Your SlideShare is downloading. ×
0
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach   Bachir El Nakib July 2009 [Compatibility Mode]
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]

1,792

Published on

Implementation of RBA in Lebanon

Implementation of RBA in Lebanon

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,792
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Building Ri k P fil B ildi Risk Profile Bashir A. El-Nakib, CAMS, ACFE, CFAP Managing Partner/CEO Compliance ALert July 09, 2009 1
  • 2. THE ONLY ISSUE? COMPLIANCE & REGULATORY RISK The problem is KYC - CUSTOMERS - CORRESPONDENTS KNOW YOUR - EMPLOYEES - SHAREHOLDERS 7/8/2009 Risk Based Approach 2
  • 3. Outline Introduction/Overview Background Developing a Risk Based Approach AML Program Elements Embargoes & Sanctions Identifying Risk Risk Types & Characteristics Red Flags Issues/Challenges Summary Open Discussion 7/8/2009 Risk Based Approach 3
  • 4. Definitions Money Laundering Money Laundering is the process by which criminals attempt to conceal the true origin and ownership of the proceeds of criminal activities. Terrorist Financing An offence by any means, directly or indirectly, unlawfully and willfully, which provides or collects funds with the intention that they should be used or in the knowledge that they are to be used, in full or in part, in order to carry out an act intended to cause death or serious bodily injury to a civilian, or t any other person not t ki an active part i th h tiliti i a i ili to th t taking ti t in the hostilities in situation of armed conflict, when the purpose of such act, by its nature or context, is to intimidate a population, or to compel a government or an international organization to do or to abstain from doing any act. Source: United Nations 1999 International Convention for the Suppression of the Financing of Terrorism 7/8/2009 Risk Based Approach 4
  • 5. Regulatory Concerns • C Certain types of transactions have come under intense f regulatory and law enforcement scrutiny, especially in the US. – Transactions involving shell companies. – The potential for abuse of cover p y p payments to launder funds or to avoid SIC/UN/BOE/OFAC regulations. 7/8/2009 Risk Based Approach 5
  • 6. Development of Local Standards Banks AML Due Guidelines on Measures Against Diligence Money Laundering Law 318 • Required financial entities to design their own detailed Policy Manual to suit the nature of their particular environment in which they operated hi h th t d BDL Basic Circulars 83 • Permitted compliance based on commercial considerations Standard M L Procedures Standards Interim Circular Risk based approach to Know Your Customer (KYC) Banks Project to rectify existing higher risk accounts 20, 35, 136, 190 Enhanced procedures to identify and monitor special risk cases Compulsory Procedures Guidelines Announcement (4) Know Your Customer (KYC) for Transit subjects • Roll-out R ll t over old customers f KYC i l ld t for implementation t ti 7/8/2009 6
  • 7. Compliance Process p 4 Ph Phases Risk identification Risk assessment Risk Monitoring s o to g Risk Reporting 7/8/2009 Risk Based Approach 7 7
  • 8. Proposed Enhanced Due Diligence for High-Risk FFIs • Would apply to offshore banks and FIs in non-compliant jurisdictions. – Enhanced Due Diligence (EDD): • Obtain documentation of the FFI’s AML program. • Monitor activity in the correspondent’s accounts for risks posed by the client’s customers not subject to EDD. • Identify nested correspondents and assess associated risks risks. • Identify FFI ownership for non-publicly traded institutions. 7/8/2009 Risk Based Approach 8
  • 9. Risk Based Approach to KYC 2a. Borrowing Customers 3. Risk Level 1 Risk Manage as Existing KYC Assessment Process e 1. Accept or (BCA) Reject business? 3. Impose Basic •Profitability KYC only •Suitability Suitability •Reputation Risk Accept •Sanctions •Suspect blacklists 2b. Non-Borrowing Customers risk profiled using agreed and easy to implement filters. evel 3 Risk k Manage as 3. Separate out 3b. Impose Level 3 Enhanced KYC customers Le M using agreed i d filters. 7/8/2009 9
