THE RIGHT FRAMEWORK FOR CDD IN AFRICA Abdulrahaman Babashani Standard Chartered Bank. OUTLINE Customer Due Diligence CDD Framework: International Best Practice CDD Frameworks: A comparative analysis Challenges of applying CDD measures in Africa What works best for Africa Conclusion INTRODUCTION: WHAT IS CDD? Customer Due Diligence (CDD) is a fundamental principle of all Anti Money Laundering (AML) controls. CDD formerly known as Know Your Customer (KYC) represents the process responsible for maintaining controls in an FI. It serves as the due diligence that the bank must perform to identify our customers and ascertain relevant information pertinent to doing financial business with our potential customers. In short, CDD is the collation as well as verification of relevant information and documents required to meet current regulatory standards, keeping in mind the importance of identifying any potential risks to the bank in terms of identify theft, fraud, money laundering and terrorist financing that may arise while taking on a customer CDD comprises: o Identifying the client and verifying their identity on the basis of documents, data or information obtained from a reliable and independent source, o Identifying, where there is a beneficial owner who is not the client, the beneficial owner and taking adequate measures, on a risk-sensitive basis, to verify his identity so that you are satisfied that you know who the beneficial owner is. This includes understanding the ownership and control structure of a legal person, trust or similar arrangement. o Obtaining information on the purpose and intended nature of the business relationship. CDD FRAMEWORK: INTERNATIONAL BEST PRACTICE FATF, Recommendation 5 asks that: Financial institutions should be required to undertake customer due diligence (CDD) measures when: (i) establishing business relations; (ii) carrying out occasional transactions: (i) above the applicable designated threshold (USD/EUR 15,000); or (ii) that are wire transfers in the circumstances covered by the Interpretive Note to Recommendation 16; (iii) there is a suspicion of money laundering or terrorist financing; or (iv) the financial institution has doubts about the veracity or adequacy of previously obtained customer identification data. The FATF further recommends that each Country should set out in their laws provisions for CDD, which should serve as a guide for developing Regulatory and Institutional frameworks for same. A Country may determine how it imposes specific CDD obligations, either through law or enforceable means. Also, Financial institutions should be required by law to maintain records on transactions and information obtained through the CDD measures. International Anti-Money Laundering/Combating the Financing of Terrorism (AML-CFT) standards require that adequate customer due diligence (CDD) be undertaken on all new accounts and on single payment cash operations to identify suspicious transactions. National laws and regulations, particularly in Africa typically require verification of: (i) client identity using an official document; and (ii) Client’s physical address. With regard to customer identification, financial institutions may be able to apply differentiated CDD measures according to the profile of the (future) customer. CDD requirements are intended to ensure that financial institutions can effectively identify, verify and monitor their customers and the financial transactions in which they engage, in relation to the money laundering and terrorism financing risks that they pose. WHEN CAN CDD BE PERFORMED The FATF specifically requires all financial institutions that are subject to AML/CFT obligations to implement CDD measures, including identifying and verifying the identity of their customers, when: Establishing business relations; Carrying out occasional transactions above USD/EUR 15 000 or that are wire transfers in the circumstances covered by the Interpretive Note to Recommendation 16; There is a suspicion of money laundering or terrorist financing; or The financial institution has doubts about the veracity or adequacy of previously obtained customer identification data. In recognition of Financial Inclusion, FATF allows for simplified – though neither an absence nor an exemption from – CDD measures where there is a lower risk of ML/TF. Simplified CDD standards can be decided at country level, based on risk or at financial institution level. Strict documentary requirements for opening an account may exclude workers active in rural areas or in the informal economy, who are less likely to have wage slips or formal proof of domicile. In Sub-Saharan Africa, documentation requirements potentially reduce the share of adults with an account by up to 23%. Financial Inclusion is seen as a tool to further strengthen AML/CTF Frameworks. CDD FRAMEWORKS: A COMPARATIVE ANALYSIS S/No Country Are there minimum transaction thresholds, under which customer due diligence is not required? In what circumstances are reduced/simplified due diligence arrangements available? In what circumstances are enhanced customer due diligence measures required? 1 South Africa No - Due diligence (DD) is always required for all client relationships and single transactions, irrespective of the value involved. However the law does make provision for certain exemptions where a reduced level of DD is permitted. Depending on the risk profile, the level of DD is simplified for low risk clients or in respect of existing clients who are applying for different products The FICA Guidance notes state that accountable institutions should follow a risk-based approach to CDD. Clients are given a risk-rating based on various risk factors. High-risk client types and high risk transactions and services warrant EDD procedures. 