Fifth Anti-Money Laundering Directive (5AMLD)

Almost 70 percent of money laundering and terrorist financing flows through legitimate financial institutions. Yet the United Nations Office on Drugs and Crime estimates that less than 1 percent of the global trade is seized and frozen.

The main changes, among others, in 5AMLD are as follows : • Extended scope of obliged entities : virtual currencies and pre-paid instruments. • Wider access to beneficial ownership information. • Customer due diligence: with a risk-based approach, obliged entities, must “right-size” their customer due diligence based on the level of risk.

The Risk Monitoring Imperative

Organisations today face an evolving array of risks – and corporate boards and executive leaders are feeling the pressure. According to a global survey of board members and C-suite executives, “The impact of the U.K. Brexit vote, increased volatility in commodity markets, polarisation surrounding the recent U.S. presidential election, terrorist events, asset bubbles in China, continued discussion about fair wages and income equality, and ongoing instability in the Middle East” has resulted in elevated concerns about business risk in 2018. Moreover, companies increasingly rely on third parties to conduct business – from complex, globallydistributed supply chains to extensive networks of clients, partners, or agents working on their behalf. How vast are these networks?

– 40% of companies oversee 1,000 third parties annually – 29% manage more than 5,000 third-party relationships

And those numbers don’t include customers. As a result, companies need a risk mitigation strategy that goes beyond traditional due diligence for on-boarding suppliers and third parties. The 2017 Anti-Bribery & Corruption Benchmarking Report, issued jointly by Kroll® and Ethisphere®, found that “More than half (55 percent) of respondents report that they identified legal, ethical, or compliance issues with a third party after due diligence had been conducted.” Ongoing monitoring can help you build a more complete picture of risk exposure—and proactively mitigate risk.

Hot topics for internal audit 2018

This year, a wider group of European Institutes of Internal Auditors have taken a more ambitious approach, interviewing Chief Audit Executives (CAEs) from major organisations in six European countries – France, Italy, the Netherlands, Spain, Switzerland and the UK – to home in on key themes requiring the attention of internal audit to mitigate risk and protect and add value in their organisations.

These Hot Topics were identified through in-depth, qualitative interviews with CAEs across a diverse range of critically important sectors – construction/infrastructure, financial services, IT, manufacturing, public sector, retail/consumer, telecoms and utilities/energy – and from organisations that truly lead these industries. To put this into perspective, these organisations have an aggregate market capitalisation in excess of €724bn, revenues of over €441bn, employ more than 1.86 million staff and are present in no less than 173 countries. In the financial services sector alone, the CAEs represent internal audit functions in firms collectively worth €325bn and turning over upwards of €207bn.

This whitepaper provides knowledge and insights as an invaluable snapshot of the thinking of leading internal audit professionals across Europe.

The European Union fourth Anti-Money Laundering Directive

When the 4AMLD was enacted on June 25, 2015, the European Commission established a 2-year window for implementation by EU Member States. A 2016 amendment to the Directive identified additional “obliged entities” and shortened the implementation deadline by six months.

EU Member States are now transposing it into their national laws and all “obliged entities” must have compliance programmes in place to mitigate risk. Věra Jourová, the EU’s commissioner for Justice, Consumers and Gender Equality said: “The update of the Fourth Anti-Money Laundering Directive will prevent any loopholes in Europe for terrorists, criminals or anyone trying to play with taxation rules to finance their activities. ”

A Deeper Look at the 4AMLD : Naturally, the 4AMLD focuses on traditional financial services organisations such as credit and financial institutions, but the list of “obliged entities” from the original Directive also includes other professionals.

Certification of Credit Risk Management

CO.E.RI.KOSMOS SRL located in Turin, has been working in the field of Credit Risk Management for over 30 years.

Since 2016, CO.E.RI.KOSMOS is the scheme owner of the standard template CRMS FP 07: 2015. This is the first standard template for the Certification of the Commercial Credit Management System approved by “Accredia (MISE)” under the requirements of the European Application Document EA-1/22 – AB: 2015.

