1. Sound Practices and
Common Issues of
Anti-Money Laundering
Dr. LAM Yat-fai (林日辉博士林日辉博士林日辉博士林日辉博士)
Doctor of Business Administration (Finance)
CFA, CAIA, FRM, PRM, MCSE, MCNE
PRMIA Award of Merit 2005
E-mail: quanrisk@gmail.com
2
Agenda
Sound practices of AML compliance
Common issues of AML compliance
Managing regulators
3
Role of senior management/board of
directors
To accord AML compliance due priority, senior
management should play an active role in the
following areas:
Endorsing AML policies
Appointing senior staff responsible for AML compliance
Approving or declining high risk customers
Reviewing suspicious activities/cases identified by staff
Supporting compliance investigation of suspicious cases
Participating in AML/CFT training
4
Role of senior management/board of
directors
To reinforce the importance of AML
compliance, the board of directors should
contribute by
Overseeing the implementation of AML policies
as part of their broader governance role
Reviewing reports of violations of AML
procedures and controls
2. 5
AML policies and procedures
To help ensure that appropriate and effective AML policies
and procedures are in place, banks should implement the
following steps
AML policies are endorsed by senior management and effectively
communicated to all staff by means of training and utilizing suitable
forms of testing to ensure proper understanding of the policies
Appoint a person to regularly review changes to applicable AML
rules and regulations, and where necessary, make changes or updates
to ensure compliance
Perform periodic audits or compliance checks of AML controls,
including clients’ identification and verification procedures
Issue and distribute AML internal audit reports or compliance
checking reports to all relevant business and functional departments
as well as to senior management
6
Customer acceptance and
customer due diligence
To undertake customer acceptance and due diligence
measures on a risk sensitive basis, banks should:
RiskRisk--based assessmentbased assessment
Perform risk-based and extensive know-your-customer
assessment in order to ascertain a customer's identity,
beneficial owners, nature and background of its business
activities and source of funds and apply a risk rating to
determine the extent of ongoing monitoring
Categorize customers into distinct risk categories – high,
medium and low risk. High risk customers are managed
by focused resources and enhanced due diligence
processes
7
Customer acceptance and
customer due diligence
On-going due diligence
Conduct periodic reviews depending on a
customer's risk rating. This risk-based approach
allows more detailed and enhanced reviews to be
conducted for higher risk customers on a more
frequent basis than low/medium risk customers
Generate reports identifying those accounts
showing activity which fulfils predetermined
criteria, such as large transaction volume, or
increased account usage. The compliance officer
should review and decide if the transactions made
are consistent with the customer’s profile 8
Customer acceptance and
customer duediligence
Identification of politically exposed persons and
related enhanced due diligence
Use internet or other web-based tools to perform
background screening
Employ external databases to perform
background screening, including names of
customers, directors, shareholders, authorized
signatories and beneficial owners and perform
batch screening on all accounts regularly
3. 9
Customer acceptance and
customer due diligence
Identification of politically exposed persons and
related enhanced due diligence
Classify PEPs as high risk customers and adopt enhanced
due diligence and escalation processes, for example by
Assessing the PEP risk by obtaining information such
as the customer’s political function, country of origin,
type of services and products sought and the source of
wealth and funds etc.