2 Ghana Yes – equivalent of USD 10, 000. None. Enhanced CDD is required when dealing with PEPs. 3 Cote D’Ivoire No - there are no minimum transaction thresholds under which customer due diligence is not required. CDD arrangements are reduced for low value transactions. CDD is enhanced for unusual or suspicious activities/transactions. S/No Country Are there minimum transaction thresholds, under which customer due diligence is not required? In what circumstances are reduced/simplified due diligence arrangements available? In what circumstances are enhanced customer due diligence measures required? 4 USA No - basic DD is required for all accounts/customers regardless of transaction amounts. At a minimum, a FI must obtain the following identifying information from each customer before opening an account: a) name b) address c) date of birth (for individuals) d) identification number (e.g. Taxpayer Identification Number (TIN) or passport number) The USA PATRIOT Act requires FIs to increase their due diligence standards when dealing with foreign private banking & correspondent accounts. In addition, customers classified as high risk according to the FI’s customer risk rating methodology would be subject to EDD. S/No Country Are there minimum transaction thresholds, under which customer due diligence is not required? In what circumstances are reduced/simplified due diligence arrangements available? In what circumstances are enhanced customer due diligence measures required? 5 UK Yes - one off transactions below EUR15,000 Simplified DD may be applied to: a) certain other regulated firms in the financial sector; b) companies listed on a regulated market; c) beneficial owners of pooled accounts held by notaries or independent legal professionals; d) UK public authorities; e) community institutions; f) certain life assurance and eMoney products; g) certain pension funds; h) certain low risk products; and i) child trust funds and junior ISAs. A firm must apply, on a risksensitive basis, enhanced CDD measures and enhanced ongoing monitoring in any situation which by its nature can present a higher risk of money laundering or terrorist financing. Three specific types of relationships where EDD measures must be applied are: a) where the customer has not been physically present for identification purposes; or b) in respect of a correspondent banking relationship with Respondents from non- European Economic Area ('EEA') states; or c) in respect of a business relationship or an occasional transaction with a PEP. CHALLENGES OF APPLYING CDD MEASURES IN AFRICA Poor public records; Lack of adequate KYC/CDD documentary evidence; Inability of FIs to effectively identify customers; Difficulty in conducting assessment required for risk rating (Risk Based Approach); Striking a balance between AML/CFT requirements and Financial inclusion; Poor understanding of CDD Principles by non-bank stakeholders, i.e. Mobile Money Agents; Difficulty in knowing when to transit from CDD to EDD; Knowing which CDD framework to adopt GENERAL CHALLENGES OF IMPLEMENTING CDD (CONT’D) Technological challenges and lack of harmonized data bank compatibility with law Corrupt Tendencies of FI customers document counterfeiting Lack of Cooperation between Regulators and FI Maintaining common KYC standards in overseas offices Conflict of interest and the need to increase rural banking Stringent CDD could discourage small businesses and disadvantageous persons e.g. minors and the blind. Often receiving opinions differing in their interpretation of the law/regulation. GENERAL CHALLENGES OF IMPLEMENTING CDD (CONT’D) Incompatibility of the FATF recommendations with local requirements. Legal restrictions that impede effective consolidated KYC risk management processes should be removed. The difficulty with obtaining information on beneficial ownership Constraints in International Cooperation and law enforcement The craze for deposit liability and unrealistic targets Competition and lack of cooperation among financial institutions The problem of similarity in a names in the name checking list. Staff fidelity is a major issue during customer on boarding. As staff may introduce criminals and waive KYC requirements WHAT WORKS BEST FOR AFRICA The need to strike a balance between growing Africa’s economy and protecting the financial system from money launderers and terrorism financiers. Financial Inclusion has been identified as a key tool to growing Africa’s economy. At the same time, African Financial Institutions need to ensure adequate measures are in place to mitigate AML/CTF Risks. There isn’t a “One size fits all” CDD Framework for African FIs. However the following should be considered: African FIs need to contribute effectively to Financial Inclusion by way of adopting a system of tiering for customer on-boarding. Those jurisdictions with robust AML/CTF Frameworks can afford to adopt a tiering structure which allows majority of the un-banked to be onboarding with little or no documentation. However, their processes should be robust enough to adapt to change in customer profiles. The African Development Bank (AFDB) noted that CDD challenges in Africa are such that only 22% of African households receive mail at home and a large share of them don’t have identity documents. This calls for clear regulatory frameworks for technology-based solutions and flexibility in the application of CDD requirements. Those jurisdictions with weak AML/CTF frameworks will need to be less flexible in the area of on-boarding. Customers can be brought in but with stricter transaction restrictions. What should obtain is threshold based application for CDD measures in all jurisdictions. Also, regulation should clearly state those circumstances where simplified or reduced CDD measures are allowed. Lastly, same regulations/guidelines should clearly state circumstances where enhanced due diligence is required as well. CONCLUSION Choosing the right CDD framework for African Financial Institutions to adopt, as earlier stated is not a “one size fits all” option. FIs across the Continent would need to take into cognisance that FATF recommendations on CDD clearly requires them to have CDD measures in place. However, they should assess their AML/CTF Risks from a country as well as institutional level, before deciding on what CDD framework to adopt.