risk based approach bachir el nakib july 2009 [compatibility mode]

B ildi Ri k P filBuilding Risk Profile

Bashir A. El-Nakib, CAMS, ACFE, CFAPManaging Partner/CEO

Compliance ALert July 09, 2009 1

THE ONLY ISSUE?COMPLIANCE & REGULATORY RISK

The problem is KYC - CUSTOMERSCORRESPONDENTSKNOW YOUR - CORRESPONDENTS

- EMPLOYEES- SHAREHOLDERS

7/8/2009 Risk Based Approach 2

Outline

Introduction/OverviewIntroduction/Overview

Background

Developing a Risk Based ApproachDeveloping a Risk Based Approach

AML Program Elements

Embargoes & Sanctions

Identifying Risk

Risk Types & Characteristics

Red Flags

Issues/Challenges

Summary

Open Discussion


Definitions

Money Laundering

Money Laundering is the process by which criminals attempt to conceal the true origin and ownership of the proceeds of criminal activities.

Terrorist Financing

An offence by any means, directly or indirectly, unlawfully and willfully,An offence by any means, directly or indirectly, unlawfully and willfully, which provides or collects funds with the intention that they should be used or in the knowledge that they are to be used, in full or in part, in order to carry out an act intended to cause death or serious bodily injury to a i ili t th t t ki ti t i th h tiliti icivilian, or to any other person not taking an active part in the hostilities in a

situation of armed conflict, when the purpose of such act, by its nature or context, is to intimidate a population, or to compel a government or an international organization to do or to abstain from doing any act.international organization to do or to abstain from doing any act.

7/8/2009 Risk Based Approach 4Source: United Nations 1999 International Convention for the Suppression of the Financing of Terrorism

Regulatory ConcernsRegulatory ConcernsC f• Certain types of transactions have come under intense regulatory and law enforcement scrutiny, especially in the US.

– Transactions involving shell companies.

– The potential for abuse of cover payments to launder p p yfunds or to avoid SIC/UN/BOE/OFAC regulations.


Development of Local StandardsBanks AML Due

Diligence Guidelines on Measures Against Money Laundering

• Required financial entities to design their own detailed Policy Manual to suit the nature of their particular environment in

hi h th t d

Law 318 Money Laundering

which they operated• Permitted compliance based on commercial considerations BDL Basic Circulars 83

Standard

M L Procedures Standards

Risk based approach to Know Your Customer (KYC)Banks Project to rectify existing higher risk accounts

Interim Circular Banks Project to rectify existing higher risk accountsEnhanced procedures to identify and monitor special risk cases Compulsory Procedures Guidelines

20, 35, 136, 190

Announcement (4) Know Your Customer (KYC) for Transit subjectsR ll t ld t f KYC i l t ti

7/8/2009 6

• Roll-out over old customers for KYC implementation

Compliance Processp

4 Ph4 Phases

Risk identification

Risk assessment

Risk Monitoring

Risk Reporting

s o to g


Risk Reporting77

Proposed Enhanced Due Diligence for High-Risk FFIs

• Would apply to offshore banks and FIs in non-compliant jurisdictions.

– Enhanced Due Diligence (EDD):

• Obtain documentation of the FFI’s AML program.

• Monitor activity in the correspondent’s accounts for risks posed by the client’s customers not subject to EDD.

• Identify nested correspondents and assess associated risks• Identify nested correspondents and assess associated risks.

• Identify FFI ownership for non-publicly traded institutions.


Risk Based Approach to KYC2a. Borrowing

CustomersExisting KYC Process

3. Risk Assessment

e as

R

isk

e as

R

isk

1. Accept or Reject business?•Profitability•Suitability

(BCA)

Man

age

Leve

l 1

Man

age

Leve

l 1

3. Impose Basic KYC only

Suitability•Reputation Risk •Sanctions •Suspect blacklists

Accept

2b. Non-Borrowing Customers risk profiled using agreed and easy to

kk

implement filters.

Man

age

as

evel

3 R

isk

Man

age

as

evel

3 R

isk

3. Separate out Level 3 customers

i d

3b. Impose Enhanced KYC

7/8/2009 9

M LeM Leusing agreed filters.

