RISK BASED APPROACH FOR

THE ACCOUNTANCY PROFESSION

PRESENTATION BY BANK OF MAURITIUS

MRS SUDHA HURRYMUN- AG DIRECTOR SUPERVISION
28 OCTOBER 2020
 PRESENTATION OUTLINE
Key elements of RBA and its relevance for the Accounting
profession
FATF Recommendations for Accounting Professionals

ML/TF Risk Assessment for Accountants

Vulnerabilities of Accounting services

Internal Controls

Addressing AML/CFT non-compliance

 CONSIDERATIONS FOR
PRESENTATION OUTLINE AML/CFT
Global System integrity is a key ingredient to overall market
considerations stability and sustainability.
for AML/CFT
Global action to promote integrity to financial systems
and mitigate the risk of their use for criminal abuse.
Anti-Money Laundering (AML) Combating the Financing of
Terrorism (CFT) standards set by the Financial Access Task
Force (FATF).
Challenges Main challenges are typically the Know Your Customer
(KYC) and beneficial ownership information requirements.

But adherence to standards appropriately applied can help

create confidence and sustainability in the system.

Ensuring AML/CFT controls are proportionate to the

prevailing or likely risks of crime.
 WHAT IS THE RISK BASED APPROACH TO
MANAGING ML/TF
PRESENTATION OUTLINE RISKS?
Countries, Identify, assess and understand the ML/TF risks posed by them.
competent
authorities,
DNFBPs, including Take adequate measures to effectively and efficiently mitigate
accountants and manage the risks.
Accountants Maintain an understanding of the ML/TF risk faced by the sector
as well as specific to their services, client base, the jurisdictions
in which they operate.
Understand the effectiveness of actual and potential risk controls
that are or can be put in place through investment of resources
and training.
Risk-Based Not about prohibiting potential customers from engaging in
Approach (RBA)
transactions with reporting persons in which they operate.
More about assisting reporting persons (accountants/accounting
firms) in effectively managing potential money laundering risks.
 REPORTING INSTITUTIONS AS FIRST LINE
OF DEFENCE

Financial Financial
Institutions Intelligence Unit
1 2 3
Criminals and • Placements of Submit Suspicious Collect, analyse, Law
proceeds from Non-bank FIs Transaction & Cash Supervisory disseminate financial
Criminal Threshold Reports enforcement
unlawful Authorities intelligence
Activities activities Agencies
• Apply loan and (LEAs)
use illegal 5 4
DNFBPs Supervisory
proceeds for
Monitor & Enforce Authorities in Feedback on
repayment
AML/CFT collaboration with effectiveness of
requirements licensing bodies financial intelligence
RATIONALE FOR RISK BASED APPROACH TO
ML/TF RISKS
Anti-Money Laundering (AML) Combating the Financing of Terrorism (CFT) standards set
by the Financial Action Task Force (FATF)

System integrity is a key ingredient to overall market stability and sustainability

The 2012 Recommendations considered the RBA to be an essential foundation of a

country’s AML/CFT framework
The RBA allows countries, within the framework of the FATF requirements, to adopt a
more tailored set of measures in order to target their resources more effectively and
efficiently and apply preventive measures that are commensurate with the nature of
risks
The application of a RBA is therefore essential for the effective implementation of the FATF
Standards by countries and accountants
RISK BASED APPROACH TO AML/CFT RISKS –
Relevance for Accounting Profession
Role of Significant roles in the legal and economic life of a country.
accountants
Providing objective assurance regarding the financial status and
activity of a business is vital.

The risks associated with any type of client group is not static.

Classification of customers in risk categories expected for proper

application of risk mitigation measures.

