Combating Money Laundering: How Well are You Managing your Company’s Risk?
John Farrell
SVP Financial Services.
CGI
James Fried
Assistant Treasurer
TIMEXGROUP
2
Today’s regulatory environment mandates that
companies (and individuals) know:
• Who they are doing business with, including
eventual third parties where their products or
services may end up
• Where their goods and services are being
delivered
• What products, services or intellectual property
they are providing
Who, Where, What…..
3
• OFAC
• SDN
• FinCen
• FAFT
• PATRIOT ACT
• FCPA
• ………..
All persons and entities must comply –ignorance is no excuse!
An alphabet soup of regulations and agencies
4
• So far this year, OFAC alone has imposed
$623,000,000 in enforcement actions
(almost all of these ended up reported in the press)
• Financial Institutions are by far the most
penalized target, but manufacturers,
distributors and service companies
outweigh banks in the number of actions
• The SDN list currently has over 5,000 entries
and is updated frequently
What is the potential liability?
5
Technology plays a large role
• It has to, due to large transaction volumes
• They check (or should check) all of the financial transactions you initiate against:
− Published List
− Suspicious Activities
• Very complex algorithms and “fuzzy logic” is employed
− Alternate spellings
− Potential abbreviations
− Word proximity
− Ability to interpret Cyrillic and Asian characters
What can we learn from Banks
Even though your bank does these checks, you are not released from liability!
6
A Company must• Investigate and evaluate ALL potential transactions
− Domestic as well as international – 100%
− Responsibility starts at point of inquiry – whether or not transaction is completed
− New as well as old – need review process
• Check against all lists and watch lists− Company name, ownership, officers, directors
− Not just buyer/seller – ALL parties involved
− Check during all phases of the transaction – not just once
• Maintain records – show that you checked!
Know Your Customer (KYC)
7
• Reluctant to give information; evasive; unclear
• Products do not fit the line of business
• Unfamiliar with product use
• Declines routine services (training, maintenance)
• Willing to pay cash when terms would be the norm
• Product incompatible with destination
• Abnormal shipping route
• Freight forwarder is final destination
• Will not supply final destination
KYC: Possible Red Flags
8
• You are required to report suspicious transactions
– “Hits” on lists
– Suspicious activity (red flags?)
– All agency websites have inquiry access (e-mail, phone, fax)
for questions
– You must report even if you know another party has already
done so! Every party has separate responsibility to report!
• To whom?
– To the agency responsible (Treasury, BIS, etc.)
– Reporting instructions are on all websites
• Phone, fax, e-mail, anonymous form
Reporting
9
• For all companies, must address (minimally):
– OFAC
– SDN
– USA PATRIOT ACT
– Know your customer (KYC), and preferably KYCC
– Anti-money laundering
• Companies with int’l business must also address:
– Customs
– Export Regs
– Anti-Boycott
– Foreign Corrupt Business Practices Act
Create and Maintain a Compliance Program
10
Compliance Programs
• Companies must have a
mandatory and written
compliance program in
place for all government
regulations
• Having such a policy will
help if you get into a sticky
situation
11
Elements for Success
• Designate a Compliance officer
– Preferably a senior person (CFO, COO)
– May need others to assist
• Also consider internal or external legal counsel
• Assess the risk
– Determine where areas of exposure are
• High risk countries, industries
• Cash business
• Corporate structure, office locations
12
More Elements
• Assign responsibilities
– Clear rules and procedures
– “Go-to” persons for possible violations
– Record-keeping requirements
• Distribute Regulatory Info to Key Persons
– Including OFAC, SDN lists, money laundering updates,
reg changes, etc.
– Easy to subscribe to free updates from regulatory agencies
13
More Elements
• Training for ALL Employees on Compliance– Cover regulatory basics
– “Go-to” procedures
– Consequences for
non-compliance
– Sign statement that
they understand
– Annual event!
• Constant Communication with employees– Changes, Policy Updates, Seminars
14
More Elements
• Conduct Compliance Audit– Spot checks
• Especially for high-risk areas
– Annual in-depth audit
– Check reporting
15
Non-Compliance• Visits by Federal Agents
• Paperwork/Reports
• IRS Audits
• Fines
• Seizure of Goods, Funds
• Revocation of Export License
• Criminal Penalties
• Civil Penalties
• AND - the law prohibits your employer from paying any of your fines/civil penalties
16
Non-Compliance can:
Cost You Money…
Or Worse!!!
