On 8 May 2019, the Central Bank of Ireland found Campbell O’Connor & Company, a private client stockbroker, guilty of five breaches of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (CJA 2010) between July 2010 and November 2016.
These breaches comprised of failings in the firm’s anti-money laundering and combating the financing of terrorism (AML/CFT) framework. The investigation into the company was instigated following a themed supervisory inspection, as part of the Central Bank’s ongoing engagement with the investment firm sector.
The stockbrokers admitted the breaches and were fined €280,000.
Following this enforcement action, Seána Cunningham, the Director of Enforcement and Anti Money Laundering at the Central Bank, stated:
- This is the first enforcement action taken against a stockbroker for breaches of the CJA 2010 and is a timely reminder to the broader financial services sector that AML/CFT compliance is, and will remain, a key priority for the Central Bank.
- Interestingly, and not entirely unrelated to this enforcement action, Campbell O’Connor & Company is closing down in June 2019 citing the reason as being:- ‘the ever-increasing complexity of doing business in a changing regulatory landscape which does not favour smaller firms’
Let’s now take a look in more detail at the five breaches of the CJA 2010 that the Central Bank identified, and discuss why these issues are so important.
1. Risk assessment
It was found that Campbell O’Connor failed to conduct any risk assessment of money laundering/terrorist financing (ML/TF) risks for over three years following the introduction of the CJA in 2010. Subsequently, the risk assessments conducted between November 2013 and November 2016 neglected to consider several key risks. For example, they failed to carry out:
- an adequate assessment of the customer and geographic risks facing its business
- any assessment of the risk of terrorist financing facing its business.
2. Why is this so important?
A thorough risk assessment of a customer profile, the type of services offered to those customers and the jurisdictions in which those customers live or conduct business are vital to ensuring that all relevant ML/TF risks are mitigated.
3. Policies and procedures
The Central Bank reported that the stockbroker firm did not have documented AML/CFT policies and procedures in place for over three years following the introduction of the CJA 2010. The policies and procedures employed between November 2013 and November 2016 were lacking in several respects, mirroring their issues with risk assessment.
These deficiencies included:
- when third-party payments were identified as high-risk customer activity, adequate policies and procedures to mitigate the risk were not adopted
- policies and procedures which were not adopted for preventing and detecting TF or mitigating the risk that its customers could be involved in these activities
- policies and procedures which were not adopted to ensure that the firm’s board of directors formally reviewed and, where appropriate, revised the AML/CFT policies and procedures on an ongoing basis
4. Why is this important?
Robust and effective policies and procedures are critical in protecting financial institutions from financial crime risk, as well as the integrity of the financial system as a whole. There should be regular compliance monitoring of the application of any organisation’s AML/CFT policies and procedures. Or, in the words of the FCA:
A firm must establish, implement and maintain adequate policies and procedures sufficient to ensure compliance of the firm including its managers, employees and appointed representatives (or where applicable, tied agents) with its obligations under the regulatory system and for countering the risk that the firm might be used to further financial crime.
Transaction monitoring
This relates to the company’s transaction monitoring process and the fact that it failed to consider the customer’s source of wealth, business activities and previous account activity. Instead, it assumed that its staff had sufficient personal knowledge of its customers to be able to mitigate ML/TF risk.
Why is this important?
- Firms are expected to implement robust transaction monitoring processes to be able to determine whether a transaction(s) could be suspicious.
- For these robust processes to function as well as they should, risk-based customer due diligence (CDD) must be conducted.
- This should always be documented and not just stored ‘in the heads’ of employees.
- Remember, as far as regulators are concerned, if it’s not documented, it didn’t happen.
Third party reliance
- In line with the CJA 2010, only third parties that have an ‘appropriate arrangement’ with a firm can be relied upon to conduct CDD on their customers.
- However, the Central Bank reported that the stockbroker relied on several third parties without ensuring that all the necessary arrangements were in place.
- Consequently, they could not guarantee that the third parties had conducted the required CDD on their customers. Furthermore, they could not guarantee that the third parties could provide CDD documents or other relevant customer information if requested.
Why is this important?
- FATF Recommendation 17 states that third parties can be relied upon to perform elements of CDD provided that certain criteria are met.
- These criteria include ensuring that copies of the CDD documentation are made available from the third party upon request and that the financial institution (FI) must immediately obtain the information gathered.
- Also, the FI must ensure that the third party is regulated and has measures in place to comply with CDD requirements.
- Ensuring that all of the above takes place is vital. Having the required and correct CDD means that not only will you know who your customer is and ensure that money launderers and terrorist financiers (or even sanctioned individuals) are not gaining access to the banking system, but you will be able to identify suspicious/unusual activity on the account, as you will already have knowledge of what is ‘normal’.
Staff training
- Between July 2010 and September 2015, Campbell O’Connor failed to demonstrate that its staff training met the required standard. Also, the firm failed to provide ongoing training regarding the identification of suspicious transactions.
Why is this important?
- Failure to provide effective AML/CFT training increases the risk that staff fail to comprehend key ML/TF risks fully and will, therefore, fail to identify suspicious transactions. If this is the case, ML/TF could end up going undetected
Written by Holly Whitehead on Wednesday, May 22, 2019 – article sample –
https://www.int-comp.org/insight/2019/may/irish-stockbroker-enforcement-action/