dirty derivatives
TRANSCRIPT
-
7/30/2019 Dirty Derivatives
1/8
AsiaRiskDERIVATIVES
June 2006 1
Dirty DerivativesRegulatory interest has been rising in the use of derivatives for moneylaundering for the past decade. New regulations in the US and Australia
underscore the importance of traditional know-your-customer, know-
your-employee and anti-fraud measures, says Rohan Bedi
Derivatives are an attractive product formoney laundering and, with the retailisation of
markets, also potentially for terrorist financing.
Over-the-counter derivatives markets are
particularly vulnerable to fraud and market
manipulation. Many factors make derivatives
attractive to criminals: the liquidity of the
markets; profit potential (even if the risks are
high); ability to transfer funds globally; the lack
of historical oversight for the purposes of anti-
money laundering/combating the financing of
terrorism (AML/CFT); and the ability to blur the
audit trail. And with banks tightening their
controls, launderers are now turning to other
sectors.
Rogue traders covered up trading losses
in the 1990s using derivatives, which attracted
regulatory attention. The tragic events of
September 11 heightened the AML/CFT focus.
The revised Financial Action Task Force (FATF)
40 principles of 2003, which bring in stricter
AML/CFT and know-your-customer (KYC)
standards, also specify 20 offences for money
laundering, including terrorist financing,corruption and bribery, fraud, insider trading and
market manipulation.
A derivatives broker-dealer with
poor controls in any of the above areas
could potentially find itself in violation of
the AML laws of the country.
Oppenheimer & Co in New York, for
example, paid a penalty of $2.8 million in
December for a lax AML programme.
Indeed, the US Securities and Exchange
Commission (SEC) states that 58% of the
AML compliance examinations
conducted on securities firms in 2005
revealed deficient programmes.
Laundering in the derivatives
markets is often a violation of both the
The author has witnessed various reasons for the failure of anti-money-laundering programmes, such as the folllowing:
Most common deficiency is in independent testingreflecting thedevelopment need of internal audit staffNot looking at the whole business ie, branch-offices, outsourcing,M&A, automated systems aggregation of customer information
Implicitly adopting an STR filing standard of knowledge whereasthe law requires reasonable grounds to suspect
Lack of communication between introducing and clearing firmsPoor training and awareness program not customised to business
model/risks and not useful to employees result is a weak culture
Firms lacking in automation failed to fully screen clients against
sanctions lists/ law enforcement requests
Lack of a qualified and empowered compliance officer
Silos where for example, back-office staff talk to no-oneQuality issues, such as reports being filed late, incomplete and failing toprovide relevant detail.
Typical AML/ CFT program failures
-
7/30/2019 Dirty Derivatives
2/8
AsiaRiskDERIVATIVES
June 2006 2
securities and AML laws. And supervisors are
now demanding more transparency and better
controls at derivative broker-dealers.
Perception of legitimacy
The whole concept of laundering is aboutbringing more legitimacy to the perception ofmonies held by the launderer/nominees. Chequesfrom well reputed derivatives broker dealersenhance legitimacy, particularly if the launderercan show that the cheques are the proceeds frominvestments carried out over a period of time.
The three stages of international moneylaundering are: the placement stage that putscash from crime for example, drug trafficking into the financial system; the layering stage,
which consists of numerous transactions
designed to distance the money from its criminal
origins; and the integration stage, where the
money finally gets invested in, say, property or
securities. If cash is not accepted by derivatives
broker-dealers, the basic risks are in the layering
and integration stages.
Types of industry risk
We will first review the specific industry risks
companies are exposed to from money
laundering before discussing firm-level risk
management issues.
Futures market wash trading: Blurringthe audit trail in the exchange-traded futuresmarket is quite easy with the help of acomplicit broker. There is no need to even
make a false entry or accept any falsedocumentation. The broker holds twocontracts in offsetting positions and assignsthe trading loss to the dirty-money accountand the trading gain to the clean-moneyaccount this is know as wash trading. Thedifference is the cost of laundering money.
The dirty-money account is typically held on
paper by a seemingly unlinked party. This
structure is sometimes used to bribe
politicians through accounts of a politicians
friends and relatives that is, accounts of
politically exposed persons. Capcom
Commodities, the BCCI commodity trading
affiliate, exploited the futures market to
launder money in the 1980s.
