Managing the Impact of New Anti-Money Laundering Regulations
A Presentation given by Dermot S. L. Butler at the
"European Fund Services Summit "
held at the Crowne Plaza, London
on Thursday 30th January 2003
Good morning ladies and gentlemen.
The topic I am here to talk about is "Managing the Impact of the New Anti Money Laundering Regulations". On reflection, I think that title could have been better worded as "Managing the Impact of the New Attitude of Regulators to Anti Money Laundering Regulations".
I should make it clear, at the outset, that I work exclusively with Alternative Investment and Hedge Funds, and so this presentation will inevitably be slanted towards Hedge Funds, particularly with regard to the US regulations. I stress that, because, outside the US, anti money laundering regulations apply to all European, and most "offshore" Funds, and Fund Managers, whether traditional multi-billion dollar Managers, or the smaller boutique Hedge Fund Managers.
My presentation today has been broken down into six separate bullet points, the first of which is:
"The Scope of Anti Money Laundering Regulations Currently in Place"
First of all, I think it is worth pointing out that anti money laundering regulations have been in place in Europe for many years now. I can recall some 15 years ago, when I was involved with an offshore IFA, which sold insurance-linked investment products, issued by large UK and Scandinavian insurance companies, through their Isle of Man offices, that, even then, investors had to provide a copy of their passport, and a utility bill to prove their residence. In fact, apart from a tightening up of those regulations, and the introduction of more stringent controls that have been imposed to ensure compliance with the regulations, not much has changed in Europe.
What has changed is the introduction, over the past few years, of similar regulations, which are also enforced quite strongly, in what had hitherto been considered somewhat lax jurisdictions, such as The Bahamas, The British Virgin Islands and The Cayman Islands. As a result, I think it is fair to say that, to a large extent, most of the European, and so called "offshore", centres now impose a comprehensive and strong level of anti money laundering regulation.
In Europe, of course, that includes the European Union regulations, but as with most things European, each member state is free - and takes full advantage of that freedom - to interpret the European regulations in its own way. As a result, I would suggest that, with the exception of the UK regulations, the Irish anti money laundering regulations, as policed by the Financial Regulator, (formerly the Central Bank of Ireland), and enforced under the Irish Criminal Justice Act 1994, are the strongest in Europe, and perhaps the world - equalled only, ironically, by Switzerland. However, even here there is a critical difference between the two sets of regulations, which I will comment on in a minute. As I don't have first hand experience of French, German or Italian anti money laundering regulations, perhaps I should define Europe, for the purpose of this presentation, as Ireland, UK and Switzerland.
As I just said, I don't believe that the actual anti money laundering regulations, in the context of information required from investors, has changed very much over the past several years in Europe - however, what has changed is the attitude of the regulators, and the seriousness with which the regulators, and sensible practitioners in the financial services industry, now treat those regulations.
There is no doubt that many in the industry used to treat anti money laundering in a somewhat cavalier fashion, but that has changed. It is, I suppose, not surprising that the fact of huge fines imposed on some household names, and the serious threat of jail for not complying with regulations, does help to concentrate the mind, and encourage compliance. But I will also come to that later.
The second bullet point in my presentation is:
"Comparing US and European Regulations"
As yet, this is still a somewhat difficult thing to do. Ironically, the US, who have been the 'eminence gris' behind the growth of the international anti money laundering regulations over the last 20 years, have had virtually no effective similar regulations themselves, except in their banking industry. That remained the case until the ghastly terrorist attack on The World Trade Centre in September 2001, which resulted in the introduction of The USA PATRIOT Act, ("the Act") in October of that year. The Act, which came into being as an understandable knee-jerk reaction to the terrorist attack, was put in place and passed within six weeks, but without any clarification as to how the Act would operate. The normal practice in the US is first to introduce a piece of legislation - the Act - and then follow that with a series of "regulations", which specify how the legislation, the Act, will be applied.
