Chapter 7 risk based approach

Chapter 7
Risk Based Approach
The Presentation Slides for Teaching
Anti-Money Laundering and Counter-Terrorist Financing
Website : https://sites.google.com/site/quanrisk
E-mail : quanrisk@gmail.com
Copyright © 2020 CapitaLogic Limited

Declaration
 Copyright © 2020 CapitaLogic Limited.
 All rights reserved. No part of this presentation file may be
reproduced, in any form or by any means, without written
permission from CapitaLogic Limited.
 Authored by Dr. LAM Yat-fai (林日辉),
Director, CapitaLogic Limited,
Adjunct Professor of Finance, City University of Hong Kong,
Doctor of Business Administration,
CFA, CAIA, CAMS, CFE, FRM, PRM, MCSE, MCNE.
Copyright © 2020 CapitaLogic Limited 2

What is risk based approach?
 You know that you have to
do something
 You do not know
 what to do
 how to do
 how much to do
 But, the HKMA’s high
priority AML task in 2018

Outline
 What is risk?
 Money laundering risk
 AMLO risk
 Guideline risk
 Customer profile risk
 Risk stereotyping approach

Severe acute respiratory syndrome (SARS)
1 November 2002 to 21 July 2003
Country Inflection Death Death rate (%)
China 5,328 349 6.55
Hong Kong 1,755 299 17.04
Taiwan 346 37 10.69
Canada 251 44 17.53
Singapore 238 33 13.87
Others 355 13 3.66
Total 8,273 775 9.37

Human influenza

Infectious disease risk
SARS
Human
influenza
Inflection rate →
Deathrate→

Wuhan coronavirus

Changing faces of
money laundering risk
 Risk measure
 Expected loss
 Risk dimension
 Loss amount
 Failure frequency
 Risk stereotyping
 Country
 Clientele
 Service
 Delivery channel

Risk
 There is a reasonable expectation of a future event
 e.g. You will pass this course by attending eight classes
and submitting an 1,000 word assignment
 The uncertainty of this reasonable expectation
 e.g. You fail in this course
 NOT a reasonable expectation
 e.g. You will pass this course without submitting an
assignment

Dart board

Basel III framework on
operational risk measurement
Failure frequency →
Lossamount→
12

Modelling of a ML event
Criminal
Laundering trades
Money laundering instrument
13

Components of a business event
Customer
Transactions
Financial service
14

Money laundering risk and controls
ML risk
Financial
service
Service
level
Anonymity
Customer
profile
Country Race
Industry Profession
Family
Other closely
connected
parties
Transactions
Distance to
suspicious
scenario
Distance to
norm

Money laundering risk controls
 Money laundering risk controls
 More limitations to use a financial service
 Higher threshold to accept customer
 Lower threshold to submit a STR to the JFIU
 Combinations of the above three
 NOT money laundering risk controls
 Enhanced customer due diligence
 Improve the accuracy of estimating a criminal
 Close and/or ongoing monitoring
 Reduce the deviation of the customer risk level

Personal risk controls
Instrument
Criminal
Reporting
threshold

真假周潤發

A risk based
AML compliance programme
 The single most important instrument in an
AML compliance programme
 Most FIs do not use the risk based approach
smartly
 Extremely
experience oriented

Issues of risk based approach
 Subjective
 No uniform standard among different
 Industries
 Financial sectors
 FIs in the same financial sector
 Principal agent problem between a regulator
and a FI
 A two-man game between a regulator and a FI

Risks facing FIs
 Suspicious transaction reporting
 AMLO risk
 Know your customer
 Record keeping
 Guideline risk
 AML compliance programme
 Chance of being a criminal

