7.01  In the last decade, regulators have assessed some USD30 billion in fines against firms engaging in for violations of embargo sanctions and related violations. Several financial service firms have been the targets of those actions. This chapter will address those requirements. In this section the focus is on embargo related sanctions. Embargoes and financial related sanctions against ‘rogue’ countries are economic in nature and are designed to coerce such countries into conformance to international norms. Sanctions may be imposed to deter bad conduct. This would include anything from (p. 320) the development of nuclear weapons, invading another country, to interfering in a US presidential election.

7.02  There has been much debate about the efficacy of sanctions. Some point to Cuban sanctions as proving they have little effect. Others hail sanctions against South Africa as having precipitated that country’s decision to drop apartheid. UN sanctions against Libya have also been credited for the change in the terror-oriented government in Libya and the eventual overthrow of Libyan dictator Muammar el-Qaddafi.

7.03  Whatever their efficacy, sanctions are a reality and are directed at numerous countries. Sanctions may be applied to particular economic sectors, or a country’s economy may be entirely embargoed, sometimes with humanitarian exceptions. Sanctions may be applied to import and exports of commodities, but are also often applied to prevent access to banking and other financial services. For example, the US imposed sanctions prohibiting banking and financial transactions with Cuba, North Korea, and Iran. Particular financial services firms may also be targeted, as was the case for Iranian and Russian banks. Financial services sanctions may take some unusual forms. When Iraq invaded Kuwait before the first Gulf War, the US embargoed financial services with its ally Kuwait. That action was taken because of concerns that Iraq intended to loot the banks and accounts of Kuwait in order to gain access to the financial wealth of that country.

7.04  The US President signed an Executive Order prohibiting transactions with certain persons identified as ‘sanctions evaders’ with respect to sanctions imposed against Iran and Syria.¹ Sanctions are increasingly being imposed against individual and corporate ‘bad actors’. Those individuals may include specific government officials or even private businesses and their executives. For example, several Russian oligarchs were placed on sanctions lists because of their aid to the bad acts of the Russian government.²

7.05  Sanctions on financial services place the burden of compliance on financial services institutions that deal with the objects of sanctions, including companies and targeted individuals. This places difficult burdens on large financial services institutions with multi-national operations and millions of customers. Nevertheless, large banks have been massively fined for allowing sanctioned parties to access and use bank facilities. Such large fines are justified on the grounds that sanctions invoke matters that are a threat to national security. Targets of sanctions often claim that sanctions are only political in nature and not to be taken seriously. Laxity in compliance may also creep in where controls have been in place against a country for decades with little discernible effect. That complacency is sought to be corrected by prosecutors through harsh (p. 321) enforcement actions that seek to underscore the importance of internal compliance programmes sanctions designed to detect and prevent violations of sanctions.

7.06  The United Nations (UN) Security Council may impose sanctions under Chapter VII of the United Nations Charter. Such sanctions have involved restrictions on engaging in financial services. The UK government has described the role of sanctions imposed by the UN, the EU, and individual countries as follows:

7.07  Financial sanctions are restrictions put in place . . . to achieve a specific foreign policy or national security objective. They can:

• •  limit the provision of certain financial services

• •  restrict access to financial markets, funds and economic resources. Financial sanctions are generally imposed to:

  • •  coerce a regime, or individuals within a regime, into changing their behaviour (or aspects of it) by increasing the cost on them to such an extent that they decide to cease the offending behavior;

  • •  constrain a target by denying them access to key resources needed to continue their offending behaviour, including the financing of terrorism or nuclear proliferation;

  • •  signal disapproval, stigmatizing and potentially isolating a regime or individual, or as a way of sending broader political messages nationally or internationally; and/or

  • •  protect the value of assets that have been misappropriated from a country until these assets can be repatriated.³

7.08  The UN has sanctioned some thirty countries over the last half century. It has also authorized sanctions against terrorist organizations such as ISIS, Al Qaida, and Taliban. ‘Security Council sanctions have taken a number of different forms, in pursuit of a variety of goals. The measures have ranged from comprehensive economic and trade sanctions to more targeted measures such as arms embargoes, travel bans, and financial or commodity restrictions.’⁴ The UN Security Council is now administering:

14 ongoing sanctions regimes which focus on supporting political settlement of conflicts, nuclear non-proliferation, and counter-terrorism. Each regime is administered by a sanctions committee chaired by a non-permanent member of the Security (p. 322) Council. There are 10 monitoring groups, teams and panels that support the work of 11 of the 14 sanctions committees.⁵

7.09  The UN sanctions regime has had, at best, mixed success. Its oil-for-food programme sanctioning Iraq was a failure. It sought to prevent Iraqi dictator Saddam Hussein from using state oil revenue to fund his weapons programmes, while allowing oil revenues to be used to feed the Iraqi population. That programme was riven with corruption, and Hussein was able to divert payments from the programme to his own purposes. Among other things, Iraq required the payment of kickbacks on all contracts with suppliers of humanitarian aid and on oil field spare parts that were allowed to be sold under the programme. These kickbacks were concealed by calling them ‘after-sales-service fees,’ and they constituted as much as 10% of contract prices, which was added to the overall contract price. Another scheme involved ‘inland transportation fees’ that were added to contract costs and paid to Iraqi controlled entities as a means of circumventing sanctions.⁶ Only a handful of individuals and companies faced prosecution from this scandal.⁷

7.10  Efforts to sanction the nuclear weapons programme of North Korea was not successful, and similar efforts against Iran have been much criticized. North Korea evaded sanctions on large amounts of coal and steel exports that brought in hard currency to the country. North Korea also used private individuals and front companies to create banking relationships around the world that allowed it to evade sanction restrictions.⁸ North Korea further used its trading relationship with China to maintain its nuclear programme. China has also been lax in foreclosing access by North Korea to the international financial system. The UN blacklisted several ships and shipping companies for violating sanctions on North Korean exports, but has taken no effective action against China.

7.11  Sanctions against Iran present a complex picture. Sanctions were imposed after the staff of the American embassy in Tehran were seized and held hostage in 1979. Those hostages were later released, but Iran’s nuclear weapons programme and other acts resulted in additional sanctions. An agreement was reached in 2015 with then US President Barack Obama to restrict Iran’s nuclear programme. The election of President Donald Trump in 2016 renewed tensions with Iran, and the US withdrew from the Iranian agreement on nuclear weapons. Russia vetoed a Security Council resolution in (p. 323) February 2018 that would have found Iran in violations of sanction restrictions imposed on Yemen.

7.12  Like the US, the nature of UN sanctions has changed in the past decade. UN sanctions have been turning away from comprehensive measures levied against states. Sanctions are now being more targeted by being aimed at particular economic or financial activities and against individuals and small groups or entities.”⁹ UN sanctions now target ‘sectors such as arms, cash-earning commodities such as diamonds, or financial assets and travel’.¹⁰ For example, so-called ‘conflict’ diamonds have been subject to sanctions that are exported from Africa to fund revolutionary movements in West Africa. To limit trafficking in conflict diamonds, the international community developed the Kimberley Process Certification Scheme for Rough Diamonds that requires governments to develop import and export controls. Those controls require the certification and control of trafficking in rough, uncut diamonds through documentary audit trails that trace diamonds from their extraction from mines to their polishing for sales.¹¹ Efforts to require US public companies to disclose whether they use conflict diamonds has been frustrated by litigation raising constitutional issues of free speech.

7.13  Another concern raised by international financial transactions is that of the bribery of corrupt foreign government officials. Such official include managers of sovereign wealth funds that invest hundreds of billions of dollars in financial markets. A broad international inter-governmental effort has been undertaken to combat such corrupt payments. The Organization for Economic Co-operation and Development (OECD), which seeks to develop governmental policies that will improve the well-being of the population, has coordinated those international efforts, which are directed principally at developing countries. The OECD has thirty-five member countries, including the US, UK, France, Germany, Switzerland, and Russia.

7.14  The 1997 OECD Anti-Bribery Convention prohibits the bribery of foreign public officials in international business transactions. The signatories to this convention include all thirty-five of the OECD member countries and eight non-members, i.e. Argentina, Brazil, Bulgaria, Colombia, Costa Rica, Lithuania, Russia, and South Africa.¹² The Anti-Bribery Convention requires signatories to make it a criminal offence under their (p. 324) laws for persons subject to their jurisdiction intentionally to offer, directly or indirectly, any undue pecuniary advantage to a foreign public official in order to obtain or retain business or other improper advantage in the conduct of business.¹³

7.15  In 2009, the OECD published recommendations to strengthen international anti-bribery efforts through several actions, including the following:

• •  Adopt best practices for making companies liable for foreign bribery so that they cannot be misused as vehicles for bribing foreign public officials and they cannot avoid detection, investigation, and prosecution for such bribery by using agents and intermediaries, including foreign subsidiaries, to bribe them.

• •  Periodically review policies and approach on small facilitation payments. These are legal in some countries if the payment is made to a government employee to speed up an administrative process.

