Only 30% of companies have mapped their money laundering risks and recorded their risk appetite.
Grant Thornton Baltic conducted a survey among companies to find out how many of them are consciously and purposefully engaged in anti-money laundering. In a few months nearly 200 companies responded to the anonymous questionnaire opened on our website last October.
The largest number of respondents was from the following areas of activity: auditing, accounting and consulting services, trading, financial sector and real estate brokerage.
The survey revealed that:
- only 30% of companies have mapped their money laundering risks and recorded their risk appetite;
- just over half of companies have told employees about possible money laundering risks, trained them or drawn up codes of conduct;
- in order to avoid risks related to existing cooperation partners or customers, only 22% of companies systematically monitor them, 35% of companies monitor their business relationship at random;
- the contact person of the Financial Intelligence Unit (FIU) has been appointed by one third of the companies, whereas the contact person has also been appointed by those who do not have such an obligation pursuant to law;
- 44% of respondents want or plan to optimize or automate their activites related to the requirements of the Anti-Money Laundering Act.
We asked companies six questions
- Have you analysed which products or services that are offered by your company, or in some other way, can be used by malicious actors to launder your money or finance terrorism?
With this question, we wanted to know whether companies have assessed the potential risks of money laundering and terrorist financing related to their activities. The risk assessment requirement applies to most obligated persons mentioned in the Money Laundering and Terrorist Financing Prevention Act (RahaPTS), but only 30% of the respondents, most of whom were also obligated persons, have mapped their risks.
Risk assessment is the first important step in creating an effective prevention system, on which all subsequent activities of the company in preventing money laundering are based. It is by mapping the risks and being aware of them that it is possible to analyze which services provide the risk, how it may manifest itself and how it can be prevented.
![Q3 ENG Kas ettevõtet saab rahapesuks ära kasutada.PNG]()
- Have you considered which companies you definitely do not serve or with whom you do not enter into a partnership (for whom the risk of money laundering is too high) and how much and to whom you are ready to offer your products and services? Have you recorded this in writing and communicated it to your employees?
In addition to risk assessment, the company must also record its risk appetite and establish it. Only 30% of companies have done so (as many as those who have assessed their risks).
In defining risk appetite, an entity describes the risks that it agrees to take when operating in the money laundering risk area (or records what it certainly does not agree to take). The risk appetite must be in writing and approved by the company's senior management.
![Q5 ENG Milliseid ettevõtteid ei teeninda.PNG]()
- Are your employees able to recognise signs / activities that indicate possible money laundering?
Specific instructions for their employees have been prepared by 29% of companies, in addition to which 35% of companies have told their employees about possible dangers, but have not yet prepared codes of conduct. Thus, more than half of the companies have trained employees or prepared instructions for them.
At the same time, according to the RahaPTS, companies are obliged to establish rules of procedure, which include procedures for identifying, mitigating and implementing due diligence measures related to the customer, as well as instructions on how to act in case of suspicion of money laundering. The results of the survey show that much remains to be done.
![Q4 ENG Kas töötajad tunnevad ära rahapesu.PNG]()
- Has a contact person for the Financial Intelligence Unit (FIU) been appointed in your company?
The contact person of the FIU must be designated in credit institutions, financial institutions, trust and corporate service providers, pawnbrokers, virtual currency service providers, collectors or wholesalers of precious metals and precious metal products. The contact person may (voluntarily) also be appointed by another obligated person.
Among the respondents, 11.5% were companies in the financial sector, but a contact person has been appointed in one third of the respondents, which shows that this has also been done by several companies that have no direct obligation to do so.
![Q6 ENG rahapesu andmebüroo kontaktisik-1.PNG]()
- Are all employees who interact with customers on a daily basis, to establish business relationships and make transactions, aware of money laundering and terrorist financing issues and have they received the necessary training?
Training for front-line staff is particularly important so that they understand the risks and possible consequences of transactions. It is also important to state how they themselves can contribute to mitigating these risks.
If an employee simply ticks the checklist, it is not the same as ticking them with knowing the meaning. In this case, there is also some point in checking. 35% of companies have trained their employees.
![Q7 ENG kas töötajad on läbinud koolitused.PNG]()
- Do you monitor individuals in your business relationship on a regular basis to avoid money laundering risks with existing partners?
Less than a quarter of the responding companies systematically monitor customers, although business relationship monitoring is a mandatory due diligence measure. 35% of companies monitor their customers, but do so at random.
Today, business owners, management members and ultimate beneficiaries change quite frequently and therefore their customers should be monitored more frequently. If the customer's data has changed, their risk level must also be re-determined. The activities associated with monitoring depend on the company's field of activity and the type of business relationship entered into with the client. Certainly, when introducing due diligence measures, one could think about what data can be monitored in order to get the best information about the (suspicious) behavior of the customer / partner and map the risk areas to be monitored.
![Q8 ENG Äripartnerite seiramine.PNG]()
You can automate much more than you do now
Procedures related to the prevention of money laundering and terrorist financing are often very time and human resource intensive, as a lot of information related to customer background checks is collected manually. At the same time, companies that have integrated automated queries into their client management program automatically perform the same analysis at the time the client name is entered into the program. Automation can and could be used in a wide range of money laundering prevention processes (eg customer risk assessment, verification of national background, sanctions, beneficial owner and right of representation, data updating, document validity verification). There are several solutions and service providers on the market that offer new and / or automated solutions in this field.
We recommend that you take a fresh look at your money laundering prevention documentation and procedures and, if necessary, involve Grant Thornton Baltic's risk management services advisors.
