Organizations have long relied on partners, suppliers, agents, contractors and various other third-party services for competitive advantage, operational efficiency, and cost savings. However, this increasingly network of third-party relationships creates the potential for money laundering risk as well. Bad actors can use various methods to clean their money — and, unfortunately, many businesses unknowingly assist in the process. For example, payments can come from another source or numerous intermediaries, potentially obscuring the true source of funds. Or questionable payments are hidden among numerous legitimate transactions.
THIRD PARTY MONEY LAUNDERING RISKS
A lack of familiarity with third-party partner firms may expose firms to specific risks. These include:
While a firm may operate in a relatively low-risk industry, partner firms up and down its supply chain may not. Relationships with firms in the shipping, art, or payment services industries, for example, may expose partner firms to higher degrees of AML risk than their native industries.
Firms may have business relationships with partners in countries that have lower AML/CFT controls than their operational jurisdiction and that exploit disparities in international legislation.
Partner firms may have business relationships with persons that are subject to international sanctions or similar restrictions, especially when those persons are located in foreign jurisdictions.
It may be difficult to track partners firms’ relationships with politically exposed persons (PEP). Elections in foreign countries may change a third-party’s PEP status and with that the level of money laundering risk that they present.
HOW TO PREVENT THIRD PARTY MONEY LAUNDERING RISK THROUGH YOUR ORGANIZATION
Companies specially with an international footprint need to implement effective internal control procedures to ensure compliance with the full range of legal requirements and reduce exposure to risk during the customer onboarding, screening, and monitoring phases. Supply chains, business associates, joint ventures, and acquisition targets can present unknown risks to an organization.
Effective third-party due diligence policies, screening and processes are necessary to protect your organization and manage risk
1. Know Your Customer’s Customer
Taking the rules for KYC and expanding them to incorporate third parties, KYCC refers to the steps taken by a financial institution (or business) to:
- Verify the identity of a third party
- Understand the nature of a third party’s activities (primary goal is to satisfy that the source of funds is legitimate)
- Assess money laundering risks associated with a third party
2. Third-party screening
After verifying the third party, understanding their business activities provides insight into the level of risk involved in doing business with them. One action to take is to screen the identified parties against various lists of high-risk individuals, like politically exposed persons or entities. These include sanction law enforcement lists, and governing bodies (for example, financial and securities commissions) worldwide.
3. Enhanced Due Diligence -The Antidote to Third-Party Compliance
One of the biggest risks that businesses face is employing third parties, be they suppliers, agents, distributors etc. Hence, third-party due diligence has become an integral part.
Third-party due diligence is the process a business undertakes whenever partnering with an external entity in order to detect and assess associated risks, such as vulnerabilities of money laundering, bribery and corruption practices and breach of sanction regulations. This is typically conducted not only before entering into an agreement, but also periodically, allowing active monitoring of the relationships.
It is of utmost importance that the due diligence process should be tailored to meet the financial, regulatory, and reputational risks that a business is likely to face.
Depending on the analysis of the initial assessment, Enhanced Due Diligence (EDD) procedures might be in order. Some EDD practical steps, suggested by the Financial Action Task Force (FATF), include:
- Obtaining additional identifying information from a wider variety (or more robust) sources and using this information to inform the individual customer risk assessment.
- Carrying out additional searches (for example, verifiable adverse media searches) to inform the individual customer risk assessment.
- Commissioning an intelligence report on the customer or beneficial owner to better understand the risk that the customer or beneficial owner may be involved in criminal activities.
- Verifying the source of funds or wealth involved in the business relationship to be satisfied that they don’t result from the proceeds from crime.
- Seeking additional information from the customer about the purpose and intended nature of the business relationship.
THE DANGER OF THE UNKNOWN
Third party relationships – with suppliers, distributors, intermediaries, logistics providers and customers – are the basis of a successful global business. But regulators are watching. A swathe of regulation, anti-money laundering and sanctions screening requirements, exposes businesses to the risk of legal liability and significant remediation costs – not only from their own actions, but from those of third parties they deal with.
A risk-based approach compliance program , KYC, due diligence, screening ,Continuous monitoring and Third party audits can prevent from the danger of the unknown.
Alia Noor (FCMA, CIMA, MBA, GCC VAT Comp Dip, Oxford fintech programme, COSO Framework)Associate Partner
Ahmad Alagbari Chartered Accountants