Due diligence on business relationships and occasional transactions and detection of atypical facts and transactions: Comments and recommendations by the NBB
The obligation to exercise due diligence on business relationships and occasional transactions is defined in Article 35, § 1, of the Anti-Money Laundering Law. It comprises two aspects:
- on the one hand, the obligation to carefully examine all transactions carried out on an occasional basis or over the course of the business relationship, by a customer identified pursuant to Article 21, § 1, of the Law; this obligation includes paying attention to intriguing facts related to the customer which, if they are suspect, should be reported to CTIF-CFI (see point 1 below), and
- on the other hand, in the case of business relationships – on which due diligence must be exercised on an ongoing basis - the obligation to update the data or information collected as part of the identification and identity verification obligation and the obligation to identify the customer’s characteristics and the purpose and nature of the business relationship or the occasional transaction (see point 2 below).
In implementing the obligation to exercise due diligence on business relationships and occasional transactions, financial institutions should adopt a risk-based approach: the level of due diligence to be exercised by financial institutions must be proportionate to the level of risk identified in the individual risk assessment referred to in Article 19, § 2, first paragraph, of the Anti-Money Laundering Law, taking into account, where appropriate, any updates of this assessment (see the page "Individual risk assessment"). In determining the level of due diligence, account should also be taken, where appropriate, of the high level of risk associated with situations that inherently involve such a level of risk (see the page "Special cases of enhanced due diligence").
1. Detection of atypical facts and transactions
1.1. General principles
A first implication of the due diligence obligation is that financial institutions must conduct an adequate and risk-proportionate examination of the transactions carried out over the course of the business relationship, the occasional transactions and the facts surrounding the business relationship or transaction, to determine whether these transactions or facts should be reported to the AMLCO.
Attention is drawn to the fact that this obligation also concerns transactions carried out in relation to customers established in other EEA Member States under the freedom to provide services, i.e. without the intervention of a subsidiary, a branch, an agent or, in the case of electronic money institutions, a distributor established in that other Member State.
At that stage of the process, there is yet no need to determine whether the transaction or the fact concerned is suspected of being linked to ML/FT and must therefore be reported to CTIF-CFI, but only to identify the transactions and facts the characteristics of which are such that it is necessary to submit them to the AMLCO for further examination, in order to decide whether or not those transactions or facts are suspected to be related to ML/FT (see the page "Analysis of atypical facts and transactions").
1.1.1. Atypical transactions
Occasional transactions or transactions carried out in the context of a business relationship should be considered as "atypical" if they do not appear to be consistent with the customer's characteristics and with the object and nature of the business relationship or the proposed transaction.
Atypical transactions include in particular transactions carried out in the context of a business relationship or on an occasional basis that appear complex or that are unusually large, as well as transactions conducted in an unusual pattern or that do not have an apparent economic or lawful purpose.
Examples of transactions which are atypical in light of the customer profile include:
- transactions involving amounts that cannot be justified by known sources of income of the customer,
- cash transactions involving large amounts that apparently cannot be explained by the customer's professional activity or his known assets,
- significant transactions in relation with high-risk, low-tax or no-tax countries with which the customer has not had a legitimate link that the financial institution was aware of,
- the use of shell companies, the actual activity of which is not consistent with the corporate purpose or which have their head office in a high-risk third country, a no-tax or low-tax State, or a State or territory that has not concluded with Belgium a tax convention including access to banking information;
- transactions and structures similar to those referred to in the two previous points which appear to have links with countries which, although not referred to in Article 38 of the Law, are identified by the financial institution as presenting similar risks, taking into account other credible sources of information, including the EU list of non-cooperative tax jurisdictions;
- the execution of financial transactions by companies whose Articles of Association have been amended frequently without this being justified by the economic situation of the company;
- recourse to natural persons acting only seemingly on behalf of companies or individuals involved in financial transactions;
- the use of intermediate accounts or accounts of non-financial professionals as payable-through accounts, or the use of complex corporate structures and legal and financial arrangements that make the management and administration mechanisms opaque, thereby complicating the identification of the beneficial owners and of the links between the origin and the destination of the funds;
- international financial transactions with no apparent legal or economic purpose that are usually limited to simple transits of funds from or to destinations abroad, especially when carried out with high-risk third countries;
It should also be noted that, in accordance with Articles 9 and 13 of the European Regulation on Transfers of Funds, and without prejudice to the other measures required by this European Regulation, where payment service providers of the beneficiaries of such transfers or payment service providers who act as intermediaries in carrying out these transfers find that the required information concerning the payer or the beneficiary is missing or incomplete (see the page "Transfers of funds"), they should examine whether these deficiencies are such as to give rise to suspicion of ML/FT. Transfers of funds received which are not accompanied by the information required should therefore be treated as atypical transactions.
