Title Page Who are they? The Auditor s Expectations - Knowing the Customers and Proving It By Mark E. Wolfrey February 2014 1
Table of Contents Table of Contents Title Page... 1 Table of Contents... 2 Executive Summary... 3 Background... 3 Rules and Guidance... 5 Customer Identification... 6 Individuals... 6 Verifying the Identity of an Individual... 6 Domestic and Foreign Companies... 7 Verification and Due Diligence... 8 Beneficial Ownership... 10 Identifying the Beneficial Owner... 11 Challenges to Identifying Beneficial Ownership... 11 Beneficial Verification Challenges... 12 Hiding the Identity of Beneficial Owners... 13 Expectations of the Auditor related to CDD and Beneficial Ownership... 14 Auditor Selection... 14 Independent Testing... 15 Risk Assessment... 15 Training Program... 15 Conclusion... 16 Bibliography... 17 2
Executive Summary How well does your financial institution need to know your customer? All too often, the frustrating answer to this staple of the financial industry is, it depends upon the customer risk profile, as risk assessment is subjective. Basic requirements were provided in Section 326 of the USA PATRIOT Act, which is referred to as Customer Identification Program (CIP) Joint Final Rule. CIP outlines minimum identifying information that customers will be required to provide prior to opening an account. The minimum requirement is the key phrase and the Rub in identifying customers. Minimum is never enough. As former President Ronald Reagan said at the signing of the INF Treaty, on December 8 1987, Trust, but verify. Verifying that the information provided is correct is required, and is considered basic customer due diligence (CDD). Determining what the person does for a living, how they get their money, and then making sure that the transactions going through their account make sense for the information collected from the customer are all required elements of knowing your customer. CDD for a business is even more significant and includes determining the customer s expected activity, primary industry and geography, in which they operate, and the types of products and services used by the customer. The basic idea is that a higher-risk customer necessitates an increase of client documentation. Even experienced bankers can get scared into inaction, or over reaction. Both of which are counterproductive to the goals and expectations of being an efficient and profitable bank, while meeting the needs of regulatory compliance. The independent auditors part in this is to determine whether the bank has a program in place to reasonably state that it knows its customers 3. Auditors must rely completely upon the documentation obtained by the bank and interviews with the bank personnel. The goal of this paper is to provide examples, scenarios, regulatory interpretations and general expectations of due diligence that an auditor should be considering when performing the required independent testing and evaluation of the program. Background There was no private sector industry that changed more on September 11, 2001, than the United States of America financial industry. The industry was significantly lagging in expectations under the FATF 40 rules, specifically regarding the need to Know Your Customer (KYC), and expectations for identification. 3
The FATF 40 is a set of standards created by The Financial Action Task Force (FATF), which is an intergovernmental body established in 1989 by the Ministers of its Member jurisdictions, to set standards and promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system 4. The US Government responded with the USA Patriot Act, or colloquially referred to as the Patriot Act, which brought the United States fundamentally into compliance with FATF s rules. In the years since, FATF, due to weaknesses identified by government and law enforcement agencies, have continued to enhance the rules and guidelines that countries are expected to meet to remain in compliance. These increased expectations and requirements posed many challenges to the financial industry. In response, the US created a new agency, the Financial Crimes Enforcement Network (FinCEN), which is a bureau of the United States Department of the Treasury that collects and analyzes information about financial transactions in order to combat money laundering, terrorist financiers, and other financial crimes. The expectations for each of the four pillars 3 including the independent audit, has increased and as a result it has taken several years for financial institutions to come into compliance with the enhanced expectations of the Patriot Act. The most recent concentration of FATF is to have Financial Institutions include Beneficial Ownership in the documentation of Customers ownership. This has posed inherent problems in the United States, due to the methods used for incorporating and showing or proving ownership of a company, which are generally obfuscated by a lack of disclosure requirements under current state and federal law. The individual states handle the creation and registration of a business entity for non-quazi governmental use. The most commonly used states for incorporating, Delaware, Nevada, Wyoming, are often cited as the most accommodating jurisdictions in the United States 15. They have no incentive to change their methodologies, as they earn a significant amount of fee and tax revenue as a result of their corporate regimes 15. The Federal government, historically, has not been able to alter the rules States use for creating corporate entities, or establishing the methods used for showing or proving ownership of a given business entity 11. 4
