Initiatives by the BCBS, IAIS and IOSCO to Combat Money Laundering and the Financing of Terrorism

THE JOINT FORUM BASEL COMMITTEE ON BANKING SUPERVISION INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS 1/4 January 2005 Initiatives by the BCBS, IAIS and IOSCO to combat money laundering and the financing of terrorism Update In June 2003, the Basel Committee on Banking Supervision (BCBS), International Association of Insurance Supervisors (IAIS) and International Organization of Securities Commissions (IOSCO) published a joint note providing a record of the initiatives taken by each sector to combat money laundering and the financing of terrorism (AML/CFT). The note provided an overview of the common AML/CFT standards that apply to all three sectors and an assessment as to whether there are serious gaps or inconsistencies in approaches and recommendations. In addition, it also covered for each sector: the relationships between the institutions and their customers focussing on the products or services that are particularly vulnerable to money laundering, how each Committee has sought to address these vulnerabilities; and, finally, a description of ongoing and future work. This note was first prepared for the November 2004 meeting of the Joint Forum in Sydney as an update of AML/CFT developments in the three sectors since the June 2003 report. Compiled from contributions by each of the three Secretariats, it focuses on recent guidance for addressing the vulnerabilities identified in the earlier report and ongoing and future work. Guidance provided to address vulnerabilities Banking The BCBS, in its Customer due diligence for banks (CDD) paper in October 2001 issued prudential guidance for CDD which is applicable to AML/CFT. This paper sets out standards and provides guidance for the development of appropriate practices by banks in this area. Adequate due diligence on new and existing customers is a key element. Banks must develop policies and procedures in key areas such as customer acceptance, customer identification, ongoing monitoring of high-risk accounts and risk management. The essential elements for these are presented in this paper, together with recommendations for more rigorous standards of due diligence for higher-risk areas. The BCBS, by way of a press release in July 2003, expressed its support for the revised Financial Action Task Force (FATF) 40 Recommendations published a month earlier. The recommendations reflected principles outlined in the CDD paper. The BCBS, however, highlighted the fact that it still regarded the CDD paper as the appropriate benchmark for banks’ customer due diligence procedures. The BCBS reiterated this message in a letter to banking supervisors in December 2003 and emphasised that there were some differences between its CDD paper and the revised FATF 40 Recommendations. The reasons for these differences were: 2/4 • The CDD paper is solely concerned with banks while the revised FATF 40 Recommendations cover all financial institutions and some designated non-financial businesses and professions. • The FATF’s focus is on money-laundering and terrorist financing whereas the BCBS focuses on bank’s risk management practices. • The revised FATF 40 Recommendations are to be seen as a minimum standard whereas the CDD paper provides guidance on the essential elements of “know your customer” (KYC) standards for worldwide implementation for all banks. The BCBS issued a consultative paper Consolidated KYC Risk Management in August 2003. The paper, which has since been revised to incorporate comments received from relevant stakeholders, examines the critical elements for effective management of KYC risks across the head office and all branches and subsidiaries. Key to this process is the development of a global risk management programme for KYC which incorporates consistent policies and procedures for the identification and monitoring of customer accounts on a groupwide basis across business lines and geographical locations. The Consolidated KYC paper highlights that policies and procedures should be designed not merely to comply strictly with all relevant laws and regulations, but more broadly to identify, monitor and mitigate reputational, operational, legal and concentration risk on a groupwide basis. To this end, banks are expected to implement a fully effective consolidated KYC risk management programme. Banks’ compliance and internal audit staffs, or external auditors, should evaluate adherence to all aspects of the global standards for KYC, including the effectiveness of centralised KYC functions and the requirements for sharing information with other group member