Regulation Asia spoke to financial crime compliance experts about the ongoing effort required to achieve and maintain high standards for source of wealth and source of funds checks.
Last month, the Monetary Authority of Singapore (MAS) released new guidance on strengthening AML/CFT controls in private banking, based on inspections the regulator conducted over 2019 and 2020.
Among the key areas of concern, MAS called for “robust corroboration” of source of wealth (SoW) and source of funds (SoF), whereby private banks should obtain a clear understanding of how clients’ assets are derived. This includes an obligation to ask “the right questions” to assess the legitimacy of a customer’s wealth and the source of funds, and to obtain adequate information and documents to support the assessment.
The guidance offers examples of the good practices MAS observed, as well as instances where corroboration was inadequate. It asks private banks not to rely solely on customers’ representations and to conduct further due diligence where any discrepant information is noted.
The MAS guidance followed a new set of FAQs issued by the Wolfsberg Group in August, which outlined how financial institutions can identify, mitigate and manage the money laundering risks of dealing with customers through appropriate SoW and SoF checks.
Specifically targeted at the private banking and wealth management segments, the guidance described instances where SoW and SoF information collected may need to be independently corroborated, and what to do if relevant standards are not met, based on the risk-based approach.
“Compliance around SoW and SoF checks is a challenging and time-consuming process for financial institutions,” says Phillip Malcolm, Director of Risk Managed Services for Asia Pacific at Refinitiv. “Regulatory guidance around the level and detail of the supporting documentation required, and if and when corroboration is necessary, is open to interpretation.”
“Yet, given the risk of criminal activity a financial institution can be exposed to and the potential for regulatory action for non-compliance, SoW and SoF compliance is a critical part of the due diligence process to get right.”
According to Malcolm, a proper SoW assessment goes beyond simply identifying the assets a client owns. It should be able to identify and describe all economic activities that contribute to an individual’s net worth – a process which can be very complex as it may include a client’s business earnings, investments, inheritances, asset sales, casino wins and more.
“The aim is to build a profile of an individual’s wealth to ensure there are no risks associated with the sources of the wealth. This will include sanctions risk, money laundering risks or any other illegal activity. Further, this is not a one-off exercise, as ongoing due diligence is just as important as the initial onboarding processes.”
Misalignment of incentives
What makes compliance challenging is that the process of conducting SoW and SoF checks is not – and most would argue cannot be – standardised. It varies from institution to institution, and from client to client, depending on the type of client, what types of assets they may be holding, and where these assets are located.
According to Hill & Associates Singapore Country Manager Mark Nuttall, who is a former New Scotland Yard Detective and Interpol official, the private banking industry often demonstrates a significant amount of complacency, to the point of “wilful blindness” when it comes to customer due diligence and SoW checks.
“There is a misalignment of incentives in private banking,” he says. “Given the potentially huge rewards such as commission and bonuses a private banker could receive from onboarding and maintaining a relationship with a high net worth client, it is not always in their interest to be as diligent as regulators would like when conducting these checks.”
Nuttall points to educational and capacity building factors driving this complacency, and the need for impartial assessment in SoW/SoF checks through independent parties. “What should be considered in private banking is a much more rigorous licensing regime, mandatory certified AML training, and the guidance of the voice of expertise and experience.”
Jamil Ahmed, Chief Compliance Officer at HSBC Singapore, also recognises the inherent risk of conflict in private banking, particularly if it’s a profitable account in question or if the bankers themselves have targets to try and achieve.
“This could lead to a tendency to overlook something or not delve into too much detail about where the funds are coming from,” he says. “But conduct and reward mechanisms are also designed to reduce the likelihood of this happening.”
“It comes down to the overall culture of an organisation, and its focus on risk and conduct. This is where the firm’s control and conduct frameworks come in – the ability to drive the right outcomes from a risk perspective by adopting a risk-based approach, and a need for independent QA [quality assurance] to check and challenge how risk profiles are generated and for corroboration.”
Crime Stoppers Asia CEO Richard Carrick says most private bankers prefer to use secondary data sources instead of asking the client to provide information. While this might be acceptable to assess a major corporation with public financial records, it is not sufficient for many high net worth individuals.
