Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
CFCS Examination Preparation Series
February 28, 2014

Part 3:
Asset Recovery
Tax Evasion and Enforcement
Financial Crime ...
Brian Kindle
Executive Director
Association of Certified Financial Crime Specialists
Miami
Charles A. Intriago
President and Founder
Association of Certified Financial Crime Specialists
Miami
CFCS Examination Preparation Series
February 26, 2014

Asset Recovery
Asset forfeiture
• Criminal forfeiture
- against the defendant or person
• Civil forfeiture
- in rem’ - against property
-...
Asset forfeiture

6
International Assistance
• Freezing Orders - Mareva injunctions

• Pure Bill of Discovery - Norwich Pharmacal
• Production...
International Assistance
Mutual Legal Assistance Treaties (MLATs)
• Taking testimony of persons
• Providing documents, rec...
International Assistance
• Foreign ministries, nation's chief legal officer

• Embassies – yours and theirs
• “Back channe...
Enforcement of Judgments
• Uniform Foreign Money Judgments
Recognition Act
• Domestic judgments often are enforced in
othe...
Third Party Targets
• Third parties can be valuable, if difficult, targets
for asset recovery operations
Possible third pa...
Key Lessons
• Understand viable targets for asset recovery
options
• Understand information sources, including
open source...
Review Question
• You are employed as part of an asset recovery team seeking
to recover funds from a corrupt government of...
Review Question
A. Letters rogatory
B. Anton Pillar order
C. Mareva injuction
D. Production order
CFCS Examination Preparation Series
February 28, 2014

Tax Evasion and
Enforcement
Overview and Definition
• Conduct designed to intentionally and illicitly avoid
paying tax liabilities
• Often a thin line...
Convergence of Tax & Money Laundering
Enforcement
• Global trend toward criminalization of tax
compliance, enforcement wil...
Convergence of Tax & Money Laundering
Enforcement
• In February 2012, FATF issued revised
recommendations on anti-money la...
Tax Shelters
• Mechanism by which taxpayer may protect assets or
income from taxation, or delay tax application
• Investme...
Tax or Secrecy Havens
• Jurisdictions that provide secrecy or other means of
protecting assets from taxation
• Individuals...
Characteristics of Tax or Secrecy Havens
• No or nominal taxes
• Lack of effective exchange of tax information
• Lack of t...
Characteristics of Tax or Secrecy Havens
• No requirement for physical presence, allowing for
shell corporations
• Self pr...
Methods of Tax Evasion and Tax Fraud
• Income tax evasion can be straightforward as underreporting income, overstating ded...
Methods of Tax Evasion and Tax Fraud
• Smuggling and evasion of customs duties
• Employment tax fraud
•
•
•
•

Falsified w...
Red Flags of Tax Evasion
• Failing to follow advice of accountant, attorney or
preparer
• Failing to inform a tax professi...
FATCA
•
•
•
•

March 2010 – FATCA signed into US law
February 2012 – Temporary IRS Regulations Issued
Numerous IRS Notices...
FATCA Overview
• Essentially enlists ‘Foreign Financial Institutions (FFIs)’ to act
as extension of IRS enforcement networ...
Intergovernmental Agreements
Model I and Model II Agreements
• Model I requires FFIs to report information on US accountho...
FATCA Gaining Momentum
• 70 countries reportedly in talks with US Treasury

• FATCA Partners now include 19 countries ( in...
G20 and Bank Information Exchange

30
OECD Automatic Exchange Standard

31
Key Lessons
• Understand structures used to evade

taxes, especially offshore legal entities
• Understand common types of ...
Practice Question
Your bank holds a business account for a local tax preparation service.

What would MOST likely trigger ...
Practice Question
• Answer A is the correct answer due to the fact that this is a
classic red flag for tax fraud. Multiple...
Practice Question
• Answer C is incorrect because, once again, this fits the
customer profile. You would expect variances ...
CFCS Examination Preparation Series
February 28, 2014

Financial Crime
Investigations
Legal Underpinnings
• Common law systems
• Rely on case law, precedent
• Legal remedies not in statutes are available
• Ex...
Public vs. Private Investigations
• Public investigation by law enforcement
agency, grand jury, regulatory body
• Deploys ...
Investigative Tools and Techniques
• Compulsory power to obtain documents and
testimony
• Telephone, electronic wire inter...
Open-Source Intelligence
• Publically available information, often online
• Many sources, often free and easily discoverab...
Online Open-Source Tools
•

•

Online information increasingly critical in financial crime investigations
• Advanced web s...
Interviewing Techniques
•
•

•
•

Usually best to begin interviews with persons farthest removed from
suspected crime
Diff...
Intelligence vs. Evidence
•

Intelligence furthers investigation but is not generally admissible
in court
•
•
•

•

Photos...
Investigations Across National Borders
•

Many financial crime investigation require assistance from other
nations and jur...
Tips and Whistleblowers
•

Common trigger of financial crime investigations

•

Encouraged by laws authorizing rewards, pr...
Investigating Employees
•

Some companies have rules on employee cooperation in
internal investigations, but they must not...
Court Orders
•

Search warrants
• Granted by judge to government agencies,
• Specify time, place and items to search
• Fai...
Beneficial Owners
•

Typically refers to person who maintains ultimate control over
funds, assets, legal entities or finan...
Corporate Registries
•

Collect and store information pertaining to corporations and
other legal entities created within a...
Corporate Registries
•The following information is usually available from corporate
registries:

• The name and type of th...
Corporate Registries
• Many jurisdictions offer access to registries through websites.
Some international bodies also main...
Types of Financial Institution Records
•

Critical source to “follow the money” in financial crime
investigations, often n...
Summarizing Financial Institution Records
• Investigator should prepare summaries of information in
documents from an inst...
What Financial Institution Records Show
• Some leads that a financial account analysis can provide:
• Names of persons, en...
Other Financial and Commercial Records
Examples

