Common Mistakes by Chartered Accountants in AML Compliance
Chartered Accountants (CAs) manage accounting, auditing, and financial reporting services for clients, set up a company, assist in operating and managing the operations and client’s funds, etc. These services make them vulnerable to the risks of money laundering. In response, you must apply AML measures to manage and prevent risks. However, Chartered Accountants must avoid the most common mistakes during the AML compliance journey.
To avoid these mistakes, you must be aware of them. Our blog helps you with a list of common AML compliance mistakes by Chartered Accountants. The blog explores the applicable AML regulations for practicing Chartered Accountants. It also discovers the red flags the CAs may observe, indicating the potential exposer of money laundering (ML), terrorism financing (TF), and other financial crime risks such as proliferation financing (PF).
AML regulations applicable to Chartered Accountants in India
The primary AML laws applicable to Chartered Accountants in India are:
a. The Prevention of Money Laundering Act, 2002 (PMLA)
In this context, it is essential to note that the notification issued under the PMLA provides that the practising Chartered Accountants would be construed as “Designated Non-Financial Businesses and Professions” when conducting financial transactions in relation to the following activities in the course of their profession and on behalf of the client:
- buying and selling of any immovable property
- managing of client’s money, securities, or other assets
- management of bank, savings, or securities accounts
- organisation or arranging for any contributions to the creation, operation or management of client’s companies
- creation, operation or management of companies, LLP or trusts
- buying and selling of business entities
b. The Unlawful Activities (Prevention) Act, 1967
c. The Weapons of Mass Destruction and Delivery Systems (Prohibition of Unlawful Activities) Act, 2005
d. FIU-India’s AML & CFT guidelines for professionals with certificates of practice from ICAI, ICSI, and ICMAI
e. International Financial Service Centre Authority (AML, CFT, and KYC) Guidelines, 2022 (for the CAs registered with IFSCA and practising from IFSC)
f. Several rules and circulars of FIU-India govern their operations in alignment with PMLA
The above regulations and rules require the Chartered Accountants to adopt the following measures for mitigating the ML/FT risks:
- Understand your business’s risk exposure by performing risk assessments
- Develop appropriate AML/CFT policies, procedures, and controls
- Conduct adequate KYC and Customer Due Diligence processes for identifying the customer before onboarding
- Screen your customers and employees against sanctions, PEPs, and watchlists
- Conduct enhanced customer due diligence of high-risk customers
- Perform ongoing monitoring of the transactions and business relationships (customers’ re-KYC during the business relationship and consistency between transactions and overall risk profile)
- Appoint a designated director and a principal officer to handle the AML activities
- Conduct AML training for employees
- File the reports on suspicious transactions to FIU-India
- Do not tip off the clients on any suspicious transaction reported to authorities
- Maintain records for at least five years (six years for IFSCA-regulated CAs)
You must follow each of these requirements to prevent financial crimes. You can only manage them by avoiding the most common mistakes in AML compliance. Let’s look into these mistakes individually so you can sidestep them.
Mistakes by Chartered Accountants in AML Compliance
The common AML compliance mistakes by Chartered Accountants include the following:
Lack of awareness of AML requirements
As a practising Chartered Accountant in India, you must fulfil the AML obligations. But how will you follow these requirements if you don’t know them? So, you must have complete knowledge of AML requirements you need to adhere to. Lack of awareness of AML laws is a mistake by CAs in AML compliance.
When you are aware of them, you know what obligations you need to follow. You must understand the activities notified as subject to AML compliance and be in a position to adequately separate the same from the general services which are not included in PMLA.
You must know the deadlines, formats, and procedures of submissions. Also, information on the best practices of each AML procedure – KYC, CDD, transaction monitoring, and others will make your compliance smoother.
So, have a complete awareness of these crucial points of AML.
Forgetting to take a risk-based approach to AML compliance
The Indian AML regulations need you to conduct business risk assessments. Herein, you identify the risks to your business from:
- Customers
- Transactions
- Geographies/jurisdictions
- Nature of services (specifically the ones included in the definition of the “Designated Non-Financial Businesses and Professions” of the PMLA)
- Delivery channels
Take a risk-based approach to determine appropriate AML measures based on these risks. These AML measures must align with your AML requirements. These measures help you prevent, manage, or mitigate the identified risks.
If you forget to take a risk-based approach, you treat all risks equally. That means you are making the same efforts in fighting them. It does not make sense if you conduct the same procedures for high-risk and low-risk customers. So, forgetting to take a risk-based approach to AML compliance is a critical mistake by Chartered Accountants in AML compliance.
Not aligning the AML policies with the regulatory expectations
You create your AML policies per your requirements under the AML laws. This is what alignment with regulatory expectations means. If you don’t align, it might lead to non-compliance. Maybe more money laundering risks, a drop in your reputation, and financial instability.
So, the lack of alignment of AML policies with regulatory expectations is a mistake by Chartered Accountants in AML compliance.
When you align them, you achieve the following:
- Compliance with regulations saves you from fines, legal sanctions, and reputational damages.
- Commitment to ethical business practices, integrity, and transparency, improving credibility.
- Global AML compliance, leading to international cooperation and business expansion possibilities.
- Prevention of risk exposure to money laundering, proliferation financing, and terrorism financing.
- Reduction in illicit money flow, resulting in financial stability and integrity.
- Better management and mitigation of risks affecting your business.
- Enhanced collaboration and cooperation between entities, regulators, and stakeholders against financial crimes.
So, alignment with regulations is necessary for all these benefits to your business, country, and the world.
Disregarding client acceptance principles
What’s the purpose behind conducting KYC and CDD? It’s about knowing your customers better. Know their identities, addresses, sources of funds, beneficial owners, and other details. All these details help you spot suspects.
