More Related Content
Similar to Chapter 7 risk based approach
Similar to Chapter 7 risk based approach (20)
Chapter 7 risk based approach
- 1. Chapter 7
Risk Based Approach
The Presentation Slides for Teaching
Anti-Money Laundering and Counter-Terrorist Financing
Website : https://sites.google.com/site/quanrisk
E-mail : quanrisk@gmail.com
Copyright © 2020 CapitaLogic Limited
- 2. Declaration
Copyright © 2020 CapitaLogic Limited.
All rights reserved. No part of this presentation file may be
reproduced, in any form or by any means, without written
permission from CapitaLogic Limited.
Authored by Dr. LAM Yat-fai (林日辉),
Director, CapitaLogic Limited,
Adjunct Professor of Finance, City University of Hong Kong,
Doctor of Business Administration,
CFA, CAIA, CAMS, CFE, FRM, PRM, MCSE, MCNE.
Copyright © 2020 CapitaLogic Limited 2
- 3. What is risk based approach?
You know that you have to
do something
You do not know
what to do
how to do
how much to do
But, the HKMA’s high
priority AML task in 2018
Copyright © 2020 CapitaLogic Limited 3
- 4. Outline
What is risk?
Money laundering risk
AMLO risk
Guideline risk
Customer profile risk
Risk stereotyping approach
Copyright © 2020 CapitaLogic Limited 4
- 5. Severe acute respiratory syndrome (SARS)
1 November 2002 to 21 July 2003
Country Inflection Death Death rate (%)
China 5,328 349 6.55
Hong Kong 1,755 299 17.04
Taiwan 346 37 10.69
Canada 251 44 17.53
Singapore 238 33 13.87
Others 355 13 3.66
Total 8,273 775 9.37
Copyright © 2020 CapitaLogic Limited 5
- 9. Changing faces of
money laundering risk
Risk measure
Expected loss
Risk dimension
Loss amount
Failure frequency
Risk stereotyping
Country
Clientele
Service
Delivery channel
Copyright © 2020 CapitaLogic Limited 9
- 10. Risk
There is a reasonable expectation of a future event
e.g. You will pass this course by attending eight classes
and submitting an 1,000 word assignment
The uncertainty of this reasonable expectation
e.g. You fail in this course
NOT a reasonable expectation
e.g. You will pass this course without submitting an
assignment
Copyright © 2020 CapitaLogic Limited 10
- 12. Basel III framework on
operational risk measurement
Failure frequency →
Copyright © 2020 CapitaLogic Limited
Lossamount→
12
- 13. Modelling of a ML event
Criminal
Copyright © 2020 CapitaLogic Limited
Laundering trades
Money laundering instrument
13
- 14. Components of a business event
Customer
Copyright © 2020 CapitaLogic Limited
Transactions
Financial service
14
- 15. Money laundering risk and controls
ML risk
Financial
service
Service
level
Anonymity
Customer
profile
Country Race
Industry Profession
Family
Other closely
connected
parties
Transactions
Distance to
suspicious
scenario
Distance to
norm
Copyright © 2020 CapitaLogic Limited 15
- 16. Money laundering risk controls
Money laundering risk controls
More limitations to use a financial service
Higher threshold to accept customer
Lower threshold to submit a STR to the JFIU
Combinations of the above three
NOT money laundering risk controls
Enhanced customer due diligence
Improve the accuracy of estimating a criminal
Close and/or ongoing monitoring
Reduce the deviation of the customer risk level
Copyright © 2020 CapitaLogic Limited 16
- 19. A risk based
AML compliance programme
The single most important instrument in an
AML compliance programme
Most FIs do not use the risk based approach
smartly
Extremely
experience oriented
Copyright © 2020 CapitaLogic Limited 19
- 20. Issues of risk based approach
Subjective
No uniform standard among different
Industries
Financial sectors
FIs in the same financial sector
Principal agent problem between a regulator
and a FI
A two-man game between a regulator and a FI
Copyright © 2020 CapitaLogic Limited 20
- 21. Risks facing FIs
Money laundering risk
Suspicious transaction reporting
AMLO risk
Know your customer
Record keeping
Guideline risk
AML compliance programme
Customer profile risk
Chance of being a criminal
Copyright © 2020 CapitaLogic Limited 21
- 22. Outline
What is risk?