• Commercial invoices
• Cancelled checks
• Receipts, related expense
docu...
Protecting the Evidence
•
•

•
•

All records should be treated as possible evidence
Implement chain of custody from the s...
Key Lessons
•

Recognize the types of documents and records that can be
employed in financial crime investigations

•

Und...
Review Question
Securities King was a stock brokerage that collapsed after it was
revealed to be running a Ponzi scheme. T...
Review Question
A. Request that a bankruptcy court judge name you a
receiver of Securities King
B. Contact the lawyer to s...
Review Question
Answer C is the correct answer. While all four responses may be
appropriate at some point in the investiga...
CFCS Examination Preparation Series
February 28, 2014

Fraud Detection and
Prevention
Overview and Definition
• Intentional misrepresentation, concealment or
deception in pursuit of financial gain or to furth...
Understanding and recognizing types of fraud
• Ponzi schemes
• Despite recent exposure, remain widespread type of fraud
•
...
Understanding and recognizing types of fraud
• Securities fraud
• Misrepresentation around a security, which can be
virtua...
Understanding and recognizing types of fraud
• Common types of securities fraud include
– Microcap or “penny stock” frauds...
Understanding and recognizing types of fraud
• Fraud in loans and mortgages
• Intentional, material misrepresentation or o...
Understanding and recognizing types of fraud
• Credit and debit card fraud
• Need not involve physical fraud; increasingly...
Understanding and recognizing types of fraud
• Other types of fraud include:
– Insurance
– Health care
– Government benefi...
Identity Theft and Fraud
• Fastest growing types of consumer fraud
• A leading threat to accounts at banks and other
insti...
Red Flags of Identity Theft
• Common signs indicating a stolen or compromised identity
• Alerts and warnings from a credit...
Preventing Fraud
• Similar measures as other compliance programs, but
training, awareness are even more important in fraud...
Preventing Fraud
• Assess likelihood of fraud schemes or scenarios
• Assess materiality of risks: which schemes would
have...
Key Lessons
• Preventing fraud is heavily reliant on awareness,
training, and internal controls
• Financial crime professi...
Review Question
• Your institution has recently been dealing with a large number
of identity theft cases, in which thieves...
Review Question
A. Immediately notify customers whose data has been
compromised
B. Restrict access to sensitive customer d...
Review Question
Answer B is the correct response. Like other review
questions, all of these answers could be considered
go...
Review Question
A mortgage administrator has been dealing with a buyer
attempting to obtain a large mortgage on a home fro...
Review Question
A. A real estate agent from a nearby city is helping to
broker the sale
B. The seller is not currently lis...
Review Question
Answer C is the correct answer. In the question, it describes the
loan applicant as seeking the home as an...
CFCS Examination Preparation Series
February 28, 2014

Compliance
Programs
Overview of Compliance
•

Processes and controls to comply with laws,
regulations, other requirements

•

Regulatory struc...
Programs Within Compliance
• Governance
– Analytics
– Investigations
– Intelligence
– Customer Due Diligence
– Compliance ...
Governance
•
•
•
•

Enterprise Risk Assessment
Gap Analyses
Creating/Reviewing/Delivering Training
Liaison to Regulators/E...
Investigations & Intelligence
• Investigations
– Investigate unusual activity
– Report on unusual activity
– Investigate p...
Analytics
•
•
•
•

Tools for transaction monitoring
Analytics for enterprise-wide risk assessment
Analytics for customer r...
Customer Onboarding
• Customer Due Diligence - “Know Your
Customer”
• Customer Identification Program
• Customer Monitorin...
Employee Onboarding
• “Know Your Employee”
• Employee Monitoring
• Employee “red flags”
Organizational Overview of Financial Crime Program
• Size, structure, complexity and risks of organization are
basis of co...
Organizational Overview of Financial Crime Program
• Preventive controls include:
•
•
•
•
•
•

CIP and CDD programs
Approp...
Organizational overview of financial crime controls
• Detective controls include:
• Identifying suspicious activity throug...
Risk Assessment
• Assessing risks allows understanding of vulnerability,
better resource allocation
• Should consider
• Ty...
Risk Assessment
Key elements include
• Methodology to quantify level of risk
• Methodology to quantify adequacy of control...
Sanctions Compliance
• Laws or regulations of certain nations prohibit
conducting transactions for certain national
govern...
Sanctions Compliance
• Some sanctions compliance best practices include:

• Development and implementation of
policies, pr...
Sanctions Compliance
• Leveraging screening, transaction monitoring to
detect and prevent payments in violation of
sanctio...
AML Cycle
Organizational Risk
Assessment
Identify and rate risks across
the organization and within
lines of business

Upd...
High-Risk Customers
• Risk depends on product, geographic region. Examples:
•
•
•
•
•
•
•
•
•
•

Politically Exposed Perso...
High-Risk Products
• Examples:
• Prepaid, payroll cards
• “Payable upon proper identification” (PUPID)
transactions
• Mone...
High-Risk Products
• Other examples :
• Foreign correspondent accounts: bulk currency shipments,
pouch activity, and payab...
High-Risk Jurisdictions, Geographic Areas
• Understanding specific money laundering, terrorist financing,
corruption, frau...
Customer Onboarding and Monitoring
Account opening procedures
Best practices include:
• Gathering, verifying, authenticati...
Customer Identification Program (CIP)
• Usually required by jurisdiction’s laws, regulators

• ID information must be coll...
Enhanced Due Diligence
• For high-risk services, customers, jurisdictions

• Examples include:
• Identifying and verifying...
Employee Onboarding and Monitoring
Best practices for effective “know your employee,” onboarding:

