Customer Due Diligence: How to bring clarity to screening for OFAC Sanctioned Entities and other High-Risk Entities April ...
Presentation Outline <ul><li>OFAC Overview </li></ul><ul><li>OFAC Enforcement Guidelines </li></ul><ul><li>FinCEN and OFAC...
<ul><li>OFAC Mission </li></ul><ul><li>To administer and enforce economic and trade sanctions based on U.S. foreign policy...
FinCEN and OFAC Compared <ul><li>Primary Differences: </li></ul><ul><ul><li>Mission </li></ul></ul><ul><ul><li>Statutory A...
FinCEN and OFAC Compared <ul><li>Mission </li></ul><ul><li>OFAC </li></ul><ul><li>“ Administer and enforce economic and tr...
FinCEN and OFAC Compared <ul><li>Statutory Authority </li></ul><ul><li>OFAC </li></ul><ul><li>Trading With the Enemy Act (...
FinCEN and OFAC Compared <ul><li>Similarities: </li></ul><ul><li>Counterterrorism/Anti-Narcotics Purpose </li></ul><ul><li...
FinCEN and OFAC Compared <ul><li>Differences in Compliance Paradigm: </li></ul><ul><li>OFAC </li></ul><ul><li>Strict Liabi...
OFAC Overview Country-Based Programs Cuba, Iran, Sudan Regime-Based Programs Burma Belarus, North Korea, Iraq I and Iraq I...
<ul><li>Comprehensive Programs Regime-Based Programs </li></ul><ul><li>Cuba Balkans </li></ul><ul><ul><li>Iran Belarus </l...
So who or what is a ‘SDN’? <ul><li>OFAC “Specially Designated Nationals”   </li></ul><ul><li>Derived from classified and o...
<ul><li>IEEPA Enhancement Act - October 16, 2007 </li></ul><ul><li>(P.L. 110-96, 121 Stat 1011 ) </li></ul><ul><li>IEEPA P...
<ul><li>Enforcement Guidelines – Structure   </li></ul><ul><li>Definitions  </li></ul><ul><li>Types of Responses to Appare...
OFAC Sanctions <ul><li>Sanctions Enforcement Options </li></ul>No Action Warning or Cautionary Letter Revocation of a Lice...
<ul><li>Enforcement Guidelines – Definitions   </li></ul><ul><li>Apparent Violation </li></ul><ul><li>Applicable Schedule ...
<ul><li>Enforcement Guidelines – OFAC Responses  </li></ul><ul><li>No Action </li></ul><ul><li>Request Additional Informat...
<ul><li>Enforcement Guidelines – General Factors   </li></ul><ul><li>Willful or Reckless Violation  </li></ul><ul><li>Awar...
Voluntary  Self-Disclosure Egregious Case (1) One-Half Transaction Value ($125k Cap) No Yes No Yes (3) One-Half Statutory ...
<ul><li>Enforcement Guidelines – Civil Penalties   </li></ul><ul><li>Base Category Calculation  </li></ul><ul><li>Adjustme...
Example of Egregious Violation:  Lloyds TSB Bank PLC <ul><li>Dual Deferred Prosecution Agreements entered 1/9/2009 </li></...
Lloyds TSB Bank Issue:  Stripping / Modifying Data in Payment Messages <ul><li>Conduct began in mid-1990’s </li></ul><ul><...
<ul><li>Identify Compliance Program Objectives </li></ul><ul><li>AML Objectives  </li></ul><ul><ul><ul><li>--  Identify Ri...
Comprehensive Process <ul><li>Sanctions Program & AML/BSA Compliance </li></ul><ul><ul><li>Designate specific person(s) as...
Implementation <ul><li>Sanctions Program & AML/BSA Compliance </li></ul><ul><li>Risk Assessment of your Business  </li></u...
Implementation <ul><li>Importance of partners/relationships </li></ul><ul><ul><li>Within the company: </li></ul></ul><ul><...
Implementation: <ul><li>Know what is on the Sanctions or Caution List(s) that are applicable to your Business </li></ul><u...
<ul><li>Know what kinds of entity data is on the various Sanctions or Caution List(s) that are applicable to your Business...
<ul><li>OFAC and The Palestinian Authority </li></ul><ul><li>Representatives of the Hamas currently form the majority part...
<ul><li>OFAC and The Palestinian Authority </li></ul><ul><li>General License #4 includes  </li></ul><ul><li>(a) definition...
<ul><li>Other sanctions programs may be applicable to your business, depending on results of your risk assessment. </li></...
<ul><li>Identify Where Risk Factors Exist </li></ul><ul><ul><li>Existing Customer Records </li></ul></ul><ul><ul><ul><li>S...
<ul><li>Identify Where Risk Factors Exist </li></ul><ul><ul><li>Payment Transactions (Inbound) </li></ul></ul><ul><ul><ul>...
<ul><li>Evaluate and Rate each Risk </li></ul><ul><li>Document, Document, Document </li></ul><ul><ul><li>Specifically docu...
Risk Management Matrix Courtesy of  SightSpan  - Used with Permission
Implementation: Risk Assessment <ul><li>Evaluate and Rate Each Risk </li></ul><ul><ul><ul><li>Date: </li></ul></ul></ul><u...
What areas should be considered? Example operational areas in Banking & Securities: <ul><li>Wires (EFT) </li></ul><ul><li>...
<ul><li>All insurance transactions and customer relationships involving persons or  companies or entities subject to US La...
<ul><li>All securities transactions and customer relationships involving persons,  companies or entities that are subject ...
NEW IAT RULES <ul><li>Expansion of International ACH Payments & Requirements </li></ul><ul><ul><ul><ul><li>Effective Sept....