Seeking senior management’s approval before
opening PEP accounts
Reviewing transactions of the PEP clients on a
periodic basis 10
Recognition and reporting of
suspicious transactions
To facilitate the identification of suspicious
transactions and help ensure that the legal
requirements for reporting suspicious transactions to
the JFIU and prohibitions against tipping-off are
complied with, banks should
Recognition and reporting of suspicious transactions
Implement automated transaction monitoring system utilizing
software which is designed to detect patterns of unusual transactions
and suspicious transactions
Arrange to have exception reports automatically escalated to the
compliance officer for review, approval and, where necessary, to
form the basis for further investigation, reporting, raising the risk
rating of a customer for enhanced monitoring
11
Recognition and reporting of
suspicious transactions
Recognition and reporting of suspicious
transactions
Review these reports from time to time to ensure that they
have been properly updated to incorporate new indicators
of suspicious activity
Incorporate organization specific indicators of potentially
suspicious or unusual activities into AML policies and
AML training
Conduct background checks using reliable and
independent source documents and database before
establishing business relationships in order to identify
terrorist suspects at the initial account opening stage and
on an ongoing basis thereafter
12
Recognition and reporting of
suspicious transactions
No tipping-off policies and procedures
Account executives and other relevant staff receive AML
training and are fully cautioned against tipping off
customers and made aware that they are subject to
criminal liability for such actions
Only a limited number of persons, e.g. the compliance
officer and senior management, are privy to suspicious
transaction reports which are made to the JFIU strictly on
a need-to-know basis
Account executives are not informed when suspicious
transaction reports are made to the JFIU to prevent tipping
off
4. 13
Staff training
To help ensure that appropriate and effective
staff training procedures are in place, banks
should
Distribute their internal AML policies to new
staff members during induction training
Require newly recruited staff to complete training
on AML and thereafter refresh themselves on
AML policies and procedures regularly
14
Staff training
Incorporate new or updated changes in AML
regulations or policies whenever necessary and
inform staff of these changes through different
means, e.g. circulation of revised policy, internal
circulars or email alerts
Provide tailored AML training for front office
employees
Utilize suitable forms of testing to ensure proper
understanding of the policies, e.g. quizzes
15
Agenda
Sound practices of AML compliance
Common issues of AML compliance
Managing regulators
16
Common issues in AML compliance
Written AML policies and procedures
Lack of policies and procedures for higher
risk customers
Customer due diligence
Recognition of suspicious transactions
Role of AML compliance officer
Staff training
5. 17
AML policies and procedures
Lack of comprehensive AML policies and
procedures, particularly in smaller banks
Absence of specific provisions governing key
AML measures such as identification of
suspicious transactions, AML training, etc. in
a bank’s written policies and procedures
18
Higher risk customers
The bank’s customer acceptance policies and procedures did
not aim to identify the types of clients that are likely to pose a
higher than average money laundering risk
Did not undertake sufficient and/or ad-hoc reviews of the
existing customer records to re-classify the risk profile of a
customer
Did not adopt enhanced customer acceptance controls nor
enhanced ongoing CDD for customers of higher AML risk
Politically exposed persons
Offshore/ unregulated investment vehicles
19
Customer due diligence
Failure by staff to obtain certain documents and information
from customers in non-observance of the bank’s established
client identification procedures
Did not seek certain KYC information from customers (e.g.
customer’s occupation, financial situation, investment
experience, nature of business)
Failed to perform adequate CDD measures on customers for
whom another person acted on their behalf
Failed to apply enhanced CDD measures for non face-to-face
business relationships
20
Recognition of suspicious transactions
AML policy and procedure did not contain any guidance to
staff on what may constitute suspicious transactions
Failure by staff to detect nor escalate transactions meeting
specified criteria or otherwise potentially suspicious
transactions for further investigation
Did not document the assessment results and reasons for
deciding that a potentially suspicious transaction was not
suspicious requiring a STR to be made to the JFIU
Failed to make appropriate questioning of the client in
assessing a potentially suspicious transaction
6. 21
Role of AML compliance officer
Did not act as a designated central reference point to
processing potentially suspicious transactions
Did not play any active part in identifying and
reporting suspicious transactions
No IT system in place to generate exception reports
despite large size of business and clientele
22
Training
Need Customization to a bank’s own business
and customers, and the respective job
functions of staff members
Quality of training programmes needs to be
improved
23
Agenda
Sound practices of AML compliance
Common issues of AML compliance
Managing regulators
24
Response to enquiries from regulators
Simple and clear
Minimum response
Use wordings and paragraphs in laws,
guidelines, guidance notes, circulars and press
releases
Minimize potential future questions
No voluntary information
7. 25
Response to audits from regulators
Request for early scheduling
Request for confirmed coverage and time
table
Request for early draft audit report
Allow for scheduled findings
Your opinions
http://sites.google.com/site/quanrisk