ALFI agrees with the abovementioned statement, which is in line with the 4th Anti-money laundering directive and the FATF Recommendations.
ALFI is of the view that the minimum action in Article 3 is appropriate. However it might be useful to suggest that the entity located in the third-country also identifies and perform a gap analysis of the group policies and procedures against the third-country legal requirements and report on the outcome. This may be contained in Article 4 1b). Finally the compliance of third countries with the FATF Recommendations could also be assessed with a review of the latest FATF or regional body-like report concerning the jurisdiction concerned.
ALFI doesn’t agree with the minimum action in article 4. Some doubts could indeed be raised concerning the inclusion of such an article in the guidelines. The compliance officers employed by a branch or majority-owned subsidiary in a third country should always be able to perform individual ML-TF risk assessments locally by taking into account the standards of the group policies. These local compliance officers should then be able to report at least metrics of these individual ML-TF risks assessments to their global headquarters.
For example, the following measures could be taken by way of a statistical reporting:
a. Number of PEPs
b. Number of high risk customers
c. Number of suspicious transactions
d. Number of ‘’true hits’’
e. Number of STRs filed
f. Number of blocked accounts
g. Number of blocked transactions
We wouldn’t recommend any further minimum actions under article 4.
ALFI agrees with the minimum actions and additional measures under article 5. We would like to underline that following the consents granted by the customer and the beneficial owner, the branch or majority-owned subsidiary in the third-country could also be in a position to leverage the KYC due diligences performed by another entity of the group located in another jurisdiction, when this entity does already have a business relationship with the same customer.
ALFI agrees with the minimum action mentioned in article 6. We would request in addition a monthly reporting in the number of clients and/or beneficial owners who refused to provide their KYC documentation. Finally one could also assess whether the FIU of the third country can share intelligence with foreign FIUS via networks such as FIU.NET (Europol), GoAML (UN Office on Drugs and Crime) or the Egmont Group.
We agree with the minimum action proposed. However we would ask for an AML/CTF risk assessment of the customer to be performed on an annual basis since customers in a third country with limitations of data transfer possibilities cannot reasonably be classified as low risk. It is important to have a risk identification and assessment framework and a proper setup for mitigating the identified risk.
In our view there are no additional scenarios to address. The consultation is exhaustive.
As an additional remark, we would like to underline that in certain countries the on-going screening of the employees may be abusive under privacy law whereas the measure can be acceptable during the recruitment process. Therefore it is not certain that constantly monitoring the employees is necessarily admitted. It could eventually be perceived as an intrusive procedure even with the employee consent which in that case has not been given freely.
ALFI agrees with the impact assessment. In particular, in the USA, Russia and Algeria local AML rules impede the disclosure of information on SARs and STR done to the local FIUs by local branches or majority-owned subsidiaries to the global headquarter located overseas.We also agree with option 3 and the conclusion that by identifying different legal impediments, it is possible to propose targeted measures to address the resultant risk.