dirty derivatives

7/30/2019 Dirty Derivatives

1/8

AsiaRiskDERIVATIVES

June 2006 1

Dirty DerivativesRegulatory interest has been rising in the use of derivatives for moneylaundering for the past decade. New regulations in the US and Australia

underscore the importance of traditional know-your-customer, know-

your-employee and anti-fraud measures, says Rohan Bedi

Derivatives are an attractive product formoney laundering and, with the retailisation of

markets, also potentially for terrorist financing.

Over-the-counter derivatives markets are

particularly vulnerable to fraud and market

manipulation. Many factors make derivatives

attractive to criminals: the liquidity of the

markets; profit potential (even if the risks are

high); ability to transfer funds globally; the lack

of historical oversight for the purposes of anti-

money laundering/combating the financing of

terrorism (AML/CFT); and the ability to blur the

audit trail. And with banks tightening their

controls, launderers are now turning to other

sectors.

Rogue traders covered up trading losses

in the 1990s using derivatives, which attracted

regulatory attention. The tragic events of

September 11 heightened the AML/CFT focus.

The revised Financial Action Task Force (FATF)

40 principles of 2003, which bring in stricter

AML/CFT and know-your-customer (KYC)

standards, also specify 20 offences for money

laundering, including terrorist financing,corruption and bribery, fraud, insider trading and

market manipulation.

A derivatives broker-dealer with

poor controls in any of the above areas

could potentially find itself in violation of

the AML laws of the country.

Oppenheimer & Co in New York, for

example, paid a penalty of $2.8 million in

December for a lax AML programme.

Indeed, the US Securities and Exchange

Commission (SEC) states that 58% of the

AML compliance examinations

conducted on securities firms in 2005

revealed deficient programmes.

Laundering in the derivatives

markets is often a violation of both the

The author has witnessed various reasons for the failure of anti-money-laundering programmes, such as the folllowing:

Most common deficiency is in independent testingreflecting thedevelopment need of internal audit staffNot looking at the whole business ie, branch-offices, outsourcing,M&A, automated systems aggregation of customer information

Implicitly adopting an STR filing standard of knowledge whereasthe law requires reasonable grounds to suspect

Lack of communication between introducing and clearing firmsPoor training and awareness program not customised to business

model/risks and not useful to employees result is a weak culture

Firms lacking in automation failed to fully screen clients against

sanctions lists/ law enforcement requests

Lack of a qualified and empowered compliance officer

Silos where for example, back-office staff talk to no-oneQuality issues, such as reports being filed late, incomplete and failing toprovide relevant detail.

Typical AML/ CFT program failures


2/8

AsiaRiskDERIVATIVES

June 2006 2

securities and AML laws. And supervisors are

now demanding more transparency and better

controls at derivative broker-dealers.

Perception of legitimacy

The whole concept of laundering is aboutbringing more legitimacy to the perception ofmonies held by the launderer/nominees. Chequesfrom well reputed derivatives broker dealersenhance legitimacy, particularly if the launderercan show that the cheques are the proceeds frominvestments carried out over a period of time.

The three stages of international moneylaundering are: the placement stage that putscash from crime for example, drug trafficking into the financial system; the layering stage,

which consists of numerous transactions

designed to distance the money from its criminal

origins; and the integration stage, where the

money finally gets invested in, say, property or

securities. If cash is not accepted by derivatives

broker-dealers, the basic risks are in the layering

and integration stages.

Types of industry risk

We will first review the specific industry risks

companies are exposed to from money

laundering before discussing firm-level risk

management issues.

Futures market wash trading: Blurringthe audit trail in the exchange-traded futuresmarket is quite easy with the help of acomplicit broker. There is no need to even

make a false entry or accept any falsedocumentation. The broker holds twocontracts in offsetting positions and assignsthe trading loss to the dirty-money accountand the trading gain to the clean-moneyaccount this is know as wash trading. Thedifference is the cost of laundering money.

The dirty-money account is typically held on

paper by a seemingly unlinked party. This

structure is sometimes used to bribe

politicians through accounts of a politicians

friends and relatives that is, accounts of

politically exposed persons. Capcom

Commodities, the BCCI commodity trading

affiliate, exploited the futures market to

launder money in the 1980s.

