I. Summary of Key Recommendations
|Highest Priority||Legal:||Implementation Timeline|
|Undertake a comprehensive legal reform of financial and fiduciary companies (FFCs) in order to strengthen transparency in corporate ownership; and clarify the scope of activities in which these companies can engage.||Immediate|
|Amend provisions on bank secrecy to further facilitate sharing of information among financial supervisors and among financial institutions, in line with FATF Recommendation 4.||Immediate|
|Amend provisions or issue instructions to address the legal shortcoming in customer due diligence (CDD) requirements that pertain to: politically exposed persons (PEPs FATF Recommendation 6), simplified due diligence, ongoing monitoring and timing of verification (FATF Recommendation 5), and screening of financial institutions’ employees (FATF Recommendation 15).||Short Term|
|Ensure that financial institutions are properly and effectively implementing the CDD requirements.||Ongoing|
|Seek closer cooperation with the Italian Financial Intelligence Unit (FIU) and law enforcement authorities responsible for AML/CFT, possibly through a Memorandum (MOU).||Short term|
|Increase staff of the Financial Intelligence Agency (FIA), the central Bank of San Marino (CBSM) supervision units, and the Judiciary responsible for AML/CFT.||Medium term|
|Enhance collaboration between the FIA and the CBSM in the area of financial sector AML/CFT supervision.||Immediate|
|Prohibit omnibus accounts with commingled funds and require that each of the fiduciary’s customers be specified in a dedicated sub-bank account.||Immediate|
|Prohibit or suspend the application of simplified CDD by financial institutions to accounts or other relationships maintained with FFCs that offer fiduciary services;||Short term|
|Reconsider some of the FIA’s non-core FIU responsibilities (such as the power to act as judicial police on delegation from the judicial authority) in the light of the FIA’s limited human resources.||Short term|
|Complete the inspection cycle for all FFCs for compliance with the AML/CFT requirements.||Ongoing|
1. The banking sector in San Marino is small in absolute terms but represents close to nine times of GDP. Total assets stood at €11.5 billion as of end-June 2009. Of a total of 12 commercial banks, four are “historical” banks established at the end of the 19th century, and two are majority foreign-owned. San Marino’s banks attract deposits from Italy and lending or investing them in Italy. San Marino receives more funds than it can lend domestically.
2. The nonbank financial sector in San Marino is embryonic. It consists of two asset management companies, two recently licensed foreign life insurance companies, and over 50 fiduciary, leasing, factoring, and small consumer lending companies. The assets and income of these companies have been growing rapidly during the past two years, but none is yet of significant size. Fiduciary companies, which account for the majority of the nonbank financial sector, offer fee based services for holding customers assets in their own name, but they provide little or no investment or wealth management advice.
3. The level of domestically-generated proceeds of serious crime in San Marino is low. However, San Marino is vulnerable to money laundering (ML) of proceeds of crimes committed abroad (mostly in Italy). In the past, these proceeds were predominantly generated from tax evasion. However, statistics provided by the authorities for the period of 2008-2009 on domestic ML investigations or referring to requests of mutual legal assistance (MLA) related to ML, indicate that proceeds that could have been laundered in San Marino are also generated from other serious predicate offences, such as drug trafficking, mafia-type criminal organizations, illegal banking activities, fraudulent bankruptcy, and fraud. The risk of terrorist financing (TF) is low.
4. The past record of weak implementation of AML/CFT requirements by the financial institutions, especially on customer due diligence and reporting of suspicious transactions, combined with insufficient AML/CFT supervision and inspections, leaves the Sammarinese financial sector vulnerable to ML (and potentially to TF) activities. San Marino’s largest bank and its subsidiary fiduciary company are currently under criminal investigation for charges of ML and criminal association, among others. The Sammarinese financial sector, until very recently, was characterized by a number of features that have created a favorable environment to ML, such as strict financial secrecy, the availability of fiduciary services or corporate ownership arrangements intended to systematically hide beneficial ownership, the availability of financial instruments that facilitate anonymity and easy transferability (such as bearer passbooks or bearer certificates of deposits), and the predominant use of cash and the negotiation of large volumes of checks with multiple endorsements and illegible signatures. The widespread granting by Sammarinese financial institutions of collaterals (“fideiussioni”) on loans issued by Italian or foreign banks is also said to have facilitated ML activities1.
