Anti-Money Laundering Act and Know Your Customer
An introduction to the key themes in the Anti-Money Laundering Act and sanctions regime.
Anti-Money Laundering Act and sanctions
The Anti-Money Laundering Act requires all banks to follow specific rules on customer due diligence, investigations and reporting to Økokrim (the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime). It’s therefore important for both DNB and the partner bank to have a clear understanding about our individual obligations, so that together we can minimise the risk of money laundering via the services we offer our customers.
Norwegian law doesn’t require Norwegian operators to follow sanctions that aren’t implemented in Norway by law or regulation. Under international law, Norway is obliged to implement sanctions imposed by the UN Security Council, and as a practical main rule, Norway subscribes to and implements the measures that the EU recommends. In addition to the statutory sanction rules, the US sanctions regime is also of importance to Norwegian banks and their customers. Violations of the sanctions lists from OFAC can lead to fines, and in the worst case, exclusion from the dollar market. In short, this means that the sanctions lists from the EU, UN and US must be observed.
Tips and interaction
- Prepare your own contact list of other parties with reporting obligations
- DNB – if it’s urgent – call AML Investigations during working hours – follow up by email.
AML Investigations:
Telephone: 482 25 841Email: hvitvasking@dnb.no
AML Sanctions:
Questions related to international transactions via DNB: sdd.sanctions@dnb.no
DNB’s contact details shall not be disclosed to customers or third parties.
Anti-money laundering initiatives must be risk-based
The underlying principle in the Anti-Money Laundering Act is that banks, and other entities subject to the reporting obligation, must take a risk-based approach to their anti-money laundering initiatives. This means that the entity subject to the reporting obligation should adapt their use of resources to meet the money laundering risk that a customer or service represents.
The individual bank is responsible for identifying which parts of its business represent a high risk of money laundering. The underlying principle of a risk-based approach to money laundering thereby warrants each individual bank making it a priority to keep an extra close eye on the customers that represent a high risk of money laundering, and by the same token, to spend less time and resources on monitoring customers that pose a lower risk.
Know Your Customer (KYC)
In order to determine the level of risk a customer represents, it’s necessary to know the customer. Banks get to know their customers via various customer due diligence processes and KYC involves a number of obligations and procedures that must be implemented when opening a new customer account, and as part of the ongoing monitoring of the customer.
Among other things, the banks must use the information the customer has provided when signing the agreement to ensure that the customer’s behavioural pattern is consistent with the information they’ve given. The entity subject to the reporting obligation must also be able to identify when a customer uses the bank’s service in a way that isn’t consistent with the risk classification this customer has been assigned.
The legislation requires every individual bank to have sufficient checks in place when accepting new customers, with a focus on beneficial owners, a risk-based assessment of customers and PEPs (Politically Exposed Persons).
The Money Laundering Act allows the individual bank to use three types of customer initiatives of different intensity and frequency. When a customer is considered to represent a high risk of money laundering, enhanced customer measures must be implemented, while for cases of low risk, simplified customer measures can be implemented. There is nothing in the way of the bank internally creating sub-categories of risk classification beyond this. The point is again that the bank's risk assessment should lay the basis for meeting the risk that each individual customer represents. It is very important to note that the Financial Supervisory Authority of Norway sets strict requirements for documentation of implemented customer initiatives. This is how the Financial Supervisory Authority assures itself that the individual bank carries out the customer measures that follow from the law.
Investigation and reporting obligations
If there are circumstances that indicate that funds are connected to money laundering, a more detailed investigation must be carried out. If, after further investigation, the circumstances present grounds to suspect money laundering, the entity subject to the reporting obligation must submit a suspicious transaction report (STR) to Økokrim (the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime). The suspicion requirement is low, but a general risk of money laundering isn’t sufficient. There must be specific objectively ascertainable evidence to trigger the reporting obligation.
If there is such a suspicion, an STR must be sent to Økokrim.
The entity subject to the reporting obligation is forbidden from disclosing that they’ve conducted an investigation or report to the customer in question or any third party. Privacy concerns must also be observed. The Anti-Money Laundering Act makes individual exceptions to the prohibition against disclosure, but in principle these must be used with caution.
Relevant legislation and sources related to money laundering
- The Anti-Money Laundering Act and Anti-Money Laundering Regulations
- The EU Anti-Money Laundering Directive
- FATF 40 recommendations on money laundering and terrorist financing
- The Financial Supervisory Authority of Norway’s money laundering guidelines
- Financial Intelligence Unit
- Hvitvasking.no
sanctions;
Sanctions are an important tool for applying political pressure on different governments. The sanctions lists from the EU, OFAC and UN provide important information about customer accounts and transactions that carry a high risk of terrorist financing and money laundering. All Norwegian banks are required to follow these sanctions and violating them can lead to serious consequences.
DNB has a service that reads all transactions online against sanctions lists. This service is offered to all of the banks that have agreements with us for the settlement of international transactions. If we get a match on the sanctions lists, the bank that “owns” the customer is informed. Every individual bank must investigate the match and, where appropriate, report the case to the relevant authority.
Each individual bank is responsible for their own customer due diligence (set-up and ongoing monitoring), including screening against sanctions lists (UN/EU and OFAC) and reporting.
The sanctions regime is dynamic and can fluctuate significantly. It’s especially important here for the partner bank to keep up to date with new sanctions, and continually ensure the sanctions regime is observed for each individual customer.
Our experience is that many Norwegian customers have relationships with Russia, Crimea and Sevastopol, and there may therefore be grounds for keeping an extra close eye on customer relationships connected to these areas.
DNB won’t execute payments that pose a reputational risk, or which breach the legislation.
Relevant legislation and sources related to sanctions
- The Sanctions Act and associated sanctions regulations
- The Ministry of Foreign Affairs’ list of sanctions and measures
- The Ministry of Foreign Affairs’ guidelines on the asset-freezing regulations
- Finance Norway’s minimum standard for screening own customer database against the sanctions lists (asset-freezing guide)
- Links to OFAC’s current sanctions
Useful information about sanctions
