16 Jan The Next AML/CFT Compliance Wave – DNFBPs
Designated Non-Financial Businesses and Professions (DNFBPs) have, wittingly and unwittingly, long been a conduit for money laundering, terrorist financing, and other criminal activity.
It can also be argued that the non-inclusion of DNFBPs from AML/CFT regimes places a disproportionate burden on current businesses subject to AML/CFT regimes.
The non-inclusion of DNFBPs also hampers a country’s ability to put in place a comprehensive, proportionate and effective AML/CFT regime based on all money laundering and terrorist financing risks, as required by the FATF.
It has been internationally recognised since 2003 that Designated Non-Financial Businesses and Professions (DNFBPs) should be brought into AML/CFT regimes. In 2003 the FATF Recommendations established customer due diligence and record keeping requirements for DNFBPs.
Due to a greater understanding of the role of DNFBPs as “gatekeepers” and the emergence of continued and clear evidence of the role that DNFBPs play in money laundering, terrorist financing and other criminal offences, the FATF’s requirements on DNFBPs were expanded to include requirements to report suspicious matters and cash transactions over a material threshold.
The 2012 FATF Recommendations set out clear requirements for DNFBPs. Specifically, Recommendation 22 (DNFBP Customer Due Diligence); Recommendation 23 (DNFBP Other Measures); and Recommendation 28 (The Regulation and Supervision of DNFBPs).
However, to date the lack of implementation of the FATF requirements for DNFBPs by full FATF member countries appears to be a continued and systemic weakness in the global AML/CFT regime.
The FATF 4th round mutual evaluations of Australia, Canada, Singapore, Switzerland, and the United States identify deficiencies in bringing DNFBPs into AML/CFT regimes and the supervision of DNFBPs in those countries.
Our research on the most recent mutual evaluations for each of the 34 full members of the FATF shows that:
- 14 full FATF member countries are identified as being completely Non-Compliant with the FATF’s DNFBP’s recommendations at their last mutual evaluation;
- Of the FATF full member countries 31 out of 34 have yet to fully extend their AML/CFT regime to DNFBPs; and
- 25 out of 34 full FATF member countries do not have in place the required supervisory arrangement for DNFBPs.
Whilst this research focuses on the 34 full member countries of the FATF, analysis of the recent mutual evaluations completed on region bodies indicates that the lack of implementation issue could be representative of all countries globally.
The use of DNFBPs to facilitate criminal activity, such as bribery and corruption and tax crimes, has recently become a higher priority on international and domestic political agendas.
The role of some types of DNFBP in tax avoidance and evasion schemes has also been highlighted, not least by the Panama Papers.
Our research into the size of the DNFBP populations in several FATF full member countries further quantifies the size of the issue:
|Country||Estimated No of DNFBPs|
Against this background several countries, including New Zealand and Australia, have commenced changes to their AML/CFT regimes to fully include DNFBPs.
New Zealand has issued draft DNFBP legislation which should be live in mid-2017. Australia, in response to the Statutory Review and FATF criticisms, has commenced consultation on regulating DNFBPs, with a current timetable to include them in the AML/CFT regime by 2019 (ahead of the FATF follow up visit).
It should also be noted that the Canada, Singapore, and USA recent FATF 4th round mutual evaluations highlighted DNFBPs as an issue that should be addressed.
Whilst the inclusion of DNFBPs should be a priority for countries not currently compliant with the FATF recommendations, there are a few considerations that should be born in mind when bring DNFBPs into an AML/CFT regime.
DNFBPs are different businesses from the financial service businesses covered by AML/CFT requirements.
Fortunately, the risk based approach allows the controls required by AML/CFT law and regulation to be proportionate to the business profile of the business, as well as to their money laundering and terrorist financing risks and vulnerabilities.
Size of DNFBPs
One major difference can be in size of business, with most DBFPs having less than 50 employees.
A Report in September 2016 by Deloitte for the Ministry of Justice identified that 96% of DNFBPs in New Zealand had less than 50 employees and over 75% of DNFBPs had less than 20 employees.
Our research suggests that this may be representative for DNFBPs in all countries.
This means that most DNFBPs would not have the dedicated (full or part-time) in-house compliance resources that most financial services businesses have in place, because of the myriad of compliance obligations they face.
Type of relationship with customers
The variations can also include the type of relationship DNFBPs have with customers compared to financial services businesses.
Whilst it can be argued that lawyers and accountants have on-going client relationships, they also have many customers that engage them for single or one- off transactions.
Other types of DNFBPs will not have on-going relationships with customers.
This would mean that for some DNFBPs on-going customer due diligence is not relevant, and transaction monitoring should be focused on a single transaction.
Products and Services
Most products and services offered by DNFBPs will also involve another reporting entity as part of the transaction.
Whilst some DNFBP’s products and services are vulnerable to cash, most transactions will involve the flow of funds from a regulated financial institution to pay for a product or service.
The fact that a DNFBP’s products and service are usually connected to other regulated activity may mean that DNFBPs can use an increased level of reliance.
Cost of Compliance
Whilst AML/CFT compliance can be argued to be a cost of doing business, the Deloitte Report for the New Zealand MoJ also identified that if smaller entities are required to put in place the same regime as larger “financial institutions” care need to be taken to avoid disproportionate costs and burdens.
The same Deloitte Report concluded that in New Zealand the cost of initial compliance for its 9,000 DNFBPs could be as high as NZ$313 million (AU$ 300m, GBP 175m, US$220m).