III. Recent Developments
5. Since the adoption of the MONEYVAL2 Mutual Evaluation Report (MER) in April 20083, San Marino has made considerable progress in bringing its legal and institutional framework in line with the FATF recommendations. Following the adoption of the MER, San Marino was placed under enhanced scrutiny (“compliance enhancing procedure”) in light of its relatively low compliance ratings. At the time, there were numerous deficiencies in San Marino’s AML/CFT legal and institutional framework. In particular, San Marino was rated poorly (i.e., either non-compliant or partially compliant) on the “key” FATF recommendations, such as in the following areas: customer due diligence (CDD)4 and record keeping (non compliant-NC), the reporting of suspicious transactions (ST) related to criminal proceeds (partially compliant-PC) and suspicions of terrorist financing (NC), bank and financial institution secrecy provisions (PC), the establishment and functions of the “financial intelligence unit5” (FIU), international cooperation (PC), and freezing of terrorist assets (PC). Other areas where San Marino rated poorly included the lack of transparency in the corporate structure of legal persons (PC, because of the possibility for companies to issue shares in bearer form) and arrangements (NC) and to the lack of effectiveness of the supervisory regime, including sanctions (PC).
6. On June 17, 2008, San Marino passed a new AML/CFT law (no. 92/2008, modified by Law no. 73/2009 in the part concerning sanctioning for non compliance with preventive measures). The law, among other things, prohibits anonymous accounts, establishes a full range of CDD obligations (including the obligation to identify and verify the beneficial owner), introduces a risk-based approach to CDD, and record keeping requirements. The law also establishes the Financial Intelligence Agency (FIA) as an autonomous agency within the Central Bank of San Marino (CBSM), which is operationally independent from the CBSM in the implementation of the FIU’s core functions, that is, the FIA is responsible for receiving, analyzing, and disseminating to the judiciary suspicious transactions related to ML/TF. The responsibilities of the FIA are further detailed in the Delegated Decree no. 135/2008 (modified by Delegated Decree no. 146/2008; hereinafter: Delegated Decree)…
7. The FIA issued various binding “instructions” to complement the requirements set forth in the AML/CFT law. Both the AML/CFT law and the instructions issued pursuant to it require financial institutions and designated nonfinancial businesses and professions (DNFBPs) to undertake CDD, including for beneficial owners, apply “enhanced due diligence” in higher risk circumstances, adopt a risk-based approach in managing clients’ relationships, establish internal controls, appoint AML/CFT compliance officers, train staff, and etc.
8. Several other measures were adopted to strengthen San Marino’s AML/CFT regime, such as:
- a new regime for the transfer of bearer shares (Law no. 100/2009)6;
- the adoption of a law on rogatory letters (Law no. 104/2009);
- the introduction of a declaration system for cross-border physical transportation of cash and bearer financial instruments (Delegated Decree no. 74/2009);
- the introduction of measures to fight terrorism pursuant to the United Nations Security Council Resolutions 1267 and 1373 (Congress of State Decision no. 2, 2008 and subsequent amendments);
- the adoption of a law on special investigative techniques (wire tapping, Law no. 98/2009;
- the adoption of a law decree (on September 22, 2009), which has prohibited the issuance of new bearer passbooks (BP) and has phased out the existing ones by June 30, 2010. From that date all BPs, regardless of the balance, must be converted into nominal ones. Also, the decree establishes that no withdrawals/deposits can be done on the existing passbooks from the date of its entry into force. The FIA has conducted a series of inspections in banks to check for compliance with this requirement; and
- the adoption of a law decree (November 8, 2009)7 which has prohibited the issuing of certificates of deposits in bearer form and required that the reimbursement of the existing bearer certificates in circulation be reported to the AML/CFT compliance officer, for amounts exceeding EUR 15,000.
9. The authorities have also adopted a series of measures in regard to bank secrecy in the case of AML/CFT:
- Article 86 of the AML/CFT law amended Article 368; of the Law on Companies and Banking, Financial and Insurance Services (LCBFI) to provide that bank secrecy cannot be invoked in the case of AML/CFT-related requests for information by the supervisory authorities and the FIA;
- The CBSM has issued an “interpretative note” (CBSM Recommendation No.2009-01) for the application of Article 36 of the LCBFI. This note states that the provision of information by the Sammarinese financial institutions on their customers to financial institutions of other countries, which may be sought by the latter to fulfill AML/CFT obligations, does not constitute a breach of bank secrecy 9. The FIA has also issued an instruction (No.2009-02) which requires financial institutions to provide to their foreign counterparts the information required to fulfil the latter’s CDD and AML/CFT requirements;
- Law Decree No.65 of May 14 200910 provides for the establishment of a database, to be maintained by the CBSM, to facilitate interbank transmission of data on customers and beneficial owners between Sammarinese and Italian banks. This decree was followed by CBSM Regulation No.2009-03, which has set forth the implementing regulations for such transmission of data;11 and
- Finally, on September 14, 2009, the Congress of State introduced a draft bill with further amendments to the banking secrecy12.
