When we think about conducting staff vetting we often think about the most common checks, such as reference checks, employment history verification, and for some businesses, credit and criminal checks too. However, when it comes to employing staff in AML roles it is vital to dig a little deeper and ensure you’re completing the right level of checks for the position being filled.
Regulatory requirements for vetting AML roles
The guidance from the regulators is sparse in this area. In New Zealand the AMLC/CFT Act states that reporting entities should implement policies, procedures and controls for staff vetting of senior managers, the AML/CFT compliance officer, and staff with AML/CFT duties.
Those ‘policies’, ‘procedures’ and ‘controls’ may be interpreted differently from business to business, but there are a few best practices you can use to aid identification of potential money laundering risk through employees.
What to consider when vetting staff
Done right, staff vetting removes anonymity, enables employers to fully understand any potential risk, and where risk exists, allows integration of policies, procedures and controls to manage and mitigate that risk.
To help get it right, you should consider:
- What the staff member will be doing for AML compliance. Are they gathering customer identity documents? Are they carrying out customer due diligence (CDD)? Or do they process payments for captured activities?
- Is the potential staff member going to be a Compliance Officer, or a senior manager? Will they make decisions on the onboarding of customers?
- Is the potential employee in a position to circumvent the processes? Could they “fly under the radar” and offer captured activities without carrying out CDD?
In addition, remember that some staff may hold licences for their jobs, such as a real estate agent licence. It is prudent to understand what kind of checks are undertaken for people to attain those licences, so that you can understand if it fits into your business risk profile.
This can entail a lot of additional work, but its worth taking the time to do it properly so you can protect your business as well as meet AML requirements.
Staff vetting checks you shouldn't miss
There are some fundamental areas all AML staff checks should include:
1. Ministry of Justice
A simple and free tool, the Ministry of Justice allows employers to collect information about potential employees from any records they hold.
These criminal record checks cover criminal and traffic convictions. However, they do not include charges that haven’t gone to court yet, as well as infringements and charges where the employee has not yet been convicted.
2. Personal/professional reference checks
Reference checks are a standard HR/recruitment practice and it fits in well with staff vetting requirements. Carrying out reference checks enables organisations to:
- Understand a person’s performance at previous roles;
- Confirm that they have worked where they claim to have worked;
- Gauge a person’s capabilities; and
- Learn more about their potential employee as a whole.
While reference checks should not be relied upon in an anti-money laundering or countering the financing of terrorism context, they are a useful tool in the overall staff vetting process.
3. Credit checks
In New Zealand, credit checks record and include all the times a person has been given credit by a bank or company, and if the debt has been paid in time.
People will have a credit history if they have ever:
- had a loan
- asked their bank for an overdraft
- used a credit card to buy something
- needed a payday advance
- bought something on hire purchase — including interest-free deals from stores.
These adverse credit checks can indicate a potential money laundering (ML) risk. It may seem harsh but a person with poor credit history may be easily taken advantage of to circumnavigate standard compliance procedures in a business, whether that be AML related, or financial procedures such as payroll. The promise of money to carry out activities that may adversely affect companies may be difficult to resist, particularly if money is an issue for the person.
It is important to note that credit checks should not be taken at face value, particularly if a person has just taken on significant debt such as a new mortgage.
4. Electronic Identification Verification (eIDV) and customer due diligence
Carrying out identity checks is a key aspect of staff vetting. This will help confirm a person is who they say they are. Due diligence checks will support this, allowing you to confirm other details such as current addresses.
This important part of staff vetting is crucial in identifying ML risk. It mitigates anonymity and provides you with assurance that you are recruiting a “real” person.
5. Politically Exposed Person (PEP), Special Interest Person (SIP), and sanction checks
It may seem unlikely that potential employees are a politically exposed person, a special interest person, or a person or entity subject to current sanctions. However, such checks remove that ambiguity and enable you to fully understand the potential employee.
6. Social media checks
Reviewing a person’s social media profile can assist in identifying potential areas of risk. While the actions of a person outside of work may not be directly relevant to their jobs, it can indicate potential areas of risk that the company may not want to introduce. This is particularly true where there are indications that the person agrees with agendas or ideas that do not align with company values or expectations.
In addition to the checks listed above it is important to go the extra mile when recruiting for senior manager and compliance officer roles. Given their position, they can present deeper ML risks. Furthermore, brand perception can be significantly increased when non-compliance is identified at a higher level in the business.
Additional checks for critical roles:
- Disqualified director checks – these checks enable you to see if the potential senior manager or compliance officer has been removed from previous director positions, or has been banned from being a director of a company.
- Adverse media checks – these allow for identification of potential ML risk, particularly if the media checks indicate previous acquisitive crimes or predicate crimes to this type of activity. While published articles about a fence line dispute may not be directly relevant, more serious allegations and discussions in the media can impact the suitability of appointment.
- Owner name searches – checking for current director or shareholder obligations against the Companies Register allows for identification of potential conflicts of interest. While being a director/shareholder of a trustee company for a family trust may not be significant, being a director or shareholder of a high-risk type of entity such as nail salons, oil refineries, precious metals or stones, can indicate potential risk.
- Insolvency searches – this can indicate potential money laundering risk through insolvency.
All of the above areas of staff vetting will, when carried out well, help you make smart hiring decisions and assist in managing the introduction of new risk to the business. It doesn’t quite end there though – existing employees may need vetting too.
Staff vetting doesn't end with new employees
Staff responsibilities will often change, contractors may temporarily join your business, and staff may not be fulfilling their duties correctly. In all these scenarios you’d need to consider extending your staff vetting to include existing employees and contractors:
Moving into an AML role
There may be times when employees move into a new role that holds AML responsibilities. Employers should consider how they will manage that risk.
While historical understanding of the employee’s capabilities will no doubt be factored into a decision, this should not be the end of the road. You need to ensure that they have an understanding of money laundering and financing of terrorism risks, and how to manage and mitigate this.
Conducting additional staff vetting will enable you to understand and manage that risk.
Event triggered vetting
It may be identified that an employee has acted in a way that presents ML risk to the business. For example, they may have missed steps in CDD, misunderstood a potential risk flag, or failed to escalate an issue through the relevant channels.
You need to consider if the staff member needs to be vetted again to ensure ML risk is not being introduced by these errors.
Contractors can have a big impact on your business too. So, even if they don’t have full access to systems, you should consider whether or not vetting needs to be carried out on contractors to mitigate any risks.
Getting help when you need it
Staff vetting is often carried out by internal teams, which can be efficient for low volume, less complicated checks but it is not always the most cost effective in terms of time or money. And it can become a painful process when having to make investigations with multiple agencies.
Using an AML provider like tic company will significantly speed up the process, means you can secure talent quickly, only have to deal with one agency, and get guaranteed expertise when dealing with AML positions. Contact us to get started.