Forward market offsetting positions:This method is used in layering once themoney is placed into the system to add a

layer of legitimacy, or at the placement stage

if the broker-dealer accepts cash. The

launderer buys spot and sells forward, or vice

versa. In a market rally, one transaction

records a capital gain for example, spot

when the launderer liquidates the transaction.

The other in this case, forward

transaction has a notional capital loss that the

launderer avoids by cancelling the trade and

paying the broker the loss amount. The

complicit broker then destroys the record of

the losing transaction and the launderer exits

with a capital gain. The laundering cost is the

double commission plus any extra money

Rohan, Bedi: changing company culture is a huge challenge


3/8

AsiaRiskDERIVATIVES

June 2006 3

paid for the brokers silence. Such a scheme

might typically take place in a smaller firm.

Options trading: Frequent transactions withmodest capital gains say, through options

trading in currencies, commodities or stocks

would not attract as much attention as, for

instance, a large real-estate gain. Launderers

can also use off-market derivatives trades

non-standard direct contracts between

bilateral parties to show capital gains. By

structuring these transactions with offshore

companies that they owned/control,

launderers can show some losses (to appear

legitimate), but with larger profits. Client-originated insider trading: The

World Bank states: Derivatives that

replicate insider-trading opportunities (for

example, a synthetic version of a company

stock subject to merger or takeover) can be

used to avoid detection of an unusual change

in a listed stock price. Hence, significant

trading positions taken on a specific stocks

options could highlight client-originated

insider trading. In securities fraud, it is

common for insider trading to be donethrough offshore entities, with the

perpetrators hiding behind nominees.

Swaps smoke screen: More broadly,derivative products such as swaps (interestrate, foreign exchange) add a layer oflegitimacy to company funds, giving theperception that regular business is under wayfor which risks are being managed. OTCswaps have been used by large companiessuch as Enron to take profits from schemes

manipulating the natural gas sales market. New derivatives-trading platforms auto

trade: Trading platforms have also evolved,and auto-trading on options/futures e-newsletter recommendations is now availablewith reliable broker-dealers and access to anonline account. This creates a new channelfor layering/ investing monies, as thelaunderer no longer needs to rely on a private

banker or any other adviser in face-to-faceinteractions. With retailisation of the

derivatives markets, low-value trades say,$5,000 or less can be done, and this createsterrorist-financing vulnerabilities. Terroristprofiles include individuals with pettycriminal records who are self-financing.

Client pressure: The launderer allows anopen position to become under-margined.The broker-dealer would be keen to reduceits credit risk and may become vulnerable toaccepting monies from unknown sources.The launderer funds the account and closes

the position, making a loss but converting theproceeds of crime into a clean cheque fromthe firm, supported with a record of tradingactivity.

The three AML risk models

The standard AML risk management modelsemployed globally by banks cover the followingrisk areas: geography and country; business andentity; and product and transaction. The methods

used by launderers to enable them to carry outtransactions include the use of intermediaries,offshore structures and special-purpose vehicles.Higher-risk scenarios include:

The use of complex corporate and account-holding structures for example, layeredstructures, including offshore trusts, shellcompanies (including bearer-sharecompanies); nominee shareholders/authorized signatories/directors (including

corporate directors); and professionalintermediaries. Launderers exploit the factthat information about the beneficialownership of legal entities and arrangementsin offshore financial centres can be difficultto obtain, other than the basic registrationdetails. Broker-dealers should note that whileoffshore shell companies can be legitimatelyused as private investment companies for


4/8

AsiaRiskDERIVATIVES

June 2006 4

holding assets, they are also misused bycriminals and terrorists.

Shell banks continue to play a role inlaundering schemes; the US Treasurys

Financial Crimes Enforcement Network

(FinCEN) seventh SAR review identifies

several east European countries with shell

banks and shell companies. The SAR

review provides feedback to financial

institutions about suspicious activity reported

to FinCEN.