10. International cooperation has increased (including FIA’s exchange of information with its foreign counterparts, discussed later on in this note). In 2008, San Marino granted mutual legal assistance (MLA) in eight cases out of eight requests received, relating to ML. From January 1 to July 31, 2009, nine out of nine such requests were granted.
11. The AML/CFT institutional framework has been significantly strengthened at all levels and the authorities’ commitment to seriously fight ML/FT remains high; however, human resources are limited. This situation can constitute a hindrance to the effective implementation of the AML/CFT regime. Lack of human resources is an issue for the FIA, which has been vested with several other responsibilities (including supervision) in addition to the core functions of the FIU, as well as for the Supervision Department of the CBSM and particularly for the judiciary, where currently only one investigative judge and two aides are responsible for ML investigations and for dealing with an increasing number of MLA requests.
12. AML/CFT inspections have increased, especially for the period of 2008-2009, when the FIA also became operational. However, given the poor record of implementation of financial institutions with respect to AML/CFT requirements, as well as the lack of financial sector supervision in the past, and the limited number of human resources currently, AML/CFT supervision should be considerably strengthened. The CBSM and the FIA have signed a Memorandum of Understanding (MOU) on supervision13; however a more structured and risk-based planned approach, which combines the synergies of the CBSM and the FIA could remedy the human resource issue in the short period.
13. MONEYVAL lifted the compliance enhancing procedure in September 2009, acknowledging the progress achieved by San Marino in addressing the recommendations formulated in the MER. An on-site visit of San Marino is planned for September 2010, as part of MONEYVAL’s fourth round of mutual evaluations.
IV. The AML/CFT Law and its Implementation
14. The AML/CFT requirements set forth by the AML/CFT law and by the FIA’s regulations are clearly written with a view to matching the international standards and constitute a significant improvement of the AML/CFT requirements first established in 1998. However, some shortcomings in the legal system remain and should be addressed in order to ensure full consistency with the FATF Recommendations and best AML/CFT practices. Despite the measures introduced to address bank secrecy issues, and although bank secrecy is not opposable to the FIA, the CBSM or the judicial authority, Article 36 and 103 of the LCBFI establish strict requirements that hamper the sharing of information in the broad terms envisaged by FATF Recommendation 4. With regard to international sharing of information between supervisors, it should be noted that disclosure of confidential information to a foreign authority is prohibited without a formal agreement and there must be written permission of the CBSM before further disclosure is allowed by the recipient authority. The requirement that foreign confidentiality provisions should be “equivalent” to San Marino is also a further burden on cooperation, because such equivalence may be costly and time consuming to assess. While not unknown in other countries, the combination of these provisions in the context of San Marino could restrict information sharing.
15. With regard to the sharing of information between financial institutions, the CBSM has indeed clarified with an interpretative note, as mentioned earlier, that the provision of information to financial institutions, including foreign ones, does not constitute a breach of bank secrecy when the information is sought to fulfill AML/CFT requirements by the requesting party. However, it is not clear how an interpretative note can override the primary law. Therefore, a change in the law would be better suited to clarify such an important issue. The foreign owned banks informed the mission that they do not report confidential customer information to their parent companies and do not permit their head office internal audit or compliance staff access to their files.
16. It is recommended that authorities remove the requirement that the confidentiality provisions of a foreign authority be “equivalent” to those of the CBSM and substitute the requirement that the confidentiality arrangements should be “adequate” for the protection of the information concerned, according to the judgment of the CBSM.
17. It is recommended that authorities change the LCBFI, so as to allow foreign owned banks to share information currently subject to bank secrecy to its parent bank and home state supervisor and to specifically allow the bank-to-bank sharing of information for AML/CFT.
18. Another significant legal shortcoming is related to FATF Recommendation 6 on Politically Exposed Persons (PEP), in that the requirement to obtain senior management approval is limited by the AML/CFT Law only to the establishment of the business relationship with a PEP and does not apply to the case where a customer has been accepted and the customer or beneficial owner is subsequently found to be, or subsequently becomes a PEP. In this case, Recommendation 6 provides that financial institutions should be required to obtain senior management approval to continue the business relationship.
19. Considering that the majority of the financial institutions’ customers are nonresidents, and the issues noted later on in this note with regard to legacy customers, It is recommended that authorities require financial institutions to obtain senior management approval to continue the business relationship also when the customer or beneficial owner is subsequently found to be, or subsequently becomes a PEP.
20. Other shortcomings in the legal framework include the following:
- Article 26 of the AML/CFT law on simplified due diligence relieves financial institutions of the requirement to undertake any due diligence other than determining if the entity or product meets the requirements for simplified due diligence.
