EiendomsMegler 1 Midt-Norge · EiendomsMegler 1 Midt-Norge must in that context be able to...

1

EiendomsMegler 1 Midt-Norge

OVERARCHING RISK ASSESSMENT

Money laundering and terrorist financing etc.

These guidelines apply to EiendomsMegler 1 Midt-Norge

Basis in law Anti-Money Laundering Act, section 5

Responsible for compliance Anti-money laundering officer

Responsible for updating/revision Anti-money laundering officer

Version 1.0

Latest update 13.12. 2016

Considered by the board of directors

16.12. 2016

Contents 1. Introduction

1.1 Background

1.2 Threat picture

1.3 Development of rules and international standards

1.4 Definitions

2. Purpose of the risk assessment

3. Method for risk assessment

4. Brief overarching description of the business

5. Identification and assessment of risk

5.1 Description of the company’s general risk picture

5.1.1 The company’s size

5.1.2 The company’s service range and customers

5.1.3 The industry’s generally low knowledge level

5.1.4 Outdated IT system that requires manual processing

5.1.5 Organisation

5.2 Identification of risk indicators with analysis and assessment of identified risks

6. Risk-mitigating measures

6.1 Preventive measures

6.2 Measures in connection with customer establishment

6.3 Ongoing customer due diligence measures

6.4 Enhanced customer due diligence

6.5 Follow-up and monitoring

7. Ethics and responses

8. Audit

Audit history

2

Date Version Description Date considered by the board of

directors

December

2016

1.0 Document established 16.12.16

June 2016 0.0 Original risk

assessment

22.6.16

1. Introduction

1.1 Background

The object of the Anti-Money Laundering Act is to prevent and detect transactions related to

the proceeds of criminal acts or related to terrorist acts. The Act makes clear in its objects

clause that it applies not only to transactions related to money laundering or terrorist

financing, but to all acts related to the proceeds of criminal acts.

Section 5 of the Anti-Money Laundering Act builds on principle of ‘know your customer’,

including ‘know your customer’s business’, which internationally is one of the key

instruments for preventing the financial system from misuse for money laundering or terrorist

financing purposes.

Knowledge of one’s own business and its customers is important for practising a risk-based

approach in keeping with the requirements set by the legislation. EiendomsMegler 1 Midt-

Norge must in that context be able to demonstrate that control measures are geared to the risk

concerned. Authorities, customers and competitors must have confidence in EiendomsMegler

1 Midt-Norge’s professionalism and integrity, and be certain that the company’s services are

not exploited for the purpose of committing crime.

1.2 Threat picture

The threat picture as regards economic and financial crime has changed, not least in terms of

the rising level of organised, cross-border crime. More and more sophisticated attempts to

commit money laundering are noted, including through the establishment of shell companies

and use of intermediaries. The volume of cross-border transactions is increasing, as is the

number of foreign customers.

Nationally and internationally, money laundering is associated with serious – and often

organised – crime such as human trafficking, arms smuggling and drugs trading etc.

Extremists also exploit established financial institutions to fund terrorist activity. The trend is

disturbing. Financial institutions and broking firms are generally speaking particularly

susceptible to exploitation, and Norwegian broking firms are by no means spared from this.

The property industry is generally speaking suited to money laundering since the industry is

characterised by large sums of money and rapid transactions where the opportunity to gain a

knowledge of the client and their co-contractor is limited due to the estate agent’s brief period

of involvement with them.

3

Moreover, the purchase or construction of properties is regarded by the FATF as the sector

most frequently subject to money laundering in Europe.

In Norway – where house prices are ‘high’ (large transaction amounts), as are activity levels

in the new-build market – conditions are well suited to laundering large sums of money

rapidly. Given the disturbingly low level of expertise in the sector past and present, the risk of

exploitation for money laundering purposes is substantial.

1.3. Development of rules and international standards

The growing risk exposure in society is accompanied by continuous development of

legislation and international standards. Increased requirements are being set, along with more

specific and more stringent demands in terms of customer due diligence and customer

monitoring.