Regulators focus on the role played by professionals such as

accountants in acting as the ‘gatekeepers’ to prevent the abuse
of financial services by criminals and terrorists.
 RISK BASED APPROACH TO AML/CFT RISKS –
Process for Accounting Profession
GROUNDWORK OF RBA IN FATF RECOMMENDATION 1
IDENTIFY RISK FACTORS
ASSESS LEVEL OF RISK
UNDERSTAND THE IMPACT OF THE RISK
TAKE ACTION
• Accountants should identify and assess their own ML/TF risk taking account of
the NRAs in line with Rec.1, as well as the national legal and regulatory
framework, including any areas of prescribed significant risk and mitigation
measures.
• Accountants are required to take appropriate steps to identify and assess
their ML/TF risks and have policies, controls and procedures that enable them
to manage and mitigate effectively the risks that have been identified.
• Where ML/TF risks are higher, accountants should always apply enhanced
CDD
 FINDINGS OF NATIONAL RISK ASSESSMENT
AND MUTUAL EVALUATION
PRESENTATION OUTLINE REPORT

National Risk The sectorial risk for the Professional Accountancy Sector was
Assessment
evaluated as being ‘Medium’ in the National Risk Assessment
August 2019 2019.

The NRA highlights that there have been cases where

professional accountants were involved in setting up complex
structures and where they acted as nominees to hide the true
identity of the beneficial owner of their clients.

Mutual Evaluation
Report 2018 Supervisory authorities do not have a dynamic methodology to
assess ML/TF risks in individual DNFBPs.
 FATF SPECIFIED ACTIVITIES OF
ACCOUNTANTS
FATF recommendations apply to specified activities in R.22
i. Audit and assurance services (including reporting accountant work in initial public offerings)
ii. Book-keeping and the preparation of annual and periodic accounts
iii. Tax compliance work
iv. Tax advice
v Trust and company services
vi Internal audit (as a professional service), and advice on internal control and risk management
vii Regulatory and compliance services, including outsourced regulatory examinations and remediation services

viii Company liquidation/insolvency/receiver-managers/bankruptcy related services

ix Advice on the structuring of transactions
x Due diligence in relation to mergers and acquisitions
xi Succession advice
xii Advice on investments and custody of client money
xiii Forensic accounting
 FATF RECOMMENDATIONS RELATING TO
ACCOUNTING PROFESSIONALS
• The requirements of FATF R.22 regarding R. 10 (customer due diligence), R.11
(record-keeping), R.12 (PEPs), R.15 (new technologies) and R.17 (reliance on
third parties) apply to accountants in certain circumstances.
• Specifically, the requirements of R.22 applies to accountants when they
prepare for or carry out transactions for their clients concerning the
following activities:
a) Buying and selling of real estate
b) Managing of client money, securities or other assets
c) Management of bank, savings or securities accounts
d) Organization of contributions for the creation, operation or management of
companies
e) Creating, operating or management of legal persons or arrangements, and
buying and selling of business entities.
 RBA for Accounting Profession -
Implications

Cannot avoid risk entirely

Conduct risk assessment

Limits to RBA: ML/TF is a
real and serious problem
that accountants must
Assess vulnerabilities (risk by sector, type of address so that they do
services offered, client base, jurisdictions, not, unwittingly or
otherwise, encourage or
effectiveness facilitate it.
 VULNERABILITIES OF ACCOUNTING
SERVICES TO ML/TF RISKS 1
Functions performed by Vulnerabilities
Accountants
Financial & tax advice Criminals may pose as individuals seeking financial
or tax advice to place assets out of reach
Company and trust Criminals forming corporate vehicles, including
formation complex legal arrangements to disguise proceeds of
crime
Buying or selling of property Use of property transfers by criminals to cover
transfers of illegal funds (layering stage) or the final
investment of laundered criminal proceeds
(integration stage)
 VULNERABILITIES OF ACCOUNTING
SERVICES TO ML/TF RISKS 2
Functions performed by Vulnerabilities
Accountants
Performing financial Criminals may use accountants to carry out or
transactions facilitate various financial operations on their behalf
(e.g. cash deposits or withdrawals on accounts,
foreign exchange operations, issuing and cashing
cheques, purchase and sale of stock, sending and
receiving international funds transfers etc.)
Introductions to financial Criminals may use accountants as introducers or
institutions intermediaries to gain access to financial services
Buying or selling of property Use of property transfers by criminals to cover
transfers of illegal funds (layering stage) or the final
investment of laundered criminal proceeds
 ML INDICATORS
SOME AREAS OF POTENTIAL ML/TF RISKS
• Large cash deposits EXAMPLE
• Use of third parties In country X, drug offenders engaged
• Use of a professional accountant to set up a complex
structure of legal entities including
• Co-mingling of criminal proceeds with trust to launder proceeds, in particular:
legitimate business ❖ Layering entities to hide the
• Use of nominee directors/shareholders beneficial control of companies
controlling assets
to hide the ownership of business
❖ Use of accountant to access
• Purchase of real estate complex structures and acts as an
• Use of trust to hide the ownership intermediary
of real estate ❖ Use of trust to hide criminal
involvement in transactions
 ML INDICATORS
RED FLAGS/POTENTIAL ML/TF RISKS
Customer Risk - examples Transaction Risk - examples
• Significant and unexplained geographic • Transactions unduly expedited without reasonable
distance between your firm and the client explanation
• Unusual involvement of third parties / • Unexplained delegation of authority by the client
intermediaries through the use of powers of attorney, mixed
boards and representative office
• Structure/ nature of entity/ relationship that • Unexplained use of corporate structures, express
hide the identity of ultimate beneficial owner, trusts, nominee shares and/or bearer shares
true owner or controlling interest
• Introduction of unknown parties at a later stage of
• Cash intensive business assessed as high risk transactions
Involvement of charities and other non-profit
organizations assessed as high risk • Use of large amounts of cash/ large movements of
funds inconsistent with customer’s profile
• Involvement of higher risk clients such as • Frequency of transaction that is beyond the norm
individuals from high risk jurisdictions, foreign for companies (without reasonable explanation)
PEPs or domestic PEPs assessed as high risk
etc. • Transactions where there are doubts about the
validity of the documents submitted
• Avoiding personal contact without good
reason 8.Attempt by customer to maintain a
high and unusual degree of secrecy
RISK BASED APPROACH - Key Takeaways
Identification of
potential ML risks
associated with
clients and
transactions