Although some regulations have been put in place in the area of mutual funds, and although some have been "proposed" with regard to Hedge Funds, the latter are still in the comment stage, and thus, have not yet been finalised for hedge funds, or other alternative investment products. US Treasury has also issued a Report to Congress. Therefore, although it is impossible to give an accurate comparison based on facts, because we don't have the facts, I am prepared to compare the US and European regulations on the basis of conjecture - that is to say, my expectation of how US regulations will eventually develop, on the assumption that the proposed regulations will form the basis of the final regulations. This, hopefully, assumes the worst (i.e. the most intrusive) scenario, because, in the case of Hedge Funds, the US Hedge Fund industry, represented by the MFA (Managed Funds Association), and some of the leading lawyers in the field, have made a series of very constructive comments that, with luck and a fair wind, may curb some of the excesses of the proposed regulations.
What has happened so far in the regulation process is that the US Treasury have confirmed that all Hedge Funds, fall under what they consider to be their jurisdiction, must comply with the Act.
In this context, the US authorities consider that the USA PATRIOT Act should and will apply to any funds that have a "US Nexus", which means any fund that has an involvement with the US. Such an involvement would, obviously, include any fund that has, inter alia: US investors; a US investment manager; a US broker, or bank; or US investments. Therefore, although many European funds will find that they are not affected, they must be very vigilant - more on this in a moment.
I expect that, for the most part, the verification process of a client's identity - which is known in the US as "KYC", or "Know Your Client" - and the verification of the clean source of that client's money, will follow the well tried and tested procedures that we have used over the past few years here in Europe. However, the regulations that are in place now, will require most Hedge Funds, (with some exceptions such as funds with two-year lock up periods, and real estate funds), to have in place, within 90 days of the publication of the final regulations, an Anti Money Laundering Programme that will include, at a very minimum:
i. Written policies, procedures and internal controls, designed to prevent the Fund from being used for money laundering, or the financing of terrorist activities;
ii. The appointment of a Compliance Officer responsible for implementing and monitoring the AML programme, including day-to-day operations and overseeing internal controls;
iii. An AML training programme for employees of the Fund;
iv. The introduction of a procedure for the independent audit, to confirm compliance with the AML programme.
The first thing to note is, that these regulations are a requirement of the Fund, not the Fund Manager. It has to be said that, although most non-US Hedge Funds do have Boards of Directors, those Directors are, for the most part, Non-Executive. This is because the day-to-day management of the Fund is usually delegated to the Investment Manager, and the Administrator, often via a Manager, all three of which will, usually, be independent corporate entities. European regulations accept that the anti money laundering function should be carried out by each of those entities, but it is not, therefore, practical for the Fund to introduce an anti money laundering programme, as required by the US authorities. I suspect that this attitude came about because most US Funds are partnerships, which is the entity of choice for most US Hedge Funds. A partnership is managed by the General Partner, which is, in effect, the Chief Operating Officer, or Managing Director, of the Fund, and as such, it is only a small step to suggest that the Fund itself should comply with the AML regulations, as an independent entity, and, presumably, that all of the compliance will be carried out by the General Partner, whose own Directors and Officers will, de facto, be considered to be the Directors and Officers of the Fund.
Offshore funds, on the other hand, rarely have Executive Directors or officers. The Board of an offshore(Non-US) fund will, in the context of good corporate governance, delegate the AML responsibility to the Administrator, who in turn will work with the Investment Manager and Custodian. If the Board can show that they have taken reasonable steps to ensure that the AML requirements have been complied with, albeit by the Service Provider to the Fund, with regard to all investors, by each party, then their legal obligations have been met.
Be that as it may, the proposals as to the AML programme that must be followed by the Funds is, to all intents and purposes, the same as we have to follow in Dublin as an Administrator of Offshore Funds, except that there is no statutory obligation to have "independent" testing for compliance. I, personally, find it difficult to accept, as the US authorities apparently accept, that an "independent" audit of AML compliance can be carried out by someone in the same company, who is not involved in the daily AML programme. I think that to avoid any conflict, such independence can only be ensured by employing an outside entity, such as an independent auditor, and indeed I suggest that, in the new AML environment, auditors of all Administrators and other service providers to Funds worldwide, should check their compliance with the local anti money laundering regulations.