  • 10. Risk Based Approach to KYC pp Level 3 risk Level 2 Level 1 Risk Risk Enhanced KYC Monitoring to identify -Basic KYC Plus account activity which Account requires account to be Basic KYC Opening -Nature of business reclassified as Level (3) -Evidence of Identity -Origin of funds Monitoring of transactions against customer profile -Evidence of address -Purpose of account every 12 months. th -Type & level of activity 6 Monthly Review -Monitoring of transactions against Ongoing g g Monitor Account Activity which customer profile requires account to be classified as Account Level (2) or (3) -KYC Relationship review Management approved by Senior management 7/8/2009 10
  • 11. Recent Enforcement Actions • Non-compliance penalties continue to rise. – UBS Bank - $100 Million (May 2004) – Riggs Bank - $ 25 million (May 2004) – AmSouth - $ 50 Million (October 2004) – Riggs Bank - $ 41 Million (Jan 2005) – Arab Bank - $ 24 Million (August 2005) – Bank of New York - $ 38 Million (Nov 2005) – ABN AMRO - $ 80 Million (December 2005) – AMEX - $65 Million (August 2007) – Lloyds TSB - $130 Million (October 2007) – Bank of Cyprus - $162 Million (October 2007) – Lloyds TSB Bank - $350 Million (10 Jan 2009) 7/8/2009 Risk Based Approach 11
  • 12. Compliance Guidance Needed • Large fines have led to some unintended consequences. - Fi Fines have led to a flood of defensive SAR filings. I th 12 months h l dt fl d f d f i fili In the th following the Amsouth and Riggs fines, filings jumped by 40%. - KYC requirements and the high p q g price of a compliance mistake have p made it very difficult for even the most diligent money transmitter to find banking services. (The guidelines published last year may help.) • Increasing tendency to “criminalize” AML errors criminalize - Lapses are unavoidable for any large bank with significant transaction volume or a large client base. - Does it make sense to impose penalties – sometimes large penalties – on banks with strong compliance regimes that have an AML lapse? 7/8/2009 Risk Based Approach 12
  • 13. Business Challenges g • Financial Institutions • Regulatory • Technology Need more effective compliance Increasing compliance IT compliance spend = Re-use Re use regulation globally - $34Bn (5% AML*) AML ) investments- FATF Annual spending integrate with fraud Increasing pressure expected to continue to and financial crime from regulators o FIs o egu ato s on s increase increase* detection AML requirements now Technology is NOT the extend to securities, big cost! Technical insurance, real estate Investigations are 64% g integration vs industries and casinos of costs** organisational as well as banks Industry vendor integration Regulatory compliance consolidation is primary driver of AML * Tower Group investments ** Celent 7/8/2009 Risk Based Approach 13
  • 14. Why s ou d I care about these Requirements? y should ca e t ese equ e e ts • Money Launderers and Terrorists seek out vulnerable banks • The Regulator will fine the bank heavily – Ignorance is no defense! • OFAC can and will seize customers funds – Banco Delta Asia Ltd. Macau • US, European and other banks won’t Correspond with you – Strict Due Diligence – Correspondent Bank Certifications – Demand due diligence (KYCC) • The cost of a Fine is insignificant, compared to the internal cost and f f loss of business. – Restructuring, new procedures, new systems, training – Loss of reputation – Loss of shareholder value 7/8/2009 Risk Based Approach 14
  • 15. What are sanctions: • Definition: Sanctions are punitive or coercive measures against a state or its nationals failing to comply with. • Types of sanctions: Multilateral sanctions (e.g. UN Country or regime sanctions (eg sanctions) Taliban, Congo DRP, Sudan, Syria, Iran) Bilateral sanctions (e.g. US sanctions List-based sanctions (eg against against Cuba) known terrorists) • All UN member states, are obliged to implement UN Security Council sanctions domestically. • Financial Institutions must comply with sanctions in all jurisdictions within which they operate. 7/8/2009 Embargoes & Sanctions 15 May 13, 2008
  • 16. Managing Sanctions • Off the shelf Off-the-shelf shelf filtering software is available • Can check incoming and outgoing payments and any other transaction or customer information entered onto systems. • However, However judgment is required: – Names may not be a complete match – May get a country match but the transaction is not sanctioned. • Must have a process for assessing and then declining or approving transactions with full audit trail. • Staff must have targeted training depending upon factors such as: g g p g p – Nationality – Type of business (eg domestic, global trade, international payments etc) – Decision making capacity capacity. 7/8/2009 Embargoes & Sanctions 16 May 13, 2008
