Background
IBA Japan member firms generally have AML/CFT policies based on their group standards. These standards are based upon globally accepted standards issued by FATF and other complimentary standards like Wolfsberg.
The challenge for our members is implementing global policies using a risk-based approach whilst ensuring compliance with the Japanese CDD regime. Some aspects unique to Japan are rule-based and not necessarily conducive to the best outcome in AML/CFT. Below is a list of areas in the CDD regime in Japan which could be improved.
- Silo-based CDD
In Japan, AML/CFT is governed by two primary laws; the Act on Prevention of Transfer of Criminal Proceeds (the Act) and the Foreign Exchange and Foreign Trade Act (FEFTA). The former is administered by the National Police Agency (NPA) and the latter by the Ministry of Finance (MOF).
It is the Act on Prevention of Transfer of Criminal Proceeds which requires CDD (i.e. verification at the time of transaction and on-going due diligence beyond) to be conducted by an individual specified business operator (i.e. financial institutions and DNFBPs).
However, in the case of a financial group (Japanese or foreign) which operates through multiple channels (e.g., bank, securities firm, etc.) it is common to have a client transacting with multiple group companies. Consequently, this requirement results in duplication of effort and reduced efficiency using resources available for the battle against money laundering and terrorist financing (hereinafter “ML/TF”).
Silo-based CDD also reduces effectiveness and therefore increases risk. This is evident when a bank and a securities firm who are a part of the same financial group is dealing with the same customer. AML officers in the respective companies in the second line of defense (i.e., compliance section) are permitted to share the customer’s non-public information. However, those AML officers in the first line of defense are not permitted to do so.
Bad actors involved in ML/TF have become increasingly sophisticated. This has included the use of more sophisticated approaches/transactions to circumvent rules and avoid detection rather than using straightforward banking or securities transactions. As such, front office staff (typically the first line of defense) are increasingly exposed to the risk of rogue customer attempts to abuse the system, for example, arbitraging between banking and securities transactions. Due to the dedicated efforts by AML officers in the first line of defense, serious incidents have been avoided. However, this does not guarantee that will be the case in the future.
As of June 21, 2021, the sharing of a customer’s non-public information between the first line of defense of a bank and a securities firm who are a part of the same financial group, is not permitted.
Japan should allow information sharing, at least for the purpose of AML/CFT.
- Reliance
Under the current regime, the Act requires each financial institution to conduct CDD. Reliance on CDD conducted by another financial institution is not generally permitted.
As a result;
- A bank cannot rely on CDD requirements fulfilled by another bank in the same group which is a separate legal entity even if the customer has a bank account.
- A bank cannot rely on CDD requirements fulfilled by a securities company which belongs to the same financial group even if the customer already has a securities account.
- A foreign bank in Japan cannot rely on CDD requirements fulfilled by another branch or legal entity outside of Japan which belongs to the same bank or financial group.
The Banking Act does not recognize the head office or other branches outside of Japan as a legitimate bank licensed under the Banking Act. Similarly, the NPA does not allow for cross-border reliance.
As a result, financial institution’s resources are locked in to duplicative/redundant CDD processes. If reliance is permitted, valuable resources could be released and allocated to other AML/CFT priority issues. Ultimately, it would increase efficiency and reduce AML/CFT risk.
Duplicative procedures are not in the best interest of customers.
The NPA should allow greater reliance, especially in the cross-border context.
- Reliance (in the context of online verification at the time of transaction, effective from November 2018)
In November 2018, a new method of online CDD was introduced for banks:
- Method 1: Receiving a soft copy of customer’s photo and photo ID.
- Method 2: Receiving a soft copy of customer’s photo and electronic data stored in an IC chip in his/her photo ID.
- Method 3: Reliance on CDD already conducted by another bank [in Japan only], and receiving either a soft copy of the customer’s photo or electronic data of the customer’s ID.
- Method 4: Making a small amount of remittance to the customer’s account already opened at another bank [in Japan only] which had conducted CDD, and receiving either a soft copy of the customer’s photo or electronic data of the customer’s ID.
Method 1 and 2 are allowed for customers inside or outside of Japan.
Method 3 and 4, however, are not fully allowed for foreign banks; a bank (Japanese or foreign) in Japan can rely on a foreign bank in Japan, but is not allowed to rely on a foreign bank located outside of Japan.