What is an IAT, and what is all the fuss about ? <ul><li>An IAT, or International ACH Transaction, is a credit or debit in...
<ul><li>Travel Rule Requirements </li></ul><ul><li>The following information must be captured and included in IAT: </li></...
New Record Keeping Requirements for IATs <ul><li>Travel Rule Requirements (cont’d) </li></ul><ul><li>The following informa...
OFAC Screening Indicators for IATs <ul><li>The Fed, in its capacity as Gateway Operator, intends to screen  inbound  IAT e...
Optional Fields for OFAC Indicators <ul><li>IAT format will include 2  optional  fields to convey the results of voluntary...
OFAC Issues (cont’d) <ul><li>US RDFI’s and beneficiaries continue to: </li></ul><ul><ul><li>Ensure all aspects of inbound,...
Cover Payment Basics… <ul><li>In a cover payment, the intermediary bank receiving the payment order related to the MT 202 ...
The cover payment Ordering customer’s bank Beneficiary Bank Sender’s USD Correspondent MT 202 Receiver's USD Correspondent...
The issue MT 103 in USD  Ordering customer’s bank Bene’s bank Sender’s USD Correspondent MT 202 Receiver's USD Corresponde...
Cover Payment Basics… <ul><li>US intermediary banks are subject to increased risk of unknowingly facilitating illicit acti...
Implementation of Message Format Changes  <ul><li>Both SWIFT and FRB are holding workshops and teleconferences about how c...
Our Dilemma: Screening the Data <ul><li>Gotta Find the Bad Guys, but… </li></ul><ul><ul><li>Bad Guys are people, too </li>...
Understanding Our Own Data <ul><li>Factors to Consider in Understanding Your Data </li></ul><ul><li>Customer Data </li></u...
<ul><li>Screen separate data separately </li></ul><ul><ul><li>View data in logical fields of information – separate Names ...
<ul><li>What kinds of entities are on the list? </li></ul><ul><ul><li>Persons, Countries/Places, Organizations, Vessels, e...
Mining Names <ul><li>Names have components </li></ul><ul><ul><ul><ul><li>MARIA ELDA RODRIGUEZ PULIDO </li></ul></ul></ul><...
<ul><li>Addresses and IDs  not very useful for sanctions </li></ul><ul><ul><li>Listings missing address, ID info </li></ul...
Summary <ul><li>Issues to Consider in Effective Screening </li></ul><ul><ul><li>Data Quality Considerations - both client ...
Summary <ul><li>Enable better understanding of enterprise wide risks as well as specific risks </li></ul><ul><li>Useful in...
Have Questions or Need Additional  Information ? <ul><li>Shaun M. Hassett, CAMS </li></ul><ul><li>Clarity Risk & Complianc...
Upcoming SlideShare
Loading in …5
×

Customer Due Diligence: Improving Screening Processes for OFAC Entities and Other High Risks

1,970 views
1,515 views

Published on

Update on current OFAC Screening Requirements and How to Improve the Screening Processes as part of your overall Customer Due Diligence Program.


For more information about this topic, please contact SHAUN HASSETT at due_diligence@att.net

Published in: Business, Economy & Finance

Customer Due Diligence: Improving Screening Processes for OFAC Entities and Other High Risks

  1. 1. Customer Due Diligence: How to bring clarity to screening for OFAC Sanctioned Entities and other High-Risk Entities April 7, 2009 Shaun M. Hassett, CAMS National Risk Specialist Clarity Risk & Compliance Advisors
  2. 2. Presentation Outline <ul><li>OFAC Overview </li></ul><ul><li>OFAC Enforcement Guidelines </li></ul><ul><li>FinCEN and OFAC Compared </li></ul><ul><li>Performing Risk Assessments </li></ul><ul><li>Developments to Consider (IATs and Cover Payments) </li></ul><ul><li>Tools, Tips, Tricks to Improve Screening </li></ul>
  3. 3. <ul><li>OFAC Mission </li></ul><ul><li>To administer and enforce economic and trade sanctions based on U.S. foreign policy and national security goals against selected targets: </li></ul><ul><ul><ul><ul><li>Terrorism </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Narcotics Trafficking </li></ul></ul></ul></ul><ul><ul><ul><ul><li>WMDs and HEU </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Foreign governments and regimes </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Individuals </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Entities </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Practices </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Threats to: </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>National Security </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Foreign Policy and /or </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Economy of Unites States </li></ul></ul></ul></ul></ul>
  4. 4. FinCEN and OFAC Compared <ul><li>Primary Differences: </li></ul><ul><ul><li>Mission </li></ul></ul><ul><ul><li>Statutory Authority </li></ul></ul><ul><ul><li>Compliance Paradigm </li></ul></ul>
  5. 5. FinCEN and OFAC Compared <ul><li>Mission </li></ul><ul><li>OFAC </li></ul><ul><li>“ Administer and enforce economic and trade sanctions based on U.S. foreign policy and national security goals.” </li></ul><ul><li>FinCEN </li></ul><ul><li>“ Safeguard the financial system from the abuses of financial crime, including terrorist financing, money laundering, and other illicit activity.” </li></ul>
