“Bank secrecy is widely recognised as playing a legitimate role in protecting the confidentiality of the financial affairs of individuals and legal entities. It derives from the concept that the relationship between a banker and his customer obliges the bank to treat all the customer's affairs as confidential.”
These words have an unlikely provenance. They form the opening paragraph of the OECD's report entitled Improving Access to Bank Information for Tax Purposes which was published in April 2000 and unanimously agreed by all 29 OECD members, including Switzerland and Luxemburg.
But this recognition of the legitimacy of bank secrecy came at a price.
The report also proposed a series of measures to improve existing access to bank information. Chief among these was the need to eliminate anonymous accounts and require identification of bank customers and beneficial owners of accounts. It would rely, it said, on the work of the Financial Action Task Force in ensuring implementation.
In the past, bankers did not have to ask clients for proof of identity or the source of their funds. This fact was often widely exploited by IFAs who used creative tax planning both onshore and offshore. But over the past decade the fiduciary axis has come under sustained pressure from many different directions and at many different levels – international bodies, non-governmental organisations, national governments, self-regulatory groupings and private sector or professional associations.
A tidal wave of anti-money-laundering legislation has swept around the world and, in its wake, a banker must now ask “Who is my client?” and “Where does his money come from?” In some cases even: “Has he paid his taxes?” Not only must he ask these questions, he must also verify his client's answers and, if he is unhappy about what he is told, he must report his suspicions to the authorities. This has obvious implications for IFAs.
While few advisers would be involved in cases with as high a profile as the former Nigerian dictator Sani Abacha and the Russian money laundering scandal in the US, these pressures are ignored at your peril. Whatever the legal and operational outcome of such investigations, there is no doubt that involvement can badly affect a business' reputation.
In response, the world's leading international private banks, led by UBS and Citibank, laid commercial rivalries aside last year to agree a common set of global anti-money-laundering guidelines. Known as the Wolfsberg Principles, they cover the banks' relationship with high-net-worth individuals and will be applied to their operations on a worldwide basis.
Beginning with a commitment to “endeavour to accept only those clients whose source of wealth and funds can be reasonably established to be legitimate”, these guidelines are designed to ensure a global standard of due diligence for banks. They cover issues such as acceptance of clients, situations requiring additional attention, practices for identifying unusual or suspicious transactions and the education of bank staff.
Announcing the guidelines, UBS's chief risk officer Hans-Peter Bauer said the new rules were a “clear recognition by private commercial banks of their responsibility in the fight against serious international crime. We cannot afford to chase clients by having looser standards than others”.
In this respect, the private sector has only anticipated the public sector. At the beginning of February, a joint working group of the Basel Committee on Banking Supervision and the Offshore Group of Banking Supervisors issued a consultative paper on Customer Due Diligence.
Colin Powell, chairman of the offshore group, said: “Supervisors should ensure that banks apply an acceptable minimum standard of customer due-diligence policies and procedures to all areas, embracing domestic and overseas operations, and corporate and private banking businesses. Banks should never enter into a business relationship until the identity of the customer is satisfactorily established.”
The draft paper requires national supervisors set out supervisory practice governing “know-your-customer” (KYC) programmes such that:
l Banks should have minimum standards and internal controls that allow them to adequately know their customers. Voluntary codes of conduct issued by industry organisations or asso-ciations are to be encouraged but they are not in themselves sufficient.
l Banks should have policies and procedures for customer acceptance, customer identification, on-going monitoring of high-risk accounts and risk management;
l Private banking operations should not function autonomously or as a 'bank within a bank' but should also be subject to KYC procedures. All new clients and new accounts should be approved by at least one person other than the private banker. If particular safeguards are in place internally to protect confidentiality of private banking customers and their business, banks must still ensure these accounts are subject to appropriate scrutiny.
l Banks should never open an account or conduct business with a customer who insists on anonymity or “bearer” status or who gives a fictitious name.
In the case of confidential numbered accounts, the identities of the beneficiaries must be known to compliance staff, so that the due diligence process can be carried out satisfactorily. Banks also need to be vigilant in preventing corporate business entities from being used by natural persons as a method of operating anonymous accounts.
l Decisions to enter into business relationships with potentates should be taken at senior management level, and banks should be particularly vigilant with respect to monitoring such accounts.
l Banks are required to apply equally effective customer identification procedures and ongoing monitoring standards for non-face-to-face customers as for those who are able to present themselves for interview.
l Banks should obtain and keep up-to-date customer identification papers, and retain them for at least five years after an account is closed. They should retain all financial transaction records for at least five years after the transaction has taken place. Banks should also have adequate information systems capable of monitoring customer accounts and potential suspicious patterns of activity.
l Banking groups should apply an acceptable minimum standard of policies and procedures to both their local and overseas operations.
Where there are legal impediments in a host country to the implementation of higher home country KYC standards, overseas branches and subsidiaries should make sure the head office or parent bank and its home country supervisor are fully apprised of the situation.
Where the problem is deemed to be sufficiently severe, supervisors should consider placing additional controls on banks operating in those jurisdictions and ultimately perhaps encouraging their withdrawal.
It is clear then the banking industry must embrace these guidelines and apply them. The entire basis of banking secrecy has been turned on its head. What is needed then, if client relationships are to be maintained and regulatory obligations complied with, is a fast and reliable mechanism to deliver due diligence and meet standards of best practice.