Risk Based Approach to KYCppLevel 3 riskLevel 3 risk Level 2

RiskLevel 2

RiskLevel 1

RiskLevel 1

Risk

Monitoring to identify account activity which requires account to be

Monitoring to identify account activity which requires account to be

Account Enhanced KYC

-Basic KYC Plus

Enhanced KYC

-Basic KYC Plus Basic KYCBasic KYCrequires account to be

reclassified as Level (3)

Monitoring of transactions against customer profile

12 th

requires account to be reclassified as Level (3)

Monitoring of transactions against customer profile

12 th

Opening -Nature of business

-Origin of funds

-Purpose of account

-Nature of business

-Origin of funds

-Purpose of account

Basic KYC

-Evidence of Identity

-Evidence of address

Basic KYC

-Evidence of Identity

-Evidence of addressevery 12 months.every 12 months.

-Type & level of activity-Type & level of activity

Monitor Account Activity which Monitor Account Activity which Ongoing 6 Monthly Review

-Monitoring of transactions against customer profile

6 Monthly Review

-Monitoring of transactions against customer profile requires account to be classified as

Level (2) or (3)requires account to be classified as Level (2) or (3)

g gAccount

Management

customer profile

-KYC Relationship review approved by Senior management

customer profile

-KYC Relationship review approved by Senior management

7/8/2009 10

Recent Enforcement Actions

• Non-compliance penalties continue to rise.

– UBS Bank - $100 Million (May 2004)

– Riggs Bank - $ 25 million (May 2004)

AmSouth $ 50 Million (October 2004)– AmSouth - $ 50 Million (October 2004)

– Riggs Bank - $ 41 Million (Jan 2005)

– Arab Bank - $ 24 Million (August 2005)Arab Bank $ 24 Million (August 2005)

– Bank of New York - $ 38 Million (Nov 2005)

– ABN AMRO - $ 80 Million (December 2005)

– AMEX - $65 Million (August 2007)

– Lloyds TSB - $130 Million (October 2007)

– Bank of Cyprus - $162 Million (October 2007)

– Lloyds TSB Bank - $350 Million (10 Jan 2009)


Compliance Guidance NeededCompliance Guidance Needed• Large fines have led to some unintended consequences.

Fi h l d t fl d f d f i SAR fili I th 12 th- Fines have led to a flood of defensive SAR filings. In the 12 months following the Amsouth and Riggs fines, filings jumped by 40%.

- KYC requirements and the high price of a compliance mistake have q g p pmade it very difficult for even the most diligent money transmitter to find banking services. (The guidelines published last year may help.)

• Increasing tendency to “criminalize” AML errors• Increasing tendency to criminalize AML errors

- Lapses are unavoidable for any large bank with significant transaction volume or a large client base.

- Does it make sense to impose penalties – sometimes large penalties –on banks with strong compliance regimes that have an AML lapse?


Business Challengesg

• Financial Institutions • Regulatory • TechnologyFinancial InstitutionsNeed more effective complianceRe use

• Regulatory

Increasing compliance regulation globally

• Technology

IT compliance spend = $34Bn (5% AML*)Re-use

investments-integrate with fraud and financial crime

regulation globally -FATFIncreasing pressure from regulators on FIs

$34Bn (5% AML )Annual spending expected to continue to increase*and financial crime

detectionTechnical integration vs

o egu ato s o sAML requirements now extend to securities, insurance, real estate

increaseTechnology is NOT the big cost!Investigations are 64% integration vs

organisational integration

industries and casinos as well as banksRegulatory compliance is primary driver of AML

gof costs**Industry vendor consolidation

is primary driver of AML investments

* Tower Group** Celent


Why should I care about these Requirements?y s ou d ca e about t ese equ e e ts

• Money Launderers and Terrorists seek out vulnerable banks• The Regulator will fine the bank heavily• The Regulator will fine the bank heavily

– Ignorance is no defense! • OFAC can and will seize customers funds

– Banco Delta Asia Ltd. Macau• US, European and other banks won’t Correspond with you

– Strict Due DiligenceStrict Due Diligence– Correspondent Bank Certifications– Demand due diligence (KYCC)

f f• The cost of a Fine is insignificant, compared to the internal cost and loss of business.– Restructuring, new procedures, new systems, training– Loss of reputation– Loss of shareholder value


What are sanctions:What are sanctions:• Definition:

Sanctions are punitive or coercive measures against a state or its nationals failing to comply with.

• Types of sanctions:Multilateral sanctions (e.g. UN sanctions)

Country or regime sanctions (eg Taliban, Congo DRP, Sudan, Syria, Iran)

• All UN member states, are obliged to implement UN Security Council

Bilateral sanctions (e.g. US sanctions against Cuba)

List-based sanctions (eg against known terrorists)

All UN member states, are obliged to implement UN Security Council sanctions domestically.