• •  Improve cooperation between countries for the sharing of information and evidence in foreign bribery investigations and prosecutions and the seizure, confiscation, and recovery of the proceeds of transnational bribery, through, for instance, improved or new agreements between the States Parties for these purposes.

• •  Provide effective channels for public officials to report suspected foreign bribery internally within the public service and externally to the law enforcement authorities, and for protecting whistleblowers from retaliation.

• •  Working with the private sector to adopt more stringent internal controls, ethics, and compliance programmes and measures to prevent and detect bribery.¹⁴

7.16  As will be described section (vi) of this chapter, the US has been the leader in combatting the bribery of foreign officials in order to gain business. It began that effort some twenty years before the OECD Convention. The US is still the most aggressive of the OECD members in pursuing and prosecuting this crime.

7.17  The EU sanctions and embargoes are part of the Common Foreign Security Policy (CFSP). Goal of this policy is a dedicated external ability regarding conflict prevention and crisis management by means of civilian and military capabilities.¹⁵ The EU understands sanctions as coercive measures and uses the word ‘sanction’ interchangeably with the word ‘restrictive measures’.¹⁶ Sanctions and embargoes have been a favoured (p. 325) foreign policy tool of the EU lately. This is primarily, because the EU lacks the collective capacity to enforce its foreign policy decisions by force. They are less costly than military force and can be applied in a more flexible and targeted way. EU sanctions do typically aim at changing activities or policies related to the violation of international law or human rights or policies that do not respect the rule of law or democratic principles.¹⁷ They either intend to coerce, constrain, or signal. EU sanctions policy does, however, typically not preclude all cooperation and assistance to the target.¹⁸

7.18  EU sanctions are very often not imposed on a stand-alone basis, but in interplay with other organizations and countries. The most important organization in this regard are the UN. There are three different major types of EU sanctions applied in combination with other sanction regimes. These are:¹⁹

• •  EU as implementer of UN sanctions: All EU Member States are members of the UN and thus obliged under Chapter VII of the UN Charter to implement UN sanctions. Examples are the EU/UN sanctions in Angola, Central African Republic, Democratic Republic of Congo, Guinea Bissau, Liberia, Somalia, and South Sudan. These sanctions simply implement the UN sanctions and the EU does not play an independent role.

• •  EU as implementer of UN sanctions that go beyond the UN requirements: These sanctions are autonomous sanctions that go beyond the UN sanctions. Examples are the EU sanctions on the Democratic Republic of Congo, Côte d’Ivoire, Iran, and Libya. These sanctions are subject to increasing criticism by other UN Member States.

• •  EU sanctions without having roots in other UN sanctions: The EU imposes under this category sanctions independent from any UN sanctions. Examples of such sanctions are Belarus, Russia, and Ukraine. These sanctions are very often enacted jointly with the US or other organizations, or when the UN Securities Council is not able to reach an agreement.

7.19  The legal basis for the sanctions policy of the EU is mainly contained in Art. 29 of the Treaty on the European Union (TEU)²⁰ and Art. 215 of the Treaty on the Functioning of the European Union (TFEU).²¹ EU sanctions are either imposed by regulations or decisions of the Council. Both belong to the secondary law of the EU and are directly (p. 326) applicable to the persons and organizations addressed therein. There are other key documents that guide the law makers and the commodities trading houses in the application of the restrictive measures. These are the Basic Principles on the Use of Restrictive Measures (Sanctions) which lays out the principles underlying the EU targeted sanctions regime. The Guidelines on Implementation and Evaluation of Restrictive Measures also indicates how and when sanctions should be considered. The EU Best Practices for the Effective Implementation of Restrictive Measures is a best practice document that contains recommendations for the EU Member States and a checklist of best practices.²²

7.20  Although EU sanctions are intending to have effects on third countries, they apply only within the jurisdiction of the EU, meaning:²³

• •  within EU territory, including its airspace;

• •  to EU nationals, whether or not they are in the EU;

• •  companies and organizations incorporated under the law of a Member State, whether or not they are in the EU. This also includes branches of EU companies in third countries;

• •  any business done in whole or in part within the EU; and

• •  on board aircrafts or vessels under the jurisdiction of a Member State.

7.21  One of the key downsides of EU sanctions in the past have been negative consequences that go beyond the target. Sanctions can in particular impose a burden on the civilian population and contribute to economic problems.²⁴ The EU historically pursues a policy of ‘targeted sanctions’, according to which only specific groups or individuals are subject to sanctions. There seems, however, to be a move towards a broader interpretation of sanctions that should have wider economic impact. The targeted sanctions that are applicable to commodities trading houses and other market participants are very often difficult to decipher and can be ambiguous and vague. This increased the costs of doing business and the risks involved. The restrictive measures typically imposed in EU sanction programmes are:

• •  arms and related material, dual-use goods and technology, as well as material for internal repression embargoes;

• •  ban on provision of certain services;

• •  freezing of funds and economic resources;

• •  travel bans;

• •  restrictions on the issuance and trade in bonds and loans, as well as investments;

• (p. 327) •  embargoes on key equipment and technology for the oil and natural gas industries;

• •  restrictions on the transfer of funds; and

• •  restrictions on the import of commodities.

7.22  The EU has currently restrictive measures against the following jurisdictions:²⁵

• •  Afghanistan

• •  Belarus

• •  Bosnia and Herzegovina

• •  Burundi

• •  Central African Republic

• •  China

• •  Democratic Republic of Congo

• •  Egypt

• •  Eritrea

• •  Republic of Guinea (Conakry)

• •  Guinea-Bissau

• •  Haiti

• •  Iran

• •  Iraq

• •  Lebanon

• •  Libya

• •  Maldives

• •  Mali

• •  Montenegro

• •  Moldova

• •  Myanmar (Burma)

• •  North Korea

• •  Russia

• •  Serbia

• •  Somalia

• •  South Sudan

• •  Sudan

• •  Syria

• •  Tunisia

• •  Ukraine

• •  US

• •  Venezuela

• •  Yemen

• •  Yugoslavia (Serbia and Montenegro)

• •  Zimbabwe

(p. 328) 7.23  There are in addition also restrictive measures against some terrorist groups, such as Al Qaida and ISIL (Da’esh), outstanding. The situations underlying and leading to sanctions can change very quickly. It is thus of high importance to always stay on top of the latest developments.

7.24  The UK does not just implement UN and EU sanctions, but does also have an independent sanctions regime in place. The UK has an autonomous terrorist sanctions regime and has powers over the regulated sector under the Counter-Terrorism Act 2008, the Terrorist Asset-Freezing etc. Act 2010, and Anti-Terrorism, Crime and Security Act 2001. The responsibilities for the implementation of the sanctions lies with multiple bodies. The Foreign and Commonwealth Office has overall responsibility for the UK’s policy on sanctions and embargoes, including the scope and content of international sanctions regimes. HM Treasury’s Office for Financial Sanctions Implementation (OFSI) is responsible for implementing and administering financial sanctions in the UK. It can also impose fines for misconduct. The National Crime Agency investigates breaches of financial sanctions. The Financial Conduct Authority is responsible for ensuring that regulated firms have adequate systems and controls to comply with UK Sanctions requirements. Department for International Trade (Export Control Organization) implements trade sanctions and embargoes.²⁶ HM Revenue & Customs enforces export sanctions. The Home Office implements international travel bans.²⁷

7.25  UK sanctions which are in effect generally apply to:

• •  any person in the UK;

• •  any UK citizen wherever located (usually including British Overseas Territories citizens, British Overseas citizens, British subjects, and British Protected Persons);

• •  any corporate entity operating in the UK; and

• •  any corporate entity incorporated or constituted under the law of any part of the UK wherever located (including overseas branches of UK companies).

7.26  The most frequently applied UK sanctions are:²⁸

• •  arms embargoes;

• •  bans on exporting equipment that might be used for internal repression;

• •  export controls;

• •  asset freezes and financial sanctions on designated individuals and corporate entities;

• (p. 329) •  travel bans on named individuals; and

• •  bans on imports of raw materials or goods from the sanctions target.

7.27  UK sanctions are contained in specific lists. OFSI maintains two lists of those subject to financial sanctions. The consolidated list includes all designated persons subject to financial sanctions under EU and UK legislation, as well as those subject to UN sanctions which are implemented through EU regulations.²⁹ OFSI maintains a separate list of entities subject to specific capital market restrictions.³⁰ These entities are not contained on the consolidated list. HM Treasury keeps a list of individuals and entities who are subject to financial sanctions for alleged terrorist activity. The Home Office manages a list of proscribed terrorist groups and organizations which are banned under UK law pursuant to the Terrorism Act 2000. The Department for International Trade’s UK Strategic Export Control lists form the basis of determining whether any products, software, or technology intended for export are ‘controlled’ and therefore require an export licence. These lists are published collectively as the UK Consolidated List of Strategic Military and Dual-Use Items that Require Export Authorization.³¹

7.28  UK sanctions related to goods, services, and assets can be levied by specific licensing exemptions which are granted upon request by the authorities that have the power to implemented the sanctions.³²

7.29  The UK sanctions regime post-Brexit will be different than the one pre-Brexit. In May 2018, the UK has passed a new sanctions regime by adopting the Sanctions and Anti-Money Laundering Act 2018.³³ The new authority to impose sanctions under the Act is much wider than any authority under pre-existing authorities.