This is reflected in the EU’s Fourth Money Laundering Directive which was adopted on 20

May 2015 and is expected to be transposed into Norwegian law in 2017. The following

changes in the directive are worth noting:

More specific requirements to carry out risk-based customer due diligence and monitoring

Less leeway for, and increased requirements on, simplified customer due diligence

The definition of PEPs (politically exposed persons) is extended to include national persons

Increased focus on terrorist financing, including stricter requirements on customer identification and verification

Increased requirements on and responsibility for management to approve and follow-up on the framework and its implementation

Requirement of fines for breaches (maximum fines of at least EUR 5,000,000 or 10% of overall annual turnover).

In March 2016 Finanstilsynet (Norway’s financial supervisory authority) published Circular

6/2016: Guide on compliance with the anti-money laundering legislation in the estate agency

industry.

In December 2016 a working committee under the auspices of Real Estate Norway was

mandated to develop an industry standard for compliance with the anti-money laundering

legislation.

Finanstilsynet has defined compliance with the anti-money laundering legislation as a focal

area for the estate agency industry and has given notice of on-site inspections in 2017 with a

focus on this area. EM1 is likely to be subject to on-site inspection.

1.4 Definitions

AML – anti-money laundering

FATF – Financial Action Task Force. This is an international collaborative group established by the G7 group of countries in 1989 to combat the laundering of proceeds

of drug crime and other crime. The FATF now has 36 members including Norway and

most of the OECD countries. The European commission is also a member of the

4

FATF. The FATF has drawn up 40 recommendations for measures to combat money

laundering. They are recognised as the leading international standards in this area.

MT reports – Reports filed with Økokrim (Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime) based on

suspicious transactions.

PEPs - Politically exposed persons

2. Purpose of the risk assessment

Both customer due diligence and ongoing monitoring should be risk-based, i.e. based on an

assessment of the risk of transactions connected to the proceeds of criminal acts or to

circumstances covered by the Penal Code sections 131 to 136(a); cf. the Anti-Money

Laundering Act section 5.

The purpose of the risk assessment is:

to identify where the risk of money laundering and terrorist financing etc. is greatest,

to analyse the risk, and identify what types of customers should be subject to the enhanced due diligence

to develop concrete, risk-based customer due diligence measures on three levels – simplified, standard and enhanced – and to develop procedures for risk-based

monitoring and to adapt these procedures in such a way that suspicious transactions

are flagged and in the event reported as MT reports,

to document that measures are geared to the specific risk

Risk should always be assessed with reference to the type of customer, customer relationship,

product and/or transaction concerned. Based on the risk assessment, customer due diligence

and the ongoing monitoring should be carried out either in a simplified, standard or enhanced

manner. The customer due diligence measures should be geared to the identified risk, and,

based on risk assessment carried out, there may be a need to take steps to improve processes,

procedures and policies, as well as system support.

Simplified customer due diligence

Simplified customer due diligence can be applied where the conditions of the Anti-Money

Laundering Act section 13 and the Anti-Money Laundering Regulations are met. Before

simplified customer due diligence is carried out, sufficient information shall be obtained to

determine whether the conditions for simplified customer due diligence are met, cf. the Anti-

Money Laundering Act section 13, subsection (1), second sentence. Simplified customer due

diligence does not confer exemption from the obligation to conduct ongoing monitoring.

Standard customer due diligence

Standard customer due diligence and ongoing monitoring shall be applied where

circumstances requiring enhanced customer due diligence are not present, and simplified

customer due diligence cannot be undertaken. For the purposes of standard customer due

diligence, it will as a rule suffice to follow the ordinary customer due diligence procedures.

This will be the case for the majority of the business’s customers.

Enhanced customer due diligence

In situations which by their nature entail a high risk of transactions connected to the proceeds

of criminal acts or circumstances covered by the Penal Code sections 131 to 136(a), customer

5

due diligence and ongoing monitoring shall be carried out using enhanced measures. This

could be alone or as a result of a combination of various types of risk. It is therefore

important, as a part of the risk assessment, both to identify risk factors and to develop separate

enhanced due diligence measures that are risk mitigating.

3. Method for risk assessment

In order to ensure the best possible basis for preparing an overarching assessment of money

laundering and terrorist financing risk for the business, a risk assessment process has been

undertaken. To this end the AML officer – in consultation with an external adviser and

ongoing dialogue with estate agents, case officers and staff at the settlement department – has

carried out an overarching risk assessment for the business.