Such asymmetric treatment is constraining foreign banks in Japan. The NPA should take a more reciprocal approach and ensure a level playing field.
- Japan-centric narrow definition of documents eligible for identification
The scope of documents eligible for identification is defined rather narrowly on a rule-basis, which poses difficulty in transactions with foreign customers. Some of the examples are as follows.
The Act allows for IDs such as a Japanese driver’s license, passport, etc.
When such documents do not include all of the required evidence (e.g. customer photo or residential address, etc.), a supplementary document [to the primary ID] is required; for example, a receipt for utility payments showing the residential address.
When dealing with a non-resident customer (e.g. Japanese emigrant to Brasil), foreign banks are challenged by the limited scope of eligible supplementary documents.
This is because utility receipts issued by a service provider in Japan are eligible, but those issued by a service provider outside of Japan are eligible only when the provider is a government entity.
However, utility services outside Japan more often than not are provided by private companies, not by a government entity (this is also the case in Japan).
In addition, a utility receipt is eligible, but a utility bill is not. In some countries, however, only a bill is issued, not a receipt.
The approach to AML/CFT mandated in Japanese law is also inconsistent with the approaches in other areas of Japanese Government. For example, the Ministry of Foreign Affairs (MOFA) is taking a more flexible approach globally. When a non-resident Japanese would like to ask a Japanese embassy or consulate to validate their residential status for the purposes of receiving inheritance, pension payments, etc., they are allowed to provide the embassy/consulate with utility receipts issued by a service provider, public or private.
Identification of customers outside of Japan is challenging given such an unlevel playing field for eligible documents.
Such situation has become even more challenging since April 2020, when non face-to-face identification requirements were strengthened, and a second set of customer ID documents was required.
Based on the above, some foreign financial institutions will continue to struggle to obtain a second set of ID documents and satisfy the amended rules unless the scope of eligible foreign-issued supplementary documents is expanded.
The Japanese Government is strengthening identification requirements, but these will be less effective and have limited benefit unless there is a resolution of this issue (i.e. expanding the scope of eligible foreign supplementary documents).
- Identification of a corporate customer; requirement to obtain a hard copy of certification (typically, corporate registry information)
In the case of transactions with a corporate customers, the Act requires a financial institution to obtain a hard copy of the certification (typically, corporate registry information) from a corporate customer, usually issued by a legal affairs bureau when the corporate is located in Japan.
In some jurisdictions (e.g. Singapore) an official hard copy of the corporate registration document is not available from a government entity; information is only observable on-line.
As a result, when a foreign financial institution in Japan needs to transact with a corporate customer in Singapore, for example, the institution has to ask the corporate customer to print out such information from the online services and send a hard copy of it to Tokyo, in order to simply satisfy the Japanese CDD regulations. This process is inefficient and increases the risk of a forged document.
As part of the relaxation of regulations effective in November 2018, the NPA has allowed verification by corporate registry services [available in Japan] provided by the National Tax Agency and by the Civil Legal Affairs Association. By using these services, a financial institution can choose to conduct CDD on a corporate customer without asking for a hard copy. However, the NPA does not allow firms to rely upon corporate registry services outside of Japan.
The NPA should revisit this issue and allow for reciprocal/globally accepted identification practices.
- Refreshing customer information
In conducting CDD, it is always a challenge to keep customer information up to date; for example, deciding frequency, trigger event, etc.
Most of IBA Japan’s member firms take a risk-based approach. For example, classifying customers into high/medium and low risk, based on a range of factors that include country, industry segment, transaction types, etc. The risk rating will inform the frequency of customer review, although the approach may differ between institutions. For example, high risk customers may be reviewed every year or even more frequently, medium risk customers every two years, and low risk customers every three years.
Alternatively, some IBA Japan member firms use event driven CDD approaches. Triggers might include, irregular transactional pattern, changes in the management of a corporate customer, etc.
In March 2021 the FSA released a “Q&A” and suggested a regular refresh cycle of 1 year for high risk, 2 years for medium risk, and 3 years for low-risk customers. However, in line with the principles-based approach to regulation and supervision, Japan should allow flexibility in approach based on different circumstances. At the same time, the FSA should require “customer refresh” both on the part of financial institutions and their customers.