Forward market offsetting positions:This method is used in layering once themoney is placed into the system to add a
layer of legitimacy, or at the placement stage
if the broker-dealer accepts cash. The
launderer buys spot and sells forward, or vice
versa. In a market rally, one transaction
records a capital gain for example, spot
when the launderer liquidates the transaction.
The other in this case, forward
transaction has a notional capital loss that the
launderer avoids by cancelling the trade and
paying the broker the loss amount. The
complicit broker then destroys the record of
the losing transaction and the launderer exits
with a capital gain. The laundering cost is the
double commission plus any extra money
Rohan, Bedi: changing company culture is a huge challenge
-
7/30/2019 Dirty Derivatives
3/8
AsiaRiskDERIVATIVES
June 2006 3
paid for the brokers silence. Such a scheme
might typically take place in a smaller firm.
Options trading: Frequent transactions withmodest capital gains say, through options
trading in currencies, commodities or stocks
would not attract as much attention as, for
instance, a large real-estate gain. Launderers
can also use off-market derivatives trades
non-standard direct contracts between
bilateral parties to show capital gains. By
structuring these transactions with offshore
companies that they owned/control,
launderers can show some losses (to appear
legitimate), but with larger profits. Client-originated insider trading: The
World Bank states: Derivatives that
replicate insider-trading opportunities (for
example, a synthetic version of a company
stock subject to merger or takeover) can be
used to avoid detection of an unusual change
in a listed stock price. Hence, significant
trading positions taken on a specific stocks
options could highlight client-originated
insider trading. In securities fraud, it is
common for insider trading to be donethrough offshore entities, with the
perpetrators hiding behind nominees.
Swaps smoke screen: More broadly,derivative products such as swaps (interestrate, foreign exchange) add a layer oflegitimacy to company funds, giving theperception that regular business is under wayfor which risks are being managed. OTCswaps have been used by large companiessuch as Enron to take profits from schemes
manipulating the natural gas sales market. New derivatives-trading platforms auto
trade: Trading platforms have also evolved,and auto-trading on options/futures e-newsletter recommendations is now availablewith reliable broker-dealers and access to anonline account. This creates a new channelfor layering/ investing monies, as thelaunderer no longer needs to rely on a private
banker or any other adviser in face-to-faceinteractions. With retailisation of the
derivatives markets, low-value trades say,$5,000 or less can be done, and this createsterrorist-financing vulnerabilities. Terroristprofiles include individuals with pettycriminal records who are self-financing.
Client pressure: The launderer allows anopen position to become under-margined.The broker-dealer would be keen to reduceits credit risk and may become vulnerable toaccepting monies from unknown sources.The launderer funds the account and closes
the position, making a loss but converting theproceeds of crime into a clean cheque fromthe firm, supported with a record of tradingactivity.
The three AML risk models
The standard AML risk management modelsemployed globally by banks cover the followingrisk areas: geography and country; business andentity; and product and transaction. The methods
used by launderers to enable them to carry outtransactions include the use of intermediaries,offshore structures and special-purpose vehicles.Higher-risk scenarios include:
The use of complex corporate and account-holding structures for example, layeredstructures, including offshore trusts, shellcompanies (including bearer-sharecompanies); nominee shareholders/authorized signatories/directors (including
corporate directors); and professionalintermediaries. Launderers exploit the factthat information about the beneficialownership of legal entities and arrangementsin offshore financial centres can be difficultto obtain, other than the basic registrationdetails. Broker-dealers should note that whileoffshore shell companies can be legitimatelyused as private investment companies for
-
7/30/2019 Dirty Derivatives
4/8
AsiaRiskDERIVATIVES
June 2006 4
holding assets, they are also misused bycriminals and terrorists.
Shell banks continue to play a role inlaundering schemes; the US Treasurys
Financial Crimes Enforcement Network
(FinCEN) seventh SAR review identifies
several east European countries with shell
banks and shell companies. The SAR
review provides feedback to financial
institutions about suspicious activity reported
to FinCEN.
