beneficial ownership: practical applications for stronger...

Beneficial Ownership: Practical Applications for Stronger CDD Processes

Noon EST – 2:00 PM ESTA sound check will be performed 5 minutes before the start

time

Technical Assistance• Send a message via the Q & A box• Or Call WebEx Technical Support:

(US & Canada) 866-229-3239 (International) 916-229-3239

Attendee instructions on how to use Audio Broadcast • Do not close the Audio Broadcast panel

• If you are not able to listen to the audio on your computer speakers, press the stop button, wait 5 seconds then press play.

• Make sure to adjust the volume button on your computer speakers and also adjust the volume on your sound card. To do this, go to the Start Menu, click Control Panel, then click Sound & Audio Devices and adjust accordingly.

• If you do not have speakers, please refer to your login instructions for the Teleconference Domestic and International Numbers and Access Code.

• You may request the Teleconference Number by clicking “Request”under the attendee box on your left hand side.

• Can you hear the sound check?

• It has begun

To send a question:

• Locate the Q & A box on the bottom right hand corner of the WebEx platform.

• Type in your question and click send!

Beneficial Ownership: Practical Applications for Stronger CDD Processes

Moderator:

Brian Stoeckert, CAMS, CFEAssociate, Financial Crimes Booz Allen Hamilton

Speakers:

Will Vorhees, CAMSManager, Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) & e-Fraud

Investigations Units at SVB Financial Group (SVBFG

Theodore S. Greenberg, CAMS President, TG Global

Beneficial Ownership: Practical Applications for Stronger CDD

Processes

Theodore S. GreenbergPresidentTG Global

Washington, [email protected]

Untying The Gordian Knot

• What happens 16 million times per day in 209 countries and involves 9,000 financial institutions?

• Proceeds of crime are often hidden in plain sight banks of transferred by companies and other legal entities.

• Proceeds of crime are usually laundered through banks in several transit jurisdictions before reaching final hiding place. Is your FI to blame?

Agenda

• What does beneficial ownership mean?• U.S. and International Standards.• Illustrations of problems in identifying beneficial

ownership• Is there any excuse for not knowing who is the

beneficial owner?• Hot Issue: Politically Exposed Persons

Who Is A Beneficial Ownership? • Beneficial owner includes the natural

person[s] who ultimately owns or controls a customer and/or the person on whose behalf the transaction is being conducted. It also incorporates those persons who exercise ultimate effective control over a legal person or arrangement and relevant third parties. FATF Glossary

FinCEN and USG Regulators Issue Guidance on Obtaining and Retaining Beneficial Ownership

Information

• March 5, 2010• As part of BSA/AML compliance program, a FI should

establish and maintain CDD procedures that are reasonably designed to identify and verify the identity of beneficial owners of an account, as appropriate, based on the institution’s evaluation of risk pertaining to an account.

• Definition of “beneficial owner under FinCEN’s regulations specific to CDD for private banking and correspondent account for foreign financial institutions…

FinCEN Continued• “…is the individual(s) who have a level of

control over, or entitlement to, the funds or assets in the account that, as a practical matter, enables the indiviudal(s), directly or indirectly, to control, manage, or direct the account…”

• See, e.g. 31 CFR 103.175(b)

International Standards and Why Should I Care?

• FATF Glossary Definition (above).• FATF R 5: CDD includes identifying the beneficial owner, and taking

reasonable measures to verify the identity of the beneficial owner, and legal persons…this should include…taking reasonable measures to understand the ownership and control structure of the customer.

• EU Third Money Laundering Directive states that this is a natural person controlling 25% of a legal entity.

• Bank of International Settlement (BIS) states than an institution should identify those who have control over the business assets with particular attention to shareholders or others who inject a significant proportion of capital…

• G20 emphasis on transparency and focus on beneficial ownership.