7.30  Embargoes and sanctions by one country against another country or its allies have a long history. In the US, such actions began with boycotts of English products by the colonies in protest to English statutes restricting or taxing trade with the colonies. The US has also been at the forefront of more recent governmental efforts using sanctions to punish and deter objectionable activities of other countries, or which threatens US national security. Countries currently subject to sanctions include Russia, Iran, North (p. 330) Korea, Cuba, Belarus, Burma, Sudan, and Syria. Sanctions and embargoes may be imposed by the US President under wartime and emergency powers and through specific acts of Congress. An example of the latter is the Countering America’s Adversaries Through Sanctions Act (CAASTA), which was enacted in response to Russia’s interference in the 2016 US presidential election, the annexation of Crimea, and Russian sponsored military actions against Ukraine.³⁴

7.31  Individuals are also targeted under US imposed sanctions. For example, the Magnitsky Act was enacted to sanction individuals for violations of human rights in connection with the torture and death of Russian lawyer Sergei Magnitsky by officials of the Russian Ministry of the Interior. A broader statute, the Global Magnitsky Act targets human rights abuses and government corruption globally.³⁵ In September 2017, President Trump authorized sanctions to block from the US financial system any foreign business or individual that facilitates trade with North Korea. Those sanctions were imposed to stop evasion by Chinese banks and others of existing sanctions already in place against North Korea’s nuclear development programme.

7.32  The long-running sanctions imposed against Cuba started out in the 1950s as pretty much a total embargo of the Cuban economy. That action was in accordance with embargoes against other communist countries in place at that time, such as China and the Soviet Union, as an effort to contain and isolate those countries. The embargoes against China and the Soviet Union have been replaced by narrowly targeted sanctions against individuals and businesses. Although there was a thawing of relations with Cuba under the Obama administration that eased trading and visiting restrictions, the Trump administration abandoned, at least temporarily, further efforts to ease banking and other restrictions on Cuba.

7.33  US embargoes and sanctions are administered by the Office of Foreign Assets Control (OFAC), an agency lodged in the US Treasury Department:

As part of its enforcement efforts, OFAC publishes a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called ‘Specially Designated Nationals’ or ‘SDNs.’ Their assets are blocked and U.S. persons are generally prohibited from dealing with them.³⁶

7.34  Sanctions are imposed by blocking, i.e. freezing, assets of a targeted country or individual. These sanctions may require banks or other financial institutions to refuse a transfer of funds or securities to or from a sanctioned entity, or to or from an account (p. 331) in which a blocked entity has an interest. If funds are received by a financial institution from a sanctions target, those funds must be blocked. All US banks, bank holding companies and their subsidiaries, as well as broker-dealers and futures commission merchants must comply with sanction restrictions. These sanctions must also be complied with by foreign branch offices of US entities. Blocked transactions must be reported to OFAC within ten days of the transaction. OFAC may issue licences to allow specified transactions that might otherwise be subject to a blocking order.

7.35  To assure compliance with OFAC regulations, financial institutions have created compliance programmes that are designed to monitor transfers to or from blocked entities and to look for otherwise suspicious activity, to test for compliance, and training of personnel in areas where compliance is needed. The nature and complexity of these compliance programmes depend on the risk profile of the financial institution. This means large international banks are expected to have extensive compliance programmes that are carefully monitored. A purely domestic institution with few foreign customers could maintain a less sophisticated compliance programme. Compliance procedures would include the use of due diligence to determine the true identity of persons opening new accounts, including checking new account information against OFAC lists of sanctioned countries and entities. Existing accounts need to be reviewed when additional parties are added to the OFAC sanctions lists.³⁷

7.36  OFAC has noted that:

Over the past several years, the banking industry has developed special software to ‘interdict’ illicit funds transfers. Many filters contain every name on OFAC’s list of Specially Designated Nationals and Blocked Entities along with generic words for countries and cities. Most of the systems screen every field in incoming payment orders. When such a system identifies a designated name in a transfer, the transfer is automatically rejected and the system directs a reviewer to the illicit reference. . . . While OFAC does not treat even completely automated processing of violative transactions as a full defense in civil penalty proceedings, it does favorably consider a bank’s business decision to use interdict software as well as other good faith manual and electronic compliance efforts in determining mitigation.³⁸

7.37  Violations of OFAC restrictions are subject to severe sanctions, including civil penalties that may be the greater of USD250,000 per violation or twice the monetary amount of the transaction. Criminal sanctions are even more severe. Those sanctions can be staggering in the case of large financial institutions handling numerous transactions. BNP Paribas SA agreed to pay almost USD billion to settle US charges over the bank’s dealings with accounts connected with Cuba, Iran, and Sudan. BNP was also barred for one (p. 332) year bar from conducting certain US dollar transactions. Another large bank, Standard Chartered paid USD667 million to settle charges involving transactions with Iranian related accounts. The New York Superintendent of Financial Services (NYSFS) fined the Bank of Tokyo-Mitsubishi UFJ USD567 million for handling funds from countries that were embargoed by the US government. That bank had originally agreed to a fine of USD250 million, but the penalty was increased after it was determined that the bank had acted in bad faith by trying to downplay the extent of its violations.³⁹ JPMorgan paid OFAC USD88.3 million to settle embargo violation charges involving Cuba, Iran, and Sudan. The CFTC has also sanctioned FCMs for failing to observe OFAC restrictions on sanctioned entities.⁴⁰

7.38  Switzerland has its own embargo-laws to execute sanctions that have been decided by the UN, OSCE, or by important trading partners of Switzerland. The key legal basis for the implementation and execution of international sanctions is the Federal Act on the Implementation of International Sanctions.⁴¹ It is a framework legislation which stipulates generally applicable provisions (goal, responsibilities, duty to inform, control, data protection, administrative, and mutual assistance between Swiss and foreign authorities, sanctions). The law allows the Swiss government to enact compulsory measures. Compulsory measures may in particular, directly or indirectly, restrict transactions involving goods and services, payment and capital transfers, and the movement of persons, as well as scientific, technological, and cultural exchange, or include prohibitions, licensing, and reporting obligations as well as other restrictions of rights.⁴² The Swiss government, based on the EmbA, will issue individual ordinances that impose specific sanctions on countries and regimes.

7.39  Switzerland applies either general sanctions, which apply equally to states and their citizens, targeted sanctions, or financial sanctions. Targeted sanctions are intended to be directed at individuals, companies, and organizations, or restrict trade with key commodities. The key instrument for implementing targeted sanctions is the list of names drawn up by UN sanctions committees. The following instruments can be applied in case of targeted sanctions:

• •  trade restrictions on particular goods (e.g. arms, diamonds, oil, lumber,) or services;

• •  travel restrictions;

• •  diplomatic constraints;

• •  cultural and sports restrictions; and

• •  air traffic restrictions.

(p. 333) 7.40  Financial sanctions are directed to assets and financial transactions. They are typically:

• •  the freezing of funds and other financial assets;

• •  a ban on transactions; and

• •  investment restrictions.

7.41  Switzerland has currently sanctions against individual persons, organizations, and ships in place. They are affecting the following countries/situations:

• •  Al Qaida, Taliban

• •  Belarus

• •  Burundi

• •  Central African Republic

• •  Congo

• •  Guinea

• •  Guinea-Bissau

• •  Iran

• •  Iraq

• •  Libya

• •  North Korea

• •  Situation in Ukraine

• •  Somalia

• •  South Sudan

• •  Sudan

• •  Syria

• •  Yemen

• •  Zimbabwe

7.42  The international and Swiss sanctions and embargo situation is changing quickly. It is thus important to stay up to date with the latest developments. UN sanctions find immediate application to Switzerland without prior transposition into Swiss law.

7.43  The import, export, deposit of rough diamonds, as well as the deposit in a duty free warehouse is only permitted if they are accompanied with a forgery-proof certificate. Trade in rough diamonds is only possible with countries which are also participating in the Kimberely-certification system. The Kimberley-certification system should prohibit ‘conflict diamonds’ reaching legal markets. Conflict diamonds are from regions which are controlled by rebels who finance arms purchases, Africa in particular.

7.44  Singapore is a member of the UN and commits to follow and implement the UN Security Council Resolutions (UNSCR), including sanctions. It also has its own autonomous sanctions regime under the Terrorism (Suppression of Financing) Act (TSOFA). The sanctions regime in Singapore has a dual approach where the UNSCR are generally implemented through regulations made under the UN Act whilst regulations targeting (p. 334) financial institutions are implemented under the Monetary Authority of Singapore (MAS) Act.

7.45  Amongst other measures, the UNSCRs may impose targeted financial sanctions against specific individuals and entities identified by the UN Security Council (or relevant UN Committees) as contributing to a particular threat to, or breach of, international peace and security. For instance, there are UNSCRs issued to address risks of proliferation of weapons of mass destruction emanating from Iran and the Democratic People’s Republic of Korea.

