|AML/CFT System||Recommended Action (listed in order of priority)|
|2. Legal System and Related Institutional Measures|
|2.1 Criminalisation of Money Laundering (R.1 & 2)|
Iceland should fully cover all the necessary predicate offences for money laundering, and conspiracy should be fully criminalised. Review domestic laws, and if necessary, adjust them to ensure that self-laundering is fully criminalised.
Consider lowering the standard of proof to demonstrate the mens rea in the money laundering offence by allowing prosecutors and lower courts to adopt a full range of mental element including every degree of knowledge.
Specific training on money laundering investigations jointly with clear guidance by prosecutors on evidence requirements under Sec. 264 should be delivered to officials from law enforcement authorities.
Raise the criminal penalties for money laundering, to be in line with those of other profitgenerating offences in Iceland.
Criminal liability of legal persons for money laundering offence should be expanded and extended to any predicate offence.
|2.2 Criminalisation of Terrorist Financing (SR.I)|
Review the legislation to ensure that the financing of terrorist acts directly is included in the FT offence.
Broaden the definition of terrorist act to include all those activities referred to by Article 2 (1)(a) and (b) of the CFT Convention.
Remove the purpose elements-i.e., the need to demonstrate that the act occurred for the purpose of intimidating/coercing of a government, etc, and the need that the act also to be able to damage a State or international establishment in order for acts under the Convention to be valid FT offences.
|2.3 Confiscation, freezing and seizing of proceeds of crime (R.3)|
Provisions on confiscation should be strengthened especially when the offender is not in possession of the assets, which are held by a third party.
Consider measures that require confiscation of property held by a perpetrator convicted of a serious offence generating profit, unless the offender can prove that the property was legally obtained (reversal of burden of proof).
Consider reducing the burden of proof when executing a forfeiture order after conviction, e.g. by adopting “a balance of probabilities approach” or other standard lower than the criminal standard.
Give higher priority to confiscation of criminal property.
|2.4 Freezing of funds used for terrorist financing (SR.III)|
Establish a central authority at national level to examine, integrate and update the received lists of persons and entities suspected to be linked to international terrorism before sending them to the financial sector.
A domestic mechanism to enact S/RES/1373(2001) should be implemented to be able to designate terrorists at a national level as well as to give effect to designations and requests for freezing assets from other countries.
Adopt procedures for evaluating de-listing requests, for releasing funds or other assets of persons or entities erroneously subject to the freezing and for authorising access to frozen resources pursuant to S/RES/1452(2002).
Release practical guidance to the financial institutions concerning their responsibilities under the freezing regime as well as for the reporting of suspicious transactions that may be linked to terrorist financing.
The direct obligation to freeze funds of persons and entities designated in the context of S/RES/1373 applies only to financial institutions supervised by FSA. This should be broadened to apply to all financial institutions and DNFBPs.
|2.5 The Financial Intelligence Unit and its functions (R.26)|
Improve the structural and operational independence of the FIU by fully implementing the new Regulation 626/2006.
Secure an increased level financial and human resources to enhance its ability to effectively perform the functions of an FIU.
Develop written guidance and direction to reporting entities concerning the manner of reporting STRs.
Develop a standardised STR reporting format for all reporting entities.
Initiate proactive analysis of STRs and police data to enhance the effectiveness of targeting entities involved in suspected ML and FT.
Increase international cooperation between the FIU and other international partners through more active participation in the Egmont Group.
Produce annual reports on trends and typologies (as required in the new regulation 626/2006).
Develop educational programs for the public on AML/CFT issues.
Pursue training and educational opportunities for FIU personnel, the financial sector and other police agencies. (The training issues could be pursued through the Training Working Group of the Egmont Group).
The FIU should consider taking measures regarding the “disaster recovery” of their database. Consideration should be given to having the system automatically back-up the information at regular intervals with the back-up information being stored off site.
|2.6 Law enforcement, prosecution and other competent authorities (R.27 & 28)|
Take a more proactive approach to investigating and prosecuting money laundering.
More frequent and in-depth training should also be provided to law enforcement and prosecution personnel.
|2.7 Cross Border Declaration & Disclosure|
Implement a system to comprehensively address the remaining requirements in SR IX. There should be a system that applies more explicitly to bearer negotiable instruments.