  • 17. Compliance Costs Increase – KYC AML, OFAC KYC, AML Compliance is expensive. Non-compliance is very expensive. • Technology costs – the bar keeps moving • Then Th Now N • OFAC Scan repair items Scan all items • KYC/AML Recordkeeping and Money Laundering Travel Rules Pattern Recognition • Cost of non-compliance - Enforcement actions - Prosecutions - Reputational damage 7/8/2009 Embargoes & Sanctions 17 May 13, 2008
  • 18. Compliance Requirements Increase Section 312 of the USA PATRIOT Act increases costs and risks. • Requires due diligence risk assessment for Foreign Financial Institutions (FFIs) - Nature of the FFI’s business & the markets its serves - Nature of the correspondent account, including account purpose, types of services provided and anticipated account activity provided, activity. - Nature and duration of of bank’s relationship with the FFI – and affiliates. - FFI’s home supervisory regime. - Info known or reasonably available regarding the FFI’s AML record. • New FFI due diligence rules are effective: - July 5 2006 for new account openings. 5, openings - October 2, 2006 for existing accounts. 7/8/2009 Embargoes & Sanctions 18 May 13, 2008
  • 19. Watch list Filtering g • Scanning of customer records & transactions against – Government sanction lists – OFAC, BOE, UNO etc , , – High risk individuals- terrorists, organized crime, fraudsters etc – Exposed individuals – PEPs, public figures, high profile – 3rd party database providers – World Compliance, Thomson, Bridger, World-Check, Dow Jones-Factiva, C D J F ti Complinet, L i N i etc., li t Lexis-Nexis, t • Key Issues – Character Variations – Phonetic Variations – Transliterations & cultural differences • Using intelligent name matching algorithms with : – Normalization of names – capitals, abbreviations, spaces, punctuation – Reference libraries – common short names, cultural inputs – Reduction to simplified representation – phonetics soundex phonetics, – Indexing – decision tree – Similarity assessment – string equality, sub-sets, edit distance 7/8/2009 Embargoes & Sanctions 19 May 13, 2008
  • 20. What is it Regulators are looking for banks to do? • All accounts risk ranked systematically • All transactions risk ranked systematically • All transactions and all customer activity profiled to determine “usual and normal” behavior • Peer groups used to find unusual behaviour in similar accounts • How is previously unknown behavior detected and alerted • Profiles to be dynamically created and adapted • Rules must be dynamically created, adapted and implemented • The Regulators want banks to actively find money laundering! • Regulators are becoming more IT aware, than ever before! 7/8/2009 Risk Based Approach 20
  • 21. Why a Risk Based Approach? Regulatory Guidance Characteristics FATF Money Laundering Typologies Takes into consideration multiple risk factors 3rd EU Directive, Basel CDD paper, and Wolfsberg including customer/business type, geography, product/delivery channels, and transaction type Principles paper U.S. Comptroller’s Handbook Establishes levels perceived risk for which proportional controls may be devised FSA & Other Regulatory Directives Egmont Group Efficient and cost effective approach to AML Program MiFiD management: Benefits Risk management framework accepted by regulators More effective and efficient processes Industry leading practices 7/8/2009 Risk Based Approach 21
  • 22. Components of a Risk Based Approach Risk Indicators Mitigating Controls g g Customer/Business Type AML Governance Structure AML Policies & Procedures Geography Training/Communications & g Product/Delivery Channels Awareness Independent Testing Transaction Type AML Risk Based Approach Regulatory Environment Increased regulatory expectations New regulations 7/8/2009 Risk Based Approach 22
  • 23. The Situation • High risk individuals, companies and organisations are targeting financial organisations and the countries within which they operate. • Their very existence depends on their ability to enter your organisation or country undetected. What are the risks: •R l t Regulatory risk ik • Reputational risk • Business risk • Shareholder risk • Job risk k 7/8/2009 Risk Based Approach 23
