risk based approach

RISK BASED APPROACH

P i e r r e S i m o n ,M a n a g i n g D i r e c t o r S i m o n L e ga l & C o m p l i a n c e

ACOA SeminarAugust 22, 2012

I. AML Compliance: Elements of successII. Assessment of Risk

- Four Measures- Analysis

III. Due Diligence and Monitoring Controls- Customer Risk Rati ng- Risk Rati ng Methodology- What can Financials Insti tuti ons Do?

IV. Customer Risk Rati ng Model- Customers with a Pre-defi ned Risk Rati ng- All Other Customers

Copyright © 2012 Simon Legal & Compliance. All rights reserved.

TOPICS

2

I.AML COMPLIANCE

Financial Insti tuti ons need to address several aspects of AML tomiti gate regulatory and reputati onal risks

4

AML COMPLIANCE: ELEMENTS OF SUCCESS

Risk Based ApproachAnd Customer Risk

Rating

Written AML PoliciesAnd Procedures

Know Your Customer

And CustomerIdentification

Program

Transaction Monitoring

and SuspiciousActivity Reporting

Organization andGovernanceStructures

AML ComplianceProgram Assessment

And Gap Analysis

AML Training


II.ASSESSMENT OF RISK

Insti tuti ons typical ly identi fy, measure and consider four main r isk measures when assessing the quanti ty of AML r isk.

6

ASSESSMENT OF RISK: FOUR MEASURES

Customers Geographies

ServicesProducts


7

ASSESSMENT OF RISK: FOUR MEASURES

• International Wires• Internet Banking• High Cash Users

• Private Banking• International Correspondent

Banking• Offshore International

Activity• Account data• Transaction data

• Economic Sanctions• Non-NCCT• Country Watch List

• STR (Suspicious Transactions Report)

• PEP (Politically Exposed Person)

• Industry / Occupation• Nationality• Account Maturity

Customers Geographies

ServicesProducts


A wel l -developed r isk assessment can enable a fi nancial insti tuti on to assess and apply appropriate controls to miti gate the r isks. Below is an approach for conducti ng an AML r isk assessment.

8

ASSESSMENT OF RISK: ANALYSIS

Analyze Existing

Risk Rating

Methodology

•Understand the current risk rating model and supporting methodology•Analyze the risk factor categories (e.g., products/services, customers, distribution channels, and geographic locations), as well as individual indicators and their relative weights to assess the logic, consistency and other properties

Interview

Personnel

•Interviews key personnel within appropriate business units to gain an understanding of the inherent AML risks, current controls and the management/reporting structure in place designed to mitigate these risks

Develop New RiskAssessm

entMethodo

logy

•Create a methodology which considers the inherent risks associated with the line of business and the controls in place to mitigate these risks

•Apply additional mitigating controls to the inherent AML risks in order to arrive at the residual AML risks for each of the Business Units, as well as the Bank as a whole

Report Findings

and DevelopRecommendation

s

•Generate and interpret results of risk assessment, document findings and proposed recommendations, and outline next steps

•Implement the enhanced risk rating methodology•Use the risk assessment to drive policy, procedures, controls, testing and auditing


III.DUE DILIGENCE AND

MONITORING CONTROLS

P r im a r y p u r p o se : to id e nti f y t h e p o p u lati o n o f h ig h e r r i sk c u sto me rs a n d to fu r t h e r d e s ig n / m o d i f y ex i sti n g d u e d i l i ge n c e p ro c e sse s , m o n i to r in g p ro c e d u re s a n d b u s in e ss p ro c e ss fl ows to a d d re ss t h e r i sk a sso c iate d wi t h t h e c u sto m e rs o f d iff e re nt r i sk leve l s :

E n h a n c e d Du e D i l i ge n c e : – Va r y in g E DD p ro c e d u re s/sta n d a rd s to b e a p p l ie d to c u sto m e rs o f d iff e re nt r i sk l eve l s

E n h a n c e d Tra n sa c ti o n M o n i to r in g : – L eve ra g in g r i sk ra n k in g in m o n i to r in g o f c u sto m e r a c ti v iti e s h e lps d eve lo p a n eff e c ti ve t ra n sa c ti o n mo n i to r in g a s we l l a s ST R fi l in g p ro g ra m • Ad ju ste d mo n i to r in g t h re sh o ld s • A low r i sk c l ie nt wo u ld b e p e r m itt e d to d ev iate mo re f ro m i t s ra n ge o f n o r m a l/ex p e c te d a c ti v i t y t h a n wo u ld a h ig h r i sk c l ie nt

M o d ifi e d B u s in e ss P ro c e ss F lows: – Va r y in g leve l s o f n ew a c co u nt o p e n in g p ro c e d u re s d e p e n d e nt u p o n in iti a l r i sk a sse ssm e nt o f c l ie nt – S t re n gt h e n e d a p p rova l /s ig n o ff re q u i re m e nt s fo r n ew a c co u nt s o p e n e d fo r h ig h r i sk c u sto m e rs – I n c re a se d KYC ve r ifi cati o n re q u i re me nt s fo r h ig h r i sk c u sto m e rs

DUE DILIGENCE CONTROLS: CUSTOMER RISK RATING

10Copyright © 2012 Simon Legal & Compliance. All rights reserved.