Provide additional guidance so as to better inform arriving and departing passengers about their obligations to make a declaration.
Implement procedures for declaring or disclosing outgoing movements of currency or bearer negotiable instruments.
Adopt criminal sanctions for persons who transport currency that is related to money laundering or terrorist financing.
Authorities should ensure that, at a minimum, information on the amount of currency declared or otherwise detected, and the identification data of the bearer(s) is retained for use by the appropriate authorities in instances when: (a) a declaration which exceeds the prescribed threshold is made; (b) where there is a false declaration/disclosure; or (c) where there is a suspicion of money laundering or terrorist financing.
Consider the implementation of new investigative techniques and methods similar to those outlined in the Best Practices Paper for SR IX, e.g. canine units specifically trained to detect currency.
Customs officials should also consider working more closely with the Icelandic FIU and other law enforcement authorities to develop typologies, analyse trends and develop protocols for the sharing of information amongst themselves to more effectively combat cross border ML and FT issues.
|3. Preventive Measures: Financial Institutions|
|3.1 Risk of money laundering or terrorist financing|
|3.2 Customer due diligence, including enhanced or reduced measures (R.5 to 8)||Recommendation 5: Iceland should implement the following elements from Recommendation 5 which have not been fully addressed:
Several new requirements just introduced with the new AML/CFT Act on 22 June 2006 should be now be effectively put into practice:
Money exchange and money or value transfer should be fully and effectively brought under AML/CFT regulation and especially under customer due diligence requirements.
Financial institutions should be required to undertake CDD measures when carrying out occasional transactions that are wire transfer in circumstances covered by the Interpretative Note to SR VII.
The provisions regarding obtaining information concerning the legal person or arrangement should be extended to information concerning the directors and provisions regulating the power to bind the legal person or arrangement.
There should be a more general requirement to identify beneficial owners for all customers. The financial institution should be required to actively determine if the customer is acting for someone else and it should take reasonable steps to obtain sufficient identification data to verify the identity of the third person. Furthermore, reasonable measures should be taken to understand the ownership and control structure of the legal person. It should be made clear what is expected from the sector.
There should be some consideration/assessment made based on which there is a satisfaction about compliance with the Recommendations by countries which are currently seen as compliant without any doubt.
Rules regulating the CDD treatment of existing customers should be introduced.
The requirement to undertake CDD measures in cases where there is a suspicion of terrorist financing and in cases where there are doubts about the veracity or adequacy of previously obtained customer identification data.
Rules on the verification of the identity of legal persons.
The requirements regarding identification and verification of the beneficial owner for legal persons, including the obligation to determine the natural persons who ultimately own or control the legal person.
The obligation to obtain information on the purpose and intended nature of the business relationship.
Performing enhanced due diligence on higher risk categories of customers, business relationships or transactions.
In case of applying simplified or reduced due diligence there has been introduced a basic identification regime instead of no customer identification regime at all, but practice has to pick it up in an effective manner.
When regulating the identification and verification of beneficial owners, a requirement to stop the financial institution from opening an account, commence business relations or performing transactions when it is unable to identify the beneficial owner satisfactorily.
The requirement to terminate the business relationship and to consider making a suspicious transaction report when identification of the customer cannot be performed properly after the relationship has commenced.
Implement the necessary requirements pertaining to PEPs.
With regard to correspondent banking, financially institutions should be required to determine that the respondent institution’s AML/CFT controls are adequate and effective, and regarding payable through accounts, to be satisfied that the respondent has performed all normal CDD obligations.
Iceland should clarify the requirement to establish policies and procedures to address any specific risks associated with non-face to face business relationships or transactions.
|3.3 Third parties and introduced business (R.9)|
Clarify that the financial institution is required to take adequate steps to satisfy itself that copies of the relevant information will be made available upon request without delay.