7.46  MAS gives effect to targeted financial sanctions under the UNSCRs through MAS Regulations issued pursuant to §27A of the MAS Act. The MAS Regulations require financial institutions in Singapore to:

• •  immediately freeze funds, other financial assets, or economic resources of designated individuals and entities;

• •  not enter into financial transactions or provide financial assistance or services in relation to (i) designated individuals, entities, or items, or (ii) proliferation and nuclear, or other sanctioned activities; and

• •  inform MAS of any fact or information relating to the funds, other financial assets, or economic resources owned or controlled, directly or indirectly, by a designated individual or entity.

7.47  Under the MAS Act, a financial institution that contravenes any MAS Regulations is guilty of an offence and will be liable on conviction to a fine not exceeding USD1 million.

7.48  Non-financial institutions and natural persons in Singapore are similarly required to comply with the sanctions requirements in relation to UN-designated individuals and entities. The UN Act, which was promulgated in 2001, gives the Minister for Law the power to make regulations that are necessary to comply with the sanctions requirements. Thus far, Singapore has put in place Regulations to comply with the various UNSCRs, such as those dealing with Iran and the Democratic People’s Republic of Korea. The full texts of the UN Act and the UN Regulations are available at the Singapore Statues Online.⁴³

7.49  These Regulations prohibit persons in Singapore from dealing with designated individuals and entities as defined in the respective UN Regulations. The prohibitions include the following:

(p. 335)

• •  prohibition against dealing with property of designated persons; and

• •  prohibition against provision of resources and services for benefit of designated persons.

7.50  Under the UN Act, a person who commits an offence against any Regulations made under the UN Act will be liable on conviction, in the case of an individual, to a fine not exceeding USD500,000 or to imprisonment for a term not exceeding ten years or to both; or in any other case, to a fine of up to USD1 million. Aside from the UN Act and its Regulations, all natural and legal persons also have to comply with other targeted financial sanctions found in the TSOFA.

7.51  Singapore currently has sanction against a list of designated individuals and entities. To safeguard the country from engaging in transactions with prohibited parties, it is required that all natural and legal persons in Singapore perform a screen on their clients before engaging in any business activities. Countries prohibited are:

• •  Democratic People’s Republic of Korea

• •  Democratic Republic of the Congo

• •  Eritrea

• •  Iran

• •  Libya

• •  Somalia

• •  South Sudan

• •  Sudan

• •  Yemen

7.52  The US prohibits the bribery of foreign government officials in order to obtain business. That effort began with an investigation by the Securities and Exchange Commission (SEC) into whether public companies in the US were maintaining slush funds. It had been reported in the press that those slush funds were being used to make off-the-books political contributions to the Nixon presidential campaign. As a result of that investigation, the SEC learned that many large international companies were also using those slush funds to bribe foreign government officials in order to gain business. Those bribes were widespread and caused the collapse of several governments when disclosed.⁴⁴

7.53  It was unclear whether the SEC had the power to pursue such claims because there was then no law in the US that prohibited bribery of foreign government officials. US bribery laws applied only to domestic officials. For this reason, these payments were called ‘questionable payments’ instead of bribes.

(p. 336) 7.54  The amounts of the bribes to foreign government officials were large in absolute terms, millions of dollars in some cases. They were, however, relatively small in comparison to the overall business of the companies making the bribes. This meant that it was questionable whether the payments were sufficiently ‘material’ to require disclosure under the federal securities. For example, assume that an employee steals USD100,000 from a billion dollar company. Such an amount is not material to the financial condition of the company, and normally would not be disclosed in the company’s SEC filings. Nevertheless, some would argue that disclosure would be required if the theft reflected a significant failure in a company’s control systems.

7.55  Congress responded this questionable payments scandal by enacting the Foreign Corrupt Practices Act in 1977 (FCPA) as an amendment to the Securities Exchange Act of 1934.⁴⁵ The FCPA prohibits payments in the form of bribes to foreign government officials in order to obtain business. The FCPA also prohibits falsification of the books and records of a public company. The books and records prohibition sought to prevent the use of off-the-books slush funds. It, nevertheless, applies broadly to other books and records. The SEC enforces civil penalties under the FCPA and the Department of Justice (DOJ) pursues criminal violations.⁴⁶

7.56  In 2010, the SEC created a specialized unit in its Enforcement Division that is tasked with investigating and prosecuting FCPA cases. Between 2010 and 2018, the SEC assessed nearly USD5 billion in fines for FCPA violations. Most of those cases involved manufacturing or industrial services, but financial services firms were also caught up in the SEC dragnet. For example, JPMorgan agreed to pay USD264 million to settle FCPA charges brought by the SEC, Federal Reserve Board, and DOJ. The bank was charged with bribing Chinese officials to gain business by hiring their children to work for bank affiliates. BNY Mellon paid nearly USD15 million to settle SEC charges of similar misconduct with respect to family members of foreign government officials involved in a Middle East sovereign wealth fund.

7.57  A Morgan Stanley executive was fined and barred from the securities industry for engaging in a real estate scheme with a Chinese official who steered business to Morgan Stanley. A hedge fund, Och-Ziff paid USD412 million to settle criminal and civil charges that it had bribed government officials in Africa. Allianz SE, a German based insurance company, paid USD12.3 million to settle FCPA bookkeeping requirement violations relating to payments made to Indonesian government officials. Similarly, (p. 337) Aon Corporation, an insurance broker, paid over USD15 million to settle FCPA bookkeeping requirement violations.⁴⁷

7.58  The US has led the world in combatting money laundering, which typically involves the deposit of proceeds from illicit activities into what appear to be legitimate banking or brokerage accounts. Initially, anti-money laundering (AML) charges were focused on the laundering of funds associated with illegal trafficking in narcotics. Today, at least in the US, money laundering charges often accompany most financial crimes such as insider trading or illegal trading activities.

7.59  Money laundering charges are popular with prosecutors in the US because it allows them to up penalties and seek forfeiture of assets. For those and other reasons, a centrepiece of US efforts to combat financial crimes in the US have been to curb money laundering. Anti-terrorism efforts in the US also focus on money laundering used to fund such actions. Efforts to avoid sanctions and embargoes has also been added to the list of money laundering concerns.

7.60  The US has adopted several laws addressing that activity. These include statutes that require the filing by financial institutions of currency transaction reports disclosing transfers of cash; requirements that financial institutions gather information about customers that will allow a determination of whether client businesses appears to be legitimate; and the filing of suspicious activity reports disclosing potential criminal activity. The US SEC and CFTC also impose AML requirements on the broker-dealers and futures commission merchants they regulate. Those requirements include supervisory programmes designed to prevent and detect use of firm accounts for money laundering.

7.61  European countries have also long been involved in international efforts to combat money laundering. The Council of Europe adopted a Convention on Laundering, Search, Seizure, and Confiscation of Proceeds from Crime in 1990. That Convention sought to establish an enforcement system for detecting and prosecuting money laundering. The EU has also issued several directives on money laundering in which its member states agreed to prohibit money laundering and required financial institutions to adopt sophisticated know-your-customer (KYC) requirements, including determinations of actual beneficial ownership of accounts, and the filing of reports disclosing suspicious financial activities.

7.62  In 1988, the Basel Committee on Banking Supervision adopted a set of best practices for banks to use in detecting and preventing money laundering. Those principles include a responsibility to KYC in opening and maintaining accounts in order to avoid association with criminal activity. The Basle Committee on Banking Supervision has also as a core principal of banking supervision that regulators take ‘appropriate steps to identify, assess, monitor, manage and mitigate risks of money laundering and the financing of terrorism with respect to customers, countries and regions, as well as to products, services, transactions and delivery channels on an ongoing basis’.⁴⁸

7.63  The signatories to a 1988 UN Convention sought to combat the trafficking in illegal narcotics by agreeing to make money laundering a crime.⁴⁹ There have been several other efforts by international bodies to combat money laundering. The Group of seven countries have also adopted AML guidelines.

7.64  In 1989, the Group of Seven countries (G-7) (US, Canada, UK, France, Germany, Italy, and Japan) created the Financial Action Task Force (FATF) to develop international programmes for combating money laundering. FATF, now has over thirty-five members, including some traditional bank secrecy havens such as Switzerland and Hong Kong. FATF has announced a set of international standards for financial institutions to employ in order to prevent money laundering, including KYC requirements.⁵⁰

7.65  The EU has sought to implement its members AML efforts through four Directives. The EU’s AML framework includes the creation of:

Financial Intelligence Units (FIUs) [that] play a key role in the fight against money laundering and terrorist financing. These units are responsible for receiving, requesting, analysing and disseminating information to the competent authorities on potential money laundering or terrorist financing activities. They are usually placed within law enforcement agencies or administrative bodies reporting to Ministries of Finance in EU States.

