Based on the Money Laundering and Terrorist Financing Prevention Act (Wwft), a financial institution is obligated to subject its customers to ongoing monitoring. This means conducting checks on the business relationship with the institution and on the transactions carried out by the customer. To comply with the sanctions law, financial institutions must have established an administrative organisation and internal control measures. All of this is also known as the monitoring process.
Wwft Monitoring has the following forms:
A periodic review is essentially a renewed client review. You update the information about the client periodiccally(based on risk-based and adequate measures). If necessary, you adjust the client’s risk profile accordingly.
You have clearly described in your policies and procedures how and how often a periodic review takes place. You have a (risk-based) justification for this.
The periodic review follows a cycle per risk category: the higher the risk, the more frequent and thorough a review of the client situation should be. Thanks to continuously reviewing, it is possible to discover unusual (transaction) patterns and to determine whether situations have occurred that involve an increased risk.
Thus, in practice, we often see banks reviewing their high-risk clients at least once a year, while medium and low-risk clients are subject to a client review every 3 and 5 years respectively (or based on a pre-defined event).
The frequency and depth of a review depends on the risk. Therefore, the additional risk assessment determines the newly established review term. Also, the final analysis of the review and the (renewed) risk assessment will affect the ongoing transaction monitoring.
If the customer or UBO was initially identified as a PEP (Politically Exposed Person) and during the review it appears that this person no longer holds a prominent political position, the enhanced measures must still be applied for at least another year. This period may vary per jurisdiction.
An Event Driven Review is basically a renewed client screening triggered by specific risk signals. In your policies and procedures, you have determined based on which signals a new client review should be initiated.
For example, a signal that may be cause for an Event Driven Review is when client data in the trade register of the Chamber of Commerce is updated. New customer data may prompt an investigation, such as a change of postal address to a high-risk country, or the change of a director listed on a PEP list.
An Event Driven Review leads to an update of the client profile and possibly the adjustment of the client’s risk profile. After an Event Driven Review, you establish a new term for a periodic review.
During the screening against sanctions lists, all names and other relevant data of natural persons and legal entities contained in client files (including UBO, authorized representative, beneficiary, etc.) are checked against the EU and Dutch sanctions lists. In practice, we often see that these lists are supplemented with the US sanctions lists OFAC. Screening of relationships occurs during customer acceptance, periodic review, event driven review, and/or in the case of interim changes in the customer base and sanctions lists.
Transaction monitoring is a measure to control money laundering and terrorist financing. You translate the money laundering and terrorist financing risks identified in the SIRA into the transaction monitoring process. When determining the customer’s risk profile, you also consider their expected transaction behavior.
You have the appropriate procedures and processes in place to monitor accounts, activities and/or transactions of customers. This allows you to gain and maintain insight into the nature and background of clients and their financial behavior. You will also be able to detect deviating transaction patterns-such as unusual transaction patterns and transactions that, due to their nature, a higher risk of money laundering or terrorist financing. And you will be able to comply with your reporting obligations.
It is important to view transaction monitoring as complement to the periodic review.
For each client you must establish a transaction profile. Based on the knowledge about the client (client profile), it is assessed whether the client’s transactions correspond to the institution’s view of the client and the expected transaction profile.
To determine the risk profile, we look at the expected transactions and/or the expected use of a customer’s account. This allows you to adequately monitor that the transactions carried out during the duration of the relationship correspond to your information of the client and their risk profile.
A transaction is considered unusual when there is suspicion of money laundering or terrorist financing. This could be because the transaction deviates from the transaction profile, but also the transaction behavior itself may raise concerns.
When you conclude that a transaction is unusual, a report of the completed or intended unusual transaction must be made promptly (as soon as possible given the circumstances) after the unusual nature of that transaction has become known.
There are objective and subjective indicators. With an objective indicator, the nature of the transaction is decisive. If the transaction fits into an objective indicator, no further assessment is required because a Wwft report must be made in that case. If the report does not fall under an objective indicator, the subjective indicator may apply. In that case, you assess the report yourself and decide whether the report falls under the subjective indicator.
There are various circumstances under which you must make a Wwft report.
Failure to report an unusual transaction while the institution is aware of it is an economic offense. Once a report is made, you are obligated to treat the report confidentially.
Learn more about the Wwft, customer due diligence and transaction monitoring by taking our Wwft e-learnings. You can find an overview of our Wwft courses here.