Section 4 of the Regulation on Sound Operational Management relating to the Act on the Supervision of Trust Offices (Regeling integere bedrijfsvoering Wet toezicht trustkantoren – Rib Wtt) stipulates that trust offices must not only carry out a risk analysis regarding their sound operational management, but also for each individual business relation and for each service provided. This Q&A document provides guidance for performing these risk analyses.
Risk analysis of services
Why should trust offices carry out a risk analysis of the services they provide?
On the basis of this risk analysis, trust offices are able to identify the integrity risks related to the provision of specific services to specific clients, or to establishing a business relationship with a specific client.
What does the risk analysis entail?
The risk analysis provides insight into the purpose of the services provided by the trust office and any integrity risks related to that purpose at the client, object company and ultimate beneficial owner (UBO) level.
This duty of investigation emphasises the importance of gathering information about the trust office's services and the integrity risks related to specific clients/object companies/UBOs. Merely stating 'for the purpose of tax benefits' or 'making use of favourable international treaty provisions' as the purpose of providing a specific financial service does not suffice. A proper risk analysis provides insight into the effects of setting up a specific tax structure for a specific client. The analysis shows whether the intended purpose of a service is in accordance with the letter as well as with the spirit of the law.
How should the trust office carry out the risk analysis?
The risk analysis described above is a micro-level analysis: the trust office must identify the risks of providing a specific service to a client or establishing a business relationship with a client, prior to providing the service or establishing the relationship. On the basis of this risk analysis the trust office determines whether the risks identified are not too high, and subsequently how it will mitigate the risks. The trust office therefore follows the same procedure as for carrying out the risk analysis.
The results of statutory customer due diligence, the investigation into the purpose of the structure to which services are to be delivered and the investigation into the origin and assets of the object company are important sources of information for the risk analysis, on the basis of which the trust office will determine how to mitigate any risks identified.
The client acceptance file should state the purpose of the structure for each of the object companies. The trust office should at least address the role of the object company within the structure and the reasons for using a legal entity having its registered offices in the Netherlands. The client acceptance file thus comprises more than merely a description of the intended activities of the object company.
The trust office should provide a thorough analysis of the structure: why has the structure been set up through the Netherlands, in this particular form, and what exactly is the added value of the trust office's services? The analysis gives insight into any integrity risks related to the provision of services. Subsequently the trust office determines the probability that its services might be abused, thereby possibly severely damaging the trust office's reputation or trust in the financial markets.
If the investigations deliver insufficient information, the trust office should explicitly record and consider this in the risk analysis. Depending on the situation, this may lead to the trust office reporting an unusual transaction or intended unusual transaction, not accepting a client, not or no longer offering specific services to a client, or ultimately terminating the business relationship.