In the opti mal theoreti cal setti ng, a l l relevant KYC and transacti onal informati on would be avai lable and uti l ized during the r isk rati ng process. Under this assumpti on of a perfect informati on set , the fol lowing indicators would be considered to identi fy r isk in each category:

1. Customer Demographic Risk - eva luate demographic att r ibutes to ind icate h igher AML r i sk .

2. Product/Transacti on Risk – Bank ing products and t ransacti on types vary s ign ifi cant ly in the leve l o f AML r i sk they represent . Categor i z ing the products and ser v ices off ered he lps identi fy those that pos ing h igher AML r i sk .

3. Geographic Risk – Geographic r i sk i s captured pr imar i ly at the country leve l when t ransacti ons or ig inate or terminate in countr ies that have been l inked to cer ta in types of money launder ing /terror i st fi nanc ing behav ior. As part o f r i sk rati ng , eva luate AML r i sk o f customers based on assoc iated jur i sd icti ons .

DUE DILIGENCE CONTROLS: RISK RATING METHODOLOGY


1. Customer Demographic R i sk - e v a l u a te d e m o g ra p h i c a tt r i b u te s t o i n d i ca te h i g h e r A M L r i s k


12

Risk Indicator Example

Higher RiskCustomer Types

• Higher Risk Industries - foreign financial institutions; non-bank financial institutions (MSBs, casinos, brokers/dealers in securities, and dealers in precious metals, stones or jewels); off-shore corporations; deposit brokers; cash intensive businesses (convenience stores, restaurants, retail stores, liquor stores, cigarette distributors, privately-owned ATMs, vending machine operators, and parking garages), non-governmental organizations & charities; asset management• Higher Risk Occupations - student, unemployed, professional service providers (attorneys, accountants, doctors, real estate brokers)• PEPs (Politically Exposed Persons) and senior foreign political figures• Foreign individuals

Customer’sInvestigativeHistory

• STR Suspect• Judicial Foreclosures • Court Rulings

Account Maturity • Client relationship < 1 year


2. Product/Transacti on R isk – B a n k i n g p ro d u c t s a n d t ra n s a c ti o n t y p e s va r y s i g n i fi ca n t l y i n t h e l e ve l o f A M L r i s k t h e y r e p r e s e n t . C a te go r i z i n g t h e p ro d u c t s a n d s e r v i c e s o ff e r e d h e l p s i d e n ti f y t h o s e t h a t p o s i n g h i g h e r A M L r i s k .


13


Transaction Types • International Wire Transfers - Customers that exceed the 90th percentile of numberand/or aggregate florin or dollar value of international wire transactions within their peer group(e.g., individual, small business, and large business accounts)• High Cash Users - Customers that exceed the 90th percentile of number and/or aggregate florin or dollar value of cash transactions within their peer group (e.g., individual, smallbusiness, and large business accounts). Alternatively, can be based on the number ofcurrency reports filed• Other higher-risk transaction types including internet banking, transactions in which the primary beneficiary or counterparty is undisclosed, transactions involving large amounts of monetary instruments, and certain types of electronic transactions. All present risk due to the anonymity they provide

Product Types • Large number of different product types held by a customer. Allows for movement offunds and complex transactional patterns• Private Banking – can pose higher AML risk because of the variety, complexity,geographic scope, and high florin or dollar value of many transactions typically taking placethrough these accounts under especially high privacy and confidentiality circumstances;also, greater customer service can increase risk• Other higher-risk banking functions incl. offshore international activity, deposit-takingfacilities, pouch activity (as opposed to domestic courier), and international correspondent banking


3. Geographic R i sk – G e o g ra p h i c r i s k i s ca p t u r e d p r i m a r i l y a t t h e co u n t r y l e ve l w h e n t ra n s a c ti o n s o r i g i n a te o r te r m i n a te i n co u n t r i e s t h a t h av e b e e n l i n ke d t o c e r ta i n t y p e s o f m o n e y l a u n d e r i n g / te r ro r i s t fi n a n c i n g b e h av i o r. A s p a r t o f r i s k ra ti n g , e va l u a te A M L r i s k o f c u s t o m e rs b a s e d o n a s s o c i a te d j u r i s d i c ti o n s .