The following elements were included:

Description of the general risk picture for the business

Identification of risk indicators

Analysis and assessment of identified risks

Discussion related to risk-mitigating measures

As a basis for identification and assessment of risk, recourse is had not only to the involved

individuals’ knowledge and experience regarding the business’s customers, products and

transactions but also of technical material and analyses that are published by external sources

such as (i) the annual report of the Financial Intelligence Unit (FIU), (ii) Økokrim’s1 trend

report, (iii) Økokrim’s list of indicators, (iv) Kripos’2 trend report and (v) Finanstilsynet’s3

circular no. 6/2016.

As an aid to carrying out and documenting the risk assessment, a risk matrix has been

prepared. The risk matrix contains a risk assessment based on various risk indicators, also

termed “money laundering indicators” or “red flags”.

The risk matrix shall be used by the business’s staff to carry out ongoing risk-based customer

due diligence and is designed to ensure risk assessments of good quality, and documentation

of such risk assessments, thereby also facilitating the implementation of adequate internal

controls. Staff are required to risk classify assignments by completing a form (“risk

classification form”) based on the risk matrix upon entering into the assignment agreement

and thereafter once the contract has been signed.

The following criteria are applied when assessing risk:

SIMPLIFIED risk: Low/normal risk. No specific risks of money laundering or terrorist financing identified.

STANDARD risk: Risk which together with other criteria may entail an elevated risk of money laundering and terrorist financing and thus a need for enhanced due

diligence. Customers, products, transactions etc. with medium risk are ranked on a

scale from 1-3.

1 Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime 2 The National Criminal Investigation Service 3 The Financial Supervisory Authority of Norway

6

ADVANCED risk: Customers with an elevated risk of money laundering and terrorist financing. Criteria which in themselves are sufficient to subject a customer to

enhanced due diligence (e.g. PEPs)

For further details, see the risk matrix related to money laundering in which the identified

risks are shown.

4. Brief overarching description of the business

EiendomsMegler 1 Midt-Norge is the region’s largest real estate agency and is a member of

the EM1 Alliance. Its head office is in Trondheim, and the business has 28 branch offices co-

located with the parent banks (SpareBank 1 SMN, Sparebank 1 NV and Sparebank 1 SS). The

business is organised based on a strategy embracing a local footing in which the idea is that

local estate agents know local conditions best.

Commercial property and new-build transfers are organised in separate departments. The

company has about 240 employees distributed across administration, settlement department,

back office department and staff at the branch offices comprising estate agents, assistants,

trainees and case officers.

All settlements in the case of existing homes and new-builds are handled by the Central

Settlements Department in Trondheim.

Further, a total of 17 offices are attached to the central back office department, entailing that

all case processing for the departments concerned is carried out by this department. By ‘case

processing’ is meant the ‘preparing’ and ‘organising’ of assignments which essentially

consists of:

- Obtaining and collating statutory information - Drafting of documents for the property transaction - Preparing assignments that are due for settlement

Physical offices EiendomsMegler 1 Midt-Norge has 28 physical branch offices distributed across Trøndelag

and Møre and Romsdal.

The offices are located in Namsos, Rørvik, Steinkjer, Levanger, Verdal, Stjørdal, Fosen,

Orkanger, Trondheim, Oppdal, Hitra, Frøya, Melhus, Molde, Sunndalsøra, Surnadal,

Kristiansund, Ålesund, and Ørsta/Volda. EiendomsMegler 1 Midt-Norge has no divisions or

offices abroad.

See chapter 5 for a description of the business’s customers, customer relationships,

transaction type and aspects of the transaction.

5. Identification and assessment of risk

Summary

7

This chapter provides more detailed information regarding identification and assessment of

the risk picture for the business as regards money laundering and terrorist financing.

Point 5.1 gives an account of the general risk picture for the business in an overarching

perspective. As will be seen, attention is drawn to a number of factors representing inherent

risk in the business.