The detection of atypical transactions and facts is also the first step in the process of enabling financial institutions to collaborate effectively in the fight against terrorist financing, whose peculiarities do not allow to draw up an exhaustive and perennial list of transactions and behaviours requiring reporting. In these circumstances, in order to be informed as soon as possible of the typologies with regard to terrorist financing and to be able to take them into account, financial institutions should refer in particular to the documentation distributed by the competent national, European and international administrations or authorities, as well as to the media coverage on persons and their resources to finance terrorist actions. They should also refer to the national and European assets freeze measures taken to combat terrorist financing.
In particular, the NBB invites financial institutions to refer to CTIF-CFI’s activity reports on the financing of terrorism, and to comply with the specific instructions and recommendations that may be addressed to them on the subject by the competent national authorities.
From the currently available public information it appears that the detection of atypical transactions which may be linked to the financing of terrorism should be aimed in particular at identifying certain "scenarios" associated with known typologies in this field, such as, for example:
- the repeated remittance of small amounts of money between individuals without apparent links (family links, economic links) between them,
- a fund remittance destination which appears to be atypical in light of the profile of the business relationship or the characteristics and habits of the customer,
- donations to non-profit associations followed by remittances of larger amounts of funds, especially to foreign countries,
- cross flows from or to associations,
- the use of electronic money instruments, in particular anonymous instruments and virtual currencies, especially when the latter are converted into legal tender money,
- the opening of a bank account, promptly followed by withdrawals of cash abroad in sensitive areas or in transit countries,
- the use of crowdfunding platforms,
- the use of consumer credit, especially when followed by cash withdrawals of all or a significant portion of the funds loaned, and/or transfers abroad,
- successive removals of a credit or debit card limit with a view to withdrawing cash,
- the total withdrawal (or almost total withdrawal, leaving a small balance) of deposits on accounts or life insurance contracts,
- reactivation of an account or bank card without a credible explanation,
- the payment of ransoms following an abduction or theft of personal data.
All these criteria remain subjective, but their combination makes the information more relevant.
In the light of the growing number of cases of proselytism with a view to recruiting terrorists in prison, financial institutions are also encouraged to closely examine business relationships with prisoners.
In accordance with the provisions of European law imposing restrictive measures against certain countries with a view to combating the proliferation of weapons of mass destruction and its financing, the due diligence measures with regard to customers, transactions and business relationships that are required to combat ML/FT must also be implemented to combat the financing of the proliferation of weapons of mass destruction. Therefore, transactions that could be related to the proliferation of weapons of mass destruction must also be considered atypical because of their intrinsic characteristics or those of persons acting as customers , agents, beneficial owners or counterparties in these transactions, in particular because of their links with the countries concerned or with persons or entities known to be involved in the proliferation of weapons of mass destruction.
In order to effectively detect these "atypical" transactions, financial institutions must be able to compare the customer’s transactions with the information collected on his identity and characteristics, on the identity of the beneficial owner(s), on the object and nature of the business relationship and the transaction and, if applicable, the origin of the funds.
1.1.2. Atypical facts
The atypical facts that must be reported to the AMLCO are all facts that are mainly related to the unusual behaviour of the customer in his relationships with staff members or agents of the financial institution and which may constitute indications of ML/FT.
This does not include the actual execution of a particular transaction, but more in general facts that involve the customer or persons interacting with him.
