LESSON 6: RISK MANAGEMENT, CUSTOMER ADMISSION POLICY AND DUE DILIGENCE MEASURES
RISK MANAGEMENT
Law 10/2010 and their implementing regulations establish the obligation that every obliged subject must have a written approval and apply adequate policies and procedures that prevent and impede operations related to money laundering and terrorism financing.
Mentioned policies and procedures must contemplate the classification of clients and operations based on parameters previously defined by the obliged subject after carrying out a prior risk analysis.
The law establishes risk criteria that all reporting entities must consider (for example, funds from risk jurisdictions or tax havens). Along with these common risks, each reporting entity must consider its own risks. For instance:
- Do you receive funds from clients who handle a lot of cash?
- Are your clients mostly abroad residents?
- What is the average amount of your operations?
CLIENT ADMISSION POLICY
After examining all the risks, the obliged subject must set up a written client admission policy, which must contain:
- The criteria that will serve the company to classify its clients or operations (low risk, medium risk, high risk and unaccepted clients).
- The criteria that will determine which clients will be considered unaccepted and, therefore, will not be able to operate or maintain business relationships with the obliged subject.
- The definition of the measures that will be applied to each of them.
DUE DILIGENCE MEASURES
Due diligence measures are actions that allow the obliged subject to know who its client is. The Law and the regulations establish which are mandatory and, in some cases, strictly regulate how to carry them out (for example, formal identification).
Normal due diligence measures are as follows:
- Formal identification of the client (request the reliable documents for the purposes of formal identification established in article 6 of the regulation).
- Identification of the beneficial owner (know who is the ultimate beneficiary of the operation).
- Know the purpose or nature of the business relationship.
When defining and approving due diligence measures, the obliged subjects will determine what documentation is necessary for their compliance, except in those cases, in which the regulations expressly determine which document will be considered a valid document.
These measures are not a compilation of documents but must seek consistency between our client and the operation he is trying to carry out. Therefore, considering the risks detected in the previous risk analysis, the obliged subjects must define and design due diligence measures.
Likewise, together with the normal diligence measures, the obliged subjects must determine which reinforced measures will be applied to those customers whose risk is higher than the average (called high-risk customers).
The diligence measures (normal or reinforced where appropriate) will be applied both to the end customer of the operation and to any person who may intervene in it (guarantor, lender, donor, etc.), since, in this third party, there can be an element of risk that requires a more exhaustive analysis of the operation.
Due diligence measures must therefore be applied:
- Before starting the business relationship with the client.
- As long as the business relationship persists. In this case, the obliged subject will be the one who determines in which period all or certain due diligence measures must be reapplied, always considering the legal provisions in this regard.
REMEMBER:
Due diligence measures can be normal, simplified, and reinforced. Will apply:
a) To the end customer and just before executing the operation.
b) To the end customer before starting the business relationship and, during the same until the execution of the operation, in accordance with the procedures approved by the company.
c) Any participant in the operation since its existence is known (for example, since it is known that there is a private lender)