“Private bankers want to be as unobtrusive as possible, and often leave the due diligence task to fall to compliance, even pushing back against compliance if asked to gather more information about a client. But that’s not what compliance is about. Compliance is there to make sure that the private banker – who is the first line of defence – has done his due diligence.”
What good looks like
HSBC’s Ahmed says it is an ongoing effort to maintain standards for SoW and SoF validation, primarily because there is a strong element of judgment involved in determining ‘what good looks like’. Private banks need to have a strong training and awareness programme in place around both lifting and maintaining standards, he says.
Carrick echoes a similar view: “We just need a way to actually articulate what is good and what’s not good, that’s the real problem. You need to give the bankers on the front line examples of ‘what good looks like’ for them to be on the same page.”
From a regulatory perspective, providing guidance can be tricky, given that every client is different and requires different checks based on the assets they have and where they are located. “The regulator would be hard-pressed to cover all the different scenarios and customers a bank can encounter, so they can’t be too prescriptive,” Carrick says. “This is why most of the regulatory guidance on SoW/SoF checks is quite generic.”
But as MAS has done in recent examples of guidance papers, providing case studies and visibility on what good source of wealth and corroboration looks does helps, Ahmed says.
“It’s an ongoing effort around training, and about having a strong feedback mechanism, so when things come through to the second line of defence for review, we can spot what the first line has missed. We can’t underestimate the value and importance of determining what good looks like.”
As Ahmed explains, this means providing appropriate in-depth case studies and using ‘post mortems’ to learn from experience. “You need to have post mortem reviews, where audit, audit assurance, or compliance have come in to independently look at cases and those that did not make the cut, or were good examples are carried forward as part of training mechanisms and feedback loops By doing so, you will eventually shift the mindset towards coming to a common view on what the correct standard should be.”
Carrick, who was formerly Regional Head of Financial Crime Assurance at Barclays Bank in Singapore, says one of the first things he would do in a private bank’s financial crime compliance function would be an assurance review or an audit of the customer book, specifically looking at SoW/SoF explanations.
“With the right person performing the audit – someone who knows ‘what good looks like’ – a bank can identify where there are the gaps and correct the problem. It could be down to training, or it might be that access to better data sources is needed.”
Data and due diligence
Indeed, technology that pulls together information from multiple data sources can make the due diligence process easier. The data could come from company databases, property registries, criminal justice databases, shareholder registers, or media and internet searches. Refinitiv, for example, provides access to this type of data through its risk intelligence database known as World-Check.
“If you can pull all of that information in on an individual in calculating a comprehensive money laundering risk score, you can use this information to help corroborate the SoW of the client. The risk score will also let you know to what extent you will need to investigate a person’s background,” Carrick says.
In some cases, the sources of wealth themselves may require additional scrutiny, such as if the wealth derived from high-risk industries or from high-risk jurisdictions. In such instances, a comprehensive SoW enhanced due diligence (EDD) report may be required to build “a coherent profile that presents reasonable evidence to support the legitimate accumulation of the individual’s wealth,” says Refinitiv’s Malcolm.
“The recent guidance from both Wolfsberg and MAS emphasise a well-documented risk-based approach and the importance of corroboration cannot be understated,” he says. “We cannot just rely on the customer or a phone call to their accountant, we need independent third party evidence to back up what we are being told.”
To expand its due diligence capabilities, Refinitiv earlier this month acquired The Red Flag Group, a global integrity and compliance risk firm. Amid an increasingly complex and rapidly evolving business environment, the acquisition is expected to enable firms to better evaluate money laundering risks, bribery and corruption risks.
Getting it right
The way to get SoW/SoF checks right would be to ensure high standards within a bank’s front line, which should be underpinned by a strong compliance culture with a robust feedback mechanism, alongside access to good data sources to facilitate corroboration.
“The more we can actually focus on what good looks like the more we can actually focus and align on standards, the better we’ll eventually become at raising these across the board. Once we get them to an appropriate level, we will need to maintain those standards on an ongoing basis,” Ahmed says.
According to Carrick, the regulator expects that a ‘reasonableness test’ is performed. “They want to be able to see your work as to how you made the assessment, and make sure there’s a reasonable explanation for a person’s wealth.”
This can be a balancing act, as the standards for SoW/SoF checks are not well-defined, and this is not expected to change anytime soon.
To learn more about the Wolfsberg guidance and what best practices look like for SoW/SoF checks, join this webinar.