There are some areas where I can envisage some serious problems developing. As the law appears to be written today, and on the basis of the proposed regulations, there is little flexibility for one service provider to rely on another - and I repeat "rely" - to ensure that the proper due diligence has been carried out with regard to a particular client. In Europe, we have the concept of a "Designated Body", which is a fully regulated financial intermediary, based in an "acceptable" FATF approved country.
To backtrack a second, "FATF" stands for the "Financial Action Task Force", which is a Paris-based organisation, born out of the OECD, and which has led the attack on "unacceptable" jurisdictions, which FATF define as countries that do not impose and enforce sufficiently strong anti money laundering regulations. Thus a "Designated Body" is a regulated entity in the financial industry, that operates from a country that does impose and enforce suitable and sufficiently strong regulations. A list of FATF unacceptable jurisdictions is included in your course book.
In Europe, a financial service provider, such as a Fund Administrator, need not obtain all of the anti money laundering client verification, and other due diligence information, if that client has invested through a Designated Body, such as a major Bank, based in a European member state, providing that Designated Body is prepared to confirm that they have carried out all of the appropriate due diligence, and hold a complete file on the client. In such circumstances, our Administrator may rely on the Designated Body, and do no more - unless, of course, the Administrator is based in Ireland. Under Irish regulations, the Administrator must also get the Designated Body to confirm that they will release their anti money laundering due diligence files, to the Administrator, or to a competent authority, if required to do so by such an authority.
This is where Irish regulations are more stringent than some others in Europe, and where there is the critical difference with Switzerland, that I referred to before. Switzerland still has banking, and indeed other financial secrecy laws which prohibit a Swiss Designated Body, including banks and investment advisors, from giving such an undertaking, which can lead to an impasse. Similar secrecy and confidentiality protocols also apply in jurisdictions such as The Cayman Islands, and elsewhere in the Caribbean. Such jurisdictions require that a Court Order be put in place enforcing the Designated Body to release the information.
There are strong, and good, arguments on both sides - the regulators believe that the Court Order route, although often successful, is both expensive and time consuming and, by the time the Order comes down, the money launderer and his laundered money may have disappeared. The Swiss, and others like them, are concerned that, without restrictions on access to such information, the regulatory authorities could introduce a "fishing expedition" - and we all know that the regulatory authorities world over, and particularly in the US, have great 'angling' expertise.
Having said all that, there is one simple way of getting around this problem, and that is to insist that the Designated Body - say a Swiss Bank - who is investing as a nominee, on behalf of a client, gets that client - the ultimate beneficiary - to agree to such a disclosure, if required. The fund should also put a suitable conditional clause in the Subscription Form, committing the Designated Body to obtain such a waiver from their client.
But I have digressed from the point I was going to make, related to the USA PATRIOT Act, and the apparent requirement that one financial institution may not rely, with any great comfort, on another, however respectable that institution may be. In this context, I should point out that the proposed regulations permit a financial intermediary, such as a US Hedge Fund Manager, to delegate the KYC/anti money laundering due diligence requirements to another competent entity, but - and it is a big "but" - the Manager still remains responsible for ensuring that that information has been obtained, and that a proper file is kept. Thus, if the other party slips up, the Manager would, under the US regulations, still be for the high jump.
Let us imagine the following, hypothetical fund, which is: established in Ireland; has a UK investment manager; has a French custodian based in Dublin; has an Irish administrator; does not accept any US investors; and invests solely in securities issued by European companies.
Let us now assume that one day the fund invests in a Euro/Dollar bond, issued by a Dutch insurance company, and has to settle that transaction in US dollars, through its Irish domiciled, French custodian. The custodian will, in the normal course of business, have to clear the dollars through its New York correspondent bank - all very simple day-to-day stuff. But, as the US law appears to be today, the US correspondent bank is required to know who the beneficial owners of those dollars are, before the payment can be processed, and finding out that information could cause unnecessary delay, and indeed a failed trade. Multiply that by several thousand similar transactions, or indeed, perhaps hundreds of thousands of similar trades a day, and the result would be financial chaos.
