What to do in case of an AML audit by the regulator?

What should you do during an AML inspection? You can read the answers to the most frequently asked questions about the regulator's audit of your office in this blog post.
What to do in case of an AML audit compliance?

What should you do when the Financial Supervision Office comes by? Anke Feenstra (attorney at Hertoghs Lawyers) and Danny Mourits (Wwft specialist at ComplianceWise) give advice in the recurring AML webinar “The supervisor is coming by, what now?”. Below are the answers to the most frequently asked questions about being audited by the regulator.

What is the reason of the supervisor visiting?
Does the Financial Supervision Agency come in for a coffee? In most cases it is to check compliance with the AML, but usually also in response to a signal about money laundering. It may also involve terrorism financing, but that is less common. It is estimated that EUR 60 billion is laundered annually.

Who is checked on AML compliance?
Supervisors’ checks for compliance with the AML are not only for banks. More and more branches are covered by the AML.
The European directives on the basis of which the regulator checks are intended to prevent criminal activities. Every few years a new directive appears, for example in 2018 came the 5th AML directive. These guidelines cover more and more industries. Not only banks, but also independent financial organizations such as accounting and administration firms.

Can you hide behind your duty of nondisclosure during compliance audits?
No, because you have a legal duty to inform the regulator. Read more about this on our AML knowledge base (in Dutch).

What does the regulator do?
The regulator is a relatively new and a relatively small organization. In their annual plan you can see that they check about 10,000 small and medium-sized entrepreneurs for compliance with anti-money laundering rules. Not only do they audit, but their goal is to educate. Unlike the Tax Office, the compliance supervisory (in The Netherlands: BFT) is initially more focused on giving advice; you’re more likely to get a warning than a fine. Although the FTT does have similar rights as the Tax Office and can also impose fines. But it is nowhere near comparable to a raid by the Dutch Fiscal Intelligence and Investigation Service.

"Although the Dutch Bureau of Financial Supervision (BFT) does have similar rights to the tax authorities and can also impose fines, it is far from comparable to a raid by the Dutch Fiscal Intelligence and Investigation Service."

What kind of investigations does the supervisor do?
These can be regular (periodic) or risk-oriented (thematic) investigations. An example of a thematic investigation recently took place in the agricultural sector where cash payments are still common. Then you see the supervisor sending questionnaires to industry peers. Do they get any signals from these? Then they can proceed to a risk investigation. The regulator also acts on signals from the media.

What do you need to do to be AML compliant?
Start in time to get AML under control in your organization. Do not do this last minute. During the audit, check how the office is handling the AML, at a later stage go deeper into how everything is documented. You are making it easier on yourself to have the risk policy and filing in order right away, because sometimes there is very little time in between.

How detailed does the supervisor go?
Human error can happen. You are not punishable if you have not sorted out every cash euro and documented it. But there must be a clear policy: how do you handle cash, how do you select risks and how do you deal with them?

Learn more about risk policies and SIRA? Sign up for Danny Mourits’ training webinars.

How high are AML fines?
The Money Laundering and Terrorist Financing (AML) Prevention Act provides limits and direction in determining the amount of a fine. For each violation, the law and regulations set basic amounts for a fine. The supervisor has the authority to moderate these basic amounts.

The percentage of turnover is guiding in AML fines. If the supervised person demonstrates that he cannot bear the fine, a percentage of assets applies as a guideline.

You can be fined based on mandatory reporting categories and/or customer due diligence categories. If there is a concurrence of a mandatory reporting violation with a client due diligence violation, the former is taken as the starting point in determining the fine level, which may be increased due to the client due diligence violation(s).

Fines and violation in duty to report
A – category 1 light (fine: 1% of turnover)
Not high-risk transaction(s), but sufficient reason to report. The supervised person made serious AML consideration, but failed to report on unjustified grounds. In addition, for example (in the case of a business relationship) an indication for a minor violation may be that the total amount of the transaction(s) is < €15,000.

B – category 2 average (fine: 2% of turnover)
Starting point: failure to comply with the duty to report is serious and culpable. The supervised party could have known that there was sufficient reason to report, but the supervised party did not report.

C – category 3 high (fine: 3% of turnover)
Risky transaction(s) improperly not reported. Gross negligence. The supervised person should have known. An indication may be that the total amount of the transaction is > €100,000. High risk may also exist due to the number of unreported unusual transactions.

D – category 4 very high (fine: 4% of turnover)
Very high-risk transaction(s) that were wrongly left unreported. The transaction(s) clearly required attention but the supervised did not give this attention. The supervised person knew or should have known. An indication may be that the total amount of the transaction is > €500,000. Very high risk may also be the number of unreported unusual transactions.

E – category 5 maximum (fine: 5% of turnover)
Very culpable or very serious due to specific circumstances. Maximum risk may also arise from the number of unreported unusual transactions.

Example serious violation client due diligence
Failure to disclose the beneficial owner (UBO). Example very serious violation: the origin of money has not been investigated or enhanced client due diligence has not been conducted, while there is a high risk of money laundering.

Example violation client screening of medium nature
The identity of a client natural person has not been verified, or the details of this person have not been kept up to date. These violations by themselves are in principle only fined if at least four files have been investigated. For this reason, it is important to have a representative sample of client files.

Example of minor violation client screening
A supervised party does have the correct identification data, but stores these of all clients in an unstructured manner in one file, as a result of which they are not recorded in a retrievable manner. No fine is imposed, but a warning or indication is given, for example. The standard category can be deviated from in case of increased or decreased seriousness or culpability.

> Prevent violations of mandatory reporting and client due diligence? Start your free trial today. With AML compliance software from Grub, you avoid fines.

What should you do if the regulator is on your doorstep?
Ask if the supervisor will identify themselves. Check that they really are officials of the supervisor. You also have the right to ask what the reason and basis is. Is it in response to a report? Or a periodic check? Receive them in a consulting room without files and clients and go into the conversation calmly. Engage the person responsible for setting up the AML-risk policy. It’s a good idea to go into the conversation in pairs anyway; two hear more than one. Also, take notes. Find out the legal basis, asking about the legal basis is free. Also, if the Dutch Fiscal Intelligence and Investigation Service (FIOD) drops by, it does not always have to be because of a criminal investigation, it can also be an intelligence investigation. The i in the abbreviation of FIOD.

Should I hire a lawyer if the supervisor visits?
It is not a bad idea to seek assistance from a lawyer. They can often make slightly more suggestions and assess the risks at that time. Do you have questions about this? Please contact Anke Feenstra or one of the other Compliance and AML specialists of Hertoghs Advocaten.