Continue reading…

How companies should respond to the ever-changing world of sanctions risk

Around the world in eight sanctions regimes Sanctions are imposed on regimes, entities or individuals by governmental and intergovernmental bodies, in the hope of curbing or changing their behaviour. They come in many forms, including asset freezes, flight bans, and restrictions on trade and other financial transactions. These bodies regularly publish and update their sanctions lists, which presents a significant risk of an unintentional breach to companies of all sectors that trade internationally. If a firm breaches sanctions, it can expect to face serious legal, financial and reputational repercussions. Punishments can include a civil or criminal legal conviction, a large regulatory fine, or a ban on bidding for future national or World Bank contracts.n the last few months alone, sanctions around the world have changed significantly. To measure the current extent of these changes, LexisNexis Business Insight Solutions has compiled this report with the latest information on sanctions regimes at governmental and intergovernmental level. The report focuses on how sanctions have changed in eight countries: the US, UK, Russia, Iran, Myanmar, Cuba, Democratic People’s Republic of Korea (North Korea), and the Democratic Republic of Congo (DRC). The report goes onto look at the steps companies can consider to mitigate the risks of breaching sanctions.

In Search of a Single Version of the Truth: Adopting a Universal Data Model

Firms today require access to unprecedented volumes of data to meet growing demands for transparency and integrity across all their business activities. Operational needs and regulatory requirements are driving rigorous data sourcing, collection and integration efforts. The task is made more complex and expensive by the need for data that is consistent with the business, finance and risk management activities of the institution. In short, the need to obtain the much discussed ‘single version of the truth’ has never been more pressing.

Our newest paper looks at the challenges of addressing multiple regulatory requirements while striving for increased profitability. It explains how firms can normalize their internal data collection processes – and retain the flexibility they need to support the finance and risk functions, and business activities across the enterprise – by adopting a universal data model.

IFRS 9: Unexpected Gains from Expected Losses

To follow IFRS 9 protocols, firms will be required to exercise judgment throughout the organization, evaluating internal developments and the wider economic and financial backdrop. The unique skills, perspective and outlook that each department, most notably Finance and Risk, brings to the task makes it one that’s best accomplished between them, working together, not just within them.

This is when the collaborative thinking incorporated into IFRS 9 will reveal its value most clearly. Our latest white paper outlines how – if all centers of leadership act in concert – an institution can comply successfully with, and benefit from, IFRS 9.

Stress Testing : Putting the Pieces Together to Solve an Increasingly Intricate Puzzle

As stress testing around the world becomes increasingly intricate, more and more is being asked of firms to have the systems in place to monitor activities, gather data and apply models to analyze it. But is the industry confident it is where it need to be? When a poll of market participants who attended our recent stress testing webinar was asked: “Are you comfortable you can leverage your legacy systems to fulfil these stress-testing requirements?” 14 percent offered an unqualified “yes” and 32 percent an unqualified no; the remaining 54 percent declared themselves “not fully comfortable”. This whitepaper gives a comprehensive overview on the changes in stress-testing practices over the years, the differences in the regional regimes and addresses whether testing 2.0 can be executed effectively with system 1.0.

Guideline Data Acquisition for Investigation Purposes

IT security incidents sometimes are of such nature that the organisation affected by the incident wants to pursue prosecution. However, often the facts are not necessarily immediately communicated to the police for a variety of reasons, including the fact that the ir scope and nature is not clear from the beginning. For prosecution to be successful, the chain of custody needs to be preserved in a legally accepted manner, which requires the evidence to be preserved immediately after the detection of the incident.

It should be noted that communication to law enforcement authorities must be made as soon as possible after discovery of the facts given the volatility of traces and actions that could be taken (Internet identification, etc.). The purpose of these guidelines in this white paper is to help IT services to preserve evidence in an IT security incident in such a way that the investigation by IT security experts or law enforcement authorities can be carried out in an optimal manner.