It is, however, important to make clear that the bulk of the business’s assignments and

customers belong in the category “standard”. A “normal assignment” in terms of volume

refers to consumers resident in Norway who intend to buy or sell property in connection with

the purchase of a new dwelling for which large parts of the purchase price are debt-financed,

entailing that the risk posed by the business is in general terms acceptable.

At the same time a number of risk indicators are identified, see point 5.2, to which the

employee is obliged to respond in the individual assignment.

In view of established procedures, including internal control procedures, and the ongoing

training carried out in the organisation, see point 6, risk associated with

assignments/customers posing elevated risk is considered to be handled satisfactorily. The

procedures require assignments/customers posing elevated risk to be identified and managed

in a timely and rightful manner.

5.1 Description of the company’s general risk picture

EM1 is assessed as facing an inherent risk of exploitation for money laundering purposes due

to

- the company’s size, - the company’s range of services, - the generally low level of knowledge in the sector - an outdated IT system requiring “manual processing” - (organisation of the business)

The final indent is in parenthesis since the organisation of the business also has its clear-cut

strengths as regards compliance with the AML legislation.

5.1.1 The company’s size

In its catchment area from Volda in the south to Rørvik in the north, the company has an

overall market share of just over 40%, producing a large number of transactions per year

(approaching 7,000).

The company’s organisation involving a large geographical sweep and a presence in the

largest towns in North Trøndelag and in Møre and Romsdal is in itself a risk factor due to the

distance this involves to the management, AML officerand the Central Settlement

Department/Central Back Office department.

Similarly the number of employees itself entails a risk, since about 240 persons with various

competences and experience have to be ‘reached out to’ in order to ensure compliance with

the AML legislation.

8

A high market share entails a relatively large proportion of transactions in the refurbishment

market, a market well suited to money laundering – for example when a property is

refurbished using illicit funds which are laundered when the property is sold.

5.1.2 The company’s service range and customers

The company offers all estate agency services from residential rentals.

The bulk of the business’s assignments and customers belong in the category “standard”. A

“normal assignment” in terms of volume refers to consumers resident in Norway who intend

either to buy or sell property in connection with the purchase of a new dwelling for which

large parts of the purchase price are debt-financed. These assignments do not pose an elevated

risk of money laundering/terrorist financing.

Where commercial property broking is concerned, such assignments are handled by the

Commercial Property Broking Department. The department has about 200 assignments per

year comprising 40% sales assignments and 60% rentals.

Commercial property broking is regarded as particularly vulnerable due to

- High transaction amounts - Complex corporate structures - Sales involving ‘in blanco’ deeds of conveyance - Potential difficulty in determining market value - Market values are easier to manipulate via for example fictive rental contracts

The Commercial Property Broking Department, which has an on-site case officer that

supervises the broking process ensuring that it is conducted in the correct manner, is in

addition monitored closely by the AML officer with a focus on the AML effort.

Settlement assignments (about 500 of about 7,000 transactions in all in 2015) are a risk driver

due to lower knowledge of:

- The parties - The agreement - The sale object, including the price

Transactions in the new-build market, numbering about 1,000 per year, pose particular risk

because of:

- The developer’s corporate structure - Desire for in blanco deed of conveyance/onward sale of the contract by the buyer

The New Build Department has its own quality officer attached to the department, and is

responsible for all customer establishment and case handling on the new-build side –

including new-build projects across the business’s entire market area. This constitutes a clear-

cut strength as regards compliance, ongoing monitoring and controls.

5.1.3 The industry’s generally low knowledge level

9

The issues involved in the AML effort appear ‘remote’, although attitudes have matured and

awareness of the issues has grown in the past year. The impression is that many estate agency

staff are reluctant to inform against or report customers that provide the basis for their

salaries.

There has been very little focus on AML in our sector, as in others, and the sector is

characterised by backlog due to lack of focus since the Act entered into force in 2009.

A large proportion of the staff have recently completed their education, only five hours of

which were devoted to the AML legislation. On the other hand there are experienced estate

agents who continue to work as they have done for many years and fail to take a healthy,

critical look at transactions.

The above refers to a backlog in terms of competence among the staff, but the measures taken

as described in point 6 are proving to have good effect in terms of compliance with the AML

legislation in the business.