  6. 6. FinCEN and OFAC Compared <ul><li>Statutory Authority </li></ul><ul><li>OFAC </li></ul><ul><li>Trading With the Enemy Act (TWEA), P.L. 65-91, 40 Stat. 411 (Oct. 6, 1917) </li></ul><ul><li>International Emergency Economic Powers Act (IEEPA), P. L. 95-223, 91 Stat. 1626 (Dec. 28, 1977) </li></ul><ul><li>Various other statutes </li></ul><ul><li>FinCEN </li></ul><ul><li>Bank Secrecy Act, P. L. 91-508, 84 Stat. 1114, 1118 (Oct. 26, 1970) </li></ul><ul><li>Patriot Act, P.L. 107-56, 115 Stat. 272 (Oct. 26, 2001) </li></ul>
  7. 7. FinCEN and OFAC Compared <ul><li>Similarities: </li></ul><ul><li>Counterterrorism/Anti-Narcotics Purpose </li></ul><ul><li>Risk Based Compliance </li></ul><ul><li>Reports as Enforcement Tools </li></ul><ul><li>Multipurpose Database </li></ul><ul><li>Public Outreach / Hotline </li></ul><ul><li>Treasury Department Function </li></ul>
  8. 8. FinCEN and OFAC Compared <ul><li>Differences in Compliance Paradigm: </li></ul><ul><li>OFAC </li></ul><ul><li>Strict Liability </li></ul><ul><ul><li>Block property </li></ul></ul><ul><ul><li>Avoid transaction </li></ul></ul><ul><ul><li>File Reports </li></ul></ul><ul><li>FinCEN </li></ul><ul><li>Structured compliance </li></ul><ul><ul><li>Policies, procedures, </li></ul></ul><ul><ul><li>internal controls </li></ul></ul><ul><ul><li>Compliance officer </li></ul></ul><ul><ul><li>Training </li></ul></ul><ul><ul><li>Independent testing </li></ul></ul><ul><ul><li>File reports </li></ul></ul>
  9. 9. OFAC Overview Country-Based Programs Cuba, Iran, Sudan Regime-Based Programs Burma Belarus, North Korea, Iraq I and Iraq II Liberia (former regime ) List Based Programs Narcotics Trafficking, Diamond Trading, Anti-Terrorism, WMD, Balkans, Syria, Lebanon, Congo, Ivory Coast, Zimbabwe Sanctions Program Categories
  10. 10. <ul><li>Comprehensive Programs Regime-Based Programs </li></ul><ul><li>Cuba Balkans </li></ul><ul><ul><li>Iran Belarus </li></ul></ul><ul><ul><li>Sudan Cote D’Ivoire </li></ul></ul><ul><ul><li>Anti-Terrorism Dem. Republic of the Congo </li></ul></ul><ul><ul><li>Counter Narcotics Trafficking Former Liberian Regime </li></ul></ul><ul><ul><li>Non-Proliferation (WMD) of Charles Taylor </li></ul></ul><ul><ul><li>Zimbabwe </li></ul></ul><ul><li>Limited Programs </li></ul><ul><ul><li>Burma (Myanmar) </li></ul></ul><ul><ul><li>North Korea </li></ul></ul><ul><ul><li>Syria </li></ul></ul><ul><ul><li>Diamond Trading </li></ul></ul><ul><li>http://www.treas.gov/offices/enforcement/ofac/programs/index.shtml </li></ul>OFAC Overview
  11. 11. So who or what is a ‘SDN’? <ul><li>OFAC “Specially Designated Nationals” </li></ul><ul><li>Derived from classified and open source evidence </li></ul><ul><li>Foreign governments and entities owned, controlled by or acting on behalf of those governments </li></ul><ul><li>Individuals engaged in prohibited activity </li></ul><ul><ul><ul><li>Narcotics trafficking </li></ul></ul></ul><ul><ul><ul><li>Terrorism </li></ul></ul></ul><ul><ul><ul><li>WMD proliferation </li></ul></ul></ul><ul><li>SDN List </li></ul><ul><ul><ul><li>changed 52 times in 2008 </li></ul></ul></ul><ul><ul><ul><li>changed 19 times in 2009* </li></ul></ul></ul><ul><ul><li> * As of April 20, 2009 </li></ul></ul>
  12. 12. <ul><li>IEEPA Enhancement Act - October 16, 2007 </li></ul><ul><li>(P.L. 110-96, 121 Stat 1011 ) </li></ul><ul><li>IEEPA Penalty Increase to Greater of: </li></ul><ul><ul><li>$250,000.00, or Two times (2X) Transaction Amount, whichever is greater </li></ul></ul>OFAC Enforcement Guidelines
  13. 13. <ul><li>Enforcement Guidelines – Structure </li></ul><ul><li>Definitions </li></ul><ul><li>Types of Responses to Apparent Violations </li></ul><ul><li>General Factors Affecting Administrative Action </li></ul><ul><li>Civil Penalties </li></ul>OFAC Enforcement Guidelines
  14. 14. OFAC Sanctions <ul><li>Sanctions Enforcement Options </li></ul>No Action Warning or Cautionary Letter Revocation of a License Civil Penalties Criminal Referrals
  15. 15. <ul><li>Enforcement Guidelines – Definitions </li></ul><ul><li>Apparent Violation </li></ul><ul><li>Applicable Schedule Amount </li></ul><ul><li>Transaction Value </li></ul><ul><li>Egregious Violation </li></ul><ul><li>Voluntary Self-Disclosure </li></ul>OFAC Enforcement Guidelines
  16. 16. <ul><li>Enforcement Guidelines – OFAC Responses </li></ul><ul><li>No Action </li></ul><ul><li>Request Additional Information </li></ul><ul><li>Cautionary Letter </li></ul><ul><li>Finding of Violation </li></ul><ul><li>Civil Monetary Penalty </li></ul><ul><li>Criminal Referral </li></ul>OFAC Enforcement Guidelines
  17. 17. <ul><li>Enforcement Guidelines – General Factors </li></ul><ul><li>Willful or Reckless Violation </li></ul><ul><li>Awareness of Conduct </li></ul><ul><li>Harm to Sanctions Program Objectives </li></ul><ul><li>Individual Characteristics of Subject Person </li></ul><ul><li>Compliance Program / Remedial Response </li></ul><ul><li>Cooperation with OFAC </li></ul>OFAC Enforcement Guidelines
  18. 18. Voluntary Self-Disclosure Egregious Case (1) One-Half Transaction Value ($125k Cap) No Yes No Yes (3) One-Half Statutory Maximum (2) Applicable Schedule Amount ($250k Cap) (4) Statutory Maximum Base Penalty Calculation OFAC Enforcement Guidelines