To put that into further perspective, the Deloitte Report further establishes that the cost per client or transaction for each type of DNFBP would be:
- Lawyers – NZ$37.76 (per client)
- Accountants – NZ$64.40 (per client)
- Real Estate -NZ $355.88 (per transaction)
- Motor Dealers – NZ$77.65 (per transaction)
- Jewellers – NZ$3.37 (per client)
Given the value of the product or service provided by DNFBPs, these per transaction and client costs do not seem prohibitive.
The Report identifies that the initial compliance costs result from the development and implementation of ML/FT risk assessments and AML/CFT Compliance Programmes.
Ongoing compliance costs are estimated at NZ$223 million per annum (AU$ 213m, GBP 119m, US$155m). These ongoing costs are split as follows:
- Customer due diligence – NZ$13.6m
- Account and transaction monitoring – NZ$22m
- Record keeping – NZ$5.4m
- Risk assessment and programme maintenance -NZ$182.2m
- Suspicious activity reporting – NZ$200,000
It can be seen that the biggest compliance costs are related to the development, implementation and maintenance of ML/FT Risk Assessments and AML/CFT Programmes.
To provide some more clarity on the costs globally, based on the New Zealand cost estimates (and converting into local currencies) we have extrapolated the compliance cost for several full FATF member countries.
The cost of compliance for DNFBPs could be as high as:
|Country||Initial Cost||Annual On-going Cost|
|AU$3.32 billion||AU$ 2.37 billion|
|CA$ 1.61 billion||CA$ 1.15 billion|
|INR 246.56 billion||INR 176 billion|
|€ 464.52 million||€ 332.5 million|
|SG$ 208.6 million||SG$ 148.6 million|
|ZAR 23.77 billion||ZAR 16.96 billion|
|US$ 5.33 billion||US$ 3.81 billion|
Non-inclusion or no requirements for DNFBPs is clearly not an option. However, policy makers should consider how DNFBPs will be able to address AML/CFT requirements, and what the cost/benefit equation is for bring DNFBPs into the AML/CFT regime.
To bring DNFBPs into the AML/CFT regime, New Zealand, in the draft Bill published on the 13th December, has made attempts to limit the compliance costs.
However, the New Zealand authorities estimate that the compliance costs resulting from the proposals within the Bill would be around $1.6 billion across all reporting entities over 10 years. Given the extent of the additional changes beyond DNFBPs within the Bill it is apparent that DNFBPs will shoulder most of these compliance costs.
On the other side of the argument, it is estimated that the changes in the Bill will have a benefit to New Zealand in disrupting crime and knock on social harm reduction of $7.5 billion over 10 years.
Again, as with costs, it is anticipated that most of this benefit will be derived from the inclusion of DNFBPs within the AML/CFT regime.
It is expected that most entities and sectors currently regulated would view the extension of the AML/CFT regime to DNFBPs as positive.
This will go some way to address long established distortions and the potentially disproportionate focus on one set of gatekeepers by international and domestic policy makers and regulators.
We have seen that the AML/CFT regulation of other industry sectors has resulted in compliance responses by existing regulated entities.
Most notable is the money remittance sector which was systematically de-risked in Australia, New Zealand and globally once they were brought into the AML/CFT regime.
We could see similar compliance reactions by financial institutions offering products and services to DNFBPs, as we have seen to those other regulated entities.
However, it should be hoped that financial institutions do not de-risk DNFBPs because they are subject to the AML/CFT laws.
In line with offering accounts to other regulated entities, including but not limited to correspondent banks and money remitters, financial institutions may feel it necessary to mitigate their own ML/FT and AML/CFT risks. This is usually done by ensuring an equivalent level of AML/CFT compliance before establishing a relationship and during the life of the relationship, by undertaking a review of the other party’s AML/CFT arrangements.
As we have seen already, this creates a significant burden for both the financial institution and the other regulated entity.
Whether financial institutions feel it necessary to extend this practice to all DNFBPs should be given very careful consideration, as given the number of DNFBPs it would create a significant burden for both the financial institution and DNFBPs.
Enhance the ability to combat domestic and transnational crime
The inclusion of DNFBPs within an AML/CFT regime will clearly increase the level of reporting to the country’s FIU.
The information and intelligence dividend that should result will help authorities identify and tackle money laundering, terrorism financing and the aligned predicate offences.
The reporting regime should therefore be introduced for all DNFBPs. However, this is one area where the compliance cost might seek to be managed.
Given the undoubted benefits of reporting to an AML/CFT regime, together with the New Zealand estimates that the cost of complying with monitoring and reporting is less than 1% of all ongoing compliance costs, variations to the reporting regime would require careful consideration to ensure that the information and intelligence is not unnecessarily limited by attempting to reduce compliance costs.
In conclusion, the inclusion of DNFBPs is an important part of the AML/CFT jigsaw and is long overdue for attention globally.
By bringing DNFBPs into AML/CFT regimes, a significant and important wave of AML/CFT regulatory reform will occur that will level the playing field and enhance the ability to detect and prevent money laundering terrorist finance and other predicate crimes.
Bringing in an AML/CFT regime is not easy and requires careful consideration to strike a balance between compliance costs and benefits. Maybe that’s why so many FATF full member countries have yet to fully implement FATF Recommendations in this area.
However, sitting on your hands and doing nothing should not be an option either for governments, regulators or those businesses in the various DNFBP sectors.
While the compliance costs in an era of deregulation might cause some to pause, in the brave new digital world, there are solutions emerging that can increase the ease of compliance and reduce the risk of regulatory non-compliance for both regulators and the regulated, and at the same time reduce compliance costs.