A number of entities and persons fall under anti-money laundering reporting requirements, such as banks, financial institutions, notaries or casinos. They must file a suspicious transaction report without delay to the FIU when they know or suspect that money laundering or terrorist financing is being or has been committed or attempted. The reports are then transmitted to competent authorities, including law enforcement agencies and foreign FIUs.⁵¹

7.66  The Fifth Anti-money Laundering Directive (5MLD) was published on 19 June 2018 and will be entered into national law on 10 January 2020.⁵² There will be some key changes that will affect commodities trading houses subject to AML requirements.

7.67  Customers from countries deemed to be high risk will be subject to enhanced due diligence under 5MLD to combat the increased money laundering risk. The Commission is empowered to adopt delegated acts in accordance with Art. 64 in order to identify high risk third countries, taking into account strategic deficiencies in particular in the following areas:⁵³

• •  The legal and institutional AML/CFT framework of the third country, in particular

  • •  the criminalization of money laundering and terrorist financing;

  • •  measures relating to customer due diligence;

  • •  requirements relating to record keeping; and

  • •  requirements to report suspicious transactions

• •  The availability of accurate and timely information of the beneficial ownership of legal persons and arrangements to competent authorities.

• •  The powers and procedures of the third country’s competent authorities for the purposes of combating money laundering and terrorist financing including appropriately effective, proportionate, and dissuasive sanctions, as well as the third country’s practice in cooperation and exchange of information with Member States’ competent authorities.

• •  The effectiveness of the third country’s AML/CFT system in addressing money laundering or terrorist financing risks.

7.68  With respect to business relationships or transactions involving high risk third countries identified pursuant to the European Markets and Securities Authority (EMSA) guidelines, Member States shall require obliged entities to apply the following enhanced customer due diligence measures:

• •  obtaining additional information on the customer and on the beneficial owner(s);

• •  obtaining additional information on the intended nature of the business relationship;

• •  obtaining information on the source of funds and source of wealth of the customer and of the beneficial owner(s);

• (p. 340) •  obtaining information on the reasons for the intended or performed transactions;

• •  obtaining the approval of senior management for establishing or continuing the business relationship;

• •  conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination.

7.69  It’s likely that countries such as Iran, North Korea, and Yemen will be included on the list, although others, including Saudi Arabia and Panama, are under discussion. When the final list is confirmed, firms will need to be more vigilant in relation to these countries and make sure extra checks are carried out. It is also likely that some jurisdictions will be on this list in which commodities trading houses are doing business in.

7.70  Beneficial ownership is one of the biggest areas of change under 5MLD. Member States are required to develop public ownership registers that are accessible and potentially interconnected across countries. The ability to scrutinize ownership structures plays a big role in fighting the global money laundering problem. For financial institutions, the registers will provide more transparency on their clients, but the additional information searches may add significant workload for already stretched compliance teams. The law requires in particular that corporate and other legal entities incorporated within the territory or a Member State are required to obtain and hold adequate, accurate, and current information on their beneficial ownership, including the details of the beneficial interests held.

7.71  Member States shall ensure that the information on the beneficial ownership is accessible in all cases to:⁵⁴

• •  competent authorities and FIUs, without any restriction;

• •  obliged entities, within the framework of customer due diligence;

• •  any member of the general public.

7.72  These persons be permitted to access at least the name, month, and year of birth, and the country of residence and nationality of the beneficial owner as well as the nature and extent of the beneficial interest held. Additional information enabling the identification of the beneficial owner can be accessed. That additional information shall include at least the date of birth or contact details in accordance with data protection rules.

7.73  Member States were required to implement the Fourth Anti-money Laundering Directive (4MLD) by 26 June 2017. 4MLD replaced and repealed the earlier Third Money Laundering Directive⁵⁵ (3MLD) and the 3MLD implementing directive,⁵⁶

7.74  4MLD followed a review of 3MLD and sought to strengthen AML actions in the EU as well as reflecting revised Financial Action Task Force (FATF) recommendations published in 2012.

7.75  4MLD defines money laundering as:

• •  the conversion or transfer of property, knowing that such property is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such activity to evade the legal consequences of that person’s action;

• •  the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of property, knowing that such property is derived from criminal activity or from an act of participation in such activity;

• •  the acquisition, possession, or use of property knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation in such activity; and

• •  participation in, association to commit, attempts to commit and aiding, abetting, facilitating, and counselling the commission of any of the actions referred to in (i), (ii), and (iii) earlier.

7.76  4MLD is a so-called minimum harmonization directive and Art. 5 permits Member States to adopt or retain in force stricter requirements.

7.77  4MLD applies to the activities of ‘obliged entities’. This definition captures, among others, credit institutions and firms regulated under MiFID II (together referred to as ‘Firms’) regulated MiFID II.

(p. 342) 7.78  4MLD did not introduce wholesale changes to the broad approach to AML established in earlier directives. Rather, it sought to develop and build on existing policy. One of the key themes in 4MLD is the emphasis on risk based AML.

7.79  The focus on risk is underscored by 4MLD’s requirements on the EU Commission, Member States, and firms to carry out their own risk assessments.

7.80  Art. 8 of 4MLD requires Member States to ensure that obliged entities take appropriate steps to identify and assess the risks of money laundering and terrorist financing and to establish and maintain policies, controls, and procedures to mitigate and manage effectively such risks. The steps to be taken by firms should be proportionate to the nature and size of the firm concerned.

7.81  In assessing risk firms need to consider among other things: customers, reporting, record keeping, internal control, compliance management, and employee screening.

7.82  4MLD expressly requires that a firm’s senior management should approve the policies, controls, and procedures which are put in place.

7.83  For a firm the key due diligence obligations are triggered where:

• •  it establishes a business relationship;

• •  it carries out an occasional transaction that amounts to EUR15,000 or more or constitutes a transfer of funds (within the meaning of Art. 3(9) of the Information Accompanying Funds Transfer Regulation⁵⁷) exceeding EUR1,000;

• •  there is a suspicion of money laundering or terrorist financing, regardless of any derogation, exemption, or threshold; or

• •  when there are doubts about the veracity or adequacy of previously obtained customer identification data.

7.84  Art. 13 of 4MLD provides that due diligence is comprised of:

• •  customer identification through documents, data, or information obtained from a reliable and independent source;

• •  taking reasonable steps to identify beneficial owners so that the Firm is satisfied that it knows who the beneficial owners are. Where legal arrangements such as trusts, foundations or companies are used, a Firm should take reasonable measures to understand the ownership and control structure of the customer;

• •  information on the purpose and intended nature of the business relationship;⁵⁸ and

• (p. 343) •  monitoring of the business relationship and customer transactions, to assess their consistency with the customer profile, and ensuring that documents, data, or information are kept up to date.

7.85  Art. 14 of 4MLD makes clear that verification of the identity of the customer and any beneficial owner must take place before a business relationship is established.

7.86  4MLD allows Member States to offer a concession to this general obligation where there is little risk of money laundering and permit verification to occur during the establishment of the business relationship so as not to interrupt the normal conduct of business.

7.87  In addition, banks and investment firms are permitted to open accounts with potential customers provided there are adequate safeguards in place to ensure that transactions are not carried out by a customer before full customer due diligence has been completed.

7.88  4MLD has changed the established approach to simplified due diligence (SDD). Under previous regimes, Firms could treat certain types of as subject only to SDD. Art. 15 of 4MLD discontinues that approach and requires Firms to ascertain that the proposed business relationship or transaction is low risk before applying SDD. Firms are also required to carry out sufficient monitoring of transactions and business relationships with SDD clients to enable the detection of unusual or suspicious transactions.

7.89  Art. 18 of 4MLD requires Firms to adopt enhanced due diligence (EDD) measures where they deal with individuals or legal persons:

• •  established in third countries identified as high risk by the European Commission; or

• •  higher risk cases identified by Member States; or

• •  higher risk cases identified by Firms themselves.

7.90  EDD need not be automatically applied to branches or majority-owned subsidiaries of obliged entities established in the EU located in high risk jurisdictions as long as such branches or subsidiaries comply fully with group-wide policies and procedures.

7.91  Firms should examine, as far as reasonably possible, the background and purpose of all complex and unusually large transactions, and all unusual patterns of transactions, which have no apparent economic or lawful purpose. Where a relationship is established, Firms should increase the degree of monitoring of the business relationship, in order to determine whether the transactions or activities appear suspicious.

7.92  Annex III to 4MLD provides a non-exhaustive list of potentially higher risk factors which Firms as a minimum should take into account when assessing the risk of money laundering and terrorist financing. When carrying out a risk assessment, Firms are expected to rely on information provided not only at EU level and Member State guidance and commentary, but also on their own due diligence and market knowledge.

(p. 344) 7.93  Annex III lists the factors under three heads:

• •  customer risk factors;

• •  product, service, transaction, or delivery channel risk factors; and

• •  geographical risk factors.

7.94  Art. 20 of 4MLD requires Firms to take additional due diligence measures where they are in transactions or business relationships which involve politically exposed persons (PEPs).Art. 3(9) of 4MLD provides a lengthy definition of a PEP. In summary, the definition includes any individual who performs a prominent public function including heads of government or state, government ministers, members of parliament, senior judiciary, high ranking public officials, and senior managers of state-owned enterprises.