The Federal government has been working to change this, and has been giving guidance, and holding conferences with financial institutions to establish rules around a new Beneficial Ownership rule currently being contemplated by the financial industry s federal banking regulators and state governments. Ensuring the financial institutions know their client is becoming more difficult and the expectations are ever increasing, especially with the enhanced need to look well beneath the covers of the corporate or trust entity in order to determine who the true beneficial owners are. Rules and Guidance Governmental agencies have begun developing new regulatory guidance to layout expectations for financial institutions. The European Union was the first, with the proposed Fourth EU Anti-Money Laundering Directive 8. One element that the fourth directive begins to layout is the enhancement of expectations around Beneficial Ownership. The FinCEN March 2010 Guidance 5 requires the bank to determine whether the customer is acting as an agent, and, if so, obtaining information regarding the capacity in which and on whose behalf the customer is acting. Customers that are legal entities not publicly traded in the United States, obtaining information about the structure or ownership in order to determine whether the account poses heightened risk. Trustee customers, obtaining information about the trust structure to help the institution determine the persons or entities that provide the funds, have control over the funds, or have the power to remove the trustee. Senator Carl Levin, Chairman of the Senate Permanent Subcommittee on Investigations, wrote a letter to the Director of FinCEN, James H. Freis, giving some guidance on what the Final Rule on Beneficial ownership should include. His recommendations included a requirement for a financial institution to identify the beneficial owners of an account in writing, but also allow for an exception to the rule, when an entity posed low AML risk, and already makes ownership information available. In addition, he recommended that attorneys be required to give certification that they will not allow their client or firm accounts to be used to conduct or conceal suspicious activity. Finally, he recommended to have a minimum standard set for due diligence requirements set for Politically Exposed Persons seeking to open an account. 10 These are all current concerns that cause financial institutions concern with these issues, and will be welcome requirements, so that all institutions will have a set standard from which to start. 5
Accounts noted by the institution as high risk should be subjected to Enhanced Due Diligence (EDD) that is reasonably designed to identify and verify beneficial owners, to reasonably understand the sources and uses of funds in the account, and to reasonably understand the relationship between the customer and the beneficial owner. Customer Identification Individuals The Joint CIP Final Rule requires four minimum pieces of information. For Individuals, this includes: Name Date of Birth Residential or business street address (an Army or Fleet Post Office box number or residential address of next of kin or other contact may be substituted) Identification Number Verifying the Identity of an Individual Data verification includes the use of knowledge-based questions, which only the prospective customer should know, and verification through database information to validate the name, address, social security, and other information given by the prospective customer matches public and or private databases. For domestic residents/citizens with identification issued by a state or US federal agency, the form of identification is simple. This method is limited in its effectiveness due to significant improvements in printing technology, and the ease to obtain that technology. The data verification method is being increasingly used by institutions, due to the improvement of the ability for people to make believable fake identification cards of all kinds. Historically, only online banks used the public and private databases for verification of identity, but more traditional financial institutions have begun to engage in the practice as an abundance of caution, to include protecting against accounts opened with stolen identities. 6