Money laundering risk
AMLO risk
Guideline risk
Customer profile risk
Risk stereotyping approach
Copyright © 2020 CapitaLogic Limited 22
- 23. Court’s judgment of guilty principles
Balance of probability (BOP)
Both prosecutor and defendant exhibit their facts
More than 50% facts suggest that a person has violated an
ordinance
A more than 50% requirement
Civil litigation
Beyond reasonable doubt (BRD)
Prosecutor has to prove the guilty of the defendant
All major facts suggest that a person has violated an ordinance
No reasonable doubt
A strong requirement
Criminal litigation
Copyright © 2020 CapitaLogic Limited 23
- 24. Judgment procedure
List the facts independently
From both the prosecutor and defendant
Cite the ordinance
Highlight the legal elements
Technical debate (for criminal litigation only)
List the reasonable doubts from the facts against the key elements
Judgment
Compare the facts with the legal elements
Chance of being guilty
By default, innocence
If chance > 50%, guilty under the BOP
If chance → 100%, guilty under the BRD
If guilty under the BRD, then must be guilty under the BOP
Copyright © 2020 CapitaLogic Limited 24
- 25. Money laundering (洗錢)
An act intended to have the effect of making any
property
that is the proceeds obtained from the commission of
an indictable offence under the laws of Hong Kong;
or
of any conduct which if it had occurred in Hong Kong
would constitute an indictable offence under the laws
of Hong Kong; or
that in whole or in part, directly or indirectly,
represents such proceeds, not to appear to be or
so represent such proceeds
Copyright © 2020 CapitaLogic Limited 25
- 26. Money laundering risk
Copyright © 2020 CapitaLogic Limited
The criminal risk of a FI arising from
participating in ML activities
either knowingly or not knowingly
By default, in case a ML transaction is
discovered to be processed by a FI, the FI is
deemed to have participated knowingly in the
ML transaction unless the FI can prove that its
participation on not knowingly basis
26
- 27. The worst situation for a FI
A customer conducted ML activities through a FI
These ML activities were investigated by the police
according to the DTRPO and/or OSCO
The court judged that the customer had conducted ML
activities, subject to the principle of beyond reasonable
doubt
Criminal litigation
Convicted
The FI had not submitted the STR before the
investigation
Copyright © 2020 CapitaLogic Limited 27
- 28. Suspicious transaction reporting
List all the objective facts showing
ML activities vs regular activates
Screen, Ask, Find
If more facts on ML activities
Submit a STR to the JFIU
Evaluate
Copyright © 2020 CapitaLogic Limited 28
- 29. Example 1.1 – Sanctions list matching
ML activities
Highlighted by sanctions list
matching system
Regular activities
Overseas company search
report shows counterparty
details different from those
on the sanctions record
Customer confirms the
details of the counterparty
Copyright © 2020 CapitaLogic Limited 29
- 30. Example 1.2 – Sanctions list matching
ML activities
Highlighted by sanctions list
matching system
Overseas company search
report unavailable for the
counterparty
Customer does not confirm
the details of the
counterparty
Regular activities
Customer shows similar
transactions in another bank
Copyright © 2020 CapitaLogic Limited 30
- 31. Example 1.3 – Sanctions list matching
ML activities
Highlighted by sanctions list
matching system
Customer does not confirm
the details of the
counterparty
Regular activities
Overseas company search
report shows counterparty
details different from those
on the sanctions record
Copyright © 2020 CapitaLogic Limited 31
- 32. Example 2.1 – Transaction monitoring
ML activities
Highlighted by transaction
monitoring system
Many small incoming
transactions
A few large out going
transactions afterwards
Regular activities
Customer advises that these
are group order transactions
Customer shows the group
order webpage
Customer conducted similar
transactions before
Copyright © 2020 CapitaLogic Limited 32
- 33. Example 2.2 – Transaction monitoring
ML activities
Highlighted by transaction
monitoring system
Many small incoming
transactions
A few large out going
transactions afterwards
Customer has no similar
transactions before
Customer refuse to provide
any sales and marketing
information
Regular activities
Customer advises that these
are group order transactions
Copyright © 2020 CapitaLogic Limited 33
- 34. Example 2.3 – Transaction monitoring
ML activities
Highlighted by transaction
monitoring system
Many small incoming
transactions
A few large out going
transactions afterwards
Customer has no similar
transactions before
Regular activities
Customer advises that these
are group order transactions
Customer shows the group
order webpage recently in
action two weeks ago
Copyright © 2020 CapitaLogic Limited 34
- 35. Advantages of
the BOP based approach
Strong theoretical basis
Sound legal practices
Easy to formalize into procedure
Inline with the JFIU’s SAFE approach
Copyright © 2020 CapitaLogic Limited 35
- 36. The role of profitability
More facts to
support regular
activities
STR
ML activities →
Copyright © 2020 CapitaLogic Limited
Profitability→
36
- 37. Outline
What is risk?
