More often than not, the terms ‘High-Risk’ and ‘Non-Reputable’ countries are often used interchangeably within the context of Anti-Money Laundering and Countering the Financing of Terrorism (AMLCFT). This is especially prevalent whenever Guidance Notes, Periodic Reports and ancillary documentation is presented to the public and subject-persons (obliged entities).
It is not uncommon for practitioners, clients and service providers to sometimes mix up the concepts especially when undertaking Entity-Level Risk Assessments (such as during On-Boarding or Annual Monitoring).
In this connection, this article will attempt to briefly analyse both definitions and provide some practical guidance as to how to differentiate between the two ‘norms’ and what to do when determining the appropriate classification.
From a Maltese perspective, our main sources of legislation and application are primarily:
- The Prevention of Money Laundering Act (Chapter 373 of the Laws of Malta) ‘PMLA’,
- The ‘Prevention of Money Laundering and Funding of Terrorism Regulations’ (S.L. 373.01 of the Laws of Malta) ‘PMLFTR’ and
- The FIAU’s bespoke Implementing Procedures and Guidelines.
Regulation 5(5) of the PMLFTR requires subject persons to have procedures in place to manage the ML/FT risks posed by their customers, products and services, transactions and delivery channels, as well as countries and geographical areas.
Therefore, in assessing and establishing a ‘Risk Profile’ for any customer, subject persons are obliged to take into consideration several risk factors, including the Geographical/Jurisdictional risk.
A Risk-Based Approach
Within the realm of AML, it is widely recommended that countries should start by identifying, assessing and understanding the money laundering and terrorist financing risks they face. As a consequence, they should take appropriate measures to mitigate the identified risks.
The Risk-based approach (RBA) allows countries to allocate their limited resources in a targeted manner to their own particular circumstances, thereby increasing the efficiency of the preventative measures. Within this context, practitioners and subject persons should also use the risk-based approach to identify and mitigate the risks they face.
From a TCSP (Trusts and Company Service Providers) perspective, the Geographical Risk is the risk arising from entering into a business relationship/occasional transaction involving particular countries or jurisdictions. (The process and exercise to determine the reputability of each jurisdiction on the basis of the ‘deficiencies’ identified by the FATF is called a ‘Jurisdiction/Country Risk Assessment’ – which is normally formulated by the AMLCFT Unit).
During both ‘on-boarding’ and ‘monitoring’ (especially within the context of business relationships), consideration should be given to primarily evaluate important risk manifestations such as:
- The Place of Residence & Nationality of the UBO;
- The Location of the Business Activity (Main Place of Business);
- The Country of Incorporation of the Company which is our customer;
- The Jurisdiction from where the Source of Wealth and Source of Funds have been obtained & generated;
- The Nationality and Residence of the Director/s;
- Trade Countries (Inflows-Customers and outflows-suppliers of Jurisdictions);
- Countries where the customer has relevant ‘personal links’.
Regulation 2(1) of the PMLFTR provides for a clear definition of which jurisdictions are to be deemed as ‘Non-Reputable’.
To summarise, countries deemed to be ‘Non-Reputable’ are generally speaking, jurisdictions that have deficiencies in their AMLCFT Regime or have inappropriate and ineffective measures for the prevention of MLFT. Therefore, the concept of non-reputability of a jurisdiction primarily relates to issues and/or shortcomings concerning AML/CFT.
However, how does one reach such a determination? To determine Non-Reputable, the FIAU recommends that one should consider ‘inter alia’
- FATF Documents (Public Statements & On-Going Process Document);
- Internationally accepted standards or
- whether the country is included in the EC Article 9 of AMLD4;
So where do High-Risk Jurisdictions come into the picture?
The FIAU’s Implementing Procedures state that to assess and classify a jurisdiction as ‘High Risk’; subject persons are required to conduct a wider assessment than merely assessing the jurisdictions’ AML/CFT issues and shortcomings, and hence should also include other factors when conducting their assessment.
The FATF Risk-Based Approach Guidance lists a number of factors that should be assessed in determining whether a jurisdiction poses a higher risk.
These include the situation when a jurisdiction is identified by credible sources as lacking appropriate AML/CFT laws, regulations and other measures. (To also note that in 2009, the FATF began to publicly identify high-risk jurisdictions, these being ‘named countries’ that have strategic deficiencies in their AML/CFT Regimes).
The crucial issue (or consideration) is that SPs are to note that, while a non-reputable jurisdiction is always to be regarded as a ‘High-Risk’ Jurisdiction, a high-risk jurisdiction may not necessarily always be regarded as a non-reputable jurisdiction.
Therefore, all the jurisdictions that are deemed to be non-reputable or high risk are to be considered as posing varying degrees of risk (whether ML/FT risk or other associated risks arising from other factors) & are henceforth required to include the risks posed by these jurisdictions when conducting their Customer Risk Assessment.
A connection to a non-reputable or high-risk jurisdiction may take various forms and therefore subject persons are to assess the link or links with the said jurisdictions. This is normally done on a case-by-case basis.
Applying appropriate Due Diligence.
In this connection, when dealing with natural or legal persons established or linked with a non-reputable jurisdiction,subject persons are explicitly required to apply commensurate EDD (Enhanced Due Diligence) measures accordingly.
However, on the basis of Regulation 11(1)(b) of the PMLFTR, subject persons may be required to apply commensurate EDD measures when, on the basis of the risk assessment, it is determined that an occasional transaction, business relationship or any transaction represents a high risk of ML/FT.
Therefore, the requirement to apply commensurate EDD measures in this regard arise when the high-risk level determined is attributed and pushed by jurisdictional links.
A Non-Reputable classification entails the application of EDD Measures which are ‘explicitly required’, whereas a ‘High-Risk’ classification is determined on the basis of the Qualitative and Quantitative Country Risk Assessment, factoring in the Customer Risk Assessment (CRA) following a determination that there is (inter alia) a ‘High Risk’ of Money Laundering, Terrorist Financing and Financing of Proliferation.