AML and OFAC Compliance for the Insurance Industry


Published on

Speakers from ACI's AML and OFAC Compliance for the Insurance Industry are giving away their best practice tips!

Published in: Economy & Finance, Business
  • Be the first to comment

AML and OFAC Compliance for the Insurance Industry

  1. 1. Best Practice Tips from Speakers Produced by: #AMLandOFAC
  2. 2. Laura Heeger Assistant Vice President Global Anti-Corruption Unit at MetLife conducted based upon risk. This standardized approach to risk definition, key controls, monitoring and testing allows a global program to measure risk between countries and focus scarce resources most effectively. Best Practice Tips To ensure robust compliance with trade and economic sanctions, as well as the timely identification of politically exposed persons, we have developed a framework for compliance oversight. This framework is a checklist of activities to be conducted on a daily, weekly, monthly, quarterly and annual basis to ensure consistency of our global compliance program. It provides easy to follow guidance for local teams as well as a framework against which our global program may be audited. When charged with oversight of a global program, evaluating risk among widely differing compliance programs is a tremendous challenge. Compliance programs differ according to products, customers, distribution methods and even geography. Our team has created a standard template for use in every country which identifies each risk and establishes key controls. Ongoing monitoring of these controls is required and defined with standardized testing #AMLandOFAC
  3. 3. Kymberly Kochis Partner at Nelson Levine de Luca & Hamilton, LLC. Best Practice Tips The adverse reputational risk, coupled with possible criminal and civil penalties, for AML/OFAC violations requires insurers to have a formal and robust compliance program. As part of that program, a sufficient enterprise risk management structure needs to be in place to ensure that appropriate AML/OFAC issues are addressed. During AML/OFAC training, it is imperative that the company’s AML/OFAC risk management structure be explained to ensure that employees understand what they need to report, who they need to report it to and how it should be reported. This formal structure must or the timely escalation of issues to key individuals/groups within the company. • • • • • Determining whether an issue warrants further action; Deciding to conduct an internal investigation; Engaging outside counsel to conduct an internal investigation; Engaging outside counsel to represent the company or individuals within the company; and Determining whether the company has an obligation to report the issue to a government agency. These key individuals/groups should also receive regular AML/OFAC compliance training. These individuals/groups need to be empowered to make decisions quickly. Some of the key issues these individuals/ groups need to be empowered to address include: #AMLandOFAC
  4. 4. Brian L. Mannion Managing Counsel Office of Privacy, Technology, Information & Contract Services (OPTICS) at Nationwide Mutual Insurance Company determining if the controls make sense at your institution, and then implementing them is a sound way of ensuring your program is reasonable. Best Practice Tips The AML Program regulations require you to have a program "reasonably designed to prevent the insurance company from being used to facilitate money laundering or the financing of terrorist activities." Reasonable design is not a defined term and the meaning of a "reasonable person" reminds me of many a law school discussion (it also brings back the feeling of finger nails on a chalkboard). Clearly a regulator could provide some guidance as to what are “reasonable” controls. Another strong indicator is the program your peers have implemented. It is critical to identify the typical practices, procedures, or controls that are used at other life insurance companies and then determine if they are applicable to your company. This last piece is very important because what works for one company may not mitigate the AML risk at your company. However, at the end of the day, completing this exercise of understanding what everyone else is doing, #AMLandOFAC
  5. 5. L. Brent Kessler Asst. VP, Asst. General Counsel & Compliance Manager at SCOR Reinsurance Company to provide substantive guidance. Don’t let your clients come away thinking that compliance is another road block to doing their business. Best Practice Tips A “one size fits all” approach to OFAC/AML training for your company rarely will achieve the level of compliance desired. Rather, consider conducting separate OFAC/AML training sessions according to department or responsibility (e.g., claims, underwriting, reinsurance, directors, risk management, by line of business, etc.) and tailoring the material to focus on compliance issues specific to the audience. By customizing your company’s training programs to groups of shared interest, increased time and attention may be spent addressing day-to-day compliance challenges and scenarios otherwise considered too granular to be included in a more general presentation. Compliance training should always facilitate discussion and be used as an opportunity for all parties to learn from each other. The more you understand about your organization and the compliance challenges facing your colleagues on a daily basis, the better equipped you will be #AMLandOFAC
  6. 6. Robert P. Walsh Jerry Danielson Global Financial Crime Officer at AXA Group Assistant Vice President, Compliance Audit Director at Lincoln Financial Group Best Practice Tips Best Practice Tips Know your business. I mean, really know your business. Don't be afraid to ask stupid questions. Don't be afraid to ask about acronyms and market conventions that everyone else takes for granted. You will actually be respected for it by the business-side, you will do a better job, you can't advance in your career without knowing these things, and, best of all, it can be very interesting! Every tester is going to expect to see a fairly comprehensive, non-generic risk assessment. Failure to provide that will get you off on the wrong foot. Beyond that, they will expect to see your controls to mitigate that risk mapped to the risk, plus evidence of testing of those controls. Mark Twain famously said “I didn’t have time to write you a short letter, so I wrote you this long one instead.” Compliance officers universally bemoan the lack of top management support. Well, if you want their support, help them do their jobs. They are busy with a broad spectrum of important responsibilities. Focus on key issues, be succinct and communicate well. The independent auditor needs to be qualified. Skimping on training for in-house personnel doing the audit, or hiring unqualified external auditors will ultimately cost in terms of credibility and overall results. #AMLandOFAC
  7. 7. Judith A. Lee Partner & Chair at Gibson, Dunn & Crutcher, LLP regime. For example, in June 2013, New York’s Department of Financial Services (“NY DFS”) sent letters to non-U.S. reinsurance companies demanding extensive information relating to potentially sanctionable activities. Known for its aggressive enforcement of U.S. sanctions on Iran, NY DFS’s actions should put insurers on notice that both state and federal regulators will be closely examining their activities. Best Practice Tips Regarding any potential relaxation of the Iranian sanctions regime, insurers should not assume that prohibitions on the provision of insurance and re-insurance will be lifted. Under Section 1246 of the Iran Freedom and Counter-Proliferation Act of 2012 (“IFCPA”), insurers cannot knowingly provide insurance or reinsurance that covers Iran-related activity for which sanctions have already been imposed under IFCPA or other prior U.S. sanctions laws targeting Iran. While the United States may lift sanctions on Iran in exchange for concessions related to Iran’s nuclear program, insurers should pay close attention to which sanctions the United States suspends; the United States will likely only lift some of its sanctions, thus permitting insurers to provide coverage to some—but only some—types of activity. In addition, insurers should pay close attention to state insurance agencies’ enforcement of the Iranian sanctions #AMLandOFAC
  8. 8. Damian V. Sepanik Chief Compliance Officer at Zurich North America or other sanctions violation can be even more devastating. It is helpful to use real examples when discussing this risk with management and ask “what would happen if this happened in your unit?” so they can understand the business implications of a violation. Best Practice Tips I think it is imperative to truly understand business processes and sub-processes to create a sanctions screening solution that is effective and efficient. A “one size fits all” approach rarely works and can create risky gaps that can come back to haunt even a well-intentioned organization. Multiple sanctions regimes may be applicable within one international insurance program and constantly changing and evolving sanctions requirements increase the complexity of such transactions. Constant testing and monitoring is needed to understand if the process developed in the past is still effective today. Understanding and communicating the scope of the risk of sanctions violations is necessary to ensure the correct funding and level of priority is placed on your sanctions program. While fines and penalties are often staggering, the reputational impact to an organization related to an OFAC #AMLandOFAC
  9. 9. #AMLandOFAC