AML Obligations Loom for Residency by Investment Program Operators

Sylwia Wolos CAMS, IM Cert – Risk Solutions Consultant – Refinitiv
Sponsor

---

The risks and security challenges around Residency and Citizenship by Investment (RCBI) programmes, and remediation steps for these, have been a topic of discussion for several years. Some deep-dive recommendations and practical suggestions on best risk management practices have been shared by RCBI industry organisations, supported by due diligence and risk management experts, as well as civil society. While much of the debate has been around steps governments should take, there is increasing visibility into the role of all stakeholders, especially the agents, in creating a sustainable RCBI sector. 

Agents have, in the past, faced an obvious conflict of interest between the prospect of gaining a new client and the need to adhere to the highest ethical and professional standards. However, it has recently been recommended that investment migration operators be added to the anti-money laundering and counter-terrorism financing (AML/CTF) obligated institutions list. Establishing this legal AML/CFT obligation will eliminate this dilemma. In its recent report, the European Parliamentary Research Service (EPRS) also named ‘risk of weak vetting and due diligence’ as one of key five issues in RCBI sector. 

While the pace of regulatory change may be slow, it is becoming increasingly evident that some sector regulation, of which a key component is the risk management frameworks, is inevitable. Some governments offering RCBI programmes have already set self-regulation standards, but supra-national bodies are looking at the sector holistically. As it transpires, rigour of the financial crime risk management is certain and the early adopters, as usual, will gain a competitive advantage in the market. What’s more, there are already various tools to help guide through the process of establishing good Know Your Customer (KYC) practices and supportive solutions that won’t cost the Earth.  

As a brief recap, the key pillars of candidate risk assessment at the government level should cover the following:

• document collection;
• enhanced checks of the applicant’s background, including their associates;
• gap analysis of self-disclosed information and independently verifiable data;
• the applicant’s declaration of commitment to the country’s values and the respect of the rule of law;
• and documented and auditable decision-making record.

Programme agencies should endeavour to inscribe transparency into their processes, specifically around procedures related to risk management and decision making.

At the agent level, it is their role to initially screen candidates, as they can identify and reject the candidates that fail to meet the programme’s requirements. Similar to KYC practices in other obliged entities, at minimum, the process should have three primary components: 

• Verification of the potential applicant’s identity; 
• Assessing the risk level related to the customer by establishing the client’s politically exposed person (PEP) status, checking for any economic sanctions’ links or other publicly available criminal record; 
• An assessment of the legitimacy of the sources of funds and sources of wealth 

A standardised and documented KYC process allows agents to identify and reject risk related to onboarding customers with criminal records, past visa refusal, unconfirmed identities, or inability to provide a complete set of required documentation. Through this, agents can mitigate their own financial and reputational risk exposure and improve their application success rates. 

Private companies can help agencies draft and regularly review the risk assessment process, policies, training, and communication. The private sector can easily leverage on risk assessment techniques commonly applied in high-risk businesses such as the financial sector and advise agents on best practices and the most efficient and cost-effective processes and technical tools available. Through external audit, any gaps in the process can be identified and corrected. 

Examples of information retrieved during a source of wealth due diligence process:
Money invested in a deposit account and interest accrued
Investment originating from the sale of property or business
Inheritance
Compensation payments
Accumulated cash from trading profit
Shares owned
Assets (including real estate, luxury goods and vehicles)
Divorce/alimony settlements
The individual subject’s wealthy family members (if known)
Derogatory information, e.g., connections with sanctioned countries and sanctioned persons

The key security concerns documented by the Commission’s report of 23 January 2019 were “risks to security, including the possibility of infiltration of non-EU organised crime groups, as well as risks of money laundering, corruption and tax evasion”.  

As mentioned previously, the EPRS named ‘risk of weak vetting and due diligence’ among the five key issues raised by RCBI schemes and their impacts. In the same publication, the EPRS listed five different policy options for the future of investment migration programmes. One that may become the topic of much discussion, and the one that has been welcomed by the Investment Migration Council (IMC), is about the regulation and introduction of safeguards of RCBI programmes. More specifically, the report calls for strengthening due diligence procedures on applicants, among other tools, to bring in the safeguards. 

Yet again we see that the appropriate risk management framework, including comprehensive applicant background vetting, is key to ensuring the efficacy and sustainability of governments’ investment migration programmes.

Find out how Refinitiv can help.