Difficult Areas• Companies• Shell and Shelf Companies• Partnerships (limited liability)• Associations, cooperatives etc.• Trusts• SPVs• Nonprofit corporations

Shell and Shelf Companies• Shell company refers to a legal entity, established under

the laws of a State, that has no independent operations or assets of its own.

• In 2009 one company advertised: “[w]hen you set up with one of these shell corporations, your name is not listed on public records as the “incorporator” and First Director, which can be very key when it comes to privacy.”

• “Why wait months or years to establish business credit when you can own a turnkey Nevada shelf corporation with over 150k of bank credit.”

A Simple Addition To The Identification Regime

Require a Declaration of Beneficial Ownership

• Provides background to assist with identification and verification.

• Assist regulatory authorities in evaluating BO practices.

• Requirement to sign under criminal penalty, where existing, serves as deterrent.

• One tool – not only tool—to identify and verify BO. Not sufficient to let banks “off the hook”.

Form X – Declaration Of Beneficial Ownership

Politically Exposed Persons• Individuals who are, or have been, entrusted

with prominent public functions• Includes family members and close associates• Represent a greater ML risk because of the

possibility that they will abuse their position and influence to carry out corrupt acts (e.g., extort/pay bribes, steal assets)

• “Not all PEPs are bad” but all require EDD

Stolen Asset Recovery (StAR) Initiative

Why Focus on PEPs? • Legal and reputational risk to individual bank, and

reputational risk to a jurisdiction’s financial sector as a whole.

• Standard CDD is not sufficient.• Level the playing field – banks are already taking action

on PEPs and many go beyond the international standards.

• The problem continues: Corrupt PEPs are becoming more effective in hiding their identity through associates, legal entities, and intermediaries.


Response – UNCAC & FATF

• UNCAC, Article 52 (entered into force Dec 2005): – “to conduct enhanced scrutiny of accounts sought or maintained

by or on behalf of individuals who are, or have been, entrusted with prominent public functions and their family members and close associates.”

• FATF 40+9 Recommendations: Rec. 6 (June 2003)– Risk management systems to identify PEPs– Senior management approval– Establish source of funds and source of wealth– Conduct enhanced ongoing monitoring


The Reality: Low Compliance • More than 80% of jurisdictions have not

implemented effective measures. Only 3 jurisdictions compliant.

• Compliance lower in FATF jurisdictions.


Link between PEPs and AML

• PEPs should be identified in course of CDD procedures (including identification of beneficial owner)

• Failures in CDD creates risk that PEP will not be identified

• FATF Recommendation ratings build on this link


Recommendation 5 = CDDRecommendation 6 = PEPs

Little Evidence of Monitoring• What is reported by banks?• No corrupt PEP activity in banks or in

other sectors• Few PEP STRs• Few investigations or prosecutions for

grand corruption• Where is the corrupt money?


Why is PEPs Compliance a Problem?

• Lack of political will– Failure to pass and implement legislation and

regulations.– No regulatory sanctions on PEPs.– Little interest in measuring effectiveness of

PEPs measures (e.g., collection of statistics, studies).

– Few cases.


Principle Recommendation 1• Apply EDD to All PEPs, Foreign and Domestic.• UNCAC - domestic and foreign PEPs; FATF – foreign only.• Why?

– Legal and reputation risks remain same – domestic politicians are subject to same pressures and perverse incentives.

– Increase credibility of commitment to fighting corruption and money laundering.

• Reality: Many banks are already covering both.


Principle Recommendation 2• Require a Declaration of Beneficial Ownership.• Provides background to assist with identification and

verification.• Assist regulatory authorities in evaluating BO practices.• Requirement to sign under criminal penalty, where

existing, serves as deterrent.• One tool – not only tool—to identify and verify BO. Not

sufficient to let banks “off the hook”.


Principle Recommendation 3• Request Asset and Income Declarations.• Required in more than 110 countries.• Provides a “snapshot in time” that bank can use

to compare with profile or account activity.• Addressing refusals.• Issues: Verification is uneven. • Other uses: PEP identification if public list of

filers, analysis of STRs by FIUs.


