5.1. Assessing customer money laundering risks
5.1.1. Requirement to conduct a customer risk assessment
A Relevant Person must:
- (a) undertake a risk-based assessment of every customer; and
- (b) assign the customer a risk rating proportionate to the customer's money laundering risks.
5.1.2. Timing of the customer risk assessment
The customer risk assessment in AML 5.1.1 must be completed prior to conducting CDD for new customers, and where, for an existing customer, there is a material change in circumstances.
5.1.3. Conduct of the customer risk assessment
When undertaking a risk-based assessment of a customer under AML 5.1.1 a Relevant Person must:
- (a) identify the customer, any beneficial owner(s) and any person acting on behalf of a customer;
- (b) obtain information on the purpose and intended nature of the business relationship;
- (c) consider the type of customer, its ownership and control structure, and its beneficial ownership (if any);
- (d) consider the nature of the customer's business relationship with the Relevant Person;
- (e) consider the customer's country of origin, residence, nationality, place of incorporation or place of business;
- (f) consider the relevant product, service or transaction;
- (g) consider the beneficiary of a life insurance policy, where applicable; and
- (h) consider the outputs of the business risk assessment under Chapter 4.
5.1.4. Identification of Politically Exposed Persons
The policies, procedures, systems and controls adopted by the Relevant Person in accordance with AML 5.1.1 must enable it to determine whether a customer or a beneficial owner is a Politically Exposed Person ("PEP").
5.1.5. Identification of control structure
A Relevant Person must not establish a business relationship with a customer which is a legalperson if the ownership or control structure of the customer prevents the Relevant Person from identifying all of the customer's beneficial owners.
A Relevant Person must not establish a business relationship with a customer which is a legal person if the ownership or control structure of the customer prevents the Relevant Person from identifying all of the customer's beneficial owners.
5.1.6. Prohibition on relationships with Shell Banks
A Relevant Person must not establish or maintain a business relationship with a Shell Bank.
Guidance on customer risk assessments
- (a) The findings of the customer risk assessment will assist the Relevant Person in determining the level of CDD that should be applied in respect of each customer and beneficial owner.
- (b) In assessing the nature of a customer, a Relevant Person should consider such factors as the legal structure of the customer, the customer's business or occupation, the location of the customer's business and the commercial rationale for the customer's business model.
- (c) In assessing the customer business relationship, a Relevant Person should consider how the customer is introduced to the Relevant Person and how the customer is serviced by the Relevant Person, including for example, whether the Person will be a private banking customer, will open a bank or trading account, or whether the business relationship will be purely advisory.
- (d) The risk assessment of a customer, which is illustrated in Figure 2 below, requires a Relevant Person to allocate an appropriate risk rating to every customer. Risk ratings areto be described as "low", "medium" or "high", on a sliding numeric scale with 1 to 3 as "low" risk, 4 to 7 as "medium" risk, and 8 to 10 as "high" risk. Depending on the outcome of a Relevant Person's assessment of its customer's money laundering risk, a Relevant Person should decide what degree of CDD will need to be conducted.
- (e) In AML 5.1.5, ownership arrangements which may prevent the Relevant Person from identifying one or more beneficial owners include bearer shares, nominee shareholder arrangements, and other negotiable instruments in which ownership is determined by possession.
Guidance on the term "customer"
- (a) The point at which a person becomes a customer will vary from business to business. However, the AFSA considers that it would usually occur at or prior to the business relationship being formalised, for example, by the signing of a customer agreement or the acceptance of terms of business.
- (b) A person would not normally be a customer of a Relevant Person merely because such person receives marketing information from a Relevant Person or where a Relevant Person refers a person who is not a customer to a third party (including a Group member).
- (c) A counterparty would generally be a "customer" for the purposes of these Rules and would therefore require a Relevant Person to conduct CDD on such a person. However, this would not include a counterparty in a transaction undertaken on a Regulated Exchange. Nor would it include suppliers of ordinary business services, to the Relevant Person such as cleaning, catering, stationery, IT or other similar services.