Focus on Some degree of

customers and judgment
transactions that involved in
potentially pose determining client
greatest ML risk risk levels

RBA is not a zero-failure

approach. Cases where
systems have been used
for ML/TF purposes
despite AML/CFT
measures
RISK BASED APPROACH - Key Elements
Risk Identification and • Identify ML/TF risks given clients, services,
countries of operation and publicly available
Assessment information on ML/TF risks and typologies

Risk Management and • Identifying and applying measures and

efficiently mitigate and manage ML/TF risks
Mitigation

• Putting in place policies, procedures and

Ongoing Monitoring information systems to monitor changes to risks

• Documenting risk assessments, strategies,

Documentation policies and procedures to monitor, manage and
mitigate ML/TF risks
 RISK FACTORS
ML/TF RISK FACTORS -Accountants
-Politically Exposed Person
-Industry ML/TF risks of -Country of
client incorporation/domicile
-Complex structures/Trusts of client and beneficial
-Cash intensive clients owner
-Country where
transactions/operations
-
are carried out/services
-Cash transactions
are provided
-Pooled client accounts -Location of source of
-Custody of client money or wealth or funds
assets
-Advisory services for
setting up legal
arrangements
-Non cash wire transfers -Delivery channel risk
-Transfers of real estate and associated with transactions
other high value goods or and services
assets between parties
-
ML/TF RISK ASSESSMENT-Risk based model
COMPONENTS OF A RISK BASED MODEL
• Inherent risks – (Client risk, Country Risk, Transaction/Service Risk and associated delivery channel risk)
• Controls – (compliance program- appointment of Compliance officer and MLRO, independent audit
function, policies and procedures etc.)
• Residual Risks

RISK RATING SUMMARY

RISK FACTORS INHERENT CONTROL RESIDUAL DIRECTION OF
RISK RISK RISK RISK
CLIENT RISK
COUNTRY RISK
TRANSACTIONS/SERVICES
RISK
DELIVERY CHANNEL RISK
AGGREGATE RISK
 ML/TF RISK ASSESSMENT- INHERENT RISKS
CLIENT RISK 1
1
• Client operations in industries or sectors with prevalent opportunities for ML/TF

2
• Client is a PEP or a person closely associated with or related to PEPs

• Structure or nature of the entity or relationship makes it difficult to identify in a

timely manner the true beneficial owner or controlling ownership or the nature of
3
their transactions.

