What the Law is | What the Law Ought to be

All business sectors are not equal in the degree and nature of money laundering risks to which they are inherently exposed. Accordingly, rules should be adapted to reflect the characteristics of each business sector. While Regulators do label rules as ‘sector specific’ – in some cases there seems to be very little matching of the rules to the degree and nature of the risks to which some business sectors are truly exposed.

One particular business sector affected by this is the general insurance industry which has for years been calling upon Regulators to change the existing rules to reflect the nature of their business, the degree of risks they face, and how those risks are truly mitigated.

The vulnerability of most general insurance industry products may be considered low because, (amongst other things): (a) the products require much more effort to launder funds than most money launderers are willing to take, (b) simple yet effective internal controls can counteract the attempts to launder money at the premium payment stage, and (c) in the general insurance industry the indicia of money laundering represent the indicia of another financial crime – fraud. So, the question is – with this understanding, how does one craft an anti-money laundering regime which is suitable for the general insurance business model. Here are some considerations:

One consideration is that in the general insurance industry combatting fraud is already a fundamental part of the business model. Claim assessors carefully consider policy claims and investigate claims which present suspicious indicators – all with the view to ensure that the insurance company does not lose revenue by honouring false claims. To the relief of Compliance Officers, we do not have to tell the general insurance company to put procedures and controls in place to prevent fraud – because of the obvious instinctive desire to prevent loss of revenue by fraud. As a result, what we have, is an industry already poised to prevent, control, and combat fraud and in so doing, poised to prevent, control, and combat money laundering.

Another consideration is that the Know Your Customer (KYC) information set out, in at least the Barbados regulatory guidelines, can be categorised as , (a) – information which is probative of the legal identity of the customer and, (b) – information which allows the business institution to identify money laundering risks and to classify customers overall money laundering risk. For ease of reference, we will categorise these as (a) – KYC – identity information, and, (b) – KYC – risk assessment information.

The issue is that in the general insurance industry the overall customer risk (that is, money laundering risk) seems to have little or no bearing on the discovery of a fraudulent claim/money laundering activity or the increased monitoring of transactions based on the overall customer risk, since in all claims, the general insurance industry would naturally be vigilant for fraud indicators regardless of the overall customer (money laundering) risk. If there is any risk based approach taken it would probably be based on the quantum of the claim presented. So that, the higher the quantum the stronger the anti-fraud procedures and controls. All of the above, means that the information gathering process for the general insurance industry at on-boarding could be limited to KYC – identity information and dispense (generally) with KYC – risk assessment information. In the Barbados regulatory guidelines for example, the rules are asking for both categories of information to be collected – with the latter (KYC – risk assessment information) not offering much help, if any, to the detection of a suspicious transaction/activity in the general insurance industry or monitoring of transactions based on customer risk. Furthermore, the information which regulatory authorities and law enforcement need would be, (a) the identity of the customers and, (b) the business transaction information which forms the basis of the suspicious transaction/activity report. All of this information can be provided without the KYC – risk assessment information.

In light of the above, here are some further considerations for Regulators:

1. What is the probative value of each mandatory document requested as KYC for each industry?
2. If the probative value of a document cannot be identified – do we not have a duty to remove the mandatory obligation to collect such information – or at best, categorise such information as that which can be requested ‘on a risk basis’ where it is possible, but not necessarily the case, that such information is helpful to the detection of an unusual/suspicious transaction/activity?

If we carefully consider all of the above, perhaps what we will create is an aml regime for general insurance suitable to its business model, that is, an aml regime which is based on:

a. Strong internal controls at premium intake stage
b. Strong anti-fraud controls at claims settlement stage which in so doing allow for the detection of unusual or suspicious transactions/activities
c. Mandatory collection of basic identification information for customers
d. A risk based approach to the collection of KYC – risk assessment information. That is, collected only, if in the opinion of the general insurer it is necessary to mitigate a money laundering, terrorist financing or proliferation financing/(s) risk, which may present itself to the general insurer, – that is – ‘on a risk basis.’

The above is ‘Something to Consider’ for our Regulators, business professionals, and compliance professionals. Until change can lawfully happen, we have a duty to uphold the letter and spirit of the law- as is. What we can do – is to understand clearly our business models, understand clearly our risks, understand clearly the law, and present our case to Regulators to agitate for changes which support the objectives of the anti-money laundering laws whilst concurrently being truly risk sensitive, as is always recommended. On the contrary, taking the law into ones’ hands can lead to compliance models which create undesirable risks and so is not ‘Something to Consider’.

There is a concept of open and frank discussion in regulation which gives us a forum to present our ideas to Regulators. Our compliance professionals should have the training and acumen to help businesses manage what the law is and also present the case to the Regulators for what the law ought to be. We trust our Regulators to consider our ideas and make changes where it is truly possible and for us to understand where it is truly not possible. This is also ‘Something to Consider.’

 

This article was authored by Michelle A. Knight. Michelle is the Managing Director, Legal and Regulatory Consultant, Knight Corporate Street Inc. and can be reached at michelle@knightcorporatestreet.com.