You are probably thinking that I am some sort of doomsday fantasist, and you may be right indeed, hopefully the correspondent bank may be happy to rely on the Irish based custodian to carry out the KYC procedures. But don't take that for granted. I can tell you, what I think is a very worrying story about my own stepson, who is at college in Connecticut. He has a small allowance paid to him, in sterling, by his father. That money is paid into an account at a leading international bank, HSBC, in Jersey.
Last September, he received a letter from his bank, saying that, because of the new anti money laundering regulations imposed following 9/11, their correspondent bank in New York - Deutsche-Bank Trust - was no longer prepared to process US dollar cheques, drawn on his HSBC account, and therefore, it was no longer possible for my stepson to have a US dollar cheque book on this account.
In Europe, I think it fair to say, that if this was a transaction out of sterling into
Deutsch Marks, the correspondent bank in Germany, (probably also Deutsche Bank) would accept that HSBC was a suitably respectable Designated Body, based in a suitably acceptable jurisdiction. I can only presume that, even if the US arm of Deutsche Bank was prepared to believe that HSBC had suitable KYC/AML procedures in place, and that it followed them, the risk that HSBC might slip up was not a risk that they were prepared to take, because it would put them at the mercy of the US regulators and so, they have withdrawn from this type of business.
My stepson has now gone through the process of opening a US resident account with HSBC in New York, and ironically, he will be able to arrange for telegraphic transfer from his UK to his US account. Frankly, I don't know what this achieves, except extra work and hassle.
As I have already said, my area of assumed expertise is Hedge Funds, and on 31st December last, the US Treasury issued a Report to Congress (the "Report"), expressing Treasury's opinion that Hedge Funds may be "vulnerable to abuse by money launderers". It seems from the Report that Treasury is primarily concerned with US (domestic) Hedge Funds and "US Funds with an offshore-related fund". In essence, what the Report makes absolutely clear is that, regardless of where an offshore fund is domiciled, the US Treasury will adapt a "long arm jurisdiction" policy towards any offshore fund managed by a US Manager. Therefore, any such offshore fund should comply with the USA PATRIOT Act, and expect to be subject to US regulatory scrutiny. In particular, Treasury has indicated that Hedge Funds, and therefore, the Managers and Administrators of those Hedge Funds, that fall under the US regulatory jurisdiction, will be expected to follow the same level of anti money laundering due diligence and adopt a client identification and verification programme, as if they were actually based in the US.
This leads into my third bullet point, which is:
"How the USA PATRIOT Act Affects European Funds and Fund Services".
I have already, to some extent covered this topic. In a nutshell, it will not affect European funds and fund services unless the European fund has a US Nexus. And, of course, as we still don't know the regulations, I cannot give any dogmatic statements as to how the USA PATRIOT Act will affect those funds that do have a US Nexus, but we do have some proposals and the US Treasury Report, which gives us some guidance. The only thing we can be sure of, is that the US regulators will require access to the due diligence files on all of the investors in a European fund that falls under the USA PATRIOT Act. Furthermore, if such a fund has a US service provider, that service provider, particularly a US Investment Manager, may require to have copies of all the anti money laundering due diligence files on the investors, for its own files, because it may not be prepared to delegate the anti money laundering function to a European Designated Body. This is because under the proposed US regulations, the Service Provider still remains ultimately responsible for those files.
None of this is particularly problematic, except that it is going to add work, and therefore cost, to the administration of such funds. However, the provision of information about shareholders, to the US authorities, will not please many non-US investors, because the US authorities have been known to be less than discreet. Therefore, I think it should be made clear in the Offering documentation, and perhaps the Subscription Form itself, that the fund may be obliged to provide the AML information, not only to a US financial intermediary, or service provider - but also, it may be obliged to make it accessible to the US authorities. It is likely that any offshore (non-US Fund) that does not have a US Nexus because of Service Providers, will expressly prohibit investment by a US person or entity, even tax-exempt investors, who would otherwise invest in an offshore fund, rather than a domestic partnership, to maintain tax-exemption status.