• Assessment begins dur...
Employee Onboarding and Monitoring
Best practices for effective “know your employee,” onboarding:

• Providing new employe...
Employee Onboarding and Monitoring
Best practices for ongoing employee monitoring:

• Regularly scheduled background scree...
Transaction Monitoring
• Automated system, either proprietary application or vendorprovided, for ongoing transaction, cust...
Transaction Monitoring
• More advanced systems incorporate hybrid of rules-based,
statistical approaches
• Transaction mon...
Key Lessons
• Customer due diligence, profiling and risk assessment are
key to effective compliance programs
• Essential t...
Practice Question
• A small regional bank recently started using a new transaction
monitoring tool that utilizes custom sc...
Practice Question
A. Scenario A that generated 100 alerts in the past 3 months and
50% of those were deemed suspicious and...
Practice Question
Answer A is incorrect and appears to be a well performing
scenario. It is generating alerts and the perc...
Practice Question
Answer C is correct as it is clearly a broken scenario since no alert
was generated. That there appears ...
Your Questions
Thank you for attending
Tax evasion, fci, fraud, compliance 2 28-14
Upcoming SlideShare
Loading in …5
×

Tax evasion, fci, fraud, compliance 2 28-14

747 views

Published on

Slides for CFCS prep deck 2-2814

Published in: Economy & Finance
  • Be the first to comment

Tax evasion, fci, fraud, compliance 2 28-14

  1. 1. CFCS Examination Preparation Series February 28, 2014 Part 3: Asset Recovery Tax Evasion and Enforcement Financial Crime Investigations Fraud Compliance Programs and Controls Presented By Charles Intriago Brian Kindle
  2. 2. Brian Kindle Executive Director Association of Certified Financial Crime Specialists Miami
  3. 3. Charles A. Intriago President and Founder Association of Certified Financial Crime Specialists Miami
  4. 4. CFCS Examination Preparation Series February 26, 2014 Asset Recovery
  5. 5. Asset forfeiture • Criminal forfeiture - against the defendant or person • Civil forfeiture - in rem’ - against property - proceeds, instrumentality of crime • Substitute assets 5
  6. 6. Asset forfeiture 6
  7. 7. International Assistance • Freezing Orders - Mareva injunctions • Pure Bill of Discovery - Norwich Pharmacal • Production Order - Bankers Trust Orders • Stand and Deliver - Anton Piller Orders • Lis pendens • Letters rogatory 7
  8. 8. International Assistance Mutual Legal Assistance Treaties (MLATs) • Taking testimony of persons • Providing documents, records and evidence • Service of documents • Locating or identifying persons • Executing requests for search and seizure • Identifying, seizing and tracing proceeds of crime 8
  9. 9. International Assistance • Foreign ministries, nation's chief legal officer • Embassies – yours and theirs • “Back channel" assistance, for location of witnesses, authentication of records • Direction to useful public sources to uncover true beneficial owner 9
  10. 10. Enforcement of Judgments • Uniform Foreign Money Judgments Recognition Act • Domestic judgments often are enforced in other countries based on "comity" 10
  11. 11. Third Party Targets • Third parties can be valuable, if difficult, targets for asset recovery operations Possible third party targets • Banks • Broker-dealers, investment advisers, etc. • Company directors • Employees • Lawyers • Auditors and certified public accountants
  12. 12. Key Lessons • Understand viable targets for asset recovery options • Understand information sources, including open sources like corporate registries • Many asset recovery operations have crossborder component – recognizing international tools is essential
  13. 13. Review Question • You are employed as part of an asset recovery team seeking to recover funds from a corrupt government official indicted for bribery and embezzlement in Canada. You have identified financial accounts and properties the official held in several common-law countries, including Australia and the UK. You are concerned that the official may attempt to transfer funds out of his accounts or dispose of properties while legal proceedings against him are still underway. What is one legal tool you could use to prevent the official from transferring these assets?
  14. 14. Review Question A. Letters rogatory B. Anton Pillar order C. Mareva injuction D. Production order
  15. 15. CFCS Examination Preparation Series February 28, 2014 Tax Evasion and Enforcement
  16. 16. Overview and Definition • Conduct designed to intentionally and illicitly avoid paying tax liabilities • Often a thin line between tax evasion and legal “tax avoidance” • Evasion is a financial crime itself and a common element of all other financial crimes 16
  17. 17. Convergence of Tax & Money Laundering Enforcement • Global trend toward criminalization of tax compliance, enforcement will continue • Convergence with other areas of law -criminal law, money laundering, asset forfeiture, international evidence gathering 17
  18. 18. Convergence of Tax & Money Laundering Enforcement • In February 2012, FATF issued revised recommendations on anti-money laundering • For first time, tax offenses expressly listed as predicate for money laundering crimes 18
  19. 19. Tax Shelters • Mechanism by which taxpayer may protect assets or income from taxation, or delay tax application • Investments in pension plans and real estate are common examples, many shelters are completely legal • Shelters can be deemed abusive by tax authorities when designed solely for avoiding or evading taxes 19
  20. 20. Tax or Secrecy Havens • Jurisdictions that provide secrecy or other means of protecting assets from taxation • Individuals, corporations, other entities can shift assets to havens through physical relocation, subsidiaries, shell corporations • Havens have been subject to increasing global pressure 20
  21. 21. Characteristics of Tax or Secrecy Havens • No or nominal taxes • Lack of effective exchange of tax information • Lack of transparency in the operation of legislative, legal or administrative processes • Anonymous company formation • Negotiated tax rates • Inconsistent application of tax laws • Little or no regulatory oversight 21
  22. 22. Characteristics of Tax or Secrecy Havens • No requirement for physical presence, allowing for shell corporations • Self promotion as offshore financial center • Examples of tax or secrecy havens • Seychelles • Panama • US states of Delaware, Nevada 22
  23. 23. Methods of Tax Evasion and Tax Fraud • Income tax evasion can be straightforward as underreporting income, overstating deductions, or not declaring offshore accounts • Can be extraordinarily complex, involving offshore accounts and layers of corporate entities • Tax codes of many jurisdictions are complicated, proving tax evasion requires willful intent to defraud 23
  24. 24. Methods of Tax Evasion and Tax Fraud • Smuggling and evasion of customs duties • Employment tax fraud • • • • Falsified worker status Pyramiding Third-party withholding Cash payments • Evasion of value added tax (VAT) • “Missing trader” fraud, carousel fraud 24