• Financial Institutions must comply with sanctions in all jurisdictions within which they operate.

7/8/2009 Embargoes & Sanctions May 13, 2008

15

Managing SanctionsManaging Sanctions

• Off-the-shelf shelf filtering software is availableOff the shelf shelf filtering software is available• Can check incoming and outgoing payments and any other

transaction or customer information entered onto systems.• However judgment is required:• However, judgment is required:

– Names may not be a complete match– May get a country match but the transaction is not sanctioned.

• Must have a process for assessing and then declining or approving transactions with full audit trail.

• Staff must have targeted training depending upon factors such as:g g p g p– Nationality– Type of business (eg domestic, global trade, international payments etc)– Decision making capacityDecision making capacity.


16

Compliance Costs Increase KYC AML OFACCompliance Costs Increase – KYC, AML, OFAC

Compliance is expensive. Non-compliance is very expensive.

• Technology costs – the bar keeps movingTh N• Then Now

• OFAC Scan repair items Scan all items• KYC/AML Recordkeeping and Money LaunderingKYC/AML Recordkeeping and Money Laundering

Travel Rules Pattern Recognition• Cost of non-compliance

- Enforcement actions- Prosecutions

Reputational damage- Reputational damage


17

Compliance Requirements IncreaseCompliance Requirements Increase

Section 312 of the USA PATRIOT Act increases costs and risks.

• Requires due diligence risk assessment for Foreign Financial Institutions (FFIs)(FFIs)- Nature of the FFI’s business & the markets its serves- Nature of the correspondent account, including account purpose, types of

services provided and anticipated account activityservices provided, and anticipated account activity.- Nature and duration of of bank’s relationship with the FFI – and affiliates.- FFI’s home supervisory regime.- Info known or reasonably available regarding the FFI’s AML record.

• New FFI due diligence rules are effective:

July 5 2006 for new account openings- July 5, 2006 for new account openings.

- October 2, 2006 for existing accounts.


18

Watch list Filteringg• Scanning of customer records & transactions against

– Government sanction lists – OFAC, BOE, UNO etc, ,– High risk individuals- terrorists, organized crime, fraudsters etc– Exposed individuals – PEPs, public figures, high profile– 3rd party database providers – World Compliance, Thomson, Bridger, World-Check,

D J F ti C li t L i N i tDow Jones-Factiva, Complinet, Lexis-Nexis, etc.,

• Key Issues– Character VariationsCharacter Variations– Phonetic Variations– Transliterations & cultural differences

• Using intelligent name matching algorithms with :– Normalization of names – capitals, abbreviations, spaces, punctuation– Reference libraries – common short names, cultural inputs

Reduction to simplified representation phonetics soundex– Reduction to simplified representation – phonetics, soundex– Indexing – decision tree– Similarity assessment – string equality, sub-sets, edit distance


19

What is it Regulators are looking for banks to do?What is it Regulators are looking for banks to do?• All accounts risk ranked systematically

• All transactions risk ranked systematically

• All transactions and all customer activity profiled to determine “usual and normal”behavior

• Peer groups used to find unusual behaviour in similar accounts

• How is previously unknown behavior detected and alerted

• Profiles to be dynamically created and adapted

• Rules must be dynamically created, adapted and implemented

• The Regulators want banks to actively find money laundering!

• Regulators are becoming more IT aware, than ever before!


Why a Risk Based Approach?

Regulatory Guidance Characteristics

FATF Money Laundering Typologies

3rd EU Directive, Basel CDD paper, and Wolfsberg

Principles paper

Takes into consideration multiple risk factorsincluding customer/business type, geography, product/delivery channels, and transaction type

Principles paper

U.S. Comptroller’s Handbook

FSA & Other Regulatory Directives

Egmont Group

Establishes levels perceived risk for which proportional controls may be devised

Efficient and cost effective approach to AML ProgramMiFiD management:

BenefitsBenefitsRisk management framework accepted by regulators

More effective and efficient processes

7/8/2009 Risk Based Approach 21Industry leading practices

Components of a Risk Based Approach

Risk Indicators Mitigating Controlsg g

Customer/Business Type

Geography

AML Governance Structure

AML Policies & ProceduresTraining/Communications &

Product/Delivery Channels

Transaction Type

gAwarenessIndependent Testing

AML Risk BasedRisk Based Approach

Regulatory Environment


Increased regulatory expectations

New regulations

The Situation

• High risk individuals, companies and organisations are targeting financial organisations and the countries within which they operate.

