AML/KYC Working Group

Our aims…

AML Blog…

June 2024 Update

Question on a need for a 4 eyes principle for client screening and due diligence following recent external audits.

Open question as to whether a 4 eyes principle is needed for client sanctions, PEP and adverse media screening. This is not clearly stated in the regulations and we have also been advised that the CSSF is looking with ALFI to revise areas regarded as gold-plating ahead of the implementation of the new EU AML regulations in the future which provide a level playing field for all EU countries.

A distinction in 4 eyes principle requirements should be made between sanctions and PEP / adverse media screening: Regulations require a 4 eyes principle upon the initial screening for sanctions, when the name is first entered, but does not mention ongoing screening nor PEP or adverse media screening.

It was also noted that the CSSF recently shared a table on this which includes the need for the Compliance function involvement which is questionable as it draws the 2 line of defence into 1^st line processing. Members also questioned why the CSSF and auditors are directing firms on how to manage their first line AML operations.

Members questioned if they should wait before recruiting and updating their screening process to apply the 4 eyes principle beyond initial screening for sanctions until the industry issue has been clarified by the CSSF and ALFI.

Action: Members to raise AML requirements and areas that go above and beyond the regulatory requirements and regarded as gold-plating for the ALFI-CSSF review.

Reliance on the TA due diligence instead of performing due diligence on all Manco contractual relationships (intermediary or not): Circular CSSF 21/782 section 16.14

Reference to the EBA Guidelines Circular 21/782 section 16 on customer categorization: To what extent may the ManCo rely upon the TA to perform due diligence on parties (distributors, intermediaries, nominees etc) who invest on behalf of third-parties?

It was concluded that the ManCo is required to complete the requirements where it enters into an agreement and pays rebate fees, and that a distinction is made between distributors who purely market the funds and those who also introduce business and manage the client account when it comes to the ongoing AML monitoring requirements, i.e. there is no AML delegation in the first scenario.

The ManCo may not outsource its AML KYD obligation to the TA. However the TA may rely on the due diligence and KYC performed by the ManCo on its distributors to avoid duplication by the TA . On the other hand, the obligation to perform monitoring/testing on intermediaries (as opposed to distributors) may be outsourced to the TA.

Transaction Monitoring and negative media alerts in relation to SARs.

Reference made to the annual CSSF AML Questionnaire and question on how many transaction monitoring and adverse media alerts have been received and how many SARS filed? The CSSF may question the low volume of SARS filed compared to the volume of alerts, especially by TPAs, where for example the TPA procedure may include a parameter to simply close aged media alerts.

ManCos should be aware of and review the TPA’s transaction monitoring rules and adverse media process to ensure they are adequate and assessed according to the business model and nature of transactions.

Article 5r of EU Council Regulation 833/2014: Reporting obligation on transfers leaving the EU for relevant Russian-owned companies or Russian UBO

Awareness raised of Article 5r and the new reporting obligation to the Ministry of Finance effective from July concerning payments and accounts that have 40% Russian ownership or control.

Members confirmed they were checking that their TPAs have the necessary controls and reporting process in place.

Oversight by ManCos on Distributors/Sub-distributors

• How is the risk rating applied?
• Address the approach when the KYC risk differs from the KYD risk

It was noted that the AML risk assessment and rating of a distributor can be separate and differ to the overall ‘KYD’ risk rating. How is this managed generally?

One member noted they look at both risk ratings and determine the overall end rating on an individual risk basis depending on the key elements of both assessments.

Other members shared their approach:

• The rating of the distributor is checked against the TA’s rating of the client account, where applicable, but is not amended unless there is strong criteria to do so.
• The distributor AML ODD or refresh can be performed according the AML rather than overall risk rating.
• The target countries for distribution, including sub-distribution network, is a significant risk factor to the overall risk rating and may trigger a manual adjustment.
• The volume of assets by low/medium/high risk countries may be taken into account.
• The AML risk rating feeds into and is a factor in the overall risk rating.

SRRC report: Interpretation of sample testing questions (linked to investors/ intermediaries/ assets) eg. what type of activity is being considered in scope/ what approach is being considered where there is no formal sample testing?

It was noted that samples sizes reported may appear small. No distinction is made between Audit and Compliance testing. Concerning the question on assets it was concluded that this is aimed at unlisted assets as testing isn’t performed or required for listed assets, only screening.

Sanctions due diligence oversight by ManCos on distributors/sub distributors – form/frequency/testing

Question was raised as to how ManCo’s monitor and test for any sanctioned underlying investors who are sanctioned, in particular on the Euroclear and Clearstream platforms.