  25. 25. Red Flags of Tax Evasion • Failing to follow advice of accountant, attorney or preparer • Failing to inform a tax professional of relevant facts • Evidence from employees about irregular tax withholding, suspicious business practices • Missing or altered books and records • Transfer of assets to an offshore location or secrecy haven • Tax and related documents appear to be backdated • Use of many tax numbers by single person or entity • Submission of suspicious wage and other statements 25
  26. 26. FATCA • • • • March 2010 – FATCA signed into US law February 2012 – Temporary IRS Regulations Issued Numerous IRS Notices Since January 17, 2013 – Final IRS Regulations Issued • Key Effective Date – July 1,2014
  27. 27. FATCA Overview • Essentially enlists ‘Foreign Financial Institutions (FFIs)’ to act as extension of IRS enforcement network • Identifying US Taxpayers holding financial accounts or investments in their institutions • Reporting financial assets, US source income annually to IRS • Withholding 30%, on behalf of the IRS, on certain payments coming from US for noncompliant accounts, institutions • Reporting, withholding on accounts and payments to other FFIs that do not comply with FATCA
  28. 28. Intergovernmental Agreements Model I and Model II Agreements • Model I requires FFIs to report information on US accountholders to their tax authorities, which collect and deliver it to IRS • Model II requires FFIs to report information on US accountholders directly to the IRS. • IGAs will require some countries to change their tax, privacy laws • Some IGAs require reciprocal reporting – US institutions must report accountholders to tax authorities of signatory nations 28
  29. 29. FATCA Gaining Momentum • 70 countries reportedly in talks with US Treasury • FATCA Partners now include 19 countries ( including major economies like UK, Mexico, Denmark, Germany, Ireland, Italy, Switzerland, Spain, Switzerland, Norway; many smaller jurisdictions) • Tax transparency now a worldwide initiative • Participation ‘not an option’ 29
  30. 30. G20 and Bank Information Exchange 30
  31. 31. OECD Automatic Exchange Standard 31
  32. 32. Key Lessons • Understand structures used to evade taxes, especially offshore legal entities • Understand common types of tax fraud schemes, including those involving VAT • Recognize how FATCA works and how it is laying groundwork for international tax enforcement regime 32
  33. 33. Practice Question Your bank holds a business account for a local tax preparation service. What would MOST likely trigger further investigation by the compliance department in the bank? A. Numerous deposits of tax refund checks in the names of different individuals but with common addresses B. Multiple deposits of checks in the same amount written by different tax service customers C. Variances in the frequency of transactions depending on the calendar cycle D. A request by the customer to have payments made to the Tax Office through a certified check process 33
  34. 34. Practice Question • Answer A is the correct answer due to the fact that this is a classic red flag for tax fraud. Multiple tax refund checks for different individuals going to the same address should set off warning alarms in nearly every jurisdiction. • Answer B is incorrect because this perfectly fits the customer’s profile. The deposit of checks from different tax service customers is what you would expect as each customer paid their bill for the service. You would also expect many of them to be in the same amount for a typical tax preparation service since the fee for tax preparation would be the same for many customers. 34
  35. 35. Practice Question • Answer C is incorrect because, once again, this fits the customer profile. You would expect variances depending on the calendar cycle as this is largely a seasonal business based on tax reporting deadlines. • Answer D is incorrect because there is no indication of tax fraud in this response. The customer is making payments to his jurisdiction’s tax authorities using a certified check, which is simply a check for which a bank has confirmed sufficient funds exist to cover the amount of the check. This is not a viable means to commit tax fraud, and would more likely indicate no fraud is taking place. 35
  36. 36. CFCS Examination Preparation Series February 28, 2014 Financial Crime Investigations
  37. 37. Legal Underpinnings • Common law systems • Rely on case law, precedent • Legal remedies not in statutes are available • Examples – UK, US, Canada, India, Australia • Civil law systems • Written laws determine rights, remedies and actions • Examples – Latin America, Continental Europe, Japan • Helps evaluate ground rules of place where investigation and possible litigation is conducted, costs, likelihood of success 37
  38. 38. Public vs. Private Investigations • Public investigation by law enforcement agency, grand jury, regulatory body • Deploys all powers, authority of government • Private investigations by civilians without government powers • Can obtain powerful tools from courts, equitable remedies, bankruptcy and insolvency laws 38
  39. 39. Investigative Tools and Techniques • Compulsory power to obtain documents and testimony • Telephone, electronic wire intercepts by government agencies • Search warrants • Mutual Legal Assistance Treaties (MLATs) and less formal mutual assistance • Undercover operations • Physical surveillance • Whistleblowers, anonymous tips, informants 39
  40. 40. Open-Source Intelligence • Publically available information, often online • Many sources, often free and easily discoverable • Online searching and web content • Media outlets and news sources • Public records • Geospatial open source • Professional conferences, live events • Observation and reporting • Investigation should usually start with exhaustive OSINT before moving to more time-consuming methods 40
  41. 41. Online Open-Source Tools • • Online information increasingly critical in financial crime investigations • Advanced web searching • Searching social networks, blogs • Utilizing free and paid online databases • “Deep web” sources • Reverse image searches • Archived web sites Financial criminal use online tools, investigator should take steps to remain secure and anonymous online 41
  42. 42. Interviewing Techniques • • • • Usually best to begin interviews with persons farthest removed from suspected crime Differences between interrogation and interview. In interview, investigator should establish rapport with witness and seek detailed responses. Look for knowledge of event, persons or entities involved, physical and intangible evidence Plan all elements of interview: location, objectives, needs of the witness 42