4
• Client is a cash (and/or cash equivalent) intensive business
• Clients are themselves subject to and regulated for a full range of AML/CFT
requirements consistent with the FATF (e.g. casinos, money changers, gambling
5 houses, dealers in precious metals and stones)
• In assessing the risk profile of the client at this stage, reference must be made to
6
the relevant targeted financial sanctions lists to confirm neither the client nor the
beneficial owner is designated and included in any of them.
 ML/TF RISK ASSESSMENT- INHERENT RISKS
CLIENT RISK 2
• Transactions of Non-profit or charitable organizations for which there appears to
be no logical economic purpose or where there appears to be no link between
1
the stated activity of the organization and the other parties in the transaction.
• Clients using financial intermediaries, financial institutions or DNFBPs that are not
2 subject to adequate AML/CFT laws and measures and supervision.

3 • Clients who have no address, or multiple addresses without legitimate reasons

• Clients who have funds that are obviously and inexplicably disproportionate to
4 their circumstances (e.g. their age, income, occupation or wealth).
 ML/TF RISK ASSESSMENT- COUNTRY RISK 1
COUNTRY RISK
Client’s business is connected to a higher risk country as regards:
a) the origin, or current location of the source of wealth or funds;
b) where the services are provided;
c)the client's country of incorporation or domicile;
d) the location of the client's major operations;
e) the beneficial owner's country of domicile; or
f) target company's country of incorporation and location of major operations (for
potential acquisitions).
Countries associated with the risks of terrorism financing, organized crime, corruption,
or other criminal activity, including source or transit countries for illegal drugs, human
trafficking and smuggling and illegal gambling.
 ML/TF RISK ASSESSMENT- COUNTRY RISK 2
COUNTRY RISK
Countries with weak governance, law enforcement, and regulatory regimes,
including countries identified by FATF statements as having weak AML/CFT
regimes, in relation to which financial institutions (as well as DNFBPs) should give
special attention to business relationships and transactions.

Countries identified by credible sources to be uncooperative in providing

beneficial ownership information to competent authorities, (e.g from FATF
mutual evaluation reports or OECD Global Forum reports on compliance with
international tax transparency standards).

Countries subject to sanctions, embargoes or similar measures issued by

international organisations such as the United Nations
 ML/TF RISK ASSESSMENT-
TRANSACTION/SERVICE RISK AND ASSOCIATED
DELIVERY CHANNEL RISK 1
• Use of pooled client accounts or safe custody of client money or assets without
justification.
• Situations where advice on the setting up of legal arrangements may be misused
to obscure ownership or real economic purpose (including setting up of trusts,
companies or change of name/corporate seat or establishing complex group
structures)
• Services where accountants may in practice represent or assure the client’s
standing, reputation and credibility to third parties, without a commensurate
knowledge of the client’s affairs.
• Services that are capable of concealing beneficial ownership from competent
authorities.
• Services requested by the client for which the accountant does not have
expertise except where the accountant is referring the request to an
appropriately trained professional for advice.
 ML/TF RISK ASSESSMENT-
TRANSACTION/SERVICE RISK AND ASSOCIATED
DELIVERY CHANNEL RISK 2
• Non-cash wire transfers through the use of many inter-company transfers within
the group to disguise the audit trail.
• Services that rely heavily on new technologies (e.g. in relation to initial coin
offerings or virtual assets).
• Transfer of real estate or other high value goods or assets between parties in a
time period that is unusually short for similar transactions with no apparent legal,
tax, business, economic or other legitimate reason.
• Transactions where it is readily apparent to the accountant that there is
inadequate consideration, where the client does not provide legitimate reasons
for the transaction.
• Administrative arrangements concerning estates where the deceased was known
to the accountant as being a person who had been convicted of proceeds
generating crimes.
 ML/TF RISK ASSESSMENT-
TRANSACTION/SERVICE RISK AND ASSOCIATED
DELIVERY CHANNEL RISK 3
• Transactions using unusual means of payment (e.g. precious metals or stones).
• Acquisitions of businesses in liquidation with no apparent legal, tax, business,
economic or other legitimate reason.
• Power of representation given in unusual conditions (e.g. when it is granted
irrevocably or in relation to specific assets) and the stated reasons for these
conditions are unclear or illogical.
• Transactions involving closely connected persons and for which the client and/or
its financial advisors provide inconsistent or irrational explanations and are
subsequently unwilling or unable to explain by reference to legal, tax, business,
economic or other legitimate reason.
• Situations where a nominee is being used (e.g. friend or family member is named
as owner of property/assets where it is clear that the friend or family member is
receiving instructions from the beneficial owner) with no apparent legal, tax,
business, economic or other legitimate reason.
 ML/TF RISK ASSESSMENT-
TRANSACTION/SERVICE RISK AND ASSOCIATED
DELIVERY CHANNEL RISK 4
• Payments received from un-associated or unknown third parties and payments
for fees in cash where this would not be a typical method of payment.
• Commercial, private, or real property transactions or services to be carried out by
the client with no apparent legitimate business, economic, tax, family
governance, or legal reasons.
• Existence of suspicions regarding fraudulent transactions, or transactions that are
improperly accounted for. These might include:
a. Over or under invoicing of goods/services.
b. Multiple invoicing of the same goods/services.
c. Falsely described goods/services – over or under shipments (e.g. false entries on bills of
lading).
d. Multiple trading of goods/services.
 ML/TF RISK ASSESSMENT -Documentation
• Every reporting person shall document the risk assessments in writing,
keep it up to date and, on request, make it available to relevant competent
authorities without delay.
• Risk assessments should demonstrate that accountants understand their
ML/TF risks (for clients, countries or geographic areas, services,
transactions or delivery channels).
• Accountants should demonstrate basis of risk that professional care and
use compelling good judgement have been used and not a checklist risk
assessment.
• A risk assessment should not only be carried out for each specific client and
service on an individual basis, but also to assess and document the risks on
a firm-wide basis, and to keep risk assessment up-to-date through
monitoring of the client relationship. The written risk assessment should be
made accessible to all professionals having to perform AML/CFT duties.
 INTERNAL CONTROL MEASURES
AML/CFT CDD and EDD
Requirements Compliance Programme
Record Keeping
Risk Profiling
Reporting of STR
Transaction Monitoring
Internal Audit
 COMPLIANCE OFFICER
High expectation on the role and duty of compliance officers
Reporting to Senior Management

