IOSCO ISSUES CONSULTATION PAPER ON ANTI-MONEY LAUNDERING RESPONSIBILITIES FOR MUTUAL FUNDS AND OTHER COLLECTIVE INVESTMENT SCHEMES

[18635] March 8, 2005 TO: INTERNATIONAL COMMITTEE No. 4-05 MONEY LAUNDERING RULES WORKING GROUP No. 1-05 TRANSFER AGENT ADVISORY COMMITTEE No. 7-05 RE: IOSCO ISSUES CONSULTATION PAPER ON ANTI-MONEY LAUNDERING RESPONSIBILITIES FOR MUTUAL FUNDS AND OTHER COLLECTIVE INVESTMENT SCHEMES In February, the Technical Committee of the International Organization of Securities Commissions (IOSCO) issued a consultation report on anti-money laundering responsibilities for collective investment schemes (CIS), such as mutual funds. IOSCO’s Technical Committee is seeking comment on the consultation report by May 18, 2005. The Institute intends to comment on this report. We will circulate a draft comment letter to the working group in early April, and schedule a conference call to discuss it in late April. If there are particular aspects of the report that your firm would like the Institute to consider commenting upon, please let me know by the end of March. A summary of the report follows. The full report is available on the IOSCO web site at http://www.iosco.org/pubdocs/pdf/IOSCOPD188.pdf. Scope of the Report Although the report recognizes the different types of CIS around the world, its applies only to open-end CIS, such as mutual funds. The report recognizes that closed-end funds and other exchange-listed CIS “are just like any other public company that lists shares on an exchange, and public companies – other than financial institutions – do not have specific anti- money laundering responsibilities.” An exception is made for open-end CIS listed on an exchange, such as exchange-traded funds (ETFs). The report suggests that these funds should be treated as open-end CIS to the extent transactions in their shares or units occur off an exchange. 2 Recommendations 1. AML Programs The report’s basic recommendations largely mirror U.S. requirements. The report recommends that each open-end CIS should develop and implement a written program reasonably designed to prevent it from being used for money laundering and terrorist financing. The program should be approved in writing by the directors of a fund company, and should include: i) the establishment of policies, procedures, and internal controls; ii) an ongoing employee training program; iii) an independent audit function to test the program for compliance; and iv) appropriate compliance management arrangements. [See pages 8-9 of the report.] 2. “Know Your Customer” Requirements The report states that an “open-end CIS has a responsibility for verifying the identity of the investor, and the beneficial owner of the investor when it is apparent that an account is beneficially owned by a party other than the investor.” [See page 11 of the report, under the heading “Responsibility for client identification and verification.”] Measures to identify and verify the identity of the investor, however, may be determined on a risk sensitive basis depending on the type of investor, business relationship or transaction, and the types of accounts opened by the CIS, to the extent reasonable and practicable. [See page 11 of the report, under the heading “Verifying investor identity.”] The report also states that open-end CIS have a responsibility to perform “more general ‘know your customer’ procedures following a risk-based approach.” [See page 11 of the report under the heading “Responsibility for client identification and verification.”] It is unclear what the report intends with this statement. The report references IOSCO’s CIBO Principle 3, which requires securities firms to obtain information about their client’s circumstances, such as financial background and business objectives, in order to develop a business and risk profile and to ensure that transactions being conducted are consistent with that profile (including, where necessary, the client’s source of funds.) It is unclear whether the report is recommending that CIS follow the same model. The report makes a clearer recommendation with respect to verification, stating that “verification should provide a reasonable basis for the open-end CIS to believe that the true identity of the investor is adequately known. Where the risk that an open-end CIS will not know the true identity of an investor is higher (e.g., accounts for politically exposed persons or entities with complex structures; accounts for nationals, residents, or entities from countries considered to be non-cooperative or inadequately regulated, etc.), an open-end CIS should apply more stringent client identification measures.” [See page 12 of the report under the heading “Verifying investor identity.”] With respect to the timing of verification, the report mirrors the U.S. standard, recommending that “the open-end CIS should verify identity as soon as possible, before or after the opening of an account or accepting an investment, for purposes of assuring that the risks are effectively managed.” [See page 14 of the report under the heading “Timing of identification and verification.”] 3 The report highlights a number of “potentially low risk situations” that may warrant simplified verification procedures. These include omnibus accounts, funds of funds, new investors introduced by affiliated banks or broker-dealers in the same financial services group, pension plans, insurance products, new investments by investors who own shares of other funds in the same fund complex, and public companies. The report also notes that there may be certain low-risk products that warrant simplified verification procedures. [See pages 14-20 of the report under the heading “Potential low-risk situations.”] 3. Performance of client due diligence procedures by others The report notes that in certain jurisdictions, a CIS may sub-contract its client due diligence procedures to another financial institution or service provider. In this section, the report somewhat parallels the U.S. concept of delegating AML responsibilities, particularly by noting that while performance of these functions might be delegated, overall responsibility and potential liability cannot. This section of the report is highly prescriptive, stating that the CIS: o Must initially determine whether the sub-contractor has adequate expertise and staff to perform these important functions; o Must monitor the subcontractor’s performance and assess its effectiveness to assure compliance with the anti-money laundering legislation to which the CIS is subject; o Must be assured of having access to records held by a sub-contractor; o Must ensure that identity is verified and more general “know your customer” procedures are performed in line with the anti-money laundering legislation to which the CIS is subject; o Must ensure that law enforcement and regulatory authorities in the jurisdiction in which the CIS is established have access to evidence of identity and more general “know your customer” materials held overseas by any sub-contractor; o Must ensure that suspicious activities and transactions are reported in the jurisdiction in which the CIS is established; and o Must ensure that any sub-contracting in this regard does not detract from the fund’s responsibility to properly address money laundering risk. [See pages 20-21 of the report under the heading “Sub-contracting to others.” (Emphasis added.)] The report also contains a section on the reliance on (as opposed to delegation to) other financial institutions to satisfy AML obligations. The difference between the two concepts in the paper is the same as under U.S. law – that where reliance is reasonable, the open-end CIS 4 should not be held responsible for a failure of the other financial institution to fulfill its responsibilities adequately. This section of the report is less prescriptive than the section on delegation, but nevertheless includes recommendations. For example, the report states that an open-end CIS relying on another financial institution should have a written contract that includes specific clauses clearly allocating duties, and should adopt internal controls to review and periodically test the implementation of the anti-money laundering program of the financial institution on which it is relying. [See page 22 of the report under the heading “Reliance upon another financial institution.” (Emphasis added.)] Robert C. Grohowski Associate Counsel