  • 24. AML Process Elements Policy, strategy, resource allocation Program evaluation & continuous improvement Communications,, awareness Technology & training Risk and Compliance p AML Office Officers Branch AML Officers Corporate Partners Investigations & Account opening, Suspicious customer identification Activity y & risk assessment s assess e t Reporting Financial intelligence, monitoring, analysis, trending & Enhanced Due Diligence 7/8/2009 Risk Based Approach 24
  • 25. LOB Risk Assessment Determine Develop and Evaluate inherent Assess controls residual risk/ implement action risks establish plans thresholds Evaluate Assess Determine Develop Monitor and Maintain and enhance controls retain records Monitor Maintain 7/8/2009 Risk Based Approach 25
  • 26. Anti-Money Laundering High Risk Characteristics High Risk Characteristics Customer/Business Types Geography Product/Delivery Channel Transaction Types • Politically Exposed Persons • Sanctioned List • Mobile to mobile • Off-shore Countries • Non Resident Aliens • Private Banking, Trust, • Foreign wire transfers, • Transaction activity with Commercial, Retail where it money instruments and • Money service businesses high risk countries (e.g. involves high net worth cash (e.g. check cashing, wire 311 USA Patriot Act and individuals and their transmitter) FATF) corporate interests with • Use of “Omnibus” and personal and discrete “Concentration Accounts” Concentration Accounts • Gaming and betting service • Internet Delivery • E-Bill Payment • Real estate brokers • Nominee Account • Correspondent Bank • Jewelry businesses Clearing • Travel agencies • Prepaid stored valued card • Car, boat, aircraft, and farm equipment dealerships • Payable through accounts y g • Charitable organizations • Law, accounting, and medical firms • Pawn brokers • Phone or debit card businesses • Off-shore Trusts 7/8/2009 Risk Based Approach 26
  • 27. Risk-based Approach and the KYC Process Risk-Scoring s Sco g • Simplified Due Diligence? • Enhanced Due Diligence? 7/8/2009 Risk Based Approach 27
  • 28. Risk-based Risk based Approach and the KYC Process – How do we perform risk assessment? – Do we have the right tools to do the job? – How does the risk assessment program define and score the risks of products? Customers? And jurisdictions? – How do we develop risk based matrices? With or without the help of outside vendors? 7/8/2009 Risk Based Approach 28
  • 29. Risk-based Risk based Approach and the KYC Process Simplified or Enhanced Due Diligence? Simplified CDD p Level 1 - Tick-box / Red-Flag Check g Limited CDD Level 2 - Public Record Research Standard CDD Level 3 - Public Record Research Limited Source Enquiries Enhanced CDD Level 4 - In depth Public Record In-depth Research & Enquiries Specific issues The Risk-based approach requires a levelled approach to CDD 7/8/2009 Risk Based Approach 29
  • 30. Risk-Based Risk Based Approach Matrix • B ildi an RBA matrix i a collaborative effort Building t i is ll b ti ff t between: – The Compliance Unit – The Economic Center – The Business Units – The Management Information Services (MIS) Department – IT Division – Others…. 7/8/2009 Risk Based Approach 30
  • 31. Main RBA Factors Customer Risk Country Risk Sector Risk Product Risk 7/8/2009 Risk Based Approach 31
  • 32. RBA Elements Customer Risk Country Risk •Overall background and reputation •Political stability •Business interests and practices Mgt Business practices-Mgt •Legal status Legal •Business associates and •Economic situation networks/ Business Link •Standing of the financial services •Political Affiliations (PEPs) industry •Beneficial ownership and control •Exposure to organised crime and •Source of funds Source Money laundering •Corruption Sector Ri k S t Risk Product Ri k P d t Risk •Weapons and Metal trading •Private Banking •Precious metals •Correspondent Banking •Art •Structured Finance •Real Estate •Commodities •Exchange Dealership 7/8/2009 Risk Based Approach 32
  • 33. RBA Matrix • An RBA Matrix is built to: – Assess Risks – Capture identified risks – Estimate their probability of occurrence and impact – R k th risks b Rank the i k based on th above d the b information. 7/8/2009 Risk Based Approach 33