By way of example, unusual behaviour of the customer may include an abnormal and inexplicable lack of interest for the financial conditions proposed, his ignorance of certain essential elements of the transaction (such as the amount), the execution of a transaction ( for example, the execution of an electronic funds transfer or the receipt of the amount of such a transfer in cash) under the physical supervision of a third party, etc.
It should be stressed that these atypical facts must be reported to the AMLCO regardless of whether the transaction desired by the customer must or must not be considered as atypical in itself and independently of whether the transaction is actually carried out or not. In this respect, it should be noted that attempted transactions may constitute unusual facts which must be brought to the attention of the AMLCO, in particular when the customer renounces in extremis, unexpectedly and without credible explanation, to the execution of a transaction as soon as he is informed of the fact that such execution implies that he provides information as to his identity or that of the beneficial owners, that he discloses the purpose of the transaction or the origin of the funds involved, etc.
Atypical facts that must be reported to the AMLCO may also result from the cumulative behaviour of several customers. This is the case, for example, if a staff member or agent of the financial institution finds that different persons pretending to act independently of one another request, over a short period of time, the execution of similar occasional transactions which individually do not appear to be atypical, but are surrounded by circumstances such that these transactions may be considered to be connected, etc.
It should also be noted that Articles 33, § 1, second paragraph, 34, § 3, second paragraph and 35, § 2, second paragraph of the Anti-Money Laundering Law provide that if financial institutions cannot fulfil their due diligence obligations, they must examine, in accordance with Article 46 of the Law, whether the causes of this inability are such as to raise ML/FT suspicions and whether CTIF-CFI should be notified. These situations must also be detected systematically and must be treated in the same manner as atypical facts.
The receipt of information from credible external sources that may have a negative influence on the appreciation of the business relationship with a customer should also be treated as an atypical fact, for instance in case of occurrence of new events that may affect the customer's risk profile. This may be the case, in particular, where the financial institution receives an indictment from the judicial authorities or a request for information from CTIF-CFI concerning the business relationship with a customer or the transactions carried out by the latter. The NBB considers that the receipt of an indictment from a public prosecutor's office concerning a customer of the financial institution (or another intervention by the judicial and police authorities), constitutes an atypical fact which must lead the AMLCO to update the individual assessment of the risks associated with this customer and to re-examine, with enhanced due diligence, the transactions that have been carried out by him. However, it is necessary to proceed with caution, in order to avoid that the customer is explicitly or implicitly informed that a money laundering or terrorist financing analysis is ongoing or likely to be conducted, which would constitute a violation of the prohibition of disclosure set out in Article 55 of the Anti-Money Laundering Law, or in the case of indictments from judicial authorities, in order to avoid a violation of the secrecy obligation defined in Article 46quater, § 3, second paragraph, of the Code of Criminal Procedure. This may also be the case where the media reveal facts that may have a negative impact on the assessment of the financial institution's relationship with the customer concerned.
Likewise, the Bank considers that, in addition to being subject to the asset freezing obligations, where a financial institution finds that a customer, agent or beneficial owner of a customer is included in the Belgian list or a European list of persons subject to these measures, it should consider that this information affects the customer’s risk profile. In this case, it is necessary to update the individual assessment of the risks associated with this customer and to re-examine, with enhanced due diligence, the transactions that have been carried out by him.
1.1.3. Operational obligations related to the detection of atypical facts and transactions
In order to effectively detect atypical transactions and facts, and in accordance with Articles 16 and 17 of the Anti-Money Laundering Regulation of the NBB, financial institutions must:
(i) define the indicators/criteria to identify atypical facts and transactions;
(ii) put in place a system for detecting atypical facts and transactions, including ex ante and ex post controls based on these indicators/criteria;
(iii) develop a procedure for reporting atypical facts and transactions to the AMLCO.
1.2. Predefined indicators/criteria to identify atypical facts and transactions
Each financial institution should determine itself, on the basis of its overall risk assessment and of all relevant information, including the ML/FT typologies published by CTIF-CFI, which indicators/criteria lead to the facts or transactions being identified as atypical (Article 16, 1° of the NBB Regulation).
These indicators must be formalised in the internal procedure relating to the due diligence with respect to business relationships and occasional transactions (Article 16, 2° of the NBB Regulation).