For foreign Non-Resident Aliens, the rule does not change, the methodology, databases reviewed and documents used to meet the rules requirements may change, but the same information must be collected. For foreign Non-Resident Aliens, World-Check s passport check can help identify fake or tampered passports. Other know-your-customer databases help identify persons and entities that may pose greater risks to the financial intuition than they would want to incur, or give a basis for understanding the type and volume of activity the company should expect or accept. The company and its officers, directors and shareholders should be reviewed against these databases as considered appropriate 1. Domestic and Foreign Companies The Joint CIP Final Rule requires three minimum pieces of information for entities: For Non-Individuals (entities), a CIP must require the following minimum identifying information: Name Principal place of business, local office, or other physical location Identification Number The primary method of identifying US Domestic Corporations is to collect documentation and verification that the entity was legally formed, by a government agency with legal authority to form and recognize a legal entity. This is generally conducted via the Secretary of State of each state government, and each state has a method to verify the existence of the legally formed entity (LLC, LLP, and Corporation), which is available free or per a fee 1. The federal government does allow formation of corporations, but these are charities and corporations setup for government purposes on direction of congress. i.e. FNMA, USO, VFW, Federal Reserve Bank etc 11. There are nearly 2 million new domestic companies created each year 14. Due to little or no ownership disclosure requirements and weak regulatory regimes in most of the states, the U.S. shell company is an attractive vehicle for those seeking to launder money, evade taxes, finance terrorism, or conduct other illicit activity with little chance of being identified. Some states will give limited verification of existence and information on the creation for free, and provide additional information for a fee. Similar documentation and verification of entities is available for foreign corporations, however, with the Third and Fourth European directives, improved identification of ownership is becoming available in those states. These can be found on the individual government websites, and the European Union 7
offers the European Business Registration (EBR). Several other information companies such as Thompson Reuters have developed databases of information for financial institutions to reference to identify companies they may not want to do business with, due to past dealings, negative news, affiliations, or complete lack of evidence the company exists. Verification and Due Diligence Screening companies, affiliates and the primary account signers, partners, executive managers, and corporate directors has been a standard practice for several years for high-risk companies, especially any entity that is not an owner operated company that operates within the general proximity or community of a branch of the financial institution. When reviewing the results of the database screenings, it must be determined if the results provide some type of risk to the financial institution that is not within the desired industry, geographic or other risk tolerances of the financial institution. Results that may be of a concern to the financial Institution: Negative news on the company or persons The negative news issue somewhat self-evident and should stick out clearly to the reviewer. The eye opener test is usually a good rule of thumb. If any news results cause you to widen your eyes, this should be cause to consider discussing the results with management and possibly the client, as well as, reconsider entering the relationship. One good thing about negative news is that it s at least some confirmation that the business has some operating history, not that any news is good news. Information on persons It is difficult to get into the criminal background checks, but if a thorough search of news, Internet and other public sources it is possible, in many cases to identify past criminal activities or less than ethical business practices, especially in today s 24 hours news cycle and Google information rich world. It can be determined that the persons acting as the business managers, directors, or signers do not seem to have the requisite experience for the position they are claiming to have with the company, it may be a red flag that it is a shell company, and they are patsies, or identity theft victims to hide the real operators and managers 1. 8
Business affiliations or related parties not disclosed in interviews If the prospective client is not honest and enters the relationship without honest full disclosure this should make the financial institution reconsider the relationship, or at least have additional discussions with the business principles. No news and/or no records of any entity or persons disclosed as having an affiliation or relationship to the prospective client. This may not be a perfect or clear cut indicator, but if you cannot identify any stories, negative or positive on any of the persons or entities related to the business, it could be a shell company, designed to hide the true owners and operators of the company. Site visitations Site visits, in many circumstances, can be a Best practice in knowing the customer, and should be a standard procedure for foreign offices and facilities. The site visit can uncover activities, products and services that the customer failed to disclose. They can be performed via a preplanned visit with sales staff or on a surprise or anonymous basis. Unannounced or anonymous site visitations at the customers business offices, manufacturing or warehouse facilities, or other non-retail establishments, can cause a strained relationship with the