17
Protect Yourself!
• Implement and maintain a compliance policy
• Mandate the completion of a credit app for all transactions
– Add compliance language to credit apps
– Also to PO’s, contracts, any written materials
• Have a trained “go-to” person
– Attorney, senior officer
– Consolidate reporting into one place/one person
• Train ALL employees; train a few intensely
– Keep record of training sessions with sign-in sheets
• Keep written records
• Cooperate with any investigations
18
Last, but not least -
• Automate!!!!!!
• The complexity of compliance has inspired
private development of software/web-based
systems to assist in managing compliance
• Vendors keep up with regs
– Many cross-check up to 14 different lists and
watch lists
• “Canned” or customized versions
19
If you automate:
• Ask about matching / “false hits”
– Lots of names are similar and vendors approach this differently
• Remember to ask about managing existing A/P and A/R databases, not just new inquiries
– The OFAC/SDN lists change
• If you are multi-national, ask about non-US options
• Evaluate web access vs. installed software
– Update issues
20
QUESTIONS
US Government Regulatory Compliance
James A. Fried, CCE
Timex Group USA, Inc.
Today’s Objectives
1. Review of Regulations
2. Your responsibilities
3. Where to get information
4. How to put together a compliance program
5. Horror Stories so you know this is serious
Regulations
Regulations
• Office of Foreign Asset Control (OFAC)
• Specially Designated Nationals (SDN)
• USA PATRIOT Act
• Export Denial Orders
• Anti-Boycott
• Anti-Money Laundering (FinCEN and FATF)
• Customs regulations
• Foreign Corrupt Practices Act
Who is affected by the regs?
• All US citizens and permanent resident aliens, regardless of location
• All persons/entities within the USA
• All USA incorporated entities and their foreign branches
– Special exclusions for “arm’s length” offices
– For certain programs:
– Cuba/N Korea: foreign subs/entities owned or controlled by USA company
Special Exclusions• Arm’s length:
– Subsidiary must have its own officers/board
– No officer or board member may be a US citizen/resident alien
– No employee involved in or having knowledge of transaction may be a US citizen/resident alien
– Profits may not be repatriated to US
• Dividends can be paid
– US entities must be completely blind to transactions
• Do not attempt this without legal counsel
And for added excitement,
• There can be tax consequences, as certain legally permitted activities may have to be reported on tax returns
• IMPORTANT: the regulations are now designed so that violation of one may also trigger violation(s) of other(s) – a “no escape” environment
Office of Foreign Asset Control
• Department of the Treasury
• Identifies countries, activities, generic groups that are prohibited
• Sanctions may be full or partial (limited to certain activities)– Often very difficult to interpret
• Treasury Licenses might be required– Depends on the sanction, and/or goods
classification/type (EAR mostly)
Current OFAC Sanctions
• Balkans
• Burma (Myanmar)
• Cuba
• Diamond Trading
• Iran
• Iraq
• Liberia
• Libya
• Narcotics Trafficking
• Non-Proliferation (Weapons of Mass Destruction)
• North Korea
• Sudan
• Syria
• Terrorists
• Zimbabwe
UN Sanctions
• Do not confuse OFAC with UN Sanctions
• USA sanctions are generally in sync with UN
– Contain slight variations
– Have groupings/categories
– USA has its own unilateral sanctions
• Most other countries – especially industrialized countries – follow UN sanctions
– This can cause confusion
The SDN List
• Specially Designated Nationals
• List of prohibited companies/persons:– Terrorists, drug dealers, money launderers, agents of
OFAC-prohibited entities
• Updated as needed
• Must be checked for ALL parties in a transaction:– Buyer, seller, intermediaries, cargo handling, insurance
co’s, vessel ownership, banks
– Includes owners & officers
USA PATRIOT ACT
• Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act
• Best known/publicized for adjusting the legal processes for wiretapping and privacy as they relate to searching for terrorists
• BUT – also contains many provisions related to the business community
• Act has been revised several times since inception
USA PATRIOT ACT• Know your customer regs:
– ALL companies must have due diligence procedures in place to scrutinize/evaluate all potential and actual business transactions• Includes purely domestic business as well as int’l• Screen every party in transaction against ALL regs• Recordkeeping requirements
– Foreign Banks must be pre-certified with USA banks• Affects all bank-to-bank business: deposit accounts, loans,
risk (I.e., LC confirmations)• Impacts corporate ability to “shop” banks• Slows things down
Export Denial Orders
• Immigration and Customs Enforcement(formerly BIS, formerly BXA)
• Export related; now monitoring pre-export• Know Your Customer requirements
– Red Flag Indicators list
• Also applies to certain types of exports with “dual use”– Technology– Military– Fundamental research
Anti-Boycott
• Protects allies and non-discrimination of the USA
• Primarily, but not solely, applicable to Israel and Middle East
• Watch for prohibited language on contracts, paperwork, PO’s, LC’s or other instruments
• Prohibited language is not intuitive!
