It also made a minor amendment to paragraph 5.3.53 in Part I, which now reads: "In addition, an organisation should have processes that allow the enquirer to capture and store the information they used to verify an identity and/or return a level of assurance that can be stored by the enquirer as evidence of the organisations’ verification processes."
Pooled Client Accounts
A PCA is a bank account that a law firm, letting/estate agent, or other business opens to administer funds that belong to its own clients. The clients’ money is co-mingled but they are not able to instruct the customer-firm to carry out transactions directly. Suspense accounts held by correspondent banks are not PCAs. The JMLSG is worried that the customer-firm's HNW customer might use a PCA to wash dirty money, with or without the knowledge of the firm.
HM Treasury has yet to approve the new text, but this has not deterred the standard-setter from incorporating it in its guidelines in anticipation of a favourable outcome. money-laundering reporting officers and others can find it on JMLSG website under “Current Guidance” or by pressing the “Revisions” tab.
Wealth management firms that route customers' money into these PCAs might like to know that the firms that run PCAs have to take the following into account when assessing a customer.
- Are the funds in the PCA backed by Government schemes?
- Does the PCA serves a limited, domestic, purpose?
- Is the customer-firm subject to the UK's Money Laundering Regulations, which the JMLSG interprets, or something equivalent from overseas?
- Is the customer-firm subject to other rules of regulatory or professional conduct (e.g. rules to do with identifying clients, professional conduct relating to dealing with funds in PCAs or the protection of clients' money)?
- Is the PCA used for activity that is not particularly risky and not within the ambit of the Money Laundering Regulations (e.g. managing assets of HNW people in care, litigation in the UK or property management agents)?
- has the firm has taken reasonable measures to satisfy itself that the customer applies robust and risk-sensitive CDD ("customer due diligence") measures to its own clients and its clients’ beneficial owners (e.g. by obtaining copies of external or internal audit reports, by obtaining appropriate representations from the customer, or by reviewing the customer’s relevant procedures)?
- Was the customer unnecessarily and/or unreasonably reluctant to provide information?
Each firm must sign a written agreement with the customer in which the customer agrees to provide, upon request, information about the identity (including verifying documents/data that the customer has obtained using CDD in line with the Money Laundering Regulations) of the owners of the funds held in the PCAs.
Crypto-laundering
Part II sector 22 deals with crypto-asset exchange providers and custodian wallet providers. Regulation 14A of the Money Laundering Regulations defines a crypto-asset as a cryptographically secured digital representation of value or contractual rights that uses a form of distributed ledger technology and can be transferred, stored or traded electronically. They include both assets that are centralised - i.e. issued by an administrator - and those that are not. The definition is broad enough to include in-game currencies. They are "relevant persons" for the purposes of the Money Laundering Regulations and are required to register with the FCA.
There are many factors that give rise to risks related to money laundering risks in this area.
- Privacy or anonymity. Some unregulated, crypto-asset systems and providers allow people to transact without being fully identified but the stability associated with public blockchains creates persistent, irrevocable transaction records that thst allow firms dealing with funds from anonymous or private sources to scrutinise customers in a risk-based manner. Risks might spring from an association with the darknet and blacklisted addresses and firms should consider using the services of specialist blockchain analysis providers.
- Cross-border operations. A crypto-asset system’s links to several jurisdictions may make it harder for its money-laundering reporting officer to oversee its AML efforts.
- Decentralisation. If the crypto-asset system is decentralised, there is no central server or service provider that has overall responsibility for identifying users, monitoring transactions, reporting suspicious activity and acting as a contact point for law enforcers. In such cases, firms should apply risk-based mitigation measures, such as blockchain analysis.
- Segmentation. The infrastructure being used to make transfers and execute payments may be complex and may involve several entities in different jurisdictions. In such instances, according to the JMLSG, firms should seek to work together with other parties in the value chain to compensate. They should consider whether other parties act on their behalf, as outsourced service providers or as agents.
- Digitisation. Crypto-assets are digital and there are risks associated with non-face-to-face business relationships and the fast and easy movement of funds. This is true of all digital financial services and firms can deploy a range of monitoring and "digital footprint" tools to offset these risks.
- Acceptability. If points of acceptance of crypto-assets for payment are widely available, or if many people are able to transact using crypto-assets, money laundering is likely. There is no single way of dealing with this.
- Immutability. Once a transaction has been validated, the record of it cannot easily be altered. This makes it more difficult for misappropriated crypto-assets to be retrieved. Users should be made aware of such risks to minimise the likelihood of accidental loss.
- Convertability. People's ability to exchange crypto-assets for real-life money or other crypto-assets makes it harder to track transactions and provides a route by which the proceeds of crime can enter or leave the mainstream financial system. Entities can work with other parties in the value chain to deal with this.
- Innovation. This ever-evolving field is likely to give rise to new types of financial crime. The JMLSG wants firms to work collaboratively to keep abreast of them.
It is highly suspicious if the customer:
- is involved in crypto-asset mining operations;
- is a money transmitter which cannot produce the required KYC information and documents;
- uses VPN, TOR, encrypted, anonymous or randomly generated email or a temporary email service;
- asks for an exchange to or from cash, privacy coins or anonymous electronic money;
- sends cryptoassets to a newly created address;
- persistently avoids KYC (know-your-customer) thresholds through smaller transactions;
- asks for an exchange to or from a state-sponsored virtual currency that may be used to avoid sanctions;
- sends or receives crypto-assets to/from peer-to-peer exchanges, or funds/withdraws from/to money without using the platform’s other features; or
- exploits technological glitches or failures to his advantage.
It is also highly suspicious if users can make or accept payments in money from/to unknown or un-associated parties or if a significant proportion of the crypto-assets is held or used in a transaction is associated with privacy-enhancing things such as mixers, tumblers, obfuscated ledger technology, Internet protocol (IP) anonymisers, ring signatures, stealth addresses, ring confidential transactions, atomic swaps, non-interactive zero-knowledge proofs and privacy coins. It is suspicious if a significant proportion of the crypto-assets is held or used in a transaction is associated with "second-party escrow services."