Some kind of risk assessment should take place to establish that third parties from outside Iceland actually meet the mentioned conditions.
|3.4 Financial institution secrecy or confidentiality (R.4)|
|3.5 Record keeping and wire transfer rules (R.10 & SR.VII)|
Iceland should issue the regulation to implement the requirements of Special Recommendation VII as planned.
|3.6 Monitoring of transactions and relationships (R.11 & 21)|
The scope of the requirement to pay special attention to all complex, unusual large transactions or unusual patterns of transactions that have no apparent or visible economic or lawful purpose should be now be put effectively into practice for insurance and securities intermediaries, as obligations for these entities are new.
The requirement to examine the background and purpose of the transaction needs to be clearly and effectively implemented.
Regarding Recommendation 21, it is recommended to implement provisions dealing with the application of appropriate counter-measures where countries continue not to apply or insufficiently apply the Recommendations.
|3.7 Suspicious transaction reports and other reporting (R.13–14, 19, 25 & SR.IV)|
Iceland should ensure that non-bank financial institutions, including money exchange and MVTS providers, are properly supervised so as to comply with their reporting obligations.
Steps should also be taken to refocus reporting in general to concentrate more on the nature of the transaction.
Comprehensive guidelines should be given to the financial sector which should be direct and broad and based on the different typologies, trends and techniques that focus more attention on the nature of transactions themselves.
Additional guidelines that are more tailored to particular types of financial institutions should also be issued.
The FIU should also deliver more specific feedback to reporting entities, particularly concerning the status of STRs and the outcome of specific cases.
|3.8 Internal controls, compliance, audit and foreign branches (R.15 & 22)|
Reporting FIs should be obligated to implement satisfactory internal controls with respect to audit functions for AML/CFT.
It should be clarified that the compliance officer should have timely access to CDD and other records, and that financial institutions should provide on-going training programs.
Iceland should also implement comprehensive obligations for all foreign branches and subsidiaries to observe full AML/CFT measures consistent with Icelandic requirements and the FATF Recommendations to the extent that host country laws and regulations permits and that the branches and subsidiaries should apply the higher standard, where the AML/CFT standards differ. Iceland should also implement a requirement that a financial institution inform the FSA if its foreign branch or subsidiary in an EEA country is unable to observe appropriate AML/CFT measures because this is prohibited by the laws or regulations of the host country.
|3.9 Shell banks (R.18)|
|3.10 The supervisory and oversight system -competent authorities and SROs. Role, functions, duties and powers (including sanctions) (R.23, 29, 17 & 25)|
Recommendation 17: The range of administrative sanctions should be broadened for directors and senior management of financial institutions, to include the more direct possibility to bar persons from the sector, to be able to more broadly replace or restrict the powers of managers, directors, or controlling owners for AML/CFT breaches.
There should be the possibility to restrict or revoke a license for AML/CFT violations.
Recommendation 23: In general, the FSA should give more attention to AML/CFT matters.
While fit and proper tests apply for directors and board members, they should also apply to other senior management.
There should be a general requirement for money or value transfer services to be licensed or registered. Money value transfer services and money exchange services that operate outside of banks should also be made subject to a system for monitoring and ensuring compliance with the AML/CFT requirements.
Iceland should now ensure that AML/CFT assessments of Reporting FIs occur more regularly, particularly in high risk institutions.
Recommendation 25: The FSA and other authorities should complete and issue comprehensive AML/CFT guidance for the whole private sector covered by the obligations.
Recommendation 29: Icelandic authorities should give adequate powers to a designated authority to adequately supervise unlicensed financial institutions such as foreign exchange companies or foreign remittance dealers that may operate outside of banks.
Recommendation 30: The FSA should be given additional resources to be allocated for AML/CFT supervision.
The FSA should consider creating a well staffed stand alone AML/CFT unit or at least a team of examiners specialising in AML/CFT measures that check FIs compliance with AML/CFT on an on-going basis for all supervised entities.
|3.11 Money value transfer services (SR.VI)|
Iceland should implement the measures in SR.VI.
Iceland should require all money or value transfer services (MVT operators) to be licensed or registered, maintain a list of such operators, and adopt a mechanism to adequately monitor and ensure compliance with the FATF Recommendations.
|4. Preventive Measures: Non-Financial Businesses and Professions|
|4.1 Customer due diligence and record-keeping (R.12)|
Iceland should adopt and fully implement the full range of CDD measures, as discussed in section 3.2 and 3.3 of this report, so as to also apply to DNFBPs. Iceland should fully implement the new measures that apply to DNFBPs.
|4.2 Suspicious transaction reporting (R.16)|
Iceland should undertake the following actions to fully implement Recommendation 16:
Overall, the measures in the new legislation should be fully and effectively implemented.