- Article 23 of the AML/CFT law permits a financial institution to start the business relationship in advance of the completion of due diligence, but there is no requirement on the financial institution to manage the risks thus involved, for example by restricting the number or nature of transactions.
- Article 6 of FIA Instruction 2009/03, “Implementation of risk-based approach”, allows banks to limit their monitoring of “limited risk customers” to once every two years, of “low risk customers” to once every year and of “medium risk customers” to once every six months, instead of requiring continuous monitoring of transactions, in contradiction with Article 22, para. 1 d) of the AML/CFT law, which requires ongoing monitoring of the business relationship.
- There are no requirements regarding the need to have adequate screening procedures in place to ensure high standards when hiring employees. These are limited only to corporate officers, defined as directors, auditors or head of the executive structure and the general requirement that staff be suitably qualified.
21. It is recommended that authorities address these shortcomings. The FIA could issue instructions to address the issues noted above; Instruction 2009/03 should be modified to clarify that the timeframes specified therein are only “at a minimum” and do not exclude the financial institutions’ obligation to conduct ongoing monitoring of the business relationship.
22. Banks and financial institutions have started implementing the new AML/CFT requirements, with mixed results. A step in the right direction is the steady increase of the number of suspicious transaction reports (STRs) received by the FIA in the course of 2009 (including by DNFBPs), compared to 2007 and 2008. In 2007 44 STRs were reported (39 of which by banks); in 2008 110 (79 of which by banks). From January 1-November 6, 2009 the FIA received 190 STRs (out of which 140 by banks). STRs were also filed in case of attempted transactions.14
Suspicious Transaction Reports received by FIA:15
|Commercial Banks (CBs)||140||10||12||83.3%|
|Financial and Fiduciary Companies (FFCs)||22||15||51||29.4%|
|Central Bank of San Marino (CBSM)||2||1||1||100.0%|
|Insurance Companies (ICs)||-||-||2||0.0%|
|Post Offices (Pos)||2||2||10||20.0%|
|Collective Investments Companies (SGs)||-||-||2||0.0%|
|Insurance Intermediaries (IIs)||-||-||44||0.0%|
|Financial Promoters (FPs)||-||-||3||(not|
|Non financial parties||-||-|
|Notaries and Lawyers||3||3||113||2.7%|
STRs received by reporting entities - attempted transactions
23. Overall, effective implementation of the AML/CFT requirements by financial institutions remains a significant challenge, particularly for legacy customers. Prior to 2008, the AML requirements were not actively enforced, although these requirements had been in place since 1999. The CBSM and its predecessor bodies had primary responsibility in the area of AML/CFT, including for checking compliance, but in fact there were few detailed instructions and no inspections were conducted. Many of the banks’ and financial institutions’ customer relationships were established before the current requirements came into effect. Most of those customers were accepted in a context characterized by abnormally large use of cash or other instruments that facilitated anonymity or made it difficult to trace the source of the assets. As a result of this environment, many customers may have placed funds with banks and fiduciaries in circumstances where there was a high risk that the beneficial owner was not truly known to the financial institutions and that the funds involved were the proceeds of some sort of financial crime, even if that crime was not a predicate offence for money laundering in San Marino16.
24. Verification of customer identity and the source of funds or income, risk-based profiling of clients and a thorough ongoing monitoring of already established business relations will be critical to effectively implement the CDD requirements. Effective customer due diligence and ready availability of comprehensive information and documents on clients, and on the transactions they undertake are of paramount importance not only for the financial institutions to properly comply with their AML/CFT obligations, but also for the authorities in charge of AML/CFT to effectively undertake financial analysis, criminal investigations, and supervision. This is particularly relevant in San Marino, where customers are mostly non-residents and such information, if not maintained by the Sammarinese financial institutions, is accessible only via international cooperation.
25. Compliance with the new AML/CFT requirements is uneven across the banks and the financial sector at large. The five banks visited by the mission have adopted and established, between May and November 2009, internal regulations and procedures addressing the requirements of the AML/CFT law and the FIA instructions, either by issuing several internal instructions in the form of circular letters or (for the majority) by adopting internal AML/CFT manuals. However, of the three FFCs met by the mission, only one provided a copy of the internal procedures it had adopted.
26. Implementation of the client risk profiling requirements is not yet complete and may not be fully accurate. The CDD requirements set forth in the AML/CFT law and the FIA’s instructions address all customers, including existing ones. A CDD related obligation that will be particularly challenging to effectively implement is that of determining the client’s risk profile. According to the FIA’s instruction No. 3 of 2009, financial institutions have to classify clients into four categories, based on the level of risk determined by applying the criteria established by Article 25 of the AML/CFT law. These criteria are set with regard to the type of customer (legal status, main business activity, customer’s behavior, and the place of residence), and the type of business relationship, or in the case of an occasional transaction (the type and specific way of execution, amount, frequency, coherency of the transaction with the business profile of the customer and the information available on the customer, and the geographical area of the execution of the transaction).