7.95  Firms are required to put in place appropriate risk management systems to determine whether a customer or a beneficial owner of the customer is a PEP.

7.96  Where a Firm has identified a customer as a PEP it is required to apply certain measures in relation to their business relationship with that person. The Firm must:

• •  obtain senior management approval for establishing or continuing a business relationship with a PEP;

• •  take adequate measures to establish the source of wealth and source of funds that are involved in business relationships or transactions with such persons; and

• •  conduct enhanced, ongoing monitoring of those business relationships.

7.97  Art. 23 of 4MLD extends Firms’ due diligence obligations requiring them to complete additional due diligence in relation to family members or persons known to be close associates of a PEP.

7.98  Where an individual ceases to perform a role which would make him or her a PEP, Firms are obliged to take account of the continuing risk posed by that individual and continue to apply appropriate risk-sensitive measures until such time as that individual is deemed to pose no further risk. Art. 22 of 4MLD provides that such period should be a minimum of twelve months.

7.99  Art. 30 of 4MLD requires Member States to ensure that corporate and other legal entities incorporated within the Member State maintain adequate, accurate, and current information on their beneficial owners and provide a Firm with details of both their legal and their beneficial owners as part of the Firm’s due diligence process.

7.100  Adequate information on beneficial ownership must be held in a central register in each Member State and should be capable of being accessed on a timely basis by regulatory authorities and without restriction. The information on the register should also (p. 345) be available in a timely manner to Firms carrying out customer due diligence and any other person who can demonstrate a ‘legitimate interest’.

7.101  Access to beneficial ownership information must be in accordance with data protection requirements. Fees may be chargeable but must properly reflect the administrative costs.

7.102  Art. 30(8) of 4MLD makes it clear that Firms cannot rely only on the information held in the register to complete their due diligence. Rather, they must take a risk-based approach and obtain sufficient information to reflect the risk posed by each customer concerned.

7.103  Art. 31 of 4MLD extends the obligations on corporates to trustees. Recital 17 makes it clear that the legislators are keen to ensure that there is a level playing field between different legal forms. Therefore, trustees are required to hold adequate, accurate, and up-to-date information on beneficial ownership regarding the trust. Art. 31(1) of 4MLD states that such information shall include the identity of:

• •  the settlor;

• •  the trustee(s);

• •  the protector (if any);

• •  the beneficiaries or class of beneficiaries; and

• •  any other natural person exercising effective control over the trust.

7.104  Trustees are required to disclose their status and provide the relevant information to a Firm in a timely manner when the trustee forms a business relationship or carries out an occasional transaction falling within the scope of 4MLD.

7.105  The information specified in Art. 31(1) of 4MLD must be easily accessible in timely manner by the regulatory authorities.

7.106  The information in Art. 31(1) must be held on a central register when the trust generates ‘tax consequences’. The information held must be adequate, accurate, and up to date. Regulatory authorities must be provided with timely and unrestricted access to the register with the parties to the trust concerned being alerted. Such authorities must also be able to provide the information on the register to regulatory authorities in other Member States.

7.107  Firms may also be provided with access to the register.

7.108  Art. 31(8) of 4MLD is a catch-all provision and seeks to ensure that the measures in Art. 31 are also applied to other types of legal arrangements with a structure or function similar to a trust.

7.109  Member States are required to establish financial intelligence units (FIUs) (notifying details to the EU Commission) with a view to preventing, detecting, and combatting money laundering and terrorist financing. FIUs must be independent and autonomous (p. 346) with the capacity and authority to carry out their functions freely, including the ability to take autonomous decisions to analyse, request, and disseminate information. FIUs should be responsible for receiving and analysing suspicious transaction reports and other information relevant to money laundering, associated predicate offences, and terrorist financing.

7.110  FIUs must:

• •  have adequate financial, human, and technical resources to fulfil their tasks;

• •  have access in a timely manner to financial, administrative, and law enforcement information;

• •  where appropriate, be able to respond to information requests from their Member State regulatory authorities;

• •  be provided with feedback from regulatory authorities about the use of information provided by it and the outcome of investigations or inspections undertaken as a result of such information;

• •  be able to take urgent action to suspend or withhold consent to a transaction where money laundering or terrorist financing is suspected in order to analyse it and provide the results to the regulatory authorities; and

• •  be empowered to take action at the request of an FIU in another Member State in accordance with the national law of the FIU receiving the request.

7.111  Firms and where applicable their directors and employees must:

• •  inform the FIU on their own initiative where the firm knows, suspects, or has reasonable grounds to suspect that any funds are the proceeds of criminal activity or are related to terrorist financing and promptly respond to FIU requests for additional information; and

• •  provide the FIU at its request with all necessary information in accordance with applicable law.

7.112  All suspicious transactions, including attempted transactions must be reported.

7.113  Firms must not carry out any transaction which they know or suspect to be related to the proceeds of criminal activity or terrorist financing until they have informed the FIU and have complied with any further specific instructions from the FIU or regulatory authorities in accordance with the law of the relevant Member State.

7.114  If refraining from carrying out a transaction is impossible or likely to frustrate efforts to pursue the beneficiaries of a suspected operation, the firm must inform the FIU immediately afterwards.

7.115  Disclosure of information in good faith by a Firm or an employee of director of a Firm shall not be considered to be in breach of any restrictions on disclosure of information (p. 347) imposed by contract or any legislative, regulatory, or administrative provision. In addition, such disclosure shall not involve the Firm, its directors, or its employees in any liability even where they were not precisely aware of the underlying criminal activity and regardless of whether illegal activity occurred.

7.116  Firms, their directors, and employees must not disclose to the customer or other third parties (excluding relevant regulatory authorities, certain appropriate intra-group disclosures, and, subject to certain requirements, Firms involved in the same matter) the fact that an information disclosure is being, or has been, made or that a money laundering or terrorist financing analysis is being undertaken.

7.117  Whilst data protection requirements apply to anti-money and terrorist financing records held by Firms, 4MLD does significantly impact on their application.

7.118  Firms must retain for five years after either the end of the business relationship with their customer or after the date of an occasional transaction:

• •  copies of customer due diligence records and information; and

• •  supporting evidence and records of transactions.

7.119  At the end of this period the data should in general be deleted subject to any relevant local law requirements.

7.120  Data can only be processed by Firms in accordance with 4MLD where such processing is for the purposes of the prevention of money laundering and terrorist finance.

7.121  The data subject’s access to data records is restricted to help deliver the application of 4MLD.

7.122  Art. 45 of 4MLD provides an obligation on Firms to implement group wide policies including procedures for data protection and information sharing within the group for AML and anti-terrorist financing.

7.123  Firms with branches or majority-owned subsidiaries in third countries with less strict AML or anti-terrorist financing arrangements must ensure that those operations comply with their home Member State requirements to the extent that the third country permits.

7.124  The 5MLD⁵⁹ contains amendments to 4MLD which will improve transparency and the existing preventative framework to more effectively counter money (p. 348) laundering and terrorist financing. Specifically, the measures set out under 5MLD are intended to:

• •  enhance the powers of EU FIUs and facilitating their increasing transparency on who really owns companies and trusts by establishing beneficial ownership registers;

• •  prevent risks associated with the use of virtual currencies for terrorist financing and limiting the use of pre-paid cards;

• •  improve the safeguards for financial transactions to and from high-risk third countries;

• •  enhance the access of FIUs to information, including centralized bank account registers; and

• •  ensure centralized national bank and payment account registers or central data retrieval systems in all Member States.⁶⁰

7.125  The deadline for transposition of 5MLD into the last of the Member States is 10 January 2020.

7.126  This section seeks to summarize key elements of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (2017 Regulations) and provide a guide to their impact on commodities firms.

7.127  The 2017 Regulations update the UK AML and anti-terrorist regime and implement the 4MLD.

7.128  The 2017 Regulations bring together in one instrument many of the AML and anti-terrorist financing obligations. Much of the content of the 2017 Regulations is familiar, but there are some new concepts and many of the established provisions have been further developed.

7.129  As with the previous regime, credit institutions and MiFID investment firms (together referred to as Firms) fall within the group which is subject to the 2017 Regulations.

7.130  The FCA is the supervisory authority for Firms and other authorized persons subject to the 2017 Regulations. For other persons not authorized by the FCA, but who are captured by the 2017 Regulations, HM Revenue and Customs registers and supervises certain business activities⁶¹ whilst professionals who are members of the professional (p. 349) bodies listed in Schedule 1 to the 2027 Regulations are supervised by their respective professional body.

7.131  As a supervisory authority under the 2017 Regulations the FCA is required to identify and assess risk of money laundering and terrorist financing in relation to the Firms which it regulates.

7.132  Firms are also subject to an express requirement to take appropriate steps to identify and assess the risks of money laundering and terrorist financing to which their businesses are subject.