DNFBPs should be made fully aware of their reporting obligations under the new legislation.
DNFBPs should be made aware of their duty to give special attention to business relationships and transactions with (legal) persons from countries which do not or insufficiently apply the FATF Recommendations, in line with Recommendation 21.
Measures should be taken to ensure that DNFBPs are advised of concerns about weaknesses in the AML/CFT systems of other countries.
DNFBPs should be required to have training programs that are on-going so as to be kept informed of new developments.
|4.3 Regulation, supervision and monitoring (R.24–25)|
Designate an authority, authorities, or SROs responsible for monitoring and ensuring compliance with the requirements of the AML/CFT Act 2006.
The authority/authorities should be provided adequate powers and sufficient technical resources to perform its/their functions.
The authorities and/or SROs should also issue adequate guidance on AML/CFT requirements to all DNFBP sectors.
|4.4 Other non-financial businesses and professions (R.20)|
|5. Legal Persons and Arrangements & NonProfit Organisations|
|5.1 Legal Persons - Access to beneficial ownership and control information (R.33)|
Access to information on beneficial ownership of legal persons should be made more accurate and up to date.
The Tax Directorate could play a larger role in verifying beneficial ownership/control for the applications it receives.
|5.2 Legal Arrangements -Access to beneficial ownership and control information (R.34)|
|5.3 Non-profit organisations (SR.VIII)|
Review the adequacy of the legal framework that relates to NPOs vis-à-vis terrorist financing and ensure that there is adequate access to information so as to identify the features and types of NPOs at risk for terrorist financing purposes.
Reach out to the NPO sector with a view to protecting the sector from terrorist financing abuse. This outreach should include i) raising awareness in the NPO sector about the risks of terrorist abuse and the available measures to protect against such abuse; and ii) promoting transparency, accountability, integrity, and public confidence in the administration and management of all NPOs.
In general, take more proactive steps to promote effective supervision or monitoring of those NPOs.
Authorities should ensure that detailed information on the administration and management of non-commercial foundations is available during the course of an investigation.
Implement an effective sanction regime for violations of oversight measures or rules by NPOs or persons acting on behalf of NPOs.
|6. National and Co-operation|
|6.1 National co-operation and coordination (R.31)|
Continue the AML/CFT policy coordination now that the AML/CFT legislation has entered into force.
|6.2 The Conventions and UN Special Resolutions (R.35 & SR.I)|
Iceland should more fully implement the CFT Convention.
The definition “terrorist act” should be broadened to fully cover all of the acts defined in Article 2 (1) of the Convention.
More comprehensive measures for identifying beneficial owners should also be adopted.
Iceland should also institute adequate comprehensive conspiracy provisions for money laundering.
|6.3 Mutual Legal Assistance (R.36–38 & SR.V)|
Enact provisions on mutual legal assistance that would encourage or facilitate the voluntary appearance of witnesses or persons providing information to the requesting country.
Clarify the procedures to allow non-coercive measures to be applied in the absence of dual criminality.
Consider establishing an asset forfeiture fund.
Consider a mechanism to authorise the sharing of confiscated assets with other countries when confiscation is directly or indirectly a result of co-ordinated law enforcement actions.
|6.4 Extradition (R.39, 37 & SR.V)|
|6.5 Other Forms of Cooperation (R.40 & SR.V)|
In order to demonstrate the regime’s effectiveness, maintain statistics on the number of requests for assistance made or received by law enforcement authorities, the FIU, and supervisors including whether the request was granted or refused.
|7. Other Issues|
|7.1 Resources and statistics (R. 30 & 32)|
Increase the human and budgetary resources for the FIU
Provide additional training to law enforcement, both upon engagement as well as on an ongoing basis regarding AML and CFT investigations.
Consider additional staff for the FSA.
Increase training on AML/CFT issues for the FSA.