By Anke Feenstra The question “How far should you go?” is often asked, but the answer is not easy to give. In fact, the point is that it can be explained afterwards that under given circumstances one went far enough. It is of course possible to outline a framework and that framework naturally differs per office or per service provider. The Wwft is risk-based legislation, so it is especially important to identify the risks.
The scope of the Wwft
For a proper understanding of that framework, it may be useful to first outline the legal obligations of the Wwft. The definition in Article 1a (4) (b) of the Wwft shows that almost every accountant or accounting consultant falls under the scope of the Wwft. An appeal to the so-called process exemption is not possible for this category of services, so it is necessary to have the obligations under the Wwft properly in order.
With the introduction of the fourth anti-money laundering directive in July 2018, more attention has been paid to setting up a policy and procedures in advance to better implement the obligations under the Wwft. It is necessary to take a good look at the client portfolio and to investigate in advance and to establish which possible risks may arise with current and future clients. In doing so, you will have to consider which risk factors may arise with the type of customer, the product, the transaction and which delivery channels or geographical countries play a role. Is there a lot of cash involved in the industries for which a service provider works? Is business done with countries classified as high-risk countries?
Client due diligence, how
In addition, it is important to record how the customer due diligence should take place and which factors are reason for a new examination or within which period a new examination is indicated. Which sources are consulted? A customer due diligence is not only performed when the business relationship is entered into, but which transactions or changes warrant a new examination?
A customer due diligence can generally be summarized in a number of starting points:
- Who is your client?
- What does the client want from you? Is it obvious that he is asking this of you?
- Why does the client want to use your services?
- Stay alert, even if you have known the client for years!
For a natural person, identification with a valid proof of identity will suffice. A legal person can be identified on the basis of an extract from the Chamber of Commerce or a notarial or legal deed or statement. In addition, the UBO (ultimate beneficial owner) must also be identified. In addition to ownership of (more than) 25 percent, control can also lead to a UBO qualification. To this end, the shareholders’ agreements or voting agreements will have to be investigated. If no one meets the criteria for ownership or control, a pseudo UBO will have to be identified. That is the person with a managerial position.
Need or no need for further research
Whether it is necessary to conduct further investigation, or less, depends on the qualification of the customer due diligence; simplified, regular or sharpened. A simplified investigation can take place if there is a low risk of money laundering or terrorist financing. Previously, the law stipulated that a simplified investigation could take place at, for example, listed companies. This specification has been removed from the law, because from now on a risk assessment must first be made for each business relationship or transaction. In case of an enhanced customer due diligence, it is necessary that further research is carried out. This is the case with a high risk of money laundering or if the customer is located or lives in a high-risk area. In such a case, a further investigation may need to be carried out into the authenticity and reliability of the submitted documentation. The definition of PEP (politicaly exposed person) also plays a role in this context. If there is a PEP, and that is more often than you would initially suspect (see Article 2 of the 2018 Wwft Implementation Decree), stricter checks will also apply.
In short, it is impossible to describe really concretely how far you have to go without further information. Professional organizations and supervisors have often outlined frameworks showing which documentation is sufficient or after which period a new customer due diligence is required. It is important to check this in advance, to apply it to your own client portfolio and to record it in risk policy. And then it is important to actually implement that policy.
The accountant is not an investigating officer, so there will always be situations in which it later turns out that money laundering or even terrorist financing is involved. It is then important for the accountant that he can explain that he has gone far enough under the given circumstances.
Looking at Grub for Accountants: because Grub is a very thorough tool in terms of policy design, procedures, client acceptance, continuous monitoring, as well as recording (and therefore explanation) of both objective and subjective decisions, you could argue that if you the question ‘how far should you go’ has become superfluous. I think a comforting thought for many accountants.