Anti-money laundering and counter-terrorist financing
11 July 2019
Risks and mitigants for non-regulated companies
Reputational concerns and the growing focus of financial regulators on money laundering and counter-terrorist financing (CTF) are starting to have an impact on how non-regulated sectors of the economy view and address these risks. The United Nations Office on Drugs and Crime has estimated that the amount of money laundered globally on an annual basis is between 2% and 5% of global GDP, or between USD800 billion and USD2 trillion in current US dollars.1 The scale of the problem means that it is becoming increasingly unlikely that governments and regulators will allow breaches of anti-money laundering (AML) laws by non-regulated companies to go unpunished. Furthermore, ensuring that funds do not reach terrorists remains a key focus for governments and regulators globally.
Most commentary on AML issues focuses on regulated companies, which have been subject to significant additional AML and CTF requirements and enforcement for some time. In this paper, we examine some of the risks for non-regulated companies and explore how these risks might be better understood and mitigated.
What is money laundering?
Money laundering is the processing of criminal proceeds to disguise their illegal origin. Money laundering issues can arise for a non-regulated entity in a variety of ways. For example:
- a customer could pay for goods or services using funds derived from a criminal activity;
- a business could benefit from a supplier offering a discount in circumstances where the supplier’s costs are reduced as a result of its breach of environmental or modern slavery laws;
- a business could provide goods or services in breach of sanctions or export controls, in which case the proceeds of such transactions would be derived from criminal activity; and
- in a M&A context, a purchaser could buy a business whose contracts were secured through corrupt practices in a foreign jurisdiction. The contracts in question may constitute criminal property, as could the profits from those contracts.
In principle, all of these examples could give rise to AML issues for a non-regulated company. Even if no criminal proceedings ensue, being involved in conduct tainted by money laundering could cause significant legal and reputational harm to a company, its business, brand and employees. It could also impact its financing arrangements and the ability of investors to exit successfully.
What is terrorist financing?
Disrupting terrorist financing has been a key policy goal for many governments across the world. The provision of funds and other assets are key facilitators of terrorism as they pay for critical enablers of terrorist activities such as weapons, training and travel. Often terrorists use front companies to generate funds and to assist with the logistics that underpin their illegal activities. As a result, your approach to managing AML risks should also include CTF-related measures.
What are the main UK money laundering offences?
For non-regulated companies in the UK, the principal money laundering offences are set out in the Proceeds of Crime Act 2002 (POCA). The offences are to:
- conceal, disguise, convert or transfer criminal property or to remove criminal property from the jurisdiction;
- enter into or become concerned in an arrangement which the person knows or suspects facilitates the acquisition, retention, use or control of criminal property by or on behalf of another person; and
- acquire, use or have possession of criminal property.
“Criminal property” includes a person’s benefit from criminal conduct or property (including money and goods) that represents such a benefit (in whole or in part and whether directly or indirectly) where the alleged offender knows or suspects that it constitutes or represents such a benefit. Conduct that is criminal in any part of the UK is capable of creating “criminal property” and benefits generated from conduct overseas may also constitute criminal property. The bar for suspicion is set very low – it must be a possibility which is more than fanciful.
Possible defences include making an authorised disclosure or, if no disclosure is made, having a reasonable excuse for not making such a disclosure or, in relation to (c) above only, having acquired, used or having possession of the property for adequate consideration. For more information on authorised disclosures, see below.
There is also a so-called “overseas defence” where a person will not commit a principal money laundering offence if (i) they knew, or had reasonable grounds to believe, that the relevant criminal conduct was not, at the time it occurred, unlawful under the criminal law then applying in that country or territory, and (ii) the conduct does not constitute an offence punishable with imprisonment for a maximum term in excess of 12 months if it had occurred in the UK.
In addition, there are reporting offences, which include prejudicing a money laundering investigation. In circumstances where a person knows or suspects that an investigation is being (or is about to be) conducted, it is an offence for them to make a disclosure which is likely to prejudice that investigation, or to falsify, conceal, destroy or otherwise dispose of documents which are relevant to the investigation. It is also an offence to cause or permit the falsification, concealment, destruction or disposal of relevant documents.
With regards to who is liable for money laundering offences, both a corporate entity and an individual may be found liable. Furthermore, it is increasingly likely that non-regulated companies will face tougher punishment for economic crime as the UK Government is under pressure to reform corporate criminal liability in this area. Options include a new offence of failing to prevent economic crime. Currently, there are corporate criminal offences for the failure to prevent bribery and failure to prevent the facilitation of tax evasion, but not for other types of economic crime. Any extension of the ‘failure to prevent’ offence model to other types of economic crime would include money laundering. We are expecting the outcome of the UK Government’s consultation later this year.
What are the main UK CTF offences?
In the UK, under the Terrorism Act 2000, the main CTF offences are as follows. An offence is committed if, with knowledge or reasonable cause to suspect that such property will or may be used for the purposes of terrorism, a person or entity:
- receives, provides or invites another to provide property;
- uses or possesses property;
- becomes concerned in an arrangement in which property is (or is to be) made available to another; or
- facilitates the retention or control of property by or on behalf of another.
As with money laundering, possible defences include making an authorised disclosure or, if no disclosure is made, having a reasonable excuse for not making such a disclosure.