• Their very existence depends on their ability to enter your organisation or country undetected. What are the risks:

R l t i k• Regulatory risk

• Reputational risk

• Business risk

• Shareholder risk

• Job risk


k

AML Process Elements

Policy, strategy, resource allocation

Program evaluation & continuous improvement Communications,

Risk and Compliance

,awareness

& trainingTechnology

BranchAML Officers

pOfficersAML Office

Corporate Partners

Investigations &Suspicious

Activity

Account opening, customer identification

& risk assessmentyReporting

& s assess e t

Financial intelligence, monitoring,

analysis, trending & Enhanced


Due Diligence

LOB Risk Assessment

Evaluate inherent risks

Assess controlsDevelop and

implement action plans

Determine residual risk/

establish

Evaluate Assess

risks

Determine Develop

plansthresholds

Determine Develop

Monitor and enhance controls

Maintain and retain records

Monitor Maintain


Anti-Money Laundering High Risk CharacteristicsHigh Risk Characteristics

Customer/Business Types Geography Product/Delivery Channel Transaction Types

• Politically Exposed Persons • Sanctioned List Countries

• Mobile to mobile • Off-shore

• Non Resident Aliens

• Money service businesses (e.g. check cashing, wire transmitter)

• Transaction activity with high risk countries (e.g. 311 USA Patriot Act and FATF)

• Private Banking, Trust, Commercial, Retail where it involves high net worth individuals and their corporate interests with personal and discrete

• Foreign wire transfers, money instruments and cash

• Use of “Omnibus” and “Concentration Accounts”

• Gaming and betting

• Real estate brokers

• Jewelry businesses

personal and discrete service

• Internet Delivery• Nominee Account

Concentration Accounts

• E-Bill Payment

• Correspondent Bank Clearing

• Travel agencies

• Car, boat, aircraft, and farmequipment dealerships

• Prepaid stored valued card

• Payable through accounts• Charitable organizations

• Law, accounting, and medical firms

• Pawn brokers

y g

• Pawn brokers

• Phone or debit card businesses

• Off-shore Trusts


Risk-based Approach and the KYC Process

Risk-Scorings Sco g

• Simplified Due Diligence?Simplified Due Diligence?• Enhanced Due Diligence?


Risk based Approach and the KYC ProcessRisk-based Approach and the KYC Process

– How do we perform risk assessment?– Do we have the right tools to do the job?– How does the risk assessment program define and

score the risks of products? Customers? And jurisdictions?jurisdictions?

– How do we develop risk based matrices? With or without the help of outside vendors?without the help of outside vendors?


Risk based Approach and the KYC ProcessRisk-based Approach and the KYC Process

Simplified or Enhanced Due Diligence?Simplified or Enhanced Due Diligence?

Simplified CDD Level 1 - Tick-box / Red-Flag Check p g

Limited CDD Level 2 - Public Record Research

Standard CDD Level 3 - Public Record Research Limited Source Enquiries

Enhanced CDD Level 4 In depth Public RecordEnhanced CDD Level 4 - In-depth Public Record Research & EnquiriesSpecific issues

The Risk-based approach requires a levelled approach to CDD


Risk Based Approach MatrixRisk-Based Approach MatrixB ildi RBA t i i ll b ti ff t• Building an RBA matrix is a collaborative effort between:– The Compliance UnitThe Compliance Unit– The Economic Center– The Business UnitsThe Business Units– The Management Information Services (MIS)

Department– IT Division– Others….


Main RBA FactorsMain RBA Factors

Customer Risk Country RiskCustomer Risk Country Risk

Sector Risk Product Risk


RBA ElementsCustomer Risk•Overall background and reputationBusiness interests and practices Mgt

Country Risk•Political stabilityLegal status•Business interests and practices-Mgt

•Business associates and networks/ Business Link

•Legal status•Economic situation•Standing of the financial services

•Political Affiliations (PEPs)•Beneficial ownership and control•Source of funds

industry•Exposure to organised crime and Money launderingSource of funds Money laundering•Corruption

S t Ri k P d t Ri kSector Risk•Weapons and Metal trading•Precious metals

Product Risk•Private Banking•Correspondent Banking

•Art•Real Estate•Exchange Dealership

•Structured Finance•Commodities


•Exchange Dealership

RBA MatrixRBA Matrix

• An RBA Matrix is built to:– Assess Risks– Capture identified risks

Estimate their probability of occurrence and– Estimate their probability of occurrence and impactR k th i k b d th b– Rank the risks based on the above information.


