: the Asset Freeze.
Asset freezing is a must-have in any scheme AML-CFT, yet the AMF states that the SGP in question does not describe an asset freezing process.
SGP indicates that the initial due diligence is carried out by a "fund administrator" partner.
The AMF points out that even if the asset management company does not have a direct business relationship with the customer, it is fully responsible for the AML-CFT system.
What's more, just because one intermediary is subject to the same obligations and has implemented a AML-CFT system, this does not mean that the other intermediaries involved in this business relationship are exempt.
APS notice:
As a reminder, with regard to AML-CFT, the professions subject to the law have performance obligations concerning the detection of persons subject to sanctions and/or asset freezes. Whereas they have obligations of means concerning the detection of PEP, RCA, AME,...
It is essential to carry out searches with approximate spelling. In general, the tolerance threshold for Sanctions and Asset Freezes remains low, which increases the number of alerts. For Politically Exposed Persons (PEPs), their close relatives (RCAs) and/or Persons with a Bad Reputation (Adverse Media), the thresholds can be increased (but without reaching "strict Matching" or simili) in order to limit the number of alerts. Lists of sensitive persons must be updated daily, and the entire customer portfolio must be screened to ensure that a customer has not become "sensitive" throughout the business relationship.