Money laundering refers to the act of covering up or concealing the source of funds received through criminal activity with an aim to make the funds appear as legally earned wealth.

Terrorist financing is understood as activity that collects or enables the collection of funds to be used to carry out terrorist acts.

KYC comes from the words Know Your Customer and refers to customer identification and due diligence.

AML is an abbreviation of the words Anti-Money Laundering and means in the European Union and Finland the laws issued to prevent money laundering and terrorist financing and any obligations related to that.

Obliged entities must identify their customers and verify their identities when establishing a permanent customer relationship or if the customer relationship is of an irregular nature but the sum of a transaction amounts to €10,000 or more, whether the transaction is carried out in a single operation or in several operations which are linked. In case of legal persons, the obligation applies to the verification of the identities of the customer’s representatives and beneficial owners. Furthermore, the potential political influence of the customer, its beneficial owner and related parties must also be investigated. In addition to the identification and verification of the identity, obliged entities must monitor the activities of their customers and the customers’ beneficial owners throughout the duration of the customer relationship in a way that enables them to observe any unusual transactions. If necessary, the source of the funds connected to the transaction must be verified. How much information on the customer’s transactions and from what sources is obtained is dependent on what the obliged entity considers necessary based on its customer-specific risk assessment. The used methods for customer due diligence can be divided into standard, simplified or enhanced due diligence procedures. The simplified customer due diligence can be used in situations in which the risk of money laundering and terrorist financing is deemed to be negligible. Enhanced customer due diligence procedures must be applied if it is estimated that a higher than ordinary risk of money laundering and terrorist financing is attached to the customer relationship or individual transaction due to the political influence of the customer or related parties or if the transaction is linked to a state which carries a risk of money laundering and terrorist financing as identified by the Commission.

Obliged entities shall identify and maintain adequate, precise and up-to-date information about the customers’ beneficial owners and, when necessary, verify their identity. The beneficial owner refers to a natural person who owns more than 25% of the shares or exercises more than 25% of the votes in a company or in any other way effectively exercises control in the company. The control of ownership or votes can be direct or indirect, in other words, via another entity. A company may have one or more beneficial owners or no beneficial owners who meet these conditions. If the beneficial owner cannot be identified or if the conditions are not otherwise met, the relevant legal person’s board of directors or active partners, managing director or another person holding an equivalent position are to be considered the beneficial owners.

A politically exposed person (PEP) means a person who is or who has been entrusted with prominent public functions or the family members or colleagues of such individuals. Politically exposed persons are determined as follows in the Act on Preventing Money Laundering and Terrorist Financing:

1. a head of State, minister
2. a member of parliament (Finland, EU)
3. a member of the governing bodies of political parties
4. a member of supreme courts
5. a member of courts of auditors or of the highest decision-making bodies which audit the financial management of the State (or are equivalent to national audit offices)
6. a member of the boards of directors of central banks
7. an ambassador or chargé d’affaires
8. an officer in the armed forces holding the rank of general or higher
9. a member of the administrative, management or supervisory bodies of wholly state-owned enterprises
10. a director, deputy director or member of the board of an international organisation. Furthermore, the family members of a politically exposed persons must be identified:
11. the spouse, or any partner considered equivalent to a spouse
12. the children and their spouses, or equivalent partners
13. the parents
14. 14. associates

International sanctions refer to economic sanctions or sanctions on other cooperation directed at named parties aiming at impacting the policies or activities of the party in question considered to be a threat to international peace and safety. The most significant parties imposing sanctions in Europe are the UN Security Council and the European Union. The sanctions may be financial sanctions to prevent terrorism or other financial sanctions resulting in the freezing of assets. The assets within the EU of individuals or entities on a sanctions list must be frozen and all business activities with them refused. If an obliged entity detects a person or entity among its customers on an asset freezing or sanctions list, the observation must be reported without delay to the Helsinki office of the National Enforcement Authority Finland. Violating decisions concerning asset freezing to prevent terrorism as well as counter-terrorism sanctions decrees is punishable in accordance with the Criminal Code of Finland (RL 46:1.3)

In accordance with the Act on Preventing Money Laundering, an obliged entity must produce a risk assessment regarding its activities to identify and assess money laundering and terrorist financing risks. The risk assessment must be regularly updated, and it must be submitted to a competent authority on its request. In the risk assessment, an obliged entity must be able to assess whether its customers, related individuals, business activities or transactions include features that form a more significant risk of money laundering or terrorist financing. The risk-based assessment of the obliged entity forms the basis for the measures which it must take to implement customer due diligence and to monitor customer transactions. The risk assessment, thus, helps the obliged entity to plan its operating principles, procedures and monitoring so that they correspond with the money laundering and terrorist financing risks related to the activities. Instructions for producing a risk assessment are available, for example, on the Regional State Administrative Agency’s website http://www.avi.fi/web/avi/riskiarvio.

Strong electronic identification means the electronic verification of an identity. Using strong electronic identification, consumers can safely verify their identity in various electronic services and the providers of electronic services can identify their customers.

The supervisory authorities may impose an administrative fine, public warning or penalty payment on obliged entities for failure to comply with or for violations of the Act on Preventing Money Laundering depending on the nature, extent and duration of the procedures. Obliged entities may also be guilty of negligent money laundering, for example, if it assists or advises a customer on investments, establishing front companies or transferring funds despite having reason to suspect the customer’s business activities.

In accordance with the Act on Preventing Money Laundering, the supervisory authorities are the Financial Supervisory Authority for the obliged entities in the financial sector; the National Police Board for the gambling operators on the mainland; the Finnish Patent and Registration Office for auditors, and the Regional State Administrative Agency for Southern Finland for other obliged entities. The authorities of the Region of Åland are responsible for the supervision of gambling and real estate operators in Åland. In addition, the bar association supervises attorneys-at-law.

Data on customer due diligence and suspicious transactions must be documented and stored separately from customer data. Customers do not have the right to carry out inspections on this data. Customer data and, when necessary, documents must be stored for five years after the customer relationship has terminated or from when an individual transaction has been performed. In case of non-face-to-face identification, the data of the method or source used to verify the data must also be kept.