  43. 43. Intelligence vs. Evidence • Intelligence furthers investigation but is not generally admissible in court • • • • Photos posted online Information in a news article Hearsay statements Evidence must meet legal rules of admissibility, be material and prove or disprove some relevant matter • • • Commercial records obtained by subpoena Statements made freely to law enforcement agent Facts observed by enforcement agent conducting lawful surveillance 43
  44. 44. Investigations Across National Borders • Many financial crime investigation require assistance from other nations and jurisdictions • When requesting assistance from another nation for, consider: • • • • Its legal and statutory requirements How to assure that the information will be admissible as evidence Will investigative subject be notified of request for assistance? Are you legally compelled to inform the subject? Level of probable cause needed to authorize investigative techniques and enforce court orders 44
  45. 45. Tips and Whistleblowers • Common trigger of financial crime investigations • Encouraged by laws authorizing rewards, protections • Can come from any level of organization up to board of directors • Wise to maintain skepticism in contact with whistleblowers, who may have their own profit, revenge motives 45
  46. 46. Investigating Employees • Some companies have rules on employee cooperation in internal investigations, but they must not conflict with laws • Employee usually has no legal obligation to agree to an interview • Employer may usually provide employee e-mail, phone logs and computer usage without employee permission, knowledge • Investigator should consult lawyer on whether it is legal, advisable to obtain employee records without consent 46
  47. 47. Court Orders • Search warrants • Granted by judge to government agencies, • Specify time, place and items to search • Failure to follow terms may render evidence useless • Subpoena • Compels a person or entity to produce records, items or testimony at a place and time • Considerable variation on process among countries • Preservation orders or litigation holds • Prevent electronic evidence from being deleted or altered 47
  48. 48. Beneficial Owners • Typically refers to person who maintains ultimate control over funds, assets, legal entities or financial accounts • Includes individuals who own or control, directly or indirectly, greater than a certain percentage of a legal entity • Recognizes that person in whose name an entity is formed, asset is held, or account is opened is not necessarily the person who truly controls them • Determining beneficial owners is critical in KYC, due diligence, investigations, AML and anti-corruption, and more, as it is key to true source, origin and control of funds 48
  49. 49. Corporate Registries • Collect and store information pertaining to corporations and other legal entities created within a given jurisdiction • Typically maintained by a government agency or department • May be a single registry for an entire nation, or multiple registries for different states, regions or cities, depending on jurisdiction • Serve several purposes: • Record creation or incorporation of new legal entity • Collect required information on legal entities • Make some or all collected information publicly available 49
  50. 50. Corporate Registries •The following information is usually available from corporate registries: • The name and type of the legal entity • Date of the company formation, and date when the company was dissolved if no longer in existence • Articles of incorporation and other company formation documents • A physical address of the corporation, or address of formation agent • Name and address of a registered agent for the company •Some jurisdictions will provide: • Names and addresses of the legal entity’s directors or officers • Names and addresses of the shareholders, members or other legal owners of the legal entity •Beneficial owner of legal entity is very rarely available 50
  51. 51. Corporate Registries • Many jurisdictions offer access to registries through websites. Some international bodies also maintain sites that allow direct or indirect access to registry information: • International Association of Commercial Administrators (IACA) http://www.iaca.org/ • Corporate Registers Forum (CRF) http://www.corporateregistersforum.org • European Business Register (EBR) http://www.ebr.org/section/4/index.html • European Commerce Registers’ Forum http://www.ecrforum.org/ • Association of Registrars of Latin America and the Caribbean (ASORLAC) http://www.asorlac.org/ingles/portal/default.aspx 51
  52. 52. Types of Financial Institution Records • Critical source to “follow the money” in financial crime investigations, often need court order to obtain Examples • Deposit tickets • Deposited checks • Checks drawn • Debit memos • Credit memos • Outgoing wire transfer orders • Incoming wire transfers • Cashier’s checks sold • Foreign currency sold • Signature cards • Monthly statements • Cancelled checks • Cashier’s checks • Money orders sold 52
  53. 53. Summarizing Financial Institution Records • Investigator should prepare summaries of information in documents from an institution, including: • Deposits and withdrawals • Checks written on the account • Wire transfers into or out of the account • Fluctuations in account balances • Obtain all documents related to account opening and customer onboarding: application, customer ID, signature card, due diligence and Know Your Customer records 53
  54. 54. What Financial Institution Records Show • Some leads that a financial account analysis can provide: • Names of persons, entities that received funds • Names of persons, entities that deposited money • Sources, amounts of income or revenue • Cash withdrawals and purchase of cashier’s checks • Activities of previously unknown businesses and ventures • Wire transfers to, from offshore havens, accounts, nominees • Previously unknown accounts • Liabilities, which lead to other financial statements • Asset acquisition, disposition 54
  55. 55. Other Financial and Commercial Records Examples • Commercial invoices • Cancelled checks • Receipts, related expense documentation • Journal entries • • • • Statement of cash flows Vendor and customer lists Physical inventory Reconciliation of intercompany accounts • Tax returns are also a valuable source of information if they can be obtained legally 55
  56. 56. Protecting the Evidence • • • • All records should be treated as possible evidence Implement chain of custody from the start • Document chronology of handling of evidence • Where it was initially located, who got it, where it was stored, who handled it • Obtain originals where possible Maintain records for their integrity Assure that electronic evidence is not altered or unintentionally overwritten 56
  57. 57. Key Lessons • Recognize the types of documents and records that can be employed in financial crime investigations • Understand the differences between evidence and intelligence, and the proper role of each • Open source intelligence is highly valuable – be familiar with open sources, online and otherwise 57