27. The obligation to risk-profile clients is already in force for customers accepted after June 1, 2009, whereas for existing customers the deadline for completing their profiling was set for December 1, 2009. However, according to the information provided by the banks visited by the mission, some banks had performed the risk profiling for 75% of their clients, while others for only 15%. One fiduciary firm of the three visited was not even aware of the obligation to risk-profile customers.
28. Some banks have elected to undertake client profiling with software that relies on information in their databases. However, the various databases have been set up following bank’s internal rules on data storage or using in-house programs, and are therefore not all uniform. The software that the FIA is considering to require for all financial institutions (GIANOS) presupposes the use of uniform classifications and codes (which has not yet been undertaken) by all financial institutions. This software, in order to generate consistent risk profiles, assumes that its users have stored/classified the data over a certain period of time. This is not the case for all financial institutions, especially the fiduciary firms. Moreover, not all financial institutions may have all the information for all customers and it is not clear whether the fiduciaries, other than having an AML/CFT register (required by instructions issued pursuant to the old AML/CFT law) have a customer database at all. There remains a risk, therefore, that many existing customers will not be subject to appropriate risk profiling.
29. The FIA should provide guidance to the banks, so that they can determine which of their legacy customers should be regarded as high risk. The FIA is recommended to give further guidance on which of the legacy customers should be regarded as high risk for the purposes of the financial institutions’ implementation of their risk based approach and their assessment of where enhanced due diligence is required. For example, the FIA could make clear to the institutions subject to AML/CFT obligations that any customer who has made a deposit of more than a threshold set by the FIA in cash or (to the extent that the information is available) multiple endorsed checks with a cumulative high value should be regarded as high risk and that the consequences envisaged by the law (Article 27) should apply. In particular:
- a. They should be subject to enhanced due diligence and that the adequate measures should include additional and independent verification of the ownership and of funds (independent of the depositor and the original introducer);
- b. There should be satisfactory evidence on file showing why the use of such large quantities of cash was consistent with the legitimate business purpose of the customer;
- c. Any bank asked by a fiduciary to undertake a transaction for a customer it did not know should ask whether this was a high risk customer and, if so, insist on seeing the CDD information in order to satisfy itself that it was properly verified, that the use of cash or endorsed checks was properly justified, and that the source of funds is known;
- d. When any of these requirements were not met or information was refused, the bank should consider submitting a suspicious transaction report and refuse to undertake a transaction.
30. Effective implementation of CDD requirements is challenging, particularly in the case of the fiduciaries. Fiduciaries are likely to have taken on customers in the past that made deposits in cash, through multiple-endorsed checks, or by other untraceable means. In such cases, they may have no knowledge of beneficial ownership of funds beyond a signed declaration of the depositor, an introduction from a bank (in the case in which the fiduciary was owned by a bank), or a lawyer or notary. Hence, the risk classification, as well as proper CDD of the existing clientele, may be compromised. Statements by one fiduciary to the mission that it was not aware of the existence of a risk profiling obligation and by another fiduciary that 97 per cent of its customers were classified as low risk (even though virtually all of them deposited funds in the form of cash or multiple endorsed checks), demonstrate that risk classifications have not been properly undertaken.
31. Very few of the financial institutions visited by the mission declared that they had systematically contacted their customers to update the information obtained, and verify the source of funds and the identity of beneficial owners. The majority of financial institutions (including banks) stated that they request such information “at the first opportunity”, which usually means when the customer visits the financial institution to perform a transaction. There will therefore be a number of customers for whom there is no up-to-date information, because a suitable opportunity has not yet arisen. Moreover, in the case of fiduciaries, the firms visited by the mission stated that there are a substantial number of customers who do not wish to be contacted (for confidentiality reasons). Therefore, updating information on such customers will be particular difficult.
32. The FFCs offering fiduciary services are vulnerable to ML activities and considerably weaken the AML/CFT regime. It is significant that of the ongoing investigations for ML and of the MLA requests related to ML, the majority involve the use of fiduciary accounts maintained by these companies. ML vulnerability in the fiduciary sector derives from both gaps in the legal framework, poor AML/CFT internal policies and procedures, and from the services typically offered by these firms. While the legal framework governing the banking, insurance, and securities sector has undergone fundamental reform, the legal and regulatory framework of the finance and fiduciary sector remains fragmented and weak. The mechanisms to ensure transparency in the ownership of FFCs ownership should be enhanced and the scope of the activities in which fiduciary companies can engage should be clarified. As noted earlier, some of the companies met by the mission had not yet completed or undertaken the risk profiling of their clients, nor was it clear to what extent information on clients (often introduced by third parties) is readily available to justify the client’s economic profile or to enable ongoing monitoring of the business relationship.