The NBB nevertheless considers that this list of criteria should always at least include criteria relating to:
- the objective characteristics of the transactions (e.g. complex or unusually large transactions);
- customer characteristics (e.g. cash transactions involving large amounts that cannot be explained by the customer's professional activity);
- the specific circumstances surrounding the transaction (e.g. an electronic funds transfer where the cash amount of the transfer seems to be collected under the supervision of third parties; e.g. new information from credible external sources).
The NBB considers that if a financial institution cannot demonstrate that it has developed adequate indicators to assess the atypical nature of facts and transactions of customers, it seriously fails to comply with the due diligence obligation.
1.3. System for detecting atypical facts and transactions
In order to comply with the obligation to carefully examine the transactions carried out in order to identify the atypical character of some of them, financial institutions should set up a system for monitoring and analysing occasional transactions and business relationships. This system should be based on two types of controls:
- ex ante control performed by the persons who, within the financial institution, are in direct contact with the customers and their transactions; and
- ex post control of all transactions which have been carried out through the financial institution. In most cases, this control takes the form of a supplementary automated monitoring system, which is without prejudice to the controls that may be performed in real time, in particular in the context of the application of the European Regulation on Transfers of Funds).
1.3.1. Ex ante control by persons who are in direct contact with customers or who are instructed with carrying out their transactions
Where, in order to establish business relationships or carry out transactions on behalf of customers, the financial institution interacts with these customers through its staff, agents or, in the case of electronic money institutions, distributors who are in direct contact with these customers or who are instructed with carrying out their transactions, the detection of atypical transactions may generally be entrusted in the first place to these persons. They must therefore be instructed, through the internal procedures of the financial institution, to contribute to exercising due diligence in order to detect atypical facts and transactions and to report them to the AMLCO as soon as they have knowledge of such facts or transactions.
In order for these persons to be able to fulfil their duties fully and effectively, the list of indicators/criteria referred to in point 1.2. above should be made available to them. In addition, the AMLCO must ensure that these persons receive (theoretical and practical) training about these indicators, to ensure that they have a proper knowledge of them and that they can easily apply them.
If the financial institution uses agents or, in the case of electronic money institutions, distributors, it must verify compliance with the relevant instructions through its internal control system.
For more information on these topics, see the pages “Policies, procedures, processes and internal control measures” and “Training and education of staff”.
1.3.2. Ex post control conducted by a monitoring system
In accordance with Article 17 of the Anti-Money Laundering Regulation of the NBB,, financial institutions should set up a monitoring system to detect atypical transactions that might not have been detected by the persons who are in direct contact with customers or who are instructed with carrying out their transactions. It should be noted that, in certain circumstances, for example where it is possible for the customer to initiate transactions directly via the internet without any involvement of staff members, agents or distributors of the financial institution, atypical transactions can only be detected by performing an ex post control. Therefore it is essential to ensure the effectiveness of this control.
This monitoring system should:
- cover all customers’ accounts and contracts and all transactions which have been carried out though the financial institution;
- be based on precise and relevant criteria taking particular account of the characteristics of the institution’s customers, the products, services or transactions that it offers, the countries or geographical areas concerned and the distribution channels that it uses, and be sufficiently discriminating to make it possible to detect atypical transactions effectively;
- allow these transactions to be detected rapidly;
- be automated (unless the financial institution can demonstrate that the nature, number and volume of transactions to be monitored do not require it (see below);
- be subject to an initial validation procedure and a regular re-examination of its relevance with a view to adapting it, if necessary, in accordance with the development of the customer base targeted by the financial institution, the products, services or transactions that it offers, the countries or geographical areas concerned and the distribution channels that it uses.
As regards the parameters referred to in point 2 above, the criteria used should also take into account the specific ML/FT risk associated with transactions carried out by customers whose acceptance is subjected to stricter rules under the customer acceptance policy. The NBB draws attention to the fact that these parameters should exclusively aim at ensuring an efficient and discriminating detection of atypical transactions and that they may therefore not be essentially determined on the basis of the resources that the financial institution is prepared, in abstracto, to allocate to the analysis of reportings generated by the system.