5.1.4 Outdated IT system that requires manual processing

Present day IT tools have no module that ensures compliance with the AML legislation. They

offer no possibility of ‘automatic checks’ with associated ‘stop points’.

A large degree of manual work without physical stop points contributes to increased risk due

to greater room for human error.

5.1.5 Organisation

Thus far much responsibility for the AML effort has been placed on the AML officer,

rendering the business vulnerable in the AML officer’s absence. Phasing in the case officer in

charge of quality as an actor in the first line of defence, see point 6, reduces this risk.

An organisation structure involving the Central Settlement Department and the Central Back

Office splits up the process. This is liable to increase risk since it could lead to none of the

involved parties assuming ‘full ownership’ of the matter concerned.

The last mentioned risk is considered to satisfactorily addressed through the control

procedures that are established, see point 6, and the CSD-CCPD set-up accordingly adds

strength to the organisation of the business in terms of complying with the AML legislation. It

provides strong professional units on both the case officer and settlement side, which is in

itself a strong point since all settlements (except in the commercial area) are handled by a

department of dedicated staff, which strengthens opportunities for training and controls.

5.2 Identification of risk indicators with analysis and assessment of identified risks

Through the risk assessment process a number of risk factors have been identified which are

group as follows:

Type of customer/co-contractor

Knowledge of the customer/co-contractor

10

Transaction type

Aspects of the transaction

This grouping is considered to be in accordance with section 5 of the Anti-Money Laundering

Act which requires risk-based, ongoing monitoring to be carried out based on the “type of

customer, customer relationship, product or transaction.”

The following assessment criteria are applied when assessing risk:

Risk - level

Simplified due diligence controls Low/no risk. No specific risks of money laundering or terrorist financing identified

Standard due diligence controls Matters which on their own do not constitute risks but which together with other criteria may entail an elevated risk of money laundering or terrorist financing and thus a need for enhanced controls

Enhanced Matters which entail an elevated risk of money laundering or terrorist financing. Criteria which in themselves are sufficient to place a customer under enhanced controls (e.g. a PEP)

Risk based on type of customer/co-contractor Risk - level

Norwegian private customer

Foreign national, resident in Norway Foreign national, resident abroad Politically exposed person – PEP* Norwegian-registered company (limited company, general partnership, general partnership with shared liability, public limited company, housing cooperatives

Norwegian-registered foreign business

Foreign-registered company Public enterprise that meets requirements for simplified due diligence

Guardianship

Judicial administration of a deceased’s estate Private administration of a deceased’s estate Bankruptcy estate Property sale through power of attorney

Indication that customer/co-contractor is acting on behalf of others

Customer/co-contractor’s residence/address does not conform to their income level

Customer/co-contractor is an apparently ‘empty’ company

No risk based on aspects of the transaction Customer regularly provides assignments without being registered as a business engaged in property purchase and sale

11

One of the parties has no natural connection to the area in which the property is situated

Complex corporate structure/organisations whose ultimate beneficial owners are difficult to identify

No risk based on type of customer/co-contractor

*PEP: A person who holds/has held a prominent office or position in a state other than

Norway, or the child/spouse of such a person.

Risk based on knowledge of the customer/co-contractor incl. related parties**

Risk - level

Familiar from the media or other sources due to criminal involvement

Familiar from the media or other sources due to criminal sentence

Familiar from the media or other sources due to criminal investigation

No risk based on knowledge of the customer etc.

**Related parties = board member, shareholder, CEO, (and

spouse/child/partner/sibling/parent of such parties), parent company/subsidiary.

Risk based on transaction type Risk - level

Sale – ordinary sales assignment

Partial settlement (multiple payments, e.g. project)

Settlement assignment

Transfer of contract rights

No risk based on transaction type

Risk based on aspects of the transaction Risk - level

Money transferred to/from an account in a Norwegian bank

Money transferred to/from a foreign bank where the payer has a natural connection to the bank’s home country

Money transferred to/from a foreign bank where the payer has no natural connection to the country

Buyer finances the purchase entirely/partly out of own funds which do not conform to his finances.