33. Fiduciary companies appear to offer very often no more than a “shield” to prevent or to make it more difficult to determine the linkage between assets and the customers (or beneficial owners). Often the fiduciary company maintains a single account (“omnibus” account) in the bank, which is used for the operation of several fiduciary relationships and which makes it difficult for the bank to detect suspicious transactions. The firms visited by the mission indicated that until recently, they have been accepting abnormally large amount of cash from clients, as well as negotiating/cashing abnormally large volumes of multiple-endorsed checks, often with illegible or fictitious signatures. It is very likely that these firms do not have adequate information on their clients, especially clients that were accepted prior to the entry into force of the new AML/CFT law, and yet, according to the law, they can be relied upon for the identification of customers by other financial institutions (including banks). It is also worrisome that financial institutions can apply simplified due diligence in the case of bank accounts opened by a fiduciary company to manage funds on behalf of their clients.
34. The number of FFCs filing STRs remains low, when compared to the overall number of fiduciary firms (see figures for FFCs, in the chart below17); the fiduciaries visited by the mission have never filed a STR.
(Res) that filed STRs compared to number of REs
35. It is recommended that authorities:
- conduct on-site visits to all FFCs to check compliance with the AML/CFT requirements;
- prohibit omnibus accounts for the management of FFCs’ customers where funds are commingled;
- in the case in which a single account is maintained within a bank for a FFC, require that each of the fiduciary’s customers be specified in a separate sub- account, as already is the practice of some FFCs;
- prohibit the possibility for a financial institution to rely on a fiduciary for CDD purposes or introduce a requirement that the bank must first satisfy itself as to the adequacy of the fiduciaries’ CDD procedures before relying in the CDD carried out by the latter;
- prohibit the fiduciaries to negotiate checks; and
- prohibit (or suspend temporarily) the application of simplified CDD by financial institutions for accounts or other relationships maintained with fiduciary firms.
V. The Financial Intelligence Agency
36. The FIA is the FIU of San Marino and is responsible for receiving, analyzing, and disseminating to the judiciary cases of suspected ML/TF. Pursuant to the AML/CFT law the FIA is an autonomous agency established within the CBSM. The FIA does not have a separate legal personality from the CBSM. The FIA has also other functions related to AML/CFT, such as conducting inspections on reporting entities’ compliance with the requirements established by the AML/CFT Law or acting as “judiciary police” on behalf of the investigating judge, upon delegation of authority.
37. The FIA appears to have sufficient operational independence. It is not uncommon for a FIU to be established within a central bank or in other state agencies or ministries. The FATF AML/CFT methodology (criterion 26.6) requires that the FIU “should have sufficient operational independence and autonomy to ensure that it is free from undue influence or interference.” The circumstance that the FIU is established within an existing agency or ministry is not per se contrary to Recommendation 26, provided that the FIU has sufficient operational independence and autonomy so that the exercise of the FIU’s functions can be free from undue influence. From this standpoint, the FIA’s legal framework clearly provides that the “core” functions of the FIU, i.e. the reception, analysis, and dissemination of STRs are vested in the FIA (and not in the CBSM), which will exercise them “in complete autonomy and independence.” (Articles 2 and 4 of the AML/CFT law and Article 14 of the delegated decree). Article 7 of the delegated decree further states that “the Director (of the FIA) shall be responsible for the operations of the agency, the activity of which he shall plan, manage and control in full autonomy.”
38. The procedures for the appointment and dismissal of the FIA’s director are set forth by the AML/CFT law and the delegated decree. The responsibility for appointing the director is vested in the Congress of State (upon the proposal of the Committee for Credit and Savings-CCS) and not in the CBSM, that has only a consultative role in the procedure (it must be heard by the congress, according to Article 3, para. 1 of the AML/CFT law). The director must possess “requisites of professionalism, independence and respectabilities (these are substantiated by the delegated decree, Articles 2-7). The director can be removed from the office if he/she does no longer satisfy the conditions required for the appointment or if found “guilty of serious deficiencies”. These procedures appear to be in line with the requirement of operational independence and autonomy.
39. The FIA is understaffed to undertake the full range of functions assigned to it by the law. The FIA has currently a staff of 10 (two more positions need to be filled), which is not enough to properly undertake the various functions envisaged by the AML/CFT law. In addition to the “core” FIU functions, the FIA is also responsible of rule-making in the area of AML/CFT, inspecting reporting entities’ compliance with the AML/CFT requirements, train law enforcement authorities on AML/CFT and, upon delegation of the judiciary, act as “judicial police” in criminal investigations of ML/TF cases.