  58. 58. Review Question Securities King was a stock brokerage that collapsed after it was revealed to be running a Ponzi scheme. The scheme has left behind numerous defrauded investors and the brokerage is now being liquidated in bankruptcy court. You are an investigative professional who has been asked to look into a lawyer suspected of involvement in the Ponzi scheme. The lawyer is thought to have handled funds for Securities King through his firm’s account. There has been no prior investigation of the lawyer, and you currently have little information him or his firm. What would be the most appropriate first step to take in your investigation? 58
  59. 59. Review Question A. Request that a bankruptcy court judge name you a receiver of Securities King B. Contact the lawyer to schedule an interview C. Thoroughly research the lawyer and his firm online and in public records D. Conduct physical surveillance of the lawyer to understand his movements 59
  60. 60. Review Question Answer C is the correct answer. While all four responses may be appropriate at some point in the investigation, the question asks for the most appropriate first step. As you currently have little information on the attorney, it would be inappropriate to approach a judge with a request to be named receiver. Likewise, conducting surveillance and interviewing the attorney are more time-consuming and potentially risky steps best left to later in the investigation, if conducted at all. Starting with thorough open-source research would be the investigative best practice. 60
  61. 61. CFCS Examination Preparation Series February 28, 2014 Fraud Detection and Prevention
  62. 62. Overview and Definition • Intentional misrepresentation, concealment or deception in pursuit of financial gain or to further a financial crime • Recent fraud trends • • • • • Greater professionalization, smarter attacks Increased “sharing” of fraud practices More frauds perpetrated from offshore locations Technical fraud or cybercrime combined with traditional skills More collusion between merchants, fraudsters and organization insiders 62
  63. 63. Understanding and recognizing types of fraud • Ponzi schemes • Despite recent exposure, remain widespread type of fraud • Some red flags • Investment returns “too good to be true” • Investment statements show growth or performance contrary to market trends • Unusual or no fee structure • Lack of information or substance behind investment 63
  64. 64. Understanding and recognizing types of fraud • Securities fraud • Misrepresentation around a security, which can be virtually any tradable asset or financial instrument • Inaccurate or misleading information to encourage investment • Selling a security that is illegal or nonexistent • Insider trading • Now facilitated by online communications, social networks, other tools 64
  65. 65. Understanding and recognizing types of fraud • Common types of securities fraud include – Microcap or “penny stock” frauds, like pump and dump schemes – Insider trading – Hidden terms and agreements – Fraud tied to falsified reporting or accounting • In US alone, securities fraud estimated to total $10 – 40 billion annually 65
  66. 66. Understanding and recognizing types of fraud • Fraud in loans and mortgages • Intentional, material misrepresentation or omission to obtain loan or larger loan than lender typically grants • May also be perpetrated by lenders: loans with hidden or predatory terms, unlicensed lenders Common schemes • Income and employment fraud • Occupancy fraud • Appraisal fraud • “Shot-gunning” fraud • Cash-back fraud • Foreclosure scams 66
  67. 67. Understanding and recognizing types of fraud • Credit and debit card fraud • Need not involve physical fraud; increasingly common to steal numbers, personal information online • Tampering with card readers at ATM and other pointof-sale locations through skimmers • Online theft of numbers through compromise of online security or data breaches • Gathering personal information by sending fake applications for cards to targets • Physical theft of card 68
  68. 68. Understanding and recognizing types of fraud • Other types of fraud include: – Insurance – Health care – Government benefits • Can be perpetrated by an entity against a customer or by customer against an entity 69
  69. 69. Identity Theft and Fraud • Fastest growing types of consumer fraud • A leading threat to accounts at banks and other institutions • Common ways to steal identities • • • • Social engineering Creating fake online identities Technological tools – skimmers, phishing, malware Internal fraud and data theft 70
  70. 70. Red Flags of Identity Theft • Common signs indicating a stolen or compromised identity • Alerts and warnings from a credit reporting company • Suspicious documents, including forged or altered IDs • Inconsistent personal identifying information • New credit or debit card request immediately after notification of change of address • Identity theft furthers many other fraud schemes • Using stolen identities to obtain government benefits, tax refunds • Obtaining loans or mortgages with false identities • Opening accounts with stolen or false identities 71
  71. 71. Preventing Fraud • Similar measures as other compliance programs, but training, awareness are even more important in fraud prevention • Starts with comprehensive fraud risk assessment • Create a team with necessary expertise • Identify organization’s universe of fraud risks • Fraudulent financial reporting • Misappropriation of assets • Expenditures, liabilities for improper purpose • Revenue and assets obtained by fraud • Costs, expenses avoided by fraud • Financial misconduct by management 72
  72. 72. Preventing Fraud • Assess likelihood of fraud schemes or scenarios • Assess materiality of risks: which schemes would have greatest impact • Assess preexisting fraud controls, compare them against risks • Consider how controls may be over-ridden or manipulated by employees and others • Employee collusion is serious fraud risk 73
  73. 73. Key Lessons • Preventing fraud is heavily reliant on awareness, training, and internal controls • Financial crime professionals should be prepared to identify many types of fraud • Fraud schemes are frequently linked – one element feeds into larger operation 74
  74. 74. Review Question • Your institution has recently been dealing with a large number of identity theft cases, in which thieves have stolen sensitive customer data and used it to fraudulently apply for credit cards. After an initial investigation, you suspect that an employee is participating in the identity theft scheme. What would be the most effective first step you could take to prevent further theft of customer information? 75
  75. 75. Review Question A. Immediately notify customers whose data has been compromised B. Restrict access to sensitive customer data, and monitor employee access on an ongoing basis C. Impose strict alert thresholds in the automated monitoring system for all credit cards D.Conduct a mandatory ethics seminar with all institution employees 76