  19. 19. <ul><li>Enforcement Guidelines – Civil Penalties </li></ul><ul><li>Base Category Calculation </li></ul><ul><li>Adjustment for Relevant General Factors </li></ul><ul><ul><ul><li>Substantial Cooperation </li></ul></ul></ul><ul><ul><ul><li>First Violation </li></ul></ul></ul><ul><ul><ul><li>Other General Factors </li></ul></ul></ul>OFAC Enforcement Guidelines
  20. 20. Example of Egregious Violation: Lloyds TSB Bank PLC <ul><li>Dual Deferred Prosecution Agreements entered 1/9/2009 </li></ul><ul><li>Charges </li></ul><ul><ul><li>Knowingly and willfully violated IEEPA </li></ul></ul><ul><ul><li>Intentionally Falsified Records of U.S. correspondent banks </li></ul></ul><ul><li>$ 350,000,000 forfeiture and penalties </li></ul><ul><ul><li>Penalties from DOJ and NYCDA – not directly via OFAC </li></ul></ul><ul><li>International Emergency Economic Powers Act (IEEPA) (Title 50 U.S. Code 1701 – 1707) </li></ul><ul><ul><li>Prohibits exportation of services to Iran and Sudan w/out authorization </li></ul></ul><ul><ul><li>Any transaction in US that evaded & avoided sanctions </li></ul></ul><ul><li>Falsification of Business Records in the First Degree (NY State Penal Law 175.10) </li></ul><ul><ul><li>False information and omissions </li></ul></ul>
  21. 21. Lloyds TSB Bank Issue: Stripping / Modifying Data in Payment Messages <ul><li>Conduct began in mid-1990’s </li></ul><ul><li>– Ended in April 2004 for Iran & September 2007 for Sudan </li></ul><ul><li>Stripped relevant info from payment messages to avoid OFAC sanctions for countries, banks & persons </li></ul><ul><li>– Countries included Iran, Libya and Sudan </li></ul><ul><li>Criminal conduct was designed to assist clients in avoiding detection by OFAC filters at US banks </li></ul><ul><li>Caused US banks to provide prohibited services </li></ul><ul><li>Specific written policy & payment processors for manually handling (“stripping”) US-Dollar Iranian payments </li></ul>
  22. 22. <ul><li>Identify Compliance Program Objectives </li></ul><ul><li>AML Objectives </li></ul><ul><ul><ul><li>-- Identify Risks </li></ul></ul></ul><ul><ul><ul><li>-- Know Your Customer </li></ul></ul></ul><ul><ul><ul><li>-- Sanctions Compliance </li></ul></ul></ul>Where Do We Start ?
  23. 23. Comprehensive Process <ul><li>Sanctions Program & AML/BSA Compliance </li></ul><ul><ul><li>Designate specific person(s) as BSA/AMLO and Sanctions Compliance Officer(s) </li></ul></ul><ul><ul><li>AML Officer must understand the company’s business </li></ul></ul><ul><ul><ul><li>Effective Compliance requires operational and business understanding </li></ul></ul></ul><ul><ul><li>Need for senior management champions </li></ul></ul><ul><ul><ul><li>Institutionalize board and executive management audiences </li></ul></ul></ul><ul><ul><ul><li>Evangelization on part of Compliance </li></ul></ul></ul>
  24. 24. Implementation <ul><li>Sanctions Program & AML/BSA Compliance </li></ul><ul><li>Risk Assessment of your Business </li></ul><ul><li>( For both OFAC / Sanctions and for AML / BSA Risks) </li></ul><ul><ul><ul><ul><ul><li>Types of Customers </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Types of Products/Services Offered </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Types of Transactions </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Volume of Transactions to be screened </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Account and Transaction Parties </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Geographies Served </li></ul></ul></ul></ul></ul>
  25. 25. Implementation <ul><li>Importance of partners/relationships </li></ul><ul><ul><li>Within the company: </li></ul></ul><ul><ul><ul><li>Operations / Lines of Business </li></ul></ul></ul><ul><ul><ul><li>Compliance </li></ul></ul></ul><ul><ul><ul><li>Audit </li></ul></ul></ul><ul><ul><ul><li>Information Technology </li></ul></ul></ul><ul><ul><li>Law enforcement </li></ul></ul><ul><ul><li>Vendors (systems, data, third party providers) </li></ul></ul><ul><ul><ul><li>What systems/applications are screening data </li></ul></ul></ul><ul><ul><ul><ul><li>Uniformity of search methodologies used </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Centralized or decentralized review of matches? </li></ul></ul></ul></ul>
  26. 26. Implementation: <ul><li>Know what is on the Sanctions or Caution List(s) that are applicable to your Business </li></ul><ul><ul><ul><li>OFAC SDN List is comprised of Multiple Sanctioned Countries, Organizations, Groups, and Individuals, representing Multiple Types of Entities </li></ul></ul></ul><ul><ul><ul><li>Approximately 2/3 of entities located on OFAC SDN list are comprised of Hispanic Entity Surnames * * multiple factors contribute to this event </li></ul></ul></ul><ul><ul><ul><li>OFAC Sanctioned Entities in US, plus entities in over 100 countries/territories </li></ul></ul></ul>