Customers who are politically exposedpersons (PEPs) are a significant laundering
risk, especially if they are from a highlycorrupt country. PEPs in certain countries
may also have a connection with terrorist
financing.
Introduced business, where a broker-dealermay place undue reliance on the due
diligence conducted by an introducer.
The US Office of Foreign Assets Control(Ofac) (US sanctions) identifies high-risk
areas for Ofac transactions, which include
OTC derivatives and online transactions.
Moreover, in
developing a detailed
listing of unusual activity,
a derivatives broker-dealer
should take into account
local risks and market
practices. A transaction
may not always appear
suspicious if reviewed in
isolation, and comparison
with history/peers may benecessary. Close attention
is needed to any
transactions that appear to
be linked. Depending on
volumes, technology may
be required for AML/CFT
monitoring, especially for
online broker-dealers.
Wire-transfer activity should be subject to
heightened scrutiny. Monitoring of this area
should include review of unusual wire transfers,including those that involve an unexpected or
extensive number of transfers by a particular
account during a particular period and transfers
involving certain countries identified as high-risk
or non-cooperative.
The big risk is of rogue employees. While
this risk is not unique to the securities sector, the
large sums of money involved, combined with a
weak AML culture, may expose a derivatives
broker-dealer to greater risk (see also Know your
employee).Supervisors worldwide are increasingly
targeting corruption associated with PEP
accounts. Subscription to a good know-your-
customer database of PEPs, suspected criminals
and terrorists is a must, using good name-
recognition technology.
Money laundering risks are mitigated to the
extent that a derivatives broker-dealer adopts
one-account, same-account policies for
receipts/payments and does not allow cash
Transaction PatternsMatching buys and sells in futures (wash trading) inapparently unrelated accountsFrequent derivative trades resulting in losses raisingissues on the clients knowledgeA customer engages in extensive, sudden orunexplained wire activity (especially with high-risk/ non-cooperative countries)Series of small cash deposits over a few daysTransfers between unrelated accounts especially ifemployee accounts involvedA large number of transactions across a number of
countries which do not appear justifiableInsider trading - offshore companies doing largederivative stock trades in a specific companyFunds held in derivative accounts not being used fortrading and requests for paymentMonies routed through and account closed
Main risk country by transactions/business ordomicile is high-risk/ non-cooperativeComplex offshore ownership structures anddifficulty in identifying the ultimate beneficial ownersSuspected nominee relationshipsA corporate customer lacks general knowledge ofits own industryA customer exhibits an unusual level of concern forsecrecyUnknown third party connections in account fundingor in account operations
Lack of concern regarding investment risks (eg,tax), commissions, transaction costs, or losses.A complete disregard for due diligence / research inconnection with the investmentsUnusual requests not in line with firms productsResidential address is a post office box orlawyers office
Unusual Activity Examples
Settlement ArrangementsThe instructions on the client file does not match thesettlement instructions on the transactionLarge or unusual settlements of transactions in cashor bearer formRequests for payments to third parties (eg, offshorecompanies)
After
investigation,classify as
Suspicious
-
7/30/2019 Dirty Derivatives
5/8
AsiaRiskDERIVATIVES
June 2006 5
deposits.Derivatives broker-dealers with exposure to
the US markets should also be aware of theextra-territorial powers implicit in the US PatriotAct. The US Internal Revenue Service qualified-intermediary certification also affects the KYCstandards adopted.
Know-your-customer vulnerabilities
These largely depend on how the trading accountis set up. A securities account can be opened bythe customer or on his behalf, in person or by
remote means (such as the internet), by a third-party introduction or with indirect relationshipsthrough omnibus accounts of institutions.
Vulnerabilities arise if, for example,online account opening is not matched by properverification processes; beneficial owners are notidentified for nominee relationships or complexownership structures; the omnibus account isheld by an institution or in a jurisdiction that isnot regarded as equivalent (that is, regulated toFATF standards); or reliance is placed on an
unsuitable broker or adviser.More generally, market-trading
characteristics create a smoke screen. The FATFstates: The way derivatives are traded and thenumber of operators in the market means thatthere is the potential obscuring of the connectionbetween each new participant and the originaltrade. Furthermore, no single link in a series oftransactions will be likely to know the identity ofthe person beyond the one with whom he isdealing.