- Requirements to doublecheck residential status under MOF’s Foreign Exchange and Foreign Trade Act
CDD conducted under FEFTA is basically threefold; A) verification of individuals and legal entities (which is the same as under the Act), B) screening of sanctioned persons, and C) identification of “residential status”.
A and B are relatively straightforward. C is unique to FEFTA because FEFTA is meant to capture financial transactions involving non-residents; in other words, FEFTA is not meant to capture transactions between residents denominated in domestic currency, i.e. Japanese Yen.
To fulfill this mandate, FEFTA sets out provisions where financial institutions must identify the “residential status” of customers by checking their residential address recorded in their legitimate ID document (e.g. driver’s license, resident card issued for foreign residents, etc.). It is supposed to be a relatively simple procedure.
However, MOF says that the ID document alone is insufficient. FEFTA’s lower-level Notice issued in 1980 (“1980 Notice”) sets out that financial institutions have to double check the residential status of “foreigners” by verifying either A) whether the foreigner has lived in Japan for six months or longer; or B) whether the foreigner is employed in Japan. As long as such “double-checking” is conducted on a risk basis, it would contribute to higher security, protect financial institutions, and protect the financial markets and economy of Japan.
According to the MOF, however, the 1980 Notice does not employ a risk-based approach and must be followed to the letter.
This contradicts the fact that the 1980 Notice sets out similar double-checking procedures for “Japanese customers” but our understanding is that such procedures are in practice not conducted; and therefore, this is not a balanced treatment of customers.
In conclusion, the double-checking procedures (or “requirements”, according to MOF) in the 1980 Notice lacks robust legal foundation, and as such administration thereof is open to ambiguous interpretations.
MOF should amend the 1980 Notice and make it clear that double-checking should be done taking a risk-based approach.
- Weak aliases
The United Nations’ Security Council makes a resolution and periodically releases an updated list of sanctioned individuals that require screening at each regulated financial institution.
The Ministry of Finance of Japan (MOF) provides financial institutions with a translated version of the sanctions list a couple of weeks after publication of the UN resolution.
However, there are often subtle differences in the information released by the UN and the translation by MOF. This has a significant impact on a financial institution’s AML/CFT screening operations.
For example, the UN list shows sanctioned individual names, with “Good quality” aliases plus “Low quality” aliases, if any.
Not allowing for a risk-based approach, MOF’s list includes both “Good quality” and “Low quality” aliases without making distinction between the two. As a result, financial institutions are required to screen for all aliases, including low quality ones, taking additional time and resources which could be allocated to higher priority AML/CFT issues.
As recommended by, for example the Wolfsberg Group or US OFAC, financial institutions should be permitted to take a risk-based approach to avoid them needing to allocate an unreasonable level of resources to review a large number of “false positives”. This will also free up resources that they could allocate to other high priority AML/CFT purposes.
MOF should allow for such a risk-based approach.
- Looking forward; centralized KYC
Currently, financial institutions conduct KYC by checking multiple databases including internal databases, and databases from other sources such as public media, commercial vendors, industry associations, etc. It would be more efficient and effective if all this information were unified into one database and a central third-party did initial customer screening on behalf of all financial institutions, rather than each financial institution collating databases and screening customers individually.
Currently, there are multiple initiatives in the market, some of which are still in the early stages, including the ones by the Japanese Bankers Association, Credit Unions Association, NEDO (New Energy and Industrial Technology Development Organization). To maximize benefits, a more joined-up approach would be more effective for Japan.
In addition, a foreign financial institution is challenged with screening Japanese customers because their database is usually using the alphabet, while databases available in Japan are usually in Chinese characters (“Kanji”) or Japanese alphabet (“Katakana”). We hope that if centralized KYC is introduced in the future, it will accommodate the unique needs and requirements of foreign financial institutions.
In 2020, there was a proof-of-concept project commissioned by NEDO to the Japanese Bankers Association to examine the feasibility of centralized KYC utility in Japan. As of June 21, 2021, NEDO has not yet released the final report, and its implications are unclear, including in relation to the impact on foreign financial institutions in Japan.
Japan should be more joined up in pursuing centralized KYC and accommodate the needs and demands of foreign financial institutions, as an important set of participants in Japanese markets.
< Click here to view statement from August 2020 >
###
Login to Access Insights (JA)
Please log in with you member account to access the full IBA Insights Article (JA)