Outline
 What is risk?
 AMLO risk
 Guideline risk

Court’s judgment of guilty principles
 Balance of probability (BOP)
 Both prosecutor and defendant exhibit their facts
 More than 50% facts suggest that a person has violated an
ordinance
 A more than 50% requirement
 Civil litigation
 Beyond reasonable doubt (BRD)
 Prosecutor has to prove the guilty of the defendant
 All major facts suggest that a person has violated an ordinance
 No reasonable doubt
 A strong requirement
 Criminal litigation

Judgment procedure
 List the facts independently
 From both the prosecutor and defendant
 Cite the ordinance
 Highlight the legal elements
 Technical debate (for criminal litigation only)
 List the reasonable doubts from the facts against the key elements
 Judgment
 Compare the facts with the legal elements
 Chance of being guilty
 By default, innocence
 If chance > 50%, guilty under the BOP
 If chance → 100%, guilty under the BRD
 If guilty under the BRD, then must be guilty under the BOP

Money laundering (洗錢)
 An act intended to have the effect of making any
property
 that is the proceeds obtained from the commission of
an indictable offence under the laws of Hong Kong;
or
 of any conduct which if it had occurred in Hong Kong
would constitute an indictable offence under the laws
of Hong Kong; or
 that in whole or in part, directly or indirectly,
represents such proceeds, not to appear to be or
so represent such proceeds

Money laundering risk
 The criminal risk of a FI arising from
participating in ML activities
 either knowingly or not knowingly
 By default, in case a ML transaction is
discovered to be processed by a FI, the FI is
deemed to have participated knowingly in the
ML transaction unless the FI can prove that its
participation on not knowingly basis
26

The worst situation for a FI
 A customer conducted ML activities through a FI
 These ML activities were investigated by the police
according to the DTRPO and/or OSCO
 The court judged that the customer had conducted ML
activities, subject to the principle of beyond reasonable
doubt
 Criminal litigation
 Convicted
 The FI had not submitted the STR before the
investigation

Suspicious transaction reporting
 List all the objective facts showing
 ML activities vs regular activates
 Screen, Ask, Find
 If more facts on ML activities
 Submit a STR to the JFIU
 Evaluate

Example 1.1 – Sanctions list matching
ML activities
 Highlighted by sanctions list
matching system
Regular activities
 Overseas company search
report shows counterparty
details different from those
on the sanctions record
 Customer confirms the
details of the counterparty

ML activities
matching system
report unavailable for the
counterparty
 Customer does not confirm
the details of the
counterparty
Regular activities
 Customer shows similar
transactions in another bank

ML activities
matching system
 Customer does not confirm
the details of the
counterparty
Regular activities
report shows counterparty
details different from those
on the sanctions record

Example 2.1 – Transaction monitoring
ML activities
 Highlighted by transaction
monitoring system
 Many small incoming
transactions
 A few large out going
transactions afterwards
Regular activities
 Customer advises that these
are group order transactions
 Customer shows the group
order webpage
 Customer conducted similar
transactions before

ML activities
monitoring system
transactions
 Customer has no similar
transactions before
 Customer refuse to provide
any sales and marketing
information
Regular activities

ML activities
monitoring system
transactions
 Customer has no similar
transactions before
Regular activities
 Customer shows the group
order webpage recently in
action two weeks ago

Advantages of
the BOP based approach
 Strong theoretical basis
 Sound legal practices
 Easy to formalize into procedure
 Inline with the JFIU’s SAFE approach

The role of profitability
More facts to
support regular
activities
STR
ML activities →
Profitability→
36

Outline
 What is risk?
 AMLO risk
 Guideline risk

AMLO risk
 The risk of disciplinary actions to a FI as a result of
violating the AMLO
 Know your customer
 Record keeping
 Small financial penalty
 But strong negative impact to reputation
 AML regulator assesses a violation using the principle
of beyond reasonable doubt
 AML and CTF Tribunal judges a violation using the
principle of balance of probability
38

State bank of India Hong Kong Branch
 Failed to
 Carry out the customer due diligence measures set out in
sections 2(1)(a) and 2(1)(b) of Schedule 2 to the AMLO
before establishing business relationships with 28 corporate
customers;
 Continuously monitor its business relationships with its
customers;
 Establish and maintain effective procedures for determining
whether its customers or beneficial owners of its customers
were politically exposed persons; and
 Establish effective procedures to ensure compliance with
the specified provisions in sections 3 and 5 of Schedule 2 to
the AMLO.

