AMLA revision: Stricter due diligence requirements for financial intermediaries as of 1 January 2023
- With the AMLA revision, financial intermediaries must now ‘verify’ the identity of beneficial owners instead of merely ‘ascertaining’, as it was previously the case.
- A new obligation for financial intermediaries to periodically check client information irrespective of events is introduced.
- Financial intermediaries now have the right to terminate a reported business relationship if the Money Laundering Reporting Office Switzerland (MROS) does not notify them within 40 working days after a report has been made that the reported information will be forwarded to a prosecution authority.
On 19 March 2021, Parliament approved the revision of the Anti-Money Laundering Act (AMLA). This improves Switzerland’s defensive measures to combat money laundering and terrorist financing, although it is still uncertain whether the revision is sufficient to remedy the deficiencies identified in the latest Financial Action Task Force (FATF) review of 2016. As of 1 January 2022, a first part of the revised AMLA came into force. The main part of the amendments to the AMLA as well as the other enactments adapted in the revision will enter into force on 1 January 2023. See also our legal update on the amendments to the Precious Metals Control Act and the Precious Metals Control Ordinance.
This legal update is intended to provide an overview of the main modifications to the AMLA that will enter into force on 1 January 2023. The focus is on the amendments in the area of verifying the identity of beneficial owners as well as the new obligation to periodically check and update client data. Finally, the amendments to the reporting requirements will be discussed.
Main amendments of the AMLA revision at a glance
Verification of the identity of beneficial owners
Under the current AMLA, financial intermediaries have the duty to establish the identity of the beneficial owner, including the control holder, with the due diligence required in the circumstances. The new requirement is for the financial intermediary to verify the identity of the beneficial owner in order to confirm who the beneficial owner is.
As of the entry into force of the revised AMLA, the financial intermediary therefore has an explicit duty to verify the identity of the beneficial owner. The form and depth of this verification, however, remains unclear, and neither the AMLO-FINMA nor the Agreement on the Swiss banks’ code of conduct with regard to the exercise of due diligence (CDB 20) provide for such a specification. The legislator merely specifies that a risk-based approach should prevail for the verification of identity. Thus, the financial intermediary should critically verify the identity of the beneficial owner and take measures to confirm its plausibility with the due diligence required in the circumstances. It can therefore be assumed that the financial intermediary does not have to prove the identity of the beneficial owner, but that the verification should ‘merely’ withstand a plausibility check. A purely formal verification of the identity by means of a copy of an identity document of the beneficial owner, however, will not be sufficient for the fulfilment of the obligation. Rather, depending on the risk situation in the individual case, the financial intermediary must rely on various sources such as its own knowledge of the client profile, public information and, if necessary, information from an external body.
In the case of natural persons in the ‘normal’ risk area, the financial intermediary should check in particular whether the information provided by the contracting party on the beneficial owner is consistent with the other information available on such contracting party. In the case of legal entities, internal company documents should also be requested, such as a copy of the share register and the notification of the beneficial owner. Business relationships with increased risk, however, require further clarification and measures by the financial intermediary.
As of 1 January 2023, new client relationships must therefore be reviewed in accordance with the revised requirements. The revised requirements will only apply to existing client relationships in the context of updating client data.
Updating client data
Previously, the financial intermediary was only required to identify the contracting party or to establish the identity of the beneficial owner repeatedly if doubts arose in the course of the business relationship, and a periodic review - annually in the case of politically exposed persons (PEPs) - was only necessary for business relationships with increased risks. Under the revised AMLA, the periodic verification and updating of client data and ‘documents’ of all business relationships is now required irrespective of events. The term ‘documents’ is to be interpreted broadly and includes all documents, information and data in general that are collected as part of the due diligence process when creating the client profile. By their nature, documents or notes relating to individual transactions do not need to be reviewed and updated.
The obligation to verify and update client data and documents does not only (or not necessarily) concern the identification of the contracting party or the determination of the beneficial owner, but also applies to the business relationship itself. Thus, the financial intermediary must periodically check whether the nature and purpose of the business relationship desired by the contracting party are still up to date.
The law states that a risk-based approach must be applied to the periodicity, scope and nature of the regular review and updating. In the case of low-risk business relationships, client details and supporting documents must therefore be reviewed and updated less frequently than in the case of higher-risk business relationships. A classification of contractual partners into risk groups is therefore recommended. This can be done, for example, on the basis of a KYC questionnaire. In the case of natural persons, information is obtained in particular on the person as well as on the professional activity, annual income and assets. Information is also gathered on the business relationship and the origin of the assets. In the case of legal entities, the KYC questions depend on the type of company and the purpose of the company. Based on the KYC questionnaire, possible risk criteria for increased risk (such as for domiciliary companies or PEPs) and the key data of the business relationship (in particular the number and type of services and products), clients can be divided into risk groups. In principle, the KYC questionnaire should be resubmitted periodically for all business relationships, at least every seven to ten years. The lower frequency and also the type of audit should be outlined in an internal directive. The revised act does not provide for a transitional period for the review requirement. Thus, the obligation must be fulfilled as of 1 January 2023, when the revised law comes into force. From this date, the relevant internal directives must be adopted, the corresponding processes implemented and employees instructed accordingly.
Adjustments to regulatory reporting
Another modification will take place in the area of regulatory reporting.
First, the ‘reasonable suspicion’ that leads to an immediate reporting obligation to MROS has been redefined. Accordingly, a reasonable suspicion exists if the financial intermediary has a concrete indication or several indications that the assets involved in the business relationship (i) are connected with a criminal offence under Art. 260ter or 305bis Swiss Criminal Code, (ii) originate from a crime or a qualified tax offence, or (iii) are subject to the power of disposition of a criminal or terrorist organisation or serve the financing of terrorism, and if this suspicion cannot be dispelled on the basis of additional clarifications.
Furthermore, a new right is provided for financial intermediaries to terminate a reported business relationship if MROS does not notify them within 40 working days after a report has been made that the reported information will be forwarded to a prosecution authority. This right applies to reports based on the reporting right as well as to reports under the reporting obligation. The financial intermediary must inform MROS immediately if the business relationship is terminated.
The revised AMLA, including amendments to the law and ordinances, is scheduled to enter into force on 1 January 2023. The revision entails certain stricter due diligence obligations. Financial intermediaries should therefore review their internal directives and align them with the revised provisions of the AMLA by 1 January 2023 at the latest so that they continue to comply with their due diligence obligations. The consultation on the partial revision of the AMLO-FINMA ended on 10 May 2022. In addition, CDB 20 is currently being revised, but not (only) in connection with the AMLA revision.
Our team has many years of experience in providing legal advice in the area of the Anti-Money Laundering Act and will be pleased to provide you with further information.
Authors: Manu Ferro (Associate)
No legal or tax advice
This legal update provides a high-level overview of the legal situation in Switzerland and does not claim to be comprehensive. It does not represent legal or tax advice. If you have any questions relating to this Legal Update or would like to have advice concerning your particular circumstances, please get in touch with your contact at Pestalozzi Attorneys at Law Ltd. or one of the contact persons mentioned in this Legal Update.
© 2022 Pestalozzi Attorneys at Law Ltd All rights reserved.