• These variables may increase or decrease the risk posed by a particular customer or transaction, for example:

– The level of regulation or governance regime to which a customer is subject (A customer is located in a highcustomer is subject. (A customer is located in a high regulated jurisdiction poses less risk than a customer located in a low risk jurisdiction)

– Type of the entity: publicly owned entities pose less risk than private entitiesthan private entities

– The use of intermediate = Anonymity


High risk products and servicesExamples

The following examples are sample of high risk products that are vulnerable to ML & TF:

Facilitate a higher degree of anonymity– Facilitate a higher degree of anonymity

– Involve the handling of high volume of currency. g g y

– Rapid transactions speed

– Wide geographic availability


High risk products and servicesExamples

• Wire transfers:• Correspondent Banking: (Factors to consider)p g ( )

– Account purpose– Location of the respondent bankp– Nature of the banking license– The respondent money laundering detection and p y g

prevention controls– The respondent bank regulation and supervision in

its country


Break TimeBreak Time


Red Flags

Sudden and inconsistent change in account activity or a concerning patternpatternA business account had sudden excessive cash activity inconsistent with past behavior. No checks were made to suppliers or received from customers; the company is not know by local competitors. The business address is a p y y presidential apartment and the phone number on file communicates with a fax machine.

Frequent foreign wires to/from higher risk countriesFrequent foreign wires to/from higher risk countriesA charitable organization had hundreds of thousands of dollars coming into their account via settlement of credit card transactions. Wires were sent to individuals and entities in high risk countries; foreign counter parties were g ; g plimited and could not be traced or identified. The purpose of the charity could not be identified and it was determined that the organization was operated out of a residential apartment.


Red Flags

Absence of cash with a cash intensive business accountA business customer that operates a restaurant/grill receives only depositedA business customer that operates a restaurant/grill receives only deposited checks into its account. Deposits consisted of checks from different businesses/individuals payable to different parties.

Following the deposits were ACH debit transfers to another bank. There wereno cash deposits made into account, which is inconsistent with the type of business.


Case Study BackgroundCase Study - Background

An offshore financial institution incorporated in Bermuda is looking toAn offshore financial institution incorporated in Bermuda is looking to provide a structured finance loan to a group of investors.

The country into which the funds will flow and in which the project will be i d t th I C t d Middl E t t icarried out are the Ivory Coast and Middle Eastern countries.

The sector in which the transaction is due to take place is the construction sector and therefore inherently a high money laundering risk.y g y g

It is unclear whether the directors and shareholders of the company are the beneficial owners.

Rumours have been identified in the public record suggesting that the two businessmen and the company are linked to a PEP and that the foreign bank involved in the transaction is a pocket bank of the same PEP.


Case Study BackgroundCase Study - Background

The transactional structure presented by the customer is very complex and the reasoning behind the complexity and non transparency is unclearand non-transparency is unclear.

A number of companies within the structure have not yetA number of companies within the structure have not yet been incorporated and are “work-in progress”.


Case Study – Results of Risk-Scoring

Customer Risk

O ll b k d d

Country Risk

K f k AML l•Overall background and reputation•Business interests and practices

•Known of weak AML rules •Known of terrorist financing, Smuggling & other moneyBusiness interests and practices

•Business associates and networks

Smuggling & other moneylaundering activities

•Political Affiliations (PEPs)•Beneficial ownership and controlS f f d•Source of funds

Sector Risk Product Risk

•Real Estate •Structured Finance•Complex transaction


Case Study ApproachCase Study - Approach

The scope of research should be divided into two phases:The scope of research should be divided into two phases:

Phase I - involve public record research into all parties (individuals and companies) involved. This also included an overview of theand companies) involved. This also included an overview of the business networks and associations of the businesses and the individuals.

Phase II - given the low profile of the individuals that could be available in public records, a series of discreet enquiries within the local business communities in which the individuals are activelocal business communities in which the individuals are active should be undertaken in order to ascertain their overall business reputation and to ascertain whether there is indeed any substance to the allegations of their business being a front-

i f PEPoperation for a PEP.