The NBB therefore recommends that the parameters be based on the risk classification and the profile of the business relationships and that it be adapted to the transactions carried out by the institution (alert thresholds based on the elements of the business relationship; taking into account all transactions carried out in relation with accounts or contracts). The parameters must also be regularly updated, especially in light of the risk classification. They may not be based solely on an amount of transactions without taking into account the classification of customers or the knowledge of the business relationship.
Pursuant to Article 17, second paragraph, 4° of the Anti-Money Laundering Regulation of the NBB, the system for ex post detection of atypical transactions must not be automated if the nature, number and volume of transactions to be monitored do not require it. The NBB considers that this derogation should be applied with caution, and that the institution should demonstrate - both theoretically, ab initio, and later, on the basis of the experience gained from implementing the non-automated alternative system for ex post detection - that this derogation effectively allows efficient and discriminating ex post detection of atypical transactions that have not been detected ex ante. The NBB considers that the opinions of the senior manager and the AMLCO should be considered as decisive in the decision to adopt and maintain this alternative system. The NBB also expects the above demonstration to be in writing and to be provided to it immediately at its first request.
As the system for ex post detection of atypical transactions plays a crucial role in the ability of the financial institution to subject atypical transactions to the analysis required to determine whether they are suspect and, as a consequence, whether they must be reported to CTIF-CFI, the NBB expects financial institutions to take particular care in periodically monitoring the effectiveness of the system used, regardless of whether it is an automated system or a non-automated alternative system, and to address the deficiencies identified in this regard as soon as possible.
1.4. Procedure for reporting to the AMLCO
In all cases where an atypical fact or transaction is detected, whether in the context of an ex ante control or an ex post control, it is essential that it is reported as quickly as possible to the AMLCO, so that the latter can fulfil, before the deadline imposed by law, the duties assigned to him by Article 45 of the Anti-Money Laundering Law as regards the analysis of atypical facts or transactions or the reporting to CTIF-CFI. The mechanism for reporting to the AMLCO is ultimately aimed at allowing the financial institution to comply with its obligations regarding the reporting of suspicions to CTIF-CFI. However, it is recalled that, in principle, suspicion reports must be sent to CTIF-CFI before the transactions concerned are executed. Only when this is not possible can the report be sent to CTIF-CFI immediately after the execution of the transaction. Therefore the procedure for reporting atypical facts and transactions to the AMLCO must be highly efficient.
For this reason, the NBB expects financial institutions to lay down in their procedure that reportings must:
- be sent as soon as possible to the AMLCO;
- include the reasons why the transaction concerned is considered atypical; and
- be documented to the extent necessary to allow a pre-analysis and analysis to be conducted by the AMLCO.
As mentioned above, Articles 33, § 1, second paragraph, 34, § 3, second paragraph and 35, § 2, second paragraph of the Anti-Money Laundering Law provide that where financial institutions cannot fulfil their due diligence obligations, they must examine, in accordance with Article 46 of the Law, whether the causes of this inability are such as to raise ML/FT suspicions and whether CTIF-CFI should be notified. In order to satisfy this legal obligation, the procedure for reporting to the AMLCO must also be applied in these cases.
These reportings may be sent internally by email or via another channel. In urgent cases, atypical facts and transactions may be reported by phone. Such oral reportings must nevertheless be systematically confirmed, as soon as possible, in writing, and if necessary by email.
The NBB expects financial institutions to set up a system for archiving the various reports submitted in order to monitor the effectiveness and relevance of the reporting process. The internal procedures referred to in Article 8 of the Anti-Money Laundering Law must describe the practical procedures for submitting reports to the AMLCO, by drawing a distinction, where appropriate, according to the type of control exercised (ex ante or ex post).
The NBB also expects the staff training required by the Law (see the page "Training and education of staff") to ensure that persons who, in the performance of their duties, may have to submit such reports, are fully aware of this procedure.
For the steps that follow the transmission of a reporting to the AMLCO, see the page "Analysis of atypical transactions", which describes the procedure to be followed by the AMLCO for conducting the pre-analysis and subsequently, if applicable, the analysis.