7.133  In carrying out their assessment Firms must take into account information from the FCA and certain specified risk factors including factors relating to:

• •  its customers;

• •  countries or geographic areas in which it operates;

• •  its products and services;

• •  its transactions; and

• •  its delivery channels.

7.134  Firms are required to keep a record of all the steps they have taken unless otherwise instructed by their regulator.

7.135  The obligation is subject to proportionality taking into account the size and nature of the Firm’s business.

7.136  A firm must establish and maintain policies, controls, and procedures to mitigate and manage effectively the risks of money laundering and terrorist financing identified in its risk assessment. These need to be regularly reviewed and updated and full records retained including how they are communicated within the Firms.

7.137  A Firm with subsidiaries or branches outside the UK must ensure that they apply its policies, controls, and procedures. Intra-group data protection and information sharing policies, controls, and procedures must be established for the purposes of preventing money laundering and terrorist financing.

7.138  Subject to proportionality a Firm must:

• •  appoint an individual who is a member of its governing body (or equivalent) or its senior management as the officer responsible for its compliance with the 2017 Regulations;

• •  screen relevant employees on appointment and throughout their employment;

• •  establish an independent audit function;

• (p. 350) •  appoint a nominated officer (within the meaning of the Proceeds of Crime Act⁶² and the Terrorism Act⁶³);

• •  notify the FCA within fourteen days of appointments under sections (i) and (iv) explained earlier; and

• •  establish and maintain systems which enable it to respond fully and rapidly to enquiries from investigators or law enforcement agencies.

7.139  When a disclosure is made to a nominated officer, the officer must consider it in the light of any relevant information and whether it gives rise to knowledge or suspicion (or reasonable grounds for either) that a person is engaged in money laundering.

7.140  Firms must take appropriate measures to train their relevant employees on AML and anti-terrorism law and how to recognize and deal with activities and transactions which may be related to money laundering or terrorist financing.

7.141  A Firm must carry out due diligence if a person:

• •  establishes a business relationship;

• •  carries out an occasional transaction with a value exceeding EUR1,000;

• •  suspects money laundering or terrorist financing; or

• •  doubts the veracity or adequacy of documents or information previously obtained for the purposes of identification or verification.

7.142  As part of due diligence a Firm must identify and verify a customer’s identity and assess (obtaining information where appropriate) the purpose and intended nature of the business relationship or occasional transaction.

7.143  Where a person acts as an agent for a customer a Firm must verify that agent’s authority to act for a customer and identify the agent based on documents and information obtained from a reliable and independent source.

7.144  If a Firm has taken due diligence measures, has made a disclosure under the Proceeds of Crime Act 2002 (POCA) or the Terrorism Act 2000 and continuing customer due diligence might result in a tipping off offence it may cease to continue to take them⁶⁴.

7.145  Where the customer is a body corporate a Firm must obtain and verify:

• •  the name of the body corporate;

• •  its company, or other registration, number;

• (p. 351) •  the address of its registered office and principal place of business; and

• •  if it is not listed, the law to which the body corporate is subject, its constitutional documents and the details of its directors or equivalent.

7.146  If the body corporate is not listed a Firm must also identify any beneficial owner (in summary, a person with control over the corporate or its management and persons with 25 per cent or more of the equity, or equivalent, or with 25 per cent or more of the voting rights)⁶⁵, take reasonable steps to verify such identity and take reasonable steps to understand its ownership and control structure. Where a Firm has exhausted all possible means of identifying a beneficial owner and has not succeeded in doing so or is not satisfied that the individual identified is the beneficial owner, it may treat a senior person in the body corporate as the beneficial owner.

7.147  A Firm must monitor the business relationship including through the scrutiny of transactions and the review of existing records for the purpose of keeping them up to date.

7.148  A Firm’s due diligence approach must reflect its overall risk assessment and its assessment of risk in any particular case taking into account certain factors including: the purpose of the arrangement; the size of the transaction; and the regularity and duration of the business relationship. In addition, it must be able to demonstrate to the FCA that its measures satisfy its own risk assessments and those factors identified by the FCA.

7.149  Firms are required to verify a customer, any agent of the customer or any beneficial owner before the establishment of a customer relationship. However, where it is necessary not to interrupt the normal conduct of business and there is little risk of money laundering verification may be completed during the establishment of a business relationship. Verification may take place after an account has been opened provided that there are adequate safeguards in place to ensure that no transactions are carried out before verification has been completed.

7.150  Where a Firm is unable to complete customer due diligence measures it must cease any transactions with the customer and consider whether it needs to make a disclosure.

7.151  Firms must adopt enhanced due diligence and ongoing monitoring measures (together referred to as EDD) where the risk of money laundering or terrorist finance is higher. Such situations include where the client is adjudged to be a PEP, where the client is (p. 352) established in a high risk country or where a transaction is complex, unusually large or has an unusual pattern. The 2017 Regulations cover PEP relationships in significant detail and provide a list of risk factors which Firms should consider when carrying out their assessment.

7.152  Simplified due diligence may be relied on where a Firm has determined that a particular business relationship or transaction presents a low degree of risk of money laundering or terrorist finance based on its own risk assessment, including an assessment of risk factors, and taking into account other relevant information.

7.153  Where a Firm has concluded that a matter is low risk it must continue to carry out sufficient monitoring to enable it to detect any unusual or suspicious transactions.

7.154  A Firm may rely on a third party to carry out customer due diligence measures although it will remain liable for any failure to apply such measures appropriately.

7.155  Where a Firm relies on a third party it must have arrangements such that it is able to obtain information, including relevant records, from that third party immediately on request. A Firm which wishes to rely on a third party must ensure that the third party meets certain requirements.

7.156  The 2017 Regulations do not contain provisions regarding the reporting of suspicious transactions to the law enforcement authorities. These obligations are provided by, in particular, sections 330 (failure to disclose: regulated sector), section 331 (failure to disclose: nominated officers in the regulated sector), and section 332 (failure to disclose: other nominated officers) of POCA. Sections 327–9 of the Proceeds of Crime Act (POCA) provide the definition of primary money laundering offences. Suspicious transactions reports should be made to the National Crime Agency.

7.157  Firms are required to keep the following records:

• •  copies of customer due diligence documents and information; and

• •  sufficient supporting records of transactions which enable a transaction to be reconstructed.

7.158  A Firm is required to hold records for five years from the date on which it knows or has reasonable grounds to believe that:

• •  an occasional transaction is complete; or

• •  a transaction which is part of a business relationship which has come to an end (records of any transaction and customer due diligence).

(p. 353) 7.159  Firms are not required to keep records of transactions which are part of a business relationship for more than ten years.

7.160  Firms need to be mindful of data protection obligations and to delete personal data where the formal retention period has expired and there is no other legal reason for continuing to retain the records concerned.

7.161  Data obtained for AML or anti-terrorist financing purposes can only be used for those purposes.

7.162  When an unlisted UK body corporate forms a business relationship with a Firm or enters into a transaction with a Firm which requires the Firm to carry out customer due diligence it must provide the Firm with:

• •  its name, registered number, registered office, and its principal place of business;

• •  its board of directors, or if there is no board, the members of the equivalent management body;

• •  senior persons responsible for its operations;

• •  the law to which it is subject;

• •  its legal owner;

• •  its beneficial owners; and

• •  its articles of association or other governing documents.

7.163  Where during the course of a business relationship there is a change in the identity of the individuals noted earlier, the UK body corporate must update the firm within fourteen days of the body corporate becoming aware of it.

7.164  Where requested the UK body corporate must provide all or part of the information listed above to a law enforcement authority.

7.165  Similar obligations apply to trusts and trustees.

7.166  HMRC is required to maintain a register of beneficial owners of taxable relevant trusts and potential beneficiaries of taxable relevant trusts. Trustees are required to provide HMRC with detailed information.

7.167  Both the FCA and HMRC (the Supervisory Authorities) have significant powers of investigation and enforcement. They can require firms to provide information including documents and have powers to enter and inspect premises.

7.168  The Supervisory Authorities can impose civil penalties including fines, removal of permissions, and prohibitions on individuals. Additionally, the 2017 Regulations provide a number of criminal offences which carry the risks of fines and imprisonment for persons who are convicted successfully.

7.169  At the time of writing, the UK government is consulting on the transposition of 5MLD into English law.⁶⁶

7.170  The US has passed several statutes seeking to prevent and punish money laundering. The first of these efforts was the Bank Secrecy Act of 1970 (BSA).⁶⁷ It required banks to report to the government cash transactions by customers in excess of USD10,000. This reporting requirement was based on a theory that large cash transactions are indicative of possible tax evasion or other criminal activity. Failure to file such currency transaction reports (CTRs) by banks was made a crime. The rules of the CFTC and the Securities and Exchange Commission (SEC) require their registrants to comply with the BSA’s currency reporting requirements.⁶⁸ Those registrants include futures commission merchants (FCMs) and broker-dealers.