There is another factor about the US regulations which worries me, and that is the declared intention that the regulations are going to be written to be "flexible". The reasoning behind this is that they don't want to impose the same level of requirement for due diligence, or compliance back up, on a small, two-man investment management company - the classic start up hedge fund - as they would impose upon, say, Fidelity. That seems quite reasonable, on the face of it, however, on reflection, the main problem with flexible regulations is that they are immediately open to interpretation. And that means that one lawyer is quite likely to have a different opinion as to what is required, to another lawyer. Furthermore, you can bet your bottom dollar that the lawyer that will give the most draconian interpretation will be the young evangelist at the SEC, CFTC or US Treasury Department. And you know who is likely to win that battle.
Therefore, I am hoping that the regulations will be written so that it is crystal clear what is required of everybody, and so that some essence of practicality has been included, to allow the responsible delegation. In any event, one can only advise anybody involved in this business, to take advise from their US Attorney, if there is any likelihood that their fund falls under the jurisdiction of the USA PATRIOT Act.
The next bullet point is:
"Summary of information that Needs to be Provided"
You will find this in your course book, I won't run through it in any detail now, because it is an unnecessary waste of time. Suffice it to say that, with regard to Non-US AML regulations, in essence, the administrator, or fund manager, needs to have positive, clear documentary evidence of the identity and residence of the investor. It is also very important to identify the bank from which the investor's subscription is paid into the fund, because one of the most important, and effective, anti money laundering regulations requires that proceeds of redemptions of investments should be paid back to the original remitting bank, except in exceptional circumstances, when a good reason can be given for changing the bank account.
If the investor is a private corporation, then it is necessary to get copies of the statutory documentation of that company, as well as a Board Minute confirming the entity's ability to enter into such an investment. Furthermore, it will be necessary to find out who the beneficial owners are, and get the same personal information that I have just referred to, for each of the shareholders, and the directors of the company.
If it is a Trust, then other information is required, and if it is a Designated Body, such as I have already described, then confirmations will be needed from that entity.
There is often a difference of opinion, not so much as to what information is needed, but when it is needed. For example, if you require bank reference and a bank is slow at handing in the reference, but you have got a copy of the investor's passport, do you hold up his subscription pending receipt of the bank reference? It may be appropriate not to accept the subscription until the documentation has been received, however, often such delays can be the result of slackness by a third party, and to refuse to accept the investment could be embarrassing, and damaging, to the relationship of the investment manager with a major client.
We, as administrators, will often take a pragmatic view of such a situation, and permit the subscriber's money to be invested in the fund. We do, however, make it absolutely clear to the investor, at the time, that we still require the additional information and that if the investor gives instructions to liquidate his position, we will carry those instructions out, but we will not pay the redemption proceeds to the investor until we have all of the information on file that we require.
It has to be said that if, at the time of redemption, we do not get all of the information we require, then that is probably as suspicious an event as one could imagine, and something that we should report to the authorities. This immediately brings into play a whole series of other problems.
It is a requirement, under the anti money laundering regulations, that if anybody has any suspicions that an investor is laundering money, they should report those suspicions to their regulatory authority. Once reported, then of course, they are not permitted to repay any money to the investor. But, they are also not allowed to tell the investor that they have reported him, because that is called "tipping off", and the penalties for not complying with the regulations are very severe. For example, if you do not report a suspicious event, that could be a jail-able offence. On the other hand, if you do report a suspicious event, and then tell the investor that you cannot pay him because you deem the transaction to be suspicious, and you have reported it, then that would be "tipping off" the investor, and that also could be a jail-able offence.
I am glad to say that we have not come across such a situation, and I have no idea how you finesse your discussions with an investor in these circumstances -
I will just have to await inspiration at the time.