Principle Recommendation 4• Periodic Review of PEP Customers• Review of the “big picture” on risk-based

approach, at least yearly• Helps to overcome silo approach• Should include consideration by at least

one senior manager• Good Practice: PEPs Committee


Principle Recommendation 5• Avoid Setting Limits on the Time a PEP

Remains a PEP.• UNCAC and FATF – “once a PEP always

a PEP”.• Problems with time limits.• Consider on case-by-case basis using

risk-based approach.


Other Recommendations & Issues

• PEPs are an asymmetric risk – no one single tool will solve problem.

• Ensure inclusion of “family members” and close associated in definition of PEPs.

• Commercial Databases.• Involvement of group AML/CFT compliance

officer in decision to accept customer.• Issue: National List of PEPs.


Regulatory Authorities, FIUs

• Include PEPs component in on-site inspections.• “Red flags” or typologies to help identify PEPs,

including close associates, and indications of corruption.

• Enforcement, use of sanctions.• Guidance on filing PEP STRs.• Collection of statistics.


Questions Are Welcome

Thank you for your time and participation in this Web Seminar

Beneficial Ownership:

Practical Applications for Stronger CDD Process

William Voorhees; MFA, CAMS, CFE

The Owners Behind the Shells

Would you bank me?Are you banking me?

The Relatives or Close Associates

How about me?Would you bank me?Are you banking me?

Issues to be addressed at today’s presentation How to:

Mitigate the risk of banking high-risk entities

Identify account holders

Monitor those relationships

Maintain CDD/EDD records

Report suspicious activity

Discussion Points:What are beneficial owners

What are the risks in not identifying them

What is the latest interagency guidance

How to put a strong CDD/EDD program in place to ensure reasonable detection and identification

“An enterprise-wide compliance risk-management program should be dynamic and proactive. It should assess evolving risks when new business lines or activities are added, when existing activities and processes are altered, or when there are regulatory changes. The process should include an assessment of how those changes may affect the level and nature of risk exposures, and whether mitigating controls are effective in limiting exposures to targeted levels. To avoid having a program that operates on autopilot, an organization must continuously reassess its risks and controls and communicate with all employees who are part of the compliance process. If compliance is seen as a one-off project, an organization faces the risk that its compliance program will not keep up with the changes in its services or customer mix.”

-Governor Susan Schmidt Bies (former)Board of Governors of the Federal Reserve System

What is a Beneficial Owner?A person who enjoys the benefits of ownership

even though title is in another name

Any individual or group of individuals that, either

directly or indirectly, has the power to vote or

influence the transaction decisions regarding a

specific entity– Investopedia

Interagency GuidanceFinancial Crimes Enforcement Network (FinCEN)Board of Governors of the Federal Reserve System (FRB)Federal Deposit Insurance Corporation (FDIC)National Credit Union Administration (NCUA)Office of the Comptroller of the Currency (OCC)Office of Thrift Supervision (OTS)Securities and Exchange Commission (SEC)

Interagency Guidance

Issued to clarify existing regulatory expectations

Cornerstone of a strong BSA/AML program is CDD

CDD process should be commensurate with Bank’s BSA/AML risk

Risk assessment needs to be conducted to determine risk present


Consider implementing on an enterprise-wide basis

Encouraged to share information across business lines, separate legal entities w/in the enterprise and affiliates

Look for additional information from other areas of the bank, such as:

Credit underwriting

Marketing

Fraud detection


Examples of CDD on-boarding procedures:

Is the customer acting as an agent on behalf of another?

Is the customer a non-public entity (association, PIC,

trust, foundation)? If so, obtain structure info.

Is the customer a Trustee? If so, obtain structure info,

such as, the provider of the funds and any persons who

control the funds or trust.