KYC profiles
The key to recognising suspicions is knowingenough about the customer and the customersnormal activities to recognise when a transactionor instruction, or a series of transactions orinstructions, is abnormal. The typical profile of aderivatives customer would cover the nature of
the transaction, value, volume and frequency.These profiles will differ depending on whether
the derivative products are OTC or exchange-based.
Regulators expect the private-bankingsector to have more stringent due-diligencestandards than other sectors because of theinherently higher risks. The US definition ofprivate-banking operations is where assets undermanagement are $1million or more, and adedicated relationship manager is allocated to aclient. If private-banking AML standards/definitions apply, a more rigorous KYC process
drafted on Wolfsberg guidelines for privatebanks, covering information such as clientsbusinesses, source of funds, cash assets, sourceof wealth and so on may be necessary tocollect and independently validate the relevantinformation. In any case, this would be bestpractice for high-value relationships even ifregulations do not specify such an approach.
Tone at the top
Clients of one bank that lost millions of dollarsin derivative transactions thanks to unscrupulousderivatives dealers recently led a lawsuitcharging the bank with, among other things, acriminal corporate culture. Changing culture is ahuge challenge.
The tone at the top has a significantimpact on programme quality. It directlydetermines the investment in technology, thefirm-wide approach to information-sharing andthe seriousness with which business functions
regard AML/CFT requirements.A periodic repetition by senior
management of the key message of good-qualitybusiness in the context of a banks role inAML/CFT is essential. Adoption of bestpractices such as the UK Money LaunderingReporting Officers Annual Report to seniormanagement would also help develop the tone atthe top.
-
7/30/2019 Dirty Derivatives
6/8
AsiaRiskDERIVATIVES
June 2006 6
Building culture without silos
Compliance officers are in the unenviableposition of having to manage investmentadvisers and brokers who are commission-driven, over-worked and hyper-competitive.Derivative broker-dealers need an integratedapproach to detecting suspicious activity. Thefront-line staff are central, but they do not seeeverything. Other parts of the firm such as theback-office staff need to be brought into theAML/CFT loop. As Lori Richards of the USSEC says, firms need to avoid the silo problem
that was highlighted by the AmSouth Bank case,in which the AML compliance group did not
receive key information to allow it to make
informed decisions. An inadequate compliance
culture can manifest itself in several ways, such
as:
An attitude among junior employees thattheir suspicions and concerns are of no
consequence. This is particularly dangerous,
as junior employees are exposed to the day-
to-day transactional activity that can place a
derivatives broker-dealer on notice ofsuspicious activity.
Failure to adequately document KYCinformation on file.
Management pressure to transact. Over-zealousness in the attraction of new
business relationships. Unwillingness to subject important clients to
an appropriate degree of vigilance.
There are many components of an effective
awareness programme that emphasise the firms
commitment to AML/CFT regulatory
requirements and expectations:
The awareness programme must betechnology-driven. This would be achieved
by having a firm-wide intranet portal to share
information, including e-newsletters on casestudies and KYC issues.
Senior management ownership of theAML/CFT programme can be emphasised
through technology channels.
Compliance staff must be encouraged toattend business-unit meetings.
Other tactical measures include screensavers,morning login messages, posters and desktop
items, such as cubes.
The message must be driven from the top and
must be clear and consistent, to create aculture of compliance.
The ultimate objective of any AML/CFT
training/awareness programme should be to instil
New US and Australian rulesUnder the US Patriot Act, a US AML/CFT compliance programme must provide for certain minimum requirements:
the development of internal processes policies, procedures and controls;
the designation of a compliance officer;
the implementation of an employee training programme;
an independent audit function to review and test the implementation of the AML programme; and
a customer identification programme to identify the beneficial owners of funds and take reasonable measures to
understand the ownership and control structure of customers that are legal entities or arrangements.
The programme should be developed based on the boards risk-tolerance levels and should be board-approved. The actual
programme will depend on the type of business, the size and complexity of operations, the breadth and scope of the customer
base, the number of staff, and the firms resources.