Case Study Results of Risk ScoringCase Study – Results of Risk-Scoring

Enhanced CDD Level 4Enhanced CDD – Level 4

Simplified CDD Level 1 - Tick-box / Red-Flag Check p g

Limited CDD Level 2 - Public Record Research

Standard CDD Level 3 - Public Record Research Limited Source Enquiries

Enhanced CDD Level 4 In depth Public RecordEnhanced CDD Level 4 - In-depth Public Record Research & EnquiriesSpecific issues

The Risk-based approach requires a levelled approach to CDD


Customer Risk Matrix

Products/Services UsedCustomer Type Deposit Unsecured Wire Transfer Private Trust ServicesCustomer Type Deposit

AccountUnsecuredLoan/CreditCards

Wire Transfer PrivateBanking

Trust Services

PEP Moderate Moderate High Highest HighestPEP Moderate Moderate High Highest Highest

High Net Worth Moderate Moderate High Highest Highest

High Risk Nationality Moderate Moderate High High High

High Risk Industry Moderate Moderate Moderate Moderate Moderate

Cash Intensive Business

Normal Moderate High Moderate Moderate

Salaried Employee Normal Normal Normal Normal Normal

Independent Consultant/Indiv

Moderate Normal Normal Normal NormalConsultant/Individual Entrepreneur

Unemployed Moderate Moderate Moderate Moderate Moderate

45Charity Moderate High High High HighCompliance ALert July 09, 2009

Account Opening Policies

Customer Risk Rating Applicable Policies

N lNormal •Presentation of valid original identity documents•Establish purpose of account•Establish source of funds•Retain copies•Retain copies•Check against UN and other watch lists

Moderate •Above plus …•Send registered letter to customer at provided address. Retain signed return receipt.

High •Above plus …Above plus …•Independent verification of account opening documents•Verification of source of funds•Interview with bank officer•Visit by bank officer to customer home/businessVisit by bank officer to customer home/business•Approval from branch manager•Updating of account information/documents every twelve months

Highest Ab l

46

g•Above plus …•Updating of account documents every six months•Approval from CEOCompliance ALert July 09, 2009

Transaction Type Risk MatrixTransaction Type Risk MatrixCustomer Risk Rating

Offshore Wire

Wire Transfer to High Risk

Cash deposit under threshold/structuring

Large Cash

Forex Early Loan Repayment

Transfer Jurisdiction transactions Deposit

Normal Standard Standard Standard Enhanced Standard Standard

Moderate Enhanced Enhanced Enhanced Enhanced Enhanced Enhanced

High Severe Severe Enhanced Enhanced Enhanced Enhanced

Highest Severe Severe Severe Enhanced Enhanced Enhanced

47Compliance ALert July 09, 2009

Transaction Execution/Monitoring PolicyTransaction Execution/Monitoring Policy

Transaction Risk Rating Applicable Policies

StandardStandard•Teller/staff monitoring•Automated system monitoring

Enhanced•Customer explanation for transaction•Compliance Officer Approval for execution•Compliance Officer Approval for execution

Severe•CEO Approval for execution

48Compliance ALert July 09, 2009

Continuous Control MonitoringContinuous Control MonitoringBusiness Process Areas Specific Compliancep p

Daily AML & ComplianceMonitoring

Statistics

Customer Profile

Customer Performance

Daily Transactions

Cash (In-Out)

AML & Compliance

Currency Transaction

Reporting AnalysisAnalysis of data collected

Building

TransactionActivities

Inward Swift

Outward Swift

Reporting Analysis

Suspicious ActivityReporting Analysis

Scenarios

Pattern Matching

Unusual BehaviorBank Drafts

Clearing

Terrorist ReportingAnalysis

KYC Analysis

Trend AnalysisTransfer A/C to A/C

KYC Analysis

Compliance ALert July 09, 2009 49

Case Study The BriefCase Study – The Brief

Aware of the provision of guidelines in terms of the documentation & verification required in order for the Bank to be compliant with theverification required in order for the Bank to be compliant with the money laundering legislation the Bank is subject to.

Based on the guidelines the issues which needed to be addressed h ld b d fi dshould be defined.

Based on the issues defined research and enquiries in all the relevant jurisdictions should be undertakenrelevant jurisdictions should be undertaken.