Arab League Boycott of Israel
• Common boycott language requires that:
– No Israeli citizen or person of Israeli origin may be employed in any facet of the contract;
– No product or service of Israeli origin be may used to fulfill the contract. • Frequently prohibits use of Israeli carrier, passage
through Israeli port
Current Boycotting Countries
• BAHRAIN
• IRAQ
• JORDAN
• KUWAIT
• LEBANON
• LIBYA
• OMAN
• QATAR
• SAUDI ARABIA
• SYRIA
• REPUBLIC OF YEMEN
• UNITED ARAB EMIRATES
– UAE
– ABU DHABI
– SHARJAH
– AJMAN
– UMM AL-QAIWAIN
– RAS AL KHAIMAH
– FUJAIRH
Lesser known prohibited activities
• Refusing or requiring any other person to refuse to employ
or to discriminate against any U.S. person on the basis of
race, religion, sex or national origin;
• Furnishing information with respect to the race, religion,
sex, or national origin of any U.S. person
Anti-Money Laundering
• FinCEN (Financial Crimes Enforcement Network) and Financial Action Task Force (FATF)
• FATF has a list of countries which do not comply with their 40-point anti-money laundering program
• Transactions not prohibited, but will be flagged by financial institutions and subject to investigation
• FinCEN regs affect financial services– Reporting, forms, deposits, patterns– Which in turn, affects YOU!
Current List
• FATF Non-Complying Countries:
– Myanmar (Burma)
– Nauru
– Nigeria
Customs Regulations• Imports:
– 24 hour rule for Cargo Manifest prior to departure from foreign port
• Exports:– Cargo inspections– 24 hour rule for Cargo Manifest prior to loading– Regs have negatively impacted shipping schedules
• All translates to cash flow changes and higher freight costs!!!
• NOTE: inspections also may apply to pre-export and post-import transactions
Foreign Corrupt Practices Act
• Prohibits US companies from bribing foreign official to initiate or maintain business in that country
• Applies to employees, directors, stockholders, and agents– Cannot authorize another person to do what you
(as US citizen/res. Alien) cannot do directly
• “Foreign Official” includes any employee of a nationalized company
Foreign Corrupt Practices Act
Watch for:
• Country involved
• (corruption index – www.transparency.org)
• Large commissions or fees
• Lump sum invoices
• Split of offshore payments
Websites
• www.treas.gov/ofac– OFAC and SDN
• www.bxa.ntis.gov– KYC, red flags, anti-boycott, denied persons list, export
regulations by industry, licensing info
• www.cbp.gov– Customs regs and forms
• www1.oecd.org/fatf/NCCT_en.htm#List– FATF money laundering watch list
Your Responsibilities
USA Regulatory Compliance
Know Your Customer
• Company must– Investigate and evaluate ALL potential transactions
• Domestic as well as international – 100%• Responsibility starts at point of inquiry – whether or not
transaction is completed• New as well as old – need review process
– Check against all lists and watch lists• Company name, ownership, officers, directors• Not just buyer/seller – ALL parties involved• Check during all phases of the transaction – not just once
– Maintain records – show that you checked!!!
“Know” includes:
• Customary credit information (5 c’s)• Ultimate buyer/seller
– Lots of scrutiny on transactions involving intermediaries
• Ultimate destination/origin of goods• Evidence in writing strongly encouraged
– Credit apps, signed– E-mails or other written correspondence– Copies of website checks (lists/watch lists)– Dates and initials of employee(s) conducting check(s)
It’s NOT Intuitive!!!!