But before this, you must define your customer acceptance. You must know what levels of information on each criterion make a customer acceptable. And what indicators in customer data points make them unacceptable. For example, customers from sanctioned countries are not okay. Customers from jurisdictions with weak AML measures are okay but subject to specific stringent AML measures.
So, you must define the criteria for accepting and rejecting a client, adopting a well-defined customer risk profiling methodology. You must take a risk-based approach to it. Consider their business’s nature, complexity, volume and frequency of transactions, reputation, and other factors. Also, regular tracking of these factors helps you consider the changes.
Missing it means you take a judgment call on a case-to-case basis. You might turn out to be wrong in some of the cases. So, disregarding a clear definition of client acceptance principles is a mistake by Chartered Accountants in AML compliance.
Neglecting proper procedures of KYC, CDD, screening, and transaction monitoring
One essential way of achieving AML compliance is the seamless performance of KYC, CDD, and transaction monitoring. If you commit to these processes, you can generate desired outcomes pertaining to uncovering the identity of the customer and the risk they pose to the business. So, make it a practice to execute proper KYC, CDD, and screening procedures. Neglecting these processes is a common mistake in AML compliance by CAs.
With KYC and CDD, you can know your customers better. So, ensure that you perform these processes diligently. Collect all the possible details. Verify them with customer-submitted documents and other third-party sources. For customer screening, consider the latest watchlists of sanctions, PEPs, and terrorists. Match them according to all criteria to get accurate results.
Similarly, define your method well for ongoing transaction and business relationship monitoring. Determine the transaction rules based on the red flags or warning signs of suspicious transactions. Only with proper, well-defined processes can you achieve the desired outcomes.
Absence of knowledge of the red flags of suspicious transactions in your business
The nature of accountancy and audit business makes it vulnerable to money laundering. Your association with clients for financial, advisory, and legal matters exposes you to financial crimes. There are specific factors that are warning signs of these risks. You must be aware of these warning signs of the danger of illicit activities.
Ignorance of this factor is a mistake in AML compliance by Chartered Accountants.
So, you must know the common and industry-specific red flags, like:
- The unusual nature of the transaction, inconsistent with the client’s profile
- Large-sized transactions with no apparent reasons
- Unusual patterns in a transaction/s, varying from the usual ones
- Complex business structure
- Reluctance to answer your questions on transactions or identities
- Clients from high-risk industries or geographies
- Use of shell companies for several transactions
- Inaccurate or fraudulent documentation
- Client avoiding face-to-face meetings
- The client is a PEP or related to a PEP
- Client with unexplained sources of wealth
All these are crucial factors for you to know about. Knowing them lets you spot suspicious transactions and take further action.
Overseeing the need for timely and format-specific submission of STRs
The PMLA Act and the guidelines require CAs to file STR via their statutory regulatory bodies (SRBs), i.e., the Institute of Chartered Accountants of India.
You must submit these reports in the required format with all the necessary details. You must report these transactions immediately once suspicion is identified. It can be a suspicious transaction or only an attempt at it, irrespective of the value involved.
So, the rule requires you to submit accurate, complete, and on-time STRs. Failing to submit STRs on time or submitting inaccurate or incomplete STRs is a common AML compliance mistake by Chartered Accountants.
Tipping off the client on STR filed to FIU-India
The PMLA Act, IFSCA Guidelines and other regulations do not want the clients to know about STRs filed against them. If you tip off the client before or after filing the STR, they will try to save themselves.
So, avoid informing the client about any STR filing against their transaction. If you think the client might get an inkling of the suspicion by collecting more details during due diligence, avoid doing that. Just collect all possible transaction details and file an STR to FIU-India. Tipping off the client would be a lapses by Chartered Accountants in AML compliance.
Ignoring the periodic review of policies, due diligence, and risk assessments
Your AML policies cannot stay stagnant. You must change them with respect to changes in regulations and other factors. So, ignoring the periodic review of AML policies is a common mistake by CAs in AML compliance.
Reviewing them keeps them up-to-date with the ever-changing regulatory requirements and growing business practices. You must keep them relevant to the changes in risks and threats to your business. Thus, reviews make you move in the right direction of compliance and risk management.
Moreover, by regular reviews, you can identify weaknesses and gaps in AML compliance. Thus, you can improve your AML policies to remove the gaps and improve their effects on financial crimes. You make them more productive, efficient, and robust.
Forgetting to maintain documentation and records
Whatever you do for AML compliance – the activities – are also critical for future use in your AML compliance journey, like your KYC, CDD, transaction monitoring, risk assessments, and customer screening. These are the proof of your compliance with AML requirements. So, saving their records and documents is crucial.
You must maintain these records for five years after the business relationship or transaction ends (this minimum period for record-keeping is six years for entities registered with IFSCA). Also, maintain them in proper format and in a manner that enables easy access and retrieval. Generally, authorities refer to these records during audits and investigations. Also, you might need them to check a customer’s past risk profile or other details.
So, forgetting to maintain proper documentation of AML measures is a common AML compliance oversight by Chartered Accountants.
These are the common mistakes by Chartered Accountants in AML compliance. You must avoid committing these mistakes in your AML compliance framework. This is how you can improve your AML efforts and prevent financial crimes. If you need an AML consultant to help you in your journey or advice on the best AML measures for your business, AML India is right here.
AML India – your partner for professional AML consulting services
AML India leads you on the path of AML compliance in India. We identify your AML requirements and provide our proven solutions and services for compliance. You can take your AML efforts to the next level by associating with us. This is possible through our services of:
- Creating and implementing AML policies, procedures, and controls
- Performing KYC, CDD, and screening of customers
- Monitoring transactions
- Imparting AML training to employees
- Identifying suitable AML software solutions for your business
About the Author
Pathik Shah
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.