It was noted that many ManCo’s have in the past written to all their distributors to remind them of their obligations in this respect and to notify any sanctioned party to the ManCo. This is also covered in the legal agreement and oversight, e.g. distributor DDQ. It was also noted that Euroclear and Clearstream have tightened their processes and will report any such cases to the TA or ManCo.

Board resolutions & approval process by RR of investor redemptions/ transfers where full investor due diligence/ remediation is not completed by fund Transfer Agent

In the scenario where client KYC has been remediated to the extent that it may not be 100% complete but the Manco is satisfied it is sufficient and they know their client, has the TA a right to insist on a Fund Board resolution to make a payment to the client?

Members concluded that ManCo RC approval should be sufficient.

April 2024 Update

Third Party Transfer Agency – AML blocked accounts reporting

An Industry working group was formed last year following the issuance of the FATF report on Luxembourg.  Following email correspondence with some members a discussion followed around what would constitute inclusion in blocked account reporting in the annual CSSF AML survey e.g. only if it constituted a SAR or other reason for missing KYC.

There was further discussion around when blocking may apply and under what circumstances different types of transactions or distributor trail fee payments may be blocked.

The members expressed their strong desire to review a draft of industry working group paper prior to it being finalised.

High risk investors – wet ink signatures (originals) alternatives

Following a member’s question, the group discussed the circumstances where wet ink signatures (originals) apply including alternatives to that medium.

Some members will require wet ink originals for high risk though will permit transactions to proceed pending the originals. I.e. PDF accepted in advance. Other members advised that they would rarely require wet ink signatures due to the face to face nature of their relationships.

Panama – EU high risk third country list removal (Distribution)

High Risk Distributors – EDD (onsite visits)       LM advised the group of the impending update to the EU High Risk Third Country list amending Delegated Regulation (EU) 2016/1675.  The amendment adds Kenya and Namibia to the table in point I of the Annex and deletes Barbados, Gibraltar, Panama, Uganda and the United Arab Emirates.

The members discussed how ongoing due diligence is performed on high risk distributors.  Most do not consider an onsite visit necessary, with reviews conducted offsite as they would as if onsite e.g. Calls, review of P&P, sampling etc.  Where a review of P&P is challenging, most firms will engage with the distributor’s Compliance department which usually elicits the required information.

February 2024 Update

KYC requirements and process for retail clients in Poland

Poland requires  a local TA or processing agent to manage investments from local resident investors to Luxembourg Funds. The local model can differ:

1. Appoint a local processing agent rather than a sub-TA model and rely on the local distributor to cover AML requirements on the investors and therefore perform oversight of the distributor. The Luxembourg TA performs the investor screening and transaction monitoring.
2. Operate a sub-TA in Poland with limited scope of delegated AML services.

Members confirmed they restrict incoming payments for subscriptions to banks in Poland. A comparison can be drawn with the model in Italy where the key for meeting AML requirements is to have a reliable AML distributor model in place.

Intermediary testing (CSSF 20-05 Art. 3)

It is apparent that while a number of third-party TAs plan to, or have implemented various forms of testing, the WG consensus is this exercise provides no real value. Members advised they document the review of the Wolfsberg Questionnaire to evidence the review of the responses provided.  It was noted that some third-party TAs ask intermediaries to provide details of any underlying investor who owns 25%+ of the account managed by the intermediary, which is not required as this is already covered in the Funds application form.

Members shared that they have not been challenged to date on the absence of a process to test their intermediaries.

NSCC relationships

A question was raised on requirements towards the names of individual names appearing on NSCC accounts, and noted the question in the CSSF survey asking where your clients are located. Members responded that in their experience this underlying data is often not reliable, especially the field showing their location/country, and their focus and reporting is on their distributor network instead. Some do not receive the next level down containing this data on their NSCC accounts.

French Centralising Agent/Euroclear France model – AML compliance

A question was raised on how others are managing AML due diligence requirements for business introduced through the local paying agent and Euroclear France. Although paying agents may have provided an AML comfort letter in the past, they effectively do not perform AML on all investors and have stopped. Euroclear France can provide a presentation on their AML process but will not provide a letter.

Some third-party TAs perform an annual onsite review of Euroclear and Clearstream and provide a report to the ManCo, however it is not clear if this specifically covers Euroclear France.

A suggestion was made to perform an onsite visit to the paying agent to review the documentation they obtain from Euroclear France, centralisation legal agreement permitting.

January 2024 Update 

Transaction monitoring obligation and process for ManCo’s with a delegated Transfer Agency

• Most TPA’s perform transaction monitoring as part of their standard service offering. Where they may say they only do it to meet their own regulatory obligations, the ManCo can nevertheless include it in its oversight process and place reliance on the TPA process. In any case the TPA has an obligation to escalate any red flag to the ManCo, irrespective of its trigger or activity performed by the TPA.
• It was recognised that TPAs follow their own inhouse standard transaction service with no customisation. This includes the fact that they bulk all transactions for their ManCo clients together and cannot therefore provide a bespoke process and reporting. Despite this, members confirmed they do rely on the TPA transaction monitoring process.
• It was pointed out that various exceptions can apply to the transaction monitoring scope; that distributors are excluded by the TPA as they come under the ManCo’s direct supervision; that omnibus or pooled accounts can also be excluded from the process where they are managed by correspondent relationships with no look-through obligation to the underlying investor.

Ongoing distribution (directly or through sub-distributors) through intermediaries in High Risk Third Countries blacklisted by FATF/EU

• A question was raised to ask if members continue to managed distributors in countries appearing on the EU red list or FATF grey list.
• Some members responded to say they continue to allow investments from such relationships and those in other high risk countries. They confirmed they perform enhanced due diligence through onsite visits and underlying investor sample reviews.

CSSF AML Conference key takeaways

• The CSSF confirmed that AML will remain a key priority and focus for the CSSF in 2024 and beyond notwithstanding the recent FATF report on the country.
• Blocked accounts: Following the FATF report on Luxembourg which highlighted the high volume of client accounts blocked for AML reasons, it is important that the industry correctly classifies and reports blocked accounts for AML reasons. Only those accounts blocked for sanctions or true red flag activity, e.g. leading to a SAR, should be reported as having an AML block in the future. Accounts blocked for failed ODD should not have an AML reason block applied for example.
• Proliferation of arms: The industry should maintain vigilance on the screening of dual-use companies and any adverse media.
• The annual AML (‘RC’) report will need to be completed on e-desk in future, following the CSSF format.
• RBE register: A reminder to ensure entries in the RBE register are maintained up-to-date.

 CSSF requirements for onsite visits (Distributors, Branches, assets etc)

• Some members conduct onsite visits to their high-risk distributors.
• Some perform an AML onsite visit to each of their branches, while others do this on a risk-based approach or where the branch performs AML activities. This can also depend on the type of licence held by the branch.

October 2023 Update

• KYD ODD survey resulted in even split between 1,2,3 and 1,3,5. Feedback is CSSF didn’t challenge 1-3-5 during inspections.
• FATF Report
  • High level of compliance
  • overall framework for terrorist financing (TF) and proliferation financing (PF) TFS had some significant deficiencies, including gaps in the scope of freezing obligations, and lack of obligations to freeze without delay and without prior notification.
  • bolster its resources further to improve its ability to detect, investigate, and prosecute intricate money laundering cases.
• ALFI to simplify its Guidelines on Funds Assets. E.g. all UCITS are low risk; no need to perform a risk rating within UCITS according to geography etc.

June 2023 Update

• Fund assets risk scoring – Members discussed whether they were risk rating individual assets.  Most reported risk scoring at the asset class level, i.e. per risk categorisation of assets, as they do not have the ability to score individual assets; Some have a different process for UCITS than private assets.  It was suggested that firm should be risk assessing on a quarterly/semi-annual/annual basis.
• AML risk assessments – It was proposed that the WG draft a guidance paper on best practice to produce risk assessments. Sub-group to be established to work on this.
• Lux SMO regulations: ID / Verification and parent entity Following a recent question from a member around whether a subsidiary of a listed entity could be treated in the same as that of the listed entity itself, members discussed different approaches taken.  Some members will allow for the exemption to identify the beneficial owner where the customer is a direct subsidiary of the listed parent. Others will only permit if the customer is the listed entity.

• Definition of Persons Purporting to Act where it includes authorised signers including authorised signers of a regulated financial institutionA member raised a query around whether all firms were verifying the identity of authorised signers as persons purporting to act (PPTA) where those persons were employees of a regulated financial institution.  Some members confirmed they took a pragmatic approach and only requested the information where a screening alert was received.  Others source key demographic information upfront as they do not obtain ID documents – consideration as to whether we want to discuss with ALFI and/or CSSF.