On top of following obligations similar to those of the US Patriot Act, securities and derivatives broker-dealers under theAustralian 2005 exposure bill would also have to report international funds-transfers whenever reporting obligations aretriggered; and include with the funds-transfer instructions the customers name, address and account number (in line with FATFspecial recommendation 7 for combating the financing of terrorism). These requirements create new information collection,monitoring and reporting responsibilities for regulated entities.
-
7/30/2019 Dirty Derivatives
7/8
AsiaRiskDERIVATIVES
June 2006 7
a strong intuition on AML/CFT issues in bothfrontline and back-office staff, as well as a risk-
based decision-making process. But this is easiersaid than done.
Know your employee
Know-your-employee (KYE) programmes arevital for protecting a derivative broker-dealersmoney and reputation. This is a particularly
sensitive issue for private banks and other large
derivatives broker-dealers that have high revenue
target numbers to achieve annually. KYE
processes must be risk-based. Internal auditplays a key role in any effective KYE
programme.
There are many signs that could indicate
potential laundering/fraud by an employee for
example, changes in employee characteristics,
such as lavish lifestyles or avoiding taking
holidays; changes in employee performance; or
new business referred by a new employee in
which the ownership structure of the entity is
unduly complex.
The nine levels of a KYE programme
Pre-hiring background screening checks forrisk management and to meet regulatory
requirements, where applicable.
Monitoring by verification with onlinedatabases to make sure an employee being
promoted does not have a criminal record.
A code of conduct specifying employeesfinancial relationships that are not acceptable
or other relationships that need to becontrolled, such as insider trading, Chinese
walls and so on.
Regular employee declarations of bankaccounts and shareholdings, including
conflict-of-interest reports, every three
months or so.
Monitoring of employee account transactionsabove a certain threshold this can vary
depending on the employees status. Observing employee lifestyles and social
connections to ensure they are a logical fit,
given salary levels/status. This should
happen in an unobtrusive manner.
Employees assigned to service the broker-dealers higher-risk client relationships and
their client accounts should be subject to
heightened scrutiny especially for new
employees and high-value new accounts.
Properly communicated whistle-blowing
policies, with a dedicated channel that guardsprivacy, are necessary in order to highlight
unusual activity.
Checks and balances to ensure high-riskfunctions have adequate levels of oversight
to avoid risk of employee fraud, particularly
by senior executives.
Internal audit reviews to test the overalleffectiveness of all the above, including
specific tests for insider complicity and
collusion within the firm.
Anti-fraud vulnerabilities
Studies highlight the key role of senior
executives in high-value frauds and the fact that
perpetrators are most often men. Fraud typically
occurs due to internal-control deficiencies, such
as inadequate skills and experience; lack of
clarity in organizational structure; improper
segregation of duties, poor whistle-blowing
policies and channels; a weak anti-identity-theft
programme that does not exploit technologyfully, inadequate internal audit and follow-up
action; or inadequate management oversight
(where, for example, if an individual generates a
significant profit, its reasonableness is not
independently validated).
Senior management should be explicit
about the companys view on fraud through a
-
7/30/2019 Dirty Derivatives
8/8
AsiaRiskDERIVATIVES
June 2006 8
documented policy that is communicated toemployees.
Conclusion
As we have seen, the expectations of regulatorsfrom derivatives broker-dealers with regard toAML/CFT has increased significantly, andattention to this issue should be the number-onepriority of senior management. Nonetheless,supervisors do not expect zero failure. Theyexpect firms to manage their financial crime riskas they manage other business risks. This means
resourcing the activity adequately and puttingresources where there is most marginal benefit,against the backdrop of their legal obligations.
The priority for senior management hasto be building an enterprise-wide AML/CFTculture backed by technology tools. Supervisorswill look for documentation of a firms decision-making process. Compliance staff must think
laterally and make a creative use of feedback
from law enforcement. Internal audit must
recognise the importance of its role, and
capabilities must be enhanced. Ultimately, its allabout effective implementation.
Rohan Bedi is author of the PricewaterhouseCoopersSingapore publication Money Laundering Controlsand Prevention and the senior anti-money launderingimplementation manager at an international bank.email: [email protected]
Disclaimer: the opinions in this article are the authors own and donot represent the organisations in which he works and is/wasassociated with.