  27. 27. <ul><li>Know what kinds of entity data is on the various Sanctions or Caution List(s) that are applicable to your Business </li></ul><ul><li>OFAC SDN List is not complete </li></ul><ul><ul><li>“ A non-exhaustive list of their names is published in the Federal Register, an official publication of the U.S. Government. This list may be obtained by calling the Office of Foreign Assets Control at 202/622-2490, or by going to OFAC Web site…” </li></ul></ul><ul><ul><li>(Foreign Asset Control Regulations for the Financial Community, SDN Definition, pps. 5, 33) </li></ul></ul>Implementation: OFAC and other ‘List Data’
  28. 28. <ul><li>OFAC and The Palestinian Authority </li></ul><ul><li>Representatives of the Hamas currently form the majority party within the Palestinian Legislative Council (PLC) and hold high level offices within the Palestinian Authority (PA) including the Prime Minister </li></ul><ul><li>Hamas is targeted under 3 OFAC Terrorism sanction programs </li></ul><ul><ul><ul><li>Global Terrorism Sanctions Regulations, 31 C.F.R. Part 594 </li></ul></ul></ul><ul><ul><ul><li>Terrorism Sanctions Regulations, 31 C.F.R. Part 595 </li></ul></ul></ul><ul><ul><ul><li>Foreign Terrorist Organizations Sanctions Regulations, 31 C.F.R. Part 597 </li></ul></ul></ul><ul><li>http://www.treas.gov/offices/enforcement/ofac/programs/terror/pa.shtml </li></ul><ul><li>Refer to General License #4 for do’s and don’ts re: Palestinian Entities </li></ul>Implementation: OFAC Data
  29. 29. <ul><li>OFAC and The Palestinian Authority </li></ul><ul><li>General License #4 includes </li></ul><ul><li>(a) definition of parts of the Palestinian Authority that U.S. persons can deal with, and </li></ul><ul><li>(b) definition of parts of the Palestinian Authority that U.S. persons can not deal with </li></ul><ul><ul><li>NS-PLC List includes individuals who are PLC members who </li></ul></ul><ul><ul><li>were elected on the party slate of an FTO, SDT, or SDGT. </li></ul></ul><ul><ul><li>NS-PLC Listed individuals do not appear on the SDN List. </li></ul></ul><ul><ul><li>Transactions involving these individuals must be rejected . </li></ul></ul><ul><ul><li>Keep it simple: If you get a hit on suspected PLC entities, call OFAC… </li></ul></ul>Implementation: OFAC Data
  30. 30. <ul><li>Other sanctions programs may be applicable to your business, depending on results of your risk assessment. </li></ul><ul><li>There are more than 60 other sanction-like lists issued by various jurisdictions around the world. </li></ul><ul><li>Screen against those lists that are directly applicable to your business from a regulatory or risk management perspective. </li></ul><ul><ul><ul><li>Regulatory requirement versus customer suitability </li></ul></ul></ul><ul><li>The following also may be applicable to your firm: </li></ul><ul><ul><ul><ul><li>Section 311 Special Measures Entities (six entities) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Section 314(a) Entities* </li></ul></ul></ul></ul><ul><ul><ul><ul><li>*provided you receive the list from FinCEN </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Import/Export: </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>BIS, DTC, others </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>PEPs, Criminals (financial crimes or others) and/or Negative News </li></ul></ul></ul></ul>Implementation: What about other lists ?
  31. 31. <ul><li>Identify Where Risk Factors Exist </li></ul><ul><ul><li>Existing Customer Records </li></ul></ul><ul><ul><ul><li>Should be screened on regular, frequent ongoing basis </li></ul></ul></ul><ul><ul><ul><li>Monthly or quarterly screening may not be enough </li></ul></ul></ul><ul><ul><ul><li>Screening as part of policy issuance only is insufficient </li></ul></ul></ul><ul><ul><li>New Customer / New Account </li></ul></ul><ul><ul><ul><li>May be screened in real time or batch (end of day) </li></ul></ul></ul><ul><ul><ul><li>Also confirm/validate customer identity for new customers and customer suitability </li></ul></ul></ul><ul><ul><ul><ul><li>Documentary or non-documentary means </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Customer Due Diligence and Enhanced Due Diligence where required </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Due Diligence should go beyond basic CIP Program requirements </li></ul></ul></ul></ul></ul>Implementation: Risk Assessment
  32. 32. <ul><li>Identify Where Risk Factors Exist </li></ul><ul><ul><li>Payment Transactions (Inbound) </li></ul></ul><ul><ul><ul><li>with submission of policy application </li></ul></ul></ul><ul><ul><ul><li>Renewal premium of party who subsequently becomes specially designated </li></ul></ul></ul><ul><ul><li>Payments Transactions (Outbound) </li></ul></ul><ul><ul><ul><li>Screen both policyholder (customer) and beneficiary information prior to claim payment </li></ul></ul></ul><ul><ul><ul><li>Determine nuances for various payment transaction types ( check, ACH, Fedwire, SWIFT, IATs, etc.) </li></ul></ul></ul><ul><ul><li>Other transactions </li></ul></ul><ul><ul><ul><li>Loans, Monetary Instruments, Credit Cards, e-Banking, Trust, Wealth Management, Vendors, Third Party Service Providers, etc. </li></ul></ul></ul>Implementation: Risk Assessment