  • 34. • These variables may increase or decrease the risk posed by a particular customer or transaction, for example: – The level of regulation or governance regime to which a customer is subject (A customer is located in a high subject. regulated jurisdiction poses less risk than a customer located in a low risk jurisdiction) – Type of the entity: publicly owned entities pose less risk than private entities – The use of intermediate = Anonymity 7/8/2009 Risk Based Approach 34
  • 35. High risk products and services Examples The following examples are sample of high risk products that are vulnerable to ML & TF: – Facilitate a higher degree of anonymity – Involve the handling of high volume of currency. g g y – Rapid transactions speed – Wide geographic availability 7/8/2009 Risk Based Approach 35
  • 36. High risk products and services Examples • Wire transfers: • Correspondent Banking: ( p g (Factors to consider) ) – Account purpose – Location of the respondent bank p – Nature of the banking license – The respondent money laundering detection and p y g prevention controls – The respondent bank regulation and supervision in its country 7/8/2009 Risk Based Approach 36
  • 37. Break Time 7/8/2009 Risk Based Approach 37
  • 38. Red Flags Sudden and inconsistent change in account activity or a concerning pattern A business account had sudden excessive cash activity inconsistent with past behavior. No checks were made to suppliers or received from customers; the company is not know by local competitors. The business address is a p y y p residential apartment and the phone number on file communicates with a fax machine. Frequent foreign wires to/from higher risk countries A charitable organization had hundreds of thousands of dollars coming into their account via settlement of credit card transactions. Wires were sent to individuals and entities in high risk countries; foreign counter p g ; g parties were limited and could not be traced or identified. The purpose of the charity could not be identified and it was determined that the organization was operated out of a residential apartment. 7/8/2009 Risk Based Approach 38
  • 39. Red Flags Absence of cash with a cash intensive business account A business customer that operates a restaurant/grill receives only deposited checks into its account. Deposits consisted of checks from different businesses/individuals payable to different parties. Following the deposits were ACH debit transfers to another bank. There were no cash deposits made into account, which is inconsistent with the type of business. 7/8/2009 Risk Based Approach 39
  • 40. Case Study - Background An offshore financial institution incorporated in Bermuda is looking to provide a structured finance loan to a group of investors. The country into which the funds will flow and in which the project will be carried out are th I i d t the Ivory Coast and Middle Eastern countries. C t d Middl E t ti The sector in which the transaction is due to take place is the construction sector and therefore inherently a high money laundering risk. y g y g It is unclear whether the directors and shareholders of the company are the beneficial owners. Rumours have been identified in the public record suggesting that the two businessmen and the company are linked to a PEP and that the foreign bank involved in the transaction is a pocket bank of the same PEP. 7/8/2009 Risk Based Approach 40
  • 41. Case Study - Background The transactional structure presented by the customer is very complex and the reasoning behind the complexity and non-transparency is unclear non transparency unclear. A number of companies within the structure have not yet been incorporated and are “work-in progress”. 7/8/2009 Risk Based Approach 41
  • 42. Case Study – Results of Risk-Scoring Customer Risk Country Risk •Overall b k O ll background and d d •Known of weak AML rules K f k l reputation •Known of terrorist financing, •Business interests and practices Business Smuggling & other money •Business associates and laundering activities networks •Political Affiliations (PEPs) •Beneficial ownership and control •Source of funds S ff d Sector Risk Product Risk •Real Estate •Structured Finance •Complex transaction 7/8/2009 Risk Based Approach 42
  • 43. Case Study - Approach The scope of research should be divided into two phases: Phase I - involve public record research into all parties (individuals and companies) involved. This also included an overview of the business networks and associations of the businesses and the individuals. Phase II - given the low profile of the individuals that could be available in public records, a series of discreet enquiries within the local business communities in which the individuals are active should be undertaken in order to ascertain their overall business reputation and to ascertain whether there is indeed any substance to the allegations of their business being a front- operation for a PEP. i f PEP 7/8/2009 Risk Based Approach 43