Guidance on high risk customers
- (a) In complying with AML 5.1.1, a Relevant Person should consider the following customer risk factors which may indicate that a customer poses a higher risk of money laundering:
- (i) the business relationship is conducted in unusual circumstances;
- (ii) the customer is resident in a geographical area considered by FATF to be an area of high risk;
- (iii) the customer is a legal person or arrangement that is a vehicle for holding personal assets;
- (iv) the customer is a company that has nominee shareholders or shares in bearer form;
- (v) the customer is a cash-intensive business;
- (vi) the corporate structure of the customer is unusual or excessively complex given the nature of the company’s business; and
- (vii) the customer has been subject to adverse press or public information related to potential money laundering activities.
- (b) In complying with AML 5.1.1 a Relevant Person should also consider the following product, service, transaction or delivery channel risk factors:
- (i) the product involves private banking;
- (ii) the product or transaction is one which might favour anonymity;
- (iii) the situation involves non-face-to-face business relationships and/or transactions, without certain safeguards, such as electronic signatures;
- (iv) payments will be received from third parties who are unknown to the Relevant Person;
- (v) new products and new business practices are involved, including new delivery mechanisms, and the use of new or developing technologies for new and existing products;
- (vi) the service provides nominee directors, nominee shareholders or shadow directors for hire, or offers the formation of companies in third countries; and
- (vii) the service involves undocumented or verbal agreements with counterparties or customers.
- (c) In complying with AML 5.1.1 a Relevant Person should also consider the following geographical risk factors:
- (i) countries identified by credible sources, such as FATF mutual evaluations, detailed assessment reports or published follow-up reports, as not having effective systems to counter money laundering and terrorist financing; and
- (ii) countries subject to sanctions, embargos or similar measures issued by, for example, the United Nations Security Council or identified by credible sources as having significant levels of corruption or other criminal activity and countries or geographic areas identified by credible sources as providing funding or support for terrorism.
Guidance on low risk customers
- (a) In complying with AML 5.1.1 the following types of customers may pose a lower risk of money laundering:
- (i) a governmental entity, or a publicly-owned enterprise;
- (ii) an individual resident in a geographical area of lower risk which has AML regulations which are equivalent to the standards set out in the FATF Recommendations;
- (iii) Customers with a long-term and active business relationship with the Relevant Person;
- (iv) a regulated Financial Institution whose entire operations are subject to regulation and supervision, including AML regulation and supervision, in a jurisdiction with AML regulations which are equivalent to the standards set out in the FATF Recommendations; or
- (v) a company whose Securities are listed on a Regulated Market in a jurisdiction which has AML regulations which are equivalent to the standards set out in the FATF Recommendations;
- (b) In complying with AML 5.1.1 the following types of product, service, transaction or delivery channel risk factors may pose a lower risk of money laundering:
- (i) a contract of insurance which is non-life insurance;
- (ii) a contract of insurance which is a life insurance product which does not provide for an early surrender option, and cannot be used as collateral;
- (iii) a contract of insurance which is life insurance for which the annual premium is low by comparison with prevailing market standards;
- (iv) a contract of insurance for the purposes of a pension scheme where the contract contains no surrender clause and cannot be used as collateral;
- (v) a pension, superannuation or similar scheme which provides retirement benefits to employees, where contributions are made by an employer or by way of deduction from an employee's wages and the scheme rules do not permit the assignment of a member's interest under the scheme; or
- (vi) arbitration, litigation, or advice on litigation prospects.
- (c) The assignment of a low risk customer AML rating should not be automatic and should be applied only after an assessment of a customer's actual AML risk as required in AML 5.1.1. In conducting this assessment, however, Relevant Persons should make use of, and build upon, the business risk assessment(s) it has undertaken in accordance with Chapter 4.
Guidance on Shell Banks
- (a) AML 5.1.6 prohibits a Relevant Person from establishing or maintaining a business relationship with a Shell Bank.
- (b) The presence of a local agent or administrative staff would not constitute a physical presence in the country in which the customer is incorporated or licensed.