Anna Leszczyńska

KN: Katarzyna Nawrocka. Welcome to another episode of „Loyalty Schemes by Night”. In today’s episode, we’re joined by Ms Anna Leszczyńska – a compliance specialist at i360. Good evening, Ms Leszczyńska.

.

AL: Good evening, Kasia, good evening, everyone.

.

KN: Ms Ania, what exactly does a compliance specialist do in an organisation that manages loyalty schemes?

.

AL: There are many such tasks, but the most important ones include, first and foremost, carrying out compliance risk assessments, monitoring changes in legislation and regulations, implementing internal procedures, providing training to staff within the organisation, and implementing processes to combat money laundering and the financing of terrorism.

.

KN: In Polish, „compliance” means ‘adherence, application, submission’. What does this mean in practice in your day-to-day work?

.

AL: As you know, i360 always prioritises the safety of its customers, business partners, loyalty scheme members and promotional lottery participants, so we continually adapt our standards and procedures to changing regulations. The AML Act plays a very important role in the organisation of promotional lotteries and loyalty programmes, so it was, and remains, my responsibility to implement these regulations within i360.

.

KN: And what does the AML Act mean? What does this abbreviation stand for?

.

AL: AML stands for Anti-Money Laundering, which refers to the Act on Combating Money Laundering and Terrorist Financing, the amendment to which came into force in Poland on 13 July 2018. The Act implements EU directives. Perhaps we should also define what money laundering is. We speak of money laundering when we are dealing with criminal activities aimed at channelling money and other assets derived from illegal sources into the legal economy. So, the Act’s main purpose is, as it were, to set out the rules and procedures for combating money laundering and the financing of terrorism. The 2018 Act introduced a number of changes. First and foremost, there were changes in the area of customer identification and beneficial ownership, as well as new duties and powers for the General Inspector of Financial Information. The list of obliged institutions has also been expanded, and there has been a significant transition from paper-based reporting to electronic reporting. He also noted that an amendment to the Act, incorporating the new AML Directive, will be published shortly.

.

KN: And which institutions does the Act refer to?

.

AL: The legislator has specified 25 entities that are required to comply with the AML Act. These include, amongst others, institutions such as banks, lending institutions, stock exchanges, currency exchange bureaux and estate agents, as well as entities operating in the field of games of chance, mutual betting, card games and slot machines within the meaning of the Gambling Act. As we know, i360 organises promotional and audiotext lotteries, so under this article it is obliged to comply with the provisions of this Act in all its activities.

.

KN: In that case, who within the Obligated Institutions is responsible for carrying out the duties set out in the Act?

.

AL: Institutions are required to appoint senior management who are responsible for carrying out and implementing the obligations arising from the Act within their institution. At i360, this role is fulfilled by the Chairman of the Management Board, who was also required by the Act to appoint a member of staff in a managerial position as the AML coordinator. The primary responsibility of this coordinator is to report above-threshold transactions and suspicious transactions to the General Inspector of Financial Information, as well as to report to the Chairman of the Management Board. The AML Coordinator, together with the Chairman, regularly attends training sessions designed to keep them up to date with legal provisions. However, it is worth noting that all the company’s employees are, in fact, obliged to comply with the procedures and regulations set out in the Act. Let’s take the sales department as an example. At this stage, when an employee is discussing the establishment of a business relationship with a potential client, they should already be aware that the organisation is an obliged entity which fulfils the obligations arising from the Act, and must know what steps to take to reach the signing of this contract, but in accordance with this Act. They must also know what information to pass on to the AML coordinator. Let’s take another example: the customer service department, which is responsible for liaising with prize winners and participants in loyalty schemes. They must maintain regular communication with the AML coordinator so that they can pass on the necessary information to enable the coordinator to exercise due diligence. The legislator has also required regulated institutions to establish such an internal procedure to combat money laundering and terrorist financing. Our organisation, i360, has, in accordance with the legislator’s requirements, established an internal anti-money laundering and counter-terrorist financing procedure, and all company employees are subject to mandatory training on this procedure. The procedure has been approved by the Management Board. Furthermore, every employee has been made aware of the procedure for anonymously reporting potential or actual breaches of anti-money laundering and counter-terrorist financing regulations. Furthermore, every employee has undertaken to comply with the procedure by signing a declaration. We are therefore confident that our employees are aware of the company’s obligations under the AML Act.

.

KN: Ms Ania, what financial safeguards should the obligated institution put in place?

.

