The new Anti-Money Laundering Ordinance-FINMA (AMLO-FINMA) will enter into force on 1 January 2020, at the same time as the new CDB 20. Affected institutions should deal with the increased requirements at an early stage and not underestimate the effort required for the implementation of individual, tightened obligations.
The most important AMLO-FINMA changes in brief
- The threshold for identifying the counterparty when executing cash transactions will be lowered from CHF 25,000 to CHF 15,000.
- Financial intermediaries with branches and group companies abroad will now be obliged to introduce and implement increased reporting, monitoring and control procedures in order to comply with the obligation to monitor legal and reputational risks globally.
- The use of domiciliary companies will have to be investigated and documented. In doing so, it will also have to consider the complexity of the structure in question.
- The financial intermediary has to ensure that for payment orders, the information on the contracting party is accurate and complete, and that the beneficiary’s information is complete as well.
- Should the financial intermediary maintain business relationships with clients in a country deemed to be “high risk” or non-cooperative according to FATF, or if payments are sent to or received from such a country, this business relationship need to be considered high-risk under all circumstances.
- The highest management body will have to decide on the submission of suspicious activity reports in accordance with Art. 9 AMLA and Art. 305(2) Swiss Penal Code (SPC). The decision for a suspicious activity report might be delegated to other, clearly defined functions.
Implications for financial intermediaries
The structure and the content of the AMLO-FINMA remain as they were before. Nonetheless, the implications of the current changes are material for the financial intermediaries concerned, for instance:
Cash transactions: For cash transactions of CHF 15,000 or more, the contracting party and beneficial owner has to be identified and established if the bank has no business relationship with this party. The financial intermediaries need to train their employees accordingly and adapt the respective processes and controls (e.g. forms, transaction monitoring, compliance controls).
Branches and group companies abroad: Although branches and group companies abroad should already be comprehensively monitored as part of the consolidated supervision regime, the implementation varies significantly between institutions. The AMLO-FINMA now sets the pace:
- A periodic consolidated risk analysis need to be prepared. Accordingly, a group-wide and standardised risk process need to be established.
- A standardised reporting with quantitative and qualitative information needs to be in place. Furthermore, branches and group companies abroad will have to actively inform the parent company about critical business relationships and/or transactions. The implementation of this becomes difficult in countries that have a banking secrecy rule in place; here, an adequate solution will be required (e.g. client waiver).
- The group’s compliance function will have to perform regular controls on-site at the branches/group companies. This will significantly increase the coordination efforts and required resources at group level.
- In addition, the group has to make sure that it has uniform standards for combating money laundering in place throughout the group and that these are implemented, taking into account local rules.
Domiciliary companies: A financial intermediary should already today investigate, understand and document the reason and purpose of a domiciliary company. The new AMLO-FINMA will explicitly require institutions to clarify and document the reasons for using a domiciliary company. Criteria that warrant a closer look in regard to higher risks are in particular complex structures (e.g. the use of several domiciliary companies or domiciliary companies with fiduciary shareholders), non-transparent jurisdictions, no verifiable reason/purpose or short-term asset placement. Anyway, financial institutions should already deliberate today whether they should enter into or continue business relationships with domiciliary companies lacking a verifiable reason/purpose.
Payment orders: The responsibility for the completeness of the information in payment orders will be with the financial intermediary. The institutions and securities dealers concerned will have to review and adjust not only their payment systems and parameters but also their policies and internal processes. Last but far from least, this will also apply to the tools used to detect and possibly block payments from and to sanctioned countries.
High-risk business relationships and transactions: Internal risk assessments of the financial intermediary will no longer be sufficient for the identification of business relationships and transactions with increased risks. The AMLO-FINMA will require that the countries regarded by the FATF as “high-risk” or non-cooperative are also taken into account. This means that a regular mechanism is necessary to include any changes related to FATF risk countries and to incorporate them into the institution’s daily processes and controls.
Right to report and obligation to report: Art. 25a AMLO-FINMA will require that only the highest management body and/or persons who hold controlling functions (i.e. non-revenue generating functions) will be able to decide whether a suspicious activity report according to Art. 9 AMLA (reporting duty) or Art. 305ter para. 2 SCC (right to report) has to be filled. This should avoid conflicts of interest when deciding to report or not to report.
What are the next steps for financial intermediaries?
Some of the new provisions may take quite a bit of time to implement (e.g. group supervision). It is advisable to start implementing the more complex aspects sooner rather than later. Financial intermediaries should ask themselves the following questions:
- In what way and in which areas will my institution be affected by the new provisions?
- Which internal guidelines, regulations and instructions will have to be revised or, if necessary, drawn up?
- Where will there be a need for training and which employees need to be trained locally and abroad?
- How will the new Ordinance affect the institution’s risk appetite, risk management and reporting?
- What is our communication concept for the various aspects, e.g. the introduction/implementation of a group supervision or the protocol related to the right to report and/or duty to report?
- To what extent should our management information and general reporting be adjusted?
- How will processes and controls have to be adjusted?
- Will increased quality assurance measures be necessary, especially before and during the first months after implementation?
Our services and further information: