Tuesday, March 19, 2019
Richard Simms of AMLCC and FA Simms explores the recent assessments conducted by OPBAS
This article will explore what OPBAS is and where it came from along with considering its first report following a round of assessments of Anti-Money Laundering (AML) supervisors.
OPBAS is the Office for Professional Body Anti-Money Laundering Supervision. Formed in January 2018, they are based within the offices of the FCA (Financial Conduct Authority). The role of OPBAS is to both ensure that Professional Body Anti Money Laundering Supervisors (PBSs) meet the standards required by the UK AML regulations (MLR17) and to facilitate collaboration and information sharing with relevant bodies.
OPBAS and the FCA has recently issued their first report following a round of assessments of the PBSs.
How did the assessments go?
The report is in many ways no surprise. The formation of OPBAS is many years overdue and should have been set up when the 2007 ML regulations arrived. MLR17 is a significant improvement in terms of explaining what’s required of both PBSs and those regulated by them and The Risk Based Supervision Guidelines issued by the EU in April 2017 are also helpful.
The lack of guidance issued to PBSs following the MLR07 is one of the reasons that PBSs have developed different approaches to their compliance and enforcement of those regulations. OPBAS is working from the MLR17 and the FCA Sourcebook which offer a clearer picture of what’s required by PBSs.
Where Did OPBAS Come From and Why Are They Needed?
In October 2015 HM Treasury and the Home Office issued the first UK national risk assessment of money laundering and terrorist financing (NRA15). NRA15 ranked the different parts of the regulated sector for AML and CTF (Anti-Money Laundering and Counter Terrorist Finance) and listed our sector, Accountancy Service Providers (ASPs), as the second highest risk sector for exposure to money laundering and terrorist financing.
NRA15 reviewed each AML regulated sector in turn and listed a number of threats and vulnerabilities of each sector. I won’t discuss each risk in turn as it’s not the main focus here but here’s the list as set out for ASPs:
- complicit professionals facilitating money laundering
- collusion with other elements of regulated sector
- coerced professionals targeted by criminals
- creation of structures and vehicles that enable money laundering
- the provision of false accounts
- failure to identify suspicion and submit SARs
- low barriers to entry and mixed standards of compliance with the regulators
- ASPs not registered under the regulations facilitating money laundering or terrorist financing (wittingly or unwittingly)
- inconsistences in the supervisory framework, and the potential for poor communication between supervisors
NRA15 goes on to explain concerns over the consistency of supervision of our sector and the potential for individuals to operate without supervision.
As promised within NRA15 the Home Office then went on to produce an Action Plan for consultation (April 2016) which included a Call for Information – AML Supervisory Regime. Though the government response to the Action Plan (October 2016) didn’t make reference to the call for information in March 2017 a response was issued. The response included a request for further information on proposals to increase oversight of professional body supervisors and the announcement of a new Office For Professional Body Anti-Money Laundering Supervisors.
Then followed a consultation on OPBAS (July 2017) leading to a response by HM Treasury in December 2017. Then followed The Oversight of Professional Body Anti-Money Laundering and Counter Terrorist Financing Supervision Regulations 2017 and the formation of OPBAS in January 2018.
Running concurrently with the HM Treasury consultations was a consultation by the FCA (Financial Conduct Authority) on their Sourcebook for professional body supervisors on AML supervision (July 2017) which closed in October 2017 leading to the issue of the FCA Sourcebook in January 2018 (taking effect from 1st February) to coincide with the formation of OPBAS which become operational on the same day.
AML Professional Body Supervisors (PBSs) should refer to the FCA Sourcebook about how to meet their obligations as a PBSs.
The First OPBAS Report
The report refers to the recent Financial Action Task Force (FATF) Mutual Evaluation Review (MER) of the UK AML (Anti-Money Laundering) and CTF (Counter Terrorist Financing) measures from December 2018. The MER refers to inconsistencies between the PBSs and an uneven understanding of the risks of AML/CTF and not having the necessary resources to mitigate them. The number of PBSs does not, it says, aid a consistent approach.
OPBAS is blunt is its view “One of our priorities, following the MER Report, is to continue our efforts ‘to address the significant weaknesses in supervision by the 22 legal and accountancy sector supervisors’.”
One criticism of the OPBAS regime has been the exclusion of the statutory supervisors, HMRC in particular, from the same oversight. HMRC has stated that it will seek to follow the FCA Sourcebook for PBSs.
The visits to the PBSs covered the eight areas covered with the FCA Sourcebook.
- Risk-Based Approach
- Information Sharing between Supervisors and Public Authorities
- Information and Guidance for Members
- Staff Competence and Training
- Record keeping and Quality Assurance
The report confirms that PBSs are preparing AML strategies to address any failings, with some having already started remedial action.
The contents of the FCA Sourcebook (FCASB) are not in themselves surprising; they follow the MLR17 regulations and these should not be a surprise to any of us. The business problem with AML/CTF compliance for those who operate in the accountancy sector is time and money to follow the requirements. This, from what the report demonstrates, is exactly the same as the situation for the PSBs.
Once senior management, and if you’re on your own that’s you, recognise the requirement to “do AML” and accept that the only option is to do it properly then a strong level of compliance and risk management can be quickly achieved.
This is the same for PBSs. Should OPBAS be concerned that the PBSs will not now step up to the required level? No, not at all. AML compliance is within all of our grasps, but there will a bumpy ride in the short term while everything is set. What we do know is, if it is not now done then there will be consequences.
What we should all be aware of is that as the PBSs achieve consistency between professional bodies any of those in their relevant sectors who are not yet achieving the required levels of compliance may need to spring in to AML action. Now would be a great time to make sure that things are correctly in place.
Here’s some of the key findings from the report.
The FCASB refers to Regulation 49 of MLR17, this for PBSs. Supervisory functions should be independent of other functions and adequate resources must be provided. This requires the engagement of senior management with AML and a resource commitment.
80% didn’t have suitable governance arrangements, 44% lacked a clear accountability for AML supervisory activity. 56% lacked sufficient focus on AML at a senior level, if we split this by sector then the focus of senior management is the highest area of problems for the accountancy sector.
Risk Based Approach
The FCASB refers to R.46 of MLR17, a duty to adopt a risk based approach to its supervisory functions in the light of its own risk assessment.
91% of relevant PSBS where not fully applying a risk based approach. An effective risk based approach requires information. Any gaps in knowledge and understanding of the sector risks and of members will lead to an imperfect risk based approach. The breadth and range of members and their exposure to varying risks makes the process a bit like herding cats. Sadly, that’s no excuse, documentation and information is the key to success.
It’s the same for members, understand your sector, your clients and your risk appetite and you’ll be a long way there.
R.46 MLR17 sets out a PBSs obligations. Much of an individual supervisor’s supervisory action will be linked to its own risk assessment on itself and its members. 54% of accountancy PBSs did not have sufficient supervisory activity either through a lack of resources, structure or focus at senior levels.
The main findings here seemed to be that on-site and off-site visits were not sufficiently focused on those members that presented the highest risk. Which in turn relies upon a clear understanding of the members that are supervised by them. 18% of PBSs has not yet identified the population of members that they supervise.
For those of us who fall into regulation as part of the accountancy service providers, please don’t forget that your AML supervisor is only one of the parties that may want to see evidence of you AML work.
Information Sharing between Supervisors and Public Authorities
The FCASB refers again to R.46 MLR17. Please do not forget that your AML supervisor has a duty to make reports to the NCA (National Crime Agency) in the same way that you do. R.86 MLR17 makes non-compliance with relevant (AML) requirements (Schedule 6 MLR17) a criminal offence. PSBs have the right (R.76 MLR17) to impose civil sanctions for a breach of relevant requirements. What I don’t know is whether PSB’s are reporting breaches to the NCA and then being able to apply civil sanctions?
Regulated members should be encouraged to report the NCA.
One of the highest default percentages for all of the PSBs was lack of SAR (Suspicious Activity Reporting) and whistle blowing training; something easily rectified.
R.49 MLR17; effective, proportionate and dissuasive disciplinary action is what members should be liable to. 86% of relevant PSBs would rather offer support and guidance to members to improve AML compliance. It’s not clear how this fact has been responded to by OPBAS.
There is a line to be drawn between wilful non-compliance with relevant requirements and errors; isn’t there? The guidance for the accountancy sector (AMLGAS) certainly suggests this.
Information and Guidance for Members
R.47 MLR17 sets out the requirement for PBSs to provide up to date information on ML/TF to their members. It’s clear there is a range of methods for providing such information such as events and advice services are in use.
Direct advice to members is provided by all but one of the PSBs. No matter how much support is provided by PSBs, members will still need to engage with this; don’t forget.
Staff Competence and Training
R.49 MLR17 explains the requirements for PBSs to employ people with appropriate qualifications, integrity and professional skills.
Findings included a general lack of structured training and few training policies and records. This requirement is mirrored for regulated members; no training must equal no full understanding of risk and how to manage it. This applies equally if you work alone or have a team working for you.
Record keeping and Quality Assurance
R.46 MLR17 requires written records of actions by the PBSs included where it did not take action. This is the same for regulated sector.
36% of PBSs did not have enough record keeping policies and procedures. It is evident that documented internal review procedures and documented results and subsequently taking action on the findings is important. There was a lack of a quality assurance procedure for 48% of PBSs.
You firm’s records are your defence; a lack of records will make it difficult to evidence the steps that you have taken.
Time will tell if PBSs choose to publish their individual assessment details, could weaknesses be exposed by criminals by doing so; so maybe not.
OPBAS have stated they are considering the findings from their first report in their 2019 plans.
The key message is to expect a response from many of the PBSs over coming months and please be prepared to demonstrate your firm’s compliance.