  33. 33. <ul><li>Evaluate and Rate each Risk </li></ul><ul><li>Document, Document, Document </li></ul><ul><ul><li>Specifically document the risk for each exposure to OFAC or other sanctions lists </li></ul></ul><ul><ul><li>Specifically document AML/BSA risk </li></ul></ul><ul><ul><li>Include complete information in SARs narrative as appropriate </li></ul></ul>Implementation: Risk Assessment
  34. 34. Risk Management Matrix Courtesy of SightSpan - Used with Permission
  35. 35. Implementation: Risk Assessment <ul><li>Evaluate and Rate Each Risk </li></ul><ul><ul><ul><li>Date: </li></ul></ul></ul><ul><ul><ul><li>Person Submitting Request: </li></ul></ul></ul><ul><ul><ul><li>OFAC/BSA Issue: </li></ul></ul></ul><ul><ul><ul><li>Line(s) of Business Affected: </li></ul></ul></ul><ul><ul><ul><li>Decision Made: </li></ul></ul></ul><ul><ul><ul><li>Persons Involved in Decision-making Process: </li></ul></ul></ul><ul><ul><ul><li>Associated Risk(s): </li></ul></ul></ul><ul><ul><ul><li>Justification for Decision: </li></ul></ul></ul><ul><ul><ul><li>Sign off from OFAC/BSA Officer: Operations / Lines of Business </li></ul></ul></ul>
  36. 36. What areas should be considered? Example operational areas in Banking & Securities: <ul><li>Wires (EFT) </li></ul><ul><li>Customer Accounts </li></ul><ul><li>SWIFT messages </li></ul><ul><li>Securities transactions </li></ul><ul><li>ACH transactions </li></ul><ul><ul><li>Domestic </li></ul></ul><ul><ul><li>IATs </li></ul></ul><ul><li>Credit cards </li></ul><ul><li>Loans </li></ul><ul><li>Letters of Credit </li></ul><ul><ul><li>Standby LC’s </li></ul></ul><ul><ul><li>Documentary Collections </li></ul></ul><ul><li>Trust operations </li></ul><ul><li>Vendor contracts </li></ul><ul><li>Safe Deposit, CDs, Monetary Instruments </li></ul><ul><li>Non-customer transactions </li></ul><ul><li>Securities/Mutual Funds </li></ul><ul><ul><li>Trades </li></ul></ul><ul><ul><li>Securities Instruments </li></ul></ul>
  37. 37. <ul><li>All insurance transactions and customer relationships involving persons or companies or entities subject to US Laws/Regulations: </li></ul><ul><ul><ul><li>Life </li></ul></ul></ul><ul><ul><ul><li>Property & Casualty </li></ul></ul></ul><ul><ul><ul><li>Commercial Lines </li></ul></ul></ul><ul><ul><ul><li>Personal Lines </li></ul></ul></ul><ul><ul><ul><li>Workers’ Compensation </li></ul></ul></ul>What areas should be considered? Example operational areas: Insurance
  38. 38. <ul><li>All securities transactions and customer relationships involving persons, companies or entities that are subject to US Laws/Regulations: </li></ul><ul><ul><ul><li>Parties to Trades </li></ul></ul></ul><ul><ul><ul><li>Counterparties </li></ul></ul></ul><ul><ul><ul><li>Clients </li></ul></ul></ul><ul><ul><ul><li>Intermediaries </li></ul></ul></ul><ul><ul><ul><li>Securities Instruments themselves </li></ul></ul></ul><ul><ul><ul><ul><li>Is the stock, bond, fund, etc. associated with a sanctioned entity? </li></ul></ul></ul></ul>What areas should be considered? Example operational areas: Securities
  39. 39. NEW IAT RULES <ul><li>Expansion of International ACH Payments & Requirements </li></ul><ul><ul><ul><ul><li>Effective Sept. 18, 2009 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Likely impact on all US Financial Institutions that do ACH transactions </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Mandatory capture of additional information for covered transactions </li></ul></ul></ul></ul><ul><ul><ul><ul><li>OFAC screening </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Takes time to change systems </li></ul></ul></ul></ul>
  40. 40. What is an IAT, and what is all the fuss about ? <ul><li>An IAT, or International ACH Transaction, is a credit or debit involving a bank office located outside the United States </li></ul><ul><li>Covers all ACH transactions originating from or transmitted to an office of a financial agency outside US territorial jurisdiction </li></ul><ul><li>Focus on whether there is a foreign financial agency involved </li></ul><ul><li>Changes to ACH cross-border formats made in response OFAC requests and FATF Special Recommendation VII </li></ul><ul><ul><li>OFAC penalties for non-compliance </li></ul></ul><ul><ul><li>Screening responsibilities </li></ul></ul>
  41. 41. <ul><li>Travel Rule Requirements </li></ul><ul><li>The following information must be captured and included in IAT: </li></ul><ul><ul><ul><li>Originator name </li></ul></ul></ul><ul><ul><ul><li>Originator physical address </li></ul></ul></ul><ul><ul><ul><li>Name of receiver (beneficiary) </li></ul></ul></ul><ul><ul><ul><li>Physical address of receiver </li></ul></ul></ul><ul><ul><ul><li>Account # of receiver </li></ul></ul></ul>New Record Keeping Requirements for IATs
  42. 42. New Record Keeping Requirements for IATs <ul><li>Travel Rule Requirements (cont’d) </li></ul><ul><li>The following information must be captured and included in IAT: </li></ul><ul><ul><ul><li>Identity of Receiver’s Bank </li></ul></ul></ul><ul><ul><ul><li>Correspondent Bank(s) me, Bank ID #, and Bank Branch Country Code </li></ul></ul></ul><ul><ul><ul><li>Reason for the payment </li></ul></ul></ul><ul><ul><ul><li>Unlike Travel Rule, applies for IAT transaction of any amount (not just $3,000 and up) </li></ul></ul></ul>