7.171  The Money Laundering Control Act of 1986 (MLCA) made money laundering a crime where funds were transferred in connection with specified crimes.⁶⁹ Those crimes now include a broad array of violations, including financial crimes such as mail and wire fraud, securities law violations and violations of the Commodity Exchange Act of 1936. Penalties for money laundering can be severe, including fines of up to $500,000 or twice the value of the property involved in the crime, whichever is greater, and prison terms of up to twenty years. The MLCA also prohibited ‘smurfing,’ or ‘structuring,’ as it is sometimes called. This involves breaking up monetary transactions into amounts less than $10,000 in order to avoid filing a CTR under the currency reporting requirements of the BSA. The MLCA also provided for civil and criminal forfeiture of funds involved in money laundering.

7.172  The Money Laundering Prosecution Improvements Act of 1988 (MLPIA) prohibits financial institutions from issuing money orders, cashiers checks or bank checks to an individual in amounts of more than $3000 without proper identification from the customer.⁷⁰ In addition, financial institutions were required by the MLPIA to collect information concerning domestic and international electronic fund transfers in amounts of $3000 or more. Transfers between regulated financial situations where exempted from this requirement. The Annunzio-Wiley Anti-Money Laundering Suppression Act of (p. 355) 1992 also required financial institutions to file suspicious activity reports (SARs) of financial transactions by customers that were indicative of possible criminal activity.⁷¹

7.173  The Financial Crimes Enforcement Network (FinCEN), which was created in 1990 by the Secretary of the Treasury to monitor money laundering activities, became the central repository for the filing of CTRs and SARs. FinCEN acts as a clearinghouse for information concerning potential money laundering related crimes. Financial institutions filing SARs are prohibited from disclosing to the affected customer that such a filing has been made. Financial institutions are further prohibited from informing customers that their records have been subpoenaed by the government or that customer information has been disclosed to a grand jury.

7.174  The filing of CTRs and SARs impose a massive burden on financial institutions. Each CTR takes about twenty minutes to complete. Between 1987 and 1996, some 77 million CTRs were filed but those reports resulted in only 580 convictions.⁷² In order to ease that burden, the Money Laundering Suppression Act of 1994 directed the Treasury Department to reduce the burden of currency reports by exempting transactions among financial institutions.⁷³ The Financial Crimes Strategy Act of 1998 required to Department Treasury and the Justice Department to develop and coordinate nationwide law enforcement strategies to combat money laundering activities.⁷⁴

7.175  The USA Patriot Act of 2001 included additional AML measures.⁷⁵ This legislation required financial institutions to establish customer identification programs (CIPs). This requires financial institutions to verify the identity of their customers. Banks were required to use due diligence in their dealings with foreign correspondent banks. The SEC also adopted a CIP requirement, which mandates that broker-dealers establish procedures to verify the identity of customers. Broker-dealers must also create and maintain records of that process.⁷⁶ The Treasury, FinCEN, and the CFTC jointly issued a regulation requiring futures commission merchants (FCMs) and introducing brokers (IBs) to create CIPs that identify and verify the true identity of customers. Those policies and procedures must provide a reasonable belief that the FCM or IB knows the true identity of each customer.⁷⁷

7.176  The rules of the CFTC and SEC require their registrants to comply with the BSA’s currency reporting requirements.⁷⁸ Those registrants include FCMs and broker-dealers. Broker-dealers and FCMs are additionally required to file SARs; they must develop (p. 356) AML compliance and audit programmes; and they must provide employees with training in order to prevent and detect money laundering.

7.177  FINRA and the National Futures Association (NFA), the self-regulatory bodies of the securities and futures industry, also require AML compliance programmes as a part of their self-regulatory organization responsibilities. A federal district court has stated that AML compliance programmes must:

at a minimum: (1) provide for a system of internal controls to assure ongoing compliance; (2) provide for independent testing for compliance to be conducted by national bank or savings association personnel or by an outside party; (3) designate an individual or individuals responsible for coordinating and monitoring day-to-day compliance; and (4) provide training for appropriate personnel.⁷⁹

7.178  Large financial institutions are often targeted by prosecutors for money laundering related violations. For example, JPMorgan paid USD2.6 billion to settle money laundering charges over its handling of accounts that were part of Bernie Madoff’s massive Ponzi scheme. The Bank of New York-Mellon paid USD210 million to settle such claims. Other financial institutions also paid massive amounts to settle money laundering charges. For example, HSBC paid USD1.9 billion to settle money laundering charges; Standard Chartered paid USD667 million; ING Bank NV, USD619 million; Lloyds TSB Group PLC, USD567 million; Credit Suisse, USD536 million; ABN AMRO Holding NV/RBS Group PLC, USD500 million; Barclays, USD298 million; and Deutsche Bank, USD629 million to settle money laundering charges.⁸⁰

7.179  A variety of offences have been charged in money laundering-related cases brought by the SEC and CFTC against broker-dealers, FCMs, and other registrants. For example, in one case, the SEC found that the respondents failed to verify the identities of over 65,000 joint account owners.⁸¹ In another case, the SEC found that the respondent violated its CIP requirements because the firm had conducted order processing for foreign institutions without verifying their identities.⁸² The CFTC has also settled money laundering failures by registrants for, among other things, failing to maintain an AML programme.⁸³

7.180  Switzerland’s AML regime is compliant with the requirements set forth by the FATF. A hallmark of the Swiss system is that the supervision of commodities trading houses and other entities in scope is mainly executed through self-regulatory organizations (p. 357) and only in case of FINMA supervised and registered entities through FINMA itself. Commodities trading houses do typically not fall within the scope of application, because they are typically trading on own account and are not regulated.

7.181  Trading in physical commodities is only subject to the Swiss Anti-Money Laundering Act if it is done on behalf of third parties.⁸⁴

7.182  Proprietary trading and trading on account of third parties in bankable precious metals is subject to the obligations under the Swiss AML legislation.⁸⁵ Bankable precious metals are:⁸⁶

• •  gold bars and granulated gold having of at least 995/1000 purity;

• •  silver bars and granulated silver having of at least 999/1000 purity;

• •  platinum or palladium bars and granulated platinum or palladium having of at least 999.5/1000 purity.

7.183  The trading in investable gold, silver, platinum, or palladium coins if the market value does not exceed 5 per cent of the notional value of the coins, but also scrap material that will be refined to bankable precious metals is generally subject to the Swiss AML obligations.⁸⁷

7.184  A commodities trading house qualifies as financial intermediary in case it is licensed as a bank or securities. They fall within the scope of application of the Swiss AML provisions. Any other trading activities of entities not licensed as securities dealers are not subject to the Swiss AML regulations. By analogy, entities trading commodities derivatives not being securities do not fall within the scope of application of the Swiss AML regulations.⁸⁸ The key requirements securities dealers have to fulfil are the verification of the identity of contractual parties and the establishment of the identity of the controlling person and the beneficial owner according to the CDB16.^89,90

7.185  Financial intermediaries not being supervised by FINMA must register with a self-regulatory organization or directly with FINMA. They will then become subject (p. 358) to the client and beneficial owner identification and transaction surveillance requirements set forth in the applicable directives of the self-regulatory organization or in case of FINMA-registered financial intermediaries according to the applicable provisions in the AMLO-FINMA.⁹¹

7.186  The securities dealer undertakes to verify the identity of the contracting partner when establishing business relationships. The execution of transactions involving trading in securities must exceed CHF25,000 in case of an account opening.⁹² For natural persons, the following topics must be appropriately documented:⁹³

• •  name;

• •  first name;

• •  date of birth;

• •  nationality and the actual domicile address; and

• •  means used to prove identity.

7.187  For legal entities and partnerships, the following topics must be appropriately documented:

• •  company name;

• •  actual registered office; and

• •  means used to prove identity.

7.188  If an operating legal entity or partnership has one or more controlling persons with voting rights or capital shares of 25 per cent or more, these are to be identified in writing. Controlling persons are those natural persons who effectively have ultimate control over the company. Whether these persons exercise control directly or indirectly via intermediate companies is irrelevant. A controlling person must generally be a natural person. The contracting partner must confirm the name, first names, and actual domicile address of the controlling person in writing or by using Form K.⁹⁴

7.189  The financial intermediary requires from its contracting partner a statement concerning the beneficial ownership of the assets. Generally, the beneficial owners of the assets are natural persons.⁹⁵ If the contracting partner declares that the beneficial owner is a third party, then the contracting partner has to document the latter’s last name, first name, date of birth, and nationality, along with actual domicile address, or the company name, address of registered office, and country of registered office using Form A.⁹⁶

7.190  Securities dealers have to determine business relationships and transactions that are subject to increased risk.⁹⁷ The initiation of such business relationships and the execution of such transactions are subject to enhanced due diligence requirements.⁹⁸ Such business relationships must be approved by the management.⁹⁹

7.191  The securities dealer must establish an organization that allows for efficient compliance with the applicable AML regulations and, in particular, must designate a dedicated AML function.¹⁰⁰ New products must be checked by the securities dealer on their compliance with the applicable regulations. Securities dealers must, in particular, establish an effective mechanism for the surveillance of transactions and business relationships based on an IT system.¹⁰¹(p. 360)