AML Best Practices for Life Insurance Companies. – Helping Life insurers guard against the wrong customers.

Although life insurance products are not high on a money launderer’s shopping list, life insurers do promote flexible investment-type products which might be viable as a medium to launder illicit funds. Albeit a remote one, the threat cannot, therefore, be ignored.

Establishing robust Anti Money Laundering & Combatting the Financing of Terrorism (AML & CFT) procedures and controls requires time, effort and investment in resources. With regulations continuously changing, the whole process may seem to be embarking on a never-ending journey.

It is not my intention to cover all the details of the implementation of AML & CFT procedures, but simply to give an overview of the main best practices that may be adopted.

1. Setting the Risk Appetite - Customer Acceptance Policy

One of the first steps an insurer must make is to create a Customer Acceptance Policy which should, briefly, provide a description of the characteristics of customers that are likely to pose a higher-than-average risk and which therefore fall outside the customer acceptance policy of the company.  

2. Understanding Potential Risks

To mitigate the risks of doing business with potentially devious characters insurers need to understand threats, which might emanate from the main risk areas i.e. its Customer, Geographical, Transactional, Method of Payments, Product and Distribution Channel.

This process requires a good dose of common sense and creativity on our part as we need to put ourselves in a money launderer’s shoes to identify potential vulnerabilities.

The process by which money laundering vulnerabilities are identified includes:

Analysing money laundering typologies facing the life insurance industry
An insurer should adopt a proactive approach to identify current and new AML/CFT typologies by analysing its own internal reports, submitted Suspicious Transaction Reports (STR) and typology reports published by international or local authorities.

Business Risk Assessment
A Money Laundering Business risk assessment enables an insurer to identify and measure actual risk exposures emanating from the main business risk areas.

This exercise can turn into a complicated one, but in very simple terms, the objective is to enable the insurer to implement adequate risk mitigation measures and controls to those risk areas where the actual exposures are deemed to be too close to or outside its risk appetite.

This assessment needs to be reviewed at least annually to ensure that there are no material changes. It is good practice to review the process more frequently when new internal or external threats and vulnerabilities are identified, or to monitor the success or lack thereof of any risk mitigation measures applied.

Customer Risk Assessment & Grading
In order to ensure that Customer Due Diligence measures will reflect each customer’s risk profile insurers need to carry out a customer risk assessment covering, at least, the following steps:

1. Know who is Your Customer and Your Customer’s Customer by ensuring that the Customer(s) (including the beneficiaries, Ultimate Beneficial Owners) have been satisfactorily identified.

2. Know Your Customer’s source of funds and source of wealth by establishing the nature of the activity (e.g. occupation) which generated the payment.

• Identify potential high-risk features:

Geographical risks e.g., whether a customer’s nationality, residency or business activity is linked to a high-risk country.

Occupational Risks e.g. whether the customer’s occupation/business is a high-risk one e.g. PEP.

Customer’s behaviour e.g. if there is lack of cooperation in submitting KYC, source of funds/wealth information.

Transaction risks e.g. transactions which do not seem to fit into the customer’s profile.

Presence on an international Sanctions lists prohibits the insurer from offering any product to the targeted individual/entity.

Presence on internal Watch lists. Maintaining an IT data base of High-Risk customers ensures an automated referral process to the MLRO. Such a list should include individuals or entities linked to:

• A Suspicious Transaction Report;

• Internal Reports submitted to the MLRO;

• Requests for information from the FIAU, Police and

• Attachment/Freezing Orders.

3. Know your Distribution Channel

Abnormal behaviour emanating from customers serviced by the same Intermediary should trigger the application of stricter monitoring, at least for an appropriate period. If the abnormal patterns persist then the insurer’s Compliance Unit should be informed to ensure that the Intermediary is subject to a compliance review at the earliest opportunity.

4. Training & Guidance

We are only as strong as our weakest link. For this reason, training cannot be approached with a ‘tick the box’ mentality and provide the same training to all staff, irrespective of the tasks they actually carry out. This approach is certain to create weak AML & CFT defences. Specific training is required for staff in different units reflecting internal procedures and potential money laundering risks relevant to each unit.

Best practice also dictates that insurers should train their intermediaries even though these are separately responsible for compliance with AML & CFT legislation. Intermediaries are an insurer’s first line of defence because they know and have met the customer.

5. Create an effective and efficient AML & CFT Structure

Abiding with AML & FT Legal obligations must never be the sole responsibility of the MLRO.  Internal technical expertise in the areas of Compliance, Risk and Internal Audit needs to be actively involved to provide the necessary high-quality oversight and controls. It is also advisable that external specialists are engaged to periodically review internal procedures.

6. Amalgamating Anti- Insurance fraud and Money Laundering functions

An insurer’s anti-fraud measures are similar to those employed for AML/CFT e.g.  establishing financial capabilities/wealth of clients and monitoring business. Moreover, life Insurance fraud red-flags have similar characteristics to those relating to money laundering e.g. unreasonableness of transactions or abnormal customer behaviour.

Consequently, consideration should be given to amalgamate the MLRO & Anti-Fraud functions into one function which can also be tasked with the responsibility of complying with International Sanctions, Court Orders and requests for information from the FIAU or Police. This consolidated approach will also be beneficial in identifying potential high-risk customers and suspicious transactions.
 
Conclusion

In an ever-changing regulatory environment and the eagerness to protect reputation, the ongoing challenge is to strike a balance between fulfilling legal obligations and ensuring that we do not make it difficult and frustrating for legitimate customers to do business with us.

Insurers need to remain vigilant to ensure equally robust AML & CFT defences to avoid attracting the wrong type of customers.  Money laundering, after all, is like water -- it chooses the path of least resistance.

Mark Camilleri FCII, CAMS, is the Chief Underwriting Officer at MAPFRE MSV Life p.l.c.. He is also the Money Laundering Reporting Officer for MAPFRE Middlesea p.l.c. and MAPFRE MSV Life p.l.c. . He is a member of the Association of Certified Anti-Money Laundering Specialists (ACAMS) and represents the Malta Insurance Association on the Joint Committee for the Prevention of Money Laundering & Funding of Terrorism. He may be contacted on markc@msvlife.com