Drawing up of AML/CFT procedures

Proper implementation of AML/CFT procedures

Raising staff awareness on AML/CFT

Reporting of STRs (When assuming role of MLRO)

ML/TF risk assessment and transaction monitoring

 Customer Due Diligence - CDD
At onboarding 1. Obtain CDD information
stage and identification and
during periodic verification –
reviews
2. Obtain additional
Identify and
information in case of
verify BO When is CDD suspicion
required?
3. Inquire on source of
Maintain wealth and/or funds
records
4. Sanctions Screening
 Customer Due Diligence - EDD
Clients assessed 1. Obtain CDD information
as higher risk identification and
verification –

Foreign PEPs
2. Obtain additional
information
When is
Domestic PEPs Enhanced CDD
and customers required? 3. Inquire on source of
assessed as wealth and/or funds
higher risk
4. Obtain approval from
Customers from
Senior Management
high risk
jurisdictions
(black and grey 5. Requirements to conduct
list) ongoing EDD
 BENEFICIAL OWNERSHIP INFORMATION
FIAML REGULATIONS 2018
Where the customer is a legal person, the financial institution shall identify and
take reasonable measures to verify the identity of beneficial owners by obtaining
information on –
(a) the identity of all the natural persons who ultimately have a controlling
ownership interest in the legal person;
(b) where there is doubt under paragraph (a) as to whether the person with the
controlling ownership interest is the beneficial owner or where no natural
person exerts control through ownership interests, the identity of the natural
person exercising control of the legal person through other means as may be
specified by relevant regulatory body or supervisory authority; and
(c) where no natural person is identified under paragraph (a) and (b), the identity
of the natural person who holds the position of senior managing official.
 ROLE OF FINANCIAL INSTITUTIONS IN
MAINTAINING BENEFICIAL OWNERSHIP (BO)
INFORMATION
• Crucial role of FIs and DNFBPs to prevent the misuse of legal persons and
arrangements for ML/TF – by obtaining adequate and accurate BO
information on legal persons and legal arrangements;
• Misuse of corporate vehicles can facilitate ML/TF, thus threatening
reputation of the banking sector and jeopardizing financial stability;
• Availability of BO information assists competent authorities by identifying
those natural persons who may be responsible for the underlying concern
or who have information to further the investigation;
• This information makes corporate vehicles less attractive for criminals; and
• Appropriate compliance, monitoring, and enforcement processes are
therefore critical to ensuring that laws and regulations on beneficial
ownership are observed.
 EXAMPLES OF SHORTCOMINGS FOR
BENEFICIAL OWNERSHIP INFORMATION
• No evidence of identification of UBO;
• No update in beneficial ownership identification and verification during
periodic customer review or following changes in shareholding structure of
legal persons;
• Identification and verification documents of UBO were incomplete. KYC
documents not retained for UBOs;
• No identification of UBO in respect of Government-owned entities or listed
companies where UBO information is not publicly available;
• Sanctions screening of UBO was not carried out;
• Inconsistencies in UBO information in the documents available in file .e.g
name of UBO was different in UBO declaration form and other documents;
and
• No independent verification to ascertain accuracy of UBO information.
 SUPERVISORY ROLE
FOR BO INFORMATION
Assessment of:
• Effectiveness of the risk-based approach for maintenance and updates
of BO information
- Whether ease of access to and availability of information on BOs have been
taken into account during the enterprise wide ML/TF risks assessment of
reporting persons and whether risk management systems and controls are
implemented to manage and mitigate such risks;