customer; if not handled appropriately. The unannounced site visit, with the help of technology can be limited to, a drive or walk-by with a handheld camera, or in many areas, can be performed by looking at the street view on Google Maps. Anonymous shopping, can be performed in areas open to the public, and usually meet the necessary requirements for a retail customer that has an issue arise that has brought their business to the attention of a member of management or the BSA officer. Scheduled visits are generally considered better options, especially for business offices and manufacturing and warehouse facilities. The preplanned visit can double or be under the ruse of a sales or loan review, if a current or perspective loan is involved in the relationship. Although there is a risk of having management altering the facilities; however, actually giving areas a lived in and professional look takes quite a while. Considerations for site visits are the appearance of signage in and around the facility, recently acquired facilities, and staff working in the area meets expectations from pre-visit conversations. Primary offices 9
that are part of a shared office facility, which are becoming common, and are marketed for their cost savings, but tend to also be used by less reputable organizations that need flexibility and limited long term commitment or limited constraints, which would be desirable for a less than reputable organization. These types of facilities should be looked upon as red flag for primary offices but normal for satellite or sales offices. Beneficial Ownership The newest priority and expected regulatory rule, based upon the Advance notice of proposed rulemaking (ANPRM) by FinCEN 6, once a final rule is issued, it is expected to codify, clarify, and consolidate CDD requirements, establish a categorical requirement for financial institutions to identify beneficial ownership of their accountholders, subject to risk-based verification and pursuant to an alternative definition of beneficial ownership as described below. The final rule is expected to require the identification, and verification of the identity of the actual asset owners, down to a given share of the company. This method is used by the Securities and Exchange Commission and the insurance industry, and is widely believed to be an element of the final CDD rule 5. Certain entities have been identified as higher risk in the 2010 guidance trusts, corporate and shell entities, and Private or Personal Investment Companies situations 5. and gave specific guidance for certain Customer Due Diligence As part of an institution s BSA/AML compliance program, a financial institution should establish and maintain CDD procedures that are reasonably designed to identify and verify the identity of beneficial owners of an account, as appropriate, based on the institution s evaluation of risk pertaining to an account. For example, CDD procedures may include the following: Determining whether the customer is acting as an agent for or on behalf of another, and if so, obtaining information regarding the capacity in which and on whose behalf the customer is acting. Where the customer is a legal entity that is not publicly traded in the United States, such as an unincorporated association, a private investment company (PIC), trust or foundation, obtaining information about the structure or ownership of the entity so as to allow the institution to determine whether the account poses heightened risk. Where the customer is a trustee, obtaining information about the trust structure to allow the institution to establish a reasonable understanding of the trust structure and to determine the 10
provider of funds and any persons or entities that have control over the funds or have the power to remove the trustees. Identifying the Beneficial Owner Identifying the beneficial ownership is an aim to increase transparency by requiring companies, lawyers and trusts to hold information on their beneficial ownership of assets they are holding, and to make this information available to supervisors and parties conducting due diligence on them. In most guidance, banks are required to develop an understanding of the identity of beneficial owners of a corporation, trust or accounts owned by a legal entity. Most entities and some foreign regulatory bodies have set this at a predetermined percentage. For example, identifying any persons with an ownership of at least 10 or 25 percent. Both New Zealand Federal Reserve 17 and the European Union third and fourth directives 7 and 8, have beneficial ownership identification and verification set for owners greater than 25 percent. These seem arbitrary, but some see a set number easier than the alternative, leaving it up to the financial institution to make a decision, and having their regulator second guess their decision. Challenges to Identifying Beneficial Ownership 1. Availability of beneficial owner (BO) information: require all companies to hold information on their beneficial owners. The definition of a beneficial owner will remain unchanged, covering those who own or control a business, but revised clarification is given as to how such persons are to be identified. The U.S. Federal Government (FinCEN) had released guidance (FIN-2010-G001) on March 5, 2010. Subject: Guidance on Obtaining and Retaining Beneficial Ownership Information Guidance makes clear that financial institutions must take reasonable steps to identify the beneficial owners of an account based on an institution's risk assessment of that account. Financial institutions may therefore need to reevaluate their existing Customer Identification Programs and expand their comprehensive consumer due diligence and enhanced due diligence efforts to clarify procedures for determining beneficial ownership, defined as the individuals with control over, or entitlement to, the funds or assets in an account that, as a practical matter, enables them to directly or indirectly control, manage, or direct that account. 11
