Financial institutions may be familiar with conducting Bank Secrecy Act/Anti-Money Laundering (AML) risk assessments, but the recent raft of Beneficial Ownership-focused regulations, standards and recommendations demands a deeper, more granular examination of new and existing clients. Know Your Customer due diligence not only means identifying and verifying a client’s identity, but any Beneficial or Ultimate Ownership by using reliable, timely independently sourced documents, data and information rather than relying on self-certification. Multiple Beneficial Ownership definitions and thresholds, as well as delays to the creation of central data registries, add to the compliance challenge.
Financial institutions therefore need a well-designed integrated Beneficial Ownership management program demonstrating that “all reasonable measures” have been exhausted to meet regulatory obligations and successfully manage compliance risk.
For many organisations, Beneficial Ownership may not have been a mandatory element in customer identification/onboarding processes and therefore not highlighted as a key factor in existing customer risk models.
It is also likely that Beneficial Ownership data management obligations and controls were not considered as a separate factor in the overall compliance risk assessment. Conducting an enterprise-wide AML risk assessment is crucial to identifying potential gaps in existing controls, policies, procedures and processes. The risk re-assessment should also consider how the Beneficial Ownership/UBO risk is being managed and controlled throughout the entire compliance programme including policies, procedures, risk ranking, customer due diligence, reporting, record keeping, on-going monitoring, internal control and auditing.
Common Beneficial Ownership Program Weaknesses
- Risk assessments not performed, documented or shared with other business units
- Ineffectual policies and procedures
- Reliance on manual input (re-keying errors)
- Poor communication between front line and compliance staff
- Inadequate AML risk-rating
- Lack of AML risk ‘ownership’
- Costly and burdensome remediation cycle
- Poor staff training
Key steps to creating a Robust Beneficial Ownership Program
Follow the FATF AML framework:
The program should manage the full Beneficial Ownership data governance life-cycle and should be integrated into each component of the entire compliance program including policies, procedures, risk management, due diligence, reporting, record keeping, training, culture, independent testing and audit.
Embrace a risk-based approach:
Implement a reasonable risk assessment process to evaluate how the Beneficial Ownership data as a factor would impact the customer risk profile as well as the overall enterprise-wide compliance and audit risk assessment. The risk level elevation should lead to a deeper due diligence, require a higher level of approval and more closed monitoring, testing and auditing.
Utilize a combination of the best available mechanisms:
Adopt a combination of the best available mechanisms, which include customer self-certification, integrating/cross referencing with the registry or reputable third party Beneficial Ownership data with the addition of adverse media and open source findings for enhanced due diligence.
Centralize the enterprise-wide Beneficial Ownership structures to meet compliance and business needs:
Have the capability to share and obtain the Beneficial Ownership information across the enterprise and associated affiliates. Ideally, it should allow automated regulatory reporting based on self-configured ownership.
Beneficial Ownership Program Strengths
- Consistent and updated identification of regulatory risks/obligations.
- Collaboration between stakeholders.
- Clearly defined processes for data collection, identification and verification as well as triggers for refreshing and reviewing.
- An escalation process if information is missing or inaccurate.
- Creation of a comprehensive risk-scoring model
- Effective executive and departmental sponsorship
- Access to Beneficial Ownership data through a central data repository.
Adopting these best practices will help stakeholders demonstrate to auditors and regulators that “all reasonable measures” have been utilized and risks as a result of increased Beneficial Ownership scrutiny successfully mitigated.
For more information on single customer view, download our whitepaper Beneficial Ownership - Why The Devil Really is in the Detail.