Case Study Expected OutcomeCase Study – Expected Outcome

On the basis of the enhanced CDD that should be undertaken the BankOn the basis of the enhanced CDD that should be undertaken, the Bank could cross-reference the information provided by the customer to verify the claims made by the customer independently

C ld fi th id tit f th b fi i l d d t i thCould confirm the identity of the beneficial owner and determine the reasoning behind the complex transactional structure

The Bank would be in a position to disprove any rumours which had been p p yvoiced about links and front operations for a PEP

The exercise provides a complete and comprehensive documentation trail and supporting case within the scope of the CDD processtrail and supporting case within the scope of the CDD process

The exercise enables the Bank to decide on the level of ongoing monitoring, given the risks are classified as high.


E h d Ri k A t M th d lEnhanced Risk Assessment MethodologyConduct detailed analysis of each category

1 2 53 4

Assess Risk

Purpose of Account

Activity in Account

Nature of the business

Location Products and Services usedAccount Account business Services used


Compliance Customer’s Risk RatingCustomer/Account Information Risk Factor Review Risk Value

8. Account Debit Activity - Estimate monthly volume for all accts, please insure percentages total 100%

Volume/velocity consistent with nature of business 0

_____% cash Purchasing monetary instruments 1

_____% checks Foreign Swift transfers (repetitive) 1

_____% currency exchange Foreign Swift transfers (walk-in) 2

_____% ACH Foreign Swift transfers to high risk countries (NCCT list, OFAC, SIC)

5

_____% purchase official checks, money orders, etc. Domestic Swift transfers 1

_____% domestic wire transfers New Customer - Compare anticipated debit volume with other similar businesses in the area. Additional investigation should be conducted to explain any unusual business factors.

_____% foreign wire transfers: LIST COUNTRIES BELOW Existing Customer - Compare historical deposit volume and velocity with other similar businesses in the area. Additional investigation should be conducted to explain significant discrepancies.

100%

TOTAL

RISK

Business/Commercial Customer Risk Weighting ScoreNOTE: Compliance or Risk Management staff may modify the risk rate for a customer based on confidential information such as filing of SAR, receipt of

criminal subpoena, etc.

-23 to +4 = Low Risk (L)+5 to +14 = Moderate Risk (M)

+15 to +29 = High Risk (H)+30 and > = Extreme (E) Management Approval Req'd



6. Nature of Business Services (be specific)NAICS Code for principal line of business:

Money service business (see MSB section on page 2) +15

Brokered deposit relationship 30

Cash intensive business (see Question 9 for list) 10

ATM owner/operator 10

Customer qualifies as Phase I exempt person -15q p p

Customer is exempted as Phase II exempt person -5

7. Account Deposit Activity - Estimate monthly volume for all accts, please insure percentages total 100%.

Volume/velocity consistent with nature of 0

Total Deposits: $ ________________ business Purchasing monetary instruments 1

_____% cash Foreign swift transfers (repetitive only) 1

_____% checks Foreign swift transfers (repetitive and/or walk-in) 2

_____% currency exchange Foreign swift transfers to high risk countries (NCCT list, SIC, OFAC)

5

_____% ACH Domestic Swift transfers 1

_____% purchase official checks, money orders, etc. New Customer - Compare anticipated deposit volume with other similar businesses in the area. Additional investigation should be conducted to explain any unusual business factors.

_____% domestic wire transfers Existing Customer - Compare historical deposit volume and velocity with other similar businesses in the area. Additional investigation should be conducted to explain significant discrepancies.

_____% foreign wire transfers: LIST COUNTRIES BELOW

7/8/2009 Risk Based Approach 54----------- 100%


8. Account Debit Activity - Estimate monthly volume for all accts, please insure percentages total 100%

Volume/velocity consistent with nature of business 0

% cash Purchasing monetary instruments 1_____% g y

_____% checks Foreign Swift transfers (repetitive) 1

_____% currency exchange Foreign Swift transfers (walk-in) 2

_____% ACH Foreign Swift transfers to high risk countries (NCCT list, OFAC, SIC)

5

_____% purchase official checks, money orders, etc. Domestic Swift transfers 1

_____% domestic wire transfers New Customer - Compare anticipated debit volume with other similar businesses in the area. Additional investigation should be conducted to explain any unusual business factors.

_____% foreign wire transfers: LIST COUNTRIES BELOW Existing Customer - Compare historical deposit volume and velocity with other similar businesses in the area. Additional investigation should be conducted to explain significant discrepancies.

100%

TOTAL

RISK

Business/Commercial Customer Risk Weighting ScoreNOTE: Compliance or Risk Management staff may modify the risk rate for a customer based on confidential information such as filing of SAR, receipt of

criminal subpoena, etc.

