(Editor’s Note: After this article went to press, the US Treasury said it had adopted a rule requiring banks, broker-dealers, mutual funds, futures commission merchants and introducing brokers in commodities to collect and verify information on beneficial owners. The Treasury also sent to Congress legislation to approve requiring that companies formed in the US file beneficial ownership information with the agency).
The Panama Papers will soon move beyond scandalous news stories about how the world’s top-ranked government and business officials evaded taxes via offshore shell companies, becoming the trigger for a hardening of know-your-customer (KYC) rules and reporting requirements.
If the US Treasury and other regulatory agencies have their way, the new rules could prove to be a compliance manager’s nightmare. Financial firms may soon have to report not only the identities of their customers, but also the underlying identities of the beneficial owners of the accounts. The Panama Papers, 40 years of records leaked or hacked from Panamanian law firm Mossack Fonseca, offer details and names behind shell companies used to shield assets. The law firm has denied doing anything illegal.
So far, the Treasury hasn’t come up with any specific requirements, but industry consensus is it will do so shortly, based on comments Secretary Jack Lew made to the International Monetary Fund’s IMF Steering committee last month. It’s not exactly a new idea. In mid 2014, the Treasury’s anti-money laundering (AML) unit, the Financial Crimes Enforcement Network (FinCEN), proposed a new rule requiring banks, broker-dealers and registered investment companies to disclose the name of anyone who has a 25 percent stake in a client firm or has “significant responsibility” to control, manage or direct the firm. The “significant responsibility” category would include chief executives, presidents, chief financial officers and general partners.
However, differences of opinion between financial regulatory agencies and pushback from the banking industry has slowed the adoption process and watered down the rule. In the latest proposed regulation, stringent verification of the information from customers regarding beneficial owners has been weakened to a requirement for “reasonable belief” the information is accurate and that phrase hasn’t been defined. A separate FinCEN rule, also yet to be adopted, would require registered investment advisors, including those for mutual funds and hedge funds to follow similar AML policies.
It remains to be seen how any new rules from FinCEN would match up with requirements under the Foreign Account Tax Compliance Act aimed at catching US tax dodgers living abroad. Legal opinions differ as to whether meeting the verification requirements for FinCEN would be more onerous than complying with FATCA and how the overlap of the two separate requirements would play out. At the very least, discrepancies could make compliance work that much more complex.
FATCA’s rule are pretty stringent. Fund management and other asset-management firms have to verify the identities of the beneficial shareholders of non-US investors holding more than a 10 percent stake in the investor shop. What’s more, the legislation requires financial firms to ensure there are no red flags in any investor documentation that would indicate tax evasion and ask for even more paperwork when the documentation provided conflicts with what the financial firms already know.
Any new FinCEN policies would put the US more in sync with Europe where the fourth incarnation of Europe’s AML Directive requires all financial firms to disclose the identities of beneficial owners holding more than a 25 percent stake or having significant control to regulators. The firms must also follow more rigorous risk-based AML procedures in classifying and monitoring customers. Each EU country must create a data repository of corporate ownership; however there won’t be any uniform guidelines on just how much information firms must disclose. The legislation is set to be adopted by all European Union member countries within the next two years.
Buy-side firms have historically been low on the target list for regulators because there has been an inherent presumption that it is far easier to commit illegal activities through banks and brokerage accounts. Hedge funds, in particular, have strict redemption guidelines making them an unappealing target for money launderers, but they are ripe vehicles for tax evasion. “Regulation is the mother of invention and the entire financial ecosystem will be required to improve their due diligence at the time of onboarding and afterwards,” says Steve Goldstein, chief executive of Alacra, a New York and London-based business information and compliance software provider..
Needle in Haystack
Verifying the identity of a client is one thing, but finding all about the investors in the client’s firm is another layer of investigation. Compliance managers at banks, broker-dealers and fund management firms set policies for just what information each new customer provide at the time of onboarding by a know-your-customer officer. The documentation then goes to an anti-money laundering unit or compliance manager to verify whether the individual or company is on any government sanctions list or other databases for politically exposed persons, which would likely put them in a higher-risk category.
But how is a financial firm supposed to be certain about the identity of the customer’s investors? Chances are that at least ten percent of clients won’t be honest when asked, leaving financial firms to discover the truth. Without a single centralized global database they must tap hundreds of public and private databases. Such a scenario would obviously tie up staff time and require a separate link to each of the databases.
Some specialist firms such as Alacra or Bureau van Dijk offer to short-cut the verification by connecting to multiple databases worldwide. Those include LexisNexis, Thomson Reuters, Dow Jones and D&B. Alacra says its compliance workflow tools will ensure that all investigators at a client bank’s shop adhere to a consistent identification and oversight process to meet regulatory requirements. Bureau van Dijk will also provide information on corporate linkages enabling financial firms to understand global ownership structures better.
Still, even the bet efforts can only go so far. The content of databases, for starters, is only as good as whatever information they are fed by companies themselves. Those companies must fulfill local data legislation and filing requirements. Public companies are required by securities law to disclose their ownership structure to a regulatory agency, which in the case of the US is the Securities and Exchange Commission. Not so with private entities which might not provide any public information on ownership or may simply list additional entities as managers or partners.
