Procedure for working with internal control rules for AML/CFT purposes: legal aspects.

Who are the changes for?

Decree of the Government of the Russian Federation of July 14, 2022 No. 1188 (hereinafter referred to as Decree No. 1188) approved certain requirements for internal control rules that develop:

• lawyers;
• notaries;
• persons providing legal or accounting services;
• audit companies and individual auditors.

These requirements were adopted to comply with the provisions of the Federal Law of August 7, 2001 No. 115-FZ “On combating the legalization (laundering) of proceeds from crime and the financing of terrorism” (hereinafter referred to as Law No. 115-FZ). Namely, according to paragraph 1 of its Art. 7.1, the requirements of this Federal Law regarding the organization of internal control apply to the listed persons.

Who monitors the implementation of 115-FZ

There are regulatory bodies in the Russian Federation, their purpose is to monitor compliance with the law in the field of AML/CFT. Such bodies include the Central Bank, Rosfinmonitoring, the Federal Assay Chamber and Roskomnadzor.

Each subject of 115-FZ has its own regulator depending on the type of activity of the organization:

• The Central Bank is responsible for monitoring the functioning of banks, pawnshops, microfinance enterprises, consumer credit cooperatives, non-state pension funds and securities market participants in compliance with AML/CFT provisions
• Rosfinmonitoring monitors real estate agencies, leasing and factoring companies, outsourced accountants, lawyers, payment collection operators, lotteries and sweepstakes
• The Federal Assay Chamber controls the jewelry industry
• Roskomnadzor monitors mobile operators and Russian Post

What changes to consider

The internal control rules regulate the procedures for the actions of the above-listed persons for anti-money laundering purposes. They are prepared in paper or electronic form. In the latter case, the listed persons certify them with their enhanced qualified electronic signature (for example, the head of a law firm, lawyer or notary). Until January 13, 2022, these rules are drawn up on paper.

Internal control rules drawn up on paper can be stored as an electronic image of the document.

There are fewer mandatory programs that need to be included in the internal control rules. This applies to:

• documenting information;
• suspension of operations;
• actions in case of refusal to execute the client’s order to perform a transaction.

Which operations are subject to the new requirements?

The new requirements are related to the development of internal control rules for the following transactions with funds or other property carried out by these persons:

• real estate transactions;
• management of funds, securities or other property of the client;
• management of bank or securities accounts;
• raising money to create organizations, ensure their activities or manage them;
• creation of legal entities and foreign structures without forming a legal entity, ensuring their activities or managing them, as well as the purchase and sale of legal entities and foreign structures without forming a legal entity.

Contents of internal control rules

Internal control rules from 2022 must contain 9 mandatory programs:

• organizational basis of the internal control system;
• identification of clients, client representatives and/or beneficiaries, as well as beneficial owners;
• client research;
• risk assessment and risk management of money laundering and terrorist financing;
• identifying transactions and financial transactions with signs of laundering or terrorist financing and submitting information about them to Rosfinmonitoring;
• procedure for freezing (blocking) funds or other property;
• training and education of personnel in the field of combating money laundering, the financing of terrorism and the proliferation of weapons of mass destruction;
• audit of the internal control system;
• storage of information and documents obtained as a result of fulfilling obligations to combat money laundering, financing of terrorism and the proliferation of weapons of mass destruction.

Decree No. 1188 defines in detail the content of each program.

Our voluntary AML/CFT audits of organizations and entrepreneurs, as well as inspection activities carried out by supervisory authorities, often demonstrate a fairly common violation among subjects of 115-FZ: the absence of compiled internal reports on information sent to Rosfinmonitoring, or their formal preparation without taking into account the established requirements .

Let us remind you that organizations and entrepreneurs sending formalized electronic messages (FES) to Rosfinmonitoring about suspicious transactions and mandatory control operations are required to document the information sent, incl. by composing internal messages.

The procedure for documenting information, which is part of the ICR for AML/CFT, must provide for the preparation by employees of subjects of 115-FZ, who have identified an operation (transaction) subject to control, of an internal message - a document containing the requirements established by regulations (Government Decree No. 667 dated 30.06.2012 , Bank of Russia Regulation No. 445-P dated December 15, 2014) information about the transaction.

The completed internal message is submitted to the responsible employee for review. Based on the results of consideration of the internal message, the head of the organization, the entrepreneur or his authorized person may make, for example, one of the following decisions:

— on recognizing the client’s operation (transaction) as subject to mandatory control in accordance with Article 6 or 7.5 of Federal Law No. 115-FZ;

— on recognizing an identified unusual operation (transaction) as a suspicious operation (transaction), the implementation of which may be aimed at legalizing (laundering) proceeds from crime or financing terrorism;

— the need to take additional measures to study the client’s unusual operation (transaction);

— on submitting information about transactions subject to mandatory control and suspicious transactions to Rosfinmonitoring.