  76. 76. Review Question Answer B is the correct response. Like other review questions, all of these answers could be considered good responses to a data breach or theft. However, only Answer B will actually serve to prevent further theft of data, which is the focus of the question. 77
  77. 77. Review Question A mortgage administrator has been dealing with a buyer attempting to obtain a large mortgage on a home from your institution. According to the buyer, he is seeking to purchase the home as an investment property. The buyer has been behaving erratically and has been difficult to contact at times. Concerned about a potential fraud, the administrator has asked you to examine the mortgage application and accompanying documents. You note the following information. Which is the best indicator that the buyer may be committing mortgage fraud? 78
  78. 78. Review Question A. A real estate agent from a nearby city is helping to broker the sale B. The seller is not currently listed as the occupant of the property C. The buyer currently has a large mortgage outstanding on his own property D.The buyer has no previous history of obtaining mortgages from your institution 79
  79. 79. Review Question Answer C is the correct answer. In the question, it describes the loan applicant as seeking the home as an investment property. However, the applicant has a large mortgage outstanding on his own property, raising questions about his finances and ability to purchase an investment property. Answer B may also be considered a red flag by some. However, in the question it describes the buyer’s behavior as erratic and potentially suspicious. Since the buyer is already under suspicion, the red flag in Answer C should be given priority. Answers A and D are not indicative of any suspicious or fraudulent activity. 80
  80. 80. CFCS Examination Preparation Series February 28, 2014 Compliance Programs
  81. 81. Overview of Compliance • Processes and controls to comply with laws, regulations, other requirements • Regulatory structure becoming more complex, global • Convergence moving toward unified “financial crimes risk management”
  82. 82. Programs Within Compliance • Governance – Analytics – Investigations – Intelligence – Customer Due Diligence – Compliance Audit/Quality Control
  83. 83. Governance • • • • Enterprise Risk Assessment Gap Analyses Creating/Reviewing/Delivering Training Liaison to Regulators/Examiners and Internal Audit • Liaison to External Consultants and Auditors
  84. 84. Investigations & Intelligence • Investigations – Investigate unusual activity – Report on unusual activity – Investigate possible terrorist financing • Intelligence – Analyze country risk – Analyze enterprise-wide financial crimes risk – Support foreign correspondent banking business
  85. 85. Analytics • • • • Tools for transaction monitoring Analytics for enterprise-wide risk assessment Analytics for customer risk rating Tools for sanctions monitoring
  86. 86. Customer Onboarding • Customer Due Diligence - “Know Your Customer” • Customer Identification Program • Customer Monitoring/Periodic Review • Enhanced Due Diligence (High Risk)
  87. 87. Employee Onboarding • “Know Your Employee” • Employee Monitoring • Employee “red flags”
  88. 88. Organizational Overview of Financial Crime Program • Size, structure, complexity and risks of organization are basis of compliance program • Compliance program should include policies, procedures and controls • Controls can be broadly divided into “preventive” and “detective”
  89. 89. Organizational Overview of Financial Crime Program • Preventive controls include: • • • • • • CIP and CDD programs Appropriate training Risk assessments, gap analysis Providing line of business reporting, issue remediation Senior management and board reporting Liaison with audit, coordination of examinations
  90. 90. Organizational overview of financial crime controls • Detective controls include: • Identifying suspicious activity through employee referrals or automated transaction monitoring, customer surveillance • Investigating identified unusual activities • Activity monitoring, predictive analytics • Monitoring employees, third parties • Screening, blocking, rejecting transactions and customers • Reporting • Exiting customer relationships • Compliance testing
  91. 91. Risk Assessment • Assessing risks allows understanding of vulnerability, better resource allocation • Should consider • Types of distribution channels used by business unit • Complexity of unit’s business model • Degree of change in business • Size and type of growth in the business
  92. 92. Risk Assessment Key elements include • Methodology to quantify level of risk • Methodology to quantify adequacy of controls • Assessment of risk of each line of business • Enterprise-wide assessment to identify systemic risk not apparent in a line of business
  93. 93. Sanctions Compliance • Laws or regulations of certain nations prohibit conducting transactions for certain national governments, entities and persons • Sanctions are imposed by variety of enforcement agencies, international bodies • US Office of Foreign Assets Control • United Nations Security Council • European Union • Other international bodies
  94. 94. Sanctions Compliance • Some sanctions compliance best practices include: • Development and implementation of policies, procedures and processes to ensure full compliance with all sanctions prohibitions • Knowledge of different sanctions lists or orders institution organization is subject to • Sanctions compliance risk assessment
  95. 95. Sanctions Compliance • Leveraging screening, transaction monitoring to detect and prevent payments in violation of sanctions • Training programs to all affected employees • Testing and ongoing updating of lists, policies and procedures – sanctions regimes change constantly
  96. 96. AML Cycle Organizational Risk Assessment Identify and rate risks across the organization and within lines of business Update and Audit Customer Identification Program Collect sampling on alert and transaction data, reassess customer risk, renew KYC information Collect and verify information on a customer to confirm their identity and nature of relationship Investigation of Alerts and Incidents Customer Profile and Risk Assessment Review any alerts generated on customer, file SARs or modify customer relationship if necessary Establish expected activity and transactions; create an initial customer risk rating Automated Transaction Monitoring Establish alert thresholds, rules and scenarios based on customer profile and risk assessment Customer Screening Screen customer against sanctions and watch lists; establish criteria for ongoing screening of transactions 97
  97. 97. High-Risk Customers • Risk depends on product, geographic region. Examples: • • • • • • • • • • Politically Exposed Persons (PEPs) and their associates Casinos, securities brokers, dealers in precious metals, stones Domestic, offshore shell companies Casas de cambio, currency exchanges, money transmitters Private investment companies (PIC) International companies Deposit brokers Cash-intensive businesses Foreign, domestic NGOS, charities Gatekeepers - attorneys, accountants, etc.