1.5. Protection of persons who internally report facts or transactions they consider atypical
As mentioned above, the mechanisms for the detection of atypical facts and transactions and of cases in which the financial institution cannot fulfil its due diligence obligations are based inter alia on the attention and critical skills of the persons who are in contact with the customers and their transactions. In order for these mechanisms to be efficient, it is important that these persons do not feel fear of being penalised within the financial institution because they have reported such a transaction or situation to the AMLCO. They must also be protected from any threats, retaliatory measures or hostile action external to the financial institution, in particular where such threats or action are perpetrated by the customer concerned or by persons related to him (see the page “Protection of reporting persons”).
According to Article 36 of the Anti-Money Laundering Law, financial institutions must take reasonable measures to ensure that their staff members, agents and, in case of electronic money institutions, distributors who report a transaction they consider atypical, are protected from being exposed to any threats or hostile action, including, within the institution, from any adverse or discriminatory employment actions.
Specifically, the NBB recommends that financial institutions put in place measures to ensure that the identity of persons who have reported atypical facts and transactions and of persons who have taken part in the collection and evaluation of related information is known within the financial institution and, a fortiori, outside the financial institution, only by persons for whom such information is necessary or useful for the performance of their duties in the field of AML/CFT.
2. Updating of the data or information and of the individual risk assessment
2.1. Updating of the data or information
A second implication of the due diligence obligation is that financial institutions must keep up to date the data or information they hold, in the context of their business relationship, pursuant to their obligation to identify and verify the identity of the customer and their obligation to identify the characteristics of the customer as well as the purpose and nature of the business relationship.
This updating obligation is an important prerequisite for detecting atypical transactions: if the financial institution cannot rely on current information, the ongoing due diligence measures with respect to the transactions carried out over the course of a business relationship may not allow to identify the atypical character of some of them or, conversely, transactions could unnecessarily be treated as atypical whereas they would have been considered as not requiring special attention if the information held by the institution had been updated.
In principle, this updating obligation applies as soon as the relevant elements that are taken into account in the context of the individual risk assessment are modified. However, in complying with this obligation, a risk-based approach should be adopted. It follows that the measures taken by the financial institutions to fulfil this obligation should be proportional to the risk identified in the context of the individual risk assessment referred to in Article 19, § 2, first paragraph of the Anti-Money Laundering Law. However, it should be noted that the updating of data and information is of particular importance where elements relevant to the individual risk assessment appear to be no longer current. The financial institutions must also take into account this potentially higher level of ML/FT risk presented by a given situation in determining the updating measures to be taken.
Pursuant to Article 35, § 1, second paragraph of the Anti-Money Laundering Law, the update must cover all the data collected in the context of the initial identification, and not only part of this data. Similarly, the verification of the updated data may not be less comprehensive than that of the initial identification data.
The obligation of financial institutions to update the information they hold about their customers includes the obligation to implement measures to identify the persons among their customers whose individual situation has changed to such an extent that they fall within the scope of Articles 37 to 41 of the Anti-Money Laundering Law, which define cases in which special enhanced due diligence measures are required by law (see the page "Special cases of enhanced due diligence"). This is particularly the case for customers who have become politically exposed persons (PEPs), family members of PEPs or persons who are known to be closely associated with a PEP. See the page "Politically exposed persons" for more information on the enhanced due diligence measures required in case of identification of a PEP..
In addition to the requirements set out in Article 35, § 1, 2 °, of the Anti-Money Laundering Law, financial institutions may consider it useful to periodically re-examine the information they hold to ensure that it is up to date. Such a periodic re-examination may be particularly indicated in cases of high risk. It should be noted, however, that this is a complementary precautionary measure which does not exempt the financial institution from updating the information it holds before the date of the next re-examination planned according to the internal procedures, if it knows or cannot be unaware that “data relevant for the individual risk assessment referred to in Article 19 is modified”.
2.2. Updating of the individual risk assessment
As already mentioned, Article 35, § 1, fourth paragraph of the Anti-Money Laundering Law provides that updating the information collected over the course of a business relationship may imply also updating the individual risk assessment and, where appropriate, adapting the extent or modalities of the ongoing due diligence measures implemented.