Any person in the non-regulated sector has a duty to report knowledge or suspicions of terrorist financing by a third party, and failure to do so is an offence. It is also an offence for any person to disclose anything likely to prejudice a terrorism investigation.
Liability for money laundering and financing terrorism offences can be avoided through authorised disclosure to the relevant authorities and receiving their clearance for the proposed activity – known as a Defence Against Money Laundering (DAML) or a Defence Against Terrorist Financing (DATF). This involves submitting a Suspicious Activity Report (SAR) setting out the relevant details to the UK’s Financial Intelligence Unit, which is part of the National Crime Agency (NCA), and requesting a defence, before carrying out an activity that a person anticipates could result in them committing an offence.
Similar AML and CTF laws to those in the UK also exist in many other jurisdictions. Whilst complying with local law requirements, you should also be cognisant of recommendations made by the Financial Action Task Force (FATF). FATF seeks to set AML and CTF standards globally and is a key driver in the improvement of AML/CTF measures amongst its members. Consideration of FATF reports and recommendations is a good way of predicting the direction of law reform in this area, and is particularly important when dealing with jurisdictions with less developed AML/CTF regulatory frameworks.
Managing AML and CTF risks
It is clear that non-regulated companies should be taking reasonable and proportionate steps to manage potential money laundering and terrorist financing risks. This is not only good practice but may also be required under commitments made in your finance and/or capital markets documents.
Those steps could include:
- conducting a general risk assessment of the business to identify high-risk activities and test the robustness of the business’s existing policies and procedures to properly manage those risks;
- implementing an effective AML and CTF compliance programme, including a policy detailing how the business and its employees should manage AML and CTF risks;
- ensuring that, at the very least, all directors, officers and employees receive annual training on AML and CTF issues;
- conducting internal and/or external audits of high-risk customer or supplier relationships or particular transactions to evaluate the effectiveness of the business’s AML and CTF processes and procedures;
- in certain high-risk jurisdictions, conducting enhanced due diligence to ensure the funds you are receiving are not tainted by illicit activities and any funds you are transferring are destined for legitimate purposes;
- including appropriate AML/CTF provisions in relevant contracts; and
- ensuring that your KYC procedures are sufficiently robust.
Ideally, these AML and CTF measures would complement a non-regulated company’s broader compliance programme on its management of risks relating to issues such as sanctions, export/import controls, environmental matters, human rights and bribery/corruption.
Managing AML risks in a M&A context
In a M&A context, buyers are becoming much more wary about the money laundering risks they may be inheriting with the target business. In the last 18 months we have seen a growing focus on AML/CTF alongside the more traditional areas of buyer due diligence such as bribery and sanctions.
For buyers, conducting an initial compliance risk assessment of the business is key – this will then allow you to tailor your diligence in a proportionate and targeted manner (whilst, of course, recognising wider deal dynamics such as timing and process constraints). For many deals, AML/CTF diligence should be part of the standard diligence package alongside robust contractual protections. You should, for instance, be taking a close look at the internal controls which the target business has in place before on-boarding clients and making payments. Such considerations are particularly important given that, if criminal conduct has been on-going, the target may have proceeds of crime in the business which will be transferred to you at completion and therefore potentially trigger money laundering offences.
For sellers, the priority should be to ensure that the business being sold has a robust and clear set of compliance procedures in place so you can demonstrate that the business understands and manages the risks effectively. Deals can potentially unravel when the target’s internal compliance programmes are weak by international standards and there is a drip feed of negative data through the disclosure process. In many cases, we have also seen adverse compliance information come to light for the first time during the diligence phase as bidders’ questions are raised with the business. The overall message is to have your compliance programme in order before you go to the market and know where any weaknesses may lie. You should also expect to give a range of business compliance representations covering, at the very least, AML, CFT, sanctions and bribery/corruption issues. It would be advisable to road test these against the business before the sale process commences to identify any areas of concern.
In the UK, if there is a suspicion or knowledge that criminal proceeds are involved during a transaction, it may be necessary to make a DAML SAR to the NCA in order to protect you against committing a money laundering offence. This may have a significant impact on the transaction’s execution and timetable as, once the disclosure has been made to the NCA, the NCA has seven working days in which it may refuse consent, require more time to launch a more detailed investigation or grant an authorisation (which technically provides a “defence” to a primary money laundering offence) allowing the transaction to proceed. If the NCA does not respond within the seven-day period, it is lawful to proceed with the deal – this is known as ‘deemed consent’.
If the authorisation to proceed is denied, for a DAML SAR, the NCA has a further 31 calendar days in which to take further action – known as ‘a moratorium period’. The NCA can apply, up to six times, for further extensions of 31 days. Consequently, it is possible that a transaction could be delayed for a maximum of 217 calendar days. Generally, authorisations are given within 24 to 48 hours of being submitted to the NCA. There is no moratorium period for DATFs SAR.
Importantly, the transaction documents should not be signed and the transaction should not complete before the authorised disclosure has been made and the appropriate defence or deemed consent is obtained, as otherwise a criminal offence may be committed. The fact that an authorised disclosure has been made should not ordinarily be disclosed given the risk of prejudicing an investigation.