Examples of EDD on-boarding procedures:

Identify and verify beneficial owners

Reasonably understand the sources and uses of funds in

the account

Reasonably understand the relationship between the

customer and the beneficial owner


Examples of high-risk clients:

Trusts

Corporate entities

Shell entities

Private Investment Companies (PICs)

Nominee accounts (set up by gatekeepers)

*Private Banking and Foreign Correspondent accounts too


Evaluate the anticipated activity information obtained in account opening against actual account activity after the account is established.

Does the anticipated activity seem normal for that business or account type?

Cant just book it and forget it!


Private Banking

Source of customer’s wealth

Anticipated activity

Geographic location

Corporate structure

Public informationSpecial rules apply to Senior

Foreign Political Figures (SFPF)

Case Studies / Enforcement Actions

Reading these point out industry-wide concerns.

These include legal precedents and specific facts.

It is important to discuss these with senior management and the board of directors.

Can be part of Board packet for BSA training.

Case Studies / Enforcement ActionsBanc of America Investment Services, Inc.

2007 – Fined $3 million by NASD for failure to obtain customer information on certain high-risk accounts

Failure to have adequate communication with the parent bank to ensure SAR filings were met

34 accounts linked to one family in the Isle of Man involving trusts and PICs

Above accounts engaged in multi-million-dollar international wire transfers

High Risk Companies as ClientsNew account opening procedures

Beneficial ownership structure

Analyze funds to determine a baseline of activity

Design monitoring timeline

Compliance play active role in on boarding and approving

How to mitigate the risks of high-risk CompaniesThe Bank’s EDD process should cover:

Identification of the risk

Control of the risk

Measuring the residual risk

Monitoring of the risk/controls

Reporting

Adjustments to controls

Updates to the profile (when and why)

How to mitigate the risks of high-risk CompaniesObtain an understanding of the customer’s risk profile in

order to develop the appropriate processes to mitigate the overall risk. Specifically, the analysis of the data pertaining to the customer’s activities should consider the following:

Purpose of the account;

Actual or anticipated activity in the account;

Exact nature of the customer’s business;

Customer’s location; and

Types of products and services used by the customer.

How to evaluate the information received Example: The data collected in the on-boarding process

reflects that a client process 100 international funds transfers per day. Further analysis may show that approximately 90 percent of the funds transfers are recurring well-documented transactions for long-term customers. On the other hand, the analysis may show that 90 percent of these transfers are non-recurring or are for anonymous / new customers. While the numbers are the same for these two examples, the overall risks are different.

How to mitigate the risks of high-risk CompaniesBeneficial Ownership Drilldown:Keep drilling until you have identified a natural person who ultimately

owns or controls the company

All owners with >X% (10%, 20%, 25%)

Find the natural person, or:

Governmental entity

Publically traded company

Well-known private company (Bechtel, Mars, etc)

NGO/NPO (get the Board)

In some cases well known VC firm

Trust (get the trustees and beneficiaries)

How to mitigate the risks of high-risk Companies


One way to build a program is to identify the high-risk business types. For example:Professional Service Providers (law firms, travel agents, holding companies, investment brokers)

Foreign Corporate Entities (PICs, IBCs, foreign financial institutions)

Cash Intensive Businesses (MSBs, pawn shops, gas stations, liquor stores, etc)

Non-Governmental Organizations (charities, PACs, associations)

Dealers (car dealers, import/export, precious metals, weapons, luxury goods)

Entertainment (adult, card clubs, casinos, etc)


Coding of the high-risk client types

Break up the high-risk client types into tiers

Require escalated approval for the highest of the high

risk clients (BSA Oversight Committee or similar)

Design a monitoring program for the high risk clients

EDD on all high risk clients but frequency of review can differ

based on the tier levels

Design of a CDD/EDD Monitoring Program (example)

After initial on-boarding, periodic review of client

relationship, including:

Review of relationship and actual activity/CDD for risk rating

purposes

EDD on High-Risk clients, looking for:

Change in business model

Change in business operations

Activities discovered through transaction monitoring

Changes in beneficial ownership

Other significant changes, as appropriate


EDD Steps:

Standard profile validation step can include:

Negative news searches

Review of notes from relationship teams in Client Records system

Review of client service changes (new products or services like RDC)

Secretary of State records, if appropriate

Professional services registrations

Review alerts/cases in transaction monitoring or case management system

Update records to include changes to risk rating, business code,

committee approvals needed, etc.


