In the efforts to perform the money laundering and terrorist financing (ML/TF) risk assessment, the Royal Mail Group plc (further Royal Mail), a British-based multinational postal service company has been chosen. The company was first established more than 500 years ago and currently operates as the major mail collection and delivery service organization across the UK. Its multinational operations are separated into the letter deliveries owned by the Royal Mail Limited, parcel delivery coordinated by Parcelforce Worldwide, and supply chain support owned by the General Logistics Systems (GLS) subsidiary.
In terms of jurisdiction, Royal Mail currently operates as a public corporation and is listed on the London Stock Market Exchange after almost 500 years of state ownership ended in 2015, which makes it a state jurisdiction1. Consequently, the change in public trade realities forced the company to adopt new strategies for its operational risk assessments that are constituent with the relevant ML/TF practices given its sufficient background in government services and huge customer base.
To explain how the company should best apply the risk-based approach to the anti-money laundering (AML), it is reasonable to start with an exploration of the main risks and indicators which are pertinent to the mail service business. Generally, in the context of ML/TF the organization performs risk assessment of business activities and client interactions based on the elements of products, services and delivery channels, geography of business operations, current status of business relationship, and business-specific attributes2.
Furthermore, the company explores how the risks could be mitigated through the implementation of the appropriate controls and measures related to the risks identified. Third, it is critical to maintain client identification and beneficial ownership that will protect business relationship while meeting the assessed level of the risk. Finally, the ongoing risk monitoring procedure should be implemented to ensure that transactions and relationships are revised and tailored to the identified level of the risk through creating new risk management roles responsible for audit and fraud control.
While Royal Mail has a well-established reputation in the UK market, the ML risk assessment predisposes that National Crimes Agency (NCA) should assign non-warranted financial investigators for the operations audit. Herewith, it assumes that prior to the risk assessment execution it is important to ensure that all investigators are Proceeds of Crime Centre (POCC) to guarantee that audit efforts will eventually result into the asset recovery if required. Specifically, such efforts are needed given the diverse scope of the Royal Mail operations that include universal and special delivery, business services, as well as transportation restrictions to carry prohibited goods that otherwise are dangerous for the staff and vehicles3.
Overall, it is expected that the risk assessment will result in dynamic risk assessment business model, where it is important to look for hazards, consider associated risks, and decide which of operations could be done safely to avoid the ML risks4. The compliance with the Safety Standards of Work is also required to anticipate the risks on the national standard.
For the case of TF risk assessments, it is important to further leverage auditing second-tier suppliers, which should be done in accordance with the procurement code currently implemented by the Royal Mail. One of the approaches currently used by the company is the Sedex Members Ethical Trade Audit (SMETA) framework, where operational control is executed through the assessment of freely chosen employment, working hours and wage consistency, and adherence to the safety requirements5. Meanwhile, there is a need for the further disclosure of foreign business operations where the risks criminal confiscation, civil recovery, and cash forfeiture, and taxation control is required to ensure that the company clearly follows the asset control principles6.
Practically, it could be realized through developing new counter-terrorism policies, where cybersecurity department deliberately tracks various financing opportunities through the clean money in charities, or unusual parcel delivery services that might be associated with the drug trafficking. It could be effectively integrated into newly created ongoing monitoring roles.
There are also residual or inherent risks that are linked to the postal service activities. For instance, the ML/TF efforts might be aimed at unaware citizens who receive a parcel that was not validated by the company quality department or delivered to the wrong recipient by mistake. In this case, it is important to train employees working in packaging department to report any suspicious deliveries, which otherwise might become a reason of the major accident, as well as to keep logs of such events to be further reported in a centralized fraud control system.
Moreover, such cases should be reported to the national authorities to quantify the risks on the national and global level to ensure that the source of such deliveries is blocked, tracked and further analyzed using forensic investigation principles using technology7. Finally, the critical risk mitigation strategy is shutting down postal and parcel delivery operations for Royal Mail in suspicious locations and initiate an audit of activities using the support of the International Compliance Association to identify potential breach areas.
Footnotes
- BBC News (2015) Royal Mail: final stake sale raises £591m. Web.
- Financial Transactions and Reports Analysis Centre of Canada (2017) Guidance on the risk-based approach to combating money laundering and terrorist financing. Web.
- Royal Mail Group Risk Management (2017) Safe system of work. Web.
- International Compliance Association (2018) ICA international diploma in anti money laundering.
- Royal Mail plc (2019) Modern Slavery Act Statement for 2018-19. Web.
- HM Treasury (2015) UK national risk assessment of money laundering and terrorist financing. Web.
- Page, et al. (2019) ‘A review of quality procedures in the UK forensic sciences: what can the field of digital forensics learn? Science & Justice, 59(1), pp. 83-92. Web.