The legislation, which is called the Finma anti-money laundering ordinance, has been in place since 1 January 2016. Graziella Capellini from a Lugano-based legal advisory AC Services, gives her assesment of the legislations and which steps are necessary during risk assesment.
Finma’s anti-money laundering act, which aims to combat money laundering and terrorist financing, has been revised to incorporate recommendations from the Financial Action Task Force (FATF).
The ordinance states financial institutions must appoint one or more people to manage money-laundering issues. It says these people, or another independent function, must prepare a risk analysis for money laundering and terrorism financing, based on the field of activity and the nature of the business relationships they manage. They must specifically take into consideration the clients’ domicile or residence, the clients’ segment, as well as the products and services offered. The risk analysis must be approved by the board of directors or the executive management and periodically updated.
The need to set up a risk analysis originates directly from the first recommendation of the FATF, which requires financial institutions to identify, assess and take effective action to mitigate their money laundering and terrorist financing risks.
This risk-based approach is essential to the implementation of risk-based measures on the basis of the general principle that in case of higher risk, financial institutions should take enhanced measures to manage and mitigate those risks and, accordingly, where the risks are lower, use simplified measures.
Policies and procedures
The ordinance also says financial institutions need to adopt suitable policies, controls and procedures to carry out a periodic analysis and provide an assessment of the level of risk posed by money laundering and financing terrorism.
For example, while performing customer due diligence, as well as following measures identified by Finma, financial institutions should determine the extent of such measures using a risk-based approach. Consequently, the measures should be applied on a risk-sensitive basis depending on the type of customer, business relationship or nature of the transactions or activity. Higher risk categories should be subjected to enhanced due diligence.
From an operational point of view, the risk assessment of money laundering and terrorist financing should be conducted based on international best practices that take into account the size and complexity of the business.
The process has several stages, starting from the assessment of the potential risks associated with operations. This risk is based on the number and type of clients of the financial product, the jurisdictions under which they operate, the total assets under management, the number and the size of the transactions, and the origin and the destination of money transfers.
The second step is the assessment of measures adopted to mitigate the risk of money laundering and terrorist financing. Such measures include procedures and control activities. The aim is to reduce the potential risk in order to determine the residual risk.
Where weaknesses are detected, mitigating actions should be identified and implemented in order to move the residual risk to an acceptable level.
The approach described above is consistent with the FATF recommended standards and with the requirements set forth by the fourth anti-money laundering directive, which both demonstrate the progressive nature of Swiss regulators.
This article originally appeared in the March 2017 edition of Citywire Switzerland magazine.