Customers who are politically exposedpersons (PEPs) are a significant laundering

risk, especially if they are from a highlycorrupt country. PEPs in certain countries

may also have a connection with terrorist

financing.

Introduced business, where a broker-dealermay place undue reliance on the due

diligence conducted by an introducer.

The US Office of Foreign Assets Control(Ofac) (US sanctions) identifies high-risk

areas for Ofac transactions, which include

OTC derivatives and online transactions.

Moreover, in

developing a detailed

listing of unusual activity,

a derivatives broker-dealer

should take into account

local risks and market

practices. A transaction

may not always appear

suspicious if reviewed in

isolation, and comparison

with history/peers may benecessary. Close attention

is needed to any

transactions that appear to

be linked. Depending on

volumes, technology may

be required for AML/CFT

monitoring, especially for

online broker-dealers.

Wire-transfer activity should be subject to

heightened scrutiny. Monitoring of this area

should include review of unusual wire transfers,including those that involve an unexpected or

extensive number of transfers by a particular

account during a particular period and transfers

involving certain countries identified as high-risk

or non-cooperative.

The big risk is of rogue employees. While

this risk is not unique to the securities sector, the

large sums of money involved, combined with a

weak AML culture, may expose a derivatives

broker-dealer to greater risk (see also Know your

employee).Supervisors worldwide are increasingly

targeting corruption associated with PEP

accounts. Subscription to a good know-your-

customer database of PEPs, suspected criminals

and terrorists is a must, using good name-

recognition technology.

Money laundering risks are mitigated to the

extent that a derivatives broker-dealer adopts

one-account, same-account policies for

receipts/payments and does not allow cash

Transaction PatternsMatching buys and sells in futures (wash trading) inapparently unrelated accountsFrequent derivative trades resulting in losses raisingissues on the clients knowledgeA customer engages in extensive, sudden orunexplained wire activity (especially with high-risk/ non-cooperative countries)Series of small cash deposits over a few daysTransfers between unrelated accounts especially ifemployee accounts involvedA large number of transactions across a number of

countries which do not appear justifiableInsider trading - offshore companies doing largederivative stock trades in a specific companyFunds held in derivative accounts not being used fortrading and requests for paymentMonies routed through and account closed

Main risk country by transactions/business ordomicile is high-risk/ non-cooperativeComplex offshore ownership structures anddifficulty in identifying the ultimate beneficial ownersSuspected nominee relationshipsA corporate customer lacks general knowledge ofits own industryA customer exhibits an unusual level of concern forsecrecyUnknown third party connections in account fundingor in account operations

Lack of concern regarding investment risks (eg,tax), commissions, transaction costs, or losses.A complete disregard for due diligence / research inconnection with the investmentsUnusual requests not in line with firms productsResidential address is a post office box orlawyers office

Unusual Activity Examples

Settlement ArrangementsThe instructions on the client file does not match thesettlement instructions on the transactionLarge or unusual settlements of transactions in cashor bearer formRequests for payments to third parties (eg, offshorecompanies)

After

investigation,classify as

Suspicious


5/8

AsiaRiskDERIVATIVES

June 2006 5

deposits.Derivatives broker-dealers with exposure to

the US markets should also be aware of theextra-territorial powers implicit in the US PatriotAct. The US Internal Revenue Service qualified-intermediary certification also affects the KYCstandards adopted.

Know-your-customer vulnerabilities

These largely depend on how the trading accountis set up. A securities account can be opened bythe customer or on his behalf, in person or by

remote means (such as the internet), by a third-party introduction or with indirect relationshipsthrough omnibus accounts of institutions.

Vulnerabilities arise if, for example,online account opening is not matched by properverification processes; beneficial owners are notidentified for nominee relationships or complexownership structures; the omnibus account isheld by an institution or in a jurisdiction that isnot regarded as equivalent (that is, regulated toFATF standards); or reliance is placed on an

unsuitable broker or adviser.More generally, market-trading

characteristics create a smoke screen. The FATFstates: The way derivatives are traded and thenumber of operators in the market means thatthere is the potential obscuring of the connectionbetween each new participant and the originaltrade. Furthermore, no single link in a series oftransactions will be likely to know the identity ofthe person beyond the one with whom he isdealing.