• Russia: Distributor relationships, holdings and forced redemptions –  Discussion around whether any firms had taken any specific action around these relationships. E.g., compulsory redemptionSome members confirmed that they sourced the name of underlying client if there is a redemption via an intermediated relationship and screen themselves

• CSSF reviews on blocked accounts (update) – This is a known key focus for the CSSF with specific emphasis on distinguishing between accounts blocked where KYC documentation was incomplete/missing as against accounts blocked for other reasons e.g., dormant, sanctions, originals etc, Members discussed whether FATCA/CRS forms would be considered missing KYC.  In respect of dormant accounts, members discussed the importance of the TA distinguishing between dormant and inactive per the law of 2022.

• Onsite AML visits: Distributors and Branches – Members discussed current practice by firms around onsite visits.Branches – Monthly/quarterly meetings undertaken by most firms. External Auditors confirmed to a member that branches should be visited annually. Irrespective of whether a branch performs any KYC it was understood that the CSSF expects AML oversight.  Members discussed what that looked like e.g., access to AML P&P, anti-fraud controls etc. Distributors – Members discussed taking a risk-based approach to distributor onsite visits with some firms revisiting their practice post pandemic. Onsite visits appear to be limited and to high risk regions only.

• CSSF requirement to apply a 4-eyes principle when investigating false positive sanctions screening alerts The ILA notification was referred to.  This subject was also raised at an ALCO event end of last year.  Some firms have global models in place and are assessing 4 eyes review.  Some firms use a service provider and also review the alerts received

• France – Centralising TA Agent –  Members discussed the French centralising agent role and the challenges experienced in maintaining a Correspondent Relationship with the French centralising agent; Previously the TA obtained an AML letter; however, this is now being challenged as the centralising agent will no longer provide as a) it would breach French privacy rules and b) they could not guarantee that docs would be provided as they must request of securities clearing house.

• UBO declaration – Members discussed the circumstances where a beneficial ownership declaration is required with some members requesting for all clients and distributors; some do not request where there is no natural person, and the UBO/SMO information is provided via other documents.  Most firms do not require for counterparties.

• Luxembourg RBE (UBO register) – Members discussed the success rate in accessing RBE with mixed results.

• December 2022 Update – Much discussion on risk assessment requirements, framework, risk factors, and how to link in with risk appetite and resulting KPIs (for the Asset / Portfolio investments). Agreement to create a sub-group to hold workshops and draft an industry guidance paper in 2023.•It was noted that the CSSF expect all securities to be screened against PEP and adverse media lists, in addition to sanctions (although not stated in regulations or ALFI Guidance).•Recent CSSF publication on the results of thematic reviews it had conducted in 2021 focused on tax fraud, and the need to update the AML policy and work with the Tax team to create a joint risk assessment.
• September ’22 Update  If a PEP (acting as intermediary Board Member or UBO) doesn’t own the investment into the Fund or act on the account then the intermediary does not need to be considered a PEP account. However, some WG members will apply PEP status to the intermediary if a majority of the Board Members are PEPs. It was noted that that the CSSF expects full EDD applied to all individual and corporate PEPs even where the PEP risk is considered low or historical, i.e. the individual left their position of authority more than 12 months ago.
• Little regulatory guidance on transaction monitoring requirements. The Wolfsberg Group recently issued a Guidance which does not cover monitoring scenarios or thresholds but provides an extensive list of questions to be applied in the investigation process. The Guidance is aimed at correspondent banking but is also relevant for other payments-based relationships. Wolfsberg RFI Best Practice Guidance document_ Clean (wolfsberg-principles.com). The WG agreed the key is to have appropriate scenarios and thresholds and there is a risk if the net is too wide, and you have too many potential cases to effectively investigate and close out. The rules/thresholds should be tested by Audit for effectiveness.
• UBO register: The WG agreed this can be limited to EU countries, as per the fact the law is referenced according to articles of the EU directives.
• Signatory lists: It was concluded that only those who act on the account need to be screened.
• CSSF allows reliance on low risk regulated entities who screen their employees for screening. (Ref. CSSF 12-02/Art 33 ongoing screening concerning the client entity and UBO/SMO).
• EDD high risk countries: One should verify any relation to a high risk country; whether it be source of funds, UBO or other associated individuals and their level of ownership or control over the client, and assess the level of the associated risk on the client account. The TA may escalate any high-risk flags to the Mano.

• Please see below our comprehensive report in respect of the challenges facing Asset Managers in Luxembourg:-·

Download File