Operators whose business falls under the Swedish anti-money laundering legislation, see the article “Anti-Money Laundering - Regulations, Penalties, and Reporting”, are required to take steps to prevent their business’ being used to launder money. Initially, such operators must perform a general risk assessment. This assessment shall focus on how any products and/or services provided by the operator may be used for money laundering and how great the risk is for such use. The assessment will be based on several factors, and special consideration shall be taken to what kind of products and services that are provided, the customers and distributions channels, and any risk factors in respect of geography. To help operators making this assessment, the Financial Action Task Force, (hereinafter referred to as the FATF), monitors trends and high-risk jurisdictions and regularly publishes its findings. Any operators that are unsure of which jurisdictions that run the risks of money laundering should read the reports from the FATF. The risk assessment shall serve as a basis for guidelines and procedures on how the operator shall deal with possible money-laundering situations. Such operators must ascertain that these guidelines and procedures are taught to the employees.
After the operator has become aware of the general risks of its business being used for money laundering and has produced a model for how to deal with possible money laundering, the next step for the operator is to get to know its customers. An operator is neither allowed to establish a business relationship nor to perform a single transaction unless the operator has enough knowledge of a customer to be able to handle the risk for money laundering. This is referred to as the Know Your Customer or KYC regulation. In general, an operator must know who its customer is, in what industry the customer operates, and the nature of the planned transactions. If any suspicion arises that a customer is/or may be involved in money laundering, the operator is prohibited from establishing a business relationship with that customer. Certain smaller transactions that aren’t part of an ongoing business relationship are exempt from the KYC regulation. For instance, occasional transactions below EUR 15,000 does not trigger a customer due diligence. Once the operator has sufficient knowledge of a customer, the next step is to assess whether a transaction from that customer could originate from criminal activities. If the general assessment and customer due diligence above has been duly performed, the operator should have a solid basis for handling potential money-laundering situations.
Besides, to perform customer due diligence before establishing a business relationship, an operator must also continuously monitor its customers’ transactions.
If a customer is a so-called politically exposed person, or an immediate family member or a person known to be a close associate of such person, the KYC regulation is even stricter. The same applies if a politically exposed person, or an immediate family member or a person known to be a close associate is the beneficial owner of a customer. A politically exposed person is a private individual who is or has been entrusted with prominent functions, e.g., a person who has a prominent position within the government such as members of parliament or cabinet ministers. It can also be a person holding a high-ranking position of an international organization. Persons holding such important positions are thought to run higher risks of being offered bribes or to take part in other financial crimes. Operators that administer transactions to and from any politically exposed person, therefore, have a stricter obligation to determine the origin of assets handled within a business relationship or in a transaction. Also, the operator must obtain approval from an authorized decision-maker on whether to establish or terminate a business relationship with a politically exposed person, an immediate family member or a person known to be a close associate.
To sum up, the KYC regulation accommodates that operators thoroughly investigate their customers. However, in practice, such an investigation performed by an operator does not detect most professional criminals, who quite easily can avoid being detected by, e.g. making a transaction under someone else’s name, or making a transaction go through a company. To address such shortcomings, an operator also needs to investigate the beneficial owner of a transaction. Hence, an operator must investigate whether a customer merely is a front for someone else, i.e. a beneficial owner, that exercises the actual control over the customer.
To increase transparency, certain companies must report the beneficial owner of the company. For instance, in Sweden, newly formed limited liability companies (Sw. aktiebolag) must report who the beneficial owner is. The report has to be sent within four weeks after the company’s registration to the Swedish Companies Registration Office (Sw. Bolagsverket). In general, a beneficial owner is defined as a private individual who, solely or together with others, ultimately owns or controls a legal entity. An individual is deemed to exercise ultimate control of a legal entity should he or she be in control of more than 25 % of the votes in the legal entity. Also, an individual is deemed to exercise the ultimate control of a legal entity if he or she has the right to appoint or dismiss more than half of the directors of the entity.
In summary, operators must in every aspect of their business activities, including day-to-day activities, continuously take steps to prevent money laundering. If an operator observes deviances or suspicious actions or transactions when monitoring ongoing business relationships and assessing transactions, the operator must through reinforced measures for customer knowledge, or other necessary measures, assess whether there is reasonable ground to suspect money laundering. Should there be reasonable ground to suspect money laundering, the operator must, without delay, report its findings to the Swedish Police.