  • 44. Case Study – Results of Risk Scoring Risk-Scoring Enhanced CDD – Level 4 Simplified CDD p Level 1 - Tick-box / Red-Flag Check g Limited CDD Level 2 - Public Record Research Standard CDD Level 3 - Public Record Research Limited Source Enquiries Enhanced CDD Level 4 - In depth Public Record In-depth Research & Enquiries Specific issues The Risk-based approach requires a levelled approach to CDD 7/8/2009 Risk Based Approach 44
  • 45. Customer Risk Matrix Products/Services Used Customer Type Deposit Unsecured Wire Transfer Private Trust Services Account Loan/Credit Banking Cards PEP Moderate Moderate High Highest Highest High Net Worth Moderate Moderate High Highest Highest High Risk Nationality Moderate Moderate High High High High Risk Industry Moderate Moderate Moderate Moderate Moderate Cash Intensive Normal Moderate High Moderate Moderate Business Salaried Employee Normal Normal Normal Normal Normal Independent Moderate Normal Normal Normal Normal Consultant/Indiv idual Entrepreneur Unemployed Moderate Moderate Moderate Moderate Moderate Charity Moderate High High High High Compliance ALert July 09, 2009 45
  • 46. Account Opening Policies Customer Risk Rating Applicable Policies Normal N l •Presentation of valid original identity documents •Establish purpose of account •Establish source of funds •Retain copies •Check against UN and other watch lists Moderate •Above plus … •Send registered letter to customer at provided address. Retain signed return receipt. High •Above plus … Above •Independent verification of account opening documents •Verification of source of funds •Interview with bank officer •Visit by bank officer to customer home/business Visit •Approval from branch manager •Updating of account information/documents every twelve months Highest g •Above plus … Ab l •Updating of account documents every six months Compliance ALert •Approval from CEO 2009 July 09, 46
  • 47. Transaction Type Risk Matrix Customer Offshore Wire Transfer Cash deposit under Large Forex Early Loan Risk Rating Wire to High Risk threshold/structuring Cash Repayment Transfer Jurisdiction transactions Deposit Normal Standard Standard Standard Enhanced Standard Standard Moderate Enhanced Enhanced Enhanced Enhanced Enhanced Enhanced High Severe Severe Enhanced Enhanced Enhanced Enhanced Highest Severe Severe Severe Enhanced Enhanced Enhanced Compliance ALert July 09, 2009 47
  • 48. Transaction Execution/Monitoring Policy Transaction Risk Rating Applicable Policies Standard •Teller/staff monitoring •Automated system monitoring Enhanced •Customer explanation for transaction •Compliance Officer Approval for execution Severe •CEO Approval for execution Compliance ALert July 09, 2009 48
  • 49. Continuous Control Monitoring Business Process Areas Specific Compliance p p Daily AML & Compliance Customer Profile Monitoring Transactions Currency Customer Statistics Cash (In-Out) Transaction Performance Reporting Analysis Analysis of data Inward Swift Transaction collected Suspicious Activity Activities Outward Swift Reporting Analysis Building Unusual Scenarios Bank Drafts Terrorist Reporting Behavior Analysis Pattern Clearing Matching KYC Analysis Transfer Trend Analysis A/C to A/C Compliance ALert July 09, 2009 49
  • 50. Case Study – The Brief Aware of the provision of guidelines in terms of the documentation & verification required in order for the Bank to be compliant with the money laundering legislation the Bank is subject to. Based on the guidelines the issues which needed to be addressed should b d fi d h ld be defined. Based on the issues defined research and enquiries in all the relevant jurisdictions should be undertaken undertaken. 7/8/2009 Risk Based Approach 50