For example, significant changes in the management or beneficial ownership of customer companies, the activities or the socio-professional category of the customer, the establishment or severance of links with high-risk or low-tax or no-tax countries, the recent exercise of prominent public functions or, conversely, the termination since more than 12 months of the exercise of such functions, the extension of the use by the customer, within the framework of an existing business relationship, of products and services deemed to present higher risks according to the overall risk assessment or, conversely, the cessation of the use of these services, etc., can have a significant influence on the customer’s risk profile and, consequently, on the nature and intensity of the due diligence measures to be implemented in respect of the transactions carried out.
It should be noted, however, that the updating of the individual risk assessment may be necessary due to "atypical facts" such as the receipt of information from credible external sources. This is the case when new events have occurred that may affect the customer's risk profile. This may be the case, in particular, where the financial institution receives an indictment from the judicial authorities or a request for information from CTIF-CFI concerning the business relationship with a customer or the transactions carried out by the latter (see point 1.1. above).
It is also recalled that under Article 22 of the Anti-Money Laundering Regulation of the NBB, a financial institution which has reported suspicions pursuant to Article 47 of the Anti-Money Laundering Law, should carry out an individual re-assessment of ML/FT risks, in accordance with Article 19, § 2, of the Law, taking account of the specific fact that a suspicion has been raised about the customer concerned, in order to decide whether to maintain the business relationship, in which case it should implement due diligence measures adapted to the re-assessed risks, or to end it (see in this regard the page “Reporting of suspicions"). The same is expected in case of receipt of an indictment from judicial authorities.
Finally, as a reminder, updating the overall risk assessment in accordance with Article 17 of the Anti-Money Laundering Law may also imply updating the individual risk assessment.
3. Inability to exercise ongoing due diligence
Article 35, § 2 of the Anti-Money Laundering Law describes the consequences of the inability to fulfil the due diligence obligation.
As this obligation must be fulfilled either with respect to an occasional transaction which is planned to be carried out, or throughout a business relationship, the Anti-Money Laundering Law distinguishes between future customers (planned occasional transactions or new business relationships) and existing customers (existing business relationships).
3.1. With regard to future customers
Apart from the cases in which the financial institution is unable to identify the persons involved in the business relationship or the occasional transaction and to verify their identity in due time (see the page "Non-compliance with the identification and identity verification obligations”) or to gather the information necessary to understand the characteristics of the customer and the purpose and intended nature of the business relationship or occasional transaction (see the page "Identification of the customer’s characteristics and of the purpose and nature of the business relationship or the occasional transaction"), the law also prohibits to enter into a business relationship or to carry out a transaction on behalf of the customer on an occasional basis where the financial institution has, in advance, reason to believe that it will not be able to meet its (ongoing) due diligence obligation with respect to the business relationship or the transaction of this potential customer.
In the case of occasional transactions, the impossibility to carry out the required careful examination of the transaction will generally result from the inability to identify the persons involved and to verify their identity and/or identify the customer’s characteristics or the purpose and nature of the transaction.
In the case of business relationships the financial institution intends to establish, the prohibition applies if the financial institution has reasons to consider, from the outset, that it will not be able to comply with its future obligations to update the identification of the persons involved and the verification of their identity, to update the information it holds concerning the customer’s characteristics or the purpose and nature of the business relationship, or to carefully and continuously examine the transactions carried out by the customer during the business relationship.
Any refusal to enter into a business relationship with a potential customer or to carry out an occasional transaction that he wishes to perform must be duly justified. This refusal may not be a means for the financial institution to discriminate against certain categories of customers (see the page "Due diligence requirements and compliance with other legislation").