  98. 98. High-Risk Products • Examples: • Prepaid, payroll cards • “Payable upon proper identification” (PUPID) transactions • Money remittances • Online banking • Private banking • Trust and asset management services • Monetary instruments
  99. 99. High-Risk Products • Other examples : • Foreign correspondent accounts: bulk currency shipments, pouch activity, and payable through accounts (PTA) • Trade finance • Services to third party payment processors or senders • Foreign exchange • Special use or concentration accounts • Loans secured by cash collateral and marketable securities • Non-deposit account services, such as non-deposit investment products and insurance
  100. 100. High-Risk Jurisdictions, Geographic Areas • Understanding specific money laundering, terrorist financing, corruption, fraud risks of jurisdictions is essential for compliance • Organization should establish methodology that may include • Sanctions, terrorist financing lists – OFAC, EU, UN • Jurisdiction's overall reputation – Corruption Perceptions Index, reports by state departments • Jurisdiction’s adoption of FATF, other international standards • Regional risk inside a particular jurisdiction
  101. 101. Customer Onboarding and Monitoring Account opening procedures Best practices include: • Gathering, verifying, authenticating customer ID materials through paper documents, electronic verification • Clarifying services customer requests • Screening against sanctions lists, watch lists, PEP lists • Documenting normal, expected activity, including occupation and business • Documenting relationship with institution or organization, including all lines of business, subsidiaries
  102. 102. Customer Identification Program (CIP) • Usually required by jurisdiction’s laws, regulators • ID information must be collected at account opening, verified within reasonable time after opening • Verify identity prior to large currency transactions, purchasing certain financial instruments, or ordering wire transfers • May require identification of beneficial owners in some jurisdictions, particularly legal entities
  103. 103. Enhanced Due Diligence • For high-risk services, customers, jurisdictions • Examples include: • Identifying and verifying beneficial owners • Additional investigation of source of funds • Verification of customer, business information through third-party sources • Augmented transaction monitoring • Thresholds on transactions • Senior management approval of customer relationships, certain transactions
  104. 104. Employee Onboarding and Monitoring Best practices for effective “know your employee,” onboarding: • Assessment begins during interview process • Background screening, especially for criminal history • References and employment history • Gathering and verifying employee identification materials • Screening employee against sanctions, watch, PEP lists
  105. 105. Employee Onboarding and Monitoring Best practices for effective “know your employee,” onboarding: • Providing new employees with organization's written ethics policy, code of conduct • Appropriate training for position, including regulations and web-based or classroom training with appropriate scenarios • “Hotline“ for anonymous reporting, direct reporting to compliance that does not go through business lines
  106. 106. Employee Onboarding and Monitoring Best practices for ongoing employee monitoring: • Regularly scheduled background screening • Automated exception reports, review of log files • Regular reviews and updates on the company’s ethics policies and ethical compliance culture • Regular communication reinforcing standards • Ongoing employee training • Selective review of email, electronic communications for high-risk employees
  107. 107. Transaction Monitoring • Automated system, either proprietary application or vendorprovided, for ongoing transaction, customer and entity data • Detection typically accomplished through implementation of financial crime scenarios in two broad categories: • Rules-based scenarios - identify patterns of behavior related to known financial crime typologies or red flags • Statistical profiling scenarios - identify unusual activity by modeling typical or expected activity profiles for a specific customer or type of customer and identifying outliers
  108. 108. Transaction Monitoring • More advanced systems incorporate hybrid of rules-based, statistical approaches • Transaction monitoring can also incorporate third-party data sources • As transaction and data volumes grow, analytics becoming increasingly important • Automatic monitoring no substitute for experienced human supervision, direction
  109. 109. Key Lessons • Customer due diligence, profiling and risk assessment are key to effective compliance programs • Essential to establish expected customer behavior, transactions to detect suspicious activity • Compliance programs are cyclical and ongoing – each step feeds into the next
  110. 110. Practice Question • A small regional bank recently started using a new transaction monitoring tool that utilizes custom scenarios to identify activity defined by the Financial Crimes Compliance team. There are five scenarios that are live in production. The Analytics team in Financial Crime Compliance Unit researched scenarios and is ready recommend possible changes to the scenarios to management. Which scenario(s) should the Analytics team recommend making changes to first?
  111. 111. Practice Question A. Scenario A that generated 100 alerts in the past 3 months and 50% of those were deemed suspicious and suspicious transaction reports were filed. B. Scenario B that generated 180 alerts with a 95% false positive rate. C. Scenario C that generated no alerts and there appears to be a problem with the data mapping. D. Scenarios D and E that were put into production in the last 30 days to address a matter requiring attention from a regulator.
  112. 112. Practice Question Answer A is incorrect and appears to be a well performing scenario. It is generating alerts and the percentage deemed suspicious is reasonable. Answer B is incorrect because while false positive rate is far too high, it is generating alerts and some are deemed suspicious. The false positive rate is an issue that must be addressed, but this scenario is not the one that needs to be addressed first. There will often be scenarios on the live exam that require picking the best answer. In this case, this is not the best answer.
  113. 113. Practice Question Answer C is correct as it is clearly a broken scenario since no alert was generated. That there appears to be a problem with the data mapping reinforces the conclusion that this scenario must be addressed first. Answer D is incorrect as there is no evidence the scenarios are not performing as expected.
  114. 114. Your Questions
  115. 115. Thank you for attending

×