- Whether for higher risk situations, the reporting persons have duly conducted
enhanced due diligence to identify and verify the BO and this process has been
sufficiently documented;
 SUPERVISORY ROLE
FOR BO INFORMATION
Assessment of:
• Adequacy of training program of reporting persons on identification
and verification of BOs (whether such training is sufficiently comprehensive
and encompasses situations of higher risk and where BO information may be
obscured; whether employees, senior management and board of directors have
been made aware through training, of their obligations with regard to BO
information);
• Adequacy of internal audit reviews of risk management processes for
effectively maintaining and updating BO information (adequacy of risk-
based audits, frequency of audits, audit coverage, follow-up action on audit
recommendations); and
• Adequacy of Compliance function (operational and effective for
maintaining and updating BO information).
 Training of staff
Ongoing training programme for directors, officers and employee

Assist staff to identify suspicious transactions

Requirement as
per regulation Instruct staff in AML/CFT procedures
22(1)(c) of FIAML
Regulations 2018
Training programme to include legal requirements, policies and
procedures, sanctions, new developments

Training on an ongoing basis

Feedback on training to assess effectiveness

 General Observations from Examinations -
DNFBPs
Areas Lapses observed

Conduct of CDD and • Inadequate CDD on BO of legal persons

EDD • Absence of EDD on higher risk customers
STR reporting • No reporting mechanism for suspicious transactions
mechanism
Sanctions screening • No sanctions screening on customers

ML/TF risk • Absence of documented client risk profiling

assessment and • No ML/TF risk assessment
client risk profiling
AML/CFT • Absence of/Inadequate written AML/CFT policies and procedures
Compliance • Absence of Senior Management oversight
Programme • No compliance officer appointed
• No AML/CFT awareness and training programme
 General Observations from Examinations –
Accounting Profession
Areas Lapses observed

Conduct of CDD and • Absence of CDD (in some cases)

EDD • Inadequate CDD for complex structures
• No proper record-keeping
• No UBO register
• Inadequate identification of PEPs
STR reporting • Absence of STR register
mechanism
Risk-Based • No proper implementation of Risk-Based Supervision
Supervision
Risk monitoring • No proper monitoring of high risk customers

AML/CFT • Absence of/Inadequate written AML/CFT policies and procedures

Compliance • No compliance officer appointed
Programme • Inadequate AML/CFT awareness and training programme
 Addressing AML/CFT non-compliance
Issue warning

Risk Mitigation Plan with timeframe for remedial actions

Supervisor to determine
whether a direction, an Issue of Cautionary letters
administrative sanction
or criminal prosecutions
to be pursued Issue of monetary penalty

Impose such administrative penalty as may be prescribed

Ban the member from conducting his profession or business for a period
not exceeding 5 years

Revoke or cancel a license, an approval or an authorization as the case may be

Thank You