  • 51. Case Study – Expected Outcome On the basis of the enhanced CDD that should be undertaken the Bank undertaken, could cross-reference the information provided by the customer to verify the claims made by the customer independently Could C ld confirm th id tit of the beneficial owner and d t fi the identity f th b fi i l d determine th i the reasoning behind the complex transactional structure The Bank would be in a position to disprove any rumours which had been p p y voiced about links and front operations for a PEP The exercise provides a complete and comprehensive documentation trail and supporting case within the scope of the CDD process The exercise enables the Bank to decide on the level of ongoing monitoring, given the risks are classified as high. 7/8/2009 Risk Based Approach 51
  • 52. Enhanced Ri k A E h d Risk Assessment M th d l t Methodology Conduct detailed analysis of each category 1 2 3 4 5 Assess Risk Purpose of Activity in Nature of the Location Products and Account Account business Services used 7/8/2009 Risk Based Approach 52
  • 53. Compliance Customer’s Risk Rating Customer/Account Information Risk Factor Review Risk Value 8. Account Debit Activity - Estimate monthly volume for all accts, please insure Volume/velocity consistent with nature of business 0 percentages total 100% _____% cash Purchasing monetary instruments 1 _____% checks Foreign Swift transfers (repetitive) 1 _____% currency exchange Foreign Swift transfers (walk-in) 2 _____% ACH Foreign Swift transfers to high risk countries (NCCT list, 5 OFAC, SIC) _____% purchase official checks, money orders, etc. Domestic Swift transfers 1 _____% domestic wire transfers New Customer - Compare anticipated debit volume with other similar businesses in the area. Additional investigation should be conducted to explain any unusual business factors. _____% foreign wire transfers: LIST COUNTRIES BELOW Existing Customer - Compare historical deposit volume and velocity with other similar businesses in the area. Additional investigation should be conducted to explain significant discrepancies. 100% TOTAL RISK Business/Commercial Customer Risk Weighting Score -23 to +4 = Low Risk (L) NOTE: Compliance or Risk Management staff may modify the risk rate for a +5 to +14 = Moderate Risk (M) customer based on confidential information such as filing of SAR, receipt of +15 to +29 = High Risk (H) criminal subpoena, etc. +30 and > = Extreme (E) Management Approval Req'd 7/8/2009 Risk Based Approach 53
  • 54. Compliance Customer’s Risk Rating Customer/Account Information Risk Factor Review Risk Value 6. Nature of Business Services (be specific) Money service business (see MSB section on page 2) +15 NAICS Code for principal line of business: Brokered deposit relationship 30 Cash intensive business (see Question 9 for list) 10 ATM owner/operator 10 Customer qualifies as Phase I exempt p q p person -15 Customer is exempted as Phase II exempt person -5 7. Account Deposit Activity - Estimate monthly volume for all accts, Volume/velocity consistent with nature of 0 please insure percentages total 100%. Total Deposits: $ ________________ business Purchasing monetary instruments 1 _____% cash Foreign swift transfers (repetitive only) 1 _____% checks Foreign swift transfers (repetitive and/or walk-in) 2 _____% currency exchange Foreign swift transfers to high risk countries (NCCT list, SIC, 5 OFAC) _____% ACH Domestic Swift transfers 1 _____% purchase official checks, money orders, etc. New Customer - Compare anticipated deposit volume with other similar businesses in the area. Additional investigation should be conducted to explain any unusual business factors. _____% domestic wire transfers Existing Customer - Compare historical deposit volume and velocity with other similar businesses in the area. Additional investigation should be conducted to explain significant discrepancies. _____% foreign wire transfers: LIST COUNTRIES BELOW ----------- 100% 7/8/2009 Risk Based Approach 54
  • 55. Compliance Customer’s Risk Rating Customer/Account Information Risk Factor Review Risk Value 8. Account Debit Activity - Estimate monthly volume for all accts, please insure Volume/velocity consistent with nature of business 0 percentages total 100% _____% cash % Purchasing monetary instruments g y 1 _____% checks Foreign Swift transfers (repetitive) 1 _____% currency exchange Foreign Swift transfers (walk-in) 2 _____% ACH Foreign Swift transfers to high risk countries (NCCT list, OFAC, 5 SIC) _____% purchase official checks, money orders, etc. Domestic Swift transfers 1 _____% domestic wire transfers New Customer - Compare anticipated debit volume with other similar businesses in the area. Additional investigation should be conducted to explain any unusual business factors. _____% foreign wire transfers: LIST COUNTRIES BELOW Existing Customer - Compare historical deposit volume and velocity with other similar businesses in the area. Additional investigation should be conducted to explain significant discrepancies. 