KYC profiles

The key to recognising suspicions is knowingenough about the customer and the customersnormal activities to recognise when a transactionor instruction, or a series of transactions orinstructions, is abnormal. The typical profile of aderivatives customer would cover the nature of

the transaction, value, volume and frequency.These profiles will differ depending on whether

the derivative products are OTC or exchange-based.

Regulators expect the private-bankingsector to have more stringent due-diligencestandards than other sectors because of theinherently higher risks. The US definition ofprivate-banking operations is where assets undermanagement are $1million or more, and adedicated relationship manager is allocated to aclient. If private-banking AML standards/definitions apply, a more rigorous KYC process

drafted on Wolfsberg guidelines for privatebanks, covering information such as clientsbusinesses, source of funds, cash assets, sourceof wealth and so on may be necessary tocollect and independently validate the relevantinformation. In any case, this would be bestpractice for high-value relationships even ifregulations do not specify such an approach.

Tone at the top

Clients of one bank that lost millions of dollarsin derivative transactions thanks to unscrupulousderivatives dealers recently led a lawsuitcharging the bank with, among other things, acriminal corporate culture. Changing culture is ahuge challenge.

The tone at the top has a significantimpact on programme quality. It directlydetermines the investment in technology, thefirm-wide approach to information-sharing andthe seriousness with which business functions

regard AML/CFT requirements.A periodic repetition by senior

management of the key message of good-qualitybusiness in the context of a banks role inAML/CFT is essential. Adoption of bestpractices such as the UK Money LaunderingReporting Officers Annual Report to seniormanagement would also help develop the tone atthe top.


6/8

AsiaRiskDERIVATIVES

June 2006 6

Building culture without silos

Compliance officers are in the unenviableposition of having to manage investmentadvisers and brokers who are commission-driven, over-worked and hyper-competitive.Derivative broker-dealers need an integratedapproach to detecting suspicious activity. Thefront-line staff are central, but they do not seeeverything. Other parts of the firm such as theback-office staff need to be brought into theAML/CFT loop. As Lori Richards of the USSEC says, firms need to avoid the silo problem

that was highlighted by the AmSouth Bank case,in which the AML compliance group did not

receive key information to allow it to make

informed decisions. An inadequate compliance

culture can manifest itself in several ways, such

as:

An attitude among junior employees thattheir suspicions and concerns are of no

consequence. This is particularly dangerous,

as junior employees are exposed to the day-

to-day transactional activity that can place a

derivatives broker-dealer on notice ofsuspicious activity.

Failure to adequately document KYCinformation on file.

Management pressure to transact. Over-zealousness in the attraction of new

business relationships. Unwillingness to subject important clients to

an appropriate degree of vigilance.

There are many components of an effective

awareness programme that emphasise the firms

commitment to AML/CFT regulatory

requirements and expectations:

The awareness programme must betechnology-driven. This would be achieved

by having a firm-wide intranet portal to share

information, including e-newsletters on casestudies and KYC issues.

Senior management ownership of theAML/CFT programme can be emphasised

through technology channels.

Compliance staff must be encouraged toattend business-unit meetings.

Other tactical measures include screensavers,morning login messages, posters and desktop

items, such as cubes.

The message must be driven from the top and

must be clear and consistent, to create aculture of compliance.

The ultimate objective of any AML/CFT

training/awareness programme should be to instil

New US and Australian rulesUnder the US Patriot Act, a US AML/CFT compliance programme must provide for certain minimum requirements:

the development of internal processes policies, procedures and controls;

the designation of a compliance officer;

the implementation of an employee training programme;

an independent audit function to review and test the implementation of the AML programme; and

a customer identification programme to identify the beneficial owners of funds and take reasonable measures to

understand the ownership and control structure of customers that are legal entities or arrangements.

The programme should be developed based on the boards risk-tolerance levels and should be board-approved. The actual

programme will depend on the type of business, the size and complexity of operations, the breadth and scope of the customer

base, the number of staff, and the firms resources.