EDD Steps:

After your records are updated, ensure any dates or

other controls devices are updated so the client will be

reviewed when its time is up.

Remember that by taking a “risk-based approach” you

can stagger out your ongoing CDD/EDD reviews so as

to not overwhelm your staff resources

Reference Resources

The joint release Financial Institution Letter regarding Guidance on Obtaining and Retaining Beneficial Ownership Information http://www.fdic.gov/news/news/financial/2010/fil10008a.html

This is where to find the release that describes the interagency guidance

Reference Resources

The Federal Financial Institutions Examination Council (FFIEC), http://www.ffiec.gov/bsa_aml_infobase/documents/BSA_AML_Man_2010.pdf

Brand, spankin’ new BSA/AML Exam Manual,Provides guidance to examiners for carrying out BSA/AML and Office of Foreign Assets Control (OFAC) examinations.

EDD for nominal and beneficial owners on page 65

Reference Resources

Network Branded Prepaid Card Association: Recommended Practices for Anti-Money Laundering Compliance for U.S. Based Prepaid Card Programs, http://www.nbpca.com/docs/NBPCA-AML-Recommended-Practices-080220.pdf

Entities covered by BSA/AML Requirements,BSA/AML Risk Assessment,Internal Controls,Federal Reporting Requirements,KYC & Third-Party Agents, andIndependent Compliance Testing

Reference Resources

The FinCEN web site, www.fincen.gov

Excellent resource for statutes, regulations, forms, enforcement actions, and news about FinCEN;The SAR Activity Review includes an SAR analysis by product, industry and geographic location of activity www.fincen.gov/news_room/rp/sar_tti.html

Reference Resources

The Financial Action Task Force (FATF) , http://www.fatf-gafi.org

Contains the FATF 40+9 Recommendations,Provides guidance, best practices and interpretive notes,Includes mutual evaluation reports (MERs) and detailed assessment reports (DARs) for countries – an excellent source of information about country risk, andDiscusses the methodology used for assessing country AML/CTF frameworks.

Contact Information

William J. Voorhees, MFA, CAMS, CFEAML/BSA & e-Fraud ManagerOFAC OfficerSVB Financial Group3003 Tasman DriveSanta Clara, CA 95054Tel: [email protected]

If you have additional questions for today’s experts, please send them to:

[email protected]

Thank you for joining us today!

Web Seminar Certificate of AttendanceTo request a certificate of attendance, please fill out the request form, found in your reference materials, and email the form to [email protected] along with your payment information. First certificate is included in cost of seminars. There is a $40 administrative fee for each additional certificate.

You may also call +1 305.373.0020 to process payment over the phone.

Next Web Seminar:

Banks and MSB Clients: Understanding Risk Ranking and

Regulator Expectations

April 14, 2011 – Noon to 2:00PM EST

Conducting Effective AML Investigations: Law Enforcement Methodologies and

Private Sector TechniquesFebruary 25 | Washington, DCFebruary 28 | New York CityApril 29 | New York City

Join veteran law enforcement speakers, Dennis Lormel and Edward Rodriguez, as they present a full review of the investigative process from start to finish. In this comprehensive, full‐day seminar, attendees will gain invaluable insight on:

• Increasing your AML expertise based on case study analysis from the law enforcement and private sector perspectives

• Practicing critical interview processes and techniques• Determining when to file a suspicious transaction report

Register today!

go.acams.org/seminars | +1.305.373.0020 | [email protected]

beneficial ownership: practical applications for stronger...

Documents