100% TOTAL RISK Business/Commercial Customer Risk Weighting Score -23 to +4 = Low Risk (L) NOTE: Compliance or Risk Management staff may modify the risk rate for a +5 to +14 = Moderate Risk (M) customer based on confidential information such as filing of SAR, receipt of +15 to +29 = High Risk (H) criminal subpoena, etc. +30 and > = Extreme (E) Management Approval Req'd 7/8/2009 Risk Based Approach 55
  • 56. Enhanced Risk Assessment Methodology Identify specific risks categories Product and Service Risk Risk Response Customer Impact Quantity of Response Quality of Analysis Effectiveness Actions Risk Risk (controls) Risk Analysis Geographi c Risk Identify Risk Assess Quantity of Risk Assess Quality of Risk Action Plans Categories 7/8/2009 Risk Based Approach 56
  • 57. Best Practices Framework Corporate Governance AML Risk Assessment Risk Profile Investigations & Reporting Project Pl Program Manage ures Risk-Based Writte Procedu lanning/Ex Policies Customer Customer Transactions Due Diligence en ement xecution Single Customer View Data 7/8/2009 Training/Self Testing Risk Based Approach 57 Independent Audit
  • 58. Case Study: The United Nations A FAMILY-RUN BUSINESS 7/8/2009 Risk Based Approach 58
  • 59. Case Study: The United Nations Leo Mugabe Kofi Annan Kojo Annan Hani Yamani Kojo Amoo • Son of Kofi Annan (Secretary General-UN) from first marriage • Worked for SGS/Cotecna (given UN deal to enforce sanctions in Iraqi ports) • Moved on to start own company, Sutton Investments • Sutton part of consortium with Air Harbour Technologies & Leo Mugabe ( p p g g (nephew of Robert Mugabe, Pres of Zimbabwe) • Air Harbour owned by Hani Yamani (son of Sheikh Yamani, Saudi Oil Min.) p • Consortium won bid valued in $100s of millions to build Zimbabwe airport • Kojo Amoo-Gottfried, Ghana Ambassador to UN (nephew of Kofi) 7/8/2009 Risk Based Approach 59
  • 60. Risk: Customer/Business Type Identifying PEPs How do you determine whether an account holder is a PEP? • Seek information directly from the individual • Review sources of income including past and present employment history and references form professional associates • Review public sources of information (i.e. databases, newspapers, etc.) • CIAs online directory of “Chiefs of State and Cabinet Members of Foreign Governments” http://www.odci.gov/cia/publications/chiefs/index.html • Transparency International Corruption Perceptions Index • Private vendors (i.e. world Compliance/ Regulatory DataCorp (RDC), Factiva, Factiva and WorldCompliance) 7/8/2009 Risk Based Approach 60
  • 61. Risk: Customer/Business Type Identifying PEPs (Cont ) (Cont.) FATF Recommendations for PEPs: Determine whether a customer is a PEP Obtain senior management approval for establishing relationship Establish source of wealth of funds Conduct ongoing monitoring of relationship 7/8/2009 Risk Based Approach 61
  • 62. Risk: Customer/Business Type Examples of Black Lists OFAC: Office of Foreign Assets & Control lists: Specially Designated Nationals p y g Weapons of Mass Destruction Blocked Countries BIS: S Bureau of Industry & Security - Issued by the United S f S States BOE: Bank of England CSSF: Commission de Surveillance du Secteur Financier Luxembourg Financier-Luxembourg SECO: Secretariat d’Etat a l’economie – Switzerland UN: United Nations: Al-Qaida & Taliban; Iraq; Liberia Al Qaida MAS: Monetary Authority of Singapore EU: EU Regulations g FATF: Financial Action Task Force Other: Vendor (i.e. SIDE-OFAC/World Check Lists) and internal Lists 7/8/2009 Risk Based Approach 62
  • 63. Summary – Risk-scoring defines the level of CDD required – Beneficial Ownership and PEPs are key – Advantages: • Institutions can mitigate their own risk exposure through the risk-based approach and risk exposure risk based • Risk-Scoring also enables institutions to develop benchmarks and risk rating parameters 7/8/2009 Risk Based Approach 63
  • 64. 7/8/2009 Risk Based Approach 64
  • 65. For Additional clarifications, please call: +961 1 787049 nakib.ba@calert.org Bashir A. El-Nakib CAMS, ACFE CAMS ACFE, CFAP 7/8/2009 Risk Based Approach 65

×