Coutts Hong Kong
 Failed to establish and maintain effective procedures
for
 determining whether its customers or the beneficial owners
of its customers were politically exposed persons;
 obtaining senior management approval to continue a
business relationship with a customer after Coutts Hong
Kong had come to know that the customer or a beneficial
owner of the customer was a PEP; and
 Failed to identify PEPs despite relevant information
being publicly available and to follow up promptly on
PEP alerts received from a commercially available
database to which Coutts Hong Kong subscribed.

Shanghai Commercial Bank
 In summary, Shanghai Commercial Bank did not:
 continuously monitor its business relationship with 33 customers by
examining the background and purposes of their transactions that were
identified as (i) complex, unusually large in amount or of an unusual
pattern and (ii) having no apparent economic or lawful purpose, and
setting out its findings in writing
 establish and maintain effective procedures for the purpose of carrying
out its duty under section 5 of Schedule 2 to the AMLO to continuously
monitor business relationships; and
 carry out customer due diligence measures in respect of certain pre-
existing customers when a transaction took place with regard to each of
the customers that (i) was, by virtue of the amount or nature of the
transaction, unusual or suspicious, or (ii) was not consistent with
SCOM’s knowledge of the customer or the customer’s business or risk
profile, or with its knowledge of the source of the customer’s funds.

JPMorgan Chase Bank
 In summary, JPMorgan Hong Kong did not establish and maintain effective
procedures:
 for the purpose of carrying out its CDD duties. JPMorgan Hong Kong’s CDD procedures for
certain customers did not require (i) certificates of incumbency or comparable documents to be
obtained to verify their existence, and (ii) the identities of beneficial owners to be verified.
JPMorgan Hong Kong failed to carry out all relevant CDD requirements before establishing
business relationships with certain customers;
 for the purpose of carrying out its duties to continuously monitor business relationships. As
regards groups of related customers, JPMorgan Hong Kong’s procedures did not require a
periodic review to be conducted of a customer’s CDD information if a periodic review had
been conducted in respect of another customer in the same group. As a result, JPMorgan Hong
Kong failed to carry out periodic reviews of certain customers within relationship groups to
ensure that the documents, data and information obtained by JPMorgan Hong Kong were up-to-
date and relevant. Among 495 high risk customers in such relationship groups, 259 customers
were not subject to annual review; and
 for identifying and handling wire transfers which did not comply with the requirement to
include the originator’s name in the message or payment form accompanying the wire transfer.
JPMorgan Hong Kong carried out a number of outgoing wire transfers without including the
names of the originators in the relevant SWIFT messages.

AMLO compliance –
Principle of balance of probability
 List all the facts on KYC and record keeping
showing
 Fully compliant
 Partially compliant
 Not compliant
 If less than 50% of facts show fully compliant
 Re-work the KYC and/or record keeping
programme

AMLO compliance assessment
Fully compliant Partially compliant Not compliant
Policies and procedures
reviewed and updated
within one year
Policies and procedures
reviewed and updated
several years ago
No policies and/or
procedures
KYC programme reviewed
by independent
professional firms within
one year
KYC programme reviewed
by operational risk
management before
No review on KYC
programme
Transaction records audited
by internal audit within one
year
Transaction records
reviewed by the IT
department before
No review on transaction
records

Outline
 What is risk?
 AMLO risk
 Guideline risk

Guideline risk
 The risk of a supervisory examination finding on a FI
as a result of not complying with any details in AML
related guidelines
 For all major AML related topics
 No criminal or reputation consequence
 But too many non-compliance on KYC and/or record
keeping may results investigation from regulatory
enforcement
 AML regulator assesses a non-compliance using
common sense and/or industry practices approach
46