Money laundering risk
AMLO risk
Guideline risk
Customer profile risk
Risk stereotyping approach
Copyright © 2020 CapitaLogic Limited 37
- 38. AMLO risk
Copyright © 2020 CapitaLogic Limited
The risk of disciplinary actions to a FI as a result of
violating the AMLO
Know your customer
Record keeping
Small financial penalty
But strong negative impact to reputation
AML regulator assesses a violation using the principle
of beyond reasonable doubt
AML and CTF Tribunal judges a violation using the
principle of balance of probability
38
- 39. State bank of India Hong Kong Branch
Failed to
Carry out the customer due diligence measures set out in
sections 2(1)(a) and 2(1)(b) of Schedule 2 to the AMLO
before establishing business relationships with 28 corporate
customers;
Continuously monitor its business relationships with its
customers;
Establish and maintain effective procedures for determining
whether its customers or beneficial owners of its customers
were politically exposed persons; and
Establish effective procedures to ensure compliance with
the specified provisions in sections 3 and 5 of Schedule 2 to
the AMLO.
Copyright © 2020 CapitaLogic Limited 39
- 40. Coutts Hong Kong
Failed to establish and maintain effective procedures
for
determining whether its customers or the beneficial owners
of its customers were politically exposed persons;
obtaining senior management approval to continue a
business relationship with a customer after Coutts Hong
Kong had come to know that the customer or a beneficial
owner of the customer was a PEP; and
Failed to identify PEPs despite relevant information
being publicly available and to follow up promptly on
PEP alerts received from a commercially available
database to which Coutts Hong Kong subscribed.
Copyright © 2020 CapitaLogic Limited 40
- 41. Shanghai Commercial Bank
In summary, Shanghai Commercial Bank did not:
continuously monitor its business relationship with 33 customers by
examining the background and purposes of their transactions that were
identified as (i) complex, unusually large in amount or of an unusual
pattern and (ii) having no apparent economic or lawful purpose, and
setting out its findings in writing
establish and maintain effective procedures for the purpose of carrying
out its duty under section 5 of Schedule 2 to the AMLO to continuously
monitor business relationships; and
carry out customer due diligence measures in respect of certain pre-
existing customers when a transaction took place with regard to each of
the customers that (i) was, by virtue of the amount or nature of the
transaction, unusual or suspicious, or (ii) was not consistent with
SCOM’s knowledge of the customer or the customer’s business or risk
profile, or with its knowledge of the source of the customer’s funds.
Copyright © 2020 CapitaLogic Limited 41
- 42. JPMorgan Chase Bank
In summary, JPMorgan Hong Kong did not establish and maintain effective
procedures:
for the purpose of carrying out its CDD duties. JPMorgan Hong Kong’s CDD procedures for
certain customers did not require (i) certificates of incumbency or comparable documents to be
obtained to verify their existence, and (ii) the identities of beneficial owners to be verified.
JPMorgan Hong Kong failed to carry out all relevant CDD requirements before establishing
business relationships with certain customers;
for the purpose of carrying out its duties to continuously monitor business relationships. As
regards groups of related customers, JPMorgan Hong Kong’s procedures did not require a
periodic review to be conducted of a customer’s CDD information if a periodic review had
been conducted in respect of another customer in the same group. As a result, JPMorgan Hong
Kong failed to carry out periodic reviews of certain customers within relationship groups to
ensure that the documents, data and information obtained by JPMorgan Hong Kong were up-to-
date and relevant. Among 495 high risk customers in such relationship groups, 259 customers
were not subject to annual review; and
for identifying and handling wire transfers which did not comply with the requirement to
include the originator’s name in the message or payment form accompanying the wire transfer.
JPMorgan Hong Kong carried out a number of outgoing wire transfers without including the
names of the originators in the relevant SWIFT messages.
Copyright © 2020 CapitaLogic Limited 42
- 43. AMLO compliance –
Principle of balance of probability
List all the facts on KYC and record keeping
showing
Fully compliant
Partially compliant
Not compliant
If less than 50% of facts show fully compliant
Re-work the KYC and/or record keeping
programme
Copyright © 2020 CapitaLogic Limited 43
- 44. AMLO compliance assessment
Fully compliant Partially compliant Not compliant
Policies and procedures
reviewed and updated
within one year
Policies and procedures
reviewed and updated
several years ago
No policies and/or
procedures
KYC programme reviewed
by independent
professional firms within
one year
KYC programme reviewed
by operational risk
management before
No review on KYC
programme
Transaction records audited
by internal audit within one
year
Transaction records
reviewed by the IT
department before
No review on transaction
records
Copyright © 2020 CapitaLogic Limited 44
- 45. Outline
What is risk?