  43. 43. OFAC Screening Indicators for IATs <ul><li>The Fed, in its capacity as Gateway Operator, intends to screen inbound IAT entries for OFAC compliance </li></ul><ul><ul><li>It will advise the RDFI, through an OFAC screening indicator, of potential issues </li></ul></ul><ul><ul><li>It may use Fedline Web to advise the RDFI of Inbound IAT transactions that contain data appearing on the OFAC SDN List </li></ul></ul><ul><li>The Electronic Payments Network, a private sector ACH Operator, will make an OFAC screening function available to its customer FIs as a value added services </li></ul><ul><li>Inbound transactions that don’t run thru Fed or EPN will still be covered </li></ul><ul><li>ODFI and Gateway Operator still have obligations to identify as IAT for Outbound transactions too </li></ul>
  44. 44. Optional Fields for OFAC Indicators <ul><li>IAT format will include 2 optional fields to convey the results of voluntary OFAC screening on the transaction </li></ul><ul><ul><ul><li>Value of “0” indicates the party doing the screening did not find a potential blocked party </li></ul></ul></ul><ul><ul><ul><li>Value of “1” indicates potential presence of a blocked party </li></ul></ul></ul><ul><ul><ul><li>These indicators assist RDFIs and Correspondent banks processing Int’l payment by identifying entries that are highly suspect </li></ul></ul></ul><ul><ul><ul><li>FI cannot rely on Int’l counterparts for compliance with US law </li></ul></ul></ul>
  45. 45. OFAC Issues (cont’d) <ul><li>US RDFI’s and beneficiaries continue to: </li></ul><ul><ul><li>Ensure all aspects of inbound, cross-border transactions comply with OFAC and </li></ul></ul><ul><ul><li>Need to take appropriate steps to investigate, suspend, reject, block and report on transactions </li></ul></ul><ul><li>For Outbound IATs the US ODFI and their </li></ul><ul><ul><li>Originators continue to be responsible for: </li></ul></ul><ul><ul><li>Ensuring all parties to the transactions, as well as the underlying purpose, comply with OFAC regulations </li></ul></ul><ul><ul><li>Need to take appropriate steps to investigate, suspend, reject, block and report on transactions </li></ul></ul>
  46. 46. Cover Payment Basics… <ul><li>In a cover payment, the intermediary bank receiving the payment order related to the MT 202 does not receive the payment order related to the MT 103 </li></ul><ul><li>Only the bank originating the cover payment can monitor and filter both legs of the cover payment (MT 103 & MT 202) </li></ul><ul><li>The intermediary bank can only monitor & filter the MT202 </li></ul><ul><li>The intermediary bank cannot distinguish MT 202’s which are cover payments from MT202’s used for other bank to bank payments (settlement of FX trades, overnight deposits, etc) </li></ul>
  47. 47. The cover payment Ordering customer’s bank Beneficiary Bank Sender’s USD Correspondent MT 202 Receiver's USD Correspondent CHIPS/Fed MT 910/950 Ordering Customer Beneficiary * Example in USD Also valid for other currencies that apply cover (mainly GBP) MT 103 in USD*
  48. 48. The issue MT 103 in USD Ordering customer’s bank Bene’s bank Sender’s USD Correspondent MT 202 Receiver's USD Correspondent CHIPS/Fed MT 910/950 Ordering Customer UNKNOWN PARTIES IN THE COVER PAYMENT Beneficiary
  49. 49. Cover Payment Basics… <ul><li>US intermediary banks are subject to increased risk of unknowingly facilitating illicit activities </li></ul><ul><li>US intermediary banks do not receive all the details about the customer payment (MT103) to which the cover payment (MT202) relates because the MT 202 format does not require detailed info for the original Originator and Beneficiary Info </li></ul><ul><li>MT202COV, MT203COV and MT205COV to be implemented by SWIFT in November 2009 to address lack of transparency in cover payments. </li></ul><ul><li>(add’l data requirements to identify parties to the transaction) </li></ul>
  50. 50. Implementation of Message Format Changes <ul><li>Both SWIFT and FRB are holding workshops and teleconferences about how changes are handled in SWIFT and in the FedWire / Fedline message processing environments </li></ul><ul><li> </li></ul><ul><li>All member banks need to amend systems to populate </li></ul><ul><li>and receive the MT202COV. </li></ul><ul><li>Majority of SWIFT member banks will be covered by maintenance contracts with their solution provider, which usually cover changes in SWIFT Standards. May be one-off costs if not covered by maintenance contract. </li></ul><ul><li>Check with your payment system vendor(s) to insure that you understand the processes they are undertaking to address this prior to November 2009 </li></ul>
  51. 51. Our Dilemma: Screening the Data <ul><li>Gotta Find the Bad Guys, but… </li></ul><ul><ul><li>Bad Guys are people, too </li></ul></ul><ul><ul><ul><li>They may not use their full names </li></ul></ul></ul><ul><ul><ul><li>They share names with Good Guys </li></ul></ul></ul><ul><ul><ul><li>Organizations use Acronyms </li></ul></ul></ul><ul><li>Is the Cure is Worse than the Disease? </li></ul><ul><ul><li>We need smaller haystacks </li></ul></ul>“ Find the bad guys, stop the money flow” is much easier said than done.