AML guidelines compliance –
Common sense approach
 List all the facts on an AML compliance
programme showing
 Fully compliant
 Partially compliant
 Not compliant
 Classify all partially or not compliant into
 Higher priority
 Medium priority
 Lower priority

AML guidelines compliance –
Common sense approach
 Classify all mitigation actions into
 Higher cost
 Medium cost
 Lower cost
 Implement the mitigation actions immediately for
the items
 Not compliant, higher priority and lower cost
 Implement the mitigation actions later for the
items
 Partially compliant, lower priority and higher cost

Regulatory expectation management
 Demonstrate improvement instead of
perfection
 Willing to be pin pointed by regulators
 Design strategically imperfect AML
compliance program
 Show action plan instead of corrective action
results
 Prioritize corrective actions

Regulatory relationship management
 Handle regulators as peers instead of superiors
 Senior management never entertain front line
regulators directly
 Never submit requested information to regulators
before due dates
 Use e-mail as the primary communications channel
with regulators
 Keep all communications records with regulators
 Ask regulator “Yes” or “No” instead of open end
questions
 Never commit in written support of any regulatory
initiatives

Outline
 What is risk?
 AMLO risk
 Guideline risk

Money laundering risk and controls
ML risk
Financial
service
Service
level
Anonymity
Customer
profile
Country Race
Industry Profession
Family
Other closely
connected
parties
Transactions
Distance to
suspicious
scenario
Distance to
norm

Customer profile risk
 The chance of a customer to be connected to
criminal activities
 Assess through the KYC
 The most frequently referred risk by the phase
“risk based approach”

Customer profile risk
Lower chance
 Less sensitive sanctions list
matching algorithm
 Higher threshold to result
outliers through transaction
monitoring
 Fewer layers of KYC in a
corporation's shareholder chain
 No direct participation of KYC
from the compliance function
 Less frequent compliance
review
Higher chance
 More sensitive sanctions list
matching algorithm
 Lower threshold to result
outliers through transaction
monitoring
 More layers of KYC in a
corporation's shareholder chain
 Review of KYC from the
compliance function
 Annual compliance review

Outline
 What is risk?
 AMLO risk
 Guideline risk

Risk stereotyping
 A one dimensional risk assessment approach based on
several isolated risk factors
 Lower predictive power
 Recent example in the United States
 Since many terrorists are connected to Islamic countries
 Therefore people from Islamic countries are higher risk
 In fact, most people from Islamic countries are not terrorists
 Practices used in the AML guideline
 Layering of risk stereotyping as a risk compensation
 When a risk stereotyping system results a higher risk, use a more
comprehensive risk stereotyping system to re-assess the risk

Risk stereotyping factors
 Country
 Clientele
 Service
 Delivery channel

Country
Iran, Syria,
North Korea
Thailand, Vietnam,
Philippines
U.S., U.K.,
Singapore
ChanceofML→

Clientele
Correspondent banking
Private banking
Corporate banking
Commercial banking
SME banking
Retail banking
ChanceofML→

Service
Project finance
Trade finance
FX trading
Equity trading
Deposits
Personal loans
ChanceofML→

Delivery channel
Agency services
Internet banking
Branch offices
ChanceofML→

Reference
 Guideline on Anti-Money Laundering and
Counter-Terrorist Financing (for Authorized
Institutions) (Oct 2018)

Chapter 7 risk based approach

Recommended

Recommended

More Related Content

What's hot

What's hot (16)

Similar to Chapter 7 risk based approach

Similar to Chapter 7 risk based approach (20)

More from Quan Risk

More from Quan Risk (19)

Recently uploaded

Recently uploaded (20)

Chapter 7 risk based approach