Money laundering risk
AMLO risk
Guideline risk
Customer profile risk
Risk stereotyping approach
Copyright © 2020 CapitaLogic Limited 45
- 46. Guideline risk
Copyright © 2020 CapitaLogic Limited
The risk of a supervisory examination finding on a FI
as a result of not complying with any details in AML
related guidelines
For all major AML related topics
No criminal or reputation consequence
But too many non-compliance on KYC and/or record
keeping may results investigation from regulatory
enforcement
AML regulator assesses a non-compliance using
common sense and/or industry practices approach
46
- 47. AML guidelines compliance –
Common sense approach
List all the facts on an AML compliance
programme showing
Fully compliant
Partially compliant
Not compliant
Classify all partially or not compliant into
Higher priority
Medium priority
Lower priority
Copyright © 2020 CapitaLogic Limited 47
- 48. AML guidelines compliance –
Common sense approach
Classify all mitigation actions into
Higher cost
Medium cost
Lower cost
Implement the mitigation actions immediately for
the items
Not compliant, higher priority and lower cost
Implement the mitigation actions later for the
items
Partially compliant, lower priority and higher cost
Copyright © 2020 CapitaLogic Limited 48
- 49. Regulatory expectation management
Demonstrate improvement instead of
perfection
Willing to be pin pointed by regulators
Design strategically imperfect AML
compliance program
Show action plan instead of corrective action
results
Prioritize corrective actions
Copyright © 2020 CapitaLogic Limited 49
- 50. Regulatory relationship management
Handle regulators as peers instead of superiors
Senior management never entertain front line
regulators directly
Never submit requested information to regulators
before due dates
Use e-mail as the primary communications channel
with regulators
Keep all communications records with regulators
Ask regulator “Yes” or “No” instead of open end
questions
Never commit in written support of any regulatory
initiatives
Copyright © 2020 CapitaLogic Limited 50
- 51. Outline
What is risk?
Money laundering risk
AMLO risk
Guideline risk
Customer profile risk
Risk stereotyping approach
Copyright © 2020 CapitaLogic Limited 51
- 52. Money laundering risk and controls
ML risk
Financial
service
Service
level
Anonymity
Customer
profile
Country Race
Industry Profession
Family
Other closely
connected
parties
Transactions
Distance to
suspicious
scenario
Distance to
norm
Copyright © 2020 CapitaLogic Limited 52
- 53. Customer profile risk
The chance of a customer to be connected to
criminal activities
Assess through the KYC
The most frequently referred risk by the phase
“risk based approach”
Copyright © 2020 CapitaLogic Limited 53
- 54. Customer profile risk
Lower chance
Less sensitive sanctions list
matching algorithm
Higher threshold to result
outliers through transaction
monitoring
Fewer layers of KYC in a
corporation's shareholder chain
No direct participation of KYC
from the compliance function
Less frequent compliance
review
Higher chance
More sensitive sanctions list
matching algorithm
Lower threshold to result
outliers through transaction
monitoring
More layers of KYC in a
corporation's shareholder chain
Review of KYC from the
compliance function
Annual compliance review
Copyright © 2020 CapitaLogic Limited 54
- 55. Outline
What is risk?
Money laundering risk
AMLO risk
Guideline risk
Customer profile risk
Risk stereotyping approach
Copyright © 2020 CapitaLogic Limited 55
- 56. Risk stereotyping
A one dimensional risk assessment approach based on
several isolated risk factors
Lower predictive power
Recent example in the United States
Since many terrorists are connected to Islamic countries
Therefore people from Islamic countries are higher risk
In fact, most people from Islamic countries are not terrorists
Practices used in the AML guideline
Layering of risk stereotyping as a risk compensation
When a risk stereotyping system results a higher risk, use a more
comprehensive risk stereotyping system to re-assess the risk
Copyright © 2020 CapitaLogic Limited 56
- 62. Reference
Guideline on Anti-Money Laundering and
Counter-Terrorist Financing (for Authorized
Institutions) (Oct 2018)
Copyright © 2020 CapitaLogic Limited 62