40. The responsibility for determining the staffing plan of the FIA (“pianta organica”) is vested in the director by Article 7, para. 3 of the delegated decree, according to which the director proposes to the CCS the “pianta organica” and the CCS, having heard the Governing Council of the CBSM (GCCB), approves the proposal, having determined that the proposed personnel structure “meets the criteria of economy, proportionality, efficiency, and effectiveness”. According to para. 4 of this provision, the director is also responsible for proposing to the GCCB the recruitment of staff (as well as the annual performance review of the FIA’s staff for promotions). It is not explicit in the text of the delegated decree who has the responsibility for dismissing staff. The FIA clarified that the rules envisaged by the contracts in place with the CBSM staff would apply.
41. The FIA’s staff is hired according to the procedures and through contracts with the CBSM (article 8, para. 1 of the delegated decree), which is a natural consequence of the FIA being established within the CBSM. This circumstance does not have an impact on the operational independence of the FIA, considering that paragraph 2 of the same provision stipulates that staff “must be selected in such manner as to guarantee the complete independence of the agency”. Also, the fact that the staff of the FIA (including the staff seconded from other ministries or agencies of San Marino) can benefits from the same contractual conditions and salary of the CBSM, can only strengthen the operational independence and autonomy of the FIA.
42. The FIA informed the mission that in determining the number of staff (set at 12 for the first 2 years of operation) it has followed a phased approach that takes into account the start up period and a test of the performance in the implementation of the FIU’s functions over a period of two years, after which the number of staff will be re-assessed.
43. It is recommended that the FIA conduct an assessment of the need of additional staff ahead of the two-year period, given the likely increase in the workload as the level of implementation of AML/CFT requirements by the reporting entities increases.
44. The FIA needs to reconsider the utility of certain non-core functions assigned to it by the law, especially in light of the limited number of human resources. The AML/CFT law establishes that the FIA can act as “judicial police” upon delegation of such authority by the judiciary, in investigations related to ML/TF or non compliance with the requirements of the AML/CFT law (Article 5, para. 4). This activity, which involves for example interrogations of suspects or witnesses, has proven to be burdensome, especially in a context characterized by a limited number of human resources and an increased number of MLA requests, and its utility for ML/TF investigations is not clear. Also training law enforcement authorities on AML/CFT could be burdensome.
45. The issue is noted elsewhere in this report that there is a very limited number of magistrates assigned to ML/TF investigations and to deal with MLA requests related to ML/TF. In the short term this issue will have to be addressed by increasing the number of magistrates involved in ML/TF, eventually considering the establishment of a dedicated pool of magistrates responsible for investigations of financial crimes, rather than relying on the FIA for the supply of its officers to compensate the lack of human resources in the judiciary.
46. Although operational only since November 2008 and with limited human resources, the FIA has moved swiftly in fulfilling the responsibilities assigned to it by the AML/CFT law. The FIA has established a procedure for the receipt of STRs in electronic format, set up an internal database, conducted a survey among financial institutions to determine the level compliance with the new AML/CFT requirements, which informs its priorities and its inspection plan. The FIA also drafted an inspection manual and conducted a series of inspections of reporting entities, several of them to check compliance with the new requirements for bearer passbooks (BPs).
47. As noted earlier, a positive trend is the increase of STRs sent to the FIA by financial institutions and DNFBPs. The FIA is properly equipped to conduct financial analysis (although it is considering enhancing the software currently used). However, the number of STRs that, after being analyzed by the FIA, has resulted in judicial cases is low, as shown by the table below.
48. The issue of access to information held in other countries (especially Italy), which may be needed to properly undertake financial analysis or criminal investigations for ML/TF cases, was also pointed out by the representatives of law enforcement. The FIA, as well as other law enforcement agencies have proper access to governmental (Sammarinese) as well as commercial databases. However, because the majority of financial institutions’ customers are non-residents (in the case of the fiduciary companies 99%) and the majority of cases involve Italian residents, closer cooperation with the Italian counterparts (the FIU and law enforcement authorities) is essential to make AML/CFT investigations more expeditious and effective.
49. It is recommended that the FIA and law enforcement agencies seek closer cooperation with the Italian institutions responsible for AML/CFT with a view to concluding MOUs.
50. The number of inspections carried out by the FIA and the CBSM has increased but remains low, especially in the case of the CBSM. Both FIA and CBSM have responsibilities for enforcing compliance with AML/CFT, but they are understaffed. Inspections have increased relative to the period prior to 2006 when, although AML/CFT requirements were in place, no inspections were carried out to check compliance with such requirements. The CBSM, however, was only able to conduct two full scope inspections of a bank since 2006, although it conducts other more specific inspections, primarily related to credit risk, and has conducted 11 full-scope inspections of non bank financial institutions. The tables below shows a breakdown of the inspections carried out by the FIA in 2009 to financial institutions18 and the inspections carried out by the CBSM between 2006-2009.