The guidance released by FinCEN, although providing financial institutions guidance in a broad stroke concept of the need to collect the information, due to the structural issues related to the American political system, and the authority and responsibility for creating and registering corporate entities belonging with the individual states, there are little to no governmental records available to identify ownership of business entities 5. Beneficial Verification Challenges Organizers of businesses generally have a choice on where to incorporate it. In the US, corporations are organized pursuant to state law, rather than federal law. Businesses are not required, in most states, to establish or maintain a physical presence in order to incorporate under a state's corporate laws. If a corporation conducts business operations, not just sale or delivery of services or goods, in a state other than the state of incorporation, it is considered by the other state to be a foreign corporation. Transacting business does not mean sell or provide services, it means conduct operations and have permanent facilities. Foreign, or out of state, corporations, in most states, merely need to register in a state if they intend to open ongoing operations 13. The general rules across all states vary slightly. The rules from state to state do require different expectations from a business entity, like having at least one director, one officer, however very few states require a listing of the corporate officers, some require a list of the corporate directors to be included with the registration, but most states have only one main requirement, corporations must list the name and address of a registered agent with a physical address (no P.O. Boxes) in the state of origination, and that the registered agent must be available during normal business hours to accept important legal process and tax documents for the business. http://www.bizfilings.com/states.aspx provides state by state information on the requirements for business entity formation. Nevada, Wyoming and Delaware are most commonly used for corporate entity formation due to the lack of requirement of most information on the owners and directors, and favorable corporate laws for protecting the assets of the corporation and owners. Delaware is the state most used for incorporating banks due to favorable tax rules and an infrastructure to handle the needs of a bank holding company that has no operations in Delaware, but only uses Delaware for the state of incorporation. Nevada, like the state of Delaware (see Delaware corporation), is well known as a corporate haven. Many major corporations are incorporated in Nevada, particularly corporations whose headquarters are located in California and other Western states. Nevada is known for favorable laws to protect intellectual 12
property, and Wyoming, is particularly well known for anonymity 13. Wyoming has no requirement for the names of shareholders to be filed with the state. It asks only for a simple Annual Report which requires disclosure of only those assets located within the state of Wyoming and the name of one person, usually the one who submits the report. You are not required to hold meetings in Wyoming; indeed, you need never set foot within the state 13. These three states have various rules that make incorporation particularly appealing due to several factors including but not limited to anonymity, corporate veil, legal liability, and corporate control. Corporate veil, the most important legal concept noted here, separates the personality of a corporation from the personalities of its shareholders, and protects them from being personally liable for the company's debts and other obligations. This also allows the business entity to withhold the personally identifying information of the shareholders or Beneficial Owners. Financial institutions have been tasked by the US Government to identify and verify ownership of the certain business entities with which it does business, but no such requirement has been applied to the states where the business entities are formed and registered. Hiding the Identity of Beneficial Owners There are many ways to hide the identity of an owner of a business entity. A shelf corporation or aged corporation is an entity that has had no activity. It was created and left on the shelf to age. The company can then be sold without going through all the procedures of creating a new one, and without letting the state know the identity of the new business owner. These shelf entities save time in corporate creation, gain contract eligibility, attract