  52. 52. Understanding Our Own Data <ul><li>Factors to Consider in Understanding Your Data </li></ul><ul><li>Customer Data </li></ul><ul><ul><li>What kind of information do you have? </li></ul></ul><ul><ul><li>How complete and accurate is your customer data? </li></ul></ul><ul><ul><li>Do different systems facilitate alternate information about the same customer? </li></ul></ul><ul><ul><li>What kind of information is missing? </li></ul></ul><ul><ul><li>Does customer information vary by customer type? </li></ul></ul><ul><ul><li>How do different systems provide data for screening or review? </li></ul></ul><ul><li>What data elements are available in various types of transaction messages? </li></ul>Data preparation is an investment… not an expense
  53. 53. <ul><li>Screen separate data separately </li></ul><ul><ul><li>View data in logical fields of information – separate Names from locations </li></ul></ul><ul><ul><ul><li>ANDY GROVE in NEW YORK </li></ul></ul></ul><ul><ul><ul><li>ESPERANZA GOMEZ in PUERTO PLATA </li></ul></ul></ul><ul><ul><li>Separate Accounts in Logical Grouping </li></ul></ul><ul><ul><ul><li>Separate corporate accounts from personal accounts </li></ul></ul></ul><ul><ul><ul><li>Certain account record types may have different screening requirements </li></ul></ul></ul><ul><ul><li>Understand what specific data is in various fields of your transaction data </li></ul></ul><ul><ul><ul><li>Do all fields need to be screened? </li></ul></ul></ul><ul><ul><ul><li>Do all message types need to be screened? </li></ul></ul></ul><ul><ul><ul><li>Determine how to remove or ignore prefixes in messages: </li></ul></ul></ul><ul><ul><ul><ul><li>/D/, /C/, </li></ul></ul></ul></ul><ul><ul><ul><ul><li>//FW, //CH, etc. </li></ul></ul></ul></ul>Mining Your Data
  54. 54. <ul><li>What kinds of entities are on the list? </li></ul><ul><ul><li>Persons, Countries/Places, Organizations, Vessels, etc. </li></ul></ul><ul><li>What’s in a listing? </li></ul><ul><ul><li>Names and Addresses </li></ul></ul><ul><ul><li>Dates of Birth </li></ul></ul><ul><ul><li>Passports and Other IDs </li></ul></ul><ul><ul><li>Affiliations and Roles </li></ul></ul><ul><li>But not comprehensive, up-to-date </li></ul><ul><ul><li>Isn’t ABU MUSAB AL-ZARQAWI dead? </li></ul></ul>Mining OFAC or other Caution List Data
  55. 55. Mining Names <ul><li>Names have components </li></ul><ul><ul><ul><ul><li>MARIA ELDA RODRIGUEZ PULIDO </li></ul></ul></ul></ul><ul><ul><ul><ul><li>ABD EL-WAHAB </li></ul></ul></ul></ul><ul><ul><ul><ul><li>JUAN M. DE LA CRUZ </li></ul></ul></ul></ul><ul><li>Names have structure </li></ul><ul><li>Names follow rules </li></ul><ul><ul><li>Issues with cultural naming conventions </li></ul></ul>
  56. 56. <ul><li>Addresses and IDs not very useful for sanctions </li></ul><ul><ul><li>Listings missing address, ID info </li></ul></ul><ul><ul><li>Info less reliable if you don’t see the ID </li></ul></ul><ul><ul><ul><li>Anyone can “move” for a large enough payday </li></ul></ul></ul><ul><li>For PEPs, addresses and Locations and IDs can be useful </li></ul><ul><ul><li>Exclude matches across borders </li></ul></ul><ul><ul><ul><li>Exceptions: National officials, Diplomats </li></ul></ul></ul><ul><ul><ul><li>Exceptions: Addresses for relatives, Associates </li></ul></ul></ul><ul><li>Dates of Birth </li></ul><ul><ul><li>Generally not useful in ruling out matches on transactions </li></ul></ul><ul><ul><li>When screening customer data DOB can be useful to cull out false hits or false matches on clients </li></ul></ul><ul><ul><ul><li>Excluding Listed Dates of Birth, Years of Birth </li></ul></ul></ul><ul><ul><ul><li>Single date excludes 99+% of matches </li></ul></ul></ul><ul><ul><ul><li>Approximate Dates of Birth </li></ul></ul></ul>Mining Addresses, IDs and/or Dates of Birth
  57. 57. Summary <ul><li>Issues to Consider in Effective Screening </li></ul><ul><ul><li>Data Quality Considerations - both client data and vendor-provided data </li></ul></ul><ul><ul><li>Analysis and Management of False Positives </li></ul></ul><ul><ul><ul><li>Must have analytic information available on hits </li></ul></ul></ul><ul><ul><ul><li>Multiple ways to address false positives (check-box approach is often insufficient) </li></ul></ul></ul><ul><ul><ul><li>Train all appropriate employees in process of developing rules to fit your particular business </li></ul></ul></ul><ul><ul><ul><ul><li>Training should be customized to your particular policies, procedures, internal processes and to your business </li></ul></ul></ul></ul>
  58. 58. Summary <ul><li>Enable better understanding of enterprise wide risks as well as specific risks </li></ul><ul><li>Useful inn developing/implementing your policies/ procedures </li></ul><ul><li>Perform and document Risk Analyses </li></ul><ul><li>Gather enough information to really Know Your Customer </li></ul><ul><ul><li>Validate customer information against sanctions and other data and information sources </li></ul></ul><ul><ul><li>Aid to your compliance efforts </li></ul></ul><ul><ul><li>Better enable additional business opportunities with the customer </li></ul></ul>
  59. 59. Have Questions or Need Additional Information ? <ul><li>Shaun M. Hassett, CAMS </li></ul><ul><li>Clarity Risk & Compliance Advisors </li></ul><ul><li>“ a passion for developing Compliance Excellence” </li></ul><ul><li>+1.847.458.8670 (office) </li></ul><ul><li>+1.847.652.2370 (mobile) </li></ul><ul><li>[email_address] </li></ul>

×