AL: Every institution must comply with these financial security measures when establishing business relationships, when carrying out an occasional transaction worth the equivalent of 15,000 euros or more, regardless of whether they are linked, or when transferring funds worth the equivalent of 1,000 euros. Another such financial security measure applies to placing bets or collecting winnings equivalent to 2,000 euros, as well as carrying out a cash transaction equivalent to 10,000 euros, regardless of whether it is carried out as a single transaction, or several, which may be linked. Another such financial security measure relates to suspicions of money laundering and terrorist financing, as well as doubts regarding the accuracy or completeness of the customer’s identification data collected to date. It is also worth emphasising that we apply these financial security measures to customers with whom we already have an ongoing business relationship, taking into account the risks identified in relation to money laundering and terrorist financing. Furthermore, should there be a change in the nature of the business, we must continue to apply these measures on an ongoing basis.

.

KN: And what about the safety measures that need to be taken in order to establish a business relationship or carry out an occasional transaction?

.

AL: And there are a great many details and pieces of information here that we must keep. Every institution must, as it were, set this out in detail. First and foremost, we must carry out customer identification, establish and verify the customer’s identity, and identify the beneficial owner. We must also verify and determine the beneficial owner’s ownership and control structure. A very important point is that on 13 October 2019, the Ministry of Finance published the Central Register of Beneficial Owners, which is a database of beneficial owners – that is, natural persons exercising direct or indirect control over a company. The purpose of this Central Register of Beneficial Owners is, of course, to combat money laundering and the financing of terrorism. A very interesting point is that criminals who previously concealed their identities behind complex corporate structures that were difficult to trace no longer have this option, as the data is up to date and accurate. When identifying a customer, the following details are required: first name, surname, country of birth, nationality, PESEL number or, if this is not available, date of birth. We also require an identity document, namely the number and series of the identity card. If the regulated institution has this information, the residential address is also required. If a natural person runs a business, we must also establish the company name by providing the address of the business’s registered office and the tax identification number (NIP). In the case of entities without legal personality, the following details will be required: the business name, the tax identification number (NIP); if no NIP is available, we will need the registration number, the country of registration and the date of registration. We also need the address of the place of business, as well as the details of the person authorised to act on the client’s behalf. A very important aspect of identifying the beneficial owner or the person authorised to act on the client’s behalf is determining whether the person has PEP status. Is this a person who holds public office, for example, a Minister, Deputy Minister or Head of a Supreme Court? It is also worth noting that politically exposed persons include their close relatives, such as the spouse, child or parents of a person with PEP status. Another key issue is the identification and assessment of the risks of money laundering and terrorist financing, which we must take into account alongside other risk factors, such as country or geographical area risk, and supply chain risk. The obliged institution should also take into account the National Risk Assessment, which was prepared by the General Inspector of Financial Information and published on 17 July 2019. Furthermore, the obliged institution must take into account, check and verify whether a given entity or customer is located in high-risk countries, namely the Crescent Countries and the Golden Triangle. In other words, these are countries where the risk of money laundering and drug production is highest. Furthermore, when assessing and identifying clients, we must check whether a given client appears on sanctions lists, or whether a given company is based in a tax haven.

.

KN: Ms Ania, what happens if the safety measures cannot be implemented by the institutions concerned?

.

AL: If we find ourselves in a situation where we are unable to implement all financial safeguards, or even just one of them, then unfortunately we will not be able to carry out an occasional transaction. We will not carry out the transaction via a bank account, we will not enter into new business relationships, and we may even terminate our existing business relationships.

.

KN: And how do we respond when a crime is suspected?

.

AL: It is very important to respond quickly. If, during the verification or monitoring of a transaction, we suspect that a crime has been committed, we must immediately – within a maximum of two working days – notify the General Inspector of Financial Information. The legislation sets out exactly how to do this and what steps to take.

.

KN: Does the AML Act provide for any penalties or sanctions?

.

AL: Absolutely. Every Act provides for penalties. The obligated institution is also subject to inspection. These inspections and penalties may be imposed by the GIF (General Inspector of Financial Information) and the National Bank of Poland, as well as by the Financial Supervision Authority. Of course, the Act also sets out a list of offences for which a regulated institution may be penalised. The amount of such a penalty is up to one million zlotys. On the gov.pl portal, the General Inspector of Financial Information publishes notices detailing the administrative and financial sanctions imposed on regulated institutions. There, we can see that these include a failure to fulfil training obligations, a failure to implement internal procedures, a failure to apply financial security measures, and a failure to report transactions exceeding the thresholds or suspicious transactions to the General Inspector of Financial Information. These, then, are the most common mistakes made by financial institutions.

.

KN: To round off our conversation, how does everything we’ve discussed today relate to participants in loyalty schemes?

.

AL: Its main purpose is to reassure him, but also to make him aware that his sensitive personal data is secure, and that the relevant authority needs confirmation that Mr Kowalski is indeed Mr Kowalski.

.

KN: Thank you very much, Ms Ania, for today’s conversation.

.

AL: Thank you, Kasia.

.

KN: And I’d like to invite you to the next episode.

.