* H igh r i sk jur i sd icti ons can inc lude jur i sd icti ons on the fo l lowing l i sts : – S a n c ti o n L i s te d C o u n t r i e s ( e . g . , E U , U N , O FA C ) – FAT F N o n - co o p e ra ti ve C o u n t r i e s a n d Te r r i t o r i e s – C o u n t r i e s a t R i s k o f S p o n s o r i n g Te r ro r i s m o r F i n a n c i n g Te r ro r i s m – O ff s h o r e F i n a n c i a l C e n te rs


14


High RiskJurisdictions *

• Customer’s location – customers located in high-risk jurisdictions pose a higher AMLrisk• Customers engaging in a significant level of transactions to/from high risk jurisdictions


Comprehensive enterprise-wide account monitoring systems enable the bank to detect unusual and potenti al ly suspicious acti vity that may indicate the need for additi onal internal money laundering investi gati ons. Alerts may include tax avoidance schemes.

Alerts on transacti on patt erns or events that exceed stati sti cal thresholds within pre-defi ned scenarios. The systems typical ly uti l ize temporal analysis to evaluate transacti ons over multi ple dimensions of ti me.

High r isk customer survei l lance groups may be identi fi ed, sourced, and monitored in paral lel with the transacti on monitoring system.

Alerts generated by the systems are typical ly c lustered with other intel l igence data and reviewed by a bank’s Financial Intel l igence Unit (“FIU”) or MOT-coordinator. The mission is to bring a focused and proacti ve approach to the operati onal aspects of fi nancial cr imes deterrence, detecti on, and reporti ng. The result can be an enterprise view of r isk from across the organizati on.

MONITORING CONTROLS: WHAT CAN FINANCIAL INSTITUTIONS DO?


Opti mize transacti on monitoring program. Develop a high r isk customer survei l lance program. Aspects of tax evasion can potenti al ly be detected by modifying tr iggers

within the Aruban bank’s wire structuring scenario. Most people typical ly associate structuring with cash deposits; however, this logic is commonly modifi ed to apply to wire transfer acti vity in high r isk customer populati ons, such as for private banking c l ients. Intel l igence data should fl ow from across the organizati on potenti al ly resulti ng in a STR.

MONITORING CONTROLS: WHAT CAN FINANCIAL INSTITUTIONS DO?


IV.CUSTOMER RISK RATING

MODEL

Our customer risk model is based on:

Customers with a predefi ned low or high risk rati ng A risk rati ng (low, medium or high) for all other customers based

on jurisdicti on, industry & sector and nature of company (enti ty type).

Potenti al adjustment of the risk rati ng (at least one level up) or rejecti on of the customer based on material adverse informati on.

CUSTOMER RISK RATING MODEL


The model is shown in the table below and explained in the next sheets.

CUSTOMER RISK RATING MODEL

19

Adjustment for material adverse

information

Predefined risk rating: Low or High

Risk rating based on:- Jurisdiction- Industry and sector- Nature of company (entity type)


CUSTOMER RISK RATING MODEL: CUSTOMERS WITH A PREDEFINED RISK RATING

20

There are certain types of (prospecti ve) customers who from a customer integrity perspecti ve represent a lower inherent risk or higher inherent risk. Pre-defi ned and high risk customers are set forth below:

The following customer types automati cally qualify as low risk:

A supervised fi nancial insti tuti on in a low risk jurisdicti on. A publicly traded company in a low risk jurisdicti on which is l isted on a

recognized exchange. This includes all direct and indirect wholly-owned subsidiaries of such a publicly traded company, provided that such a subsidiary is located in a low risk jurisdicti on.

A supervised agent or intermediary in a low risk jurisdicti on. Government departments, agencies or local authoriti es in a low risk

jurisdicti on.


CUSTOMER RISK RATING MODEL: CUSTOMERS WITH A PREDEFINED RISK RATING

21

The following customer types automati cally qualify as high risk:

A customer that has issued bearer shares. Bearer shares pose a high r isk because the ownership of these shares may change without any registrati on or noti fi cati on which makes i t d iffi cult to identi fy the ulti mate benefi cial owner(s) . In additi on the companies that issue bearer shares are frequently incorporated in high r isk jurisdicti ons. Therefore customers with bearer shares should be c lass ifi ed as high r isk.