Inspections carried out by the FIA:
|Commercial Banks (CBs)||23||1||22||12||8.3%|
|Financial and Fiduciary companies (FFCs)||11||6||5||51||11.8%|
|Central Bank of San Marino (CBSM)||-||-||-||1||0.0%|
|Insurance companies (ICs)||-||-||-||2||0.0%|
|Postal offices (POs)||-||-||-||10||0.0%|
|Collective investments companies (SGs)||-||-||2||0.0%|
|Insurance intermediaries (IIs)||-||-||-||44||NA|
|Financial promoters (FPs)||-||-||-||3||NA|
|Non financial institutions||2||2||-||-||-|
|Independent Legal Professionals||3||3||-||233||1.3%|
|Notaries and lawyers||1||1||-||113||0.9%|
Inspections carried out by the CBSM
51. The CBSM and FIA should coordinate their supervisory activities. The AML/CFT law gives primary responsibility for supervision of obligations on financial institutions to the FIA. The CBSM, however, has also the more general responsibility for supervising banks and other financial institutions and sees it as part of this role to ensure that AML/CFT obligations are properly implemented. However, there is a need to maximize the effectiveness of the FIA’s and CBSM’s limited resources by co-coordinating their supervisory activities. To some extent this is happening. It is allowed for in the MOU that the two organizations have signed, although this has been limited in practice to each body informing the other of violations of the rules they are responsible for enforcing. However, cooperation could go further. The FIA and CBSM do not share their inspection programs with each other. The need for operational independence of the FIA in its core function of receiving and analyzing STRs need not prevent the FIA from coordinating its supervisory efforts with the CBSM.
52. It is recommended that the two authorities discuss how they can enhance their effectiveness through a jointly planned risk-based program, so as to maximize the coverage and effectiveness of their enforcement. It is also recommended that additional human resources be allocated for monitoring compliance with AML/CFT obligations.
There have been allegations that proceeds of crime deposited in the Sammarinese banks are used as collaterals.
MONEYVAL is the FATF-style regional body of which San Marino is a member.
The mutual evaluation on-site visit took place in March 2007.
Among the major deficiencies noted were the lack of coverage of financial institutions, deficiencies in the scope of the CDD requirements (for example, the identification and verification of identity of beneficial owners) and the possibility of issuing bearer passbooks.
San Marino was rated NC on Recommendation 26, because the FIU’s responsibilities were vested in different units of the Central Bank of San Marino rather than centralized, and because the exercise of these functions lacked “operational” independence”.
This Law established that bearer shares must be deposited at a public notary’s office, and that transfer of shares’ ownership can only be done with a legalized act issued by the notary.
The Decree was ratified by Congress on January 19, 2010.
This provision establishes the principle of secrecy of financial information.
This interpretative note clarifies that the providing of clientele’s information to other Italian/European financial institutions does not constitute a breach of bank secrecy, when the information is sought for implementing AML/CFT regulations. There have been allegations that SM banks would not provide such information to Italian financial institutions when these were conducting operations involving SM clients (who are mostly Italian residents).
“Intermediation of the Central Bank for the Purposes of Interbank Data Transmission Between San Marino and Italy”.
“Regulation on Interbank Data Transmission between San Marino and Italy”.
The Congress passed the bill on January 21, 2010. The law now specifically provides that financial secrecy cannot be opposed to the penal judicial authority, governmental bodies responsible for the exchange of information with foreign counterparts for the execution of international treaties”, the CBRSM and the FIA (before the law would only more generically refer to the “authority responsible for supervision and AML/CFT” and the penal judicial authority). The law also provides that information covered by banking secrecy may be shared with other foreign authorities or foreign parent companies of Sammarinese financial institutions, but only if an “international agreement exists”.
The MOU delineates the areas of responsibility of the two institutions in regard supervision of compliance with AML/CFT-related legislation and the obligation to inform each other in the case in which a breach is ascertained.
37 cases; out of which 29 from banks, 7 from financial and fiduciaries companies and 1 from a notary.
This is the case of tax evasion, when it does not involve the use of fraudulent means (in San Marino tax evasion is criminalized by article 389 of the criminal code only when committed with the use of fraudulent means).
Banks (Bs); Insurance companies (ICs); Post Office (Pos); Collective Investment Companies (SGs); Insurance Intermediaries (IIs); and Financial Promoters (FPs).
Source: FIA - Financial Intelligence Unit of San Marino.
Period: From January 1 to November 6, 2009.