HOME  PUBLICATIONS  >  FATF revises its Guidance for Implementing the Risk-Based Approach for Trust and Company Services Providers

FATF revises its Guidance for Implementing the Risk-Based Approach for Trust and Company Services Providers

Regulatory Update
Revised international guidance gearing up for the upcoming round of Mutual Evaluations for FATF members
18 OCTOBER 2019
The Financial Action Task Force (“FATF”) published its “Guidance for a Risk-Based Approach for Trust and Company Services Providers” on June 2019 (the “Guidance”). [1] The Guidance updates a 2009 FATF release on these issues.

The Guidance sets out guidelines for Trust and Company Services Providers (“TCSPs”) to identify, assess, and understand their money-laundering and terrorism financing (“ML/TF”) risks. It is commonly acknowledged that TCSPs exist as gatekeepers for forming, managing, and administering entities and legal arrangements, and thus are particularly vulnerable to such risks. However, the Guidance is clear in highlighting that TCSPs are not obliged to avoid risks entirely, but must assess their clients individually and in the context of risk mitigating measures to determine what high risk is. [2] This serves as a useful reminder that a risk-based approach is not compatible with a single determination of high, medium, or low risk. Instead, the TCSP must evaluate the cases individually to determine what low, medium, or high risk are in relation to ML/TF.

While the Guidance’s principles remain largely unchanged from the 2009 version, they do provide TSCPs with more specific and practical guidance in implementing the recommendations through the last decade’s experience. The Guidance attempts to address the real difficulties TSCPs face in executing AML/CFT obligations, with the understanding that a significant number of TSCPs are smaller firms or sole practitioners.

The Risk Based Approach (“RBA”) is a well-established framework for countries, competent authorities, and institutions meant for tackling AML/CFT issues. TCSPs are expected to identify and understand the ML/TF risks unique to their sector, and to assess how effective the controls that need to be put in place are. A four-step approach is commonly set out, forming the backbone of a RBA [3]:

  1. Risk identification and assessment – identifying ML/TF risks facing a firm, given its customers, services, countries of operation, also having regard to publicly available information regarding ML/TF risks and typologies
  2. Risk management & mitigation – identifying and applying measures to effectively and efficiently mitigate and manage ML/TF risks
  3. Ongoing monitoring – putting in place policies, procedures, and information systems to monitor changes to ML/TF risks
  4. Documentation – documenting risk assessments, strategies, policies, and procedures to monitor, manage, and mitigate ML/TF risks.


In operational application, the RBA emphasises the following key elements. [4]

  1. Client acceptance and know your client policies – TSCPs are expected to identify their clients and the true beneficiaries of transactions. The Guidance acknowledges the challenges inherent in obtaining and keeping current and accurate beneficial ownership information, but maintains that the questions should still be put forth to the immediate client.[5]
  2. Engagement acceptance policies – TCSPs are expected to understand the exact nature of the service for which they are providing each client, and should not undertake work for which they do not have the requisite expertise.
  3. Understand the commercial or personal rationale for the work – TCSPs must ensure that they are reasonably satisfied that a legitimate commercial or personal rationale for the work exists.
  4. Be attentive to red flag indicators – TCSPs must be constantly aware of red flags that would trigger reporting obligations, and must document their process in such events.

To assist in developing a more robust RBA, the Guidance has also augmented its sections setting out specific risk factors for client, geographic, transaction/service and associated delivery channel risk. It increased its focus on “shell companies” and “shelf companies”, the latter defined as companies that have been “sitting on the shelf” for a long time, which may create an illusion of a company’s reputability and prior legitimate existence. [6]

Focuses and recommendations are additionally provided to the FATF member country regulators (described as “supervisors”). The Guidance also summarises the FATF’s findings on supervisory actions that were taken by various countries’ regulators, noting the results of the National Risk Assessments that the FATF had been conducting since the first Guidance was published. Hence, while the Guidance carefully notes that it is a document with no regulatory force, it is an instrument that forms part of the legislative toolkit that governments utilise when crafting their AML/CFT legislation. Further, although this form of “soft” codification spells out the red flags that TCSPs may already been highly familiar with, it clarifies that a stricter standard of norms is now expected of the industry.

The FATF has also turned its attention to updating its guidance beyond the TCSP industry alone. It has issued fresh Guidances in the past year on various other sectors [7], an exercise last conducted between 2007 and 2009. These collective publications will serve as the basis for the upcoming Fourth Round of AML/CFT Mutual Evaluations for members. The scope for the new round will involve two inter-related components for technical compliance and effectiveness.
DOWNLOADABLE RESOURCES

[1] https://www.fatf-gafi.org/documents/documents/rba-tcsps.html

[2] Para 37(d) of the Guidance

[3] Para 31 of the Guidance

[4] Para 66 of the Guidance

[5] Box 1, Particular RBA Challenges for TCSPs, of the Guidance

[6] Para 22 of the Guidance

[7] These documents include the Guidance for a Risk-Based Approach for Legal Professionals, 26 June 2019; Guidance for a Risk-Based Approach for the Accounting Profession, 26 June 2019; Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers, 21 June 2019; and the Risk-based Approach Guidance for the Securities Sector, 26 Oct 2018; Risk-based Approach Guidance for the Life Insurance Sector, 25 Oct 2018.

Connect with Integrium
PRIVACY POLICY

© Integrium Pte. Ltd. 2023
Integrium Pte. Ltd.
63 Chulia Street, #15-01
Singapore 049514