Bay Industries, Santa Monica, CA
Cargo Aircraft Leasing Corp, Ft. Lauderdale, FL
Sports Zone, Houston, TX
Travel Services, Inc, Hialeah, FL
Matrix Churchill Corp, Cleveland, OH
Holy Land Foundation for Relief & Development,
Richardson, TX
Atlas Air Conditioning, London
Vinales Tours, Cancun
Possible Red Flags
• Reluctant to give information; evasive; unclear• Products do not fit the line of business• Unfamiliar with product use• Declines routine services (training, maintenance)• Willing to pay cash when terms would be the
norm• Product incompatible with destination• Abnormal shipping route• Freight forwarder is final destination• Will not supply final destination
Red Flag Indicators
• BXA has great info in its website!!!
– www.bxa.doc.gov – lists to check
– www.bxa.doc.gov/enforcement/knowcust.htm
– http://www.bxa.doc.gov/enforcement/redflags.htm
Reporting
• You are required to report suspicious transactions
– “Hits” on lists
– Suspicious activity (red flags?)
– All agency websites have inquiry access (e-mail, phone, fax) for questions
– You must report even if you know another party has already done so!!! Every party has separate responsibility to report!!!
• To whom?
– To the agency responsible (Treasury, BIS, etc.)
– Reporting instructions are on all websites
• Phone, fax, e-mail, anonymous form
Credit Reports
• For Credit Bureaus, Credit Reporting Agencies, Requestors of Information
• Credit Bureaus can choose to include OFAC/SDN info on credit reports
• If so, they must follow specific guidelines
– That info is similar to info on the OFAC/SDN lists. Cannot state that it is prohibited unless known for certain
– Should direct users to the OFAC brochure
– OFAC cannot remove info from credit report
Compliance Programs
Elements and Implementation
Compliance Programs
• Companies must have a mandatory and written compliance program in place for all gov’t regs
• Having such a policy will help if you get into a sticky situation
Compliance Programs
• For all companies, must address (minimally)
– OFAC
– SDN
– USA PATRIOT ACT
– Know your customer (KYC), and preferably KYCC
– Anti-money laundering
• Companies with int’l business must also address
– Customs
– Export Regs
– Anti-Boycott
– Foreign Corrupt Business Practices Act
Elements for Success
• Designate a Compliance officer
– Preferably a senior person (CFO, COO)
– May need others to assist
• Also consider internal or external legal counsel
• Assess the risk
– Determine where areas of exposure are
• High risk countries, industries
• Cash business
• Corporate structure, office locations
More Elements
• Assign responsibilities– Clear rules and procedures
– “Go-to” persons for possible violations
– Record-keeping requirements
• Distribute Regulatory Info to Key Persons– Including OFAC, SDN lists, money laundering
updates, reg changes, etc.
– Easy to subscribe to free updates from regulatory agencies
More Elements
• Training for ALL Employees on Compliance
– Cover regulatory basics
– “Go-to” procedures
– Consequences for non-compliance
– Sign statement that they understand
– Annual event!
• Constant Communication with employees
– Changes, Policy Updates, Seminars
More Elements
• Conduct Compliance Audit
– Spot checks
• Especially for high-risk areas
– Annual in-depth audit
– Check reporting
Non-Compliance• Visits by Federal Agents
• Paperwork/Reports
• IRS Audits
• Fines
• Seizure of Goods, Funds
• Revocation of Export License
• Criminal Penalties
• Civil Penalties
• AND - The law prevents your employer from paying any of your fines/civil penalties
Non-Compliance can:
Cost You Money…
Or Worse!!!
Protect Yourself!
• Implement and maintain a compliance policy
• Mandate the completion of a credit app for all transactions– Add compliance language to credit apps
– Also to PO’s, contracts, any written materials
• Have a trained “go-to” person– Attorney, senior officer
– Consolidate reporting into one place/one person
• Train ALL employees; train a few intensely– Keep record of training sessions with sign-in sheets
• Keep written records
• Cooperate with any investigations
Last, but not least -
• Automate!!!!!!
• The complexity of compliance has inspired private development of software/web-based systems to assist in managing compliance
• Vendors keep up with regs
– Many cross-check up to 14 different lists and watch lists
• “Canned” or customized versions
If you automate:
• Ask about matching/”false hits”– Lots of names are similar and vendors approach this
differently
• Remember to ask about managing existing A/P and A/R databases, not just new inquiries– The OFAC/SDN lists change
• If you are multi-national, ask about non-US options
• Evaluate web access vs. installed software– Update issues
Possible Vendors
• There are lots, but these are ones with whom I am personally/professionally familiar, in alphabetical order:– Bridger Insight– IBM– Innovative Systems– Nextlinx– Thomson Financial– TradePoint
• Check with others – “live” referrals are best!