This is a list of bullet points relating to the Treasury Department's recommendations in their Report relating to the USA PATRIOT Act, which is based on the proposed Rules for Mutual Funds, Broker Dealers, Futures Commission Merchants and introducing Brokers. On this basis, It seems likely that Hedge Funds will have to:
i. adopt a written Customer Identification Programme
ii. collect documentary evidence, to justify a reasonable belief that the true identity of the investor is known
iii. verify that identification information
iv. check US Federal Government lists of suspected terrorists, etc. (It, by the way, is also a requirement in Ireland, to check not only US Government lists, but European Union lists as well.)
v. maintain a file note documenting the verification process, and how, or why, it was decided to accept or reject an investor ' (I'll comment on rejection in a minute)
vi. maintain the records.
All this is, as I have said, much the same as we have to do in Europe. There is a problem I can envisage with regard to the rejection of an investor, and that is explaining why you have rejected him, without tipping him off to the fact that you are suspicious of his antecedents. However if you are rejecting him purely because you have not got the information, you can, of course, just make that bald statement.
This brings me another aspect of anti money laundering, which I think is very important, and that is the requirement that all members of the staff of a fund administrator, fund manager, or any financial intermediary or service provider, should be trained with regard to the anti money laundering regulations, and made fully aware of the seriousness of these regulations, and the potential liabilities if they do not comply with the regulations. This training should be continuous, with "brush up" courses every year.
The next bullet point is:
"How Does Cross-Border Co-Operation at Government Level Extend the Liability to Funds and Fund Service Providers"
I don't believe that cross-border co-operation between Governments should extend the liabilities at all, providing - and this is a big "providing" - that everybody is complying with the relevant anti money laundering regulations. That means, in the case of a Cayman Island fund, administered in Ireland with US investors, that the service provider should comply with the Cayman and Irish regulations, as well as the USA PATRIOT Act, but that just means getting advice on those regulations and then establishing appropriate procedures. Thus, if the service provider complies, its liabilities will not be extended at all by any cross-border co-operation between Governments.
The final bullet point is:
"Do Anti Money Laundering Regulations Prevent Terrorist Financing"
Perhaps this is the point where I should explain, for those of you who don't already know, what the acronym "USA PATRIOT Act" stands for, which is
"Uniting and Strengthening America by Providing the Appropriate Tools Required to Intercept and Obstruct Terrorism Act"
I attended a Conference last year, where one of America's leading fund lawyers made the comment that he thought it likely that more time had been spent on creating this acronym, than had been spent in writing the 370-odd pages of the Act, when it was published in October 2001. Whether that is true or not, I don't know, but I do believe that there is a basic fallacy in assuming that anti money laundering regulations are going to prevent terrorist financing.
The basic concept of money laundering is to take dirty money - money that has been gained through illegal business, such as drugs, arms, prostitution etc - and laundering it, so that it ends up by appearing to be clean and respectable money, invested in everyday businesses, or portfolios, such as the funds that we all run, or administer. Anti money laundering regulations have been introduced to prevent that, and I think to a very large extent they have been, or will prove to be successful.
On the other hand, terrorist financing, as we have seen with Al Quaeda, is often provided by people, who have different political beliefs to you and I, taking their perfectly clean money and, if you like, making it dirty by providing it to a terrorist organisation. It is my own belief that, providing fund administrators stick by the regulations of paying redemption proceeds to the original remitting bank, there is little chance that the fund industry will be used to launder terrorist monies. I would also suggest that in most cases, any illegal money invested in funds will already have been "laundered" before it arrives in the fund's bank.
The onus, just by necessity, of preventing terrorist financing must fall upon the banks and the banking system, where such money is kept, and through which such money is distributed. Having said that, I still think it will often be extremely difficult to identify terrorist financing activities, because of the very fact that the money being used is often clean money, and, therefore, not liable to attract attention, or be considered inherently suspicious, until it is transferred into an Al Quaeda bank account, and then only if that account is recognised for what it is.
Thank You.