consumers or investors, and gain access to corporate credit and appear to be a more legitimate business for purposes of developing a shell company for money laundering, due to longevity of shelf corporations. These entities have very general names like Prestige World Wide, which have little identifying information as to the business purpose of the company 12. The company may have been purchased from a shelf company seller (Wyoming Company), giving the company an appearance of age, credit worthiness and stability, from the documentation, but really is a brand new company with corporate documents filed years before 9. The Wyoming Company, on January 14, listed 238 entities for sale, with prices ranging from $645 for nearly new entities, to $5,295 for an unused entity created in February of 2007, and $9,995 for a slightly used entity created in September 13
2003, most with plain vanilla names, that give little expectation of what the company actually performs, but eludes to industry 16 i.e., Worldwide Travel, LLC, Property Development LLC, Final Frontier Properties LLC, Financial Advantages, Inc., National Mortgage Group, LLC. And each of these entities has a list price of $5,095 and all you get is a new name and documentation of the creation more than 5 years ago, as well as a clean and clear credit history 16. A professional registered agent (PRA) will provide for the requirement of having a physical address (no P.O. Boxes) in the state of origination, and that the registered agent must be available during normal business hours to accept important legal process and tax documents for the business. The PRA will also hold and maintain records of the quarterly board meetings. The facilities typically have small one room offices with a Name Plate of the companies that Operate in each of the offices. Some of these PRA s have long hallways of doors with tiny empty rooms that hold a desk, a phone and nothing else. The board meetings are held over a long lunch, with the same group of people, acting as the board of director members for hundreds, if not thousands of entities. Expectations of the Auditor related to CDD and Beneficial Ownership Auditor Selection It is paramount that the financial institution ensures the person or persons conducting each portion of the audit, are independent and qualified 2. The independence is one of the four pillars of the BSA Program, and of the two requirements, of the auditor, the easiest to identify and support as deficient. Qualified may be more subjective of a determination; however federal regulators have charged many financial institutions with having their audit performed by an unqualified auditor. In the eyes of the examiners, the audit may as well have not been performed, regardless of independence if the person(s) conducting the audit did not have the requisite knowledge and experience. Institutions, that do not have a separate audit department, or their audit department is too small to employ a subject matter expert in the field of money laundering, tend to outsource the function to consulting firms. There are significant advantages to this methodology, as they tend to have the opportunity to employ subject matter experts that have a significant amount of experience; however, despite the marketing of the consulting firms, this is not always the case. Understanding the different methods and documentation of domestic and foreign entities is not a skill set that comes normally or easily. Experience of the auditors should be evaluated by the BSA Officer 14
and the financial institution audit director, to ensure their resume can support their role in testing the CIP and due diligence programs. There are many ways to acquire the requisite experience, including working in the customer sales, support, audit and compliance fields with financial institutions that had similar customer types, and risk tolerances. Independent Testing The audit practitioner role is to look at the financial institution s customers industries, geographies and product and service offerings and form an educated opinion on whether the institution adequately knows its customers. This can only be done by reviewing the documentation maintained by the institution for a sample of accounts. Re-verifying the documents to be true and issued by the indicated authorities. The documentation should show the financial institution has performed the verification and due diligence review 3. Testing and evaluating to determine whether the financial institution knows its customer, and has adequate documentation to support that claim are the primary concerns of an auditor. The requisite knowledge is garnered over time and needs to reflect the institutions for which they perform audits. Auditors typically do not know the customer, as they need to be independent in their review. Every auditor should ensure, especially in the case of testing of a CIP and CDD during a BSA/AML audit that they let someone know if they are not familiar with a given type of entity, or not knowledgeable of the methods of verification used by the financial institution. This will help protect the auditor and the audited, and help everyone grow as a professional auditor. Risk Assessment The auditor should determine whether the risk assessment demonstrates management understanding of the risks incurred, and the mitigating factors and controls in place. In relation to CDD and Beneficial Ownership, factors regarding, entity types, geographical regions, purpose of allowable accounts, products and service activity types available to the customers. The risk assessment should also note what the bank will not allow and how the bank will identify unwanted activity and actions to be taken if occurring as mitigating factors 3. Training Program The training program must determine if all employees tasked with new customer acquisition, due diligence and documentation, have training related to the regulatory and policy expectations for 15