-23 to +4 = Low Risk (L)+5 to +14 = Moderate Risk (M)

+15 to +29 = High Risk (H)+30 and > = Extreme (E) Management Approval Req'd


Enhanced Risk Assessment MethodologyEnhanced Risk Assessment Methodology

Identify specific risks categoriesIdentify specific risks categories

Product and Service Risk

ActionsImpact

Analysis

Risk Response (controls)

Quality of Risk

Customer Risk

Quantity of Risk

Response Effectiveness

Analysis

Geographic Risk

Identify Risk Categories

Assess Quantity of Risk Assess Quality of Risk Action Plans


Best Practices FrameworkAML Risk Assessment Risk Profile

Corporate Governance

Investigations

Risk-Based

& Reporting

ures

Project PlPrograRisk-Based

Customer Due Diligence

Customer Transactions

en P

roce

dulanning/ExPo

licie

sm

Manage

Single Customer View Data

Writ

texecutionem

ent

7/8/2009 Risk Based Approach 57Independent Audit

Training/Self Testing

Case Study: The United NationsCase Study: The United Nations

A FAMILY-RUN BUSINESS


Case Study: The United Nations

Kofi AnnanLeo Mugabe

Kojo Annan

• Son of Kofi Annan (Secretary General-UN) from first marriage

Kojo Annan Hani Yamani Kojo Amoo

• Worked for SGS/Cotecna (given UN deal to enforce sanctions in Iraqi ports)• Moved on to start own company, Sutton Investments• Sutton part of consortium with Air Harbour Technologies & Leo Mugabe (nephew of p g & g ( p

Robert Mugabe, Pres of Zimbabwe)• Air Harbour owned by Hani Yamani (son of Sheikh Yamani, Saudi Oil Min.)• Consortium won bid valued in $100s of millions to build Zimbabwe airport


p• Kojo Amoo-Gottfried, Ghana Ambassador to UN (nephew of Kofi)

Risk: Customer/Business TypeIdentifying PEPsIdentifying PEPs

How do you determine whether an account holder is a PEP?

• Seek information directly from the individual

• Review sources of income including past and present employment history and references form professional associates

• Review public sources of information (i.e. databases, newspapers, etc.)

• CIAs online directory of “Chiefs of State and Cabinet Members of Foreign Governments” http://www.odci.gov/cia/publications/chiefs/index.html

• Transparency International Corruption Perceptions Index

• Private vendors (i.e. world Compliance/ Regulatory DataCorp (RDC),Factiva and WorldCompliance)Factiva, and WorldCompliance)


Risk: Customer/Business TypeIdentifying PEPs (Cont )Identifying PEPs (Cont.)

FATF Recommendations for PEPs:FATF Recommendations for PEPs:

Determine whether a customer is a PEP

Obtain senior management approval for establishing relationship

Establish source of wealth of fundsEstablish source of wealth of funds

Conduct ongoing monitoring of relationship


Risk: Customer/Business TypeExamples of Black Lists

OFAC: Office of Foreign Assets & Control lists: Specially Designated Nationals

Examples of Black Lists

p y gWeapons of Mass DestructionBlocked Countries

S f & S SBIS: Bureau of Industry & Security - Issued by the United States

BOE: Bank of England

CSSF: Commission de Surveillance du Secteur Financier LuxembourgCSSF: Commission de Surveillance du Secteur Financier-Luxembourg

SECO: Secretariat d’Etat a l’economie – Switzerland

UN: United Nations: Al-Qaida & Taliban; Iraq; LiberiaUN: United Nations: Al Qaida & Taliban; Iraq; Liberia

MAS: Monetary Authority of Singapore

EU: EU Regulations g

FATF: Financial Action Task Force

Other: Vendor (i.e. SIDE-OFAC/World Check Lists) and internal Lists


SummarySummary– Risk-scoring defines the level of CDD required

– Beneficial Ownership and PEPs are key– Beneficial Ownership and PEPs are key

– Advantages:

• Institutions can mitigate their own risk exposure through the risk based approach and risk exposurethe risk-based approach and risk exposure

• Risk-Scoring also enables institutions to develop benchmarks and risk rating parameters


For Additional clarifications, please call:+961 1 787049

[email protected]

Bashir A. El-NakibCAMS ACFE CFAPCAMS, ACFE, CFAP


risk based approach bachir el nakib july 2009 [compatibility mode]

Documents