On top of following obligations similar to those of the US Patriot Act, securities and derivatives broker-dealers under theAustralian 2005 exposure bill would also have to report international funds-transfers whenever reporting obligations aretriggered; and include with the funds-transfer instructions the customers name, address and account number (in line with FATFspecial recommendation 7 for combating the financing of terrorism). These requirements create new information collection,monitoring and reporting responsibilities for regulated entities.


7/8

AsiaRiskDERIVATIVES

June 2006 7

a strong intuition on AML/CFT issues in bothfrontline and back-office staff, as well as a risk-

based decision-making process. But this is easiersaid than done.

Know your employee

Know-your-employee (KYE) programmes arevital for protecting a derivative broker-dealersmoney and reputation. This is a particularly

sensitive issue for private banks and other large

derivatives broker-dealers that have high revenue

target numbers to achieve annually. KYE

processes must be risk-based. Internal auditplays a key role in any effective KYE

programme.

There are many signs that could indicate

potential laundering/fraud by an employee for

example, changes in employee characteristics,

such as lavish lifestyles or avoiding taking

holidays; changes in employee performance; or

new business referred by a new employee in

which the ownership structure of the entity is

unduly complex.

The nine levels of a KYE programme

Pre-hiring background screening checks forrisk management and to meet regulatory

requirements, where applicable.

Monitoring by verification with onlinedatabases to make sure an employee being

promoted does not have a criminal record.

A code of conduct specifying employeesfinancial relationships that are not acceptable

or other relationships that need to becontrolled, such as insider trading, Chinese

walls and so on.

Regular employee declarations of bankaccounts and shareholdings, including

conflict-of-interest reports, every three

months or so.

Monitoring of employee account transactionsabove a certain threshold this can vary

depending on the employees status. Observing employee lifestyles and social

connections to ensure they are a logical fit,

given salary levels/status. This should

happen in an unobtrusive manner.

Employees assigned to service the broker-dealers higher-risk client relationships and

their client accounts should be subject to

heightened scrutiny especially for new

employees and high-value new accounts.

Properly communicated whistle-blowing

policies, with a dedicated channel that guardsprivacy, are necessary in order to highlight

unusual activity.

Checks and balances to ensure high-riskfunctions have adequate levels of oversight

to avoid risk of employee fraud, particularly

by senior executives.

Internal audit reviews to test the overalleffectiveness of all the above, including

specific tests for insider complicity and

collusion within the firm.

Anti-fraud vulnerabilities

Studies highlight the key role of senior

executives in high-value frauds and the fact that

perpetrators are most often men. Fraud typically

occurs due to internal-control deficiencies, such

as inadequate skills and experience; lack of

clarity in organizational structure; improper

segregation of duties, poor whistle-blowing

policies and channels; a weak anti-identity-theft

programme that does not exploit technologyfully, inadequate internal audit and follow-up

action; or inadequate management oversight

(where, for example, if an individual generates a

significant profit, its reasonableness is not

independently validated).

Senior management should be explicit

about the companys view on fraud through a


8/8

AsiaRiskDERIVATIVES

June 2006 8

documented policy that is communicated toemployees.

Conclusion

As we have seen, the expectations of regulatorsfrom derivatives broker-dealers with regard toAML/CFT has increased significantly, andattention to this issue should be the number-onepriority of senior management. Nonetheless,supervisors do not expect zero failure. Theyexpect firms to manage their financial crime riskas they manage other business risks. This means

resourcing the activity adequately and puttingresources where there is most marginal benefit,against the backdrop of their legal obligations.

The priority for senior management hasto be building an enterprise-wide AML/CFTculture backed by technology tools. Supervisorswill look for documentation of a firms decision-making process. Compliance staff must think

laterally and make a creative use of feedback

from law enforcement. Internal audit must

recognise the importance of its role, and

capabilities must be enhanced. Ultimately, its allabout effective implementation.

Rohan Bedi is author of the PricewaterhouseCoopersSingapore publication Money Laundering Controlsand Prevention and the senior anti-money launderingimplementation manager at an international bank.email: [email protected]

Disclaimer: the opinions in this article are the authors own and donot represent the organisations in which he works and is/wasassociated with.

dirty derivatives

Documents