knowing the customer and expected due diligence and documentation, and should be tailored to the person s specific responsibilities. The board should be kept abreast of the risks incurred by management, and the training they receive should reflect the risks identified in the BSA Risk Assessment 3. Conclusion A simple answer to all of the complexities is that the financial institution needs to make an educated and documented decision, based upon the documentation and enhanced due diligence performed to determine whether they know the prospective customer, the management, and ownership based upon the risk incurred, and the nature of the expected activities afforded to the client. In the current money laundering environment, regulators are holding financial institutions to stricter requirements regarding the auditors knowledge and experience, scoping, testing and documentation of the audit. Governmental regimes are increasing their standards, because the money launderers are becoming increasingly savvy and sophisticated, and finding more and new ways to get around the procedures and programs financial institutions have put in place. 16
Bibliography 1. Bedi, R. (2007, February) KYC for Shell Companies - Industry Working Paper Series 07-01 2. Federal Deposit Insurance Corporation. (2008, May 16) FIL-38-2008 Bank Secrecy Act: Provision for Independent Testing for BSA/AML Compliance. Retrieved January 28, 2014, from Federal Deposit Insurance Corporation: http://www.fdic.gov/news/news/financial/2008/fil08038.html 3. Federal Financial Institutions Examination Council. (2010) Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Examination Manual (2010). Federal Financial Institutions Examination Council 4. Financial Action Task Force. (2014, January 28) About Us - Who we are. Retrieved January 28, 2014, from FATF - Financial Action Task Force: http://www.fatf-gafi.org/pages/aboutus/ 5. Financial Crimes Enforcement Network (FinCEN). (2010, March 5). Guidance on Obtaining and Retaining Beneficial Ownership. Financial Crimes Enforcement Network (FinCEN), FRB, FDIC, NCUA, OCC, OTS, SEC CFTC. 6. Financial Crimes Enforcement Network: (FinCEN). (2012) FinCEN Seeks Comments on Strengthening and Clarifying Customer Due Diligence Requirements (ANPRM). Financial Crimes Enforcement Network: Request for Comments. Financial Crimes Enforcement Network (FinCEN), Treasury. (FinCEN). 7. Hanley-Giersch, J. (2010, June-August) The Third EU Directive Customer due diligence and riskbased approach - ACAMS Today. 8. Holt, J. (2013, May 16) The proposed Fourth EU Anti-Money Laundering Directive On the prevention of the use of the financial system for the purpose of money laundering and terrorist financing. Article 2, Section 5 Part a paragraph 1. Retrieved December 15, 2014, from Barclays: http://www.european-compliance.com/library/mms/201305.pdf 9. Klein, K. E. (2009, July 14) Don't Be Tempted by 'Shelf Corporations'. Bloomberg Businessweek. 10. Letter from Levin, Carl, Senator, Chairman Permanent Subcommittee on Investigations, to James H Fries, Director of Financial Crimes Enforcement Network (June 1, 2012) (U.S. Senate Committee on Homeland Security & Governmental Affairs - http://www.hsgac.senate.gov/download/levin-comment-letter-to-fincen-on-customer-duediligence-requirements-for-financial-institutions. 11. Lund, P. E. (2009). "FEDERALLY CHARTERED CORPORATIONS AND FEDERAL JURISDICTION." 36.317 (2009). Print. Florida State Law Review, 317-71. 17
12. Marina Kinner, S. C., & Vona, C. C. (n.d.) Shell Companies. Retrieved January 3, 2014, from Fraud Auditing.net: http://www.fraudauditing.net/shellcompanies.pdf 13. McCoy, K. (2007, February 23) Corporate owners hide assets, identities. Retrieved December 15, 2013, from USA TODAY: http://usatoday30.usatoday.com/money/companies/regulation/2007-02-23-tax-havens-usat_x.htm 14. PERMANENT SUBCOMMITTEE ON INVESTIGATIONS COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS UNITED STATES SENATE. (2006, November 11) FAILURE TO IDENTIFY COMPANY OWNERS IMPEDES LAW ENFORCEMENT. Washington, DC, USA: U.S. Government Printing Office - 109th Congress. 15. United States Government. (December 2005) MONEY LAUNDERING THREAT ASSESSMENT Chapter 8 SHELL COMPANIES AND TRUSTS. Dept. of Treasury, Dept. of Justice, Dept. of Homeland Security, Board of Governors of the Federal Reserve System, United States Postal Service. 16. Wyoming Company. (n.d.). http://wyomingcompany.com/. Retrieved January 14, 2014, from http://wyomingcompany.com/aged-corporation/ 17. Zealand, F. R. (2012, December). Beneficial Ownership Guide. Retrieved January 14, 2014, from www.rbnz.govt.nz/regulation_and_supervision/anti-money_laundering 18