Buyer states intention to make a cash deposit

Vendor financing

Purchase/sale using an ‘in blanco’ deed of conveyance

Settlement in a medium other than money

Short interval between purchase and onward sale

Customer not lawfully entitled to transfer title

Settlement to be made to a party other than the customer

Down payment paid by a party other than the buyer

12

Debt finance from an untraditional source

Settlement effected in unnecessarily many transactions

Seller accepts a loss

‘31.12 transfers’ – (the buyer pays before year-end and takeover is not immediately after year-end)

Unusual use of client account (early payment)

Transaction between a company and related parties***

Refurbished object with short period from purchase to onward sale

Changes made to the settlement agreement during the transfer process

Property bought unseen

Settlement will not be via the estate agent

No risk based on aspects of the transaction

The employee has, based on discretionary criteria, the opportunity to identify a customer for

enhanced due diligence upon customer establishment, or subsequently as part of ongoing

monitoring.

6. Risk-mitigating measures

The company has initiated a number of risk-mitigating measures to remedy the risk of money

laundering and terrorist financing. A continuous effort is being made to quality assure these

measures. This chapter presents a summary of those of greatest importance.

It is assumed that the risks attending the business that are singled out in point 5 are

satisfactorily handled through the measures described in the following, and that the business

complies with the requirements set by the AML legislation.

It is also assumed that the business will make a good showing in any inspection by

Finanstilsynet; see point 1.3.

6.1 Preventive measures

In line with the Anti-Money Laundering Act, the business has designated an AML officer.

The controller at the Specialist Department has been given for the implementation of internal

controls including reporting to the AML officer every third month.

The case officer in charge of quality in the respective departments has been given operative

responsibility for supervision and guidance in the first line of defence.

Employees receive basic training and guidance by a number of means, including through

courses for new staff, as well as through dedicated AML programmes

In 2015 and 2016 the following courses were completed by the employees:

- “Suspicious transactions”, completed by all employees - “Customer due diligence”, completed by all employees - “Customer due diligence”, a special course for the Commercial Broking Department

13

- “Customer due diligence”, a special course for the Settlement Department and Central Back Office case officers

In addition, the following documents have been developed, and reviewed by the estate agent

in charge at the respective departments.

- “Customer due diligence” - “Suspicious transactions”

In addition, ‘advice and tips’ are posted as a news item on the company’s intranet, Innsikt

(Insight).

This risk assessment, and “Overarching guidelines – measures to combat money laundering

and terrorist financing, adopted by the board of directors on 16.11.16” will be published on

the intranet.

Further, the business’s procedures and checklists incorporate control points designed to

ensure effective compliance with the established procedures for risk-based customer due

diligence. The case officer and settlement officer will halt and/or return a case to the

preceding stage if documentation of duly completed risk-based customer due diligence does

not rest on the case. Risk-based customer due diligence (risk classification of the assignment)

is performed on a continuous basis, and an additional explicit requirement is that this is

documented at minimum at two stages: (1) upon entering into the assignment agreement, (2)

once the contract meeting has been held.

All settlements for existing new-builds are handled by the Central Settlement Department; see

point 5.1.5 above.

Settlements for the Commercial Broking Department are carried out by the department’s case

officer in charge of quality. The case officer sits close to the department (at the same desk),

which is a clear advantage with regard to compliance, ongoing updates and controls.

The new build department has its own quality officer in the department, and is responsible for

all customer establishment and case handling on the new build-front, entailing a clear

advantage with regard to compliance, ongoing monitoring and controls.

6.2 Measures in connection with customer establishment

Identity check (proof of identity, certificate of registration, electronic identification (BankID) from another bank)

Check of ultimate beneficial owners

Standardised customer establishment processes – all customer relationships are established by a case officer

Under the terms of the assignment agreement, in order for an assignment to go ahead, it must be possible for satisfactory customer due diligence to be carried out

Assignments are not initiated unless confirmed ID, possibly a completed form identifying beneficial owners and a certificate of registration have been obtained. A

completed “Risk classification form” must also have been obtained.

Completion of a PEP self-declaration form, where relevant.*

14

*Screening the customer list against the Dow Jones PEP list and the UN terrorist list is

currently not a priority task. In view of the fact that the risk associated with PEPs (the parent

company SMN has thus far registered one PEP in its customer register), the company

considers – after weighing up the risks involved – that until such time as a new core system is

in place it is justifiable to omit screening the customer list against the registers mentioned.