3.2. With regard to existing customers
Where the financial institution finds, in the course of a business relationship, that it can no longer satisfy its ongoing due diligence obligation with regard to the transactions carried out by the customer or update the data and information about the persons involved or the characteristics of the business relationship, it has a legal obligation to terminate this relationship. However, pursuant to Article 33, § 1, third paragraph of the Anti-Money Laundering Law, financial institutions may apply restrictive measures other than the termination of the business relationship in the specific cases detailed in Article 15 of the Anti-Money Laundering Regulation of the NBB:
- in the case of life insurance contracts, the unilateral termination of which is contrary to other mandatory legal or regulatory provisions or public policy provisions, the alternative restrictive measures to be applied consist in refusing payment of any supplementary premiums by the policyholder, without prejudice to the consequences that legal or regulatory provisions attach to non-payment of a premium (Article 15, first paragraph, 1° of the Regulation);
- in the case of loan contracts, the unilateral termination of which would expose the obliged financial institution to a severe and disproportionate negative impact, the alternative restrictive measures to be applied consist in refusing any increase in the amount lent and in terminating the business relationship as soon as possible (Article 15, first paragraph, 2° of the Regulation). Examples of a severe and disproportionate negative impact are the impossibility, in practice, to obtain reimbursement of substantial amounts or the loss of the benefit of real or personal guarantees attaching to the loan. The financial institution must also seize the first opportunity available to terminate the loan without suffering the aforementioned negative impact.
The NBB considers that the decision to apply alternative restrictive measures must be substantiated in writing on a case-by-case basis:
- in the case of restrictive measures other than the termination of life insurance contracts, this substantiation must include a verification that the legislation in force does not authorise the insurance company to unilaterally terminate the contract;
- however, in the case of measures other than the termination of a loan, Article 15, first paragraph, 2° of the Anti-Money Laundering Regulation of the NBB subjects the authorisation to implement such measures to the condition that the unilateral termination of the loan would expose the obliged financial institution to a severe and disproportionate negative impact. The NBB therefore considers that the decision to apply these measures must be substantiated in writing on a case-by-case basis, and that this written statement must include an estimate of the negative impact to which such unilateral termination would expose the financial institution, in order to demonstrate its serious and disproportionate nature, and determine the date or future events that will allow the institution to terminate the business relationship as soon as possible without suffering the aforementioned severe and disproportionate negative impact.
In all these cases, the financial institution must also take the necessary measures to ensure that it does not enter into any other business relationship with the customer concerned and does not execute any occasional transaction on his behalf.
With regard to the business relationship which is subject to the alternative restrictive measures, the financial institution must also take enhanced due diligence measures, in accordance with Article 37, § 2 of the Anti-Money Laundering Law, which are proportionate to the level of re-assessed risk, in accordance with Article 19, § 2 of the Anti-Money Laundering Law, taking into account that this relationship has not been terminated (see the page “Special cases of enhanced due diligence”. This enhanced due diligence must also enable the institution to ensure that the restrictive measures are effectively implemented and that the loans are terminated as soon as possible.
The modalities for implementing alternative restrictive measures must be specified in the internal procedures of the financial institution (see the page “Policies, procedures, processes and internal control measures”).
3.3. Reporting to the AMLCO
In accordance with Article 46 of the Anti-Money Laundering Law, financial institutions must also verify whether it is necessary to inform CTIF-CFI of cases as referred to above in which the obligation of due diligence on business relationships and occasional transactions could not be satisfied, where this inability can be an indication of ML/FT. This means that this inability should be recorded in writing within the financial institution and reported to the AMLCO. See chapters 1.1. and 1.3. above. The modalities of this recording in writing and of this reporting must be specified in the internal procedures of the financial institution (see the page "Policies, procedures, processes and internal control measures").
4. Internal control measures
Financial institutions are expected to periodically verify that the internal procedures for exercising due diligence with regard to business relationships and occasional transactions are consistently complied with and that the processes for implementing the due diligence obligations (examination of transactions and updating of information) are adequate.
The NBB therefore recommends that the internal audit function pay particular attention to:
the adequacy of the indicators/criteria validated by the financial institution to enable atypical facts and transactions to be detected by persons who are in direct contact with customers or who are instructed with carrying out their transactions;
the effectiveness of the system for ex ante detection of atypical facts and transactions, taking into account in particular the number of alerts generated;
the effectiveness of the system for ex post detection of atypical facts and transactions and, in particular, the adequacy of the configuration of the automated monitoring system, taking into account in particular the number of alerts generated;
the adequacy of the updating of the information held pursuant to the obligation to identify and verify the identity and the obligation to identify the customer’s characteristics and the purpose and nature of the business relationship;
the adequacy of the measures taken to protect persons who internally report a fact or transaction they consider atypical.