The form of the internal message, the procedure, timing and method of its transmission to the responsible person are determined by the organization and the entrepreneur independently and are reflected in the procedure for documenting the ICR information on AML/CFT/PWF. Typically, the internal message form has a tabular form and is included in the AML/CFT/CFT ICR as one of the annexes.

For internal messages compiled on mandatory control operations, the following simple rules apply:

— for each FES submitted to Rosfinmonitoring, an internal message must be drawn up in the organization;

— the number of internal messages should not be less than the number of FES about mandatory control operations.

Internal reporting plays a huge role in identifying suspicious transactions, because It is in it that subjects of 115-FZ must record their motivated justifications for recognizing the operation as suspicious and sending information about it to Rosfinmonitoring.

Unfortunately, often the justification for such a decision by the subjects of 115-FZ is not recorded in detail in internal messages, and the motives that guided them in recognizing a transaction as suspicious are not disclosed, which indicates a formal approach to working with suspicious transactions.

Often, an organization or entrepreneur, having seen in a client’s transaction a criterion for identifying or a sign of an unusual transaction established by Bank of Russia Regulation No. 445-P dated December 15, 2014 or Rosfinmonitoring Order No. 103 dated May 8, 2009, rushes to immediately report this to Rosfinmonitoring, without conducting proper checks of the transaction and not taking into account that the established criteria are indicators for additional checks of the client and the transaction, but not a reason for automatically recognizing the transaction as unusual.

Let us remind you that if a transaction is identified as meeting one or more of the criteria for an unusual transaction, the organization or entrepreneur must immediately draw up an internal report, conduct an audit of the client and his transaction, and make a reasoned decision regarding the transaction, including the decision to send or not send information to Rosfinmonitoring.

For example, when checking a client’s transaction, subjects of 115-FZ can request clarification from the client regarding the transaction, organize a meeting with him, request documents for verification, study the sources of origin of the client’s funds or property, conduct comprehensive in-depth checks and other activities enshrined in ICR on AML/CFT/FROM. If the client made contact, provided all the necessary information, documents and explanations, as a result of which the organization or entrepreneur had no doubts about the legality of the client’s operation, they may decide to recognize the operation as justified and not arousing suspicion.

Conversely, if the client did not provide clear explanations for the transaction, avoided contacts and explanations, the subject of 115-FZ may decide to recognize the identified unusual transaction as a suspicious transaction, the implementation of which may be aimed at laundering criminal proceeds or financing terrorism, and to submit information about such a suspicious transaction to Rosfinmonitoring. When motivating their decision in an internal message, organizations and entrepreneurs must list the activities carried out as part of the study of the operation, list the documents and information received, give their arguments regarding the operation, etc.

An internal message is an internal document of an organization or entrepreneur; it is not necessary to send it to Rosfinmonitoring or supervisory authorities on its own initiative, however, this document is often requested for inspection by supervisory authorities.

The absence of internal communications and formal relations to them almost always indicates violations in the work of the organization and the entrepreneur, and in some cases may indicate possible risks of involvement of the subject of 115-FZ in laundering criminal proceeds or financing of terrorism.

An example of an internal message in the internal control system on AML/CFT/CFT of organizations and entrepreneurs supervised by Rosfinmonitoring and the Assay Chamber

An example of an internal message in the Internal Control Code on AML/CFT/PWF of organizations supervised by the Bank of Russia

expert on financial monitoring, editor-in-chief of the media “Bulletin of Financial Monitoring”, Ph.D. history Sciences, lawyer Pavel Smyslov

When using and quoting material, a link to the site is required!

* * *

Check out our many articles on financial monitoring and AML/CFT here:

List of our practical articles and publications on financial monitoring, AML/CFT, anti-money laundering legislation, 115-FZ and other related issues

* * *

Our services in the field of financial monitoring and AML/CFT:

— any documents and rules of internal control (IRAC for AML/CFT);

— training and instruction on financial monitoring;

— audit, subscriber services for AML/CFT;

— electronic signature and special software for financial monitoring;

— assistance during inspections;

- and much more.

More details HERE

.

Subscribe to the “Financial Monitoring Bulletin”

— the first free and regular news release in Russia in the field of financial monitoring:

We are in social networks: