From zero to hero – a brief overview of AML evolution in Latvia

Latvia is largely compliant with all FATF recommendations. The Moneyval 5^th evaluation, two steps from grey listing, and the ABLV case pushed Latvia to innovation in the AML field and to develop effective and unorthodox solutions. The object of this article is to offer a brief overview of these solutions, based on law, extensive practice, and lessons learned when participating in generating some of the solutions mentioned below. At this juncture many of the topics addressed in this article look like nothing new but back in 2018 this wasn’t the case. This topic might be especially useful for those who are considering operating cross-border and those who are looking for new compliance solutions in their jurisdictions.

Shared KYC utility

It was two years ago when discussions started about introducing a shared KYC utility, and it was an honour for me to spearhead those discussions back then as general counsel of the Finance Latvia Association. Since then, the KYC utility has become the law. According to the AML law there can be two types of shared KYC utilities – closed or open.

The closed utility is based on agreement between legally related (within a group) or legally otherwise unrelated obliged entities (for example, three retail banks or 10 notaries) who decide to combine resources to carry out KYC processes at some stage. Most probably this will additionally concern approval from the competition authorities as well.

In contrast, the open shared KYC utility must operate like any other vendor of such information in the field, but obliged entities (also cross-border) are allowed to share information on UBOs (data obtained by those entities manually) and companies under sectoral sanctions (data obtained by those entities manually).

In addition to these two types, there is a place for a subtype as well – sharing a potential client’s KYC form and information portfolio to an obliged entity based on the client’s permission in order to speed up the onboarding process. We know how frustrating it can be to fill out the same forms at a notary’s office, then at a bank and finally at a real estate agent.

Of course, such a shared KYC utility is yet to be established. Moreover, this would demand commitment from participants to contribute (what you share is what you get). Licensing requirements are in place. Something is already in the pipeline.

Information-sharing

Information-sharing is key to success in AML and sanctions, especially identifying sectoral sanctions. Two excellent tools are available.

In addition to the usual private-private information-sharing approach mentioned in the EU AML directives, local specifics allow sharing the names of clients with whom a financial institution has terminated business relationships or refused to enter into due to suspicions of ML/TF. According to the AML law, this information can be exchanged not only on a case-by-case basis but also maintained as a database available to several institutions. The local financial supervisor has occasionally expressed an expectation to use such an information exchange. The data protection authority has been rather tolerant towards this information exchange but demands that information be accurate, cannot be used as formal grounds for refusal (exclusions) to use financial services, and that there should be some authority that could examine whether exchange of data was legitimate.

“Public-private information exchange is something every jurisdiction should have. According to reports issued by the FIU of Latvia, this innovation delivers a lot.”

Public-private information exchange is something every jurisdiction should have. I’m proud of contributing to implementing such a solution with consultative assistance from the UK National Crime Agency in 2018. In the case of Latvia, the model is quite simple. Obliged entities and/or LEAs can exchange information at special meetings at FIU premises. This information can either concern typologies or trends or even names and particular situations. Trust in this case is everything. According to reports issued by the FIU, this innovation delivers a lot.

OFAC

Following the U.S.A., OFAC sanctions are usually market practice if a financial institution has a presence in the U.S.A. or is involved in transactions using U.S. dollars or a supervisory expectation in certain jurisdictions. The EU has a strong political objection to this approach and therefore has issued blocking statutes to stop extra-territorial enforcement of U.S. laws. The approach taken by the EU is a political one, a good example of passing the buck to businesses without providing any meaningful solution ─ especially to financial institutions operating in the global economy ─ but only entraps them.

“When any financial institution or company operates in Latvia, OFAC sanctions should be observed.”

Latvia has chosen quite an unorthodox way – stating in the law that U.S. sanctions have to be followed when it comes to financial sanctions and public procurement. Mainly this wasn’t because banks do not follow OFAC sanctions, but mostly to give businesses practical tools to exit from contracts in relation to which they cannot receive or send payments. When any financial institution or company operates in Latvia, OFAC sanctions must be observed.

Obliged entity

In regard to financial services, the EU has given excellent opportunities to provide them within freedom of services or freedom of establishment. Following the EU AML Directive, if a financial institution from a home member state operates in a host member state via freedom of services (FoS), usually that financial institution is not considered an obliged entity under the host member state’s AML law. This is not the case with Latvia.

Under Latvia’s AML law a financial institution operating in Latvia via FoS is considered an obliged entity, can be subject to inspections from the local AML supervisor and in exceptional cases also be fined by the local AML supervisor. In reality this is not as bad as you might conclude just reading the letter of the law. Actually, a financial institution has to follow all the usual passporting procedures, and in addition to have adjusted the AML and Sanctions risk governing documentation to Latvian specifics, including risks, sanctions, and reporting, while keeping all of this compliant with the home country’s laws, which also includes MLRO appointment.

UBO register

The main challenge of any UBO register is to have accurate information. Latvia was one of the first countries to state that the UBO register should be almost fully available to the general public free of charge. To ensure the accuracy of information, several processes were put in place. Firstly, a corporate register was set up under their own verification procedure based on client risk. Something like this is still uncommon in the EU. Secondly, requiring all obliged entities to report to the UBO register on discrepancies, and then UBO register can circulate the information to LEAs in order to commence criminal proceedings (submitting false information on the UBO is a crime). Thirdly, mandating the UBO register to commence liquidation procedure for companies who haven’t followed the law. Ongoing discussion is to mandate a company to block several rights of shareholders (to vote, to receive a dividend) in the case of whom the UBO has not been disclosed in order to protect the company itself.

“Latvia was one of the first countries to state that the UBO register should be almost fully available to general public free of charge.”

Proliferation

When thinking of starting business in Latvia and becoming an obliged entity, assessing risks related to proliferation financing is mandatory. This is not yet common in other jurisdictions. In many instances, the risk is low or absent but this topic needs to be tackled. If risk indicators are present, risk mitigation measures apply.

PEP database

In order to reduce the administrative burden, Latvia has introduced a local database of PEPs and their family members. Any person providing a name, surname, and ID code can be checked for a positive match. It needs reminding that in comparison to most EU countries grandparents and grandchildren are also considered family members of PEPs. This should be amended soon because this definition was introduced when Latvia had a large portfolio of non-resident (from CIS countries) deposits.

Remote digital onboarding

Four methods are in use – an eIDAS-compliant solution, secure video identification, the selfie/ID copy method, and the one-cent payment method. Several additional restrictions apply to each method. Access to the Population Register is burdensome and impossible in terms of biometrics collected by the state (to verify a client’s photo, for example).

“Under Latvia’s AML law a financial institution operating in Latvia via FoS is considered an obliged entity under Latvia’s AML law, can be subject to inspections from the local AML supervisor and in exceptional cases also fined by the local AML supervisor.”

“AML supervision of financial institutions in Latvia is fragmented. If considering commencing business activities cross-border it is important to be aware of this.”

Joint stock companies

Not all joint stock companies are listed companies. Many of them are privately owned and in 80% of cases there is only one shareholder. Data on the UBOs of those companies are available in the UBO register, but this might not be the case with shareholders. Shareholder records are kept by the management board of the company; therefore, the level of transparency is lower. But this is soon to be amended by demanding this information to be publicly available or registered by a bank. Bearer shares, strictly legally speaking, are not common despite the legal term being used in the Commercial law.

AML supervision

AML supervision of financial institutions in Latvia is fragmented. If considering commencing business activities cross-border it is important to be aware of this. Not all financial institutions are supervised by the local FSA. Consumer lenders or financial institutions that issue loans to legal entities are supervised by the Consumer Protection Centre and State Revenue Service respectively. Even though the AML law is the same, the supervisory approach is different as well as bylaws. If you start operating in Latvia, in order to apprehend the several layers of the AML labyrinth you can’t manage without proper advice.

Takeaway

The EC has proposed significant reforms in AML regulation and supervision. It would be good if this reform would not stop at the lowest AML standard in the EU but aim to achieve the highest and to facilitate innovation in the AML field without being afraid of the GDPR – “a notorious killer” of all information-sharing. My advice to the EC would be just to follow the European Banking Federation’s AML blueprint.