Finanstilsynet has moreover announced that no requirement to carry out screening against the

above lists will be imposed.

6.3 Ongoing customer due diligence measures

A copy of confirmed ID, possibly a check on beneficial owners for the buyer must be obtained at the contract meeting at the latest.

The buyer, and seller, must be made aware via the prospectus that in order for the transaction to go ahead it must be possible to conduct satisfactory customer due

diligence in accordance with the Anti-Money Laundering Act.

The buyer must state on the requisite form how the money is to be transferred and the name of the account holder

The risk classification form must be completed after contract signing and before the property transfer is dispatched for settlement.

The Settlement Department shall check that identity documents and the risk classification form accompany the case upon dispatch for settlement. Settlement will

be halted in the unlikely event that these documents are not in place.

The Settlement Department conducts a check on who is actually paying the purchase price and who is to receive the payment, and under the procedures set is particularly

alert to transfers to/from other countries.

6.4 Enhanced customer due diligence

A manual risk assessment of customers is conducted upon customer establishment.

In the event of the money laundering indicator recording a hit in the “enhanced due diligence”

group, the agent together with department’s case officer in charge of quality decide whether

the customer should be monitored using additionally enhanced controls. The assessment is to

be documented in the Risk Classification Form. If the conclusion is that the case should be

monitored by means of enhanced due diligence measures, this is marked in the case

processing system in parallel with an alert to the AML officer who decides which suitable

enhanced due diligence measures are to be initiated.

For customers who are identified for enhanced customer due diligence, specific checks must

be carried out. This is done when the customer is so identified, and is in addition to ongoing

monitoring and checks. Specific procedures have been developed showing which due

diligence measures are to be carried out and documented.

Separate due diligence measures are defined for PEPs in keeping with the Anti-Money

Laundering Act. The Act requires the following measures to be introduced with respect to

customers who are PEPs:

1. Take suitable steps to establish the origin of the customer’s wealth and the capital included in the customer relationship or transaction. In the first instance this entails

asking the customer. If the customer’s explanation appears trustworthy, this may

15

suffice. Alternatively the company must investigate further by requiring

documentation confirming the customer’s information, for example wage slips,

documentation of inheritance, settlement for sale of a house, income tax return etc.

(Practically any form of assets, including cash (in excess of NOK 3,000), and income

(including lottery winnings in excess of a certain sum) are subject to tax assessment

and should therefore appear in the customer’s income tax return.)

2. Ensure that the decision maker (by decision maker is meant the employee who decides whether a customer relationship should be entered into with the person concerned)

obtains his or her superior’s approval before the customer relationship is established.

This entails reviewing the assessment and documentation in connection with the

customer due diligence process together with a superior, and the latter must approve

the customer establishment.

3. Conduct enhanced monitoring of the customer relationship. This entails conducting more thorough and more frequent checks of the customer relationship than in the case

of ordinary monitoring.

6.5 Follow-up and monitoring

In order to ensure that the business’s procedures and policies are complied with as intended,

first- and second-line controls have been introduced as described in “Overarching guidelines –

measures to combat money laundering and terrorist financing, adopted by the board of

directors on 16.11.16”.

The controller at the Quality Department conducts periodical checks on a random basis

related to customer establishment, enhanced customer due diligence etc, and the results of the

review are reported quarterly to the AML officer who thereafter reports to the board of

directors and management team.

7. Ethics and responses

The company has provided training, information, procedures and provisions designed to

ensure that all employees maintain an active and alert mindset with regard to combating

money laundering and other forms of economic and financial crime.

As regards ethics and responses, reference is made primarily to the parent company’s ethical

guidelines and uniform system of sanctions along with society’s laws, rules and provisions

that apply to the area concerned. Any violation by employees of guidelines, rules and law

provisions covered in this risk analysis (wilfully or through negligence) could have

consequences for their employment relationship, and may render them liable to criminal

prosecution.

8. Audit

This risk assessment shall be audited at least once per year, or more frequently if called for

(for example by changes in products or services). The AML officer is responsible for

coordinating the audit of the business lines.