Disclosure requirements for private companies vary among countries. Even individual US states have differing requirements and Delaware is often cited as being the most lax in its information demands for incorporation. Given such complexity, erring on the side of safety is advised. “Asking for the client to provide articles of incorporation and other information at the time of onboarding is the best option,” says Daniel Viola, a partner who heads up the regulatory and compliance group at the law firm Sadis & Goldberg in New York.
Once financial firms know who they are doing business with they must decide next whether the risk is worth the fees. Clients are ranked on how they match with the risk appetite of the financial institution using a model which includes whether an individual is a politically exposed person, the country of domicile, the type of business, the amount of money involved, and the type of account. The more risky the client is considered, the more often its activities will be monitored assuming the firm decides to accept the business at all. A threshold of funds may be set, depending on the risk profile. All this preliminary work won’t do a firm much good if it accepts a customer and doesn’t keep track to any changes of the customer’s risk profile or activities down the road, so KYC is an ongoing process.
Any new rules adopted by either the Treasury or FinCEN would require banks, broker-dealers and possibly fund management shops to enhance their KYC and AML policies. Hopefully, they would do so on an enterprise-wide basis as it doesn’t make sense for one business line to follow difference documentation and verification requirement than another. Ideally, globally regulations would be become equivalent.
Fund Administrators Critical
Fund managers who have historically outsourced the task of onboarding and verifying clients to their fund administrators will likely continue to do so, but as with all outsourced operations, they will need to keep a closer eye on the onboarding process. They can’t presume the fund administrator has done its utmost.
“The Panama Papers won’t be changing the contractual terms between fund managers and fund administrators but since fund managers do have a reputational and legal risk they need to ensure their fund administrator communicates with them about any potential investors who raise a red flag and review the subscriptions themselves,” says Viola.”Next up is asking to be informed of changes in the client’s circumstances — such as a change in beneficial ownership, financial circumstances or even business activities.” Those include changes in client behavior such as wanting to invest or redeem more often.
Although about 90 percent of hedge fund managers outsource their subscriptions process to fund administrators, only 60 percent monitor their work, according to Meredith Moss, chief executive of Finomial, a Boston-based subscriptions technology platform for alternative investment funds and administrators. The rest simply take administrators’ word at face value. The problem: “At best, most fund administrators will provide worksheets of what information is still missing or potentially incorrect or contradictory to complete the subscription,” she says. Such a scenario laves the hedge fund manager at the mercy of the fund administrator, hoping it will do a thorough job.”
If the compliance or operations manager at the fund administrator’s shop overlooks a critical data point or cannot detect contradictory information simply by manually reviewing the documentation, the entire due diligence process goes awry. The same applies to any official at the fund management shop who will do the same. Finomial’s platform, says Moss, will catch any missing or conflicting data using optical character recognition to scan all of the documents in PDF form. It also provides full visibility of all documents, a structured workflow and audit trail to prove the necessary reviews have been made.
Given that fund managers should become more watchful of their fund administrators in the new regulatory environment, fund administrators may be forced to adopt additional policies to identify and verify their customers and beneficial ownership, says Andras Teleki, managing member of Teleki AML and Cybersecurity Law Firm in Washington DC. Since non-bank-affiliated administrators have not been subject to specific AML regulations, they have often resorted to doing their best. Such best practices may differ based on the needs of fund manage clients and the country where the fund administrator and fund are domiciled. Foreign countries often have more stringent requirements than the US.
Headquartered in Curacao, fund administrator Atlas Fund Services says that it has adopted the AML and KYC policies and procedures recommended by the Financial Action Task Force, an intergovernmental body concerned with business and political threats to the financial system. “Our global KYC policy, which is fully enforced in our Curacao and Charlotte, North Carolina operations, entails full disclosure and identification of all ultimate beneficial owners of investors in the fund,” says Danique Sprock, group chief executive of the firm which services US$5 billion in assets for US and overseas hedge fund fund management firms. “Prior to taking on an investment manager as a new client we fully disclose our AML/KYC requirements and due diligence procedures to ensure the manager/general partner agrees to the degree to which Atlas will perform investor due diligence.”
All of the requirements at the time of a customer onboarding are fully listed in Atlas’s client funds offering documents. For individual investors those include copies of a passport and utility bills while for corporations and trusts they include certificates of incorporation and trust deeds. Investors who don’t provide the correct paperwork won’t be accepted. “US investors initially might not take kindly to the stricter approach, but they will eventually acquiesce when the fund manager informs the investor onboarding procedures are required by the fund administrator,” explains Sprock.
The most important takeaway from the Panama Papers: “Whether you are an investment fund, its advisor, fund administrator or even a bank it will behoove you to identify your clients directly and to understand their beneficial ownership structure,” says Teleki. “You don’t want to have to explain to a regulator why you didn’t identify a high risk client or a beneficial owner whose name appears in the Panama Papers.”
What happens if you discover that a potential client has been associated with the Panama Papers scandal: “As a fund, bank or broker-dealer, you can make a conscious decision whether to do business with the new investor under stricter monitoring guidelines or not at all,” says Teleki. “If you do, you may have to prove to FinCEN or another primary regulatory agency that you took additional steps to mitigate any risks.”.
Uncovering a potentially undesirable client after the fact is a lot harder to handle. Shutting down a profitable account is often a business anathema. Hedge fund and mutual fund managers will also face additional legal obstacles to asking for an immediate redemption, although they could cancel the investor out of making any additional subscriptions.