For customers that do not qual i fy as pre-defi ned low risk as described in previous sheet a r isk score is calculated based on AML risk associated with the fol lowing 3 main r isk areas:

CUSTOMER RISK RATING MODEL: ALL OTHER CUSTOMERS

CDD Risk Rating

3. Entity Type

1. Country Risk Rating

2. Industries

and sectors


Each category is rated low (L) , medium (M) or high (H) according to how the customers jurisdicti on, enti ty type and industry and sector fa l ls within a pre-defi ned set of rules.

Within the calculati on model every category has the same weight. By s imple counti ng the ti mes that the outcome is low, medium or high, the CDD risk rati ng wi l l be determined.



The table below shows al l possible combinati ons of category scores and the corresponding CDD risk rati ng.

E x a m p l e : C a t e g o r y j u r i s d i c ti o n i s r a t e d h i g h , c a t e g o r y i n d u s t r y a n d s e c t o r i s r a t e d l o w, c a t e g o r y e n ti t y i s r a t e d m e d i u m . S o r e s u l t i s 1 h i g h , 1 m e d i u m a n d 1 l o w. B a s e d o n t h e t a b l e a b o v e t h e c o n c l u s i o n i s a n i n i ti a l r i s k r a ti n g o f m e d i u m .


24

Factor risk rankings (Jurisdiction, Industry and Sector and Entity Type): the number of occurrences over all 3 categories

Customer risk classification

HIGH MEDIUM LOW

3x - - High

3x 1x - High

3x - 1x High

1x 2x - High

1x - 2x Medium

1x 1x 1x Medium

- 2x 1x Medium

- 1x 2x Low

- - 3x Low


QUESTIONS


P i e r re A . S i m o nM a n a g i n g D i r e c t o r, A n ti - M o n e y L a u n d e r i n g C o n s u l ti n gS i m o n L e g a l & C o m p l i a n c e

P h o n e : + 3 1 ( 0 ) 2 0 - 7 9 9 7 9 5 5p i e r r e @ s i m o n l e g a l . n lW T C H - To w e rZ u i d p l e i n 3 61 0 7 7 X V A m s t e r d a m

P i e r r e i s m a n a g i n g d i r e c t o r a t S i m o n L e g a l & C o m p l i a n c e a n d h a s l e d c o m p l e x , g l o b a l A M L p r o j e c t s a t v a r i e t y o f fi n a n c i a l i n s ti t u ti o n s . P r e v i o u s l y, P i e r r e s e r v e d a s S e n i o r D u e D i l i g e n c e A d v i s o r f o r a l a r g e D u t c h b a n k . P r i o r t o t h a t , h e w a s a B u s i n e s s A n a l y s t A M L i n t h e G l o b a l D u e D i l i g e n c e M a n a g e m e n t g r o u p o f a l a r g e fi n a n c i a l i n s ti t u ti o n w h e r e a m o n g s t o t h e r s h e h e l p e d s e t u p a c o m p l e t e l y n e w C D D d e p a r t m e n t .

H e b e g a n h i s c a r e e r i n 1 9 9 7 a t t h e A r u b a n P o l i c e F o r c e a n d n o w h a s a p r o f e s s i o n a l b a c k g r o u n d a s a p o l i c e o ffi c e r, b u s i n e s s a n a l y s t a n d s e n i o r A M L c o m p l i a n c e c o n s u l t a n t f o r o v e r 1 5 y e a r s . H e s t u d i e d D u t c h L a w a t t h e V U U n i v e r s i t y A m s t e r d a m a n d h a s g a i n e d m o s t o f h i s p r o f e s s i o n a l e x p e r i e n c e w i t h i n l a r g e E u r o p e a n o r g a n i z a ti o n s s u c h a s E u r o n e x t , R a b o b a n k , E u r o c l e a r a n d F o r ti s B a n k ’s G l o b a l S e c u r i ti e s a n d F i n a n c i n g G r o u p a n d i s t h e f o u n d e r o f S i m o n L e g a l & C o m p l i a n c e . P i e r r e fi n d s h i s a d d e d v a l u e e s p e c i a l l y i n c h a l l e n g e s e n v o l v i n g p o l i c y d e v e l o p m e n t & i m p l e m e n t a ti o n s a n d p r o j e c t m a n a g e m e n t w i t h i n fi n a n c i a l i n s ti t u ti o n s .

THANK YOU


mailto:[email protected]

risk based approach

Presentations & Public Speaking

assessment of risk

leveraging risk

aml risk assessment

higher aml risk

level of aml risk

risk rating process

quantity of aml risk

welldeveloped risk assessment